Examples with ZMSAuthorizer com.yahoo.athenz.zms.ZMSAuthorizer used on opensource projects

Search in sources :

Example 1 with ZMSAuthorizer

use of com.yahoo.athenz.zms.ZMSAuthorizer in project athenz by yahoo.

the class ZMSAuthorizerTest method testIsRoleToken.

@Test
public void testIsRoleToken() {
    String domain = "AuthorizerRoleToken";
    ZMSAuthorizer authorizer = new ZMSAuthorizer(zmsUrl, domain);
    assertTrue(authorizer.isRoleToken("v=Z1;d=domain;r=roles;s=signature"));
    assertTrue(authorizer.isRoleToken("d=domain;r=roles;v=Z1;s=signature"));
    assertFalse(authorizer.isRoleToken("v=S1;d=domain;n=server;s=signature"));
    assertFalse(authorizer.isRoleToken("d=domain;r=roles;s=signature"));
    assertFalse(authorizer.isRoleToken("vZ1"));
    authorizer.close();
}
Also used : ZMSAuthorizer(com.yahoo.athenz.zms.ZMSAuthorizer) Test(org.testng.annotations.Test)

Example 2 with ZMSAuthorizer

use of com.yahoo.athenz.zms.ZMSAuthorizer in project athenz by yahoo.

the class ZMSAuthorizerTest method testAuthorizerResourceWithDomain.

@Test
public void testAuthorizerResourceWithDomain() {
    ZMSClient client = getClient(systemAdminUser);
    String domain = "AuthorizerDom4";
    ZMSAuthorizer authorizer = new ZMSAuthorizer(zmsUrl, domain);
    assertNotNull(authorizer);
    // create 3 user client objects
    Principal p1 = createPrincipal("user1");
    Principal p2 = createPrincipal("user2");
    Principal p3 = createPrincipal("user3");
    ZMSRDLGeneratedClient c = Mockito.mock(ZMSRDLGeneratedClient.class);
    client.setZMSRDLGeneratedClient(c);
    Domain domainMock = Mockito.mock(Domain.class);
    Mockito.when(c.postTopLevelDomain(Mockito.<String>any(), Mockito.any(TopLevelDomain.class))).thenReturn(domainMock);
    setupAccess(client, domain);
    // only user1 and user3 have access to UPDATE/resource1
    ZMSClient mockZMSClient = Mockito.mock(ZMSClient.class);
    authorizer.setZMSClient(mockZMSClient);
    Access accessMock = Mockito.mock(Access.class);
    Mockito.when(mockZMSClient.getAccess("UPDATE", "AuthorizerDom4:resource1", "AuthorizerDom4")).thenReturn(accessMock);
    Mockito.when(accessMock.getGranted()).thenReturn(true, false, true);
    Mockito.when(c.getAccess("UPDATE", "AuthorizerDom4:resource1", "AuthorizerDom4", null)).thenReturn(accessMock);
    boolean access = authorizer.access("UPDATE", domain + ":resource1", p1, domain);
    assertTrue(access);
    access = authorizer.access("UPDATE", domain + ":resource1", p2, domain);
    assertFalse(access);
    access = authorizer.access("UPDATE", domain + ":resource1", p3, domain);
    assertTrue(access);
    TopLevelDomain topLevelDomainMock = Mockito.mock(TopLevelDomain.class);
    Mockito.when(c.deleteTopLevelDomain(domain, AUDIT_REF)).thenReturn(topLevelDomainMock);
    cleanUpAccess(domain);
}
Also used : ZMSAuthorizer(com.yahoo.athenz.zms.ZMSAuthorizer) Principal(com.yahoo.athenz.auth.Principal) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Test(org.testng.annotations.Test)

Example 3 with ZMSAuthorizer

use of com.yahoo.athenz.zms.ZMSAuthorizer in project athenz by yahoo.

the class ZMSAuthorizerTest method testAuthorizer.

@Test
public void testAuthorizer() {
    ZMSClient client = getClient(systemAdminUser);
    String domain = "authorizerdom1";
    ZMSAuthorizer authorizer = new ZMSAuthorizer(zmsUrl, domain);
    assertNotNull(authorizer);
    // create 3 user client objects
    Principal p1 = createPrincipal("user1");
    Principal p2 = createPrincipal("user2");
    Principal p3 = createPrincipal("user3");
    ZMSRDLGeneratedClient zmsRdlClient = Mockito.mock(ZMSRDLGeneratedClient.class);
    client.setZMSRDLGeneratedClient(zmsRdlClient);
    Domain domainMock = Mockito.mock(Domain.class);
    Mockito.when(zmsRdlClient.postTopLevelDomain(Mockito.<String>any(), Mockito.any(TopLevelDomain.class))).thenReturn(domainMock);
    setupAccess(client, domain);
    // only user1 and user3 have access to UPDATE/resource1
    ZMSClient mockZMSClient = Mockito.mock(ZMSClient.class);
    authorizer.setZMSClient(mockZMSClient);
    Access accessMock = Mockito.mock(Access.class);
    Mockito.when(mockZMSClient.getAccess("UPDATE", "authorizerdom1:resource1", "authorizerdom1")).thenReturn(accessMock);
    Mockito.when(mockZMSClient.getAccess("UPDATE", "authorizerdom1:resource1", null)).thenReturn(accessMock);
    Mockito.when(accessMock.getGranted()).thenReturn(true, true, true, false, false, false, true, true);
    Mockito.when(zmsRdlClient.getAccess("UPDATE", "authorizerdom1:resource1", "authorizerdom1", null)).thenReturn(accessMock);
    boolean access = authorizer.access("UPDATE", "resource1", p1, domain);
    assertTrue(access);
    // we're going to use a principal token as well to test this access
    String principalToken1 = "v=U1;d=user;n=user1;s=signature";
    access = authorizer.access("UPDATE", "resource1", principalToken1, domain);
    assertTrue(access);
    // finally testing with role token as well
    String roleToken1 = "v=Z1;d=authorizerdom1;r=role1;s=signature";
    access = authorizer.access("UPDATE", "resource1", roleToken1, null);
    assertTrue(access);
    // now try with other users
    access = authorizer.access("UPDATE", "resource1", p2, domain);
    assertFalse(access);
    String principalToken2 = "v=U1;d=user;n=user2;s=signature";
    access = authorizer.access("UPDATE", "resource1", principalToken2, domain);
    assertFalse(access);
    String roleToken2 = "v=Z1;d=authorizerdom1;r=role2;s=signature";
    access = authorizer.access("UPDATE", "resource1", roleToken2, null);
    assertFalse(access);
    access = authorizer.access("UPDATE", "resource1", p3, domain);
    assertTrue(access);
    String principalToken3 = "v=U1;d=user;n=user3;s=signature";
    access = authorizer.access("UPDATE", "resource1", principalToken3, domain);
    assertTrue(access);
    // we should get exception with no principal
    try {
        authorizer.access("UPDATE", "resource2", (Principal) null, domain);
        fail();
    } catch (Exception ex) {
        assertTrue(true);
    }
    try {
        authorizer.access("UPDATE", "resource2", (String) null, domain);
        fail();
    } catch (Exception ex) {
        assertTrue(true);
    }
    TopLevelDomain topLevelDomainMock = Mockito.mock(TopLevelDomain.class);
    Mockito.when(zmsRdlClient.deleteTopLevelDomain(domain, AUDIT_REF)).thenReturn(topLevelDomainMock);
    cleanUpAccess(domain);
}
Also used : ZMSAuthorizer(com.yahoo.athenz.zms.ZMSAuthorizer) Principal(com.yahoo.athenz.auth.Principal) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Test(org.testng.annotations.Test)

Example 4 with ZMSAuthorizer

use of com.yahoo.athenz.zms.ZMSAuthorizer in project athenz by yahoo.

the class RecServlet method doGet.

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    // retrieve and verify that our request contains an Athenz
    // service authentication token
    String athenzServiceToken = request.getHeader(athenzHeader);
    if (athenzServiceToken == null) {
        response.sendError(403, "Forbidden - No Athenz ServiceToken provided in request");
        return;
    }
    // our request starts with /athenz-control/rec/v1 so we're
    // going to skip that prefix
    String reqUri = request.getRequestURI().substring(URI_PREFIX.length());
    String responseText;
    String athenzResource;
    String athenzAction;
    switch(reqUri) {
        case "/movie":
            responseText = "Name: Slap Shot; Director: George Roy Hill";
            athenzResource = "rec.movie";
            athenzAction = "read";
            break;
        case "/tvshow":
            responseText = "Name: Middle; Channel: ABC";
            athenzResource = "rec.tvshow";
            athenzAction = "read";
            break;
        default:
            response.sendError(404, "Unknown endpoint");
            return;
    }
    try (ZMSAuthorizer authorizer = new ZMSAuthorizer(zmsUrl, serviceDomain)) {
        boolean authorized = authorizer.access(athenzAction, athenzResource, athenzServiceToken, null);
        if (!authorized) {
            response.sendError(403, "Forbidden - Athenz Authorization Rejected");
            return;
        }
    }
    response.setContentType("text/plain");
    PrintWriter out = response.getWriter();
    out.println(responseText);
}
Also used : ZMSAuthorizer(com.yahoo.athenz.zms.ZMSAuthorizer) PrintWriter(java.io.PrintWriter)

Example 5 with ZMSAuthorizer

use of com.yahoo.athenz.zms.ZMSAuthorizer in project athenz by yahoo.

the class ZMSAuthorizerTest method testAddCredentials.

@Test
public void testAddCredentials() {
    ZMSClient client = getClient(systemAdminUser);
    String domain = "AuthorizerDom5";
    ZMSAuthorizer authorizer = new ZMSAuthorizer(zmsUrl, null);
    Principal p1 = createPrincipal("user1");
    Principal p2 = createPrincipal("user2");
    Principal p3 = createPrincipal("user3");
    ZMSRDLGeneratedClient c = Mockito.mock(ZMSRDLGeneratedClient.class);
    client.setZMSRDLGeneratedClient(c);
    Domain domainMock = Mockito.mock(Domain.class);
    Mockito.when(c.postTopLevelDomain(Mockito.<String>any(), Mockito.any(TopLevelDomain.class))).thenReturn(domainMock);
    setupAccess(client, domain);
    ZMSClient mockZMSClient = Mockito.mock(ZMSClient.class);
    authorizer.setZMSClient(mockZMSClient);
    Access accessMock = Mockito.mock(Access.class);
    Mockito.when(mockZMSClient.getAccess("UPDATE", "AuthorizerDom3:resource1", "AuthorizerDom3")).thenReturn(accessMock);
    Mockito.when(accessMock.getGranted()).thenReturn(true, false, true);
    Mockito.when(c.getAccess("UPDATE", "AuthorizerDom3:resource1", "AuthorizerDom3", null)).thenReturn(accessMock);
    try {
        Mockito.when(mockZMSClient.addCredentials(p1)).thenThrow(new ResourceException(204));
        authorizer.access("UPDATE", domain + ":resource1", p1, domain);
        fail();
    } catch (Exception ex) {
        assertTrue(true);
    }
    try {
        Mockito.when(mockZMSClient.addCredentials(p2)).thenThrow(new ZMSClientException(204, "No Content"));
        authorizer.access("UPDATE", domain + ":resource1", p2, domain);
        fail();
    } catch (ZMSClientException ex) {
        assertTrue(true);
    }
    try {
        Mockito.when(mockZMSClient.addCredentials(p3)).thenThrow(new ZMSClientException(404, "Not Found"));
        authorizer.access("UPDATE", domain + ":resource1", p3, domain);
        fail();
    } catch (ZMSClientException ex) {
        assertTrue(true);
    }
    authorizer.close();
}
Also used : ZMSAuthorizer(com.yahoo.athenz.zms.ZMSAuthorizer) Principal(com.yahoo.athenz.auth.Principal) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Test(org.testng.annotations.Test)

Aggregations

ZMSAuthorizer (com.yahoo.athenz.zms.ZMSAuthorizer)7 Test (org.testng.annotations.Test)6 Principal (com.yahoo.athenz.auth.Principal)4 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)4 PrintWriter (java.io.PrintWriter)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial