Examples with AccessCheckStatus com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus used on opensource projects

Example 16 with AccessCheckStatus

use of com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus in project athenz by yahoo.

the class TestAuthZpe method testAllowAccessNullAccessToken.

@Test
public void testAllowAccessNullAccessToken() {
    String action = "all";
    String resource = "angler:stuff";
    StringBuilder roleName = new StringBuilder();
    AccessCheckStatus status = AuthZpeClient.allowAccess((AccessToken) null, resource, action, roleName);
    Assert.assertEquals(status, AccessCheckStatus.DENY_ROLETOKEN_INVALID);
}

Example 17 with AccessCheckStatus

use of com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus in project athenz by yahoo.

the class TestAuthZpe method testWrongKeyId.

@Test
public void testWrongKeyId() {
    String action = "REad";
    StringBuilder roleName = new StringBuilder();
    // Test key id 0 on Sports domain - should fail because its signed with key id 1
    String resource = "sports.NFL_DB";
    AccessCheckStatus status = AuthZpeClient.allowAccess(rToken0SportsAdmin, resource, action, roleName);
    Assert.assertEquals(status, AccessCheckStatus.ALLOW);
    Assert.assertEquals(roleName.toString(), "admin");
    // multi tokens test
    List<String> tokenList = new ArrayList<String>();
    tokenList.add(rToken0SportsAdmin.getSignedToken());
    tokenList.add(rToken0CoreTechPublic.getSignedToken());
    roleName = new StringBuilder();
    status = AuthZpeClient.allowAccess(tokenList, resource, action, roleName);
    Assert.assertEquals(status, AccessCheckStatus.ALLOW);
    Assert.assertEquals(roleName.toString(), "admin");
    // multi tokens test with duplicate tokens
    tokenList = new ArrayList<String>();
    tokenList.add(rToken0SportsAdmin.getSignedToken());
    tokenList.add(rToken0SportsAdmin.getSignedToken());
    roleName = new StringBuilder();
    status = AuthZpeClient.allowAccess(tokenList, resource, action, roleName);
    Assert.assertEquals(status, AccessCheckStatus.ALLOW);
    Assert.assertEquals(roleName.toString(), "admin");
}

Example 18 with AccessCheckStatus

use of com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus in project athenz by yahoo.

the class RecServlet method doGet.

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    // retrieve and verify that our request contains an Athenz
    // role authorization token
    String athenzRoleToken = request.getHeader(ATHENZ_HEADER);
    if (athenzRoleToken == null) {
        response.sendError(403, "Forbidden - No Athenz RoleToken provided in request");
        return;
    }
    // our request starts with /athenz-data/rec/v1 so we're
    // going to skip that prefix
    String reqUri = request.getRequestURI().substring(URI_PREFIX.length());
    String responseText;
    String athenzResource;
    String athenzAction;
    switch(reqUri) {
        case "/movie":
            responseText = "Name: Slap Shot; Director: George Roy Hill";
            athenzResource = "rec.movie";
            athenzAction = "read";
            break;
        case "/tvshow":
            responseText = "Name: Middle; Channel: ABC";
            athenzResource = "rec.tvshow";
            athenzAction = "read";
            break;
        default:
            response.sendError(404, "Unknown endpoint");
            return;
    }
    // carry out the authorization check with the expected resource
    // and action values
    AccessCheckStatus status = AuthZpeClient.allowAccess(athenzRoleToken, athenzResource, athenzAction);
    if (status != AccessCheckStatus.ALLOW) {
        response.sendError(403, "Forbidden - Athenz Authorization Rejected: " + status.toString());
        return;
    }
    response.setContentType("text/plain");
    PrintWriter out = response.getWriter();
    out.println(responseText);
}

Example 19 with AccessCheckStatus

use of com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus in project athenz by yahoo.

the class TestAuthZpe method testAllowAccessCertHashMismatchNoRoleName.

@Test
public void testAllowAccessCertHashMismatchNoRoleName() throws IOException {
    String action = "all";
    String resource = "angler:stuff";
    Path path = Paths.get("src/test/resources/mtls_token_mismatch.cert");
    String certStr = new String(Files.readAllBytes(path));
    X509Certificate cert = Crypto.loadX509Certificate(certStr);
    AccessCheckStatus status = AuthZpeClient.allowAccess(accessToken0AnglerRegex, cert, null, resource, action);
    Assert.assertEquals(status, AccessCheckStatus.DENY_CERT_HASH_MISMATCH);
}

Example 20 with AccessCheckStatus

use of com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus in project athenz by yahoo.

the class TestAuthZpe method testAllowAccessMatchAll.

@Test
public void testAllowAccessMatchAll() {
    String action = "all";
    String resource = "angler:stuff";
    StringBuilder roleName = new StringBuilder();
    AccessCheckStatus status = AuthZpeClient.allowAccess(rToken0AnglerRegex, resource, action, roleName);
    Assert.assertEquals(status, AccessCheckStatus.ALLOW);
    Assert.assertEquals(roleName.toString(), "matchall");
    // multi tokens test
    List<String> tokenList = new ArrayList<>();
    tokenList.add(rToken0AnglerPublic.getSignedToken());
    tokenList.add(rToken0AnglerRegex.getSignedToken());
    roleName = new StringBuilder();
    status = AuthZpeClient.allowAccess(tokenList, resource, action, roleName);
    Assert.assertEquals(status, AccessCheckStatus.ALLOW);
    Assert.assertEquals(roleName.toString(), "matchall");
}