Search in sources :

Example 1 with AuthzRealm

use of ddf.security.pdp.realm.AuthzRealm in project ddf by codice.

the class AuthzRealmTest method setup.

@Before
public void setup() throws PdpException {
    String ruleClaim = "FineAccessControls";
    String countryClaim = "CountryOfAffiliation";
    // setup the subject permissions
    List<Permission> permissions = new ArrayList<>();
    KeyValuePermission rulePermission = new KeyValuePermission(ruleClaim);
    rulePermission.addValue("A");
    rulePermission.addValue("B");
    permissions.add(rulePermission);
    KeyValuePermission countryPermission = new KeyValuePermission(countryClaim);
    countryPermission.addValue("AUS");
    permissions.add(countryPermission);
    SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
    authorizationInfo.addObjectPermission(rulePermission);
    authorizationInfo.addObjectPermission(countryPermission);
    authorizationInfo.addObjectPermission(new KeyValuePermission("role", Arrays.asList("admin")));
    authorizationInfo.addRole("admin");
    authorizationInfo.addStringPermission("wild");
    testRealm = new AuthzRealm("src/test/resources/policies", new XmlParser()) {

        @Override
        public AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals) {
            return authorizationInfo;
        }
    };
    mockSubjectPrincipal = Mockito.mock(PrincipalCollection.class);
    when(mockSubjectPrincipal.getPrimaryPrincipal()).thenReturn("user");
    // setup the resource permissions
    permissionList = new ArrayList<>();
    security = new HashMap<>();
    security.put("country", Arrays.asList("AUS", "CAN", "GBR"));
    security.put("rule", Arrays.asList("A", "B"));
    testRealm.setMatchOneMappings(Arrays.asList("CountryOfAffiliation=country"));
    testRealm.setMatchAllMappings(Arrays.asList("FineAccessControls=rule"));
    testRealm.setRolePermissionResolver(roleString -> Arrays.asList(new KeyValuePermission("role", Arrays.asList(roleString))));
}
Also used : XmlParser(org.codice.ddf.parser.xml.XmlParser) AuthzRealm(ddf.security.pdp.realm.AuthzRealm) SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo) ArrayList(java.util.ArrayList) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) AuthorizationInfo(org.apache.shiro.authz.AuthorizationInfo) SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo) CollectionPermission(ddf.security.permission.CollectionPermission) KeyValuePermission(ddf.security.permission.KeyValuePermission) Permission(org.apache.shiro.authz.Permission) WildcardPermission(org.apache.shiro.authz.permission.WildcardPermission) KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) KeyValuePermission(ddf.security.permission.KeyValuePermission) Before(org.junit.Before)

Example 2 with AuthzRealm

use of ddf.security.pdp.realm.AuthzRealm in project ddf by codice.

the class AuthzRealmTest method testIsPermittedOneMultiple.

@Test
public void testIsPermittedOneMultiple() throws PdpException {
    permissionList.clear();
    KeyValuePermission kvp = new KeyValuePermission("country", Arrays.asList("AUS", "CAN", "GBR"));
    permissionList.add(kvp);
    String ruleClaim = "FineAccessControls";
    String countryClaim = "CountryOfAffiliation";
    // create a new user here with multiple country permissions to test
    List<Permission> permissions = new ArrayList<Permission>();
    KeyValuePermission rulePermission = new KeyValuePermission(ruleClaim);
    rulePermission.addValue("A");
    rulePermission.addValue("B");
    permissions.add(rulePermission);
    KeyValuePermission countryPermission = new KeyValuePermission(countryClaim);
    countryPermission.addValue("USA");
    countryPermission.addValue("AUS");
    permissions.add(countryPermission);
    SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
    authorizationInfo.addObjectPermission(rulePermission);
    authorizationInfo.addObjectPermission(countryPermission);
    authorizationInfo.addRole("admin");
    AuthzRealm testRealm = new AuthzRealm("src/test/resources/policies", new XmlParser()) {

        @Override
        public AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals) {
            return authorizationInfo;
        }
    };
    testRealm.setMatchOneMappings(Arrays.asList("CountryOfAffiliation=country"));
    testRealm.setMatchAllMappings(Arrays.asList("FineAccessControls=rule"));
    testRealm.setRolePermissionResolver(roleString -> Arrays.asList(new KeyValuePermission("role", Arrays.asList(roleString))));
    boolean[] permittedArray = testRealm.isPermitted(mockSubjectPrincipal, permissionList);
    for (boolean permitted : permittedArray) {
        Assert.assertEquals(true, permitted);
    }
}
Also used : XmlParser(org.codice.ddf.parser.xml.XmlParser) AuthzRealm(ddf.security.pdp.realm.AuthzRealm) SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo) ArrayList(java.util.ArrayList) CollectionPermission(ddf.security.permission.CollectionPermission) KeyValuePermission(ddf.security.permission.KeyValuePermission) Permission(org.apache.shiro.authz.Permission) WildcardPermission(org.apache.shiro.authz.permission.WildcardPermission) KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) KeyValuePermission(ddf.security.permission.KeyValuePermission) Test(org.junit.Test)

Aggregations

AuthzRealm (ddf.security.pdp.realm.AuthzRealm)2 CollectionPermission (ddf.security.permission.CollectionPermission)2 KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)2 KeyValuePermission (ddf.security.permission.KeyValuePermission)2 ArrayList (java.util.ArrayList)2 Permission (org.apache.shiro.authz.Permission)2 SimpleAuthorizationInfo (org.apache.shiro.authz.SimpleAuthorizationInfo)2 WildcardPermission (org.apache.shiro.authz.permission.WildcardPermission)2 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)2 XmlParser (org.codice.ddf.parser.xml.XmlParser)2 AuthorizationInfo (org.apache.shiro.authz.AuthorizationInfo)1 Before (org.junit.Before)1 Test (org.junit.Test)1