use of ddf.security.pdp.realm.AuthzRealm in project ddf by codice.
the class AuthzRealmTest method setup.
@Before
public void setup() throws PdpException {
String ruleClaim = "FineAccessControls";
String countryClaim = "CountryOfAffiliation";
// setup the subject permissions
List<Permission> permissions = new ArrayList<>();
KeyValuePermission rulePermission = new KeyValuePermission(ruleClaim);
rulePermission.addValue("A");
rulePermission.addValue("B");
permissions.add(rulePermission);
KeyValuePermission countryPermission = new KeyValuePermission(countryClaim);
countryPermission.addValue("AUS");
permissions.add(countryPermission);
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.addObjectPermission(rulePermission);
authorizationInfo.addObjectPermission(countryPermission);
authorizationInfo.addObjectPermission(new KeyValuePermission("role", Arrays.asList("admin")));
authorizationInfo.addRole("admin");
authorizationInfo.addStringPermission("wild");
testRealm = new AuthzRealm("src/test/resources/policies", new XmlParser()) {
@Override
public AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals) {
return authorizationInfo;
}
};
mockSubjectPrincipal = Mockito.mock(PrincipalCollection.class);
when(mockSubjectPrincipal.getPrimaryPrincipal()).thenReturn("user");
// setup the resource permissions
permissionList = new ArrayList<>();
security = new HashMap<>();
security.put("country", Arrays.asList("AUS", "CAN", "GBR"));
security.put("rule", Arrays.asList("A", "B"));
testRealm.setMatchOneMappings(Arrays.asList("CountryOfAffiliation=country"));
testRealm.setMatchAllMappings(Arrays.asList("FineAccessControls=rule"));
testRealm.setRolePermissionResolver(roleString -> Arrays.asList(new KeyValuePermission("role", Arrays.asList(roleString))));
}
use of ddf.security.pdp.realm.AuthzRealm in project ddf by codice.
the class AuthzRealmTest method testIsPermittedOneMultiple.
@Test
public void testIsPermittedOneMultiple() throws PdpException {
permissionList.clear();
KeyValuePermission kvp = new KeyValuePermission("country", Arrays.asList("AUS", "CAN", "GBR"));
permissionList.add(kvp);
String ruleClaim = "FineAccessControls";
String countryClaim = "CountryOfAffiliation";
// create a new user here with multiple country permissions to test
List<Permission> permissions = new ArrayList<Permission>();
KeyValuePermission rulePermission = new KeyValuePermission(ruleClaim);
rulePermission.addValue("A");
rulePermission.addValue("B");
permissions.add(rulePermission);
KeyValuePermission countryPermission = new KeyValuePermission(countryClaim);
countryPermission.addValue("USA");
countryPermission.addValue("AUS");
permissions.add(countryPermission);
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.addObjectPermission(rulePermission);
authorizationInfo.addObjectPermission(countryPermission);
authorizationInfo.addRole("admin");
AuthzRealm testRealm = new AuthzRealm("src/test/resources/policies", new XmlParser()) {
@Override
public AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals) {
return authorizationInfo;
}
};
testRealm.setMatchOneMappings(Arrays.asList("CountryOfAffiliation=country"));
testRealm.setMatchAllMappings(Arrays.asList("FineAccessControls=rule"));
testRealm.setRolePermissionResolver(roleString -> Arrays.asList(new KeyValuePermission("role", Arrays.asList(roleString))));
boolean[] permittedArray = testRealm.isPermitted(mockSubjectPrincipal, permissionList);
for (boolean permitted : permittedArray) {
Assert.assertEquals(true, permitted);
}
}
Aggregations