Examples with CollectionPermission ddf.security.permission.CollectionPermission used on opensource projects

Search in sources :

Example 1 with CollectionPermission

use of ddf.security.permission.CollectionPermission in project ddf by codice.

the class AuthorizationFilter method doFilter.

@SuppressWarnings("PackageAccessibility")
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest httpRequest = (HttpServletRequest) request;
    HttpServletResponse httpResponse = (HttpServletResponse) response;
    Subject subject = null;
    if (request.getAttribute(ContextPolicy.NO_AUTH_POLICY) != null) {
        LOGGER.debug("NO_AUTH_POLICY header was found, skipping authorization filter.");
        chain.doFilter(request, response);
    } else {
        try {
            subject = SecurityUtils.getSubject();
        } catch (Exception e) {
            LOGGER.debug("Unable to retrieve user from request.", e);
        }
        boolean permitted = true;
        final String path = httpRequest.getRequestURI();
        ContextPolicy policy = contextPolicyManager.getContextPolicy(path);
        CollectionPermission permissions = null;
        if (policy != null && subject != null) {
            permissions = policy.getAllowedAttributePermissions();
            if (!permissions.isEmpty()) {
                permitted = subject.isPermitted(permissions);
            }
        } else {
            LOGGER.warn("Unable to determine policy for path {}. User is not permitted to continue. Check policy configuration!", path);
            permitted = false;
        }
        if (!permitted) {
            SecurityLogger.audit("Subject not authorized to view resource {}", path);
            LOGGER.debug("Subject not authorized.");
            returnNotAuthorized(httpResponse);
        } else {
            if (!permissions.isEmpty()) {
                SecurityLogger.audit("Subject is authorized to view resource {}", path);
            }
            LOGGER.debug("Subject is authorized!");
            chain.doFilter(request, response);
        }
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse) CollectionPermission(ddf.security.permission.CollectionPermission) Subject(org.apache.shiro.subject.Subject) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy)

Example 2 with CollectionPermission

use of ddf.security.permission.CollectionPermission in project ddf by codice.

the class PolicyManagerTest method testSimpleAttributeMappings.

@Test
public void testSimpleAttributeMappings() {
    for (Map.Entry<String, List<ContextAttributeMapping>> entry : simpleAttributeMap.entrySet()) {
        ContextPolicy policy = manager.getContextPolicy(entry.getKey());
        CollectionPermission permission = policy.getAllowedAttributePermissions();
        assertThat(permission.implies(entry.getValue().get(0).getAttributePermission()), is(true));
    }
}
Also used : ArrayList(java.util.ArrayList) List(java.util.List) CollectionPermission(ddf.security.permission.CollectionPermission) ImmutableMap(com.google.common.collect.ImmutableMap) HashMap(java.util.HashMap) Map(java.util.Map) ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy) Test(org.junit.Test)

Example 3 with CollectionPermission

use of ddf.security.permission.CollectionPermission in project ddf by codice.

the class PolicyManagerTest method testComplexPaths.

@Test
public void testComplexPaths() {
    CollectionPermission rootPermissions = manager.getContextPolicy("/x").getAllowedAttributePermissions();
    CollectionPermission noPermissions = manager.getContextPolicy("/x/y").getAllowedAttributePermissions();
    CollectionPermission lastPermission = manager.getContextPolicy("/x/y/z").getAllowedAttributePermissions();
    assertThat(noPermissions.implies(rootPermissions), is(true));
    assertThat(rootPermissions.implies(lastPermission), is(false));
    assertThat(lastPermission.implies(noPermissions), is(false));
}
Also used : CollectionPermission(ddf.security.permission.CollectionPermission) Test(org.junit.Test)

Example 4 with CollectionPermission

use of ddf.security.permission.CollectionPermission in project ddf by codice.

the class WorkspacePolicyExtensionTest method testShouldRemoveRolesAndEmailsWhenOverridden1.

@Test
public void testShouldRemoveRolesAndEmailsWhenOverridden1() {
    List<Permission> before = ImmutableList.of(RANDOM, ROLES, EMAILS);
    doReturn(before).when(match).getPermissionList();
    extension.setSystemUserAttribute(Constants.EMAIL_ADDRESS_CLAIM_URI);
    extension.setSystemUserAttributeValue("admin@localhost");
    CollectionPermission subject = subjectFrom(ADMIN_EMAIL);
    List<Permission> after = extension.isPermittedMatchAll(subject, match).getPermissionList();
    assertThat(after, is(ImmutableList.of(RANDOM)));
}
Also used : CollectionPermission(ddf.security.permission.CollectionPermission) KeyValuePermission(ddf.security.permission.KeyValuePermission) Permission(org.apache.shiro.authz.Permission) KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) CollectionPermission(ddf.security.permission.CollectionPermission) KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) Test(org.junit.Test)

Example 5 with CollectionPermission

use of ddf.security.permission.CollectionPermission in project ddf by codice.

the class WorkspacePolicyExtensionTest method testShouldKeepAllWhenNoneImplied.

@Test
public void testShouldKeepAllWhenNoneImplied() {
    List<Permission> before = ImmutableList.of(RANDOM, ROLES, EMAILS);
    doReturn(before).when(match).getPermissionList();
    CollectionPermission subject = makeSubject((p) -> false);
    List<Permission> after = extension.isPermittedMatchAll(subject, match).getPermissionList();
    assertThat(after, is(before));
}
Also used : CollectionPermission(ddf.security.permission.CollectionPermission) KeyValuePermission(ddf.security.permission.KeyValuePermission) Permission(org.apache.shiro.authz.Permission) KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) CollectionPermission(ddf.security.permission.CollectionPermission) KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) Test(org.junit.Test)

Aggregations

CollectionPermission (ddf.security.permission.CollectionPermission)21 Test (org.junit.Test)16 KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)13 KeyValuePermission (ddf.security.permission.KeyValuePermission)12 Permission (org.apache.shiro.authz.Permission)10 Subject (ddf.security.Subject)5 SecurityAssertion (ddf.security.assertion.SecurityAssertion)5 SecurityManager (ddf.security.service.SecurityManager)4 Message (org.apache.cxf.message.Message)4 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)4 InvocationOnMock (org.mockito.invocation.InvocationOnMock)4 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)4 ArrayList (java.util.ArrayList)3 QName (javax.xml.namespace.QName)3 Exchange (org.apache.cxf.message.Exchange)3 BindingOperationInfo (org.apache.cxf.service.model.BindingOperationInfo)3 ContextPolicy (org.codice.ddf.security.policy.context.ContextPolicy)3 PolicyExtension (ddf.security.policy.extension.PolicyExtension)2 List (java.util.List)2 ImmutableMap (com.google.common.collect.ImmutableMap)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial