Example 1 with KeyValueCollectionPermission
use of ddf.security.permission.KeyValueCollectionPermission in project ddf by codice.
the class AdminConfigPolicy method parsePermissions.
public Map<String, List<KeyValueCollectionPermission>> parsePermissions(List<String> policies) {
Map<String, List<KeyValueCollectionPermission>> newPolicyPermissions = new HashMap<>();
for (String policy : policies) {
if (StringUtils.isEmpty(policy)) {
continue;
}
//Example input: featureName="attributeName=attributeValue","attributeName2=attributeValue2"
String[] policyTrimmed = policy.replaceAll("\\s+", "").split("=", 2);
String permissionName = policyTrimmed[0];
String policyAttributes = policyTrimmed[1];
List<KeyValueCollectionPermission> permissionAttributeMap = new ArrayList<>();
for (String policyAttribute : policyAttributes.split(",")) {
policyAttribute = policyAttribute.replace("\"", "");
policyAttribute = policyAttribute.replaceAll("\\s+", "");
String[] policyAttributeSplit = policyAttribute.split("=");
String attributeName = policyAttributeSplit[0];
String attributeValue = policyAttributeSplit[1];
KeyValueCollectionPermission newPermission = new KeyValueCollectionPermission(null, new KeyValuePermission(attributeName, Sets.newHashSet(attributeValue)));
permissionAttributeMap.add(newPermission);
}
if (newPolicyPermissions.containsKey(permissionName)) {
LOGGER.debug("Policy extension settings for {} already exist, overwriting", permissionName);
}
newPolicyPermissions.put(permissionName, permissionAttributeMap);
}
return newPolicyPermissions;
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
ArrayList(java.util.ArrayList)
List(java.util.List)
KeyValuePermission(ddf.security.permission.KeyValuePermission)
Example 2 with KeyValueCollectionPermission
use of ddf.security.permission.KeyValueCollectionPermission in project ddf by codice.
the class AdminConfigPolicyTest method testRemoveSomePermissions.
@Test
public void testRemoveSomePermissions() {
AdminConfigPolicy adminConfigPolicy = new AdminConfigPolicy();
List<String> featurePolicyPermissions = getValidPolicyPermissions();
List<String> servicePolicyPermissions = getValidPolicyPermissions();
featurePolicyPermissions.add(TEST_PERMISSION_VALUE + UNAUTHORIZED + "=\"" + TEST_ATTRIBUTE_NAME + UNAUTHORIZED + "=" + TEST_ATTRIBUTE_VALUE + UNAUTHORIZED + "\"");
servicePolicyPermissions.add(TEST_PERMISSION_VALUE + UNAUTHORIZED + "=\"" + TEST_ATTRIBUTE_NAME + UNAUTHORIZED + "=" + TEST_ATTRIBUTE_VALUE + UNAUTHORIZED + "\"");
adminConfigPolicy.setFeaturePolicies(featurePolicyPermissions);
adminConfigPolicy.setServicePolicies(servicePolicyPermissions);
List<KeyValuePermission> matchOneFeaturePermissions = getMatchOnePermissions(AdminConfigPolicy.FEATURE_NAME);
matchOneFeaturePermissions.add(new KeyValuePermission(AdminConfigPolicy.FEATURE_NAME, Sets.newHashSet(TEST_PERMISSION_VALUE + UNAUTHORIZED)));
List<KeyValuePermission> matchOneServicePermissions = getMatchOnePermissions(AdminConfigPolicy.SERVICE_PID);
matchOneServicePermissions.add(new KeyValuePermission(AdminConfigPolicy.SERVICE_PID, Sets.newHashSet(TEST_PERMISSION_VALUE + UNAUTHORIZED)));
List<KeyValuePermission> matchOneInvalidActionPermission = new ArrayList<>();
matchOneInvalidActionPermission.add(new KeyValuePermission("UNKNOWN_ACTION", Sets.newHashSet(TEST_PERMISSION_VALUE)));
KeyValueCollectionPermission requestedFeaturePermissions = new KeyValueCollectionPermission(AdminConfigPolicy.VIEW_FEATURE_ACTION, matchOneFeaturePermissions.stream().toArray(KeyValuePermission[]::new));
KeyValueCollectionPermission requestedServicePermissions = new KeyValueCollectionPermission(AdminConfigPolicy.VIEW_SERVICE_ACTION, matchOneServicePermissions.stream().toArray(KeyValuePermission[]::new));
KeyValueCollectionPermission requestedInvalidActionPermissions = new KeyValueCollectionPermission("UNKNOWN_ACTION", matchOneInvalidActionPermission.stream().toArray(KeyValuePermission[]::new));
assertEquals(1, adminConfigPolicy.isPermittedMatchOne(getSubjectPermissions(), requestedFeaturePermissions).getPermissionList().size());
assertEquals(1, adminConfigPolicy.isPermittedMatchOne(getSubjectPermissions(), requestedServicePermissions).getPermissionList().size());
assertEquals(1, adminConfigPolicy.isPermittedMatchOne(getSubjectPermissions(), requestedServicePermissions).getPermissionList().size());
assertEquals(1, adminConfigPolicy.isPermittedMatchOne(getSubjectPermissions(), requestedInvalidActionPermissions).getPermissionList().size());
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
ArrayList(java.util.ArrayList)
KeyValuePermission(ddf.security.permission.KeyValuePermission)
Test(org.junit.Test)
Example 3 with KeyValueCollectionPermission
use of ddf.security.permission.KeyValueCollectionPermission in project ddf by codice.
the class AdminConfigPolicyTest method testInvalidPolicyConfigs.
@Test
public void testInvalidPolicyConfigs() {
AdminConfigPolicy adminConfigPolicy = new AdminConfigPolicy();
adminConfigPolicy.setFeaturePolicies(getValidPolicyPermissions());
for (int i = 0; i < 3; i++) {
List<KeyValueCollectionPermission> featurePolicyPermissions = adminConfigPolicy.featurePolicyPermissions.get(TEST_PERMISSION_VALUE + i);
assertNotNull(featurePolicyPermissions);
assertEquals(featurePolicyPermissions.size(), 1);
KeyValuePermission featurePolicyPermission = (KeyValuePermission) featurePolicyPermissions.get(0).getPermissionList().get(0);
assertEquals(featurePolicyPermission.getKey(), TEST_ATTRIBUTE_NAME + i);
assertEquals(featurePolicyPermission.getValues(), Sets.newHashSet(TEST_ATTRIBUTE_VALUE + i));
}
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
KeyValuePermission(ddf.security.permission.KeyValuePermission)
Test(org.junit.Test)
Example 4 with KeyValueCollectionPermission
use of ddf.security.permission.KeyValueCollectionPermission in project ddf by codice.
the class AdminConfigPolicyTest method getSubjectPermissions.
public KeyValueCollectionPermission getSubjectPermissions() {
KeyValueCollectionPermission subjectCollectionPermissions = new KeyValueCollectionPermission();
subjectCollectionPermissions.addAll(new HashMap<String, List<String>>() {
{
for (int i = 0; i < 3; i++) {
put(TEST_ATTRIBUTE_NAME + i, Arrays.asList(TEST_ATTRIBUTE_VALUE + i));
}
}
});
return subjectCollectionPermissions;
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
List(java.util.List)
ArrayList(java.util.ArrayList)
Example 5 with KeyValueCollectionPermission
use of ddf.security.permission.KeyValueCollectionPermission in project ddf by codice.
the class DefaultContextAttributeMappingTest method setup.
@Before
public void setup() {
List<KeyValuePermission> userPerms = new ArrayList<KeyValuePermission>();
userPerms.add(new KeyValuePermission("role", Arrays.asList("admin")));
userPerms.add(new KeyValuePermission("controls", Arrays.asList("Foo", "Bar")));
userPerms.add(new KeyValuePermission("control", Arrays.asList("Foo")));
userPermissions = new KeyValueCollectionPermission("context", userPerms);
roleMapping = new DefaultContextAttributeMapping("context", "role", "admin");
roleMapping2 = new DefaultContextAttributeMapping("context", "role", "charlie");
controlsMapping = new DefaultContextAttributeMapping("context", "controls", "Foo");
controlMapping = new DefaultContextAttributeMapping("context", "control", "Bar");
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
ArrayList(java.util.ArrayList)
DefaultContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping)
KeyValuePermission(ddf.security.permission.KeyValuePermission)
Before(org.junit.Before)
Aggregations
KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)38
ArrayList (java.util.ArrayList)19
Test (org.junit.Test)18
KeyValuePermission (ddf.security.permission.KeyValuePermission)15
List (java.util.List)10
RequestType (oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)9
CollectionPermission (ddf.security.permission.CollectionPermission)8
HashMap (java.util.HashMap)7
Permission (org.apache.shiro.authz.Permission)7
StopProcessingException (ddf.catalog.plugin.StopProcessingException)6
Attribute (ddf.catalog.data.Attribute)5
Subject (org.apache.shiro.subject.Subject)5
Metacard (ddf.catalog.data.Metacard)4
PolicyExtension (ddf.security.policy.extension.PolicyExtension)4
FilterResult (ddf.catalog.security.FilterResult)3
FilterStrategy (ddf.catalog.security.FilterStrategy)3
Subject (ddf.security.Subject)3
UpdateRequest (ddf.catalog.operation.UpdateRequest)2
PdpException (ddf.security.pdp.realm.xacml.processor.PdpException)2
HashSet (java.util.HashSet)2
