Example 16 with KeyValueCollectionPermission
use of ddf.security.permission.KeyValueCollectionPermission in project ddf by codice.
the class XacmlPdpTest method testActionBadCountry.
@Test
public void testActionBadCountry() {
RequestType request = testRealm.createXACMLRequest(USER_NAME, generateSubjectInfo("CAN"), new KeyValueCollectionPermission(QUERY_ACTION));
assertFalse(testRealm.isPermitted(request));
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
RequestType(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)
Test(org.junit.Test)
Example 17 with KeyValueCollectionPermission
use of ddf.security.permission.KeyValueCollectionPermission in project ddf by codice.
the class XacmlPdpTest method testActionBadAction.
@Test
public void testActionBadAction() {
RequestType request = testRealm.createXACMLRequest(USER_NAME, generateSubjectInfo(TEST_COUNTRY), new KeyValueCollectionPermission("bad"));
assertFalse(testRealm.isPermitted(request));
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
RequestType(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)
Test(org.junit.Test)
Example 18 with KeyValueCollectionPermission
use of ddf.security.permission.KeyValueCollectionPermission in project ddf by codice.
the class XacmlPdpTest method testEnvironmentVariables.
@Test
public void testEnvironmentVariables() {
RequestType request = testRealm.createXACMLRequest(USER_NAME, generateSubjectInfo(TEST_COUNTRY), new KeyValueCollectionPermission(QUERY_ACTION));
List<AttributesType> attributes = request.getAttributes();
AttributesType environmentAttributes = null;
for (AttributesType attribute : attributes) {
if (attribute.getCategory().equals(XACMLConstants.ENVIRONMENT_CATEGORY)) {
environmentAttributes = attribute;
}
}
assertNotNull(environmentAttributes);
assertThat(environmentAttributes.getAttribute().get(0).getAttributeId(), is("item0"));
assertThat(environmentAttributes.getAttribute().get(0).getAttributeValue().size(), is(1));
assertThat(environmentAttributes.getAttribute().get(1).getAttributeId(), is("item1"));
assertThat(environmentAttributes.getAttribute().get(1).getAttributeValue().size(), is(2));
assertThat(environmentAttributes.getAttribute().get(2).getAttributeId(), is("item2"));
assertThat(environmentAttributes.getAttribute().get(2).getAttributeValue().size(), is(3));
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
AttributesType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributesType)
RequestType(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)
Test(org.junit.Test)
Example 19 with KeyValueCollectionPermission
use of ddf.security.permission.KeyValueCollectionPermission in project ddf by codice.
the class XacmlPdpTest method testResourceIsNotPermitted.
@Test
public void testResourceIsNotPermitted() {
HashMap<String, List<String>> security = new HashMap<String, List<String>>();
security.put(RESOURCE_ACCESS, Arrays.asList(ACCESS_TYPE_A, ACCESS_TYPE_B, ACCESS_TYPE_C));
KeyValueCollectionPermission resourcePermissions = new KeyValueCollectionPermission(CollectionPermission.READ_ACTION, security);
RequestType request = testRealm.createXACMLRequest(USER_NAME, generateSubjectInfo(TEST_COUNTRY), resourcePermissions);
assertFalse(testRealm.isPermitted(request));
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
List(java.util.List)
RequestType(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)
Test(org.junit.Test)
Example 20 with KeyValueCollectionPermission
use of ddf.security.permission.KeyValueCollectionPermission in project ddf by codice.
the class QueryOperations method canAccessSource.
boolean canAccessSource(FederatedSource source, QueryRequest request) {
Map<String, Set<String>> securityAttributes = source.getSecurityAttributes();
if (securityAttributes.isEmpty()) {
return true;
}
Object requestSubject = request.getProperties().get(SecurityConstants.SECURITY_SUBJECT);
if (requestSubject instanceof ddf.security.Subject) {
Subject subject = (Subject) requestSubject;
KeyValueCollectionPermission kvCollection = new KeyValueCollectionPermission(CollectionPermission.READ_ACTION, securityAttributes);
return subject.isPermitted(kvCollection);
}
return false;
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
Set(java.util.Set)
HashSet(java.util.HashSet)
Subject(ddf.security.Subject)
Aggregations
KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)38
ArrayList (java.util.ArrayList)19
Test (org.junit.Test)18
KeyValuePermission (ddf.security.permission.KeyValuePermission)15
List (java.util.List)10
RequestType (oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)9
CollectionPermission (ddf.security.permission.CollectionPermission)8
HashMap (java.util.HashMap)7
Permission (org.apache.shiro.authz.Permission)7
StopProcessingException (ddf.catalog.plugin.StopProcessingException)6
Attribute (ddf.catalog.data.Attribute)5
Subject (org.apache.shiro.subject.Subject)5
Metacard (ddf.catalog.data.Metacard)4
PolicyExtension (ddf.security.policy.extension.PolicyExtension)4
FilterResult (ddf.catalog.security.FilterResult)3
FilterStrategy (ddf.catalog.security.FilterStrategy)3
Subject (ddf.security.Subject)3
UpdateRequest (ddf.catalog.operation.UpdateRequest)2
PdpException (ddf.security.pdp.realm.xacml.processor.PdpException)2
HashSet (java.util.HashSet)2
