Example 21 with KeyValueCollectionPermission
use of ddf.security.permission.KeyValueCollectionPermission in project ddf by codice.
the class AbstractAuthorizingRealm method expandPermissions.
protected List<Permission> expandPermissions(List<Permission> permissions) {
Collection<Expansion> expansionServices = getMetacardExpansionServices();
if (CollectionUtils.isEmpty(expansionServices)) {
return permissions;
}
List<Permission> expandedPermissions = new ArrayList<>(permissions.size());
for (Permission permission : permissions) {
if (permission instanceof KeyValuePermission) {
for (Expansion expansionService : expansionServices) {
Set<String> expandedSet = expansionService.expand(((KeyValuePermission) permission).getKey(), new HashSet<>(((KeyValuePermission) permission).getValues()));
expandedPermissions.add(new KeyValuePermission(((KeyValuePermission) permission).getKey(), expandedSet));
}
} else if (permission instanceof KeyValueCollectionPermission) {
List<Permission> keyValuePermissionList = ((KeyValueCollectionPermission) permission).getKeyValuePermissionList();
List<Permission> expandedCollection = expandPermissions(keyValuePermissionList);
//we know that everything in a key value collection is a key value permission so just do the unchecked cast
List<KeyValuePermission> castedList = castToKeyValueList(expandedCollection);
expandedPermissions.add(new KeyValueCollectionPermission(((KeyValueCollectionPermission) permission).getAction(), castedList));
} else {
expandedPermissions.add(permission);
}
}
return expandedPermissions;
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
ArrayList(java.util.ArrayList)
KeyValuePermission(ddf.security.permission.KeyValuePermission)
Permission(org.apache.shiro.authz.Permission)
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
ArrayList(java.util.ArrayList)
List(java.util.List)
XSString(org.opensaml.core.xml.schema.XSString)
Expansion(ddf.security.expansion.Expansion)
KeyValuePermission(ddf.security.permission.KeyValuePermission)
Example 22 with KeyValueCollectionPermission
use of ddf.security.permission.KeyValueCollectionPermission in project ddf by codice.
the class OperationPluginTest method makeDecision.
private Answer<Boolean> makeDecision() {
Map<String, List<String>> testRoleMap = new HashMap<String, List<String>>();
List<String> testRoles = new ArrayList<String>();
testRoles.add("A");
testRoles.add("B");
testRoleMap.put("Roles", testRoles);
final KeyValueCollectionPermission testUserPermission = new KeyValueCollectionPermission(CollectionPermission.READ_ACTION, testRoleMap);
return new Answer<Boolean>() {
@Override
public Boolean answer(InvocationOnMock invocation) {
Object[] args = invocation.getArguments();
Permission incomingPermission = (Permission) args[1];
return testUserPermission.implies(incomingPermission);
}
};
}
Also used :
Answer(org.mockito.stubbing.Answer)
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
HashMap(java.util.HashMap)
InvocationOnMock(org.mockito.invocation.InvocationOnMock)
ArrayList(java.util.ArrayList)
CollectionPermission(ddf.security.permission.CollectionPermission)
Permission(org.apache.shiro.authz.Permission)
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
ArrayList(java.util.ArrayList)
List(java.util.List)
Example 23 with KeyValueCollectionPermission
use of ddf.security.permission.KeyValueCollectionPermission in project ddf by codice.
the class XacmlPdpTest method testResourceIsPermitted.
@Test
public void testResourceIsPermitted() {
HashMap<String, List<String>> security = new HashMap<String, List<String>>();
security.put(RESOURCE_ACCESS, Arrays.asList(ACCESS_TYPE_A));
KeyValueCollectionPermission resourcePermissions = new KeyValueCollectionPermission(CollectionPermission.READ_ACTION, security);
RequestType request = testRealm.createXACMLRequest(USER_NAME, generateSubjectInfo(TEST_COUNTRY), resourcePermissions);
assertTrue(testRealm.isPermitted(request));
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
List(java.util.List)
RequestType(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)
Test(org.junit.Test)
Example 24 with KeyValueCollectionPermission
use of ddf.security.permission.KeyValueCollectionPermission in project ddf by codice.
the class AuthzRealmTest method testBadPolicyExtension.
@Test
public void testBadPolicyExtension() {
permissionList.clear();
KeyValuePermission kvp = new KeyValuePermission("country", Arrays.asList("AUS", "CAN", "GBR"));
permissionList.add(kvp);
testRealm.addPolicyExtension(new PolicyExtension() {
@Override
public KeyValueCollectionPermission isPermittedMatchAll(CollectionPermission subjectAllCollection, KeyValueCollectionPermission matchAllCollection) {
throw new NullPointerException();
}
@Override
public KeyValueCollectionPermission isPermittedMatchOne(CollectionPermission subjectAllCollection, KeyValueCollectionPermission matchOneCollection) {
throw new NullPointerException();
}
});
boolean[] permittedArray = testRealm.isPermitted(mockSubjectPrincipal, permissionList);
for (boolean permitted : permittedArray) {
Assert.assertEquals(true, permitted);
}
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
CollectionPermission(ddf.security.permission.CollectionPermission)
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
PolicyExtension(ddf.security.policy.extension.PolicyExtension)
KeyValuePermission(ddf.security.permission.KeyValuePermission)
Test(org.junit.Test)
Example 25 with KeyValueCollectionPermission
use of ddf.security.permission.KeyValueCollectionPermission in project ddf by codice.
the class AuthzRealmTest method testIsPermitted.
@Test
public void testIsPermitted() {
permissionList.clear();
KeyValueCollectionPermission kvcp = new KeyValueCollectionPermission("action", security);
permissionList.add(kvcp);
boolean[] permittedArray = testRealm.isPermitted(mockSubjectPrincipal, permissionList);
for (boolean permitted : permittedArray) {
Assert.assertEquals(true, permitted);
}
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
Test(org.junit.Test)
Aggregations
KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)38
ArrayList (java.util.ArrayList)19
Test (org.junit.Test)18
KeyValuePermission (ddf.security.permission.KeyValuePermission)15
List (java.util.List)10
RequestType (oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)9
CollectionPermission (ddf.security.permission.CollectionPermission)8
HashMap (java.util.HashMap)7
Permission (org.apache.shiro.authz.Permission)7
StopProcessingException (ddf.catalog.plugin.StopProcessingException)6
Attribute (ddf.catalog.data.Attribute)5
Subject (org.apache.shiro.subject.Subject)5
Metacard (ddf.catalog.data.Metacard)4
PolicyExtension (ddf.security.policy.extension.PolicyExtension)4
FilterResult (ddf.catalog.security.FilterResult)3
FilterStrategy (ddf.catalog.security.FilterStrategy)3
Subject (ddf.security.Subject)3
UpdateRequest (ddf.catalog.operation.UpdateRequest)2
PdpException (ddf.security.pdp.realm.xacml.processor.PdpException)2
HashSet (java.util.HashSet)2
