Search in sources :

Example 1 with KeyValuePermission

use of ddf.security.permission.KeyValuePermission in project ddf by codice.

the class AdminConfigPolicy method parsePermissions.

public Map<String, List<KeyValueCollectionPermission>> parsePermissions(List<String> policies) {
    Map<String, List<KeyValueCollectionPermission>> newPolicyPermissions = new HashMap<>();
    for (String policy : policies) {
        if (StringUtils.isEmpty(policy)) {
            continue;
        }
        //Example input: featureName="attributeName=attributeValue","attributeName2=attributeValue2"
        String[] policyTrimmed = policy.replaceAll("\\s+", "").split("=", 2);
        String permissionName = policyTrimmed[0];
        String policyAttributes = policyTrimmed[1];
        List<KeyValueCollectionPermission> permissionAttributeMap = new ArrayList<>();
        for (String policyAttribute : policyAttributes.split(",")) {
            policyAttribute = policyAttribute.replace("\"", "");
            policyAttribute = policyAttribute.replaceAll("\\s+", "");
            String[] policyAttributeSplit = policyAttribute.split("=");
            String attributeName = policyAttributeSplit[0];
            String attributeValue = policyAttributeSplit[1];
            KeyValueCollectionPermission newPermission = new KeyValueCollectionPermission(null, new KeyValuePermission(attributeName, Sets.newHashSet(attributeValue)));
            permissionAttributeMap.add(newPermission);
        }
        if (newPolicyPermissions.containsKey(permissionName)) {
            LOGGER.debug("Policy extension settings for {} already exist, overwriting", permissionName);
        }
        newPolicyPermissions.put(permissionName, permissionAttributeMap);
    }
    return newPolicyPermissions;
}
Also used : KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) ArrayList(java.util.ArrayList) List(java.util.List) KeyValuePermission(ddf.security.permission.KeyValuePermission)

Example 2 with KeyValuePermission

use of ddf.security.permission.KeyValuePermission in project ddf by codice.

the class AdminConfigPolicyTest method testRemoveSomePermissions.

@Test
public void testRemoveSomePermissions() {
    AdminConfigPolicy adminConfigPolicy = new AdminConfigPolicy();
    List<String> featurePolicyPermissions = getValidPolicyPermissions();
    List<String> servicePolicyPermissions = getValidPolicyPermissions();
    featurePolicyPermissions.add(TEST_PERMISSION_VALUE + UNAUTHORIZED + "=\"" + TEST_ATTRIBUTE_NAME + UNAUTHORIZED + "=" + TEST_ATTRIBUTE_VALUE + UNAUTHORIZED + "\"");
    servicePolicyPermissions.add(TEST_PERMISSION_VALUE + UNAUTHORIZED + "=\"" + TEST_ATTRIBUTE_NAME + UNAUTHORIZED + "=" + TEST_ATTRIBUTE_VALUE + UNAUTHORIZED + "\"");
    adminConfigPolicy.setFeaturePolicies(featurePolicyPermissions);
    adminConfigPolicy.setServicePolicies(servicePolicyPermissions);
    List<KeyValuePermission> matchOneFeaturePermissions = getMatchOnePermissions(AdminConfigPolicy.FEATURE_NAME);
    matchOneFeaturePermissions.add(new KeyValuePermission(AdminConfigPolicy.FEATURE_NAME, Sets.newHashSet(TEST_PERMISSION_VALUE + UNAUTHORIZED)));
    List<KeyValuePermission> matchOneServicePermissions = getMatchOnePermissions(AdminConfigPolicy.SERVICE_PID);
    matchOneServicePermissions.add(new KeyValuePermission(AdminConfigPolicy.SERVICE_PID, Sets.newHashSet(TEST_PERMISSION_VALUE + UNAUTHORIZED)));
    List<KeyValuePermission> matchOneInvalidActionPermission = new ArrayList<>();
    matchOneInvalidActionPermission.add(new KeyValuePermission("UNKNOWN_ACTION", Sets.newHashSet(TEST_PERMISSION_VALUE)));
    KeyValueCollectionPermission requestedFeaturePermissions = new KeyValueCollectionPermission(AdminConfigPolicy.VIEW_FEATURE_ACTION, matchOneFeaturePermissions.stream().toArray(KeyValuePermission[]::new));
    KeyValueCollectionPermission requestedServicePermissions = new KeyValueCollectionPermission(AdminConfigPolicy.VIEW_SERVICE_ACTION, matchOneServicePermissions.stream().toArray(KeyValuePermission[]::new));
    KeyValueCollectionPermission requestedInvalidActionPermissions = new KeyValueCollectionPermission("UNKNOWN_ACTION", matchOneInvalidActionPermission.stream().toArray(KeyValuePermission[]::new));
    assertEquals(1, adminConfigPolicy.isPermittedMatchOne(getSubjectPermissions(), requestedFeaturePermissions).getPermissionList().size());
    assertEquals(1, adminConfigPolicy.isPermittedMatchOne(getSubjectPermissions(), requestedServicePermissions).getPermissionList().size());
    assertEquals(1, adminConfigPolicy.isPermittedMatchOne(getSubjectPermissions(), requestedServicePermissions).getPermissionList().size());
    assertEquals(1, adminConfigPolicy.isPermittedMatchOne(getSubjectPermissions(), requestedInvalidActionPermissions).getPermissionList().size());
}
Also used : KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) ArrayList(java.util.ArrayList) KeyValuePermission(ddf.security.permission.KeyValuePermission) Test(org.junit.Test)

Example 3 with KeyValuePermission

use of ddf.security.permission.KeyValuePermission in project ddf by codice.

the class AdminConfigPolicyTest method testInvalidPolicyConfigs.

@Test
public void testInvalidPolicyConfigs() {
    AdminConfigPolicy adminConfigPolicy = new AdminConfigPolicy();
    adminConfigPolicy.setFeaturePolicies(getValidPolicyPermissions());
    for (int i = 0; i < 3; i++) {
        List<KeyValueCollectionPermission> featurePolicyPermissions = adminConfigPolicy.featurePolicyPermissions.get(TEST_PERMISSION_VALUE + i);
        assertNotNull(featurePolicyPermissions);
        assertEquals(featurePolicyPermissions.size(), 1);
        KeyValuePermission featurePolicyPermission = (KeyValuePermission) featurePolicyPermissions.get(0).getPermissionList().get(0);
        assertEquals(featurePolicyPermission.getKey(), TEST_ATTRIBUTE_NAME + i);
        assertEquals(featurePolicyPermission.getValues(), Sets.newHashSet(TEST_ATTRIBUTE_VALUE + i));
    }
}
Also used : KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) KeyValuePermission(ddf.security.permission.KeyValuePermission) Test(org.junit.Test)

Example 4 with KeyValuePermission

use of ddf.security.permission.KeyValuePermission in project ddf by codice.

the class DefaultContextAttributeMappingTest method setup.

@Before
public void setup() {
    List<KeyValuePermission> userPerms = new ArrayList<KeyValuePermission>();
    userPerms.add(new KeyValuePermission("role", Arrays.asList("admin")));
    userPerms.add(new KeyValuePermission("controls", Arrays.asList("Foo", "Bar")));
    userPerms.add(new KeyValuePermission("control", Arrays.asList("Foo")));
    userPermissions = new KeyValueCollectionPermission("context", userPerms);
    roleMapping = new DefaultContextAttributeMapping("context", "role", "admin");
    roleMapping2 = new DefaultContextAttributeMapping("context", "role", "charlie");
    controlsMapping = new DefaultContextAttributeMapping("context", "controls", "Foo");
    controlMapping = new DefaultContextAttributeMapping("context", "control", "Bar");
}
Also used : KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) ArrayList(java.util.ArrayList) DefaultContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping) KeyValuePermission(ddf.security.permission.KeyValuePermission) Before(org.junit.Before)

Example 5 with KeyValuePermission

use of ddf.security.permission.KeyValuePermission in project ddf by codice.

the class AuthzRealmTest method setup.

@Before
public void setup() throws PdpException {
    String ruleClaim = "FineAccessControls";
    String countryClaim = "CountryOfAffiliation";
    // setup the subject permissions
    List<Permission> permissions = new ArrayList<>();
    KeyValuePermission rulePermission = new KeyValuePermission(ruleClaim);
    rulePermission.addValue("A");
    rulePermission.addValue("B");
    permissions.add(rulePermission);
    KeyValuePermission countryPermission = new KeyValuePermission(countryClaim);
    countryPermission.addValue("AUS");
    permissions.add(countryPermission);
    SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
    authorizationInfo.addObjectPermission(rulePermission);
    authorizationInfo.addObjectPermission(countryPermission);
    authorizationInfo.addObjectPermission(new KeyValuePermission("role", Arrays.asList("admin")));
    authorizationInfo.addRole("admin");
    authorizationInfo.addStringPermission("wild");
    testRealm = new AuthzRealm("src/test/resources/policies", new XmlParser()) {

        @Override
        public AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals) {
            return authorizationInfo;
        }
    };
    mockSubjectPrincipal = Mockito.mock(PrincipalCollection.class);
    when(mockSubjectPrincipal.getPrimaryPrincipal()).thenReturn("user");
    // setup the resource permissions
    permissionList = new ArrayList<>();
    security = new HashMap<>();
    security.put("country", Arrays.asList("AUS", "CAN", "GBR"));
    security.put("rule", Arrays.asList("A", "B"));
    testRealm.setMatchOneMappings(Arrays.asList("CountryOfAffiliation=country"));
    testRealm.setMatchAllMappings(Arrays.asList("FineAccessControls=rule"));
    testRealm.setRolePermissionResolver(roleString -> Arrays.asList(new KeyValuePermission("role", Arrays.asList(roleString))));
}
Also used : XmlParser(org.codice.ddf.parser.xml.XmlParser) AuthzRealm(ddf.security.pdp.realm.AuthzRealm) SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo) ArrayList(java.util.ArrayList) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) AuthorizationInfo(org.apache.shiro.authz.AuthorizationInfo) SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo) CollectionPermission(ddf.security.permission.CollectionPermission) KeyValuePermission(ddf.security.permission.KeyValuePermission) Permission(org.apache.shiro.authz.Permission) WildcardPermission(org.apache.shiro.authz.permission.WildcardPermission) KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) KeyValuePermission(ddf.security.permission.KeyValuePermission) Before(org.junit.Before)

Aggregations

KeyValuePermission (ddf.security.permission.KeyValuePermission)22 KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)18 ArrayList (java.util.ArrayList)10 Test (org.junit.Test)10 CollectionPermission (ddf.security.permission.CollectionPermission)8 Permission (org.apache.shiro.authz.Permission)8 SimpleAuthorizationInfo (org.apache.shiro.authz.SimpleAuthorizationInfo)4 HashSet (java.util.HashSet)3 List (java.util.List)3 Expansion (ddf.security.expansion.Expansion)2 AuthzRealm (ddf.security.pdp.realm.AuthzRealm)2 HashMap (java.util.HashMap)2 AttributeType (oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeType)2 AttributeValueType (oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType)2 AttributesType (oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributesType)2 WildcardPermission (org.apache.shiro.authz.permission.WildcardPermission)2 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)2 XmlParser (org.codice.ddf.parser.xml.XmlParser)2 Before (org.junit.Before)2 XSString (org.opensaml.core.xml.schema.XSString)2