Example 16 with KeyValuePermission
use of ddf.security.permission.KeyValuePermission in project ddf by codice.
the class AuthzRealmTest method testIsPermittedAllSingle.
@Test
public void testIsPermittedAllSingle() {
permissionList.clear();
KeyValuePermission kvp = new KeyValuePermission("rule", Arrays.asList("A", "B"));
permissionList.add(kvp);
boolean[] permittedArray = testRealm.isPermitted(mockSubjectPrincipal, permissionList);
for (boolean permitted : permittedArray) {
Assert.assertEquals(true, permitted);
}
}
Also used :
KeyValuePermission(ddf.security.permission.KeyValuePermission)
Test(org.junit.Test)
Example 17 with KeyValuePermission
use of ddf.security.permission.KeyValuePermission in project ddf by codice.
the class AuthzRealmTest method testIsPermittedOneMultiple.
@Test
public void testIsPermittedOneMultiple() throws PdpException {
permissionList.clear();
KeyValuePermission kvp = new KeyValuePermission("country", Arrays.asList("AUS", "CAN", "GBR"));
permissionList.add(kvp);
String ruleClaim = "FineAccessControls";
String countryClaim = "CountryOfAffiliation";
// create a new user here with multiple country permissions to test
List<Permission> permissions = new ArrayList<Permission>();
KeyValuePermission rulePermission = new KeyValuePermission(ruleClaim);
rulePermission.addValue("A");
rulePermission.addValue("B");
permissions.add(rulePermission);
KeyValuePermission countryPermission = new KeyValuePermission(countryClaim);
countryPermission.addValue("USA");
countryPermission.addValue("AUS");
permissions.add(countryPermission);
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.addObjectPermission(rulePermission);
authorizationInfo.addObjectPermission(countryPermission);
authorizationInfo.addRole("admin");
AuthzRealm testRealm = new AuthzRealm("src/test/resources/policies", new XmlParser()) {
@Override
public AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals) {
return authorizationInfo;
}
};
testRealm.setMatchOneMappings(Arrays.asList("CountryOfAffiliation=country"));
testRealm.setMatchAllMappings(Arrays.asList("FineAccessControls=rule"));
testRealm.setRolePermissionResolver(roleString -> Arrays.asList(new KeyValuePermission("role", Arrays.asList(roleString))));
boolean[] permittedArray = testRealm.isPermitted(mockSubjectPrincipal, permissionList);
for (boolean permitted : permittedArray) {
Assert.assertEquals(true, permitted);
}
}
Also used :
XmlParser(org.codice.ddf.parser.xml.XmlParser)
AuthzRealm(ddf.security.pdp.realm.AuthzRealm)
SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo)
ArrayList(java.util.ArrayList)
CollectionPermission(ddf.security.permission.CollectionPermission)
KeyValuePermission(ddf.security.permission.KeyValuePermission)
Permission(org.apache.shiro.authz.Permission)
WildcardPermission(org.apache.shiro.authz.permission.WildcardPermission)
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
KeyValuePermission(ddf.security.permission.KeyValuePermission)
Test(org.junit.Test)
Example 18 with KeyValuePermission
use of ddf.security.permission.KeyValuePermission in project ddf by codice.
the class AdminConfigPolicy method isPermittedMatchOne.
@Override
public KeyValueCollectionPermission isPermittedMatchOne(CollectionPermission subjectAllCollection, KeyValueCollectionPermission matchOneCollection) {
if (matchOneCollection.getAction() == null || (!matchOneCollection.getAction().equals(VIEW_FEATURE_ACTION) && !matchOneCollection.getAction().equals(VIEW_SERVICE_ACTION))) {
return matchOneCollection;
}
List<Permission> newMatchOneCollectionPermissions = new ArrayList<>(matchOneCollection.getPermissionList());
for (Permission permission : matchOneCollection.getPermissionList()) {
if (!(permission instanceof KeyValuePermission)) {
continue;
}
String matchPermissionName = ((KeyValuePermission) permission).getKey();
Map<String, List<KeyValueCollectionPermission>> policyPermissions;
if (matchPermissionName.equals(FEATURE_NAME)) {
policyPermissions = featurePolicyPermissions;
} else if (matchPermissionName.equals(SERVICE_PID)) {
policyPermissions = servicePolicyPermissions;
} else {
continue;
}
Set<String> valuesToMatch = new HashSet<>();
valuesToMatch.addAll(((KeyValuePermission) permission).getValues());
//If there are multiple features in the permission and one is not authorized, the user is not authorized to see any of the features in the group
for (String matchPermissionValue : ((KeyValuePermission) permission).getValues()) {
List<KeyValueCollectionPermission> matchOneAttributes = policyPermissions.get(matchPermissionValue);
//If null, there is no configuration with this attribute in the policy, the feature or service is white listed
if (matchOneAttributes == null) {
valuesToMatch.remove(matchPermissionValue);
} else {
for (KeyValueCollectionPermission attributePermissions : matchOneAttributes) {
if (subjectAllCollection.implies(attributePermissions)) {
valuesToMatch.remove(matchPermissionValue);
break;
}
}
}
}
if (valuesToMatch.isEmpty()) {
newMatchOneCollectionPermissions.remove(permission);
}
}
return new KeyValueCollectionPermission(matchOneCollection.getAction(), newMatchOneCollectionPermissions.stream().toArray(KeyValuePermission[]::new));
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
ArrayList(java.util.ArrayList)
CollectionPermission(ddf.security.permission.CollectionPermission)
KeyValuePermission(ddf.security.permission.KeyValuePermission)
Permission(org.apache.shiro.authz.Permission)
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
ArrayList(java.util.ArrayList)
List(java.util.List)
KeyValuePermission(ddf.security.permission.KeyValuePermission)
HashSet(java.util.HashSet)
Example 19 with KeyValuePermission
use of ddf.security.permission.KeyValuePermission in project ddf by codice.
the class AdminConfigPolicyTest method testRemoveUnknownAttribute.
@Test
public void testRemoveUnknownAttribute() {
AdminConfigPolicy adminConfigPolicy = new AdminConfigPolicy();
List<KeyValuePermission> matchOneServicePermissions = new ArrayList<>();
matchOneServicePermissions.add(new KeyValuePermission(AdminConfigPolicy.SERVICE_PID, Sets.newHashSet("UNKNOWN_ATTRIBUTE_NAME")));
KeyValueCollectionPermission requestedServicePermissions = new KeyValueCollectionPermission(AdminConfigPolicy.VIEW_SERVICE_ACTION, matchOneServicePermissions.stream().toArray(KeyValuePermission[]::new));
assertTrue(adminConfigPolicy.isPermittedMatchAll(getSubjectPermissions(), requestedServicePermissions).isEmpty());
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
ArrayList(java.util.ArrayList)
KeyValuePermission(ddf.security.permission.KeyValuePermission)
Test(org.junit.Test)
Example 20 with KeyValuePermission
use of ddf.security.permission.KeyValuePermission in project ddf by codice.
the class AdminConfigPolicyTest method testValidateAllPermissions.
@Test
public void testValidateAllPermissions() {
AdminConfigPolicy adminConfigPolicy = new AdminConfigPolicy();
adminConfigPolicy.setFeaturePolicies(getValidPolicyPermissions());
adminConfigPolicy.setServicePolicies(getValidPolicyPermissions());
KeyValueCollectionPermission requestedFeaturePermissions = new KeyValueCollectionPermission(AdminConfigPolicy.VIEW_FEATURE_ACTION, getMatchOnePermissions(AdminConfigPolicy.FEATURE_NAME).stream().toArray(KeyValuePermission[]::new));
KeyValueCollectionPermission requestedServicePermissions = new KeyValueCollectionPermission(AdminConfigPolicy.VIEW_SERVICE_ACTION, getMatchOnePermissions(AdminConfigPolicy.SERVICE_PID).stream().toArray(KeyValuePermission[]::new));
assertTrue(adminConfigPolicy.isPermittedMatchOne(getSubjectPermissions(), requestedFeaturePermissions).isEmpty());
assertTrue(adminConfigPolicy.isPermittedMatchOne(getSubjectPermissions(), requestedServicePermissions).isEmpty());
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
KeyValuePermission(ddf.security.permission.KeyValuePermission)
Test(org.junit.Test)
Aggregations
KeyValuePermission (ddf.security.permission.KeyValuePermission)22
KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)18
ArrayList (java.util.ArrayList)10
Test (org.junit.Test)10
CollectionPermission (ddf.security.permission.CollectionPermission)8
Permission (org.apache.shiro.authz.Permission)8
SimpleAuthorizationInfo (org.apache.shiro.authz.SimpleAuthorizationInfo)4
HashSet (java.util.HashSet)3
List (java.util.List)3
Expansion (ddf.security.expansion.Expansion)2
AuthzRealm (ddf.security.pdp.realm.AuthzRealm)2
HashMap (java.util.HashMap)2
AttributeType (oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeType)2
AttributeValueType (oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType)2
AttributesType (oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributesType)2
WildcardPermission (org.apache.shiro.authz.permission.WildcardPermission)2
PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)2
XmlParser (org.codice.ddf.parser.xml.XmlParser)2
Before (org.junit.Before)2
XSString (org.opensaml.core.xml.schema.XSString)2
