Search in sources :

Example 21 with KeyValueCollectionPermissionImpl

use of ddf.security.permission.impl.KeyValueCollectionPermissionImpl in project ddf by codice.

the class DefaultContextAttributeMappingTest method setup.

@Before
public void setup() {
    List<KeyValuePermission> userPerms = new ArrayList<KeyValuePermission>();
    userPerms.add(new KeyValuePermissionImpl("role", Arrays.asList("admin")));
    userPerms.add(new KeyValuePermissionImpl("controls", Arrays.asList("Foo", "Bar")));
    userPerms.add(new KeyValuePermissionImpl("control", Arrays.asList("Foo")));
    userPermissions = new KeyValueCollectionPermissionImpl("context", userPerms);
    roleMapping = new DefaultContextAttributeMapping("context", "role", "admin");
    roleMapping2 = new DefaultContextAttributeMapping("context", "role", "charlie");
    controlsMapping = new DefaultContextAttributeMapping("context", "controls", "Foo");
    controlMapping = new DefaultContextAttributeMapping("context", "control", "Bar");
}
Also used : KeyValuePermissionImpl(ddf.security.permission.impl.KeyValuePermissionImpl) ArrayList(java.util.ArrayList) KeyValueCollectionPermissionImpl(ddf.security.permission.impl.KeyValueCollectionPermissionImpl) KeyValuePermission(ddf.security.permission.KeyValuePermission) Before(org.junit.Before)

Example 22 with KeyValueCollectionPermissionImpl

use of ddf.security.permission.impl.KeyValueCollectionPermissionImpl in project ddf by codice.

the class AuthzRealm method isPermittedByExtensionAll.

private KeyValueCollectionPermission isPermittedByExtensionAll(CollectionPermission subjectAllCollection, KeyValueCollectionPermission matchAllCollection, KeyValueCollectionPermission allPermissionsCollection) {
    if (!CollectionUtils.isEmpty(policyExtensions)) {
        KeyValueCollectionPermission resultCollection = new KeyValueCollectionPermissionImpl();
        resultCollection.addAll(matchAllCollection.getPermissionList());
        resultCollection.setAction(matchAllCollection.getAction());
        for (PolicyExtension policyExtension : policyExtensions) {
            try {
                resultCollection = policyExtension.isPermittedMatchAll(subjectAllCollection, resultCollection, allPermissionsCollection);
            } catch (Exception e) {
                securityLogger.auditWarn(POLICY_EXTENSION_WARNING_MSG, e);
                LOGGER.warn(POLICY_EXTENSION_WARNING_MSG, e);
            }
        }
        return resultCollection;
    }
    return matchAllCollection;
}
Also used : KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) KeyValueCollectionPermissionImpl(ddf.security.permission.impl.KeyValueCollectionPermissionImpl) PolicyExtension(ddf.security.policy.extension.PolicyExtension) PdpException(ddf.security.pdp.realm.xacml.processor.PdpException) AuthenticationException(org.apache.shiro.authc.AuthenticationException)

Aggregations

KeyValueCollectionPermissionImpl (ddf.security.permission.impl.KeyValueCollectionPermissionImpl)22 KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)16 Test (org.junit.Test)13 ArrayList (java.util.ArrayList)12 RequestType (oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)8 KeyValuePermission (ddf.security.permission.KeyValuePermission)7 List (java.util.List)7 KeyValuePermissionImpl (ddf.security.permission.impl.KeyValuePermissionImpl)6 HashMap (java.util.HashMap)5 CollectionPermission (ddf.security.permission.CollectionPermission)4 Permission (org.apache.shiro.authz.Permission)4 PermissionsImpl (ddf.security.permission.impl.PermissionsImpl)3 PdpException (ddf.security.pdp.realm.xacml.processor.PdpException)2 PolicyExtension (ddf.security.policy.extension.PolicyExtension)2 AuthenticationException (org.apache.shiro.authc.AuthenticationException)2 Subject (ddf.security.Subject)1 SecurityAssertion (ddf.security.assertion.SecurityAssertion)1 Expansion (ddf.security.expansion.Expansion)1 CollectionPermissionImpl (ddf.security.permission.impl.CollectionPermissionImpl)1 MatchOneCollectionPermission (ddf.security.permission.impl.MatchOneCollectionPermission)1