Examples with PolicyExtension ddf.security.policy.extension.PolicyExtension used on opensource projects

Search in sources :

Example 1 with PolicyExtension

use of ddf.security.policy.extension.PolicyExtension in project ddf by codice.

the class AuthzRealmTest method testAddRemoveSetPolicyExtension.

@Test
public void testAddRemoveSetPolicyExtension() {
    PolicyExtension policyExtension = new PolicyExtension() {

        @Override
        public KeyValueCollectionPermission isPermittedMatchAll(CollectionPermission subjectAllCollection, KeyValueCollectionPermission matchAllCollection) {
            throw new NullPointerException();
        }

        @Override
        public KeyValueCollectionPermission isPermittedMatchOne(CollectionPermission subjectAllCollection, KeyValueCollectionPermission matchOneCollection) {
            throw new NullPointerException();
        }
    };
    testRealm.addPolicyExtension(policyExtension);
    testRealm.removePolicyExtension(policyExtension);
    testRealm.setPolicyExtensions(Arrays.asList(policyExtension));
}
Also used : KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) CollectionPermission(ddf.security.permission.CollectionPermission) KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) PolicyExtension(ddf.security.policy.extension.PolicyExtension) Test(org.junit.Test)

Example 2 with PolicyExtension

use of ddf.security.policy.extension.PolicyExtension in project ddf by codice.

the class AuthzRealm method isPermittedByExtensionOne.

private KeyValueCollectionPermission isPermittedByExtensionOne(CollectionPermission subjectAllCollection, KeyValueCollectionPermission matchOneCollection) {
    if (!CollectionUtils.isEmpty(policyExtensions)) {
        KeyValueCollectionPermission resultCollection = new KeyValueCollectionPermission();
        resultCollection.addAll(matchOneCollection.getPermissionList());
        resultCollection.setAction(matchOneCollection.getAction());
        for (PolicyExtension policyExtension : policyExtensions) {
            try {
                resultCollection = policyExtension.isPermittedMatchOne(subjectAllCollection, resultCollection);
            } catch (Exception e) {
                SecurityLogger.auditWarn("Policy Extension plugin did not complete correctly. This could allow access to a resource.", e);
                LOGGER.warn("Policy Extension plugin did not complete correctly. This could allow access to a resource.", e);
            }
        }
        return resultCollection;
    }
    return matchOneCollection;
}
Also used : KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) PolicyExtension(ddf.security.policy.extension.PolicyExtension) PdpException(ddf.security.pdp.realm.xacml.processor.PdpException) AuthenticationException(org.apache.shiro.authc.AuthenticationException)

Example 3 with PolicyExtension

use of ddf.security.policy.extension.PolicyExtension in project ddf by codice.

the class AuthzRealmTest method testBadPolicyExtension.

@Test
public void testBadPolicyExtension() {
    permissionList.clear();
    KeyValuePermission kvp = new KeyValuePermission("country", Arrays.asList("AUS", "CAN", "GBR"));
    permissionList.add(kvp);
    testRealm.addPolicyExtension(new PolicyExtension() {

        @Override
        public KeyValueCollectionPermission isPermittedMatchAll(CollectionPermission subjectAllCollection, KeyValueCollectionPermission matchAllCollection) {
            throw new NullPointerException();
        }

        @Override
        public KeyValueCollectionPermission isPermittedMatchOne(CollectionPermission subjectAllCollection, KeyValueCollectionPermission matchOneCollection) {
            throw new NullPointerException();
        }
    });
    boolean[] permittedArray = testRealm.isPermitted(mockSubjectPrincipal, permissionList);
    for (boolean permitted : permittedArray) {
        Assert.assertEquals(true, permitted);
    }
}
Also used : KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) CollectionPermission(ddf.security.permission.CollectionPermission) KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) PolicyExtension(ddf.security.policy.extension.PolicyExtension) KeyValuePermission(ddf.security.permission.KeyValuePermission) Test(org.junit.Test)

Example 4 with PolicyExtension

use of ddf.security.policy.extension.PolicyExtension in project ddf by codice.

the class AuthzRealm method isPermittedByExtensionAll.

private KeyValueCollectionPermission isPermittedByExtensionAll(CollectionPermission subjectAllCollection, KeyValueCollectionPermission matchAllCollection) {
    if (!CollectionUtils.isEmpty(policyExtensions)) {
        KeyValueCollectionPermission resultCollection = new KeyValueCollectionPermission();
        resultCollection.addAll(matchAllCollection.getPermissionList());
        resultCollection.setAction(matchAllCollection.getAction());
        for (PolicyExtension policyExtension : policyExtensions) {
            try {
                resultCollection = policyExtension.isPermittedMatchAll(subjectAllCollection, resultCollection);
            } catch (Exception e) {
                SecurityLogger.auditWarn("Policy Extension plugin did not complete correctly. This could allow access to a resource.", e);
                LOGGER.warn("Policy Extension plugin did not complete correctly. This could allow access to a resource.", e);
            }
        }
        return resultCollection;
    }
    return matchAllCollection;
}
Also used : KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) PolicyExtension(ddf.security.policy.extension.PolicyExtension) PdpException(ddf.security.pdp.realm.xacml.processor.PdpException) AuthenticationException(org.apache.shiro.authc.AuthenticationException)

Aggregations

KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)4 PolicyExtension (ddf.security.policy.extension.PolicyExtension)4 PdpException (ddf.security.pdp.realm.xacml.processor.PdpException)2 CollectionPermission (ddf.security.permission.CollectionPermission)2 AuthenticationException (org.apache.shiro.authc.AuthenticationException)2 Test (org.junit.Test)2 KeyValuePermission (ddf.security.permission.KeyValuePermission)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial