Examples with AuthorizationClient io.cdap.cdap.client.AuthorizationClient used on opensource projects

Search in sources :

Example 1 with AuthorizationClient

use of io.cdap.cdap.client.AuthorizationClient in project cdap by caskdata.

the class AuthorizationHandlerTest method setUp.

@Before
public void setUp() throws Exception {
    CConfiguration conf = CConfiguration.create();
    conf.setBoolean(Constants.Security.Authorization.ENABLED, true);
    conf.setBoolean(Constants.Security.ENABLED, true);
    properties.setProperty("superusers", admin.getName());
    final InMemoryAccessController auth = new InMemoryAccessController();
    auth.initialize(FACTORY.create(properties));
    service = new CommonNettyHttpServiceBuilder(conf, getClass().getSimpleName()).setHttpHandlers(new AuthorizationHandler(auth, new AccessControllerInstantiator(conf, FACTORY) {

        @Override
        public AccessController get() {
            return auth;
        }
    }, conf, new MasterAuthenticationContext())).setChannelPipelineModifier(new ChannelPipelineModifier() {

        @Override
        public void modify(ChannelPipeline pipeline) {
            pipeline.addBefore("dispatcher", "usernamesetter", new TestUserNameSetter());
        }
    }).build();
    service.start();
    client = new AuthorizationClient(ClientConfig.builder().setConnectionConfig(ConnectionConfig.builder().setHostname(service.getBindAddress().getHostName()).setPort(service.getBindAddress().getPort()).setSSLEnabled(false).build()).build());
    System.setProperty(USERNAME_PROPERTY, admin.getName());
}
Also used : MasterAuthenticationContext(io.cdap.cdap.security.auth.context.MasterAuthenticationContext) InMemoryAccessController(io.cdap.cdap.security.authorization.InMemoryAccessController) AccessController(io.cdap.cdap.security.spi.authorization.AccessController) CommonNettyHttpServiceBuilder(io.cdap.cdap.common.http.CommonNettyHttpServiceBuilder) InMemoryAccessController(io.cdap.cdap.security.authorization.InMemoryAccessController) AccessControllerInstantiator(io.cdap.cdap.security.authorization.AccessControllerInstantiator) AuthorizationClient(io.cdap.cdap.client.AuthorizationClient) CConfiguration(io.cdap.cdap.common.conf.CConfiguration) ChannelPipelineModifier(io.cdap.http.ChannelPipelineModifier) ChannelPipeline(io.netty.channel.ChannelPipeline) Before(org.junit.Before)

Example 2 with AuthorizationClient

use of io.cdap.cdap.client.AuthorizationClient in project cdap by caskdata.

the class AuthorizationHandlerTest method testDisabled.

private void testDisabled(CConfiguration cConf, FeatureDisabledException.Feature feature, String configSetting) throws Exception {
    final InMemoryAccessController accessController = new InMemoryAccessController();
    NettyHttpService service = new CommonNettyHttpServiceBuilder(cConf, getClass().getSimpleName()).setHttpHandlers(new AuthorizationHandler(accessController, new AccessControllerInstantiator(cConf, FACTORY) {

        @Override
        public AccessController get() {
            return accessController;
        }
    }, cConf, new MasterAuthenticationContext())).build();
    service.start();
    try {
        final AuthorizationClient client = new AuthorizationClient(ClientConfig.builder().setConnectionConfig(ConnectionConfig.builder().setHostname(service.getBindAddress().getHostName()).setPort(service.getBindAddress().getPort()).setSSLEnabled(false).build()).build());
        final NamespaceId ns1 = Ids.namespace("ns1");
        final Role admins = new Role("admins");
        // Test that the right exception is thrown when any Authorization REST API is called with authorization disabled
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.grant(Authorizable.fromEntityId(ns1), admin, ImmutableSet.of(StandardPermission.GET));
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.revoke(Authorizable.fromEntityId(ns1), admin, ImmutableSet.of(StandardPermission.GET));
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.revoke(Authorizable.fromEntityId(ns1));
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.listGrants(admin);
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.addRoleToPrincipal(admins, admin);
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.removeRoleFromPrincipal(admins, admin);
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.createRole(admins);
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.dropRole(admins);
            }
        }, feature, configSetting);
        verifyFeatureDisabled(new DisabledFeatureCaller() {

            @Override
            public void call() throws Exception {
                client.listAllRoles();
            }
        }, feature, configSetting);
    } finally {
        service.stop();
    }
}
Also used : MasterAuthenticationContext(io.cdap.cdap.security.auth.context.MasterAuthenticationContext) CommonNettyHttpServiceBuilder(io.cdap.cdap.common.http.CommonNettyHttpServiceBuilder) AccessControllerInstantiator(io.cdap.cdap.security.authorization.AccessControllerInstantiator) AccessException(io.cdap.cdap.api.security.AccessException) FeatureDisabledException(io.cdap.cdap.common.FeatureDisabledException) AlreadyExistsException(io.cdap.cdap.security.spi.authorization.AlreadyExistsException) Role(io.cdap.cdap.proto.security.Role) InMemoryAccessController(io.cdap.cdap.security.authorization.InMemoryAccessController) AccessController(io.cdap.cdap.security.spi.authorization.AccessController) InMemoryAccessController(io.cdap.cdap.security.authorization.InMemoryAccessController) NettyHttpService(io.cdap.http.NettyHttpService) AuthorizationClient(io.cdap.cdap.client.AuthorizationClient) NamespaceId(io.cdap.cdap.proto.id.NamespaceId)

Example 3 with AuthorizationClient

use of io.cdap.cdap.client.AuthorizationClient in project cdap by caskdata.

the class AuthorizationCLITest method setup.

@BeforeClass
public static void setup() throws Exception {
    CLIConfig cliConfig = CLITestBase.createCLIConfig(AUTH_STANDALONE.getBaseURI());
    LaunchOptions launchOptions = new LaunchOptions(LaunchOptions.DEFAULT.getUri(), true, true, false);
    CLIMain cliMain = new CLIMain(launchOptions, cliConfig);
    cli = cliMain.getCLI();
    CLITestBase.testCommandOutputContains(cli, "connect " + AUTH_STANDALONE.getBaseURI(), "Successfully connected");
    authorizationClient = new AuthorizationClient(cliConfig.getClientConfig());
    // Grant the privileges on the instance first. This is so that the current user can create a namespace.
    // This needs to be done using the client because in these tests, it is impossible to set the
    // SecurityRequestContext to a non-null value. Having a null user name is fine, but when it is used as null via a
    // CLI command, the null is serialized to the String "null" which causes issues during enforcement, when the user
    // is received as null, and not the String "null".
    authorizationClient.grant(Authorizable.fromEntityId(INSTANCE_ID), SecurityRequestContext.toPrincipal(), Collections.singleton(StandardPermission.UPDATE));
}
Also used : AuthorizationClient(io.cdap.cdap.client.AuthorizationClient) BeforeClass(org.junit.BeforeClass)

Aggregations

AuthorizationClient (io.cdap.cdap.client.AuthorizationClient)3 CommonNettyHttpServiceBuilder (io.cdap.cdap.common.http.CommonNettyHttpServiceBuilder)2 MasterAuthenticationContext (io.cdap.cdap.security.auth.context.MasterAuthenticationContext)2 AccessControllerInstantiator (io.cdap.cdap.security.authorization.AccessControllerInstantiator)2 InMemoryAccessController (io.cdap.cdap.security.authorization.InMemoryAccessController)2 AccessController (io.cdap.cdap.security.spi.authorization.AccessController)2 AccessException (io.cdap.cdap.api.security.AccessException)1 FeatureDisabledException (io.cdap.cdap.common.FeatureDisabledException)1 CConfiguration (io.cdap.cdap.common.conf.CConfiguration)1 NamespaceId (io.cdap.cdap.proto.id.NamespaceId)1 Role (io.cdap.cdap.proto.security.Role)1 AlreadyExistsException (io.cdap.cdap.security.spi.authorization.AlreadyExistsException)1 ChannelPipelineModifier (io.cdap.http.ChannelPipelineModifier)1 NettyHttpService (io.cdap.http.NettyHttpService)1 ChannelPipeline (io.netty.channel.ChannelPipeline)1 Before (org.junit.Before)1 BeforeClass (org.junit.BeforeClass)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial