Examples with Credential io.cdap.cdap.proto.security.Credential used on opensource projects

Search in sources :

Example 21 with Credential

use of io.cdap.cdap.proto.security.Credential in project cdap by cdapio.

the class DefaultAccessEnforcerTest method testInternalIsVisible.

@Test
public void testInternalIsVisible() throws IOException, AccessException {
    Principal userWithInternalCred = new Principal("system", Principal.PrincipalType.USER, null, new Credential("credential", Credential.CredentialType.INTERNAL));
    CConfiguration cConfCopy = CConfiguration.copy(CCONF);
    cConfCopy.setBoolean(Constants.Security.INTERNAL_AUTH_ENABLED, true);
    ControllerWrapper controllerWrapper = createControllerWrapper(cConfCopy, SCONF, new NoOpAccessController());
    AccessController accessController = controllerWrapper.accessController;
    DefaultAccessEnforcer accessEnforcer = controllerWrapper.defaultAccessEnforcer;
    Set<EntityId> namespaces = ImmutableSet.of(NS);
    // Make sure that the actual access controller does not have access.
    Assert.assertEquals(Collections.emptySet(), accessController.isVisible(namespaces, userWithInternalCred));
    // The no-op access enforcer allows all requests through, so this should succeed if it is using the right
    // access controller.
    Assert.assertEquals(namespaces, accessEnforcer.isVisible(namespaces, userWithInternalCred));
    // Verify the metrics context was called with correct metrics
    verify(controllerWrapper.mockMetricsContext, times(1)).increment(Constants.Metrics.Authorization.INTERNAL_VISIBILITY_CHECK_COUNT, 1);
}
Also used : EntityId(io.cdap.cdap.proto.id.EntityId) Credential(io.cdap.cdap.proto.security.Credential) NoOpAccessController(io.cdap.cdap.security.spi.authorization.NoOpAccessController) AccessController(io.cdap.cdap.security.spi.authorization.AccessController) NoOpAccessController(io.cdap.cdap.security.spi.authorization.NoOpAccessController) CConfiguration(io.cdap.cdap.common.conf.CConfiguration) Principal(io.cdap.cdap.proto.security.Principal) Test(org.junit.Test)

Example 22 with Credential

use of io.cdap.cdap.proto.security.Credential in project cdap by cdapio.

the class DefaultAccessEnforcerTest method testAuthEnforceWithEncryptedCredential.

@Test
public void testAuthEnforceWithEncryptedCredential() throws IOException, AccessException, CipherException, GeneralSecurityException {
    SConfiguration sConfCopy = enableCredentialEncryption();
    TinkCipher cipher = new TinkCipher(sConfCopy);
    String cred = cipher.encryptToBase64("credential".getBytes(StandardCharsets.UTF_8), null);
    Principal userWithCredEncrypted = new Principal("userFoo", Principal.PrincipalType.USER, null, new Credential(cred, Credential.CredentialType.EXTERNAL_ENCRYPTED));
    ControllerWrapper controllerWrapper = createControllerWrapper(CCONF, sConfCopy, null);
    AccessController accessController = controllerWrapper.accessController;
    DefaultAccessEnforcer accessEnforcer = controllerWrapper.defaultAccessEnforcer;
    assertAuthorizationFailure(accessEnforcer, NS, userWithCredEncrypted, StandardPermission.UPDATE);
    accessController.grant(Authorizable.fromEntityId(NS), userWithCredEncrypted, ImmutableSet.of(StandardPermission.GET, StandardPermission.UPDATE));
    accessEnforcer.enforce(NS, userWithCredEncrypted, StandardPermission.GET);
    accessEnforcer.enforce(NS, userWithCredEncrypted, StandardPermission.UPDATE);
    // Verify the metrics context was called with correct metrics
    verify(controllerWrapper.mockMetricsContext, times(2)).increment(Constants.Metrics.Authorization.EXTENSION_CHECK_SUCCESS_COUNT, 1);
    verify(controllerWrapper.mockMetricsContext, times(1)).increment(Constants.Metrics.Authorization.EXTENSION_CHECK_FAILURE_COUNT, 1);
    verify(controllerWrapper.mockMetricsContext, times(3)).gauge(eq(Constants.Metrics.Authorization.EXTENSION_CHECK_MILLIS), any(Long.class));
}
Also used : Credential(io.cdap.cdap.proto.security.Credential) NoOpAccessController(io.cdap.cdap.security.spi.authorization.NoOpAccessController) AccessController(io.cdap.cdap.security.spi.authorization.AccessController) SConfiguration(io.cdap.cdap.common.conf.SConfiguration) TinkCipher(io.cdap.cdap.security.auth.TinkCipher) Principal(io.cdap.cdap.proto.security.Principal) Test(org.junit.Test)

Example 23 with Credential

use of io.cdap.cdap.proto.security.Credential in project cdap by cdapio.

the class DefaultAccessEnforcerTest method testIsVisibleWithEncryptedCredential.

@Test
public void testIsVisibleWithEncryptedCredential() throws IOException, AccessException, CipherException, GeneralSecurityException {
    SConfiguration sConfCopy = enableCredentialEncryption();
    TinkCipher cipher = new TinkCipher(sConfCopy);
    String cred = cipher.encryptToBase64("credential".getBytes(StandardCharsets.UTF_8), null);
    Principal userWithCredEncrypted = new Principal("userFoo", Principal.PrincipalType.USER, null, new Credential(cred, Credential.CredentialType.EXTERNAL_ENCRYPTED));
    ControllerWrapper controllerWrapper = createControllerWrapper(CCONF, sConfCopy, null);
    AccessController accessController = controllerWrapper.accessController;
    DefaultAccessEnforcer accessEnforcer = controllerWrapper.defaultAccessEnforcer;
    Set<NamespaceId> namespaces = ImmutableSet.of(NS);
    Assert.assertEquals(0, accessEnforcer.isVisible(namespaces, userWithCredEncrypted).size());
    accessController.grant(Authorizable.fromEntityId(NS), userWithCredEncrypted, ImmutableSet.of(StandardPermission.GET, StandardPermission.UPDATE));
    Assert.assertEquals(1, accessEnforcer.isVisible(namespaces, userWithCredEncrypted).size());
    // Verify the metrics context was called with correct metrics
    verify(controllerWrapper.mockMetricsContext, times(2)).increment(Constants.Metrics.Authorization.NON_INTERNAL_VISIBILITY_CHECK_COUNT, 1);
    verify(controllerWrapper.mockMetricsContext, times(2)).gauge(eq(Constants.Metrics.Authorization.EXTENSION_VISIBILITY_MILLIS), any(Long.class));
}
Also used : Credential(io.cdap.cdap.proto.security.Credential) NoOpAccessController(io.cdap.cdap.security.spi.authorization.NoOpAccessController) AccessController(io.cdap.cdap.security.spi.authorization.AccessController) SConfiguration(io.cdap.cdap.common.conf.SConfiguration) TinkCipher(io.cdap.cdap.security.auth.TinkCipher) NamespaceId(io.cdap.cdap.proto.id.NamespaceId) Principal(io.cdap.cdap.proto.security.Principal) Test(org.junit.Test)

Example 24 with Credential

use of io.cdap.cdap.proto.security.Credential in project cdap by cdapio.

the class RemoteClientAuthenticatorTest method testRemoteClientWithRemoteAuthenticatorIncludesAuthorizationHeader.

@Test
public void testRemoteClientWithRemoteAuthenticatorIncludesAuthorizationHeader() throws Exception {
    String mockAuthenticatorName = "mock-remote-authenticator";
    Credential expectedCredential = new Credential("test-credential", Credential.CredentialType.EXTERNAL_BEARER);
    RemoteAuthenticator mockRemoteAuthenticator = mock(RemoteAuthenticator.class);
    when(mockRemoteAuthenticator.getName()).thenReturn(mockAuthenticatorName);
    when(mockRemoteAuthenticator.getCredentials()).thenReturn(expectedCredential);
    mockRemoteAuthenticatorProvider.setAuthenticator(mockRemoteAuthenticator);
    RemoteClientFactory remoteClientFactory = injector.getInstance(RemoteClientFactory.class);
    RemoteClient remoteClient = remoteClientFactory.createRemoteClient(TEST_SERVICE, new HttpRequestConfig(15000, 15000, false), "/");
    HttpURLConnection conn = remoteClient.openConnection(HttpMethod.GET, "");
    int responseCode = conn.getResponseCode();
    // Verify that the request received the expected headers.
    HttpHeaders headers = testHttpHandler.getRequest().headers();
    Assert.assertEquals(HttpResponseStatus.OK.code(), responseCode);
    Assert.assertEquals(String.format("%s %s", expectedCredential.getType().getQualifiedName(), expectedCredential.getValue()), headers.get(javax.ws.rs.core.HttpHeaders.AUTHORIZATION));
}
Also used : RemoteClientFactory(io.cdap.cdap.common.internal.remote.RemoteClientFactory) HttpHeaders(io.netty.handler.codec.http.HttpHeaders) Credential(io.cdap.cdap.proto.security.Credential) NoOpRemoteAuthenticator(io.cdap.cdap.common.internal.remote.NoOpRemoteAuthenticator) RemoteAuthenticator(io.cdap.cdap.security.spi.authenticator.RemoteAuthenticator) HttpURLConnection(java.net.HttpURLConnection) RemoteClient(io.cdap.cdap.common.internal.remote.RemoteClient) HttpRequestConfig(io.cdap.common.http.HttpRequestConfig) Test(org.junit.Test)

Example 25 with Credential

use of io.cdap.cdap.proto.security.Credential in project cdap by cdapio.

the class InternalAccessEnforcerTest method testInternalAccessEnforceExpiredCredential.

@Test(expected = AccessException.class)
public void testInternalAccessEnforceExpiredCredential() throws IOException {
    NamespaceId ns = new NamespaceId("namespace");
    long currentTime = System.currentTimeMillis();
    UserIdentity userIdentity = new UserIdentity(SYSTEM_PRINCIPAL, UserIdentity.IdentifierType.INTERNAL, Collections.emptyList(), currentTime - 10 * MINUTE_MILLIS, currentTime - 5 * MINUTE_MILLIS);
    String encodedIdentity = Base64.getEncoder().encodeToString(accessTokenCodec.encode(tokenManager.signIdentifier(userIdentity)));
    Credential credential = new Credential(encodedIdentity, Credential.CredentialType.INTERNAL);
    Principal principal = new Principal(SYSTEM_PRINCIPAL, Principal.PrincipalType.USER, null, credential);
    internalAccessEnforcer.enforce(ns, principal, StandardPermission.GET);
}
Also used : Credential(io.cdap.cdap.proto.security.Credential) UserIdentity(io.cdap.cdap.security.auth.UserIdentity) NamespaceId(io.cdap.cdap.proto.id.NamespaceId) Principal(io.cdap.cdap.proto.security.Principal) Test(org.junit.Test)

Aggregations

Credential (io.cdap.cdap.proto.security.Credential)79 Principal (io.cdap.cdap.proto.security.Principal)58 Test (org.junit.Test)53 NamespaceId (io.cdap.cdap.proto.id.NamespaceId)32 UserIdentity (io.cdap.cdap.security.auth.UserIdentity)26 EntityId (io.cdap.cdap.proto.id.EntityId)12 AccessController (io.cdap.cdap.security.spi.authorization.AccessController)10 NoOpAccessController (io.cdap.cdap.security.spi.authorization.NoOpAccessController)10 TinkCipher (io.cdap.cdap.security.auth.TinkCipher)8 CConfiguration (io.cdap.cdap.common.conf.CConfiguration)6 SConfiguration (io.cdap.cdap.common.conf.SConfiguration)6 HttpHeaders (io.netty.handler.codec.http.HttpHeaders)6 IOException (java.io.IOException)6 HttpURLConnection (java.net.HttpURLConnection)6 ArtifactSummary (io.cdap.cdap.api.artifact.ArtifactSummary)4 PreviewRequest (io.cdap.cdap.app.preview.PreviewRequest)4 RemoteClient (io.cdap.cdap.common.internal.remote.RemoteClient)4 RemoteClientFactory (io.cdap.cdap.common.internal.remote.RemoteClientFactory)4 AppRequest (io.cdap.cdap.proto.artifact.AppRequest)4 PreviewConfig (io.cdap.cdap.proto.artifact.preview.PreviewConfig)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial