Examples with Principal io.cdap.cdap.proto.security.Principal used on opensource projects

Search in sources :

Example 21 with Principal

use of io.cdap.cdap.proto.security.Principal in project cdap by caskdata.

the class InternalAccessEnforcerTest method testInternalAccessIsVisibleSuccess.

@Test
public void testInternalAccessIsVisibleSuccess() throws IOException {
    NamespaceId ns = new NamespaceId("namespace");
    Set<EntityId> entities = Collections.singleton(ns);
    long currentTime = System.currentTimeMillis();
    UserIdentity userIdentity = new UserIdentity(SYSTEM_PRINCIPAL, UserIdentity.IdentifierType.INTERNAL, Collections.emptyList(), currentTime, currentTime + 5 * MINUTE_MILLIS);
    String encodedIdentity = Base64.getEncoder().encodeToString(accessTokenCodec.encode(tokenManager.signIdentifier(userIdentity)));
    Credential credential = new Credential(encodedIdentity, Credential.CredentialType.INTERNAL);
    Principal principal = new Principal(SYSTEM_PRINCIPAL, Principal.PrincipalType.USER, null, credential);
    Assert.assertEquals(entities, internalAccessEnforcer.isVisible(entities, principal));
}
Also used : EntityId(io.cdap.cdap.proto.id.EntityId) Credential(io.cdap.cdap.proto.security.Credential) UserIdentity(io.cdap.cdap.security.auth.UserIdentity) NamespaceId(io.cdap.cdap.proto.id.NamespaceId) Principal(io.cdap.cdap.proto.security.Principal) Test(org.junit.Test)

Example 22 with Principal

use of io.cdap.cdap.proto.security.Principal in project cdap by caskdata.

the class InternalAccessEnforcerTest method testInternalAccessEnforceOnParentNullCredential.

@Test(expected = IllegalStateException.class)
public void testInternalAccessEnforceOnParentNullCredential() throws IOException {
    NamespaceId ns = new NamespaceId("namespace");
    Principal principal = new Principal(SYSTEM_PRINCIPAL, Principal.PrincipalType.USER, null, null);
    internalAccessEnforcer.enforceOnParent(EntityType.APPLICATION, ns, principal, StandardPermission.GET);
}
Also used : NamespaceId(io.cdap.cdap.proto.id.NamespaceId) Principal(io.cdap.cdap.proto.security.Principal) Test(org.junit.Test)

Example 23 with Principal

use of io.cdap.cdap.proto.security.Principal in project cdap by caskdata.

the class InternalAccessEnforcerTest method testInternalAccessIsVisibleNonInternalTokenType.

@Test
public void testInternalAccessIsVisibleNonInternalTokenType() throws IOException {
    NamespaceId ns = new NamespaceId("namespace");
    Set<EntityId> entities = Collections.singleton(ns);
    long currentTime = System.currentTimeMillis();
    UserIdentity userIdentity = new UserIdentity(SYSTEM_PRINCIPAL, UserIdentity.IdentifierType.EXTERNAL, Collections.emptyList(), currentTime, currentTime + 5 * MINUTE_MILLIS);
    String encodedIdentity = Base64.getEncoder().encodeToString(accessTokenCodec.encode(tokenManager.signIdentifier(userIdentity)));
    Credential credential = new Credential(encodedIdentity, Credential.CredentialType.INTERNAL);
    Principal principal = new Principal(SYSTEM_PRINCIPAL, Principal.PrincipalType.USER, null, credential);
    Assert.assertEquals(Collections.emptySet(), internalAccessEnforcer.isVisible(entities, principal));
}
Also used : EntityId(io.cdap.cdap.proto.id.EntityId) Credential(io.cdap.cdap.proto.security.Credential) UserIdentity(io.cdap.cdap.security.auth.UserIdentity) NamespaceId(io.cdap.cdap.proto.id.NamespaceId) Principal(io.cdap.cdap.proto.security.Principal) Test(org.junit.Test)

Example 24 with Principal

use of io.cdap.cdap.proto.security.Principal in project cdap by caskdata.

the class InternalAccessEnforcerTest method testInternalAccessEnforceNullCredential.

@Test(expected = IllegalStateException.class)
public void testInternalAccessEnforceNullCredential() throws IOException {
    NamespaceId ns = new NamespaceId("namespace");
    Principal principal = new Principal(SYSTEM_PRINCIPAL, Principal.PrincipalType.USER, null, null);
    internalAccessEnforcer.enforce(ns, principal, StandardPermission.GET);
}
Also used : NamespaceId(io.cdap.cdap.proto.id.NamespaceId) Principal(io.cdap.cdap.proto.security.Principal) Test(org.junit.Test)

Example 25 with Principal

use of io.cdap.cdap.proto.security.Principal in project cdap by caskdata.

the class DefaultAccessEnforcerTest method testInternalIsVisible.

@Test
public void testInternalIsVisible() throws IOException, AccessException {
    Principal userWithInternalCred = new Principal("system", Principal.PrincipalType.USER, null, new Credential("credential", Credential.CredentialType.INTERNAL));
    CConfiguration cConfCopy = CConfiguration.copy(CCONF);
    cConfCopy.setBoolean(Constants.Security.INTERNAL_AUTH_ENABLED, true);
    ControllerWrapper controllerWrapper = createControllerWrapper(cConfCopy, SCONF, new NoOpAccessController());
    AccessController accessController = controllerWrapper.accessController;
    DefaultAccessEnforcer accessEnforcer = controllerWrapper.defaultAccessEnforcer;
    Set<EntityId> namespaces = ImmutableSet.of(NS);
    // Make sure that the actual access controller does not have access.
    Assert.assertEquals(Collections.emptySet(), accessController.isVisible(namespaces, userWithInternalCred));
    // The no-op access enforcer allows all requests through, so this should succeed if it is using the right
    // access controller.
    Assert.assertEquals(namespaces, accessEnforcer.isVisible(namespaces, userWithInternalCred));
    // Verify the metrics context was called with correct metrics
    verify(controllerWrapper.mockMetricsContext, times(1)).increment(Constants.Metrics.Authorization.INTERNAL_VISIBILITY_CHECK_COUNT, 1);
}
Also used : EntityId(io.cdap.cdap.proto.id.EntityId) Credential(io.cdap.cdap.proto.security.Credential) NoOpAccessController(io.cdap.cdap.security.spi.authorization.NoOpAccessController) AccessController(io.cdap.cdap.security.spi.authorization.AccessController) NoOpAccessController(io.cdap.cdap.security.spi.authorization.NoOpAccessController) CConfiguration(io.cdap.cdap.common.conf.CConfiguration) Principal(io.cdap.cdap.proto.security.Principal) Test(org.junit.Test)

Aggregations

Principal (io.cdap.cdap.proto.security.Principal)172 Test (org.junit.Test)70 Credential (io.cdap.cdap.proto.security.Credential)58 NamespaceId (io.cdap.cdap.proto.id.NamespaceId)56 UserIdentity (io.cdap.cdap.security.auth.UserIdentity)26 EntityId (io.cdap.cdap.proto.id.EntityId)24 IOException (java.io.IOException)24 StandardPermission (io.cdap.cdap.proto.security.StandardPermission)18 Role (io.cdap.cdap.proto.security.Role)16 Path (javax.ws.rs.Path)16 CConfiguration (io.cdap.cdap.common.conf.CConfiguration)14 UnauthorizedException (io.cdap.cdap.security.spi.authorization.UnauthorizedException)14 AccessController (io.cdap.cdap.security.spi.authorization.AccessController)12 NoOpAccessController (io.cdap.cdap.security.spi.authorization.NoOpAccessController)12 SConfiguration (io.cdap.cdap.common.conf.SConfiguration)10 ApplicationId (io.cdap.cdap.proto.id.ApplicationId)10 KerberosPrincipalId (io.cdap.cdap.proto.id.KerberosPrincipalId)10 DatasetManagementException (io.cdap.cdap.api.dataset.DatasetManagementException)8 DatasetSpecification (io.cdap.cdap.api.dataset.DatasetSpecification)8 DatasetNotFoundException (io.cdap.cdap.common.DatasetNotFoundException)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial