Search in sources :

Example 11 with UserIdentity

use of io.cdap.cdap.security.auth.UserIdentity in project cdap by caskdata.

the class InternalAccessEnforcerTest method testInternalAccessEnforceSuccess.

@Test
public void testInternalAccessEnforceSuccess() throws IOException {
    NamespaceId ns = new NamespaceId("namespace");
    long currentTime = System.currentTimeMillis();
    UserIdentity userIdentity = new UserIdentity(SYSTEM_PRINCIPAL, UserIdentity.IdentifierType.INTERNAL, Collections.emptyList(), currentTime, currentTime + 5 * MINUTE_MILLIS);
    String encodedIdentity = Base64.getEncoder().encodeToString(accessTokenCodec.encode(tokenManager.signIdentifier(userIdentity)));
    Credential credential = new Credential(encodedIdentity, Credential.CredentialType.INTERNAL);
    Principal principal = new Principal(SYSTEM_PRINCIPAL, Principal.PrincipalType.USER, null, credential);
    internalAccessEnforcer.enforce(ns, principal, StandardPermission.GET);
}
Also used : Credential(io.cdap.cdap.proto.security.Credential) UserIdentity(io.cdap.cdap.security.auth.UserIdentity) NamespaceId(io.cdap.cdap.proto.id.NamespaceId) Principal(io.cdap.cdap.proto.security.Principal) Test(org.junit.Test)

Example 12 with UserIdentity

use of io.cdap.cdap.security.auth.UserIdentity in project cdap by caskdata.

the class InternalAccessEnforcerTest method testInternalAccessIsVisibleExpiredCredential.

@Test
public void testInternalAccessIsVisibleExpiredCredential() throws IOException {
    NamespaceId ns = new NamespaceId("namespace");
    Set<EntityId> entities = Collections.singleton(ns);
    long currentTime = System.currentTimeMillis();
    UserIdentity userIdentity = new UserIdentity(SYSTEM_PRINCIPAL, UserIdentity.IdentifierType.INTERNAL, Collections.emptyList(), currentTime - 10 * MINUTE_MILLIS, currentTime - 5 * MINUTE_MILLIS);
    String encodedIdentity = Base64.getEncoder().encodeToString(accessTokenCodec.encode(tokenManager.signIdentifier(userIdentity)));
    Credential credential = new Credential(encodedIdentity, Credential.CredentialType.INTERNAL);
    Principal principal = new Principal(SYSTEM_PRINCIPAL, Principal.PrincipalType.USER, null, credential);
    Assert.assertEquals(Collections.emptySet(), internalAccessEnforcer.isVisible(entities, principal));
}
Also used : EntityId(io.cdap.cdap.proto.id.EntityId) Credential(io.cdap.cdap.proto.security.Credential) UserIdentity(io.cdap.cdap.security.auth.UserIdentity) NamespaceId(io.cdap.cdap.proto.id.NamespaceId) Principal(io.cdap.cdap.proto.security.Principal) Test(org.junit.Test)

Example 13 with UserIdentity

use of io.cdap.cdap.security.auth.UserIdentity in project cdap by caskdata.

the class InternalAccessEnforcerTest method testInternalAccessEnforceNonInternalCredentialType.

@Test(expected = IllegalStateException.class)
public void testInternalAccessEnforceNonInternalCredentialType() throws IOException {
    NamespaceId ns = new NamespaceId("namespace");
    long currentTime = System.currentTimeMillis();
    UserIdentity userIdentity = new UserIdentity(SYSTEM_PRINCIPAL, UserIdentity.IdentifierType.INTERNAL, Collections.emptyList(), currentTime, currentTime + 5 * MINUTE_MILLIS);
    String encodedIdentity = Base64.getEncoder().encodeToString(accessTokenCodec.encode(tokenManager.signIdentifier(userIdentity)));
    Credential credential = new Credential(encodedIdentity, Credential.CredentialType.EXTERNAL);
    Principal principal = new Principal(SYSTEM_PRINCIPAL, Principal.PrincipalType.USER, null, credential);
    internalAccessEnforcer.enforce(ns, principal, StandardPermission.GET);
}
Also used : Credential(io.cdap.cdap.proto.security.Credential) UserIdentity(io.cdap.cdap.security.auth.UserIdentity) NamespaceId(io.cdap.cdap.proto.id.NamespaceId) Principal(io.cdap.cdap.proto.security.Principal) Test(org.junit.Test)

Example 14 with UserIdentity

use of io.cdap.cdap.security.auth.UserIdentity in project cdap by caskdata.

the class InternalAccessEnforcerTest method testInternalAccessIsVisibleNonInternalCredentialType.

@Test(expected = IllegalStateException.class)
public void testInternalAccessIsVisibleNonInternalCredentialType() throws IOException {
    NamespaceId ns = new NamespaceId("namespace");
    Set<EntityId> entities = Collections.singleton(ns);
    long currentTime = System.currentTimeMillis();
    UserIdentity userIdentity = new UserIdentity(SYSTEM_PRINCIPAL, UserIdentity.IdentifierType.INTERNAL, Collections.emptyList(), currentTime, currentTime + 5 * MINUTE_MILLIS);
    String encodedIdentity = Base64.getEncoder().encodeToString(accessTokenCodec.encode(tokenManager.signIdentifier(userIdentity)));
    Credential credential = new Credential(encodedIdentity, Credential.CredentialType.EXTERNAL);
    Principal principal = new Principal(SYSTEM_PRINCIPAL, Principal.PrincipalType.USER, null, credential);
    internalAccessEnforcer.isVisible(entities, principal);
}
Also used : EntityId(io.cdap.cdap.proto.id.EntityId) Credential(io.cdap.cdap.proto.security.Credential) UserIdentity(io.cdap.cdap.security.auth.UserIdentity) NamespaceId(io.cdap.cdap.proto.id.NamespaceId) Principal(io.cdap.cdap.proto.security.Principal) Test(org.junit.Test)

Example 15 with UserIdentity

use of io.cdap.cdap.security.auth.UserIdentity in project cdap by caskdata.

the class InternalAccessEnforcerTest method testInternalAccessEnforceOnParentNonInternalCredentialType.

@Test(expected = IllegalStateException.class)
public void testInternalAccessEnforceOnParentNonInternalCredentialType() throws IOException {
    NamespaceId ns = new NamespaceId("namespace");
    long currentTime = System.currentTimeMillis();
    UserIdentity userIdentity = new UserIdentity(SYSTEM_PRINCIPAL, UserIdentity.IdentifierType.INTERNAL, Collections.emptyList(), currentTime, currentTime + 5 * MINUTE_MILLIS);
    String encodedIdentity = Base64.getEncoder().encodeToString(accessTokenCodec.encode(tokenManager.signIdentifier(userIdentity)));
    Credential credential = new Credential(encodedIdentity, Credential.CredentialType.EXTERNAL);
    Principal principal = new Principal(SYSTEM_PRINCIPAL, Principal.PrincipalType.USER, null, credential);
    internalAccessEnforcer.enforceOnParent(EntityType.APPLICATION, ns, principal, StandardPermission.GET);
}
Also used : Credential(io.cdap.cdap.proto.security.Credential) UserIdentity(io.cdap.cdap.security.auth.UserIdentity) NamespaceId(io.cdap.cdap.proto.id.NamespaceId) Principal(io.cdap.cdap.proto.security.Principal) Test(org.junit.Test)

Aggregations

UserIdentity (io.cdap.cdap.security.auth.UserIdentity)17 Credential (io.cdap.cdap.proto.security.Credential)13 Principal (io.cdap.cdap.proto.security.Principal)13 NamespaceId (io.cdap.cdap.proto.id.NamespaceId)12 Test (org.junit.Test)12 EntityId (io.cdap.cdap.proto.id.EntityId)4 AccessToken (io.cdap.cdap.security.auth.AccessToken)4 IOException (java.io.IOException)3 JsonObject (com.google.gson.JsonObject)1 AccessException (io.cdap.cdap.api.security.AccessException)1 InvalidTokenException (io.cdap.cdap.security.auth.InvalidTokenException)1 TokenState (io.cdap.cdap.security.auth.TokenState)1 UserIdentityExtractionResponse (io.cdap.cdap.security.auth.UserIdentityExtractionResponse)1 UserIdentityPair (io.cdap.cdap.security.auth.UserIdentityPair)1 OutputStream (java.io.OutputStream)1 LinkedHashSet (java.util.LinkedHashSet)1 Location (org.apache.twill.filesystem.Location)1