use of io.cdap.cdap.security.auth.UserIdentity in project cdap by caskdata.
the class InternalAccessEnforcerTest method testInternalAccessEnforceSuccess.
@Test
public void testInternalAccessEnforceSuccess() throws IOException {
NamespaceId ns = new NamespaceId("namespace");
long currentTime = System.currentTimeMillis();
UserIdentity userIdentity = new UserIdentity(SYSTEM_PRINCIPAL, UserIdentity.IdentifierType.INTERNAL, Collections.emptyList(), currentTime, currentTime + 5 * MINUTE_MILLIS);
String encodedIdentity = Base64.getEncoder().encodeToString(accessTokenCodec.encode(tokenManager.signIdentifier(userIdentity)));
Credential credential = new Credential(encodedIdentity, Credential.CredentialType.INTERNAL);
Principal principal = new Principal(SYSTEM_PRINCIPAL, Principal.PrincipalType.USER, null, credential);
internalAccessEnforcer.enforce(ns, principal, StandardPermission.GET);
}
use of io.cdap.cdap.security.auth.UserIdentity in project cdap by caskdata.
the class InternalAccessEnforcerTest method testInternalAccessIsVisibleExpiredCredential.
@Test
public void testInternalAccessIsVisibleExpiredCredential() throws IOException {
NamespaceId ns = new NamespaceId("namespace");
Set<EntityId> entities = Collections.singleton(ns);
long currentTime = System.currentTimeMillis();
UserIdentity userIdentity = new UserIdentity(SYSTEM_PRINCIPAL, UserIdentity.IdentifierType.INTERNAL, Collections.emptyList(), currentTime - 10 * MINUTE_MILLIS, currentTime - 5 * MINUTE_MILLIS);
String encodedIdentity = Base64.getEncoder().encodeToString(accessTokenCodec.encode(tokenManager.signIdentifier(userIdentity)));
Credential credential = new Credential(encodedIdentity, Credential.CredentialType.INTERNAL);
Principal principal = new Principal(SYSTEM_PRINCIPAL, Principal.PrincipalType.USER, null, credential);
Assert.assertEquals(Collections.emptySet(), internalAccessEnforcer.isVisible(entities, principal));
}
use of io.cdap.cdap.security.auth.UserIdentity in project cdap by caskdata.
the class InternalAccessEnforcerTest method testInternalAccessEnforceNonInternalCredentialType.
@Test(expected = IllegalStateException.class)
public void testInternalAccessEnforceNonInternalCredentialType() throws IOException {
NamespaceId ns = new NamespaceId("namespace");
long currentTime = System.currentTimeMillis();
UserIdentity userIdentity = new UserIdentity(SYSTEM_PRINCIPAL, UserIdentity.IdentifierType.INTERNAL, Collections.emptyList(), currentTime, currentTime + 5 * MINUTE_MILLIS);
String encodedIdentity = Base64.getEncoder().encodeToString(accessTokenCodec.encode(tokenManager.signIdentifier(userIdentity)));
Credential credential = new Credential(encodedIdentity, Credential.CredentialType.EXTERNAL);
Principal principal = new Principal(SYSTEM_PRINCIPAL, Principal.PrincipalType.USER, null, credential);
internalAccessEnforcer.enforce(ns, principal, StandardPermission.GET);
}
use of io.cdap.cdap.security.auth.UserIdentity in project cdap by caskdata.
the class InternalAccessEnforcerTest method testInternalAccessIsVisibleNonInternalCredentialType.
@Test(expected = IllegalStateException.class)
public void testInternalAccessIsVisibleNonInternalCredentialType() throws IOException {
NamespaceId ns = new NamespaceId("namespace");
Set<EntityId> entities = Collections.singleton(ns);
long currentTime = System.currentTimeMillis();
UserIdentity userIdentity = new UserIdentity(SYSTEM_PRINCIPAL, UserIdentity.IdentifierType.INTERNAL, Collections.emptyList(), currentTime, currentTime + 5 * MINUTE_MILLIS);
String encodedIdentity = Base64.getEncoder().encodeToString(accessTokenCodec.encode(tokenManager.signIdentifier(userIdentity)));
Credential credential = new Credential(encodedIdentity, Credential.CredentialType.EXTERNAL);
Principal principal = new Principal(SYSTEM_PRINCIPAL, Principal.PrincipalType.USER, null, credential);
internalAccessEnforcer.isVisible(entities, principal);
}
use of io.cdap.cdap.security.auth.UserIdentity in project cdap by caskdata.
the class InternalAccessEnforcerTest method testInternalAccessEnforceOnParentNonInternalCredentialType.
@Test(expected = IllegalStateException.class)
public void testInternalAccessEnforceOnParentNonInternalCredentialType() throws IOException {
NamespaceId ns = new NamespaceId("namespace");
long currentTime = System.currentTimeMillis();
UserIdentity userIdentity = new UserIdentity(SYSTEM_PRINCIPAL, UserIdentity.IdentifierType.INTERNAL, Collections.emptyList(), currentTime, currentTime + 5 * MINUTE_MILLIS);
String encodedIdentity = Base64.getEncoder().encodeToString(accessTokenCodec.encode(tokenManager.signIdentifier(userIdentity)));
Credential credential = new Credential(encodedIdentity, Credential.CredentialType.EXTERNAL);
Principal principal = new Principal(SYSTEM_PRINCIPAL, Principal.PrincipalType.USER, null, credential);
internalAccessEnforcer.enforceOnParent(EntityType.APPLICATION, ns, principal, StandardPermission.GET);
}
Aggregations