Example 1 with MasterAuthenticationContext
use of io.cdap.cdap.security.auth.context.MasterAuthenticationContext in project cdap by caskdata.
the class AuthorizationHandlerTest method setUp.
@Before
public void setUp() throws Exception {
CConfiguration conf = CConfiguration.create();
conf.setBoolean(Constants.Security.Authorization.ENABLED, true);
conf.setBoolean(Constants.Security.ENABLED, true);
properties.setProperty("superusers", admin.getName());
final InMemoryAccessController auth = new InMemoryAccessController();
auth.initialize(FACTORY.create(properties));
service = new CommonNettyHttpServiceBuilder(conf, getClass().getSimpleName()).setHttpHandlers(new AuthorizationHandler(auth, new AccessControllerInstantiator(conf, FACTORY) {
@Override
public AccessController get() {
return auth;
}
}, conf, new MasterAuthenticationContext())).setChannelPipelineModifier(new ChannelPipelineModifier() {
@Override
public void modify(ChannelPipeline pipeline) {
pipeline.addBefore("dispatcher", "usernamesetter", new TestUserNameSetter());
}
}).build();
service.start();
client = new AuthorizationClient(ClientConfig.builder().setConnectionConfig(ConnectionConfig.builder().setHostname(service.getBindAddress().getHostName()).setPort(service.getBindAddress().getPort()).setSSLEnabled(false).build()).build());
System.setProperty(USERNAME_PROPERTY, admin.getName());
}
Also used :
MasterAuthenticationContext(io.cdap.cdap.security.auth.context.MasterAuthenticationContext)
InMemoryAccessController(io.cdap.cdap.security.authorization.InMemoryAccessController)
AccessController(io.cdap.cdap.security.spi.authorization.AccessController)
CommonNettyHttpServiceBuilder(io.cdap.cdap.common.http.CommonNettyHttpServiceBuilder)
InMemoryAccessController(io.cdap.cdap.security.authorization.InMemoryAccessController)
AccessControllerInstantiator(io.cdap.cdap.security.authorization.AccessControllerInstantiator)
AuthorizationClient(io.cdap.cdap.client.AuthorizationClient)
CConfiguration(io.cdap.cdap.common.conf.CConfiguration)
ChannelPipelineModifier(io.cdap.http.ChannelPipelineModifier)
ChannelPipeline(io.netty.channel.ChannelPipeline)
Before(org.junit.Before)
Example 2 with MasterAuthenticationContext
use of io.cdap.cdap.security.auth.context.MasterAuthenticationContext in project cdap by caskdata.
the class AuthorizationHandlerTest method testDisabled.
private void testDisabled(CConfiguration cConf, FeatureDisabledException.Feature feature, String configSetting) throws Exception {
final InMemoryAccessController accessController = new InMemoryAccessController();
NettyHttpService service = new CommonNettyHttpServiceBuilder(cConf, getClass().getSimpleName()).setHttpHandlers(new AuthorizationHandler(accessController, new AccessControllerInstantiator(cConf, FACTORY) {
@Override
public AccessController get() {
return accessController;
}
}, cConf, new MasterAuthenticationContext())).build();
service.start();
try {
final AuthorizationClient client = new AuthorizationClient(ClientConfig.builder().setConnectionConfig(ConnectionConfig.builder().setHostname(service.getBindAddress().getHostName()).setPort(service.getBindAddress().getPort()).setSSLEnabled(false).build()).build());
final NamespaceId ns1 = Ids.namespace("ns1");
final Role admins = new Role("admins");
// Test that the right exception is thrown when any Authorization REST API is called with authorization disabled
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.grant(Authorizable.fromEntityId(ns1), admin, ImmutableSet.of(StandardPermission.GET));
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.revoke(Authorizable.fromEntityId(ns1), admin, ImmutableSet.of(StandardPermission.GET));
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.revoke(Authorizable.fromEntityId(ns1));
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.listGrants(admin);
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.addRoleToPrincipal(admins, admin);
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.removeRoleFromPrincipal(admins, admin);
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.createRole(admins);
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.dropRole(admins);
}
}, feature, configSetting);
verifyFeatureDisabled(new DisabledFeatureCaller() {
@Override
public void call() throws Exception {
client.listAllRoles();
}
}, feature, configSetting);
} finally {
service.stop();
}
}
Also used :
MasterAuthenticationContext(io.cdap.cdap.security.auth.context.MasterAuthenticationContext)
CommonNettyHttpServiceBuilder(io.cdap.cdap.common.http.CommonNettyHttpServiceBuilder)
AccessControllerInstantiator(io.cdap.cdap.security.authorization.AccessControllerInstantiator)
AccessException(io.cdap.cdap.api.security.AccessException)
FeatureDisabledException(io.cdap.cdap.common.FeatureDisabledException)
AlreadyExistsException(io.cdap.cdap.security.spi.authorization.AlreadyExistsException)
Role(io.cdap.cdap.proto.security.Role)
InMemoryAccessController(io.cdap.cdap.security.authorization.InMemoryAccessController)
AccessController(io.cdap.cdap.security.spi.authorization.AccessController)
InMemoryAccessController(io.cdap.cdap.security.authorization.InMemoryAccessController)
NettyHttpService(io.cdap.http.NettyHttpService)
AuthorizationClient(io.cdap.cdap.client.AuthorizationClient)
NamespaceId(io.cdap.cdap.proto.id.NamespaceId)
Aggregations
AuthorizationClient (io.cdap.cdap.client.AuthorizationClient)2
CommonNettyHttpServiceBuilder (io.cdap.cdap.common.http.CommonNettyHttpServiceBuilder)2
MasterAuthenticationContext (io.cdap.cdap.security.auth.context.MasterAuthenticationContext)2
AccessControllerInstantiator (io.cdap.cdap.security.authorization.AccessControllerInstantiator)2
InMemoryAccessController (io.cdap.cdap.security.authorization.InMemoryAccessController)2
AccessController (io.cdap.cdap.security.spi.authorization.AccessController)2
AccessException (io.cdap.cdap.api.security.AccessException)1
FeatureDisabledException (io.cdap.cdap.common.FeatureDisabledException)1
CConfiguration (io.cdap.cdap.common.conf.CConfiguration)1
NamespaceId (io.cdap.cdap.proto.id.NamespaceId)1
Role (io.cdap.cdap.proto.security.Role)1
AlreadyExistsException (io.cdap.cdap.security.spi.authorization.AlreadyExistsException)1
ChannelPipelineModifier (io.cdap.http.ChannelPipelineModifier)1
NettyHttpService (io.cdap.http.NettyHttpService)1
ChannelPipeline (io.netty.channel.ChannelPipeline)1
Before (org.junit.Before)1
