use of org.apache.derby.authentication.SystemPrincipal in project derby by apache.
the class SecurityUtil method createSystemPrincipalSubject.
/**
* Creates a (read-only) Subject representing a given user
* as a System user within Derby.
*
* @param user the user name
* @return a Subject representing the user by its exact and normalized name
*
* @see <a href="http://wiki.apache.org/db-derby/UserIdentifiers">User Names & Authorization Identifiers in Derby</a>
*/
public static Subject createSystemPrincipalSubject(String user) {
final Set<SystemPrincipal> principals = new HashSet<SystemPrincipal>();
// add the authenticated user
if (user != null) {
// The Java security runtime checks whether a Subject falls
// under a Principal policy by looking for a literal match
// of the Principal name as exactly found in a policy file
// clause with any of the Subject's listed Principal names.
//
// To support Authorization Identifier as Principal names
// we add two Principals here: one with the given name and
// another one with the normalized name. This way, a
// permission will be granted if the authenticated user name
// matches a Principal clause in the policy file with either
// the exact same name or the normalized name.
//
// An alternative approach of normalizing all names within
// SystemPrincipal has issues; see comments there.
principals.add(new SystemPrincipal(user));
principals.add(new SystemPrincipal(getAuthorizationId(user)));
}
final boolean readOnly = true;
final Set credentials = new HashSet();
return new Subject(readOnly, principals, credentials, credentials);
}
use of org.apache.derby.authentication.SystemPrincipal in project derby by apache.
the class SystemPrivilegesPermissionTest method testSystemPrincipalSerialization.
/**
* Test serialization of SystemPrincipal objects.
*/
private void testSystemPrincipalSerialization() throws IOException {
// Serialize and deserialize a valid object.
SystemPrincipal p = new SystemPrincipal("superuser");
assertEquals(p, serializeDeserialize(p, null));
// Deserialize a SystemPrincipal whose name is null. Should fail.
setField(SystemPrincipal.class, "name", p, null);
serializeDeserialize(p, NullPointerException.class);
// Deserialize a SystemPrincipal whose name is empty. Should fail.
setField(SystemPrincipal.class, "name", p, "");
serializeDeserialize(p, IllegalArgumentException.class);
}
use of org.apache.derby.authentication.SystemPrincipal in project derby by apache.
the class SystemPrivilegesPermissionTest method policyTestSystemPermissionGrants.
/**
* Tests SystemPermissions against the Policy.
*/
public void policyTestSystemPermissionGrants() {
final Permission shutdown = new SystemPermission(SystemPermission.SERVER, SystemPermission.SHUTDOWN);
// test SystemPermission for authorized user
final SystemPrincipal authorizedUser = new SystemPrincipal("authorizedSystemUser");
execute(authorizedUser, new ShutdownAction(shutdown), true);
// test SystemPermission for unauthorized user
final SystemPrincipal unAuthorizedUser = new SystemPrincipal("unAuthorizedSystemUser");
execute(unAuthorizedUser, new ShutdownAction(shutdown), false);
}
use of org.apache.derby.authentication.SystemPrincipal in project derby by apache.
the class SystemPrivilegesPermissionTest method policyTestDatabasePermissionGrants.
/**
* Tests DatabasePermissions against the Policy.
*/
public void policyTestDatabasePermissionGrants() throws IOException {
final DatabasePermission[] relDirPathPerms = new DatabasePermission[relDirPaths.length];
for (int i = 0; i < relDirPaths.length; i++) {
relDirPathPerms[i] = new DatabasePermission(relDirPaths[i], DatabasePermission.CREATE);
}
// test DatabasePermission for unauthorized, authorized, and
// all-authorized users
final int[] singleLocPaths = { 2, 3, 6, 7 };
final SystemPrincipal authorizedUser = new SystemPrincipal("authorizedSystemUser");
final SystemPrincipal unAuthorizedUser = new SystemPrincipal("unAuthorizedSystemUser");
final SystemPrincipal superUser = new SystemPrincipal("superUser");
for (int i = 0; i < singleLocPaths.length; i++) {
final int j = singleLocPaths[i];
execute(unAuthorizedUser, new CreateDatabaseAction(relDirPathPerms[j]), false);
execute(authorizedUser, new CreateDatabaseAction(relDirPathPerms[j]), (j != 6));
execute(superUser, new CreateDatabaseAction(relDirPathPerms[j]), true);
}
// test DatabasePermission for any user
final SystemPrincipal anyUser = new SystemPrincipal("anyUser");
final DatabasePermission dbPerm = new DatabasePermission("directory:dir", DatabasePermission.CREATE);
execute(anyUser, new CreateDatabaseAction(dbPerm), true);
}
use of org.apache.derby.authentication.SystemPrincipal in project derby by apache.
the class SystemPrivilegesPermissionTest method testSystemPrincipal.
/**
* Tests SystemPrincipal.
*/
public void testSystemPrincipal() {
// test a valid SystemPrincipal
SystemPrincipal p = new SystemPrincipal("superuser");
assertEquals("superuser", p.getName());
// test SystemPrincipal with null name argument
try {
new SystemPrincipal(null);
fail("expected NullPointerException");
} catch (NullPointerException ex) {
// expected exception
}
// test SystemPrincipal with empty name argument
try {
new SystemPrincipal("");
fail("expected IllegalArgumentException");
} catch (IllegalArgumentException ex) {
// expected exception
}
// DERBY-3476: The SystemPrincipal class should be final.
assertTrue(Modifier.isFinal(SystemPrincipal.class.getModifiers()));
}
Aggregations