Search in sources :

Example 1 with SystemPrincipal

use of org.apache.derby.authentication.SystemPrincipal in project derby by apache.

the class SecurityUtil method createSystemPrincipalSubject.

/**
 * Creates a (read-only) Subject representing a given user
 * as a System user within Derby.
 *
 * @param user the user name
 * @return a Subject representing the user by its exact and normalized name
 *
 * @see <a href="http://wiki.apache.org/db-derby/UserIdentifiers">User Names & Authorization Identifiers in Derby</a>
 */
public static Subject createSystemPrincipalSubject(String user) {
    final Set<SystemPrincipal> principals = new HashSet<SystemPrincipal>();
    // add the authenticated user
    if (user != null) {
        // The Java security runtime checks whether a Subject falls
        // under a Principal policy by looking for a literal match
        // of the Principal name as exactly found in a policy file
        // clause with any of the Subject's listed Principal names.
        // 
        // To support Authorization Identifier as Principal names
        // we add two Principals here: one with the given name and
        // another one with the normalized name.  This way, a
        // permission will be granted if the authenticated user name
        // matches a Principal clause in the policy file with either
        // the exact same name or the normalized name.
        // 
        // An alternative approach of normalizing all names within
        // SystemPrincipal has issues; see comments there.
        principals.add(new SystemPrincipal(user));
        principals.add(new SystemPrincipal(getAuthorizationId(user)));
    }
    final boolean readOnly = true;
    final Set credentials = new HashSet();
    return new Subject(readOnly, principals, credentials, credentials);
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) SystemPrincipal(org.apache.derby.authentication.SystemPrincipal) Subject(javax.security.auth.Subject) HashSet(java.util.HashSet)

Example 2 with SystemPrincipal

use of org.apache.derby.authentication.SystemPrincipal in project derby by apache.

the class SystemPrivilegesPermissionTest method testSystemPrincipalSerialization.

/**
 * Test serialization of SystemPrincipal objects.
 */
private void testSystemPrincipalSerialization() throws IOException {
    // Serialize and deserialize a valid object.
    SystemPrincipal p = new SystemPrincipal("superuser");
    assertEquals(p, serializeDeserialize(p, null));
    // Deserialize a SystemPrincipal whose name is null. Should fail.
    setField(SystemPrincipal.class, "name", p, null);
    serializeDeserialize(p, NullPointerException.class);
    // Deserialize a SystemPrincipal whose name is empty. Should fail.
    setField(SystemPrincipal.class, "name", p, "");
    serializeDeserialize(p, IllegalArgumentException.class);
}
Also used : SystemPrincipal(org.apache.derby.authentication.SystemPrincipal)

Example 3 with SystemPrincipal

use of org.apache.derby.authentication.SystemPrincipal in project derby by apache.

the class SystemPrivilegesPermissionTest method policyTestSystemPermissionGrants.

/**
 * Tests SystemPermissions against the Policy.
 */
public void policyTestSystemPermissionGrants() {
    final Permission shutdown = new SystemPermission(SystemPermission.SERVER, SystemPermission.SHUTDOWN);
    // test SystemPermission for authorized user
    final SystemPrincipal authorizedUser = new SystemPrincipal("authorizedSystemUser");
    execute(authorizedUser, new ShutdownAction(shutdown), true);
    // test SystemPermission for unauthorized user
    final SystemPrincipal unAuthorizedUser = new SystemPrincipal("unAuthorizedSystemUser");
    execute(unAuthorizedUser, new ShutdownAction(shutdown), false);
}
Also used : SystemPermission(org.apache.derby.shared.common.security.SystemPermission) SystemPermission(org.apache.derby.shared.common.security.SystemPermission) AllPermission(java.security.AllPermission) DatabasePermission(org.apache.derby.security.DatabasePermission) Permission(java.security.Permission) SystemPrincipal(org.apache.derby.authentication.SystemPrincipal)

Example 4 with SystemPrincipal

use of org.apache.derby.authentication.SystemPrincipal in project derby by apache.

the class SystemPrivilegesPermissionTest method policyTestDatabasePermissionGrants.

/**
 * Tests DatabasePermissions against the Policy.
 */
public void policyTestDatabasePermissionGrants() throws IOException {
    final DatabasePermission[] relDirPathPerms = new DatabasePermission[relDirPaths.length];
    for (int i = 0; i < relDirPaths.length; i++) {
        relDirPathPerms[i] = new DatabasePermission(relDirPaths[i], DatabasePermission.CREATE);
    }
    // test DatabasePermission for unauthorized, authorized, and
    // all-authorized users
    final int[] singleLocPaths = { 2, 3, 6, 7 };
    final SystemPrincipal authorizedUser = new SystemPrincipal("authorizedSystemUser");
    final SystemPrincipal unAuthorizedUser = new SystemPrincipal("unAuthorizedSystemUser");
    final SystemPrincipal superUser = new SystemPrincipal("superUser");
    for (int i = 0; i < singleLocPaths.length; i++) {
        final int j = singleLocPaths[i];
        execute(unAuthorizedUser, new CreateDatabaseAction(relDirPathPerms[j]), false);
        execute(authorizedUser, new CreateDatabaseAction(relDirPathPerms[j]), (j != 6));
        execute(superUser, new CreateDatabaseAction(relDirPathPerms[j]), true);
    }
    // test DatabasePermission for any user
    final SystemPrincipal anyUser = new SystemPrincipal("anyUser");
    final DatabasePermission dbPerm = new DatabasePermission("directory:dir", DatabasePermission.CREATE);
    execute(anyUser, new CreateDatabaseAction(dbPerm), true);
}
Also used : SystemPrincipal(org.apache.derby.authentication.SystemPrincipal) DatabasePermission(org.apache.derby.security.DatabasePermission)

Example 5 with SystemPrincipal

use of org.apache.derby.authentication.SystemPrincipal in project derby by apache.

the class SystemPrivilegesPermissionTest method testSystemPrincipal.

/**
 * Tests SystemPrincipal.
 */
public void testSystemPrincipal() {
    // test a valid SystemPrincipal
    SystemPrincipal p = new SystemPrincipal("superuser");
    assertEquals("superuser", p.getName());
    // test SystemPrincipal with null name argument
    try {
        new SystemPrincipal(null);
        fail("expected NullPointerException");
    } catch (NullPointerException ex) {
    // expected exception
    }
    // test SystemPrincipal with empty name argument
    try {
        new SystemPrincipal("");
        fail("expected IllegalArgumentException");
    } catch (IllegalArgumentException ex) {
    // expected exception
    }
    // DERBY-3476: The SystemPrincipal class should be final.
    assertTrue(Modifier.isFinal(SystemPrincipal.class.getModifiers()));
}
Also used : SystemPrincipal(org.apache.derby.authentication.SystemPrincipal)

Aggregations

SystemPrincipal (org.apache.derby.authentication.SystemPrincipal)5 DatabasePermission (org.apache.derby.security.DatabasePermission)2 AllPermission (java.security.AllPermission)1 Permission (java.security.Permission)1 HashSet (java.util.HashSet)1 Set (java.util.Set)1 Subject (javax.security.auth.Subject)1 SystemPermission (org.apache.derby.shared.common.security.SystemPermission)1