Examples with Result org.apache.qpid.server.security.Result used on opensource projects

Search in sources :

Example 1 with Result

use of org.apache.qpid.server.security.Result in project qpid-broker-j by apache.

the class AbstractConfiguredObject method authorise.

private void authorise(final ConfiguredObject<?> configuredObject, SecurityToken token, final Operation operation, Map<String, Object> arguments) {
    AccessControl accessControl = getAccessControl();
    if (accessControl != null) {
        Result result = accessControl.authorise(token, operation, configuredObject, arguments);
        LOGGER.debug("authorise returned {}", result);
        if (result == Result.DEFER) {
            result = accessControl.getDefault();
            LOGGER.debug("authorise returned DEFER, returing default: {}", result);
        }
        if (result == Result.DENIED) {
            Class<? extends ConfiguredObject> categoryClass = configuredObject.getCategoryClass();
            String objectName = (String) configuredObject.getAttribute(ConfiguredObject.NAME);
            String operationName = operation.getName().equals(operation.getType().name()) ? operation.getName() : (operation.getType().name() + "(" + operation.getName() + ")");
            StringBuilder exceptionMessage = new StringBuilder(String.format("Permission %s is denied for : %s '%s'", operationName, categoryClass.getSimpleName(), objectName));
            Model model = configuredObject.getModel();
            Class<? extends ConfiguredObject> parentClass = model.getParentType(categoryClass);
            if (parentClass != null) {
                exceptionMessage.append(" on");
                String objectCategory = parentClass.getSimpleName();
                ConfiguredObject<?> parent = configuredObject.getParent();
                exceptionMessage.append(" ").append(objectCategory);
                if (parent != null) {
                    exceptionMessage.append(" '").append(parent.getAttribute(ConfiguredObject.NAME)).append("'");
                }
            }
            throw new AccessControlException(exceptionMessage.toString());
        }
    }
}
Also used : AccessControlException(java.security.AccessControlException) AccessControl(org.apache.qpid.server.security.AccessControl) Result(org.apache.qpid.server.security.Result)

Example 2 with Result

use of org.apache.qpid.server.security.Result in project qpid-broker-j by apache.

the class CachingSecurityToken method authorise.

Result authorise(final RuleBasedAccessControl ruleBasedAccessControl, final Operation operation, final PermissionedObject configuredObject, final Map<String, Object> arguments) {
    AccessControlCache cache;
    while ((cache = CACHE_UPDATE.get(this)).getAccessControl() != ruleBasedAccessControl) {
        CACHE_UPDATE.compareAndSet(this, cache, new AccessControlCache(ruleBasedAccessControl));
    }
    final CachedMethodAuthKey key = new CachedMethodAuthKey(configuredObject, operation, arguments);
    Result result = cache.getCache().get(key);
    if (result == null) {
        result = ruleBasedAccessControl.authorise(operation, configuredObject, arguments);
        cache.getCache().putIfAbsent(key, result);
    }
    return result;
}
Also used : Result(org.apache.qpid.server.security.Result)

Example 3 with Result

use of org.apache.qpid.server.security.Result in project qpid-broker-j by apache.

the class LegacyAccessControlAdapterTest method testAuthoriseLogsAccessOnVirtualHost.

public void testAuthoriseLogsAccessOnVirtualHost() {
    when(_accessControl.authorise(same(LegacyOperation.INVOKE), same(ObjectType.VIRTUALHOST), any(ObjectProperties.class))).thenReturn(Result.DENIED);
    when(_accessControl.authorise(same(LegacyOperation.ACCESS_LOGS), same(ObjectType.VIRTUALHOST), any(ObjectProperties.class))).thenReturn(Result.ALLOWED);
    ConfiguredObject logger = mock(VirtualHostLogger.class);
    when(logger.getCategoryClass()).thenReturn(VirtualHostLogger.class);
    when(logger.getParent()).thenReturn(_virtualHost);
    when(logger.getModel()).thenReturn(_model);
    Result result = _adapter.authoriseMethod(logger, "getFile", Collections.singletonMap("fileName", "qpid.log"));
    assertEquals("Unexpected authorise result", Result.ALLOWED, result);
    ObjectProperties expectedObjectProperties = new ObjectProperties(_virtualHost.getName());
    verify(_accessControl).authorise(ACCESS_LOGS, VIRTUALHOST, expectedObjectProperties);
}
Also used : Result(org.apache.qpid.server.security.Result)

Example 4 with Result

use of org.apache.qpid.server.security.Result in project qpid-broker-j by apache.

the class LegacyAccessControlAdapterTest method testAuthoriseInvokeVirtualHostDescendantMethod.

public void testAuthoriseInvokeVirtualHostDescendantMethod() {
    String methodName = "clearQueue";
    Queue queue = mock(Queue.class);
    when(queue.getParent()).thenReturn(_virtualHost);
    when(queue.getModel()).thenReturn(_model);
    when(queue.getName()).thenReturn(TEST_QUEUE);
    when(queue.getAttribute(Queue.NAME)).thenReturn(TEST_QUEUE);
    when(queue.getCategoryClass()).thenReturn(Queue.class);
    when(queue.getAttribute(Queue.DURABLE)).thenReturn(false);
    when(queue.getAttribute(Queue.EXCLUSIVE)).thenReturn(ExclusivityPolicy.NONE);
    when(queue.getAttribute(Queue.LIFETIME_POLICY)).thenReturn(LifetimePolicy.DELETE_ON_CONNECTION_CLOSE);
    ObjectProperties properties = new ObjectProperties();
    properties.put(ObjectProperties.Property.NAME, TEST_QUEUE);
    properties.put(ObjectProperties.Property.METHOD_NAME, methodName);
    properties.put(ObjectProperties.Property.VIRTUALHOST_NAME, _virtualHost.getName());
    properties.put(ObjectProperties.Property.COMPONENT, "VirtualHost.Queue");
    when(_accessControl.authorise(same(LegacyOperation.INVOKE), same(ObjectType.QUEUE), any(ObjectProperties.class))).thenReturn(Result.ALLOWED);
    Result result = _adapter.authoriseMethod(queue, methodName, Collections.emptyMap());
    assertEquals("Unexpected authorise result", Result.ALLOWED, result);
    verify(_accessControl).authorise(eq(LegacyOperation.INVOKE), eq(ObjectType.QUEUE), eq(properties));
    verify(_accessControl, never()).authorise(eq(LegacyOperation.PURGE), eq(ObjectType.QUEUE), any(ObjectProperties.class));
}
Also used : Result(org.apache.qpid.server.security.Result)

Example 5 with Result

use of org.apache.qpid.server.security.Result in project qpid-broker-j by apache.

the class LegacyAccessControlAdapterTest method testAuthoriseMethod.

public void testAuthoriseMethod() {
    when(_accessControl.authorise(same(LegacyOperation.INVOKE), any(ObjectType.class), any(ObjectProperties.class))).thenReturn(Result.DENIED);
    when(_accessControl.authorise(same(LegacyOperation.UPDATE), same(ObjectType.METHOD), any(ObjectProperties.class))).thenReturn(Result.ALLOWED);
    ObjectProperties properties = new ObjectProperties("deleteMessages");
    properties.put(ObjectProperties.Property.COMPONENT, "VirtualHost.Queue");
    properties.put(ObjectProperties.Property.VIRTUALHOST_NAME, TEST_VIRTUAL_HOST);
    Queue queue = mock(Queue.class);
    when(queue.getParent()).thenReturn(_virtualHost);
    when(queue.getVirtualHost()).thenReturn(_virtualHost);
    when(queue.getModel()).thenReturn(_model);
    when(queue.getAttribute(Queue.NAME)).thenReturn(TEST_QUEUE);
    when(queue.getCategoryClass()).thenReturn(Queue.class);
    Result result = _adapter.authoriseMethod(queue, "deleteMessages", Collections.emptyMap());
    assertEquals("Unexpected authorise result", Result.ALLOWED, result);
    verify(_accessControl).authorise(eq(LegacyOperation.UPDATE), eq(ObjectType.METHOD), eq(properties));
}
Also used : Result(org.apache.qpid.server.security.Result)

Aggregations

Result (org.apache.qpid.server.security.Result)12 Subject (javax.security.auth.Subject)2 AMQPConnection (org.apache.qpid.server.transport.AMQPConnection)2 Iterators.cycle (com.google.common.collect.Iterators.cycle)1 FutureCallback (com.google.common.util.concurrent.FutureCallback)1 Futures (com.google.common.util.concurrent.Futures)1 JdkFutureAdapters (com.google.common.util.concurrent.JdkFutureAdapters)1 ListenableFuture (com.google.common.util.concurrent.ListenableFuture)1 MoreExecutors (com.google.common.util.concurrent.MoreExecutors)1 SettableFuture (com.google.common.util.concurrent.SettableFuture)1 BufferedInputStream (java.io.BufferedInputStream)1 DataInputStream (java.io.DataInputStream)1 File (java.io.File)1 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1 OutputStream (java.io.OutputStream)1 Serializable (java.io.Serializable)1 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 InetAddress (java.net.InetAddress)1 InetSocketAddress (java.net.InetSocketAddress)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial