Examples with Builder org.apache.qpid.server.security.access.config.Rule.Builder used on opensource projects

Search in sources :

Example 16 with Builder

use of org.apache.qpid.server.security.access.config.Rule.Builder in project qpid-broker-j by apache.

the class RuleSetTest method testFirstTemporarySecondDurableThirdNamedQueueDenied.

/**
 * The more specific rules are first, so those requests are denied.
 */
@Test
public void testFirstTemporarySecondDurableThirdNamedQueueDenied() {
    final ObjectProperties named = new ObjectProperties(_queueName);
    final ObjectProperties namedTemporary = new ObjectProperties(_queueName);
    namedTemporary.put(Property.AUTO_DELETE, Boolean.TRUE);
    final ObjectProperties namedDurable = new ObjectProperties(_queueName);
    namedDurable.put(Property.DURABLE, Boolean.TRUE);
    RuleSet ruleSet = createRuleSet();
    assertEquals(Result.DENIED, ruleSet.check(_testSubject, LegacyOperation.CREATE, ObjectType.QUEUE, named));
    assertEquals(Result.DENIED, ruleSet.check(_testSubject, LegacyOperation.CREATE, ObjectType.QUEUE, namedTemporary));
    assertEquals(Result.DENIED, ruleSet.check(_testSubject, LegacyOperation.CREATE, ObjectType.QUEUE, namedDurable));
    _ruleCollector.addRule(1, new Builder().withIdentity(TEST_USER).withOutcome(RuleOutcome.DENY).withOperation(LegacyOperation.CREATE).withObject(ObjectType.QUEUE).withPredicates(namedTemporary).build());
    _ruleCollector.addRule(2, new Builder().withIdentity(TEST_USER).withOutcome(RuleOutcome.DENY).withOperation(LegacyOperation.CREATE).withObject(ObjectType.QUEUE).withPredicates(namedDurable).build());
    _ruleCollector.addRule(3, new Builder().withIdentity(TEST_USER).withOutcome(RuleOutcome.ALLOW).withOperation(LegacyOperation.CREATE).withObject(ObjectType.QUEUE).withPredicates(named).build());
    ruleSet = createRuleSet();
    assertEquals(3, ruleSet.size());
    assertEquals(Result.ALLOWED, ruleSet.check(_testSubject, LegacyOperation.CREATE, ObjectType.QUEUE, named));
    assertEquals(Result.DENIED, ruleSet.check(_testSubject, LegacyOperation.CREATE, ObjectType.QUEUE, namedTemporary));
    assertEquals(Result.DENIED, ruleSet.check(_testSubject, LegacyOperation.CREATE, ObjectType.QUEUE, namedDurable));
}
Also used : Builder(org.apache.qpid.server.security.access.config.Rule.Builder) Test(org.junit.Test)

Example 17 with Builder

use of org.apache.qpid.server.security.access.config.Rule.Builder in project qpid-broker-j by apache.

the class RuleSetTest method testUserInMultipleGroups.

@Test
public void testUserInMultipleGroups() {
    final String allowedGroup = "group1";
    final String deniedGroup = "group2";
    _ruleCollector.addRule(1, new Builder().withIdentity(allowedGroup).withOutcome(RuleOutcome.ALLOW).withOperation(LegacyOperation.ACCESS).withObject(ObjectType.VIRTUALHOST).build());
    _ruleCollector.addRule(2, new Builder().withIdentity(deniedGroup).withOutcome(RuleOutcome.DENY).withOperation(LegacyOperation.ACCESS).withObject(ObjectType.VIRTUALHOST).build());
    final RuleSet ruleSet = createRuleSet();
    final Subject subjectInBothGroups = TestPrincipalUtils.createTestSubject("user", allowedGroup, deniedGroup);
    final Subject subjectInDeniedGroupAndOneOther = TestPrincipalUtils.createTestSubject("user", deniedGroup, "some other group");
    final Subject subjectInAllowedGroupAndOneOther = TestPrincipalUtils.createTestSubject("user", allowedGroup, "some other group");
    assertEquals(Result.ALLOWED, ruleSet.check(subjectInBothGroups, LegacyOperation.ACCESS, ObjectType.VIRTUALHOST, EMPTY));
    assertEquals(Result.DENIED, ruleSet.check(subjectInDeniedGroupAndOneOther, LegacyOperation.ACCESS, ObjectType.VIRTUALHOST, EMPTY));
    assertEquals(Result.ALLOWED, ruleSet.check(subjectInAllowedGroupAndOneOther, LegacyOperation.ACCESS, ObjectType.VIRTUALHOST, EMPTY));
}
Also used : Builder(org.apache.qpid.server.security.access.config.Rule.Builder) Subject(javax.security.auth.Subject) Test(org.junit.Test)

Example 18 with Builder

use of org.apache.qpid.server.security.access.config.Rule.Builder in project qpid-broker-j by apache.

the class RuleSetTest method testPublishToExchange_OwnerBased_withGenericRule.

@Test
public void testPublishToExchange_OwnerBased_withGenericRule() {
    _ruleCollector.addRule(1, new Builder().withPredicate(Property.NAME, "broadcast").withPredicate(Property.ROUTING_KEY, "broadcast.*").withOwner().withOutcome(RuleOutcome.ALLOW).withOperation(LegacyOperation.PUBLISH).withObject(ObjectType.EXCHANGE).build());
    _ruleCollector.addRule(3, new Builder().withPredicate(Property.NAME, "broadcast").withPredicate(Property.ROUTING_KEY, "rs.broadcast.*").withOwner().withOutcome(RuleOutcome.ALLOW).withOperation(LegacyOperation.PUBLISH).withObject(ObjectType.EXCHANGE).build());
    _ruleCollector.addRule(11, new Builder().withPredicate(Property.NAME, "broadcast").withPredicate(Property.QUEUE_NAME, "QQ").withIdentity(TEST_USER).withOutcome(RuleOutcome.ALLOW).withOperation(LegacyOperation.PUBLISH).withObject(ObjectType.EXCHANGE).build());
    _ruleCollector.addRule(17, new Builder().withIdentity(TEST_USER).withOutcome(RuleOutcome.DENY).withOperation(LegacyOperation.PUBLISH).withObject(ObjectType.ALL).build());
    _ruleCollector.addRule(27, new Builder().withIdentity(Rule.ALL).withOutcome(RuleOutcome.DENY).withOperation(LegacyOperation.PUBLISH).withObject(ObjectType.ALL).build());
    final RuleSet ruleSet = createRuleSet();
    assertEquals(5, ruleSet.size());
    // Action is performed by another user
    final Subject testSubject = TestPrincipalUtils.createTestSubject("Java");
    ObjectProperties object = new ObjectProperties("broadcast");
    assertEquals(Result.DENIED, ruleSet.check(testSubject, LegacyOperation.PUBLISH, ObjectType.EXCHANGE, object));
    // Action is performed by another user == owner
    object = new ObjectProperties("broadcast");
    object.setCreatedBy("Java");
    assertEquals(Result.DENIED, ruleSet.check(testSubject, LegacyOperation.PUBLISH, ObjectType.EXCHANGE, object));
}
Also used : Builder(org.apache.qpid.server.security.access.config.Rule.Builder) Subject(javax.security.auth.Subject) Test(org.junit.Test)

Example 19 with Builder

use of org.apache.qpid.server.security.access.config.Rule.Builder in project qpid-broker-j by apache.

the class RuleSetTest method testList_UnsupportedException.

@Test
public void testList_UnsupportedException() {
    _ruleCollector.addRule(1, new Builder().withIdentity(TEST_USER).withOutcome(RuleOutcome.ALLOW).withOperation(LegacyOperation.PUBLISH).withObject(ObjectType.EXCHANGE).withPredicate(Property.NAME, "broadcast").build());
    _ruleCollector.addRule(3, new Builder().withIdentity(TEST_USER).withOutcome(RuleOutcome.ALLOW).withOperation(LegacyOperation.ACCESS).withObject(ObjectType.VIRTUALHOST).build());
    _ruleCollector.addRule(17, new Builder().withIdentity(Rule.ALL).withOutcome(RuleOutcome.DENY).withOperation(LegacyOperation.ALL).withObject(ObjectType.ALL).build());
    final RuleSet ruleSet = createRuleSet();
    assertEquals(3, ruleSet.size());
    final Rule rule = new Builder().withIdentity(TEST_USER).withOperation(LegacyOperation.ACCESS).withOutcome(RuleOutcome.ALLOW).build();
    try {
        ruleSet.add(rule);
        fail("An exception is expected!");
    } catch (RuntimeException e) {
    // Nothing to do
    }
    try {
        ruleSet.remove(ruleSet.get(1));
        fail("An exception is expected!");
    } catch (RuntimeException e) {
    // Nothing to do
    }
    try {
        ruleSet.addAll(Collections.singleton(rule));
        fail("An exception is expected!");
    } catch (RuntimeException e) {
    // Nothing to do
    }
    try {
        ruleSet.removeAll(new ArrayList<>(ruleSet));
        fail("An exception is expected!");
    } catch (RuntimeException e) {
    // Nothing to do
    }
    try {
        ruleSet.retainAll(Collections.singleton(rule));
        fail("An exception is expected!");
    } catch (RuntimeException e) {
    // Nothing to do
    }
    try {
        ruleSet.clear();
        fail("An exception is expected!");
    } catch (RuntimeException e) {
    // Nothing to do
    }
    try {
        ruleSet.addAll(1, Collections.singleton(rule));
        fail("An exception is expected!");
    } catch (RuntimeException e) {
    // Nothing to do
    }
    try {
        ruleSet.set(1, rule);
        fail("An exception is expected!");
    } catch (RuntimeException e) {
    // Nothing to do
    }
    try {
        ruleSet.add(1, rule);
        fail("An exception is expected!");
    } catch (RuntimeException e) {
    // Nothing to do
    }
    try {
        ruleSet.remove(1);
        fail("An exception is expected!");
    } catch (RuntimeException e) {
    // Nothing to do
    }
}
Also used : Builder(org.apache.qpid.server.security.access.config.Rule.Builder) Test(org.junit.Test)

Example 20 with Builder

use of org.apache.qpid.server.security.access.config.Rule.Builder in project qpid-broker-j by apache.

the class RuleSetTest method testTemporaryUnnamedQueueConsume.

/**
 * If the consume permission for temporary queues is for an unnamed queue then it should
 * be global for any temporary queue but not for any non-temporary queue
 */
@Test
public void testTemporaryUnnamedQueueConsume() {
    final ObjectProperties temporary = new ObjectProperties();
    temporary.put(Property.AUTO_DELETE, Boolean.TRUE);
    final ObjectProperties normal = new ObjectProperties();
    normal.put(Property.AUTO_DELETE, Boolean.FALSE);
    RuleSet ruleSet = createRuleSet();
    assertEquals(Result.DENIED, ruleSet.check(_testSubject, LegacyOperation.CONSUME, ObjectType.QUEUE, temporary));
    _ruleCollector.addRule(0, new Builder().withIdentity(TEST_USER).withOutcome(RuleOutcome.ALLOW).withOperation(LegacyOperation.CONSUME).withObject(ObjectType.QUEUE).withPredicates(temporary).build());
    ruleSet = createRuleSet();
    assertEquals(1, ruleSet.size());
    assertEquals(Result.ALLOWED, ruleSet.check(_testSubject, LegacyOperation.CONSUME, ObjectType.QUEUE, temporary));
    // defer to global if exists, otherwise default answer - this is handled by the security manager
    assertEquals(Result.DEFER, ruleSet.check(_testSubject, LegacyOperation.CONSUME, ObjectType.QUEUE, normal));
}
Also used : Builder(org.apache.qpid.server.security.access.config.Rule.Builder) Test(org.junit.Test)

Aggregations

Builder (org.apache.qpid.server.security.access.config.Rule.Builder)30 Test (org.junit.Test)28 Subject (javax.security.auth.Subject)5 IllegalConfigurationException (org.apache.qpid.server.configuration.IllegalConfigurationException)1 EventLogger (org.apache.qpid.server.logging.EventLogger)1 EventLoggerProvider (org.apache.qpid.server.logging.EventLoggerProvider)1 AuthenticationProvider (org.apache.qpid.server.model.AuthenticationProvider)1 UsernamePrincipal (org.apache.qpid.server.security.auth.UsernamePrincipal)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial