Examples with Builder org.apache.qpid.server.security.access.config.Rule.Builder used on opensource projects

Search in sources :

Example 26 with Builder

use of org.apache.qpid.server.security.access.config.Rule.Builder in project qpid-broker-j by apache.

the class RuleSetTest method assertDenyGrantAllow.

private void assertDenyGrantAllow(Subject subject, LegacyOperation operation, ObjectType objectType, ObjectProperties properties) {
    RuleSet ruleSet = createRuleSet();
    assertEquals(Result.DENIED, ruleSet.check(subject, operation, objectType, properties));
    _ruleCollector.addRule(0, new Builder().withIdentity(TEST_USER).withOutcome(RuleOutcome.ALLOW).withOperation(operation).withObject(objectType).withPredicates(properties).build());
    ruleSet = createRuleSet();
    assertEquals(1, ruleSet.size());
    assertEquals(Result.ALLOWED, ruleSet.check(subject, operation, objectType, properties));
}
Also used : Builder(org.apache.qpid.server.security.access.config.Rule.Builder)

Example 27 with Builder

use of org.apache.qpid.server.security.access.config.Rule.Builder in project qpid-broker-j by apache.

the class RuleSetTest method testPublishToExchange_OwnerBased_byAnotherUser.

@Test
public void testPublishToExchange_OwnerBased_byAnotherUser() {
    _ruleCollector.addRule(1, new Builder().withPredicate(Property.NAME, "broadcast").withPredicate(Property.ROUTING_KEY, "broadcast.*").withOwner().withOutcome(RuleOutcome.ALLOW).withOperation(LegacyOperation.PUBLISH).withObject(ObjectType.EXCHANGE).build());
    _ruleCollector.addRule(3, new Builder().withPredicate(Property.NAME, "broadcast").withPredicate(Property.ROUTING_KEY, "rs.broadcast.*").withOwner().withOutcome(RuleOutcome.ALLOW).withOperation(LegacyOperation.PUBLISH).withObject(ObjectType.EXCHANGE).build());
    _ruleCollector.addRule(11, new Builder().withPredicate(Property.NAME, "broadcast").withPredicate(Property.QUEUE_NAME, "QQ").withIdentity(TEST_USER).withOutcome(RuleOutcome.ALLOW).withOperation(LegacyOperation.PUBLISH).withObject(ObjectType.EXCHANGE).build());
    _ruleCollector.addRule(17, new Builder().withIdentity(TEST_USER).withOutcome(RuleOutcome.DENY).withOperation(LegacyOperation.PUBLISH).withObject(ObjectType.ALL).build());
    final RuleSet ruleSet = createRuleSet();
    assertEquals(4, ruleSet.size());
    // Created be other user
    ObjectProperties object = new ObjectProperties("broadcast");
    object.put(Property.ROUTING_KEY, "broadcast.public");
    object.setCreatedBy("another");
    assertEquals(Result.DENIED, ruleSet.check(_testSubject, LegacyOperation.PUBLISH, ObjectType.EXCHANGE, object));
    object = new ObjectProperties("broadcast");
    object.put(Property.QUEUE_NAME, "QQ");
    object.setCreatedBy("another");
    assertEquals(Result.ALLOWED, ruleSet.check(_testSubject, LegacyOperation.PUBLISH, ObjectType.EXCHANGE, object));
    // Action is performed by another user
    final Subject testSubject = TestPrincipalUtils.createTestSubject("Java");
    object = new ObjectProperties("broadcast");
    assertEquals(Result.DEFER, ruleSet.check(testSubject, LegacyOperation.PUBLISH, ObjectType.EXCHANGE, object));
    // Action is performed by another user == owner
    object = new ObjectProperties("broadcast");
    object.setCreatedBy("Java");
    assertEquals(Result.DEFER, ruleSet.check(testSubject, LegacyOperation.PUBLISH, ObjectType.EXCHANGE, object));
    object = new ObjectProperties("broadcast");
    object.put(Property.ROUTING_KEY, "rs.broadcast.public");
    object.setCreatedBy("Java");
    assertEquals(Result.ALLOWED, ruleSet.check(testSubject, LegacyOperation.PUBLISH, ObjectType.EXCHANGE, object));
}
Also used : Builder(org.apache.qpid.server.security.access.config.Rule.Builder) Subject(javax.security.auth.Subject) Test(org.junit.Test)

Example 28 with Builder

use of org.apache.qpid.server.security.access.config.Rule.Builder in project qpid-broker-j by apache.

the class RuleSetTest method testGetEventLogger.

@Test
public void testGetEventLogger() {
    final Rule rule = new Builder().withIdentity(TEST_USER).withOperation(LegacyOperation.ACCESS).withObject(ObjectType.VIRTUALHOST).withOutcome(RuleOutcome.ALLOW).build();
    final EventLogger logger = mock(EventLogger.class);
    final RuleSet ruleSet = RuleSet.newInstance(() -> logger, Collections.singletonList(rule), Result.DENIED);
    assertNotNull(ruleSet);
    assertEquals(logger, ruleSet.getEventLogger());
}
Also used : EventLogger(org.apache.qpid.server.logging.EventLogger) Builder(org.apache.qpid.server.security.access.config.Rule.Builder) Test(org.junit.Test)

Example 29 with Builder

use of org.apache.qpid.server.security.access.config.Rule.Builder in project qpid-broker-j by apache.

the class RuleSetTest method testPublishToExchange_OwnerBased_withoutAuthPrincipal.

@Test
public void testPublishToExchange_OwnerBased_withoutAuthPrincipal() {
    _ruleCollector.addRule(1, new Builder().withPredicate(Property.NAME, "broadcast").withPredicate(Property.ROUTING_KEY, "broadcast.*").withOwner().withOutcome(RuleOutcome.ALLOW).withOperation(LegacyOperation.PUBLISH).withObject(ObjectType.EXCHANGE).build());
    _ruleCollector.addRule(3, new Builder().withPredicate(Property.NAME, "broadcast").withPredicate(Property.ROUTING_KEY, "rs.broadcast.*").withOwner().withOutcome(RuleOutcome.ALLOW).withOperation(LegacyOperation.PUBLISH).withObject(ObjectType.EXCHANGE).build());
    _ruleCollector.addRule(11, new Builder().withPredicate(Property.NAME, "broadcast").withPredicate(Property.QUEUE_NAME, "QQ").withIdentity(TEST_USER).withOutcome(RuleOutcome.ALLOW).withOperation(LegacyOperation.PUBLISH).withObject(ObjectType.EXCHANGE).build());
    _ruleCollector.addRule(17, new Builder().withIdentity(TEST_USER).withOutcome(RuleOutcome.DENY).withOperation(LegacyOperation.PUBLISH).withObject(ObjectType.ALL).build());
    final RuleSet ruleSet = createRuleSet();
    assertEquals(4, ruleSet.size());
    // User without authentication principal
    final Subject notAuthentificated = new Subject(false, Collections.singleton(new UsernamePrincipal(TEST_USER, Mockito.mock(AuthenticationProvider.class))), Collections.emptySet(), Collections.emptySet());
    ObjectProperties object = new ObjectProperties("broadcast");
    object.put(Property.ROUTING_KEY, "rs.broadcast.public");
    object.setCreatedBy(TEST_USER);
    assertEquals(Result.DENIED, ruleSet.check(notAuthentificated, LegacyOperation.PUBLISH, ObjectType.EXCHANGE, object));
    object = new ObjectProperties("broadcast");
    object.put(Property.QUEUE_NAME, "QQ");
    assertEquals(Result.ALLOWED, ruleSet.check(notAuthentificated, LegacyOperation.PUBLISH, ObjectType.EXCHANGE, object));
}
Also used : UsernamePrincipal(org.apache.qpid.server.security.auth.UsernamePrincipal) Builder(org.apache.qpid.server.security.access.config.Rule.Builder) AuthenticationProvider(org.apache.qpid.server.model.AuthenticationProvider) Subject(javax.security.auth.Subject) Test(org.junit.Test)

Example 30 with Builder

use of org.apache.qpid.server.security.access.config.Rule.Builder in project qpid-broker-j by apache.

the class RuleSetTest method testList_subList.

@Test
public void testList_subList() {
    _ruleCollector.addRule(1, new Builder().withIdentity(TEST_USER).withOutcome(RuleOutcome.ALLOW).withOperation(LegacyOperation.PUBLISH).withObject(ObjectType.EXCHANGE).withPredicate(Property.NAME, "broadcast").build());
    _ruleCollector.addRule(3, new Builder().withIdentity(TEST_USER).withOutcome(RuleOutcome.ALLOW).withOperation(LegacyOperation.ACCESS).withObject(ObjectType.VIRTUALHOST).build());
    _ruleCollector.addRule(17, new Builder().withIdentity(Rule.ALL).withOutcome(RuleOutcome.DENY).withOperation(LegacyOperation.ALL).withObject(ObjectType.ALL).build());
    final Rule rule = new Builder().withIdentity(TEST_USER).withOperation(LegacyOperation.ACCESS).withObject(ObjectType.VIRTUALHOST).withOutcome(RuleOutcome.ALLOW).build();
    final RuleSet ruleSet = createRuleSet();
    assertNotNull(ruleSet);
    assertNotNull(ruleSet.subList(1, 2));
    assertEquals(rule, ruleSet.subList(1, 2).get(0));
    try {
        ruleSet.subList(1, 2).add(rule);
        fail("An exception is expected!");
    } catch (RuntimeException e) {
    // 
    }
}
Also used : Builder(org.apache.qpid.server.security.access.config.Rule.Builder) Test(org.junit.Test)

Aggregations

Builder (org.apache.qpid.server.security.access.config.Rule.Builder)30 Test (org.junit.Test)28 Subject (javax.security.auth.Subject)5 IllegalConfigurationException (org.apache.qpid.server.configuration.IllegalConfigurationException)1 EventLogger (org.apache.qpid.server.logging.EventLogger)1 EventLoggerProvider (org.apache.qpid.server.logging.EventLoggerProvider)1 AuthenticationProvider (org.apache.qpid.server.model.AuthenticationProvider)1 UsernamePrincipal (org.apache.qpid.server.security.auth.UsernamePrincipal)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial