Search in sources :

Example 31 with AuthorizationException

use of org.apache.shiro.authz.AuthorizationException in project killbill by killbill.

the class TestKillBillJdbcRealm method testCustomPermissionsAcrossRealms.

@Test(groups = "slow")
public void testCustomPermissionsAcrossRealms() throws Exception {
    final String role = "writer_off";
    final ImmutableList<String> rolePermissions = ImmutableList.<String>of(Permission.INVOICE_CAN_DELETE_CBA.toString(), /* Built-in permission */
    "invoice:write_off", /* Built-in group but custom value */
    "acme:kb_dev");
    securityApi.addRoleDefinition(role, rolePermissions, callContext);
    validateUserRoles(securityApi.getRoleDefinition(role, callContext), rolePermissions);
    final List<String> roleDefinitions = securityApi.getRoleDefinition(role, callContext);
    Assert.assertEqualsNoOrder(roleDefinitions.toArray(), rolePermissions.toArray());
    final String username = "tester";
    final String password = "tester";
    securityApi.addUserRoles(username, password, ImmutableList.<String>of(role), callContext);
    final AuthenticationToken goodToken = new UsernamePasswordToken(username, password);
    final Subject subject = securityManager.login(null, goodToken);
    try {
        ThreadContext.bind(subject);
        // JDBC Realm
        subject.checkPermission(Permission.INVOICE_CAN_DELETE_CBA.toString());
        subject.checkPermission("invoice:write_off");
        subject.checkPermission("acme:kb_dev");
        // Shiro Realm
        subject.checkPermission("invoice:credit");
        subject.checkPermission("customx:customy");
        try {
            subject.checkPermission("acme:kb_deployer");
            Assert.fail("Subject should not have rights to deploy Kill Bill");
        } catch (final AuthorizationException e) {
        }
        final Set<String> permissions = securityApi.getCurrentUserPermissions(callContext);
        final Set<String> expectedPermissions = new HashSet<String>(rolePermissions);
        expectedPermissions.add("invoice:credit");
        expectedPermissions.add("customx:customy");
        Assert.assertEquals(permissions, expectedPermissions);
    } finally {
        ThreadContext.unbindSubject();
        subject.logout();
    }
}
Also used : AuthenticationToken(org.apache.shiro.authc.AuthenticationToken) AuthorizationException(org.apache.shiro.authz.AuthorizationException) DelegatingSubject(org.apache.shiro.subject.support.DelegatingSubject) Subject(org.apache.shiro.subject.Subject) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) HashSet(java.util.HashSet) Test(org.testng.annotations.Test)

Example 32 with AuthorizationException

use of org.apache.shiro.authz.AuthorizationException in project shiro by apache.

the class TextConfigurationRealmTest method testCheckPermission.

/*
     * Tests that a principal's permissions can't be checked while the realm is being loaded. 
     */
@Test
public void testCheckPermission() throws InterruptedException {
    setUpForReadConfigurationTest();
    executeTest(new Runnable() {

        public void run() {
            PrincipalCollection principalCollection = new SimplePrincipalCollection("user1", "realm1");
            try {
                realm.checkPermission(principalCollection, "role1_permission1");
                realm.checkPermissions(principalCollection, new String[] { "role1_permission1", "role2_permission2" });
            } catch (AuthorizationException ae) {
                fail("principal doesn't have permission when it should");
            }
        }
    });
}
Also used : AuthorizationException(org.apache.shiro.authz.AuthorizationException) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) Test(org.junit.Test)

Example 33 with AuthorizationException

use of org.apache.shiro.authz.AuthorizationException in project killbill by killbill.

the class KillBillAuth0Realm method findAuth0UserPermissions.

private Set<String> findAuth0UserPermissions(final String userId, final String token) {
    final String path;
    try {
        path = "/api/v2/users/" + URLEncoder.encode(userId, "UTF-8") + "/permissions";
    } catch (final UnsupportedEncodingException e) {
        // Should never happen
        throw new IllegalStateException(e);
    }
    final Response auth0RawResponse = doGetRequest(path, token);
    try {
        final List<Map<String, Object>> auth0Response = mapper.readValue(auth0RawResponse.getResponseBodyAsStream(), new TypeReference<List<Map<String, Object>>>() {
        });
        final Set<String> permissions = new HashSet<String>();
        for (final Map<String, Object> group : auth0Response) {
            final Object permission = group.get("permission_name");
            if (permission != null) {
                permissions.add((String) permission);
            }
        }
        return permissions;
    } catch (final IOException e) {
        log.warn("Unable to read response from Auth0", e);
        throw new AuthorizationException(e);
    }
}
Also used : AuthorizationException(org.apache.shiro.authz.AuthorizationException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) IOException(java.io.IOException) Response(org.asynchttpclient.Response) List(java.util.List) Map(java.util.Map) HashSet(java.util.HashSet)

Example 34 with AuthorizationException

use of org.apache.shiro.authz.AuthorizationException in project killbill by killbill.

the class KillBillOktaRealm method findOktaUserId.

private String findOktaUserId(final String login) {
    final String path;
    try {
        path = "/api/v1/users/" + URLEncoder.encode(login, "UTF-8");
    } catch (final UnsupportedEncodingException e) {
        // Should never happen
        throw new IllegalStateException(e);
    }
    final Response oktaRawResponse = doGetRequest(path);
    try {
        final Map oktaResponse = mapper.readValue(oktaRawResponse.getResponseBodyAsStream(), Map.class);
        return (String) oktaResponse.get("id");
    } catch (final IOException e) {
        log.warn("Unable to read response from Okta");
        throw new AuthorizationException(e);
    }
}
Also used : Response(org.asynchttpclient.Response) AuthorizationException(org.apache.shiro.authz.AuthorizationException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) IOException(java.io.IOException) Map(java.util.Map) ImmutableMap(com.google.common.collect.ImmutableMap)

Example 35 with AuthorizationException

use of org.apache.shiro.authz.AuthorizationException in project killbill by killbill.

the class KillBillOktaRealm method getGroups.

private Set<String> getGroups(final Response oktaRawResponse) {
    try {
        final List<Map> oktaResponse = mapper.readValue(oktaRawResponse.getResponseBodyAsStream(), new TypeReference<List<Map>>() {
        });
        final Set<String> groups = new HashSet<String>();
        for (final Map group : oktaResponse) {
            final Object groupProfile = group.get("profile");
            if (groupProfile != null && groupProfile instanceof Map) {
                groups.add((String) ((Map) groupProfile).get("name"));
            }
        }
        return groups;
    } catch (final IOException e) {
        log.warn("Unable to read response from Okta");
        throw new AuthorizationException(e);
    }
}
Also used : AuthorizationException(org.apache.shiro.authz.AuthorizationException) ImmutableList(com.google.common.collect.ImmutableList) List(java.util.List) IOException(java.io.IOException) Map(java.util.Map) ImmutableMap(com.google.common.collect.ImmutableMap) HashSet(java.util.HashSet)

Aggregations

AuthorizationException (org.apache.shiro.authz.AuthorizationException)35 IOException (java.io.IOException)10 Map (java.util.Map)7 SimpleAuthorizationInfo (org.apache.shiro.authz.SimpleAuthorizationInfo)7 UnsupportedEncodingException (java.io.UnsupportedEncodingException)6 Response (org.asynchttpclient.Response)6 DataAccessRequest (org.obiba.mica.access.domain.DataAccessRequest)6 List (java.util.List)4 AuthenticationException (org.apache.shiro.authc.AuthenticationException)4 UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)4 Permission (org.apache.shiro.authz.Permission)4 Subject (org.apache.shiro.subject.Subject)4 Timed (com.codahale.metrics.annotation.Timed)3 ParseException (java.text.ParseException)3 HashSet (java.util.HashSet)3 TimeoutException (java.util.concurrent.TimeoutException)3 AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)3 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)3 BoundRequestBuilder (org.asynchttpclient.BoundRequestBuilder)3 Test (org.junit.Test)3