use of org.apache.shiro.authz.AuthorizationInfo in project neo4j by neo4j.
the class LdapRealm method cacheAuthorizationInfo.
private void cacheAuthorizationInfo(String username, Set<String> roleNames) {
// Use the existing authorizationCache in our base class
Cache<Object, AuthorizationInfo> authorizationCache = getAuthorizationCache();
authorizationCache.put(username, new SimpleAuthorizationInfo(roleNames));
}
use of org.apache.shiro.authz.AuthorizationInfo in project neo4j by neo4j.
the class LdapRealm method queryForAuthorizationInfo.
@Override
protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals, LdapContextFactory ldapContextFactory) throws NamingException {
if (authorizationEnabled) {
String username = getUsername(principals);
if (username == null) {
return null;
}
if (useSystemAccountForAuthorization) {
// Perform context search using the system context
LdapContext ldapContext = useStartTls ? getSystemLdapContextUsingStartTls(ldapContextFactory) : ldapContextFactory.getSystemLdapContext();
Set<String> roleNames;
try {
roleNames = findRoleNamesForUser(username, ldapContext);
} finally {
LdapUtils.closeContext(ldapContext);
}
return new SimpleAuthorizationInfo(roleNames);
} else {
// Authorization info is cached during authentication
Cache<Object, AuthorizationInfo> authorizationCache = getAuthorizationCache();
AuthorizationInfo authorizationInfo = authorizationCache.get(username);
if (authorizationInfo == null) {
// so that the client can react by re-authenticating.
throw new AuthorizationExpiredException("LDAP authorization info expired.");
}
return authorizationInfo;
}
}
return null;
}
use of org.apache.shiro.authz.AuthorizationInfo in project neo4j by neo4j.
the class LdapRealm method doGetAuthorizationInfo.
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
try {
AuthorizationInfo info = super.doGetAuthorizationInfo(principals);
securityLog.debug(withRealm("Queried for authorization info for user '%s'", principals.getPrimaryPrincipal()));
return info;
} catch (AuthorizationException e) {
securityLog.error(withRealm("Failed to get authorization info: '%s' caused by '%s'", e.getMessage(), e.getCause().getMessage()));
if (isAuthorizationExceptionAnLdapReadTimeout(e)) {
throw new AuthProviderTimeoutException(LDAP_READ_TIMEOUT_CLIENT_MESSAGE, e);
}
throw new AuthProviderFailedException(LDAP_AUTHORIZATION_FAILURE_CLIENT_MESSAGE, e);
}
}
use of org.apache.shiro.authz.AuthorizationInfo in project killbill by killbill.
the class TestKillBillJndiLdapRealm method testCheckLDAPConnection.
@Test(groups = "external", enabled = false)
public void testCheckLDAPConnection() throws Exception {
// Convenience method to verify your LDAP connectivity
final Properties props = new Properties();
props.setProperty("org.killbill.security.ldap.userDnTemplate", "uid={0},ou=users,dc=mycompany,dc=com");
props.setProperty("org.killbill.security.ldap.searchBase", "ou=groups,dc=mycompany,dc=com");
props.setProperty("org.killbill.security.ldap.groupSearchFilter", "memberOf=uid={0},ou=users,dc=mycompany,dc=com");
props.setProperty("org.killbill.security.ldap.groupNameId", "cn");
props.setProperty("org.killbill.security.ldap.url", "ldap://ldap:389");
props.setProperty("org.killbill.security.ldap.disableSSLCheck", "true");
props.setProperty("org.killbill.security.ldap.systemUsername", "cn=root");
props.setProperty("org.killbill.security.ldap.systemPassword", "password");
props.setProperty("org.killbill.security.ldap.authenticationMechanism", "simple");
props.setProperty("org.killbill.security.ldap.permissionsByGroup", "support-group: entitlement:*\n" + "finance-group: invoice:*, payment:*\n" + "ops-group: *:*");
final ConfigSource customConfigSource = new SimplePropertyConfigSource(props);
final SecurityConfig securityConfig = new ConfigurationObjectFactory(customConfigSource).build(SecurityConfig.class);
final KillBillJndiLdapRealm ldapRealm = new KillBillJndiLdapRealm(securityConfig);
final String username = "pierre";
final String password = "password";
// Check authentication
final UsernamePasswordToken token = new UsernamePasswordToken(username, password);
final AuthenticationInfo authenticationInfo = ldapRealm.getAuthenticationInfo(token);
System.out.println(authenticationInfo);
// Check permissions
final SimplePrincipalCollection principals = new SimplePrincipalCollection(username, username);
final AuthorizationInfo authorizationInfo = ldapRealm.queryForAuthorizationInfo(principals, ldapRealm.getContextFactory());
System.out.println("Roles: " + authorizationInfo.getRoles());
System.out.println("Permissions: " + authorizationInfo.getStringPermissions());
}
use of org.apache.shiro.authz.AuthorizationInfo in project ddf by codice.
the class AuthzRealmTest method setup.
@Before
public void setup() throws PdpException {
String ruleClaim = "FineAccessControls";
String countryClaim = "CountryOfAffiliation";
// setup the subject permissions
List<Permission> permissions = new ArrayList<>();
KeyValuePermission rulePermission = new KeyValuePermission(ruleClaim);
rulePermission.addValue("A");
rulePermission.addValue("B");
permissions.add(rulePermission);
KeyValuePermission countryPermission = new KeyValuePermission(countryClaim);
countryPermission.addValue("AUS");
permissions.add(countryPermission);
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.addObjectPermission(rulePermission);
authorizationInfo.addObjectPermission(countryPermission);
authorizationInfo.addObjectPermission(new KeyValuePermission("role", Arrays.asList("admin")));
authorizationInfo.addRole("admin");
authorizationInfo.addStringPermission("wild");
testRealm = new AuthzRealm("src/test/resources/policies", new XmlParser()) {
@Override
public AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals) {
return authorizationInfo;
}
};
mockSubjectPrincipal = Mockito.mock(PrincipalCollection.class);
when(mockSubjectPrincipal.getPrimaryPrincipal()).thenReturn("user");
// setup the resource permissions
permissionList = new ArrayList<>();
security = new HashMap<>();
security.put("country", Arrays.asList("AUS", "CAN", "GBR"));
security.put("rule", Arrays.asList("A", "B"));
testRealm.setMatchOneMappings(Arrays.asList("CountryOfAffiliation=country"));
testRealm.setMatchAllMappings(Arrays.asList("FineAccessControls=rule"));
testRealm.setRolePermissionResolver(roleString -> Arrays.asList(new KeyValuePermission("role", Arrays.asList(roleString))));
}
Aggregations