Example 16 with Permission
use of org.apache.shiro.authz.Permission in project ddf by codice.
the class AbstractAuthorizingRealm method doGetAuthorizationInfo.
/**
* Takes the security attributes about the subject of the incoming security token and builds
* sets of permissions and roles for use in further checking.
*
* @param principalCollection holds the security assertions for the primary principal of this request
* @return a new collection of permissions and roles corresponding to the security assertions
* @throws AuthorizationException if there are no security assertions associated with this principal collection or
* if the token cannot be processed successfully.
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
LOGGER.debug("Retrieving authorization info for {}", principalCollection.getPrimaryPrincipal());
SecurityAssertion assertion = principalCollection.oneByType(SecurityAssertion.class);
if (assertion == null) {
String msg = "No assertion found, cannot retrieve authorization info.";
throw new AuthorizationException(msg);
}
List<AttributeStatement> attributeStatements = assertion.getAttributeStatements();
Set<Permission> permissions = new HashSet<>();
Set<String> roles = new HashSet<>();
Map<String, Set<String>> permissionsMap = new HashMap<>();
Collection<Expansion> expansionServices = getUserExpansionServices();
for (AttributeStatement curStatement : attributeStatements) {
addAttributesToMap(curStatement.getAttributes(), permissionsMap, expansionServices);
}
for (Map.Entry<String, Set<String>> entry : permissionsMap.entrySet()) {
permissions.add(new KeyValuePermission(entry.getKey(), entry.getValue()));
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Adding permission: {} : {}", entry.getKey(), StringUtils.join(entry.getValue(), ","));
}
}
if (permissionsMap.containsKey(SAML_ROLE)) {
roles.addAll(permissionsMap.get(SAML_ROLE));
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Adding roles to authorization info: {}", StringUtils.join(roles, ","));
}
}
info.setObjectPermissions(permissions);
info.setRoles(roles);
return info;
}
Also used :
SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo)
HashSet(java.util.HashSet)
Set(java.util.Set)
AuthorizationException(org.apache.shiro.authz.AuthorizationException)
HashMap(java.util.HashMap)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
XSString(org.opensaml.core.xml.schema.XSString)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
KeyValuePermission(ddf.security.permission.KeyValuePermission)
Permission(org.apache.shiro.authz.Permission)
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
Expansion(ddf.security.expansion.Expansion)
HashMap(java.util.HashMap)
Map(java.util.Map)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
KeyValuePermission(ddf.security.permission.KeyValuePermission)
HashSet(java.util.HashSet)
Example 17 with Permission
use of org.apache.shiro.authz.Permission in project ddf by codice.
the class AbstractAuthorizingRealm method expandPermissions.
protected List<Permission> expandPermissions(List<Permission> permissions) {
Collection<Expansion> expansionServices = getMetacardExpansionServices();
if (CollectionUtils.isEmpty(expansionServices)) {
return permissions;
}
List<Permission> expandedPermissions = new ArrayList<>(permissions.size());
for (Permission permission : permissions) {
if (permission instanceof KeyValuePermission) {
for (Expansion expansionService : expansionServices) {
Set<String> expandedSet = expansionService.expand(((KeyValuePermission) permission).getKey(), new HashSet<>(((KeyValuePermission) permission).getValues()));
expandedPermissions.add(new KeyValuePermission(((KeyValuePermission) permission).getKey(), expandedSet));
}
} else if (permission instanceof KeyValueCollectionPermission) {
List<Permission> keyValuePermissionList = ((KeyValueCollectionPermission) permission).getKeyValuePermissionList();
List<Permission> expandedCollection = expandPermissions(keyValuePermissionList);
//we know that everything in a key value collection is a key value permission so just do the unchecked cast
List<KeyValuePermission> castedList = castToKeyValueList(expandedCollection);
expandedPermissions.add(new KeyValueCollectionPermission(((KeyValueCollectionPermission) permission).getAction(), castedList));
} else {
expandedPermissions.add(permission);
}
}
return expandedPermissions;
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
ArrayList(java.util.ArrayList)
KeyValuePermission(ddf.security.permission.KeyValuePermission)
Permission(org.apache.shiro.authz.Permission)
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
ArrayList(java.util.ArrayList)
List(java.util.List)
XSString(org.opensaml.core.xml.schema.XSString)
Expansion(ddf.security.expansion.Expansion)
KeyValuePermission(ddf.security.permission.KeyValuePermission)
Example 18 with Permission
use of org.apache.shiro.authz.Permission in project airpal by airbnb.
the class ExampleLDAPRealm method doGetAuthorizationInfo.
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
Set<String> roles = Sets.newHashSet("user");
Set<Permission> permissions = Sets.newHashSet();
Collection<AllowAllUser> principalsCollection = principals.byType(AllowAllUser.class);
if (principalsCollection.isEmpty()) {
throw new AuthorizationException("No principals!");
}
for (AllowAllUser user : principalsCollection) {
for (UserGroup userGroup : groups) {
if (userGroup.representedByGroupStrings(user.getGroups())) {
permissions.addAll(userGroup.getPermissions());
break;
}
}
}
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(roles);
authorizationInfo.setObjectPermissions(permissions);
return authorizationInfo;
}
Also used :
SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo)
AuthorizationException(org.apache.shiro.authz.AuthorizationException)
Permission(org.apache.shiro.authz.Permission)
Example 19 with Permission
use of org.apache.shiro.authz.Permission in project graylog2-server by Graylog2.
the class RootAccountRealm method addRootAccount.
private void addRootAccount(String username, String password) {
LOG.debug("Adding root account named {}, having all permissions", username);
add(new SimpleAccount(username, password, getName(), CollectionUtils.asSet("root"), CollectionUtils.<Permission>asSet(new AllPermission())));
}
Also used :
SimpleAccount(org.apache.shiro.authc.SimpleAccount)
AllPermission(org.apache.shiro.authz.permission.AllPermission)
Permission(org.apache.shiro.authz.Permission)
AllPermission(org.apache.shiro.authz.permission.AllPermission)
Example 20 with Permission
use of org.apache.shiro.authz.Permission in project ddf by codice.
the class OperationPluginTest method makeDecision.
private Answer<Boolean> makeDecision() {
Map<String, List<String>> testRoleMap = new HashMap<String, List<String>>();
List<String> testRoles = new ArrayList<String>();
testRoles.add("A");
testRoles.add("B");
testRoleMap.put("Roles", testRoles);
final KeyValueCollectionPermission testUserPermission = new KeyValueCollectionPermission(CollectionPermission.READ_ACTION, testRoleMap);
return new Answer<Boolean>() {
@Override
public Boolean answer(InvocationOnMock invocation) {
Object[] args = invocation.getArguments();
Permission incomingPermission = (Permission) args[1];
return testUserPermission.implies(incomingPermission);
}
};
}
Also used :
Answer(org.mockito.stubbing.Answer)
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
HashMap(java.util.HashMap)
InvocationOnMock(org.mockito.invocation.InvocationOnMock)
ArrayList(java.util.ArrayList)
CollectionPermission(ddf.security.permission.CollectionPermission)
Permission(org.apache.shiro.authz.Permission)
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
ArrayList(java.util.ArrayList)
List(java.util.List)
Aggregations
Permission (org.apache.shiro.authz.Permission)32
KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)22
CollectionPermission (ddf.security.permission.CollectionPermission)21
KeyValuePermission (ddf.security.permission.KeyValuePermission)20
Test (org.junit.Test)11
ArrayList (java.util.ArrayList)8
SimpleAuthorizationInfo (org.apache.shiro.authz.SimpleAuthorizationInfo)7
MatchOneCollectionPermission (ddf.security.permission.MatchOneCollectionPermission)4
List (java.util.List)4
AuthorizationException (org.apache.shiro.authz.AuthorizationException)4
WildcardPermission (org.apache.shiro.authz.permission.WildcardPermission)4
HashMap (java.util.HashMap)3
HashSet (java.util.HashSet)3
PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)3
Expansion (ddf.security.expansion.Expansion)2
AuthzRealm (ddf.security.pdp.realm.AuthzRealm)2
Map (java.util.Map)2
CamelAuthorizationException (org.apache.camel.CamelAuthorizationException)2
RolePermissionResolver (org.apache.shiro.authz.permission.RolePermissionResolver)2
XSString (org.opensaml.core.xml.schema.XSString)2
