Examples with Permission org.apache.shiro.authz.Permission used on opensource projects

Search in sources :

Example 21 with Permission

use of org.apache.shiro.authz.Permission in project ddf by codice.

the class XacmlPdpTest method generateSubjectInfo.

private AuthorizationInfo generateSubjectInfo(String country) {
    SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
    Set<Permission> permissions = new HashSet<Permission>();
    Set<String> roles = new HashSet<String>();
    // add roles
    roles.add("users");
    roles.add("admin");
    // add permissions
    KeyValuePermission citizenshipPermission = new KeyValuePermission(COUNTRY);
    citizenshipPermission.addValue(country);
    permissions.add(citizenshipPermission);
    KeyValuePermission typePermission = new KeyValuePermission(SUBJECT_ACCESS);
    typePermission.addValue(ACCESS_TYPE_A);
    typePermission.addValue(ACCESS_TYPE_B);
    KeyValuePermission nameIdentPermission = new KeyValuePermission(NAME_IDENTIFIER);
    nameIdentPermission.addValue("testuser1");
    KeyValuePermission givenNamePermission = new KeyValuePermission(GIVEN_NAME);
    givenNamePermission.addValue("Test User");
    permissions.add(typePermission);
    permissions.add(nameIdentPermission);
    permissions.add(givenNamePermission);
    info.setRoles(roles);
    info.setObjectPermissions(permissions);
    return info;
}
Also used : SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo) CollectionPermission(ddf.security.permission.CollectionPermission) KeyValuePermission(ddf.security.permission.KeyValuePermission) Permission(org.apache.shiro.authz.Permission) KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) KeyValuePermission(ddf.security.permission.KeyValuePermission) HashSet(java.util.HashSet)

Example 22 with Permission

use of org.apache.shiro.authz.Permission in project ddf by codice.

the class XacmlPdpTest method testActionGoodSiteName.

@Test
public void testActionGoodSiteName() {
    SimpleAuthorizationInfo blankUserInfo = new SimpleAuthorizationInfo(new HashSet<String>());
    blankUserInfo.setObjectPermissions(new HashSet<Permission>());
    RequestType request = testRealm.createXACMLRequest(USER_NAME, blankUserInfo, new KeyValueCollectionPermission(SITE_NAME_ACTION));
    assertTrue(testRealm.isPermitted(request));
}
Also used : KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo) CollectionPermission(ddf.security.permission.CollectionPermission) KeyValuePermission(ddf.security.permission.KeyValuePermission) Permission(org.apache.shiro.authz.Permission) KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) RequestType(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType) Test(org.junit.Test)

Example 23 with Permission

use of org.apache.shiro.authz.Permission in project ddf by codice.

the class CollectionPermission method toString.

/**
     * String representation of this collection of permissions. Depends on the toString method of
     * each permission.
     *
     * @return String representation of this collection of permissions
     */
public String toString() {
    StringBuilder sb = new StringBuilder();
    for (Permission perm : permissionList) {
        sb.append('[');
        sb.append(perm.toString());
        sb.append("] ");
    }
    return sb.toString();
}
Also used : Permission(org.apache.shiro.authz.Permission)

Example 24 with Permission

use of org.apache.shiro.authz.Permission in project ddf by codice.

the class AuthzRealmTest method testIsPermittedOneMultiple.

@Test
public void testIsPermittedOneMultiple() throws PdpException {
    permissionList.clear();
    KeyValuePermission kvp = new KeyValuePermission("country", Arrays.asList("AUS", "CAN", "GBR"));
    permissionList.add(kvp);
    String ruleClaim = "FineAccessControls";
    String countryClaim = "CountryOfAffiliation";
    // create a new user here with multiple country permissions to test
    List<Permission> permissions = new ArrayList<Permission>();
    KeyValuePermission rulePermission = new KeyValuePermission(ruleClaim);
    rulePermission.addValue("A");
    rulePermission.addValue("B");
    permissions.add(rulePermission);
    KeyValuePermission countryPermission = new KeyValuePermission(countryClaim);
    countryPermission.addValue("USA");
    countryPermission.addValue("AUS");
    permissions.add(countryPermission);
    SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
    authorizationInfo.addObjectPermission(rulePermission);
    authorizationInfo.addObjectPermission(countryPermission);
    authorizationInfo.addRole("admin");
    AuthzRealm testRealm = new AuthzRealm("src/test/resources/policies", new XmlParser()) {

        @Override
        public AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals) {
            return authorizationInfo;
        }
    };
    testRealm.setMatchOneMappings(Arrays.asList("CountryOfAffiliation=country"));
    testRealm.setMatchAllMappings(Arrays.asList("FineAccessControls=rule"));
    testRealm.setRolePermissionResolver(roleString -> Arrays.asList(new KeyValuePermission("role", Arrays.asList(roleString))));
    boolean[] permittedArray = testRealm.isPermitted(mockSubjectPrincipal, permissionList);
    for (boolean permitted : permittedArray) {
        Assert.assertEquals(true, permitted);
    }
}
Also used : XmlParser(org.codice.ddf.parser.xml.XmlParser) AuthzRealm(ddf.security.pdp.realm.AuthzRealm) SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo) ArrayList(java.util.ArrayList) CollectionPermission(ddf.security.permission.CollectionPermission) KeyValuePermission(ddf.security.permission.KeyValuePermission) Permission(org.apache.shiro.authz.Permission) WildcardPermission(org.apache.shiro.authz.permission.WildcardPermission) KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) KeyValuePermission(ddf.security.permission.KeyValuePermission) Test(org.junit.Test)

Example 25 with Permission

use of org.apache.shiro.authz.Permission in project ddf by codice.

the class AdminConfigPolicy method isPermittedMatchOne.

@Override
public KeyValueCollectionPermission isPermittedMatchOne(CollectionPermission subjectAllCollection, KeyValueCollectionPermission matchOneCollection) {
    if (matchOneCollection.getAction() == null || (!matchOneCollection.getAction().equals(VIEW_FEATURE_ACTION) && !matchOneCollection.getAction().equals(VIEW_SERVICE_ACTION))) {
        return matchOneCollection;
    }
    List<Permission> newMatchOneCollectionPermissions = new ArrayList<>(matchOneCollection.getPermissionList());
    for (Permission permission : matchOneCollection.getPermissionList()) {
        if (!(permission instanceof KeyValuePermission)) {
            continue;
        }
        String matchPermissionName = ((KeyValuePermission) permission).getKey();
        Map<String, List<KeyValueCollectionPermission>> policyPermissions;
        if (matchPermissionName.equals(FEATURE_NAME)) {
            policyPermissions = featurePolicyPermissions;
        } else if (matchPermissionName.equals(SERVICE_PID)) {
            policyPermissions = servicePolicyPermissions;
        } else {
            continue;
        }
        Set<String> valuesToMatch = new HashSet<>();
        valuesToMatch.addAll(((KeyValuePermission) permission).getValues());
        //If there are multiple features in the permission and one is not authorized, the user is not authorized to see any of the features in the group
        for (String matchPermissionValue : ((KeyValuePermission) permission).getValues()) {
            List<KeyValueCollectionPermission> matchOneAttributes = policyPermissions.get(matchPermissionValue);
            //If null, there is no configuration with this attribute in the policy, the feature or service is white listed
            if (matchOneAttributes == null) {
                valuesToMatch.remove(matchPermissionValue);
            } else {
                for (KeyValueCollectionPermission attributePermissions : matchOneAttributes) {
                    if (subjectAllCollection.implies(attributePermissions)) {
                        valuesToMatch.remove(matchPermissionValue);
                        break;
                    }
                }
            }
        }
        if (valuesToMatch.isEmpty()) {
            newMatchOneCollectionPermissions.remove(permission);
        }
    }
    return new KeyValueCollectionPermission(matchOneCollection.getAction(), newMatchOneCollectionPermissions.stream().toArray(KeyValuePermission[]::new));
}
Also used : KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) ArrayList(java.util.ArrayList) CollectionPermission(ddf.security.permission.CollectionPermission) KeyValuePermission(ddf.security.permission.KeyValuePermission) Permission(org.apache.shiro.authz.Permission) KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) ArrayList(java.util.ArrayList) List(java.util.List) KeyValuePermission(ddf.security.permission.KeyValuePermission) HashSet(java.util.HashSet)

Aggregations

Permission (org.apache.shiro.authz.Permission)32 KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)22 CollectionPermission (ddf.security.permission.CollectionPermission)21 KeyValuePermission (ddf.security.permission.KeyValuePermission)20 Test (org.junit.Test)11 ArrayList (java.util.ArrayList)8 SimpleAuthorizationInfo (org.apache.shiro.authz.SimpleAuthorizationInfo)7 MatchOneCollectionPermission (ddf.security.permission.MatchOneCollectionPermission)4 List (java.util.List)4 AuthorizationException (org.apache.shiro.authz.AuthorizationException)4 WildcardPermission (org.apache.shiro.authz.permission.WildcardPermission)4 HashMap (java.util.HashMap)3 HashSet (java.util.HashSet)3 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)3 Expansion (ddf.security.expansion.Expansion)2 AuthzRealm (ddf.security.pdp.realm.AuthzRealm)2 Map (java.util.Map)2 CamelAuthorizationException (org.apache.camel.CamelAuthorizationException)2 RolePermissionResolver (org.apache.shiro.authz.permission.RolePermissionResolver)2 XSString (org.opensaml.core.xml.schema.XSString)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial