Example 6 with WildcardPermission
use of org.apache.shiro.authz.permission.WildcardPermission in project ddf by codice.
the class AuthzRealmTest method testIsWildcardNotPermitted.
@Test
public void testIsWildcardNotPermitted() {
permissionList.clear();
WildcardPermission kvp = new WildcardPermission("role:secretary");
permissionList.add(kvp);
boolean[] permittedArray = testRealm.isPermitted(mockSubjectPrincipal, permissionList);
for (boolean permitted : permittedArray) {
Assert.assertEquals(false, permitted);
}
}
Also used :
WildcardPermission(org.apache.shiro.authz.permission.WildcardPermission)
Test(org.junit.Test)
Example 7 with WildcardPermission
use of org.apache.shiro.authz.permission.WildcardPermission in project geode by apache.
the class GfshCommandsSecurityTest method runCommandsWithAndWithout.
private void runCommandsWithAndWithout(String permission) throws Exception {
List<TestCommand> allPermitted = TestCommand.getPermittedCommands(new WildcardPermission(permission, true));
for (TestCommand permitted : allPermitted) {
System.out.println("Processing authorized command: " + permitted.getCommand());
CommandResult result = gfshConnection.executeCommand(permitted.getCommand());
assertNotNull(result);
if (result.getResultData() instanceof ErrorResultData) {
assertNotEquals(ResultBuilder.ERRORCODE_UNAUTHORIZED, ((ErrorResultData) result.getResultData()).getErrorCode());
} else {
assertEquals(Result.Status.OK, result.getStatus());
}
}
List<TestCommand> others = TestCommand.getCommands();
others.removeAll(allPermitted);
for (TestCommand other : others) {
// skip no permission commands
if (other.getPermission() == null)
continue;
System.out.println("Processing unauthorized command: " + other.getCommand());
CommandResult result = (CommandResult) gfshConnection.executeCommand(other.getCommand());
int errorCode = ((ErrorResultData) result.getResultData()).getErrorCode();
// those commands
if (errorCode == ResultBuilder.ERRORCODE_USER_ERROR) {
LogService.getLogger().info("Skip user error: " + result.getContent());
continue;
}
assertEquals(ResultBuilder.ERRORCODE_UNAUTHORIZED, ((ErrorResultData) result.getResultData()).getErrorCode());
String resultMessage = result.getContent().toString();
String permString = other.getPermission().toString();
assertTrue(resultMessage + " does not contain " + permString, resultMessage.contains(permString));
}
}
Also used :
WildcardPermission(org.apache.shiro.authz.permission.WildcardPermission)
ErrorResultData(org.apache.geode.management.internal.cli.result.ErrorResultData)
CommandResult(org.apache.geode.management.internal.cli.result.CommandResult)
Example 8 with WildcardPermission
use of org.apache.shiro.authz.permission.WildcardPermission in project ddf by codice.
the class KeyValuePermission method implies.
/**
* Returns {@code true} if this current instance <em>implies</em> all the functionality and/or
* resource access described by the specified {@code Permission} argurment, {@code false}
* otherwise.
* <p>
* That is, this current instance must be exactly equal to or a <em>superset</em> of the
* functionality and/or resource access described by the given {@code Permission} argument. Yet
* another way of saying this would be:
* <p>
* If "permission1 implies permission2", i.e.
* <code>permission1.implies(permission2)</code> , then any Subject granted {@code permission1}
* would have ability greater than or equal to that defined by {@code permission2}.
* <p>
* For KeyValuePermission objects this is determined as follows:
* <p>
* If the keys of each permission are equal and if the values from this object implies the
* values from the passed in permission, then this permission will imply the passed in
* permission.
*
* @param p permission to checked to see if this permission implies p
* @return {@code true} if this current instance <em>implies</em> all the functionality and/or
* resource access described by the specified {@code Permission} argument, {@code false}
* otherwise.
*/
@Override
public boolean implies(Permission p) {
if (p instanceof KeyValuePermission) {
if (getKey().equals(((KeyValuePermission) p).getKey())) {
WildcardPermission thisWildCard = buildWildcardFromKeyValue(this);
WildcardPermission implied = buildWildcardFromKeyValue((KeyValuePermission) p);
return thisWildCard.implies(implied);
}
} else if (p instanceof KeyValueCollectionPermission) {
WildcardPermission thisWildCard = buildWildcardFromKeyValue(this);
List<KeyValuePermission> permissionList = ((KeyValueCollectionPermission) p).getKeyValuePermissionList();
for (KeyValuePermission keyValuePermission : permissionList) {
if (getKey().equals(keyValuePermission.getKey())) {
WildcardPermission implied = buildWildcardFromKeyValue(keyValuePermission);
return thisWildCard.implies(implied);
}
}
} else if (p instanceof MatchOneCollectionPermission) {
MatchOneCollectionPermission matchOneCollectionPermission = (MatchOneCollectionPermission) p;
return matchOneCollectionPermission.implies(this);
} else if (p instanceof WildcardPermission) {
WildcardPermission thisWildCard = buildWildcardFromKeyValue(this);
return thisWildCard.implies(p);
}
return false;
}
Also used :
List(java.util.List)
WildcardPermission(org.apache.shiro.authz.permission.WildcardPermission)
Aggregations
WildcardPermission (org.apache.shiro.authz.permission.WildcardPermission)8
Test (org.junit.Test)4
ResourcePermission (org.apache.geode.security.ResourcePermission)2
SecurityTest (org.apache.geode.test.junit.categories.SecurityTest)2
UnitTest (org.apache.geode.test.junit.categories.UnitTest)2
Permission (org.apache.shiro.authz.Permission)2
ImmutableSet (com.google.common.collect.ImmutableSet)1
ArrayList (java.util.ArrayList)1
List (java.util.List)1
CamelAuthorizationException (org.apache.camel.CamelAuthorizationException)1
RouteBuilder (org.apache.camel.builder.RouteBuilder)1
CommandResult (org.apache.geode.management.internal.cli.result.CommandResult)1
ErrorResultData (org.apache.geode.management.internal.cli.result.ErrorResultData)1
