Search in sources :

Example 6 with WildcardPermission

use of org.apache.shiro.authz.permission.WildcardPermission in project ddf by codice.

the class AuthzRealmTest method testIsWildcardNotPermitted.

@Test
public void testIsWildcardNotPermitted() {
    permissionList.clear();
    WildcardPermission kvp = new WildcardPermission("role:secretary");
    permissionList.add(kvp);
    boolean[] permittedArray = testRealm.isPermitted(mockSubjectPrincipal, permissionList);
    for (boolean permitted : permittedArray) {
        Assert.assertEquals(false, permitted);
    }
}
Also used : WildcardPermission(org.apache.shiro.authz.permission.WildcardPermission) Test(org.junit.Test)

Example 7 with WildcardPermission

use of org.apache.shiro.authz.permission.WildcardPermission in project geode by apache.

the class GfshCommandsSecurityTest method runCommandsWithAndWithout.

private void runCommandsWithAndWithout(String permission) throws Exception {
    List<TestCommand> allPermitted = TestCommand.getPermittedCommands(new WildcardPermission(permission, true));
    for (TestCommand permitted : allPermitted) {
        System.out.println("Processing authorized command: " + permitted.getCommand());
        CommandResult result = gfshConnection.executeCommand(permitted.getCommand());
        assertNotNull(result);
        if (result.getResultData() instanceof ErrorResultData) {
            assertNotEquals(ResultBuilder.ERRORCODE_UNAUTHORIZED, ((ErrorResultData) result.getResultData()).getErrorCode());
        } else {
            assertEquals(Result.Status.OK, result.getStatus());
        }
    }
    List<TestCommand> others = TestCommand.getCommands();
    others.removeAll(allPermitted);
    for (TestCommand other : others) {
        // skip no permission commands
        if (other.getPermission() == null)
            continue;
        System.out.println("Processing unauthorized command: " + other.getCommand());
        CommandResult result = (CommandResult) gfshConnection.executeCommand(other.getCommand());
        int errorCode = ((ErrorResultData) result.getResultData()).getErrorCode();
        // those commands
        if (errorCode == ResultBuilder.ERRORCODE_USER_ERROR) {
            LogService.getLogger().info("Skip user error: " + result.getContent());
            continue;
        }
        assertEquals(ResultBuilder.ERRORCODE_UNAUTHORIZED, ((ErrorResultData) result.getResultData()).getErrorCode());
        String resultMessage = result.getContent().toString();
        String permString = other.getPermission().toString();
        assertTrue(resultMessage + " does not contain " + permString, resultMessage.contains(permString));
    }
}
Also used : WildcardPermission(org.apache.shiro.authz.permission.WildcardPermission) ErrorResultData(org.apache.geode.management.internal.cli.result.ErrorResultData) CommandResult(org.apache.geode.management.internal.cli.result.CommandResult)

Example 8 with WildcardPermission

use of org.apache.shiro.authz.permission.WildcardPermission in project ddf by codice.

the class KeyValuePermission method implies.

/**
     * Returns {@code true} if this current instance <em>implies</em> all the functionality and/or
     * resource access described by the specified {@code Permission} argurment, {@code false}
     * otherwise.
     * <p>
     * That is, this current instance must be exactly equal to or a <em>superset</em> of the
     * functionality and/or resource access described by the given {@code Permission} argument. Yet
     * another way of saying this would be:
     * <p>
     * If &quot;permission1 implies permission2&quot;, i.e.
     * <code>permission1.implies(permission2)</code> , then any Subject granted {@code permission1}
     * would have ability greater than or equal to that defined by {@code permission2}.
     * <p>
     * For KeyValuePermission objects this is determined as follows:
     * <p>
     * If the keys of each permission are equal and if the values from this object implies the
     * values from the passed in permission, then this permission will imply the passed in
     * permission.
     *
     * @param p permission to checked to see if this permission implies p
     * @return {@code true} if this current instance <em>implies</em> all the functionality and/or
     * resource access described by the specified {@code Permission} argument, {@code false}
     * otherwise.
     */
@Override
public boolean implies(Permission p) {
    if (p instanceof KeyValuePermission) {
        if (getKey().equals(((KeyValuePermission) p).getKey())) {
            WildcardPermission thisWildCard = buildWildcardFromKeyValue(this);
            WildcardPermission implied = buildWildcardFromKeyValue((KeyValuePermission) p);
            return thisWildCard.implies(implied);
        }
    } else if (p instanceof KeyValueCollectionPermission) {
        WildcardPermission thisWildCard = buildWildcardFromKeyValue(this);
        List<KeyValuePermission> permissionList = ((KeyValueCollectionPermission) p).getKeyValuePermissionList();
        for (KeyValuePermission keyValuePermission : permissionList) {
            if (getKey().equals(keyValuePermission.getKey())) {
                WildcardPermission implied = buildWildcardFromKeyValue(keyValuePermission);
                return thisWildCard.implies(implied);
            }
        }
    } else if (p instanceof MatchOneCollectionPermission) {
        MatchOneCollectionPermission matchOneCollectionPermission = (MatchOneCollectionPermission) p;
        return matchOneCollectionPermission.implies(this);
    } else if (p instanceof WildcardPermission) {
        WildcardPermission thisWildCard = buildWildcardFromKeyValue(this);
        return thisWildCard.implies(p);
    }
    return false;
}
Also used : List(java.util.List) WildcardPermission(org.apache.shiro.authz.permission.WildcardPermission)

Aggregations

WildcardPermission (org.apache.shiro.authz.permission.WildcardPermission)8 Test (org.junit.Test)4 ResourcePermission (org.apache.geode.security.ResourcePermission)2 SecurityTest (org.apache.geode.test.junit.categories.SecurityTest)2 UnitTest (org.apache.geode.test.junit.categories.UnitTest)2 Permission (org.apache.shiro.authz.Permission)2 ImmutableSet (com.google.common.collect.ImmutableSet)1 ArrayList (java.util.ArrayList)1 List (java.util.List)1 CamelAuthorizationException (org.apache.camel.CamelAuthorizationException)1 RouteBuilder (org.apache.camel.builder.RouteBuilder)1 CommandResult (org.apache.geode.management.internal.cli.result.CommandResult)1 ErrorResultData (org.apache.geode.management.internal.cli.result.ErrorResultData)1