Example 16 with PrincipalCollection
use of org.apache.shiro.subject.PrincipalCollection in project shiro by apache.
the class AuthorizingRealmTest method testRealmWithRolePermissionResolver.
@Test
public void testRealmWithRolePermissionResolver() {
Principal principal = new UsernamePrincipal("rolePermResolver");
PrincipalCollection pCollection = new SimplePrincipalCollection(principal, "testRealmWithRolePermissionResolver");
AuthorizingRealm realm = new AllowAllRealm();
realm.setRolePermissionResolver(new RolePermissionResolver() {
public Collection<Permission> resolvePermissionsInRole(String roleString) {
Collection<Permission> permissions = new HashSet<Permission>();
if (roleString.equals(ROLE)) {
permissions.add(new WildcardPermission(ROLE + ":perm1"));
permissions.add(new WildcardPermission(ROLE + ":perm2"));
permissions.add(new WildcardPermission("other:*:foo"));
}
return permissions;
}
});
assertTrue(realm.hasRole(pCollection, ROLE));
assertTrue(realm.isPermitted(pCollection, ROLE + ":perm1"));
assertTrue(realm.isPermitted(pCollection, ROLE + ":perm2"));
assertFalse(realm.isPermitted(pCollection, ROLE + ":perm3"));
assertTrue(realm.isPermitted(pCollection, "other:bar:foo"));
}
Also used :
RolePermissionResolver(org.apache.shiro.authz.permission.RolePermissionResolver)
Permission(org.apache.shiro.authz.Permission)
WildcardPermission(org.apache.shiro.authz.permission.WildcardPermission)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
WildcardPermission(org.apache.shiro.authz.permission.WildcardPermission)
Principal(java.security.Principal)
Test(org.junit.Test)
Example 17 with PrincipalCollection
use of org.apache.shiro.subject.PrincipalCollection in project shiro by apache.
the class AuthorizingRealmTest method testNullAuthzInfo.
@Test
public void testNullAuthzInfo() {
AuthorizingRealm realm = new AuthorizingRealm() {
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return null;
}
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
return null;
}
};
Principal principal = new UsernamePrincipal("blah");
PrincipalCollection pCollection = new SimplePrincipalCollection(principal, "nullAuthzRealm");
List<Permission> permList = new ArrayList<Permission>();
permList.add(new WildcardPermission("stringPerm1"));
permList.add(new WildcardPermission("stringPerm2"));
List<String> roleList = new ArrayList<String>();
roleList.add("role1");
roleList.add("role2");
boolean thrown = false;
try {
realm.checkPermission(pCollection, "stringPermission");
} catch (UnauthorizedException e) {
thrown = true;
}
assertTrue(thrown);
thrown = false;
try {
realm.checkPermission(pCollection, new WildcardPermission("stringPermission"));
} catch (UnauthorizedException e) {
thrown = true;
}
assertTrue(thrown);
thrown = false;
try {
realm.checkPermissions(pCollection, "stringPerm1", "stringPerm2");
} catch (UnauthorizedException e) {
thrown = true;
}
assertTrue(thrown);
thrown = false;
try {
realm.checkPermissions(pCollection, permList);
} catch (UnauthorizedException e) {
thrown = true;
}
assertTrue(thrown);
thrown = false;
try {
realm.checkRole(pCollection, "role1");
} catch (UnauthorizedException e) {
thrown = true;
}
assertTrue(thrown);
thrown = false;
try {
realm.checkRoles(pCollection, roleList);
} catch (UnauthorizedException e) {
thrown = true;
}
assertTrue(thrown);
assertFalse(realm.hasAllRoles(pCollection, roleList));
assertFalse(realm.hasRole(pCollection, "role1"));
assertArrayEquals(new boolean[] { false, false }, realm.hasRoles(pCollection, roleList));
assertFalse(realm.isPermitted(pCollection, "perm1"));
assertFalse(realm.isPermitted(pCollection, new WildcardPermission("perm1")));
assertArrayEquals(new boolean[] { false, false }, realm.isPermitted(pCollection, "perm1", "perm2"));
assertArrayEquals(new boolean[] { false, false }, realm.isPermitted(pCollection, permList));
assertFalse(realm.isPermittedAll(pCollection, "perm1", "perm2"));
assertFalse(realm.isPermittedAll(pCollection, permList));
}
Also used :
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
Permission(org.apache.shiro.authz.Permission)
WildcardPermission(org.apache.shiro.authz.permission.WildcardPermission)
UnauthorizedException(org.apache.shiro.authz.UnauthorizedException)
WildcardPermission(org.apache.shiro.authz.permission.WildcardPermission)
Principal(java.security.Principal)
Test(org.junit.Test)
Example 18 with PrincipalCollection
use of org.apache.shiro.subject.PrincipalCollection in project shiro by apache.
the class TextConfigurationRealmTest method testCheckRole.
/*
* Tests that roles can't be checked while the realm is being loaded.
*/
@Test
public void testCheckRole() throws InterruptedException {
setUpForReadConfigurationTest();
executeTest(new Runnable() {
public void run() {
PrincipalCollection principalCollection = new SimplePrincipalCollection("user1", "realm1");
try {
realm.checkRoles(principalCollection, new String[] { "role1", "role2" });
} catch (AuthorizationException ae) {
fail("principal doesn't have all roles when it should");
}
}
});
}
Also used :
AuthorizationException(org.apache.shiro.authz.AuthorizationException)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
Test(org.junit.Test)
Example 19 with PrincipalCollection
use of org.apache.shiro.subject.PrincipalCollection in project shiro by apache.
the class DelegatingSubject method login.
public void login(AuthenticationToken token) throws AuthenticationException {
clearRunAsIdentitiesInternal();
Subject subject = securityManager.login(this, token);
PrincipalCollection principals;
String host = null;
if (subject instanceof DelegatingSubject) {
DelegatingSubject delegating = (DelegatingSubject) subject;
// we have to do this in case there are assumed identities - we don't want to lose the 'real' principals:
principals = delegating.principals;
host = delegating.host;
} else {
principals = subject.getPrincipals();
}
if (principals == null || principals.isEmpty()) {
String msg = "Principals returned from securityManager.login( token ) returned a null or " + "empty value. This value must be non null and populated with one or more elements.";
throw new IllegalStateException(msg);
}
this.principals = principals;
this.authenticated = true;
if (token instanceof HostAuthenticationToken) {
host = ((HostAuthenticationToken) token).getHost();
}
if (host != null) {
this.host = host;
}
Session session = subject.getSession(false);
if (session != null) {
this.session = decorate(session);
} else {
this.session = null;
}
}
Also used :
HostAuthenticationToken(org.apache.shiro.authc.HostAuthenticationToken)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
Subject(org.apache.shiro.subject.Subject)
ProxiedSession(org.apache.shiro.session.ProxiedSession)
Session(org.apache.shiro.session.Session)
Example 20 with PrincipalCollection
use of org.apache.shiro.subject.PrincipalCollection in project shiro by apache.
the class DelegatingSubject method pushIdentity.
private void pushIdentity(PrincipalCollection principals) throws NullPointerException {
if (isEmpty(principals)) {
String msg = "Specified Subject principals cannot be null or empty for 'run as' functionality.";
throw new NullPointerException(msg);
}
List<PrincipalCollection> stack = getRunAsPrincipalsStack();
if (stack == null) {
stack = new CopyOnWriteArrayList<PrincipalCollection>();
}
stack.add(0, principals);
Session session = getSession();
session.setAttribute(RUN_AS_PRINCIPALS_SESSION_KEY, stack);
}
Also used :
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
ProxiedSession(org.apache.shiro.session.ProxiedSession)
Session(org.apache.shiro.session.Session)
Aggregations
PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)87
SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)40
Test (org.junit.Test)36
SecurityAssertion (ddf.security.assertion.SecurityAssertion)23
Subject (ddf.security.Subject)15
Principal (java.security.Principal)14
Subject (org.apache.shiro.subject.Subject)14
ArrayList (java.util.ArrayList)10
DefaultSecurityManager (org.apache.shiro.mgt.DefaultSecurityManager)10
AuthorizationInfo (org.apache.shiro.authz.AuthorizationInfo)9
Permission (org.apache.shiro.authz.Permission)8
Session (org.apache.shiro.session.Session)8
SimpleSession (org.apache.shiro.session.mgt.SimpleSession)8
HttpServletRequest (javax.servlet.http.HttpServletRequest)7
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)7
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)6
Attribute (ddf.security.assertion.Attribute)5
AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)5
CollectionPermission (ddf.security.permission.CollectionPermission)4
KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)4
