use of org.apache.storm.security.auth.SingleUserPrincipal in project storm by apache.
the class DRPCTest method testNotStrict.
@Test
public void testNotStrict() throws Exception {
ReqContext jt = new ReqContext(new Subject());
SingleUserPrincipal jumpTopo = new SingleUserPrincipal("jump_topo");
jt.subject().getPrincipals().add(jumpTopo);
ReqContext jc = new ReqContext(new Subject());
SingleUserPrincipal jumpClient = new SingleUserPrincipal("jump_client");
jc.subject().getPrincipals().add(jumpClient);
ReqContext other = new ReqContext(new Subject());
SingleUserPrincipal otherUser = new SingleUserPrincipal("other");
other.subject().getPrincipals().add(otherUser);
Map<String, AclFunctionEntry> acl = new HashMap<>();
acl.put("jump", new AclFunctionEntry(Arrays.asList(jumpClient.getName()), jumpTopo.getName()));
Map<String, Object> conf = new HashMap<>();
conf.put(Config.DRPC_AUTHORIZER_ACL_STRICT, false);
conf.put(Config.STORM_PRINCIPAL_TO_LOCAL_PLUGIN, DefaultPrincipalToLocal.class.getName());
DRPCSimpleACLAuthorizer auth = new DRPCSimpleACLAuthorizer() {
@Override
protected Map<String, AclFunctionEntry> readAclFromConfig() {
return acl;
}
};
auth.prepare(conf);
//JUMP
DRPC.checkAuthorization(jt, auth, "fetchRequest", "jump");
assertThrows(() -> DRPC.checkAuthorization(jc, auth, "fetchRequest", "jump"), AuthorizationException.class);
assertThrows(() -> DRPC.checkAuthorization(other, auth, "fetchRequest", "jump"), AuthorizationException.class);
DRPC.checkAuthorization(jt, auth, "result", "jump");
assertThrows(() -> DRPC.checkAuthorization(jc, auth, "result", "jump"), AuthorizationException.class);
assertThrows(() -> DRPC.checkAuthorization(other, auth, "result", "jump"), AuthorizationException.class);
assertThrows(() -> DRPC.checkAuthorization(jt, auth, "execute", "jump"), AuthorizationException.class);
DRPC.checkAuthorization(jc, auth, "execute", "jump");
assertThrows(() -> DRPC.checkAuthorization(other, auth, "execute", "jump"), AuthorizationException.class);
//not_jump (open in not strict mode)
DRPC.checkAuthorization(jt, auth, "fetchRequest", "not_jump");
DRPC.checkAuthorization(jc, auth, "fetchRequest", "not_jump");
DRPC.checkAuthorization(other, auth, "fetchRequest", "not_jump");
DRPC.checkAuthorization(jt, auth, "result", "not_jump");
DRPC.checkAuthorization(jc, auth, "result", "not_jump");
DRPC.checkAuthorization(other, auth, "result", "not_jump");
DRPC.checkAuthorization(jt, auth, "execute", "not_jump");
DRPC.checkAuthorization(jc, auth, "execute", "not_jump");
DRPC.checkAuthorization(other, auth, "execute", "not_jump");
}
use of org.apache.storm.security.auth.SingleUserPrincipal in project storm by apache.
the class DRPCTest method testStrict.
@Test
public void testStrict() throws Exception {
ReqContext jt = new ReqContext(new Subject());
SingleUserPrincipal jumpTopo = new SingleUserPrincipal("jump_topo");
jt.subject().getPrincipals().add(jumpTopo);
ReqContext jc = new ReqContext(new Subject());
SingleUserPrincipal jumpClient = new SingleUserPrincipal("jump_client");
jc.subject().getPrincipals().add(jumpClient);
ReqContext other = new ReqContext(new Subject());
SingleUserPrincipal otherUser = new SingleUserPrincipal("other");
other.subject().getPrincipals().add(otherUser);
Map<String, AclFunctionEntry> acl = new HashMap<>();
acl.put("jump", new AclFunctionEntry(Arrays.asList(jumpClient.getName()), jumpTopo.getName()));
Map<String, Object> conf = new HashMap<>();
conf.put(Config.DRPC_AUTHORIZER_ACL_STRICT, true);
conf.put(Config.STORM_PRINCIPAL_TO_LOCAL_PLUGIN, DefaultPrincipalToLocal.class.getName());
DRPCSimpleACLAuthorizer auth = new DRPCSimpleACLAuthorizer() {
@Override
protected Map<String, AclFunctionEntry> readAclFromConfig() {
return acl;
}
};
auth.prepare(conf);
//JUMP
DRPC.checkAuthorization(jt, auth, "fetchRequest", "jump");
assertThrows(() -> DRPC.checkAuthorization(jc, auth, "fetchRequest", "jump"), AuthorizationException.class);
assertThrows(() -> DRPC.checkAuthorization(other, auth, "fetchRequest", "jump"), AuthorizationException.class);
DRPC.checkAuthorization(jt, auth, "result", "jump");
assertThrows(() -> DRPC.checkAuthorization(jc, auth, "result", "jump"), AuthorizationException.class);
assertThrows(() -> DRPC.checkAuthorization(other, auth, "result", "jump"), AuthorizationException.class);
assertThrows(() -> DRPC.checkAuthorization(jt, auth, "execute", "jump"), AuthorizationException.class);
DRPC.checkAuthorization(jc, auth, "execute", "jump");
assertThrows(() -> DRPC.checkAuthorization(other, auth, "execute", "jump"), AuthorizationException.class);
//not_jump (closed in strict mode)
assertThrows(() -> DRPC.checkAuthorization(jt, auth, "fetchRequest", "not_jump"), AuthorizationException.class);
assertThrows(() -> DRPC.checkAuthorization(jc, auth, "fetchRequest", "not_jump"), AuthorizationException.class);
assertThrows(() -> DRPC.checkAuthorization(other, auth, "fetchRequest", "not_jump"), AuthorizationException.class);
assertThrows(() -> DRPC.checkAuthorization(jt, auth, "result", "not_jump"), AuthorizationException.class);
assertThrows(() -> DRPC.checkAuthorization(jc, auth, "result", "not_jump"), AuthorizationException.class);
assertThrows(() -> DRPC.checkAuthorization(other, auth, "result", "not_jump"), AuthorizationException.class);
assertThrows(() -> DRPC.checkAuthorization(jt, auth, "execute", "not_jump"), AuthorizationException.class);
assertThrows(() -> DRPC.checkAuthorization(jc, auth, "execute", "not_jump"), AuthorizationException.class);
assertThrows(() -> DRPC.checkAuthorization(other, auth, "execute", "not_jump"), AuthorizationException.class);
}
use of org.apache.storm.security.auth.SingleUserPrincipal in project storm by apache.
the class BlobStoreTest method getSubject.
public Subject getSubject(String name) {
Subject subject = new Subject();
SingleUserPrincipal user = new SingleUserPrincipal(name);
subject.getPrincipals().add(user);
return subject;
}
use of org.apache.storm.security.auth.SingleUserPrincipal in project storm by apache.
the class DRPCSimpleACLAuthorizerTest method makeMockContext.
private static ReqContext makeMockContext(String user) {
ReqContext mockContext = Mockito.mock(ReqContext.class);
Mockito.when(mockContext.principal()).thenReturn(new SingleUserPrincipal(user));
return mockContext;
}
use of org.apache.storm.security.auth.SingleUserPrincipal in project storm by apache.
the class BlobStoreTest method getSubject.
public Subject getSubject(String name) {
Subject subject = new Subject();
SingleUserPrincipal user = new SingleUserPrincipal(name);
subject.getPrincipals().add(user);
return subject;
}
Aggregations