Search in sources :

Example 1 with AclFunctionEntry

use of org.apache.storm.security.auth.authorizer.DRPCSimpleACLAuthorizer.AclFunctionEntry in project storm by apache.

the class DRPCTest method testNotStrict.

@Test
public void testNotStrict() throws Exception {
    ReqContext jt = new ReqContext(new Subject());
    SingleUserPrincipal jumpTopo = new SingleUserPrincipal("jump_topo");
    jt.subject().getPrincipals().add(jumpTopo);
    ReqContext jc = new ReqContext(new Subject());
    SingleUserPrincipal jumpClient = new SingleUserPrincipal("jump_client");
    jc.subject().getPrincipals().add(jumpClient);
    ReqContext other = new ReqContext(new Subject());
    SingleUserPrincipal otherUser = new SingleUserPrincipal("other");
    other.subject().getPrincipals().add(otherUser);
    Map<String, AclFunctionEntry> acl = new HashMap<>();
    acl.put("jump", new AclFunctionEntry(Arrays.asList(jumpClient.getName()), jumpTopo.getName()));
    Map<String, Object> conf = new HashMap<>();
    conf.put(Config.DRPC_AUTHORIZER_ACL_STRICT, false);
    conf.put(Config.STORM_PRINCIPAL_TO_LOCAL_PLUGIN, DefaultPrincipalToLocal.class.getName());
    DRPCSimpleACLAuthorizer auth = new DRPCSimpleACLAuthorizer() {

        @Override
        protected Map<String, AclFunctionEntry> readAclFromConfig() {
            return acl;
        }
    };
    auth.prepare(conf);
    // JUMP
    DRPC.checkAuthorization(jt, auth, "fetchRequest", "jump");
    assertThrows(() -> DRPC.checkAuthorization(jc, auth, "fetchRequest", "jump"), AuthorizationException.class);
    assertThrows(() -> DRPC.checkAuthorization(other, auth, "fetchRequest", "jump"), AuthorizationException.class);
    DRPC.checkAuthorization(jt, auth, "result", "jump");
    assertThrows(() -> DRPC.checkAuthorization(jc, auth, "result", "jump"), AuthorizationException.class);
    assertThrows(() -> DRPC.checkAuthorization(other, auth, "result", "jump"), AuthorizationException.class);
    assertThrows(() -> DRPC.checkAuthorization(jt, auth, "execute", "jump"), AuthorizationException.class);
    DRPC.checkAuthorization(jc, auth, "execute", "jump");
    assertThrows(() -> DRPC.checkAuthorization(other, auth, "execute", "jump"), AuthorizationException.class);
    // not_jump (open in not strict mode)
    DRPC.checkAuthorization(jt, auth, "fetchRequest", "not_jump");
    DRPC.checkAuthorization(jc, auth, "fetchRequest", "not_jump");
    DRPC.checkAuthorization(other, auth, "fetchRequest", "not_jump");
    DRPC.checkAuthorization(jt, auth, "result", "not_jump");
    DRPC.checkAuthorization(jc, auth, "result", "not_jump");
    DRPC.checkAuthorization(other, auth, "result", "not_jump");
    DRPC.checkAuthorization(jt, auth, "execute", "not_jump");
    DRPC.checkAuthorization(jc, auth, "execute", "not_jump");
    DRPC.checkAuthorization(other, auth, "execute", "not_jump");
}
Also used : HashMap(java.util.HashMap) AclFunctionEntry(org.apache.storm.security.auth.authorizer.DRPCSimpleACLAuthorizer.AclFunctionEntry) DRPCSimpleACLAuthorizer(org.apache.storm.security.auth.authorizer.DRPCSimpleACLAuthorizer) ReqContext(org.apache.storm.security.auth.ReqContext) SingleUserPrincipal(org.apache.storm.security.auth.SingleUserPrincipal) Subject(javax.security.auth.Subject) DefaultPrincipalToLocal(org.apache.storm.security.auth.DefaultPrincipalToLocal) Test(org.junit.Test)

Example 2 with AclFunctionEntry

use of org.apache.storm.security.auth.authorizer.DRPCSimpleACLAuthorizer.AclFunctionEntry in project storm by apache.

the class DRPCTest method testStrict.

@Test
public void testStrict() throws Exception {
    ReqContext jt = new ReqContext(new Subject());
    SingleUserPrincipal jumpTopo = new SingleUserPrincipal("jump_topo");
    jt.subject().getPrincipals().add(jumpTopo);
    ReqContext jc = new ReqContext(new Subject());
    SingleUserPrincipal jumpClient = new SingleUserPrincipal("jump_client");
    jc.subject().getPrincipals().add(jumpClient);
    ReqContext other = new ReqContext(new Subject());
    SingleUserPrincipal otherUser = new SingleUserPrincipal("other");
    other.subject().getPrincipals().add(otherUser);
    Map<String, AclFunctionEntry> acl = new HashMap<>();
    acl.put("jump", new AclFunctionEntry(Arrays.asList(jumpClient.getName()), jumpTopo.getName()));
    Map<String, Object> conf = new HashMap<>();
    conf.put(Config.DRPC_AUTHORIZER_ACL_STRICT, true);
    conf.put(Config.STORM_PRINCIPAL_TO_LOCAL_PLUGIN, DefaultPrincipalToLocal.class.getName());
    DRPCSimpleACLAuthorizer auth = new DRPCSimpleACLAuthorizer() {

        @Override
        protected Map<String, AclFunctionEntry> readAclFromConfig() {
            return acl;
        }
    };
    auth.prepare(conf);
    // JUMP
    DRPC.checkAuthorization(jt, auth, "fetchRequest", "jump");
    assertThrows(() -> DRPC.checkAuthorization(jc, auth, "fetchRequest", "jump"), AuthorizationException.class);
    assertThrows(() -> DRPC.checkAuthorization(other, auth, "fetchRequest", "jump"), AuthorizationException.class);
    DRPC.checkAuthorization(jt, auth, "result", "jump");
    assertThrows(() -> DRPC.checkAuthorization(jc, auth, "result", "jump"), AuthorizationException.class);
    assertThrows(() -> DRPC.checkAuthorization(other, auth, "result", "jump"), AuthorizationException.class);
    assertThrows(() -> DRPC.checkAuthorization(jt, auth, "execute", "jump"), AuthorizationException.class);
    DRPC.checkAuthorization(jc, auth, "execute", "jump");
    assertThrows(() -> DRPC.checkAuthorization(other, auth, "execute", "jump"), AuthorizationException.class);
    // not_jump (closed in strict mode)
    assertThrows(() -> DRPC.checkAuthorization(jt, auth, "fetchRequest", "not_jump"), AuthorizationException.class);
    assertThrows(() -> DRPC.checkAuthorization(jc, auth, "fetchRequest", "not_jump"), AuthorizationException.class);
    assertThrows(() -> DRPC.checkAuthorization(other, auth, "fetchRequest", "not_jump"), AuthorizationException.class);
    assertThrows(() -> DRPC.checkAuthorization(jt, auth, "result", "not_jump"), AuthorizationException.class);
    assertThrows(() -> DRPC.checkAuthorization(jc, auth, "result", "not_jump"), AuthorizationException.class);
    assertThrows(() -> DRPC.checkAuthorization(other, auth, "result", "not_jump"), AuthorizationException.class);
    assertThrows(() -> DRPC.checkAuthorization(jt, auth, "execute", "not_jump"), AuthorizationException.class);
    assertThrows(() -> DRPC.checkAuthorization(jc, auth, "execute", "not_jump"), AuthorizationException.class);
    assertThrows(() -> DRPC.checkAuthorization(other, auth, "execute", "not_jump"), AuthorizationException.class);
}
Also used : HashMap(java.util.HashMap) AclFunctionEntry(org.apache.storm.security.auth.authorizer.DRPCSimpleACLAuthorizer.AclFunctionEntry) DRPCSimpleACLAuthorizer(org.apache.storm.security.auth.authorizer.DRPCSimpleACLAuthorizer) ReqContext(org.apache.storm.security.auth.ReqContext) SingleUserPrincipal(org.apache.storm.security.auth.SingleUserPrincipal) Subject(javax.security.auth.Subject) DefaultPrincipalToLocal(org.apache.storm.security.auth.DefaultPrincipalToLocal) Test(org.junit.Test)

Aggregations

HashMap (java.util.HashMap)2 Subject (javax.security.auth.Subject)2 DefaultPrincipalToLocal (org.apache.storm.security.auth.DefaultPrincipalToLocal)2 ReqContext (org.apache.storm.security.auth.ReqContext)2 SingleUserPrincipal (org.apache.storm.security.auth.SingleUserPrincipal)2 DRPCSimpleACLAuthorizer (org.apache.storm.security.auth.authorizer.DRPCSimpleACLAuthorizer)2 AclFunctionEntry (org.apache.storm.security.auth.authorizer.DRPCSimpleACLAuthorizer.AclFunctionEntry)2 Test (org.junit.Test)2