Example 1 with DefaultContextAttributeMapping
use of org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping in project ddf by codice.
the class DefaultContextAttributeMappingTest method setup.
@Before
public void setup() {
List<KeyValuePermission> userPerms = new ArrayList<KeyValuePermission>();
userPerms.add(new KeyValuePermission("role", Arrays.asList("admin")));
userPerms.add(new KeyValuePermission("controls", Arrays.asList("Foo", "Bar")));
userPerms.add(new KeyValuePermission("control", Arrays.asList("Foo")));
userPermissions = new KeyValueCollectionPermission("context", userPerms);
roleMapping = new DefaultContextAttributeMapping("context", "role", "admin");
roleMapping2 = new DefaultContextAttributeMapping("context", "role", "charlie");
controlsMapping = new DefaultContextAttributeMapping("context", "controls", "Foo");
controlMapping = new DefaultContextAttributeMapping("context", "control", "Bar");
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
ArrayList(java.util.ArrayList)
DefaultContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping)
KeyValuePermission(ddf.security.permission.KeyValuePermission)
Before(org.junit.Before)
Example 2 with DefaultContextAttributeMapping
use of org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping in project ddf by codice.
the class PolicyManager method setPolicies.
/**
* Initializes the policy store. This method will be called every time the policy attributes
* change. This will happen after the component has been initialized (see {@link #configure()} and
* when an update is made to the {@code org.codice.ddf.security.policy.context.impl.PolicyManager}
* configuration pid. <br>
* See https://osgi.org/javadoc/r6/cmpn/org/osgi/service/cm/ManagedService.html for more details
* on how and when this method may be called.
*
* @param properties map of properties to use to initialize the policy store. Since there is no
* configuration file bound to these properties by default, this map may be {@code null}.
*/
public void setPolicies(Map<String, Object> properties) {
if (properties == null) {
LOGGER.debug("setPolicies() called with null properties map. " + "Policy store should have already been initialized so ignoring.");
LOGGER.debug("Policy Store already contains {} items", policyStore.size());
return;
}
LOGGER.debug("setPolicies called: {}", properties);
Map<String, ContextPolicy> originalPolicyStore = getPolicyStore();
setGuestAccess((boolean) properties.get(GUEST_ACCESS));
setSessionAccess((boolean) properties.get(SESSION_ACCESS));
String webAuthTypes = (String) properties.get(WEB_AUTH_TYPES);
String endpointAuthTypes = (String) properties.get(ENDPOINT_AUTH_TYPES);
String[] attrContexts = (String[]) properties.get(REQ_ATTRS);
String[] whiteList = (String[]) properties.get(WHITE_LIST);
if (whiteList != null) {
setWhiteListContexts(Arrays.asList(whiteList));
}
if (webAuthTypes != null && endpointAuthTypes != null && attrContexts != null) {
Map<String, List<ContextAttributeMapping>> contextToAttr = new HashMap<>();
List<String> attrContextList = new ArrayList<>();
Collections.addAll(attrContextList, attrContexts);
for (String attr : attrContextList) {
int index = attr.indexOf('=');
if (index < 1) {
throw new IllegalArgumentException("Invalid attribute context: " + attr);
}
String context = attr.substring(0, index);
String value = attr.substring(index + 1);
if (StringUtils.isNotEmpty(context) && value != null) {
if (value.startsWith("{") && value.endsWith("}")) {
if (value.length() == 2) {
value = "";
} else {
value = value.substring(1, value.length() - 1);
}
}
String[] attributes = value.split(";");
List<ContextAttributeMapping> attrMaps = new ArrayList<>();
for (String attribute : attributes) {
String[] parts = attribute.split("=");
if (parts.length == 2) {
attrMaps.add(new DefaultContextAttributeMapping(context, parts[0], parts[1]));
}
}
contextToAttr.put(context, attrMaps);
}
}
this.contextToAttr = contextToAttr;
if (contextToAuthFile == null) {
Map<String, List<String>> contextToAuthMap = new HashMap<>();
contextToAuthMap.put(ROOT_CONTEXT, Arrays.asList(webAuthTypes.split("\\|")));
contextToAuthMap.put(SERVICES_CONTEXT, Arrays.asList(endpointAuthTypes.split("\\|")));
contextToAuthConfig = contextToAuthMap;
setPolicyStore(contextToAuthMap, contextToAttr);
} else {
setPolicyStore(contextToAuthFile, contextToAttr);
}
}
LOGGER.debug("Policy store initialized, now contains {} entries", policyStore.size());
securityLogger.audit("Policy store changed from:\n{} \nto:\n{}", originalPolicyStore, getPolicyStore());
}
Also used :
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
DefaultContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping)
ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy)
ArrayList(java.util.ArrayList)
List(java.util.List)
ContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.ContextAttributeMapping)
DefaultContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping)
Example 3 with DefaultContextAttributeMapping
use of org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping in project ddf by codice.
the class PolicyManager method copyContextPolicy.
/**
* Duplicates the given context policy
*
* @param contextPolicy
* @return copy of contextPolicy
*/
public ContextPolicy copyContextPolicy(ContextPolicy contextPolicy) {
Collection<ContextAttributeMapping> copiedContextAttributes = new ArrayList<>();
Collection<String> copiedAuthenticationMethods = new ArrayList<>();
copiedAuthenticationMethods.addAll(contextPolicy.getAuthenticationMethods());
copiedContextAttributes.addAll(contextPolicy.getAllowedAttributes().stream().map(contextAttribute -> new DefaultContextAttributeMapping(contextAttribute.getContext(), contextAttribute.getAttributeName(), contextAttribute.getAttributeValue())).collect(Collectors.toList()));
return new Policy(contextPolicy.getContextPath(), copiedAuthenticationMethods, copiedContextAttributes);
}
Also used :
ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy)
ArrayList(java.util.ArrayList)
DefaultContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping)
ContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.ContextAttributeMapping)
DefaultContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping)
Example 4 with DefaultContextAttributeMapping
use of org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping in project ddf by codice.
the class PolicyManager method setContextPolicy.
@Override
public void setContextPolicy(String path, ContextPolicy newContextPolicy) {
if (path == null) {
throw new IllegalArgumentException("Context path cannot be null.");
}
if (!path.startsWith(ROOT_CONTEXT)) {
throw new IllegalArgumentException("Context path must start with /");
}
if (newContextPolicy == null) {
throw new IllegalArgumentException("Context policy cannot be null.");
}
LOGGER.debug("setContextPolicy called with path = {}", path);
// gather all authorization types & required attributes
Map<String, List<ContextAttributeMapping>> contextsToAttrs = new HashMap<>();
Map<String, List<String>> contextsToAuths = new HashMap<>();
for (ContextPolicy contextPolicy : getPolicyStore().values()) {
contextsToAttrs.put(contextPolicy.getContextPath(), new ArrayList<>(contextPolicy.getAllowedAttributes()));
contextsToAuths.put(contextPolicy.getContextPath(), new ArrayList<>(contextPolicy.getAuthenticationMethods()));
}
// duplicate and add the new context policy
List<ContextAttributeMapping> newContextAttrs = newContextPolicy.getAllowedAttributes().stream().map(contextAttribute -> new DefaultContextAttributeMapping(contextAttribute.getContext(), contextAttribute.getAttributeName(), contextAttribute.getAttributeValue())).collect(Collectors.toList());
Collection<String> newContextAuths = new ArrayList<>();
newContextAuths.addAll(newContextPolicy.getAuthenticationMethods());
if (newContextAttrs != null) {
contextsToAttrs.put(path, new ArrayList<>(newContextAttrs));
}
contextsToAuths.put(path, new ArrayList<>(newContextAuths));
setPolicyStore(contextsToAuths, contextsToAttrs);
}
Also used :
Arrays(java.util.Arrays)
StringUtils(org.apache.commons.lang.StringUtils)
ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy)
FileAlterationObserver(org.apache.commons.io.monitor.FileAlterationObserver)
LoggerFactory(org.slf4j.LoggerFactory)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
HashSet(java.util.HashSet)
Map(java.util.Map)
ContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.ContextAttributeMapping)
Path(java.nio.file.Path)
ContextPolicyManager(org.codice.ddf.security.policy.context.ContextPolicyManager)
PropertiesLoader(org.codice.ddf.platform.util.properties.PropertiesLoader)
Logger(org.slf4j.Logger)
FileAlterationListener(org.apache.commons.io.monitor.FileAlterationListener)
SecurityLogger(ddf.security.audit.SecurityLogger)
Collection(java.util.Collection)
FileAlterationMonitor(org.apache.commons.io.monitor.FileAlterationMonitor)
Set(java.util.Set)
PrivilegedAction(java.security.PrivilegedAction)
Collectors(java.util.stream.Collectors)
File(java.io.File)
PropertyResolver(org.codice.ddf.configuration.PropertyResolver)
TimeUnit(java.util.concurrent.TimeUnit)
List(java.util.List)
FileFilter(java.io.FileFilter)
Paths(java.nio.file.Paths)
DefaultContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping)
AccessController(java.security.AccessController)
Collections(java.util.Collections)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
DefaultContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping)
ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy)
ArrayList(java.util.ArrayList)
List(java.util.List)
ContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.ContextAttributeMapping)
DefaultContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping)
Aggregations
ArrayList (java.util.ArrayList)4
DefaultContextAttributeMapping (org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping)4
ContextPolicy (org.codice.ddf.security.policy.context.ContextPolicy)3
ContextAttributeMapping (org.codice.ddf.security.policy.context.attributes.ContextAttributeMapping)3
HashMap (java.util.HashMap)2
List (java.util.List)2
SecurityLogger (ddf.security.audit.SecurityLogger)1
KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)1
KeyValuePermission (ddf.security.permission.KeyValuePermission)1
File (java.io.File)1
FileFilter (java.io.FileFilter)1
Path (java.nio.file.Path)1
Paths (java.nio.file.Paths)1
AccessController (java.security.AccessController)1
PrivilegedAction (java.security.PrivilegedAction)1
Arrays (java.util.Arrays)1
Collection (java.util.Collection)1
Collections (java.util.Collections)1
HashSet (java.util.HashSet)1
Map (java.util.Map)1
