Search in sources :

Example 1 with DefaultContextAttributeMapping

use of org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping in project ddf by codice.

the class DefaultContextAttributeMappingTest method setup.

@Before
public void setup() {
    List<KeyValuePermission> userPerms = new ArrayList<KeyValuePermission>();
    userPerms.add(new KeyValuePermission("role", Arrays.asList("admin")));
    userPerms.add(new KeyValuePermission("controls", Arrays.asList("Foo", "Bar")));
    userPerms.add(new KeyValuePermission("control", Arrays.asList("Foo")));
    userPermissions = new KeyValueCollectionPermission("context", userPerms);
    roleMapping = new DefaultContextAttributeMapping("context", "role", "admin");
    roleMapping2 = new DefaultContextAttributeMapping("context", "role", "charlie");
    controlsMapping = new DefaultContextAttributeMapping("context", "controls", "Foo");
    controlMapping = new DefaultContextAttributeMapping("context", "control", "Bar");
}
Also used : KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) ArrayList(java.util.ArrayList) DefaultContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping) KeyValuePermission(ddf.security.permission.KeyValuePermission) Before(org.junit.Before)

Example 2 with DefaultContextAttributeMapping

use of org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping in project ddf by codice.

the class PolicyManager method setPolicies.

/**
 * Initializes the policy store. This method will be called every time the policy attributes
 * change. This will happen after the component has been initialized (see {@link #configure()} and
 * when an update is made to the {@code org.codice.ddf.security.policy.context.impl.PolicyManager}
 * configuration pid. <br>
 * See https://osgi.org/javadoc/r6/cmpn/org/osgi/service/cm/ManagedService.html for more details
 * on how and when this method may be called.
 *
 * @param properties map of properties to use to initialize the policy store. Since there is no
 *     configuration file bound to these properties by default, this map may be {@code null}.
 */
public void setPolicies(Map<String, Object> properties) {
    if (properties == null) {
        LOGGER.debug("setPolicies() called with null properties map. " + "Policy store should have already been initialized so ignoring.");
        LOGGER.debug("Policy Store already contains {} items", policyStore.size());
        return;
    }
    LOGGER.debug("setPolicies called: {}", properties);
    Map<String, ContextPolicy> originalPolicyStore = getPolicyStore();
    setGuestAccess((boolean) properties.get(GUEST_ACCESS));
    setSessionAccess((boolean) properties.get(SESSION_ACCESS));
    String webAuthTypes = (String) properties.get(WEB_AUTH_TYPES);
    String endpointAuthTypes = (String) properties.get(ENDPOINT_AUTH_TYPES);
    String[] attrContexts = (String[]) properties.get(REQ_ATTRS);
    String[] whiteList = (String[]) properties.get(WHITE_LIST);
    if (whiteList != null) {
        setWhiteListContexts(Arrays.asList(whiteList));
    }
    if (webAuthTypes != null && endpointAuthTypes != null && attrContexts != null) {
        Map<String, List<ContextAttributeMapping>> contextToAttr = new HashMap<>();
        List<String> attrContextList = new ArrayList<>();
        Collections.addAll(attrContextList, attrContexts);
        for (String attr : attrContextList) {
            int index = attr.indexOf('=');
            if (index < 1) {
                throw new IllegalArgumentException("Invalid attribute context: " + attr);
            }
            String context = attr.substring(0, index);
            String value = attr.substring(index + 1);
            if (StringUtils.isNotEmpty(context) && value != null) {
                if (value.startsWith("{") && value.endsWith("}")) {
                    if (value.length() == 2) {
                        value = "";
                    } else {
                        value = value.substring(1, value.length() - 1);
                    }
                }
                String[] attributes = value.split(";");
                List<ContextAttributeMapping> attrMaps = new ArrayList<>();
                for (String attribute : attributes) {
                    String[] parts = attribute.split("=");
                    if (parts.length == 2) {
                        attrMaps.add(new DefaultContextAttributeMapping(context, parts[0], parts[1]));
                    }
                }
                contextToAttr.put(context, attrMaps);
            }
        }
        this.contextToAttr = contextToAttr;
        if (contextToAuthFile == null) {
            Map<String, List<String>> contextToAuthMap = new HashMap<>();
            contextToAuthMap.put(ROOT_CONTEXT, Arrays.asList(webAuthTypes.split("\\|")));
            contextToAuthMap.put(SERVICES_CONTEXT, Arrays.asList(endpointAuthTypes.split("\\|")));
            contextToAuthConfig = contextToAuthMap;
            setPolicyStore(contextToAuthMap, contextToAttr);
        } else {
            setPolicyStore(contextToAuthFile, contextToAttr);
        }
    }
    LOGGER.debug("Policy store initialized, now contains {} entries", policyStore.size());
    securityLogger.audit("Policy store changed from:\n{} \nto:\n{}", originalPolicyStore, getPolicyStore());
}
Also used : HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) DefaultContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping) ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy) ArrayList(java.util.ArrayList) List(java.util.List) ContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.ContextAttributeMapping) DefaultContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping)

Example 3 with DefaultContextAttributeMapping

use of org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping in project ddf by codice.

the class PolicyManager method copyContextPolicy.

/**
 * Duplicates the given context policy
 *
 * @param contextPolicy
 * @return copy of contextPolicy
 */
public ContextPolicy copyContextPolicy(ContextPolicy contextPolicy) {
    Collection<ContextAttributeMapping> copiedContextAttributes = new ArrayList<>();
    Collection<String> copiedAuthenticationMethods = new ArrayList<>();
    copiedAuthenticationMethods.addAll(contextPolicy.getAuthenticationMethods());
    copiedContextAttributes.addAll(contextPolicy.getAllowedAttributes().stream().map(contextAttribute -> new DefaultContextAttributeMapping(contextAttribute.getContext(), contextAttribute.getAttributeName(), contextAttribute.getAttributeValue())).collect(Collectors.toList()));
    return new Policy(contextPolicy.getContextPath(), copiedAuthenticationMethods, copiedContextAttributes);
}
Also used : ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy) ArrayList(java.util.ArrayList) DefaultContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping) ContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.ContextAttributeMapping) DefaultContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping)

Example 4 with DefaultContextAttributeMapping

use of org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping in project ddf by codice.

the class PolicyManager method setContextPolicy.

@Override
public void setContextPolicy(String path, ContextPolicy newContextPolicy) {
    if (path == null) {
        throw new IllegalArgumentException("Context path cannot be null.");
    }
    if (!path.startsWith(ROOT_CONTEXT)) {
        throw new IllegalArgumentException("Context path must start with /");
    }
    if (newContextPolicy == null) {
        throw new IllegalArgumentException("Context policy cannot be null.");
    }
    LOGGER.debug("setContextPolicy called with path = {}", path);
    // gather all authorization types & required attributes
    Map<String, List<ContextAttributeMapping>> contextsToAttrs = new HashMap<>();
    Map<String, List<String>> contextsToAuths = new HashMap<>();
    for (ContextPolicy contextPolicy : getPolicyStore().values()) {
        contextsToAttrs.put(contextPolicy.getContextPath(), new ArrayList<>(contextPolicy.getAllowedAttributes()));
        contextsToAuths.put(contextPolicy.getContextPath(), new ArrayList<>(contextPolicy.getAuthenticationMethods()));
    }
    // duplicate and add the new context policy
    List<ContextAttributeMapping> newContextAttrs = newContextPolicy.getAllowedAttributes().stream().map(contextAttribute -> new DefaultContextAttributeMapping(contextAttribute.getContext(), contextAttribute.getAttributeName(), contextAttribute.getAttributeValue())).collect(Collectors.toList());
    Collection<String> newContextAuths = new ArrayList<>();
    newContextAuths.addAll(newContextPolicy.getAuthenticationMethods());
    if (newContextAttrs != null) {
        contextsToAttrs.put(path, new ArrayList<>(newContextAttrs));
    }
    contextsToAuths.put(path, new ArrayList<>(newContextAuths));
    setPolicyStore(contextsToAuths, contextsToAttrs);
}
Also used : Arrays(java.util.Arrays) StringUtils(org.apache.commons.lang.StringUtils) ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy) FileAlterationObserver(org.apache.commons.io.monitor.FileAlterationObserver) LoggerFactory(org.slf4j.LoggerFactory) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) Map(java.util.Map) ContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.ContextAttributeMapping) Path(java.nio.file.Path) ContextPolicyManager(org.codice.ddf.security.policy.context.ContextPolicyManager) PropertiesLoader(org.codice.ddf.platform.util.properties.PropertiesLoader) Logger(org.slf4j.Logger) FileAlterationListener(org.apache.commons.io.monitor.FileAlterationListener) SecurityLogger(ddf.security.audit.SecurityLogger) Collection(java.util.Collection) FileAlterationMonitor(org.apache.commons.io.monitor.FileAlterationMonitor) Set(java.util.Set) PrivilegedAction(java.security.PrivilegedAction) Collectors(java.util.stream.Collectors) File(java.io.File) PropertyResolver(org.codice.ddf.configuration.PropertyResolver) TimeUnit(java.util.concurrent.TimeUnit) List(java.util.List) FileFilter(java.io.FileFilter) Paths(java.nio.file.Paths) DefaultContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping) AccessController(java.security.AccessController) Collections(java.util.Collections) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) DefaultContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping) ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy) ArrayList(java.util.ArrayList) List(java.util.List) ContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.ContextAttributeMapping) DefaultContextAttributeMapping(org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping)

Aggregations

ArrayList (java.util.ArrayList)4 DefaultContextAttributeMapping (org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping)4 ContextPolicy (org.codice.ddf.security.policy.context.ContextPolicy)3 ContextAttributeMapping (org.codice.ddf.security.policy.context.attributes.ContextAttributeMapping)3 HashMap (java.util.HashMap)2 List (java.util.List)2 SecurityLogger (ddf.security.audit.SecurityLogger)1 KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)1 KeyValuePermission (ddf.security.permission.KeyValuePermission)1 File (java.io.File)1 FileFilter (java.io.FileFilter)1 Path (java.nio.file.Path)1 Paths (java.nio.file.Paths)1 AccessController (java.security.AccessController)1 PrivilegedAction (java.security.PrivilegedAction)1 Arrays (java.util.Arrays)1 Collection (java.util.Collection)1 Collections (java.util.Collections)1 HashSet (java.util.HashSet)1 Map (java.util.Map)1