use of org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping in project ddf by codice.
the class DefaultContextAttributeMappingTest method setup.
@Before
public void setup() {
List<KeyValuePermission> userPerms = new ArrayList<KeyValuePermission>();
userPerms.add(new KeyValuePermission("role", Arrays.asList("admin")));
userPerms.add(new KeyValuePermission("controls", Arrays.asList("Foo", "Bar")));
userPerms.add(new KeyValuePermission("control", Arrays.asList("Foo")));
userPermissions = new KeyValueCollectionPermission("context", userPerms);
roleMapping = new DefaultContextAttributeMapping("context", "role", "admin");
roleMapping2 = new DefaultContextAttributeMapping("context", "role", "charlie");
controlsMapping = new DefaultContextAttributeMapping("context", "controls", "Foo");
controlMapping = new DefaultContextAttributeMapping("context", "control", "Bar");
}
use of org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping in project ddf by codice.
the class PolicyManager method setPolicies.
/**
* Initializes the policy store. This method will be called every time the policy attributes
* change. This will happen after the component has been initialized (see {@link #configure()} and
* when an update is made to the {@code org.codice.ddf.security.policy.context.impl.PolicyManager}
* configuration pid. <br>
* See https://osgi.org/javadoc/r6/cmpn/org/osgi/service/cm/ManagedService.html for more details
* on how and when this method may be called.
*
* @param properties map of properties to use to initialize the policy store. Since there is no
* configuration file bound to these properties by default, this map may be {@code null}.
*/
public void setPolicies(Map<String, Object> properties) {
if (properties == null) {
LOGGER.debug("setPolicies() called with null properties map. " + "Policy store should have already been initialized so ignoring.");
LOGGER.debug("Policy Store already contains {} items", policyStore.size());
return;
}
LOGGER.debug("setPolicies called: {}", properties);
Map<String, ContextPolicy> originalPolicyStore = getPolicyStore();
setGuestAccess((boolean) properties.get(GUEST_ACCESS));
setSessionAccess((boolean) properties.get(SESSION_ACCESS));
String webAuthTypes = (String) properties.get(WEB_AUTH_TYPES);
String endpointAuthTypes = (String) properties.get(ENDPOINT_AUTH_TYPES);
String[] attrContexts = (String[]) properties.get(REQ_ATTRS);
String[] whiteList = (String[]) properties.get(WHITE_LIST);
if (whiteList != null) {
setWhiteListContexts(Arrays.asList(whiteList));
}
if (webAuthTypes != null && endpointAuthTypes != null && attrContexts != null) {
Map<String, List<ContextAttributeMapping>> contextToAttr = new HashMap<>();
List<String> attrContextList = new ArrayList<>();
Collections.addAll(attrContextList, attrContexts);
for (String attr : attrContextList) {
int index = attr.indexOf('=');
if (index < 1) {
throw new IllegalArgumentException("Invalid attribute context: " + attr);
}
String context = attr.substring(0, index);
String value = attr.substring(index + 1);
if (StringUtils.isNotEmpty(context) && value != null) {
if (value.startsWith("{") && value.endsWith("}")) {
if (value.length() == 2) {
value = "";
} else {
value = value.substring(1, value.length() - 1);
}
}
String[] attributes = value.split(";");
List<ContextAttributeMapping> attrMaps = new ArrayList<>();
for (String attribute : attributes) {
String[] parts = attribute.split("=");
if (parts.length == 2) {
attrMaps.add(new DefaultContextAttributeMapping(context, parts[0], parts[1]));
}
}
contextToAttr.put(context, attrMaps);
}
}
this.contextToAttr = contextToAttr;
if (contextToAuthFile == null) {
Map<String, List<String>> contextToAuthMap = new HashMap<>();
contextToAuthMap.put(ROOT_CONTEXT, Arrays.asList(webAuthTypes.split("\\|")));
contextToAuthMap.put(SERVICES_CONTEXT, Arrays.asList(endpointAuthTypes.split("\\|")));
contextToAuthConfig = contextToAuthMap;
setPolicyStore(contextToAuthMap, contextToAttr);
} else {
setPolicyStore(contextToAuthFile, contextToAttr);
}
}
LOGGER.debug("Policy store initialized, now contains {} entries", policyStore.size());
securityLogger.audit("Policy store changed from:\n{} \nto:\n{}", originalPolicyStore, getPolicyStore());
}
use of org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping in project ddf by codice.
the class PolicyManager method copyContextPolicy.
/**
* Duplicates the given context policy
*
* @param contextPolicy
* @return copy of contextPolicy
*/
public ContextPolicy copyContextPolicy(ContextPolicy contextPolicy) {
Collection<ContextAttributeMapping> copiedContextAttributes = new ArrayList<>();
Collection<String> copiedAuthenticationMethods = new ArrayList<>();
copiedAuthenticationMethods.addAll(contextPolicy.getAuthenticationMethods());
copiedContextAttributes.addAll(contextPolicy.getAllowedAttributes().stream().map(contextAttribute -> new DefaultContextAttributeMapping(contextAttribute.getContext(), contextAttribute.getAttributeName(), contextAttribute.getAttributeValue())).collect(Collectors.toList()));
return new Policy(contextPolicy.getContextPath(), copiedAuthenticationMethods, copiedContextAttributes);
}
use of org.codice.ddf.security.policy.context.attributes.DefaultContextAttributeMapping in project ddf by codice.
the class PolicyManager method setContextPolicy.
@Override
public void setContextPolicy(String path, ContextPolicy newContextPolicy) {
if (path == null) {
throw new IllegalArgumentException("Context path cannot be null.");
}
if (!path.startsWith(ROOT_CONTEXT)) {
throw new IllegalArgumentException("Context path must start with /");
}
if (newContextPolicy == null) {
throw new IllegalArgumentException("Context policy cannot be null.");
}
LOGGER.debug("setContextPolicy called with path = {}", path);
// gather all authorization types & required attributes
Map<String, List<ContextAttributeMapping>> contextsToAttrs = new HashMap<>();
Map<String, List<String>> contextsToAuths = new HashMap<>();
for (ContextPolicy contextPolicy : getPolicyStore().values()) {
contextsToAttrs.put(contextPolicy.getContextPath(), new ArrayList<>(contextPolicy.getAllowedAttributes()));
contextsToAuths.put(contextPolicy.getContextPath(), new ArrayList<>(contextPolicy.getAuthenticationMethods()));
}
// duplicate and add the new context policy
List<ContextAttributeMapping> newContextAttrs = newContextPolicy.getAllowedAttributes().stream().map(contextAttribute -> new DefaultContextAttributeMapping(contextAttribute.getContext(), contextAttribute.getAttributeName(), contextAttribute.getAttributeValue())).collect(Collectors.toList());
Collection<String> newContextAuths = new ArrayList<>();
newContextAuths.addAll(newContextPolicy.getAuthenticationMethods());
if (newContextAttrs != null) {
contextsToAttrs.put(path, new ArrayList<>(newContextAttrs));
}
contextsToAuths.put(path, new ArrayList<>(newContextAuths));
setPolicyStore(contextsToAuths, contextsToAttrs);
}
Aggregations