Examples with AuthorizationService org.eclipse.hono.service.auth.AuthorizationService used on opensource projects

Search in sources :

Example 1 with AuthorizationService

use of org.eclipse.hono.service.auth.AuthorizationService in project hono by eclipse.

the class AmqpServiceBaseTest method testHandleReceiverOpenRejectsUnauthorizedClient.

/**
 * Verifies that the service rejects sender links on resources that
 * the client is not authorized to write to.
 */
@Test
public void testHandleReceiverOpenRejectsUnauthorizedClient() {
    // GIVEN a server with a endpoint
    final ResourceIdentifier restrictedTargetAddress = ResourceIdentifier.from(ENDPOINT, "RESTRICTED_TENANT", null);
    final AmqpEndpoint endpoint = mock(AmqpEndpoint.class);
    when(endpoint.getName()).thenReturn(ENDPOINT);
    final AuthorizationService authService = mock(AuthorizationService.class);
    when(authService.isAuthorized(Constants.PRINCIPAL_ANONYMOUS, restrictedTargetAddress, Activity.WRITE)).thenReturn(Future.succeededFuture(Boolean.FALSE));
    final AmqpServiceBase<ServiceConfigProperties> server = createServer(endpoint);
    server.setAuthorizationService(authService);
    // WHEN a client connects to the server using a address for a tenant it is not authorized to write to
    final Target target = getTarget(restrictedTargetAddress);
    final ProtonReceiver receiver = mock(ProtonReceiver.class);
    when(receiver.getRemoteTarget()).thenReturn(target);
    when(receiver.setCondition(any())).thenReturn(receiver);
    server.handleReceiverOpen(newConnection(Constants.PRINCIPAL_ANONYMOUS), receiver);
    // THEN the server closes the link with the client
    verify(receiver).close();
}
Also used : ProtonReceiver(io.vertx.proton.ProtonReceiver) ResourceIdentifier(org.eclipse.hono.util.ResourceIdentifier) Target(org.apache.qpid.proton.amqp.transport.Target) AuthorizationService(org.eclipse.hono.service.auth.AuthorizationService) ServiceConfigProperties(org.eclipse.hono.config.ServiceConfigProperties) Test(org.junit.Test)

Example 2 with AuthorizationService

use of org.eclipse.hono.service.auth.AuthorizationService in project hono by eclipse.

the class AmqpServiceBaseTest method testHandleReceiverOpenForwardsToEndpoint.

/**
 * Verifies that the service notifies a registered endpoint about a client
 * that has established a link.
 */
@Test
public void testHandleReceiverOpenForwardsToEndpoint() {
    // GIVEN a server with an endpoint
    final ResourceIdentifier targetAddress = ResourceIdentifier.from(ENDPOINT, Constants.DEFAULT_TENANT, null);
    final AmqpEndpoint endpoint = mock(AmqpEndpoint.class);
    when(endpoint.getName()).thenReturn(ENDPOINT);
    final AuthorizationService authService = mock(AuthorizationService.class);
    when(authService.isAuthorized(Constants.PRINCIPAL_ANONYMOUS, targetAddress, Activity.WRITE)).thenReturn(Future.succeededFuture(Boolean.TRUE));
    final AmqpServiceBase<ServiceConfigProperties> server = createServer(endpoint);
    server.setAuthorizationService(authService);
    // WHEN a client connects to the server using this endpoint
    final Target target = getTarget(targetAddress);
    final ProtonReceiver receiver = mock(ProtonReceiver.class);
    when(receiver.getRemoteTarget()).thenReturn(target);
    when(receiver.attachments()).thenReturn(mock(Record.class));
    server.handleReceiverOpen(newConnection(Constants.PRINCIPAL_ANONYMOUS), receiver);
    // THEN the server delegates link establishment to the endpoint
    verify(endpoint).onLinkAttach(any(ProtonConnection.class), eq(receiver), eq(targetAddress));
}
Also used : ProtonReceiver(io.vertx.proton.ProtonReceiver) ResourceIdentifier(org.eclipse.hono.util.ResourceIdentifier) ProtonConnection(io.vertx.proton.ProtonConnection) Target(org.apache.qpid.proton.amqp.transport.Target) AuthorizationService(org.eclipse.hono.service.auth.AuthorizationService) ServiceConfigProperties(org.eclipse.hono.config.ServiceConfigProperties) Record(org.apache.qpid.proton.engine.Record) Test(org.junit.Test)

Example 3 with AuthorizationService

use of org.eclipse.hono.service.auth.AuthorizationService in project hono by eclipse.

the class RequestResponseEndpointTest method testHandleMessageProcessesAuthorizedRequests.

/**
 * Verifies that the endpoint processes request messages for operations the client
 * is authorized to invoke.
 */
@Test
public void testHandleMessageProcessesAuthorizedRequests() {
    Message msg = ProtonHelper.message();
    msg.setSubject("get");
    ProtonConnection con = mock(ProtonConnection.class);
    ProtonDelivery delivery = mock(ProtonDelivery.class);
    AuthorizationService authService = mock(AuthorizationService.class);
    when(authService.isAuthorized(any(HonoUser.class), any(ResourceIdentifier.class), anyString())).thenReturn(Future.succeededFuture(Boolean.TRUE));
    Future<Void> processingTracker = Future.future();
    RequestResponseEndpoint<ServiceConfigProperties> endpoint = getEndpoint(true, processingTracker);
    endpoint.setAuthorizationService(authService);
    // WHEN a request for an operation is received that the client is authorized to invoke
    endpoint.handleMessage(con, receiver, resource, delivery, msg);
    // THEN then the message gets processed
    ArgumentCaptor<DeliveryState> deliveryState = ArgumentCaptor.forClass(DeliveryState.class);
    verify(delivery).disposition(deliveryState.capture(), booleanThat(is(Boolean.TRUE)));
    assertThat(deliveryState.getValue(), instanceOf(Accepted.class));
    verify(receiver, never()).close();
    verify(authService).isAuthorized(Constants.PRINCIPAL_ANONYMOUS, resource, "get");
    assertTrue(processingTracker.isComplete());
}
Also used : EventBusMessage(org.eclipse.hono.util.EventBusMessage) Message(org.apache.qpid.proton.message.Message) ProtonDelivery(io.vertx.proton.ProtonDelivery) Accepted(org.apache.qpid.proton.amqp.messaging.Accepted) ProtonConnection(io.vertx.proton.ProtonConnection) ResourceIdentifier(org.eclipse.hono.util.ResourceIdentifier) HonoUser(org.eclipse.hono.auth.HonoUser) DeliveryState(org.apache.qpid.proton.amqp.transport.DeliveryState) AuthorizationService(org.eclipse.hono.service.auth.AuthorizationService) ServiceConfigProperties(org.eclipse.hono.config.ServiceConfigProperties) Test(org.junit.Test)

Example 4 with AuthorizationService

use of org.eclipse.hono.service.auth.AuthorizationService in project hono by eclipse.

the class RequestResponseEndpointTest method testHandleMessageRejectsUnauthorizedRequests.

/**
 * Verifies that the endpoint rejects request messages for operations the client
 * is not authorized to invoke.
 */
@Test
public void testHandleMessageRejectsUnauthorizedRequests() {
    Message msg = ProtonHelper.message();
    msg.setSubject("unauthorized");
    ProtonConnection con = mock(ProtonConnection.class);
    ProtonDelivery delivery = mock(ProtonDelivery.class);
    AuthorizationService authService = mock(AuthorizationService.class);
    when(authService.isAuthorized(any(HonoUser.class), any(ResourceIdentifier.class), anyString())).thenReturn(Future.succeededFuture(Boolean.FALSE));
    Future<Void> processingTracker = Future.future();
    RequestResponseEndpoint<ServiceConfigProperties> endpoint = getEndpoint(true, processingTracker);
    endpoint.setAuthorizationService(authService);
    // WHEN a request for an operation is received that the client is not authorized to invoke
    endpoint.handleMessage(con, receiver, resource, delivery, msg);
    // THEN the the message is rejected
    ArgumentCaptor<DeliveryState> deliveryState = ArgumentCaptor.forClass(DeliveryState.class);
    verify(delivery).disposition(deliveryState.capture(), booleanThat(is(Boolean.TRUE)));
    assertThat(deliveryState.getValue(), instanceOf(Rejected.class));
    verify(receiver, never()).close();
    verify(authService).isAuthorized(Constants.PRINCIPAL_ANONYMOUS, resource, "unauthorized");
    assertFalse(processingTracker.isComplete());
}
Also used : EventBusMessage(org.eclipse.hono.util.EventBusMessage) Message(org.apache.qpid.proton.message.Message) ProtonDelivery(io.vertx.proton.ProtonDelivery) Rejected(org.apache.qpid.proton.amqp.messaging.Rejected) ProtonConnection(io.vertx.proton.ProtonConnection) ResourceIdentifier(org.eclipse.hono.util.ResourceIdentifier) HonoUser(org.eclipse.hono.auth.HonoUser) DeliveryState(org.apache.qpid.proton.amqp.transport.DeliveryState) AuthorizationService(org.eclipse.hono.service.auth.AuthorizationService) ServiceConfigProperties(org.eclipse.hono.config.ServiceConfigProperties) Test(org.junit.Test)

Aggregations

ServiceConfigProperties (org.eclipse.hono.config.ServiceConfigProperties)4 AuthorizationService (org.eclipse.hono.service.auth.AuthorizationService)4 ResourceIdentifier (org.eclipse.hono.util.ResourceIdentifier)4 Test (org.junit.Test)4 ProtonConnection (io.vertx.proton.ProtonConnection)3 ProtonDelivery (io.vertx.proton.ProtonDelivery)2 ProtonReceiver (io.vertx.proton.ProtonReceiver)2 DeliveryState (org.apache.qpid.proton.amqp.transport.DeliveryState)2 Target (org.apache.qpid.proton.amqp.transport.Target)2 Message (org.apache.qpid.proton.message.Message)2 HonoUser (org.eclipse.hono.auth.HonoUser)2 EventBusMessage (org.eclipse.hono.util.EventBusMessage)2 Accepted (org.apache.qpid.proton.amqp.messaging.Accepted)1 Rejected (org.apache.qpid.proton.amqp.messaging.Rejected)1 Record (org.apache.qpid.proton.engine.Record)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial