use of org.glassfish.security.services.api.common.Attributes in project Payara by payara.
the class SimpleAtzProviderTest method testService.
@Test
public void testService() throws Exception {
final AuthorizationService authorizationService = new AuthorizationServiceImpl();
Assert.assertNotNull(simpleAtzPrv);
final AzEnvironment env = new AzEnvironmentImpl();
final Attributes attrs = contextService.getEnvironmentAttributes();
for (String attrName : attrs.getAttributeNames()) {
env.addAttribute(attrName, attrs.getAttributeValue(attrName), true);
}
AzSubject azS = authorizationService.makeAzSubject(adminSubject());
AzResult rt = simpleAtzPrv.getAuthorizationDecision(azS, authorizationService.makeAzResource(URI.create("admin://some/path")), authorizationService.makeAzAction("read"), env, null);
AzResult.Decision ds = rt.getDecision();
Assert.assertEquals(AzResult.Decision.PERMIT, ds);
}
use of org.glassfish.security.services.api.common.Attributes in project Payara by payara.
the class AttributesTest method testAttributesEmpty.
@Test
public void testAttributesEmpty() {
String attName = "test";
Attributes att = new AttributesImpl();
att.addAttribute(attName, "", false);
Set<String> vs = att.getAttributeValues(attName);
Assert.assertEquals(0, vs.size());
}
use of org.glassfish.security.services.api.common.Attributes in project Payara by payara.
the class AuthorizationServiceImpl method getAuthorizationDecision.
/**
* The primary authorization method. The isAuthorized() methods call this method
* after converting their arguments into the appropriate attribute collection type.
* It returns a full AzResult, including authorization status, decision, and
* obligations.
*
* This method performs two steps prior to invoking the configured AuthorizationProvider
* to evaluate the request: First, it acquires the current AzEnvironment attributes by
* calling the Security Context service. Second, it calls the Role Mapping service to
* determine which roles the subject has, and adds the resulting role attributes into
* the AzSubject.
*
* @param subject The attributes collection representing the Subject for which an authorization
* decision is requested.
* @param resource The attributes collection representing the resource for which access is
* being requested.
* @param action The attributes collection representing the action, with respect to the resource,
* for which access is being requested. A null action is interpreted as all
* actions, however all actions may also be represented by the AzAction instance.
* See <code>{@link org.glassfish.security.services.api.authorization.AzAction}</code>.
* @return The AzResult indicating the result of the access decision.
* @throws IllegalArgumentException Given null or illegal subject or resource
* @throws IllegalStateException Service was not initialized.
* @see AuthorizationService#getAuthorizationDecision
*/
@Override
public AzResult getAuthorizationDecision(final AzSubject subject, final AzResource resource, final AzAction action) {
checkServiceAvailability();
// Validate inputs
if (null == subject) {
throw new IllegalArgumentException(localStrings.getLocalString("service.subject_null", "The supplied Subject is null."));
}
if (null == resource) {
throw new IllegalArgumentException(localStrings.getLocalString("service.resource_null", "The supplied Resource is null."));
}
// TODO: setup current AzEnvironment instance. Should a null or empty instance to represent current environment?
final AzEnvironment env = new AzEnvironmentImpl();
final Attributes attrs = securityContextService.getEnvironmentAttributes();
for (String attrName : attrs.getAttributeNames()) {
env.addAttribute(attrName, attrs.getAttributeValue(attrName), true);
}
AzResult result = provider.getAuthorizationDecision(subject, resource, action, env, attributeResolvers);
if (isDebug()) {
logger.log(DEBUG_LEVEL, "Authorization Service result for {0} was {1}.", new String[] { subject.toString(), result.toString() });
}
return result;
}
use of org.glassfish.security.services.api.common.Attributes in project Payara by payara.
the class AzResourceImplTest method testAddAttributesFromUriQuery.
@Test
public void testAddAttributesFromUriQuery() throws Exception {
URI uri = new URI("admin:///tenants/tenant/zirka?locked=true");
Attributes attributes = new AttributesImpl();
Attribute attribute;
Set<String> values;
Iterator<String> iter;
BitSet bitset;
final boolean REPLACE = true;
// Null
try {
addAttributesFromUriQuery(null, attributes, REPLACE);
fail("Expected IllegalArgumentException from null URI.");
} catch (IllegalArgumentException e) {
}
try {
addAttributesFromUriQuery(uri, null, REPLACE);
fail("Expected IllegalArgumentException from null Attributes.");
} catch (IllegalArgumentException e) {
}
assertEquals("Empty attributes", 0, attributes.getAttributeCount());
// No params
uri = new URI("admin:///tenants/tenant/zirka");
addAttributesFromUriQuery(uri, attributes, !REPLACE);
assertEquals("Empty attributes", 0, attributes.getAttributeCount());
// 1 param
uri = new URI("admin:///tenants/tenant/zirka?name1=value1");
addAttributesFromUriQuery(uri, attributes, !REPLACE);
assertEquals("Attributes count", 1, attributes.getAttributeCount());
assertNotNull("attribute", attribute = attributes.getAttribute("name1"));
values = attribute.getValues();
assertEquals("Values count", 1, values.size());
iter = values.iterator();
assertTrue(iter.hasNext());
assertEquals("Values value", "value1", iter.next());
assertFalse(iter.hasNext());
// Repeat, no dup value
addAttributesFromUriQuery(uri, attributes, !REPLACE);
assertEquals("Attributes count", 1, attributes.getAttributeCount());
assertNotNull("attribute", attribute = attributes.getAttribute("name1"));
values = attribute.getValues();
assertEquals("Values count", 1, values.size());
iter = values.iterator();
assertTrue("iterator", iter.hasNext());
assertEquals("Values value", "value1", iter.next());
assertFalse("iterator", iter.hasNext());
// New value
uri = new URI("admin:///tenants/tenant/boris?name1=value2");
addAttributesFromUriQuery(uri, attributes, !REPLACE);
assertEquals("Attributes count", 1, attributes.getAttributeCount());
assertNotNull("attribute", attribute = attributes.getAttribute("name1"));
values = attribute.getValues();
assertEquals("Values count", 2, values.size());
bitset = new BitSet(2);
for (String v : values) {
if ("value1".equals(v) && !bitset.get(0)) {
bitset.set(0);
} else if ("value2".equals(v) && !bitset.get(1)) {
bitset.set(1);
} else {
fail("Unexpected attribute value " + v);
}
}
// Replace attribute
uri = new URI("admin:///tenants/tenant/lucky?name1=value3");
addAttributesFromUriQuery(uri, attributes, REPLACE);
assertEquals("Attributes count", 1, attributes.getAttributeCount());
assertNotNull("attribute", attribute = attributes.getAttribute("name1"));
values = attribute.getValues();
assertEquals("Values count", 1, values.size());
iter = values.iterator();
assertTrue("iterator", iter.hasNext());
assertEquals("Values value", "value3", iter.next());
assertFalse("iterator", iter.hasNext());
// New attribute
uri = new URI("admin:///tenants/tenant/lucky?name2=value21&name2=value22");
addAttributesFromUriQuery(uri, attributes, !REPLACE);
assertEquals("Attributes count", 2, attributes.getAttributeCount());
assertNotNull("attribute", attributes.getAttribute("name1"));
assertNotNull("attribute", attribute = attributes.getAttribute("name2"));
values = attribute.getValues();
assertEquals("Values count", 2, values.size());
bitset = new BitSet(2);
for (String v : values) {
if ("value21".equals(v) && !bitset.get(0)) {
bitset.set(0);
} else if ("value22".equals(v) && !bitset.get(1)) {
bitset.set(1);
} else {
fail("Unexpected attribute value " + v);
}
}
// Encoded attribute
attributes = new AttributesImpl();
uri = new URI("admin:///tenants/tenant/lucky?na%3Dme2=val%26ue1&na%3Dme2=val%3Due2");
addAttributesFromUriQuery(uri, attributes, !REPLACE);
assertEquals("Attributes count", 1, attributes.getAttributeCount());
assertNotNull("attribute", attribute = attributes.getAttribute("na=me2"));
values = attribute.getValues();
assertEquals("Values count", 2, values.size());
bitset = new BitSet(2);
for (String v : values) {
if ("val&ue1".equals(v) && !bitset.get(0)) {
bitset.set(0);
} else if ("val=ue2".equals(v) && !bitset.get(1)) {
bitset.set(1);
} else {
fail("Unexpected attribute value " + v);
}
}
}
use of org.glassfish.security.services.api.common.Attributes in project Payara by payara.
the class AttributesTest method testAttributes.
@Test
public void testAttributes() {
String attName = "test";
Attributes att = new AttributesImpl();
att.addAttribute(attName, "value1", false);
att.addAttribute(attName, "value2", false);
Set<String> vs = att.getAttributeValues(attName);
Assert.assertEquals(2, vs.size());
Assert.assertTrue(vs.contains("value1"));
Assert.assertTrue(vs.contains("value2"));
}
Aggregations