Search in sources :

Example 11 with AuthorizationConfigurationBuilder

use of org.infinispan.configuration.cache.AuthorizationConfigurationBuilder in project infinispan by infinispan.

the class SecureScriptingTest method createCacheManager.

@Override
protected EmbeddedCacheManager createCacheManager() throws Exception {
    GlobalConfigurationBuilder global = new GlobalConfigurationBuilder();
    GlobalAuthorizationConfigurationBuilder globalRoles = global.security().authorization().enable().principalRoleMapper(new IdentityRoleMapper());
    ConfigurationBuilder config = TestCacheManagerFactory.getDefaultCacheConfiguration(true);
    AuthorizationConfigurationBuilder authConfig = config.security().authorization().enable();
    globalRoles.role("achilles").permission(AuthorizationPermission.READ).permission(AuthorizationPermission.WRITE).role("runner").permission(AuthorizationPermission.EXEC).permission(AuthorizationPermission.READ).permission(AuthorizationPermission.WRITE).role("pheidippides").permission(AuthorizationPermission.EXEC).permission(AuthorizationPermission.READ).permission(AuthorizationPermission.WRITE).role("admin").permission(AuthorizationPermission.ALL);
    authConfig.role("runner").role("pheidippides").role("admin");
    EmbeddedCacheManager cm = TestCacheManagerFactory.createCacheManager(global, config);
    Security.doAs(ADMIN, (PrivilegedExceptionAction<Void>) () -> {
        cm.defineConfiguration(ScriptingTest.CACHE_NAME, cm.getDefaultCacheConfiguration());
        cm.getCache(ScriptingTest.CACHE_NAME);
        cm.defineConfiguration(SecureScriptingTest.SECURE_CACHE_NAME, cm.getDefaultCacheConfiguration());
        cm.getCache(SecureScriptingTest.SECURE_CACHE_NAME);
        cm.defineConfiguration("nonSecuredCache", TestCacheManagerFactory.getDefaultCacheConfiguration(true).build());
        return null;
    });
    return cm;
}
Also used : GlobalConfigurationBuilder(org.infinispan.configuration.global.GlobalConfigurationBuilder) IdentityRoleMapper(org.infinispan.security.mappers.IdentityRoleMapper) ConfigurationBuilder(org.infinispan.configuration.cache.ConfigurationBuilder) GlobalConfigurationBuilder(org.infinispan.configuration.global.GlobalConfigurationBuilder) GlobalAuthorizationConfigurationBuilder(org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder) AuthorizationConfigurationBuilder(org.infinispan.configuration.cache.AuthorizationConfigurationBuilder) GlobalAuthorizationConfigurationBuilder(org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder) EmbeddedCacheManager(org.infinispan.manager.EmbeddedCacheManager) GlobalAuthorizationConfigurationBuilder(org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder) AuthorizationConfigurationBuilder(org.infinispan.configuration.cache.AuthorizationConfigurationBuilder)

Example 12 with AuthorizationConfigurationBuilder

use of org.infinispan.configuration.cache.AuthorizationConfigurationBuilder in project infinispan by infinispan.

the class LifecycleCallbacks method getScriptCacheConfiguration.

private ConfigurationBuilder getScriptCacheConfiguration(GlobalConfiguration globalConfiguration) {
    ConfigurationBuilder cfg = new ConfigurationBuilder();
    cfg.encoding().key().mediaType(APPLICATION_OBJECT_TYPE);
    cfg.encoding().value().mediaType(APPLICATION_OBJECT_TYPE);
    GlobalAuthorizationConfiguration globalAuthz = globalConfiguration.security().authorization();
    if (globalAuthz.enabled()) {
        globalAuthz.addRole(GlobalAuthorizationConfiguration.DEFAULT_ROLES.get(SCRIPT_MANAGER_ROLE));
        AuthorizationConfigurationBuilder authorization = cfg.security().authorization().enable();
        // Copy all global roles
        globalAuthz.roles().keySet().forEach(role -> authorization.role(role));
        // Add a special module which translates permissions
        cfg.addModule(CreatePermissionConfigurationBuilder.class);
    }
    return cfg;
}
Also used : ConfigurationBuilder(org.infinispan.configuration.cache.ConfigurationBuilder) CreatePermissionConfigurationBuilder(org.infinispan.security.impl.CreatePermissionConfigurationBuilder) AuthorizationConfigurationBuilder(org.infinispan.configuration.cache.AuthorizationConfigurationBuilder) AuthorizationConfigurationBuilder(org.infinispan.configuration.cache.AuthorizationConfigurationBuilder) GlobalAuthorizationConfiguration(org.infinispan.configuration.global.GlobalAuthorizationConfiguration)

Example 13 with AuthorizationConfigurationBuilder

use of org.infinispan.configuration.cache.AuthorizationConfigurationBuilder in project infinispan by infinispan.

the class AbstractAuthorization method restCreateAuthzCache.

private RestClient restCreateAuthzCache(String... explicitRoles) {
    org.infinispan.configuration.cache.ConfigurationBuilder builder = new org.infinispan.configuration.cache.ConfigurationBuilder();
    AuthorizationConfigurationBuilder authorizationConfigurationBuilder = builder.clustering().cacheMode(CacheMode.DIST_SYNC).security().authorization().enable();
    if (explicitRoles != null) {
        for (String role : explicitRoles) {
            authorizationConfigurationBuilder.role(role);
        }
    }
    return getServerTest().rest().withClientConfiguration(restBuilders.get(TestUser.ADMIN)).withServerConfiguration(builder).create();
}
Also used : RestClientConfigurationBuilder(org.infinispan.client.rest.configuration.RestClientConfigurationBuilder) AuthorizationConfigurationBuilder(org.infinispan.configuration.cache.AuthorizationConfigurationBuilder) ConfigurationBuilder(org.infinispan.client.hotrod.configuration.ConfigurationBuilder) AuthorizationConfigurationBuilder(org.infinispan.configuration.cache.AuthorizationConfigurationBuilder)

Example 14 with AuthorizationConfigurationBuilder

use of org.infinispan.configuration.cache.AuthorizationConfigurationBuilder in project infinispan by infinispan.

the class ProtobufMetadataManagerImpl method getProtobufMetadataCacheConfig.

private static ConfigurationBuilder getProtobufMetadataCacheConfig(GlobalConfiguration globalConfiguration) {
    CacheMode cacheMode = globalConfiguration.isClustered() ? CacheMode.REPL_SYNC : CacheMode.LOCAL;
    ConfigurationBuilder cfg = new ConfigurationBuilder();
    cfg.transaction().transactionMode(TransactionMode.TRANSACTIONAL).invocationBatching().enable().transaction().lockingMode(LockingMode.PESSIMISTIC).locking().isolationLevel(IsolationLevel.READ_COMMITTED).useLockStriping(false).clustering().cacheMode(cacheMode).stateTransfer().fetchInMemoryState(true).awaitInitialTransfer(false).encoding().key().mediaType(MediaType.APPLICATION_OBJECT_TYPE).encoding().value().mediaType(MediaType.APPLICATION_OBJECT_TYPE);
    GlobalAuthorizationConfiguration globalAuthz = globalConfiguration.security().authorization();
    if (globalAuthz.enabled()) {
        if (!globalAuthz.hasRole(SCHEMA_MANAGER_ROLE)) {
            globalAuthz.addRole(GlobalAuthorizationConfiguration.DEFAULT_ROLES.get(SCHEMA_MANAGER_ROLE));
        }
        AuthorizationConfigurationBuilder authorization = cfg.security().authorization().enable();
        // Copy all global roles
        globalAuthz.roles().keySet().forEach(role -> authorization.role(role));
        // Add a special module which translates permissions
        cfg.addModule(CreatePermissionConfigurationBuilder.class);
    }
    return cfg;
}
Also used : ConfigurationBuilder(org.infinispan.configuration.cache.ConfigurationBuilder) AuthorizationConfigurationBuilder(org.infinispan.configuration.cache.AuthorizationConfigurationBuilder) CreatePermissionConfigurationBuilder(org.infinispan.security.impl.CreatePermissionConfigurationBuilder) CacheMode(org.infinispan.configuration.cache.CacheMode) AuthorizationConfigurationBuilder(org.infinispan.configuration.cache.AuthorizationConfigurationBuilder) GlobalAuthorizationConfiguration(org.infinispan.configuration.global.GlobalAuthorizationConfiguration)

Aggregations

AuthorizationConfigurationBuilder (org.infinispan.configuration.cache.AuthorizationConfigurationBuilder)14 ConfigurationBuilder (org.infinispan.configuration.cache.ConfigurationBuilder)12 GlobalAuthorizationConfigurationBuilder (org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder)10 GlobalConfigurationBuilder (org.infinispan.configuration.global.GlobalConfigurationBuilder)10 IdentityRoleMapper (org.infinispan.security.mappers.IdentityRoleMapper)6 ConfigurationBuilder (org.infinispan.client.hotrod.configuration.ConfigurationBuilder)2 RestClientConfigurationBuilder (org.infinispan.client.rest.configuration.RestClientConfigurationBuilder)2 GlobalAuthorizationConfiguration (org.infinispan.configuration.global.GlobalAuthorizationConfiguration)2 AuthorizationPermission (org.infinispan.security.AuthorizationPermission)2 CreatePermissionConfigurationBuilder (org.infinispan.security.impl.CreatePermissionConfigurationBuilder)2 Subject (javax.security.auth.Subject)1 CacheMode (org.infinispan.configuration.cache.CacheMode)1 GlobalRoleConfigurationBuilder (org.infinispan.configuration.global.GlobalRoleConfigurationBuilder)1 DefaultCacheManager (org.infinispan.manager.DefaultCacheManager)1 EmbeddedCacheManager (org.infinispan.manager.EmbeddedCacheManager)1 Before (org.junit.Before)1