use of org.infinispan.configuration.cache.AuthorizationConfigurationBuilder in project infinispan by infinispan.
the class SecureScriptingTest method createCacheManager.
@Override
protected EmbeddedCacheManager createCacheManager() throws Exception {
GlobalConfigurationBuilder global = new GlobalConfigurationBuilder();
GlobalAuthorizationConfigurationBuilder globalRoles = global.security().authorization().enable().principalRoleMapper(new IdentityRoleMapper());
ConfigurationBuilder config = TestCacheManagerFactory.getDefaultCacheConfiguration(true);
AuthorizationConfigurationBuilder authConfig = config.security().authorization().enable();
globalRoles.role("achilles").permission(AuthorizationPermission.READ).permission(AuthorizationPermission.WRITE).role("runner").permission(AuthorizationPermission.EXEC).permission(AuthorizationPermission.READ).permission(AuthorizationPermission.WRITE).role("pheidippides").permission(AuthorizationPermission.EXEC).permission(AuthorizationPermission.READ).permission(AuthorizationPermission.WRITE).role("admin").permission(AuthorizationPermission.ALL);
authConfig.role("runner").role("pheidippides").role("admin");
EmbeddedCacheManager cm = TestCacheManagerFactory.createCacheManager(global, config);
Security.doAs(ADMIN, (PrivilegedExceptionAction<Void>) () -> {
cm.defineConfiguration(ScriptingTest.CACHE_NAME, cm.getDefaultCacheConfiguration());
cm.getCache(ScriptingTest.CACHE_NAME);
cm.defineConfiguration(SecureScriptingTest.SECURE_CACHE_NAME, cm.getDefaultCacheConfiguration());
cm.getCache(SecureScriptingTest.SECURE_CACHE_NAME);
cm.defineConfiguration("nonSecuredCache", TestCacheManagerFactory.getDefaultCacheConfiguration(true).build());
return null;
});
return cm;
}
use of org.infinispan.configuration.cache.AuthorizationConfigurationBuilder in project infinispan by infinispan.
the class LifecycleCallbacks method getScriptCacheConfiguration.
private ConfigurationBuilder getScriptCacheConfiguration(GlobalConfiguration globalConfiguration) {
ConfigurationBuilder cfg = new ConfigurationBuilder();
cfg.encoding().key().mediaType(APPLICATION_OBJECT_TYPE);
cfg.encoding().value().mediaType(APPLICATION_OBJECT_TYPE);
GlobalAuthorizationConfiguration globalAuthz = globalConfiguration.security().authorization();
if (globalAuthz.enabled()) {
globalAuthz.addRole(GlobalAuthorizationConfiguration.DEFAULT_ROLES.get(SCRIPT_MANAGER_ROLE));
AuthorizationConfigurationBuilder authorization = cfg.security().authorization().enable();
// Copy all global roles
globalAuthz.roles().keySet().forEach(role -> authorization.role(role));
// Add a special module which translates permissions
cfg.addModule(CreatePermissionConfigurationBuilder.class);
}
return cfg;
}
use of org.infinispan.configuration.cache.AuthorizationConfigurationBuilder in project infinispan by infinispan.
the class AbstractAuthorization method restCreateAuthzCache.
private RestClient restCreateAuthzCache(String... explicitRoles) {
org.infinispan.configuration.cache.ConfigurationBuilder builder = new org.infinispan.configuration.cache.ConfigurationBuilder();
AuthorizationConfigurationBuilder authorizationConfigurationBuilder = builder.clustering().cacheMode(CacheMode.DIST_SYNC).security().authorization().enable();
if (explicitRoles != null) {
for (String role : explicitRoles) {
authorizationConfigurationBuilder.role(role);
}
}
return getServerTest().rest().withClientConfiguration(restBuilders.get(TestUser.ADMIN)).withServerConfiguration(builder).create();
}
use of org.infinispan.configuration.cache.AuthorizationConfigurationBuilder in project infinispan by infinispan.
the class ProtobufMetadataManagerImpl method getProtobufMetadataCacheConfig.
private static ConfigurationBuilder getProtobufMetadataCacheConfig(GlobalConfiguration globalConfiguration) {
CacheMode cacheMode = globalConfiguration.isClustered() ? CacheMode.REPL_SYNC : CacheMode.LOCAL;
ConfigurationBuilder cfg = new ConfigurationBuilder();
cfg.transaction().transactionMode(TransactionMode.TRANSACTIONAL).invocationBatching().enable().transaction().lockingMode(LockingMode.PESSIMISTIC).locking().isolationLevel(IsolationLevel.READ_COMMITTED).useLockStriping(false).clustering().cacheMode(cacheMode).stateTransfer().fetchInMemoryState(true).awaitInitialTransfer(false).encoding().key().mediaType(MediaType.APPLICATION_OBJECT_TYPE).encoding().value().mediaType(MediaType.APPLICATION_OBJECT_TYPE);
GlobalAuthorizationConfiguration globalAuthz = globalConfiguration.security().authorization();
if (globalAuthz.enabled()) {
if (!globalAuthz.hasRole(SCHEMA_MANAGER_ROLE)) {
globalAuthz.addRole(GlobalAuthorizationConfiguration.DEFAULT_ROLES.get(SCHEMA_MANAGER_ROLE));
}
AuthorizationConfigurationBuilder authorization = cfg.security().authorization().enable();
// Copy all global roles
globalAuthz.roles().keySet().forEach(role -> authorization.role(role));
// Add a special module which translates permissions
cfg.addModule(CreatePermissionConfigurationBuilder.class);
}
return cfg;
}
Aggregations