Example 1 with GlobalAuthorizationConfigurationBuilder
use of org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder in project infinispan by infinispan.
the class Parser method parseGlobalAuthorization.
private void parseGlobalAuthorization(ConfigurationReader reader, ConfigurationBuilderHolder holder) {
GlobalAuthorizationConfigurationBuilder builder = holder.getGlobalConfigurationBuilder().security().authorization().enable();
for (int i = 0; i < reader.getAttributeCount(); i++) {
String value = reader.getAttributeValue(i);
Attribute attribute = Attribute.forName(reader.getAttributeName(i));
switch(attribute) {
case AUDIT_LOGGER:
{
builder.auditLogger(Util.getInstance(value, holder.getClassLoader()));
break;
}
default:
{
throw ParseUtils.unexpectedAttribute(reader, i);
}
}
}
PrincipalRoleMapper roleMapper = null;
RolePermissionMapper permissionMapper = null;
while (reader.hasNext()) {
reader.nextElement();
Element element = Element.forName(reader.getLocalName());
switch(element) {
case AUTHORIZATION:
{
reader.require(ConfigurationReader.ElementType.END_ELEMENT);
if (permissionMapper != null) {
builder.rolePermissionMapper(permissionMapper);
}
if (roleMapper != null) {
builder.principalRoleMapper(roleMapper);
}
return;
}
case CLUSTER_PERMISSION_MAPPER:
if (permissionMapper != null) {
throw ParseUtils.unexpectedElement(reader);
}
ParseUtils.requireNoAttributes(reader);
ParseUtils.requireNoContent(reader);
permissionMapper = new ClusterPermissionMapper();
break;
case CUSTOM_PERMISSION_MAPPER:
if (permissionMapper != null) {
throw ParseUtils.unexpectedElement(reader);
}
permissionMapper = parseCustomPermissionMapper(reader, holder);
break;
case IDENTITY_ROLE_MAPPER:
if (roleMapper != null) {
throw ParseUtils.unexpectedElement(reader);
}
ParseUtils.requireNoAttributes(reader);
ParseUtils.requireNoContent(reader);
roleMapper = new IdentityRoleMapper();
break;
case COMMON_NAME_ROLE_MAPPER:
if (roleMapper != null) {
throw ParseUtils.unexpectedElement(reader);
}
ParseUtils.requireNoAttributes(reader);
ParseUtils.requireNoContent(reader);
roleMapper = new CommonNameRoleMapper();
break;
case CLUSTER_ROLE_MAPPER:
if (roleMapper != null) {
throw ParseUtils.unexpectedElement(reader);
}
ParseUtils.requireNoAttributes(reader);
ParseUtils.requireNoContent(reader);
roleMapper = new ClusterRoleMapper();
break;
case CUSTOM_ROLE_MAPPER:
if (roleMapper != null) {
throw ParseUtils.unexpectedElement(reader);
}
roleMapper = parseCustomRoleMapper(reader, holder);
break;
case ROLES:
{
while (reader.inTag()) {
Map.Entry<String, String> item = reader.getMapItem(Attribute.NAME);
parseGlobalRole(reader, builder, item.getKey());
reader.endMapItem();
}
break;
}
case ROLE:
{
parseGlobalRole(reader, builder, null);
break;
}
default:
{
throw ParseUtils.unexpectedElement(reader);
}
}
}
}
Also used :
PrincipalRoleMapper(org.infinispan.security.PrincipalRoleMapper)
IdentityRoleMapper(org.infinispan.security.mappers.IdentityRoleMapper)
ParseUtils.ignoreAttribute(org.infinispan.configuration.parsing.ParseUtils.ignoreAttribute)
RolePermissionMapper(org.infinispan.security.RolePermissionMapper)
GlobalAuthorizationConfigurationBuilder(org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder)
ClusterRoleMapper(org.infinispan.security.mappers.ClusterRoleMapper)
CommonNameRoleMapper(org.infinispan.security.mappers.CommonNameRoleMapper)
ClusterPermissionMapper(org.infinispan.security.mappers.ClusterPermissionMapper)
Example 2 with GlobalAuthorizationConfigurationBuilder
use of org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder in project infinispan by infinispan.
the class CustomAuditLoggerTest method createCacheManager.
@Override
protected EmbeddedCacheManager createCacheManager() throws Exception {
GlobalConfigurationBuilder global = new GlobalConfigurationBuilder();
GlobalAuthorizationConfigurationBuilder globalRoles = global.security().authorization().enable().principalRoleMapper(new IdentityRoleMapper()).auditLogger(LOGGER);
ConfigurationBuilder config = TestCacheManagerFactory.getDefaultCacheConfiguration(true);
AuthorizationConfigurationBuilder authConfig = config.security().authorization().enable();
globalRoles.role(ADMIN_ROLE).permission(AuthorizationPermission.ALL).role(READER_ROLE).permission(AuthorizationPermission.READ);
authConfig.role(ADMIN_ROLE).role(READER_ROLE);
return TestCacheManagerFactory.createCacheManager(global, config);
}
Also used :
GlobalConfigurationBuilder(org.infinispan.configuration.global.GlobalConfigurationBuilder)
IdentityRoleMapper(org.infinispan.security.mappers.IdentityRoleMapper)
ConfigurationBuilder(org.infinispan.configuration.cache.ConfigurationBuilder)
GlobalConfigurationBuilder(org.infinispan.configuration.global.GlobalConfigurationBuilder)
GlobalAuthorizationConfigurationBuilder(org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder)
AuthorizationConfigurationBuilder(org.infinispan.configuration.cache.AuthorizationConfigurationBuilder)
GlobalAuthorizationConfigurationBuilder(org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder)
GlobalAuthorizationConfigurationBuilder(org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder)
AuthorizationConfigurationBuilder(org.infinispan.configuration.cache.AuthorizationConfigurationBuilder)
Example 3 with GlobalAuthorizationConfigurationBuilder
use of org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder in project infinispan by infinispan.
the class DynamicRBACTest method getGlobalConfigurationBuilder.
private GlobalConfigurationBuilder getGlobalConfigurationBuilder() {
GlobalConfigurationBuilder global = GlobalConfigurationBuilder.defaultClusteredBuilder();
GlobalAuthorizationConfigurationBuilder globalRoles = global.security().authorization().enable().principalRoleMapper(new ClusterRoleMapper()).rolePermissionMapper(new ClusterPermissionMapper());
globalRoles.role("reader").permission(AuthorizationPermission.ALL_READ).role("writer").permission(AuthorizationPermission.ALL_WRITE).role("admin").permission(AuthorizationPermission.ALL);
return global;
}
Also used :
GlobalConfigurationBuilder(org.infinispan.configuration.global.GlobalConfigurationBuilder)
GlobalAuthorizationConfigurationBuilder(org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder)
ClusterRoleMapper(org.infinispan.security.mappers.ClusterRoleMapper)
ClusterPermissionMapper(org.infinispan.security.mappers.ClusterPermissionMapper)
Example 4 with GlobalAuthorizationConfigurationBuilder
use of org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder in project infinispan by infinispan.
the class BackupWithSecurityTest method defaultGlobalConfigurationForSite.
@Override
protected GlobalConfigurationBuilder defaultGlobalConfigurationForSite(int siteIndex) {
GlobalConfigurationBuilder builder = super.defaultGlobalConfigurationForSite(siteIndex);
GlobalAuthorizationConfigurationBuilder globalRoles = builder.security().authorization().enable().principalRoleMapper(new IdentityRoleMapper());
for (AuthorizationPermission perm : AuthorizationPermission.values()) {
globalRoles.role(perm.toString()).permission(perm);
}
return builder;
}
Also used :
GlobalConfigurationBuilder(org.infinispan.configuration.global.GlobalConfigurationBuilder)
IdentityRoleMapper(org.infinispan.security.mappers.IdentityRoleMapper)
AuthorizationPermission(org.infinispan.security.AuthorizationPermission)
GlobalAuthorizationConfigurationBuilder(org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder)
Example 5 with GlobalAuthorizationConfigurationBuilder
use of org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder in project infinispan by infinispan.
the class AbstractAuthentication method setupCache.
@Before
public void setupCache() throws Exception {
// global setup
globalConfig = new GlobalConfigurationBuilder();
GlobalAuthorizationConfigurationBuilder globalRoles = globalConfig.security().authorization().enable().principalRoleMapper(getPrincipalRoleMapper());
// cache setup
cacheConfig = new ConfigurationBuilder();
cacheConfig.transaction().lockingMode(LockingMode.PESSIMISTIC);
cacheConfig.invocationBatching().enable();
AuthorizationConfigurationBuilder authConfig = cacheConfig.security().authorization().enable();
// authorization setup
Map<String, AuthorizationPermission[]> rolePermissionMap = getRolePermissionMap();
for (Entry<String, AuthorizationPermission[]> role : rolePermissionMap.entrySet()) {
authConfig = authConfig.role(role.getKey());
GlobalRoleConfigurationBuilder roleBuilder = globalRoles.role(role.getKey());
for (AuthorizationPermission permission : role.getValue()) {
roleBuilder = roleBuilder.permission(permission);
}
}
Subject admin = getAdminSubject();
Security.doAs(admin, new PrivilegedExceptionAction<Void>() {
public Void run() {
manager = new DefaultCacheManager(globalConfig.build());
manager.defineConfiguration(CACHE_NAME, cacheConfig.build());
secureCache = manager.getCache(CACHE_NAME);
secureCache.put(TEST_ENTRY_KEY, TEST_ENTRY_VALUE);
return null;
}
});
}
Also used :
GlobalConfigurationBuilder(org.infinispan.configuration.global.GlobalConfigurationBuilder)
ConfigurationBuilder(org.infinispan.configuration.cache.ConfigurationBuilder)
GlobalConfigurationBuilder(org.infinispan.configuration.global.GlobalConfigurationBuilder)
GlobalAuthorizationConfigurationBuilder(org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder)
GlobalRoleConfigurationBuilder(org.infinispan.configuration.global.GlobalRoleConfigurationBuilder)
AuthorizationConfigurationBuilder(org.infinispan.configuration.cache.AuthorizationConfigurationBuilder)
DefaultCacheManager(org.infinispan.manager.DefaultCacheManager)
AuthorizationPermission(org.infinispan.security.AuthorizationPermission)
GlobalAuthorizationConfigurationBuilder(org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder)
GlobalAuthorizationConfigurationBuilder(org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder)
AuthorizationConfigurationBuilder(org.infinispan.configuration.cache.AuthorizationConfigurationBuilder)
Subject(javax.security.auth.Subject)
GlobalRoleConfigurationBuilder(org.infinispan.configuration.global.GlobalRoleConfigurationBuilder)
Before(org.junit.Before)
Aggregations
GlobalAuthorizationConfigurationBuilder (org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder)13
GlobalConfigurationBuilder (org.infinispan.configuration.global.GlobalConfigurationBuilder)12
IdentityRoleMapper (org.infinispan.security.mappers.IdentityRoleMapper)11
ConfigurationBuilder (org.infinispan.configuration.cache.ConfigurationBuilder)10
AuthorizationConfigurationBuilder (org.infinispan.configuration.cache.AuthorizationConfigurationBuilder)8
EmbeddedCacheManager (org.infinispan.manager.EmbeddedCacheManager)2
AuthorizationPermission (org.infinispan.security.AuthorizationPermission)2
ClusterPermissionMapper (org.infinispan.security.mappers.ClusterPermissionMapper)2
ClusterRoleMapper (org.infinispan.security.mappers.ClusterRoleMapper)2
Subject (javax.security.auth.Subject)1
GlobalRoleConfigurationBuilder (org.infinispan.configuration.global.GlobalRoleConfigurationBuilder)1
ParseUtils.ignoreAttribute (org.infinispan.configuration.parsing.ParseUtils.ignoreAttribute)1
DefaultCacheManager (org.infinispan.manager.DefaultCacheManager)1
PrincipalRoleMapper (org.infinispan.security.PrincipalRoleMapper)1
RolePermissionMapper (org.infinispan.security.RolePermissionMapper)1
CommonNameRoleMapper (org.infinispan.security.mappers.CommonNameRoleMapper)1
Before (org.junit.Before)1
