Examples with IdentityRoleMapper org.infinispan.security.mappers.IdentityRoleMapper used on opensource projects

Search in sources :

Example 1 with IdentityRoleMapper

use of org.infinispan.security.mappers.IdentityRoleMapper in project infinispan by infinispan.

the class Parser method parseGlobalAuthorization.

private void parseGlobalAuthorization(ConfigurationReader reader, ConfigurationBuilderHolder holder) {
    GlobalAuthorizationConfigurationBuilder builder = holder.getGlobalConfigurationBuilder().security().authorization().enable();
    for (int i = 0; i < reader.getAttributeCount(); i++) {
        String value = reader.getAttributeValue(i);
        Attribute attribute = Attribute.forName(reader.getAttributeName(i));
        switch(attribute) {
            case AUDIT_LOGGER:
                {
                    builder.auditLogger(Util.getInstance(value, holder.getClassLoader()));
                    break;
                }
            default:
                {
                    throw ParseUtils.unexpectedAttribute(reader, i);
                }
        }
    }
    PrincipalRoleMapper roleMapper = null;
    RolePermissionMapper permissionMapper = null;
    while (reader.hasNext()) {
        reader.nextElement();
        Element element = Element.forName(reader.getLocalName());
        switch(element) {
            case AUTHORIZATION:
                {
                    reader.require(ConfigurationReader.ElementType.END_ELEMENT);
                    if (permissionMapper != null) {
                        builder.rolePermissionMapper(permissionMapper);
                    }
                    if (roleMapper != null) {
                        builder.principalRoleMapper(roleMapper);
                    }
                    return;
                }
            case CLUSTER_PERMISSION_MAPPER:
                if (permissionMapper != null) {
                    throw ParseUtils.unexpectedElement(reader);
                }
                ParseUtils.requireNoAttributes(reader);
                ParseUtils.requireNoContent(reader);
                permissionMapper = new ClusterPermissionMapper();
                break;
            case CUSTOM_PERMISSION_MAPPER:
                if (permissionMapper != null) {
                    throw ParseUtils.unexpectedElement(reader);
                }
                permissionMapper = parseCustomPermissionMapper(reader, holder);
                break;
            case IDENTITY_ROLE_MAPPER:
                if (roleMapper != null) {
                    throw ParseUtils.unexpectedElement(reader);
                }
                ParseUtils.requireNoAttributes(reader);
                ParseUtils.requireNoContent(reader);
                roleMapper = new IdentityRoleMapper();
                break;
            case COMMON_NAME_ROLE_MAPPER:
                if (roleMapper != null) {
                    throw ParseUtils.unexpectedElement(reader);
                }
                ParseUtils.requireNoAttributes(reader);
                ParseUtils.requireNoContent(reader);
                roleMapper = new CommonNameRoleMapper();
                break;
            case CLUSTER_ROLE_MAPPER:
                if (roleMapper != null) {
                    throw ParseUtils.unexpectedElement(reader);
                }
                ParseUtils.requireNoAttributes(reader);
                ParseUtils.requireNoContent(reader);
                roleMapper = new ClusterRoleMapper();
                break;
            case CUSTOM_ROLE_MAPPER:
                if (roleMapper != null) {
                    throw ParseUtils.unexpectedElement(reader);
                }
                roleMapper = parseCustomRoleMapper(reader, holder);
                break;
            case ROLES:
                {
                    while (reader.inTag()) {
                        Map.Entry<String, String> item = reader.getMapItem(Attribute.NAME);
                        parseGlobalRole(reader, builder, item.getKey());
                        reader.endMapItem();
                    }
                    break;
                }
            case ROLE:
                {
                    parseGlobalRole(reader, builder, null);
                    break;
                }
            default:
                {
                    throw ParseUtils.unexpectedElement(reader);
                }
        }
    }
}
Also used : PrincipalRoleMapper(org.infinispan.security.PrincipalRoleMapper) IdentityRoleMapper(org.infinispan.security.mappers.IdentityRoleMapper) ParseUtils.ignoreAttribute(org.infinispan.configuration.parsing.ParseUtils.ignoreAttribute) RolePermissionMapper(org.infinispan.security.RolePermissionMapper) GlobalAuthorizationConfigurationBuilder(org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder) ClusterRoleMapper(org.infinispan.security.mappers.ClusterRoleMapper) CommonNameRoleMapper(org.infinispan.security.mappers.CommonNameRoleMapper) ClusterPermissionMapper(org.infinispan.security.mappers.ClusterPermissionMapper)

Example 2 with IdentityRoleMapper

use of org.infinispan.security.mappers.IdentityRoleMapper in project infinispan by infinispan.

the class CustomAuditLoggerTest method createCacheManager.

@Override
protected EmbeddedCacheManager createCacheManager() throws Exception {
    GlobalConfigurationBuilder global = new GlobalConfigurationBuilder();
    GlobalAuthorizationConfigurationBuilder globalRoles = global.security().authorization().enable().principalRoleMapper(new IdentityRoleMapper()).auditLogger(LOGGER);
    ConfigurationBuilder config = TestCacheManagerFactory.getDefaultCacheConfiguration(true);
    AuthorizationConfigurationBuilder authConfig = config.security().authorization().enable();
    globalRoles.role(ADMIN_ROLE).permission(AuthorizationPermission.ALL).role(READER_ROLE).permission(AuthorizationPermission.READ);
    authConfig.role(ADMIN_ROLE).role(READER_ROLE);
    return TestCacheManagerFactory.createCacheManager(global, config);
}
Also used : GlobalConfigurationBuilder(org.infinispan.configuration.global.GlobalConfigurationBuilder) IdentityRoleMapper(org.infinispan.security.mappers.IdentityRoleMapper) ConfigurationBuilder(org.infinispan.configuration.cache.ConfigurationBuilder) GlobalConfigurationBuilder(org.infinispan.configuration.global.GlobalConfigurationBuilder) GlobalAuthorizationConfigurationBuilder(org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder) AuthorizationConfigurationBuilder(org.infinispan.configuration.cache.AuthorizationConfigurationBuilder) GlobalAuthorizationConfigurationBuilder(org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder) GlobalAuthorizationConfigurationBuilder(org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder) AuthorizationConfigurationBuilder(org.infinispan.configuration.cache.AuthorizationConfigurationBuilder)

Example 3 with IdentityRoleMapper

use of org.infinispan.security.mappers.IdentityRoleMapper in project infinispan by infinispan.

the class SecureRemoteCacheAdminTest method addHotRodServer.

@Override
protected HotRodServer addHotRodServer(ConfigurationBuilder builder) {
    GlobalConfigurationBuilder gcb = GlobalConfigurationBuilder.defaultClusteredBuilder();
    gcb.defaultCacheName("default");
    gcb.addModule(PrivateGlobalConfigurationBuilder.class).serverMode(true);
    gcb.security().authorization().enable().principalRoleMapper(new IdentityRoleMapper()).role("admin").permission(AuthorizationPermission.ALL);
    gcb.serialization().addContextInitializer(contextInitializer());
    ConfigurationBuilder template = new ConfigurationBuilder();
    template.read(builder.build());
    template.security().authorization().role("admin");
    try {
        EmbeddedCacheManager cm = Security.doPrivileged((PrivilegedExceptionAction<EmbeddedCacheManager>) () -> {
            EmbeddedCacheManager cacheManager = addClusterEnabledCacheManager(gcb, builder);
            cacheManager.defineConfiguration("template", builder.build());
            cacheManager.defineConfiguration(DefaultTemplate.DIST_ASYNC.getTemplateName(), builder.build());
            return cacheManager;
        });
        HotRodServerConfigurationBuilder serverBuilder = new HotRodServerConfigurationBuilder();
        serverBuilder.adminOperationsHandler(new EmbeddedServerAdminOperationHandler());
        SimpleServerAuthenticationProvider sap = new SimpleServerAuthenticationProvider();
        sap.addUser("admin", "realm", "password".toCharArray(), "admin");
        serverBuilder.authentication().enable().serverAuthenticationProvider(sap).serverName("localhost").addAllowedMech("CRAM-MD5");
        HotRodServer server = Security.doPrivileged((PrivilegedExceptionAction<HotRodServer>) () -> HotRodClientTestingUtil.startHotRodServer(cm, serverBuilder));
        servers.add(server);
        return server;
    } catch (PrivilegedActionException e) {
        throw new RuntimeException(e);
    }
}
Also used : PrivateGlobalConfigurationBuilder(org.infinispan.configuration.internal.PrivateGlobalConfigurationBuilder) GlobalConfigurationBuilder(org.infinispan.configuration.global.GlobalConfigurationBuilder) IdentityRoleMapper(org.infinispan.security.mappers.IdentityRoleMapper) ConfigurationBuilder(org.infinispan.configuration.cache.ConfigurationBuilder) PrivateGlobalConfigurationBuilder(org.infinispan.configuration.internal.PrivateGlobalConfigurationBuilder) GlobalConfigurationBuilder(org.infinispan.configuration.global.GlobalConfigurationBuilder) HotRodServerConfigurationBuilder(org.infinispan.server.hotrod.configuration.HotRodServerConfigurationBuilder) PrivateGlobalConfigurationBuilder(org.infinispan.configuration.internal.PrivateGlobalConfigurationBuilder) EmbeddedServerAdminOperationHandler(org.infinispan.server.core.admin.embeddedserver.EmbeddedServerAdminOperationHandler) PrivilegedActionException(java.security.PrivilegedActionException) HotRodServer(org.infinispan.server.hotrod.HotRodServer) SimpleServerAuthenticationProvider(org.infinispan.server.core.security.simple.SimpleServerAuthenticationProvider) HotRodServerConfigurationBuilder(org.infinispan.server.hotrod.configuration.HotRodServerConfigurationBuilder) EmbeddedCacheManager(org.infinispan.manager.EmbeddedCacheManager)

Example 4 with IdentityRoleMapper

use of org.infinispan.security.mappers.IdentityRoleMapper in project infinispan by infinispan.

the class BackupWithSecurityTest method defaultGlobalConfigurationForSite.

@Override
protected GlobalConfigurationBuilder defaultGlobalConfigurationForSite(int siteIndex) {
    GlobalConfigurationBuilder builder = super.defaultGlobalConfigurationForSite(siteIndex);
    GlobalAuthorizationConfigurationBuilder globalRoles = builder.security().authorization().enable().principalRoleMapper(new IdentityRoleMapper());
    for (AuthorizationPermission perm : AuthorizationPermission.values()) {
        globalRoles.role(perm.toString()).permission(perm);
    }
    return builder;
}
Also used : GlobalConfigurationBuilder(org.infinispan.configuration.global.GlobalConfigurationBuilder) IdentityRoleMapper(org.infinispan.security.mappers.IdentityRoleMapper) AuthorizationPermission(org.infinispan.security.AuthorizationPermission) GlobalAuthorizationConfigurationBuilder(org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder)

Example 5 with IdentityRoleMapper

use of org.infinispan.security.mappers.IdentityRoleMapper in project infinispan by infinispan.

the class ReplicatedSecuredScriptingTest method createCacheManagers.

@Override
protected void createCacheManagers() throws Throwable {
    final GlobalConfigurationBuilder global = GlobalConfigurationBuilder.defaultClusteredBuilder();
    final ConfigurationBuilder builder = getDefaultClusteredCacheConfig(CacheMode.REPL_SYNC);
    global.security().authorization().enable().principalRoleMapper(new IdentityRoleMapper()).role("admin").permission(AuthorizationPermission.ALL).role("runner").permission(AuthorizationPermission.EXEC).permission(AuthorizationPermission.READ).permission(AuthorizationPermission.WRITE).permission(AuthorizationPermission.ADMIN).role("pheidippides").permission(AuthorizationPermission.EXEC).permission(AuthorizationPermission.READ).permission(AuthorizationPermission.WRITE);
    builder.security().authorization().enable().role("admin").role("runner").role("pheidippides");
    builder.encoding().key().mediaType(MediaType.APPLICATION_OBJECT_TYPE).encoding().value().mediaType(MediaType.APPLICATION_OBJECT_TYPE);
    Security.doAs(ADMIN, new PrivilegedExceptionAction<Void>() {

        @Override
        public Void run() throws Exception {
            createCluster(global, builder, 2);
            defineConfigurationOnAllManagers(SecureScriptingTest.SECURE_CACHE_NAME, builder);
            for (EmbeddedCacheManager cm : cacheManagers) cm.getCache(SecureScriptingTest.SECURE_CACHE_NAME);
            waitForClusterToForm();
            return null;
        }
    });
}
Also used : GlobalConfigurationBuilder(org.infinispan.configuration.global.GlobalConfigurationBuilder) ConfigurationBuilder(org.infinispan.configuration.cache.ConfigurationBuilder) GlobalConfigurationBuilder(org.infinispan.configuration.global.GlobalConfigurationBuilder) IdentityRoleMapper(org.infinispan.security.mappers.IdentityRoleMapper) EmbeddedCacheManager(org.infinispan.manager.EmbeddedCacheManager) PrivilegedActionException(java.security.PrivilegedActionException)

Aggregations

IdentityRoleMapper (org.infinispan.security.mappers.IdentityRoleMapper)18 GlobalConfigurationBuilder (org.infinispan.configuration.global.GlobalConfigurationBuilder)16 ConfigurationBuilder (org.infinispan.configuration.cache.ConfigurationBuilder)13 GlobalAuthorizationConfigurationBuilder (org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder)11 AuthorizationConfigurationBuilder (org.infinispan.configuration.cache.AuthorizationConfigurationBuilder)7 EmbeddedCacheManager (org.infinispan.manager.EmbeddedCacheManager)4 PrivilegedActionException (java.security.PrivilegedActionException)2 PrincipalRoleMapper (org.infinispan.security.PrincipalRoleMapper)2 ClusterRoleMapper (org.infinispan.security.mappers.ClusterRoleMapper)2 CommonNameRoleMapper (org.infinispan.security.mappers.CommonNameRoleMapper)2 Subject (javax.security.auth.Subject)1 AttributeSet (org.infinispan.commons.configuration.attributes.AttributeSet)1 GlobalAuthorizationConfiguration (org.infinispan.configuration.global.GlobalAuthorizationConfiguration)1 GlobalConfiguration (org.infinispan.configuration.global.GlobalConfiguration)1 PrivateGlobalConfigurationBuilder (org.infinispan.configuration.internal.PrivateGlobalConfigurationBuilder)1 ParseUtils.ignoreAttribute (org.infinispan.configuration.parsing.ParseUtils.ignoreAttribute)1 ResourceManagerImpl (org.infinispan.rest.framework.impl.ResourceManagerImpl)1 RestDispatcherImpl (org.infinispan.rest.framework.impl.RestDispatcherImpl)1 SimpleRequest (org.infinispan.rest.framework.impl.SimpleRequest)1 SimpleRestResponse (org.infinispan.rest.framework.impl.SimpleRestResponse)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial