Examples with AccessControlList org.opencastproject.security.api.AccessControlList used on opensource projects

Search in sources :

Example 61 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class XACMLSecurityTest method testSecurity.

@Test
public void testSecurity() throws Exception {
    // Create a mediapackage and some role/action tuples
    MediaPackage mediapackage = MediaPackageBuilderFactory.newInstance().newMediaPackageBuilder().createNew();
    // Get default ACL
    AccessControlList defaultAcl = authzService.getActiveAcl(mediapackage).getA();
    Assert.assertEquals(0, defaultAcl.getEntries().size());
    // Default with series
    mediapackage.setSeries("123");
    defaultAcl = authzService.getActiveAcl(mediapackage).getA();
    Assert.assertEquals(0, defaultAcl.getEntries().size());
    AccessControlList aclSeries1 = new AccessControlList();
    List<AccessControlEntry> entriesSeries1 = aclSeries1.getEntries();
    entriesSeries1.add(new AccessControlEntry("admin", "delete", true));
    entriesSeries1.add(new AccessControlEntry("admin", "read", true));
    entriesSeries1.add(new AccessControlEntry("student", "read", true));
    entriesSeries1.add(new AccessControlEntry("student", "comment", true));
    entriesSeries1.add(new AccessControlEntry(DefaultOrganization.DEFAULT_ORGANIZATION_ANONYMOUS, "read", true));
    entriesSeries1.add(new AccessControlEntry(DefaultOrganization.DEFAULT_ORGANIZATION_ANONYMOUS, "comment", false));
    AccessControlList aclSeries2 = new AccessControlList();
    List<AccessControlEntry> entriesSeries2 = aclSeries2.getEntries();
    entriesSeries2.add(new AccessControlEntry("admin", "delete", true));
    entriesSeries2.add(new AccessControlEntry("admin", "read", true));
    entriesSeries2.add(new AccessControlEntry("student", "read", false));
    entriesSeries2.add(new AccessControlEntry("student", "comment", false));
    entriesSeries2.add(new AccessControlEntry(DefaultOrganization.DEFAULT_ORGANIZATION_ANONYMOUS, "read", true));
    entriesSeries2.add(new AccessControlEntry(DefaultOrganization.DEFAULT_ORGANIZATION_ANONYMOUS, "comment", false));
    AccessControlList aclEpisode = new AccessControlList();
    // Add the security policy to the mediapackage
    authzService.setAcl(mediapackage, AclScope.Series, aclSeries1);
    // Ensure that the permissions specified are respected by the security service
    currentRoles.clear();
    currentRoles.add(new JaxbRole("admin", organization, ""));
    Assert.assertTrue(authzService.hasPermission(mediapackage, "delete"));
    Assert.assertTrue(authzService.hasPermission(mediapackage, "read"));
    Assert.assertFalse(authzService.hasPermission(mediapackage, "comment"));
    currentRoles.clear();
    currentRoles.add(new JaxbRole("student", organization, ""));
    Assert.assertFalse(authzService.hasPermission(mediapackage, "delete"));
    Assert.assertTrue(authzService.hasPermission(mediapackage, "read"));
    Assert.assertTrue(authzService.hasPermission(mediapackage, "comment"));
    currentRoles.clear();
    currentRoles.add(new JaxbRole("admin", organization));
    mediapackage = authzService.setAcl(mediapackage, AclScope.Episode, aclEpisode).getA();
    Assert.assertEquals(AclScope.Episode, authzService.getActiveAcl(mediapackage).getB());
    Assert.assertFalse(authzService.hasPermission(mediapackage, "delete"));
    Assert.assertFalse(authzService.hasPermission(mediapackage, "read"));
    Assert.assertFalse(authzService.hasPermission(mediapackage, "comment"));
    mediapackage = authzService.removeAcl(mediapackage, AclScope.Episode);
    AccessControlList computedAcl = authzService.getActiveAcl(mediapackage).getA();
    Assert.assertEquals("ACLs are the same size?", entriesSeries1.size(), computedAcl.getEntries().size());
    Assert.assertTrue("ACLs contain the same ACEs?", computedAcl.getEntries().containsAll(entriesSeries1));
    authzService.setAcl(mediapackage, AclScope.Series, aclSeries2);
    currentRoles.clear();
    currentRoles.add(new JaxbRole("student", organization));
    Assert.assertFalse(authzService.hasPermission(mediapackage, "delete"));
    Assert.assertFalse(authzService.hasPermission(mediapackage, "read"));
    Assert.assertFalse(authzService.hasPermission(mediapackage, "comment"));
    currentRoles.clear();
    currentRoles.add(new JaxbRole(DefaultOrganization.DEFAULT_ORGANIZATION_ANONYMOUS, organization, ""));
    Assert.assertFalse(authzService.hasPermission(mediapackage, "delete"));
    Assert.assertTrue(authzService.hasPermission(mediapackage, "read"));
    Assert.assertFalse(authzService.hasPermission(mediapackage, "comment"));
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) JaxbRole(org.opencastproject.security.api.JaxbRole) MediaPackage(org.opencastproject.mediapackage.MediaPackage) AccessControlEntry(org.opencastproject.security.api.AccessControlEntry) Test(org.junit.Test)

Example 62 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class AclScanner method updateAcl.

/**
 * Update an ACL based upon an XACML file on all the organizations.
 *
 * @param artifact
 *          The File representing the XACML File.
 * @throws IOException
 * @throws JAXBException
 */
private void updateAcl(File artifact) throws IOException, XACMLParsingException {
    List<Organization> organizations = organizationDirectoryService.getOrganizations();
    logger.debug("Updating Acl {}", artifact.getAbsolutePath());
    String fileName = FilenameUtils.removeExtension(artifact.getName());
    AccessControlList acl = parseToAcl(artifact);
    // Update the Acl on all the organizations
    for (Organization org : organizations) {
        securityService.setOrganization(org);
        Long id = managedAcls.get(generateAclId(fileName, org));
        if (id != null) {
            // If the Acl Id is in the managedAcls map, we update the Acl
            if (!getAclService(org).updateAcl(new ManagedAclImpl(id, fileName, org.getId(), acl))) {
                logger.warn("No Acl found with the id {} for the organisation {}.", id, org.getName());
            } else {
                logger.debug("Acl from XACML file {} has been updated for the organisation {}", fileName, org.getName());
            }
        } else {
            logger.info("The XACML file {} has not been added to the organisation {} and will therefore not be updated", fileName, org.getName());
        }
    }
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) Organization(org.opencastproject.security.api.Organization)

Example 63 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class AclScanner method parseToAcl.

/**
 * Parse the given XACML file into an Access Control List
 *
 * @param artifact
 * @return
 * @throws FileNotFoundException
 * @throws JAXBException
 */
private AccessControlList parseToAcl(File artifact) throws FileNotFoundException, XACMLParsingException {
    FileInputStream in = null;
    AccessControlList acl = null;
    try {
        in = new FileInputStream(artifact);
        acl = XACMLUtils.parseXacml(in);
    } finally {
        IOUtils.closeQuietly(in);
    }
    return acl;
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) FileInputStream(java.io.FileInputStream)

Example 64 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class AssetManagerWithMessagingTest method mkAssetManager.

public AssetManagerWithMessaging mkAssetManager() throws Exception {
    final Workspace workspace = EasyMock.createNiceMock(Workspace.class);
    EasyMock.expect(workspace.get(EasyMock.anyObject(URI.class))).andReturn(new File(getClass().getResource("/dublincore-a.xml").toURI())).anyTimes();
    EasyMock.expect(workspace.read(EasyMock.anyObject(URI.class))).andAnswer(() -> getClass().getResourceAsStream("/dublincore-a.xml")).anyTimes();
    EasyMock.replay(workspace);
    final AuthorizationService authSvc = EasyMock.createNiceMock(AuthorizationService.class);
    final AccessControlList acl = new AccessControlList(new AccessControlEntry("admin", "write", true));
    EasyMock.expect(authSvc.getActiveAcl(EasyMock.<MediaPackage>anyObject())).andReturn(tuple(acl, AclScope.Episode)).anyTimes();
    EasyMock.replay(authSvc);
    ms = EasyMock.createMock(MessageSender.class);
    return new AssetManagerWithMessaging(// message receive part is currently not under test so we can pass null values
    mkAbstractAssetManager(), ms, null, authSvc, null, null, workspace, null);
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) AuthorizationService(org.opencastproject.security.api.AuthorizationService) MessageSender(org.opencastproject.message.broker.api.MessageSender) MediaPackage(org.opencastproject.mediapackage.MediaPackage) AccessControlEntry(org.opencastproject.security.api.AccessControlEntry) File(java.io.File) Workspace(org.opencastproject.workspace.api.Workspace)

Example 65 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class AccessInformationUtilTest method testSerializeManagedAcl.

/**
 * Test method for {@link AccessInformationUtil#serializeManagedAcl(ManagedAcl)}
 */
@Test
public void testSerializeManagedAcl() throws Exception {
    AccessControlList acl = new AccessControlList();
    acl.getEntries().add(ACE_ROLE_ADMIN_ALLOW_ACTION_READ);
    ManagedAcl manAcl = new ManagedAclImpl(1L, MANAGED_ACL_1_NAME, ORGANISATION_1_ID, acl);
    JSONObject aclJson = AccessInformationUtil.serializeManagedAcl(manAcl);
    assertEquals(1L, aclJson.getLong("id"));
    assertEquals(MANAGED_ACL_1_NAME, aclJson.getString("name"));
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) JSONObject(org.codehaus.jettison.json.JSONObject) ManagedAcl(org.opencastproject.authorization.xacml.manager.api.ManagedAcl) ManagedAclImpl(org.opencastproject.authorization.xacml.manager.impl.ManagedAclImpl) Test(org.junit.Test)

Aggregations

AccessControlList (org.opencastproject.security.api.AccessControlList)108 NotFoundException (org.opencastproject.util.NotFoundException)46 UnauthorizedException (org.opencastproject.security.api.UnauthorizedException)38 AccessControlEntry (org.opencastproject.security.api.AccessControlEntry)30 MediaPackage (org.opencastproject.mediapackage.MediaPackage)27 Test (org.junit.Test)26 IOException (java.io.IOException)22 Organization (org.opencastproject.security.api.Organization)22 User (org.opencastproject.security.api.User)21 DublinCoreCatalog (org.opencastproject.metadata.dublincore.DublinCoreCatalog)19 ArrayList (java.util.ArrayList)18 SeriesException (org.opencastproject.series.api.SeriesException)18 ManagedAcl (org.opencastproject.authorization.xacml.manager.api.ManagedAcl)16 MediaPackageException (org.opencastproject.mediapackage.MediaPackageException)16 Date (java.util.Date)15 SchedulerException (org.opencastproject.scheduler.api.SchedulerException)14 Path (javax.ws.rs.Path)13 RestQuery (org.opencastproject.util.doc.rest.RestQuery)13 WebApplicationException (javax.ws.rs.WebApplicationException)12 File (java.io.File)10
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial