Example 1 with PolicyDecision
use of org.simbasecurity.api.service.thrift.PolicyDecision in project simba-os by cegeka.
the class CheckAdminRoleCommand method execute.
@Override
public State execute(ChainContext context) throws Exception {
PolicyDecision policyDecision = this.authorizationService.isUserInRole(context.getUserName(), configurationService.getValue(SimbaConfigurationParameter.ADMIN_ROLE_NAME));
if (policyDecision.isAllowed()) {
audit.log(auditLogFactory.createEventForAuthorizationForSuccess(context, AuditMessages.USER_HAS_ADMIN_ROLE));
return State.CONTINUE;
}
audit.log(auditLogFactory.createEventForAuthorizationForFailure(context, ACCESS_DENIED + context.getRequestURL()));
context.redirectToAccessDenied();
return State.FINISH;
}
Also used :
PolicyDecision(org.simbasecurity.api.service.thrift.PolicyDecision)
Example 2 with PolicyDecision
use of org.simbasecurity.api.service.thrift.PolicyDecision in project simba-os by cegeka.
the class AuthorizationServiceClient method isURLRuleAllowed.
@Override
public PolicyDecision isURLRuleAllowed(String username, String resourcename, String method) throws TException {
AuthorizationKey authorizationKey = new AuthorizationKey(username, resourcename, method);
PolicyDecision policyDecision = urlRuleCache.get(authorizationKey);
if (policyDecision == null || PolicyDecisionHelper.isExpired(policyDecision)) {
policyDecision = getAuthorizationServiceClient().isURLRuleAllowed(username, resourcename, method);
urlRuleCache.put(authorizationKey, policyDecision);
}
return policyDecision;
}
Also used :
PolicyDecision(org.simbasecurity.api.service.thrift.PolicyDecision)
Example 3 with PolicyDecision
use of org.simbasecurity.api.service.thrift.PolicyDecision in project simba-os by cegeka.
the class SimbaAuthorizationCachingServiceTest method shouldCallAuthorizationServiceWhenResourceRuleCachedButExpired.
@Test
public void shouldCallAuthorizationServiceWhenResourceRuleCachedButExpired() throws Exception {
when(authorizationServiceMock.isResourceRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT)).thenReturn(new PolicyDecision(true, EXPIRED_TIMESTAMP)).thenReturn(new PolicyDecision(false, VALID_TIMESTAMP));
// Call once to fill cache
cachingService.isResourceRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
PolicyDecision decision = cachingService.isResourceRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
assertFalse(decision.isAllowed());
verify(authorizationServiceMock, times(2)).isResourceRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
}
Also used :
PolicyDecision(org.simbasecurity.api.service.thrift.PolicyDecision)
Test(org.junit.Test)
Example 4 with PolicyDecision
use of org.simbasecurity.api.service.thrift.PolicyDecision in project simba-os by cegeka.
the class SimbaAuthorizationCachingServiceTest method shouldCallAuthorizationServiceWhenURLRuleCachedButExpired.
@Test
public void shouldCallAuthorizationServiceWhenURLRuleCachedButExpired() throws Exception {
when(authorizationServiceMock.isURLRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT)).thenReturn(new PolicyDecision(true, EXPIRED_TIMESTAMP)).thenReturn(new PolicyDecision(false, VALID_TIMESTAMP));
// Call once to fill cache
cachingService.isURLRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
PolicyDecision decision = cachingService.isURLRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
assertFalse(decision.isAllowed());
verify(authorizationServiceMock, times(2)).isURLRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
}
Also used :
PolicyDecision(org.simbasecurity.api.service.thrift.PolicyDecision)
Test(org.junit.Test)
Example 5 with PolicyDecision
use of org.simbasecurity.api.service.thrift.PolicyDecision in project simba-os by cegeka.
the class SimbaAuthorizationCachingServiceTest method shouldNotCallAuthorizationServiceWhenURLRuleCached.
@Test
public void shouldNotCallAuthorizationServiceWhenURLRuleCached() throws Exception {
when(authorizationServiceMock.isURLRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT)).thenReturn(new PolicyDecision(true, VALID_TIMESTAMP));
// Call once to fill cache
cachingService.isURLRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
PolicyDecision decision = cachingService.isURLRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
assertTrue(decision.isAllowed());
verify(authorizationServiceMock).isURLRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
verifyNoMoreInteractions(authorizationServiceMock);
}
Also used :
PolicyDecision(org.simbasecurity.api.service.thrift.PolicyDecision)
Test(org.junit.Test)
Aggregations
PolicyDecision (org.simbasecurity.api.service.thrift.PolicyDecision)25
Test (org.junit.Test)19
AuthorizationRequestContext (org.simbasecurity.core.service.AuthorizationRequestContext)12
AuditLogEvent (org.simbasecurity.core.audit.AuditLogEvent)2
IOException (java.io.IOException)1
ServletException (javax.servlet.ServletException)1
TJSONProtocol (org.apache.thrift.protocol.TJSONProtocol)1
TProtocol (org.apache.thrift.protocol.TProtocol)1
THttpClient (org.apache.thrift.transport.THttpClient)1
AuthorizationService (org.simbasecurity.api.service.thrift.AuthorizationService)1
