Example 6 with PolicyDecision
use of org.simbasecurity.api.service.thrift.PolicyDecision in project simba-os by cegeka.
the class AuthorizationServiceImplTest method policyDecisionNeverWhenNoRule.
@Test
public void policyDecisionNeverWhenNoRule() {
when(mockRuleRepository.findResourceRules(USERNAME, RESOURCE_NAME)).thenReturn(Collections.<ResourceRule>emptySet());
PolicyDecision decision = authorizationServiceImpl.isResourceRuleAllowed(USERNAME, RESOURCE_NAME, RESOURCE_OPERATION);
assertFalse(decision.isAllowed());
assertEquals(Long.MAX_VALUE, decision.getExpirationTimestamp());
verify(mockRuleRepository).findResourceRules(USERNAME, RESOURCE_NAME);
}
Also used :
PolicyDecision(org.simbasecurity.api.service.thrift.PolicyDecision)
Test(org.junit.Test)
Example 7 with PolicyDecision
use of org.simbasecurity.api.service.thrift.PolicyDecision in project simba-os by cegeka.
the class AuthorizationServiceImplTest method policyAppliesAnd2ndRuleDisallowedReturnsDecisionFalseWithSmallestExpirationStamp_1stRuleDisallowed.
@Test
public void policyAppliesAnd2ndRuleDisallowedReturnsDecisionFalseWithSmallestExpirationStamp_1stRuleDisallowed() {
when(mockRuleRepository.findResourceRules(USERNAME, RESOURCE_NAME)).thenReturn(Arrays.asList(mockResourceRule, mock2ndResourceRule));
when(mockPolicy.applies(any(AuthorizationRequestContext.class))).thenReturn(true);
when(mockResourceRule.isAllowed(ResourceOperationType.resolve(RESOURCE_OPERATION))).thenReturn(false);
when(mock2ndPolicy.applies(any(AuthorizationRequestContext.class))).thenReturn(true);
when(mock2ndResourceRule.isAllowed(ResourceOperationType.resolve(RESOURCE_OPERATION))).thenReturn(false);
PolicyDecision decision = authorizationServiceImpl.isResourceRuleAllowed(USERNAME, RESOURCE_NAME, RESOURCE_OPERATION);
assertFalse(decision.isAllowed());
assertEquals(EXPIRATION_TIMESTAMP_1, decision.getExpirationTimestamp());
}
Also used :
PolicyDecision(org.simbasecurity.api.service.thrift.PolicyDecision)
AuthorizationRequestContext(org.simbasecurity.core.service.AuthorizationRequestContext)
Test(org.junit.Test)
Example 8 with PolicyDecision
use of org.simbasecurity.api.service.thrift.PolicyDecision in project simba-os by cegeka.
the class AuthorizationServiceImplTest method isURLRuleAllowed_noUrlRuleFound.
@Test
public void isURLRuleAllowed_noUrlRuleFound() {
when(mockRuleRepository.findURLRules(USERNAME)).thenReturn(Collections.<URLRule>emptyList());
PolicyDecision decision = authorizationServiceImpl.isURLRuleAllowed(USERNAME, URL, URL_OPERATION);
assertFalse(decision.isAllowed());
assertEquals(Long.MAX_VALUE, decision.getExpirationTimestamp());
}
Also used :
PolicyDecision(org.simbasecurity.api.service.thrift.PolicyDecision)
Test(org.junit.Test)
Example 9 with PolicyDecision
use of org.simbasecurity.api.service.thrift.PolicyDecision in project simba-os by cegeka.
the class AuthorizationServiceImplTest method isURLRuleAllowed_urlRuleFoundAndResourcenameMatches.
@Test
public void isURLRuleAllowed_urlRuleFoundAndResourcenameMatches() {
when(mockURLRule.getResourceName()).thenReturn("*/test/*");
when(mockURLRule.isAllowed(URLOperationType.resolve(URL_OPERATION))).thenReturn(true);
when(mockPolicy.applies(any(AuthorizationRequestContext.class))).thenReturn(true);
when(mockRuleRepository.findURLRules(USERNAME)).thenReturn(Collections.singletonList(mockURLRule));
PolicyDecision decision = authorizationServiceImpl.isURLRuleAllowed(USERNAME, URL, URL_OPERATION);
assertTrue(decision.isAllowed());
assertEquals(EXPIRATION_TIMESTAMP_1, decision.getExpirationTimestamp());
}
Also used :
PolicyDecision(org.simbasecurity.api.service.thrift.PolicyDecision)
AuthorizationRequestContext(org.simbasecurity.core.service.AuthorizationRequestContext)
Test(org.junit.Test)
Example 10 with PolicyDecision
use of org.simbasecurity.api.service.thrift.PolicyDecision in project simba-os by cegeka.
the class CheckAdminRoleCommand method execute.
@Override
public State execute(ChainContext context) throws Exception {
PolicyDecision policyDecision = this.authorizationService.isUserInRole(context.getUserName(), configurationService.getValue(SimbaConfigurationParameter.ADMIN_ROLE_NAME));
if (policyDecision.isAllowed()) {
audit.log(auditLogFactory.createEventForAuthorizationForSuccess(context, AuditMessages.USER_HAS_ADMIN_ROLE));
return State.CONTINUE;
}
audit.log(auditLogFactory.createEventForAuthorizationForFailure(context, ACCESS_DENIED + context.getRequestURL()));
context.redirectToAccessDenied();
return State.FINISH;
}
Also used :
PolicyDecision(org.simbasecurity.api.service.thrift.PolicyDecision)
Aggregations
PolicyDecision (org.simbasecurity.api.service.thrift.PolicyDecision)25
Test (org.junit.Test)19
AuthorizationRequestContext (org.simbasecurity.core.service.AuthorizationRequestContext)12
AuditLogEvent (org.simbasecurity.core.audit.AuditLogEvent)2
IOException (java.io.IOException)1
ServletException (javax.servlet.ServletException)1
TJSONProtocol (org.apache.thrift.protocol.TJSONProtocol)1
TProtocol (org.apache.thrift.protocol.TProtocol)1
THttpClient (org.apache.thrift.transport.THttpClient)1
AuthorizationService (org.simbasecurity.api.service.thrift.AuthorizationService)1
ResourceRule (org.simbasecurity.core.domain.ResourceRule)1
URLRule (org.simbasecurity.core.domain.URLRule)1
