Search in sources :

Example 11 with PolicyDecision

use of org.simbasecurity.api.service.thrift.PolicyDecision in project simba-os by cegeka.

the class AuthorizationServiceClient method isURLRuleAllowed.

@Override
public PolicyDecision isURLRuleAllowed(String username, String resourcename, String method) throws TException {
    AuthorizationKey authorizationKey = new AuthorizationKey(username, resourcename, method);
    PolicyDecision policyDecision = urlRuleCache.get(authorizationKey);
    if (policyDecision == null || PolicyDecisionHelper.isExpired(policyDecision)) {
        policyDecision = getAuthorizationServiceClient().isURLRuleAllowed(username, resourcename, method);
        urlRuleCache.put(authorizationKey, policyDecision);
    }
    return policyDecision;
}
Also used : PolicyDecision(org.simbasecurity.api.service.thrift.PolicyDecision)

Example 12 with PolicyDecision

use of org.simbasecurity.api.service.thrift.PolicyDecision in project simba-os by cegeka.

the class SimbaAuthorizationCachingServiceTest method shouldCallAuthorizationServiceWhenResourceRuleCachedButExpired.

@Test
public void shouldCallAuthorizationServiceWhenResourceRuleCachedButExpired() throws Exception {
    when(authorizationServiceMock.isResourceRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT)).thenReturn(new PolicyDecision(true, EXPIRED_TIMESTAMP)).thenReturn(new PolicyDecision(false, VALID_TIMESTAMP));
    // Call once to fill cache
    cachingService.isResourceRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
    PolicyDecision decision = cachingService.isResourceRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
    assertFalse(decision.isAllowed());
    verify(authorizationServiceMock, times(2)).isResourceRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
}
Also used : PolicyDecision(org.simbasecurity.api.service.thrift.PolicyDecision) Test(org.junit.Test)

Example 13 with PolicyDecision

use of org.simbasecurity.api.service.thrift.PolicyDecision in project simba-os by cegeka.

the class SimbaAuthorizationCachingServiceTest method shouldCallAuthorizationServiceWhenURLRuleCachedButExpired.

@Test
public void shouldCallAuthorizationServiceWhenURLRuleCachedButExpired() throws Exception {
    when(authorizationServiceMock.isURLRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT)).thenReturn(new PolicyDecision(true, EXPIRED_TIMESTAMP)).thenReturn(new PolicyDecision(false, VALID_TIMESTAMP));
    // Call once to fill cache
    cachingService.isURLRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
    PolicyDecision decision = cachingService.isURLRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
    assertFalse(decision.isAllowed());
    verify(authorizationServiceMock, times(2)).isURLRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
}
Also used : PolicyDecision(org.simbasecurity.api.service.thrift.PolicyDecision) Test(org.junit.Test)

Example 14 with PolicyDecision

use of org.simbasecurity.api.service.thrift.PolicyDecision in project simba-os by cegeka.

the class SimbaAuthorizationCachingServiceTest method shouldNotCallAuthorizationServiceWhenURLRuleCached.

@Test
public void shouldNotCallAuthorizationServiceWhenURLRuleCached() throws Exception {
    when(authorizationServiceMock.isURLRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT)).thenReturn(new PolicyDecision(true, VALID_TIMESTAMP));
    // Call once to fill cache
    cachingService.isURLRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
    PolicyDecision decision = cachingService.isURLRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
    assertTrue(decision.isAllowed());
    verify(authorizationServiceMock).isURLRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
    verifyNoMoreInteractions(authorizationServiceMock);
}
Also used : PolicyDecision(org.simbasecurity.api.service.thrift.PolicyDecision) Test(org.junit.Test)

Example 15 with PolicyDecision

use of org.simbasecurity.api.service.thrift.PolicyDecision in project simba-os by cegeka.

the class URLRuleCheckCommandTest method redirectWhenAccessIsDisallowed.

@Test
public void redirectWhenAccessIsDisallowed() throws Exception {
    when(authorizationServiceMock.isURLRuleAllowed(USERNAME, REQUEST_URL, REQUEST_METHOD)).thenReturn(new PolicyDecision(false, Long.MAX_VALUE));
    assertEquals(State.FINISH, command.execute(contextMock));
    verify(auditMock).log(captor.capture());
    AuditLogEvent resultAuditLogEvent = captor.getValue();
    assertEquals(AuditLogEventCategory.AUTHOR, resultAuditLogEvent.getCategory());
    assertEquals(AuditMessages.FAILURE + AuditMessages.ACCESS_DENIED + REQUEST_URL, resultAuditLogEvent.getMessage());
    verify(contextMock).redirectToAccessDenied();
}
Also used : PolicyDecision(org.simbasecurity.api.service.thrift.PolicyDecision) AuditLogEvent(org.simbasecurity.core.audit.AuditLogEvent) Test(org.junit.Test)

Aggregations

PolicyDecision (org.simbasecurity.api.service.thrift.PolicyDecision)25 Test (org.junit.Test)19 AuthorizationRequestContext (org.simbasecurity.core.service.AuthorizationRequestContext)12 AuditLogEvent (org.simbasecurity.core.audit.AuditLogEvent)2 IOException (java.io.IOException)1 ServletException (javax.servlet.ServletException)1 TJSONProtocol (org.apache.thrift.protocol.TJSONProtocol)1 TProtocol (org.apache.thrift.protocol.TProtocol)1 THttpClient (org.apache.thrift.transport.THttpClient)1 AuthorizationService (org.simbasecurity.api.service.thrift.AuthorizationService)1 ResourceRule (org.simbasecurity.core.domain.ResourceRule)1 URLRule (org.simbasecurity.core.domain.URLRule)1