use of org.simbasecurity.api.service.thrift.PolicyDecision in project simba-os by cegeka.
the class AuthorizationServiceClient method isURLRuleAllowed.
@Override
public PolicyDecision isURLRuleAllowed(String username, String resourcename, String method) throws TException {
AuthorizationKey authorizationKey = new AuthorizationKey(username, resourcename, method);
PolicyDecision policyDecision = urlRuleCache.get(authorizationKey);
if (policyDecision == null || PolicyDecisionHelper.isExpired(policyDecision)) {
policyDecision = getAuthorizationServiceClient().isURLRuleAllowed(username, resourcename, method);
urlRuleCache.put(authorizationKey, policyDecision);
}
return policyDecision;
}
use of org.simbasecurity.api.service.thrift.PolicyDecision in project simba-os by cegeka.
the class SimbaAuthorizationCachingServiceTest method shouldCallAuthorizationServiceWhenResourceRuleCachedButExpired.
@Test
public void shouldCallAuthorizationServiceWhenResourceRuleCachedButExpired() throws Exception {
when(authorizationServiceMock.isResourceRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT)).thenReturn(new PolicyDecision(true, EXPIRED_TIMESTAMP)).thenReturn(new PolicyDecision(false, VALID_TIMESTAMP));
// Call once to fill cache
cachingService.isResourceRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
PolicyDecision decision = cachingService.isResourceRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
assertFalse(decision.isAllowed());
verify(authorizationServiceMock, times(2)).isResourceRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
}
use of org.simbasecurity.api.service.thrift.PolicyDecision in project simba-os by cegeka.
the class SimbaAuthorizationCachingServiceTest method shouldCallAuthorizationServiceWhenURLRuleCachedButExpired.
@Test
public void shouldCallAuthorizationServiceWhenURLRuleCachedButExpired() throws Exception {
when(authorizationServiceMock.isURLRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT)).thenReturn(new PolicyDecision(true, EXPIRED_TIMESTAMP)).thenReturn(new PolicyDecision(false, VALID_TIMESTAMP));
// Call once to fill cache
cachingService.isURLRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
PolicyDecision decision = cachingService.isURLRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
assertFalse(decision.isAllowed());
verify(authorizationServiceMock, times(2)).isURLRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
}
use of org.simbasecurity.api.service.thrift.PolicyDecision in project simba-os by cegeka.
the class SimbaAuthorizationCachingServiceTest method shouldNotCallAuthorizationServiceWhenURLRuleCached.
@Test
public void shouldNotCallAuthorizationServiceWhenURLRuleCached() throws Exception {
when(authorizationServiceMock.isURLRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT)).thenReturn(new PolicyDecision(true, VALID_TIMESTAMP));
// Call once to fill cache
cachingService.isURLRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
PolicyDecision decision = cachingService.isURLRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
assertTrue(decision.isAllowed());
verify(authorizationServiceMock).isURLRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
verifyNoMoreInteractions(authorizationServiceMock);
}
use of org.simbasecurity.api.service.thrift.PolicyDecision in project simba-os by cegeka.
the class URLRuleCheckCommandTest method redirectWhenAccessIsDisallowed.
@Test
public void redirectWhenAccessIsDisallowed() throws Exception {
when(authorizationServiceMock.isURLRuleAllowed(USERNAME, REQUEST_URL, REQUEST_METHOD)).thenReturn(new PolicyDecision(false, Long.MAX_VALUE));
assertEquals(State.FINISH, command.execute(contextMock));
verify(auditMock).log(captor.capture());
AuditLogEvent resultAuditLogEvent = captor.getValue();
assertEquals(AuditLogEventCategory.AUTHOR, resultAuditLogEvent.getCategory());
assertEquals(AuditMessages.FAILURE + AuditMessages.ACCESS_DENIED + REQUEST_URL, resultAuditLogEvent.getMessage());
verify(contextMock).redirectToAccessDenied();
}
Aggregations