Search in sources :

Example 16 with PolicyDecision

use of org.simbasecurity.api.service.thrift.PolicyDecision in project simba-os by cegeka.

the class AuthorizationServiceClient method isResourceRuleAllowed.

@Override
public PolicyDecision isResourceRuleAllowed(String username, String resourcename, String operation) throws TException {
    AuthorizationKey authorizationKey = new AuthorizationKey(username, resourcename, operation);
    PolicyDecision policyDecision = resourceRuleCache.get(authorizationKey);
    if (policyDecision == null || PolicyDecisionHelper.isExpired(policyDecision)) {
        policyDecision = getAuthorizationServiceClient().isResourceRuleAllowed(username, resourcename, operation);
        resourceRuleCache.put(authorizationKey, policyDecision);
    }
    return policyDecision;
}
Also used : PolicyDecision(org.simbasecurity.api.service.thrift.PolicyDecision)

Example 17 with PolicyDecision

use of org.simbasecurity.api.service.thrift.PolicyDecision in project simba-os by cegeka.

the class SimbaAuthorizationCachingServiceTest method shouldNotCallAuthorizationServiceWhenResourceRuleCached.

@Test
public void shouldNotCallAuthorizationServiceWhenResourceRuleCached() throws Exception {
    when(authorizationServiceMock.isResourceRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT)).thenReturn(new PolicyDecision(true, VALID_TIMESTAMP));
    // Call once to fill cache
    cachingService.isResourceRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
    PolicyDecision decision = cachingService.isResourceRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
    assertTrue(decision.isAllowed());
    verify(authorizationServiceMock).isResourceRuleAllowed(NOT_RELEVANT, NOT_RELEVANT, NOT_RELEVANT);
    verifyNoMoreInteractions(authorizationServiceMock);
}
Also used : PolicyDecision(org.simbasecurity.api.service.thrift.PolicyDecision) Test(org.junit.Test)

Example 18 with PolicyDecision

use of org.simbasecurity.api.service.thrift.PolicyDecision in project simba-os by cegeka.

the class FeedingServlet method doPost.

@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    THttpClient tHttpClient = null;
    try {
        tHttpClient = new THttpClient(SystemConfiguration.getSimbaServiceURL(getServletContext()) + "/authorizationService");
        TProtocol tProtocol = new TJSONProtocol(tHttpClient);
        AuthorizationService.Client authorizationClient = new AuthorizationService.Client(tProtocol);
        PolicyDecision decision = authorizationClient.isResourceRuleAllowed(request.getUserPrincipal().getName(), "ANIMAL", "WRITE");
        if (!decision.isAllowed()) {
            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
            return;
        }
        response.sendRedirect("jsp/feeding.jsp");
    } catch (Exception e) {
        throw new ServletException(e);
    } finally {
        if (tHttpClient != null) {
            tHttpClient.close();
        }
    }
}
Also used : ServletException(javax.servlet.ServletException) PolicyDecision(org.simbasecurity.api.service.thrift.PolicyDecision) TJSONProtocol(org.apache.thrift.protocol.TJSONProtocol) TProtocol(org.apache.thrift.protocol.TProtocol) AuthorizationService(org.simbasecurity.api.service.thrift.AuthorizationService) THttpClient(org.apache.thrift.transport.THttpClient) THttpClient(org.apache.thrift.transport.THttpClient) ServletException(javax.servlet.ServletException) IOException(java.io.IOException)

Example 19 with PolicyDecision

use of org.simbasecurity.api.service.thrift.PolicyDecision in project simba-os by cegeka.

the class URLRuleCheckCommandTest method continueWhenAccessIsAllowed.

@Test
public void continueWhenAccessIsAllowed() throws Exception {
    when(authorizationServiceMock.isURLRuleAllowed(USERNAME, REQUEST_URL, REQUEST_METHOD)).thenReturn(new PolicyDecision(true, Long.MAX_VALUE));
    assertEquals(State.CONTINUE, command.execute(contextMock));
    verify(auditMock).log(captor.capture());
    AuditLogEvent resultAuditLogEvent = captor.getValue();
    assertEquals(AuditLogEventCategory.AUTHOR, resultAuditLogEvent.getCategory());
    assertEquals(AuditMessages.SUCCESS + AuditMessages.CHECK_URL_RULE, resultAuditLogEvent.getMessage());
    verifyZeroInteractions(auditMock);
    verify(contextMock, never()).redirectToAccessDenied();
}
Also used : PolicyDecision(org.simbasecurity.api.service.thrift.PolicyDecision) AuditLogEvent(org.simbasecurity.core.audit.AuditLogEvent) Test(org.junit.Test)

Example 20 with PolicyDecision

use of org.simbasecurity.api.service.thrift.PolicyDecision in project simba-os by cegeka.

the class AuthorizationServiceImpl method isResourceRuleAllowed.

private PolicyDecision isResourceRuleAllowed(String username, String resourceName, ResourceOperationType operationType) {
    AuthorizationRequestContext context = new AuthorizationRequestContext(username);
    Collection<ResourceRule> resourceRules = ruleRepository.findResourceRules(username, resourceName);
    PolicyDecision decision = null;
    for (ResourceRule resourceRule : resourceRules) {
        boolean allowed = resourceRule.getPolicy().applies(context) && resourceRule.isAllowed(operationType);
        long newTimestamp = resourceRule.getPolicy().getExpirationTimestamp(context);
        decision = determineDecisionBasedOn(decision, allowed, newTimestamp);
    }
    if (decision == null) {
        decision = NEVER_ALLOWED;
    }
    logAuthorizationDecision(username, RESOURCE_LABEL + resourceName + LOG_DELIM + operationType.name() + LOG_DELIM + decision.toString());
    return decision;
}
Also used : PolicyDecision(org.simbasecurity.api.service.thrift.PolicyDecision) AuthorizationRequestContext(org.simbasecurity.core.service.AuthorizationRequestContext) ResourceRule(org.simbasecurity.core.domain.ResourceRule)

Aggregations

PolicyDecision (org.simbasecurity.api.service.thrift.PolicyDecision)25 Test (org.junit.Test)19 AuthorizationRequestContext (org.simbasecurity.core.service.AuthorizationRequestContext)12 AuditLogEvent (org.simbasecurity.core.audit.AuditLogEvent)2 IOException (java.io.IOException)1 ServletException (javax.servlet.ServletException)1 TJSONProtocol (org.apache.thrift.protocol.TJSONProtocol)1 TProtocol (org.apache.thrift.protocol.TProtocol)1 THttpClient (org.apache.thrift.transport.THttpClient)1 AuthorizationService (org.simbasecurity.api.service.thrift.AuthorizationService)1 ResourceRule (org.simbasecurity.core.domain.ResourceRule)1 URLRule (org.simbasecurity.core.domain.URLRule)1