Example 1 with AuthorizationRequestContext
use of org.simbasecurity.core.service.AuthorizationRequestContext in project simba-os by cegeka.
the class AuthorizationServiceImpl method isURLRuleAllowed.
private PolicyDecision isURLRuleAllowed(String username, String url, URLOperationType operationType) {
AuthorizationRequestContext context = new AuthorizationRequestContext(username);
Collection<URLRule> rules = ruleRepository.findURLRules(username);
PolicyDecision decision = null;
for (URLRule rule : rules) {
if (FilenameUtils.wildcardMatch(url, rule.getResourceName())) {
boolean allowed = rule.getPolicy().applies(context) && rule.isAllowed(operationType);
long newTimestamp = rule.getPolicy().getExpirationTimestamp(context);
decision = determineDecisionBasedOn(decision, allowed, newTimestamp);
}
}
if (decision == null) {
decision = NEVER_ALLOWED;
}
logAuthorizationDecision(username, URL_RESOURCE_LABEL + url + LOG_DELIM + operationType.name() + LOG_DELIM + decision.toString());
return decision;
}
Also used :
PolicyDecision(org.simbasecurity.api.service.thrift.PolicyDecision)
AuthorizationRequestContext(org.simbasecurity.core.service.AuthorizationRequestContext)
URLRule(org.simbasecurity.core.domain.URLRule)
Example 2 with AuthorizationRequestContext
use of org.simbasecurity.core.service.AuthorizationRequestContext in project simba-os by cegeka.
the class ConditionDTOAssemblerTest method testAssembleSingleCondition_Failure.
@Test(expected = IllegalArgumentException.class)
public void testAssembleSingleCondition_Failure() {
@SuppressWarnings("serial") Condition condition = new ConditionEntity() {
@Override
protected boolean conditionApplies(AuthorizationRequestContext context) {
return false;
}
};
ConditionDTOAssembler.assemble(condition);
}
Also used :
Condition(org.simbasecurity.core.domain.Condition)
TimeCondition(org.simbasecurity.core.domain.condition.TimeCondition)
AuthorizationRequestContext(org.simbasecurity.core.service.AuthorizationRequestContext)
ConditionEntity(org.simbasecurity.core.domain.ConditionEntity)
Test(org.junit.Test)
Example 3 with AuthorizationRequestContext
use of org.simbasecurity.core.service.AuthorizationRequestContext in project simba-os by cegeka.
the class AuthorizationServiceImpl method isResourceRuleAllowed.
private PolicyDecision isResourceRuleAllowed(String username, String resourceName, ResourceOperationType operationType) {
AuthorizationRequestContext context = new AuthorizationRequestContext(username);
Collection<ResourceRule> resourceRules = ruleRepository.findResourceRules(username, resourceName);
PolicyDecision decision = null;
for (ResourceRule resourceRule : resourceRules) {
boolean allowed = resourceRule.getPolicy().applies(context) && resourceRule.isAllowed(operationType);
long newTimestamp = resourceRule.getPolicy().getExpirationTimestamp(context);
decision = determineDecisionBasedOn(decision, allowed, newTimestamp);
}
if (decision == null) {
decision = NEVER_ALLOWED;
}
logAuthorizationDecision(username, RESOURCE_LABEL + resourceName + LOG_DELIM + operationType.name() + LOG_DELIM + decision.toString());
return decision;
}
Also used :
PolicyDecision(org.simbasecurity.api.service.thrift.PolicyDecision)
AuthorizationRequestContext(org.simbasecurity.core.service.AuthorizationRequestContext)
ResourceRule(org.simbasecurity.core.domain.ResourceRule)
Aggregations
AuthorizationRequestContext (org.simbasecurity.core.service.AuthorizationRequestContext)3
PolicyDecision (org.simbasecurity.api.service.thrift.PolicyDecision)2
Test (org.junit.Test)1
Condition (org.simbasecurity.core.domain.Condition)1
ConditionEntity (org.simbasecurity.core.domain.ConditionEntity)1
ResourceRule (org.simbasecurity.core.domain.ResourceRule)1
URLRule (org.simbasecurity.core.domain.URLRule)1
TimeCondition (org.simbasecurity.core.domain.condition.TimeCondition)1
