Example 11 with GroupSecurityReference
use of org.xwiki.security.GroupSecurityReference in project xwiki-platform by xwiki.
the class DefaultAuthorizationSettlerTest method testSettleEntityTypeWithoutAnyEnabledRight.
@Test
public void testSettleEntityTypeWithoutAnyEnabledRight() throws Exception {
SecurityRule allowAllTestRightsRulesToXuser = getMockedSecurityRule("allowAllTestRightsRulesToXuser", Collections.singletonList(xuserRef), Collections.<GroupSecurityReference>emptyList(), allTestRights, ALLOW);
assertAccess("Allow rights to entity without any acceptable right on itself but having some (XWIKI-12552)", xuserRef, xattachmentRef, defaultAccess, authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), getMockedSecurityRuleEntries("allrights", xattachmentRef, Collections.singletonList(Collections.singletonList(allowAllTestRightsRulesToXuser)))));
}
Also used :
SecurityRule(org.xwiki.security.authorization.SecurityRule)
GroupSecurityReference(org.xwiki.security.GroupSecurityReference)
Test(org.junit.Test)
Example 12 with GroupSecurityReference
use of org.xwiki.security.GroupSecurityReference in project xwiki-platform by xwiki.
the class DefaultAuthorizationSettler method resolveLevel.
/**
* Update the resulting {@code access} to include the rule state defined by the given {@link SecurityRule}
* for the given user and group, and the requested {@link Right}.
*
* @param right The right to settle.
* @param user The user to check.
* @param groups The groups where the user is a member.
* @param rule The currently considered rule.
* @param access The accumulated access result.
* @param policies the current security policies.
* @param fromUser the set of right that have been set by a user rule.
*/
private void resolveLevel(Right right, UserSecurityReference user, Collection<GroupSecurityReference> groups, SecurityRule rule, XWikiSecurityAccess access, Policies policies, Set<Right> fromUser) {
RuleState state = rule.getState();
if (state == UNDETERMINED) {
return;
}
if (rule.match(user)) {
if (!fromUser.contains(right)) {
// User right win over group right
access.set(right, state);
fromUser.add(right);
} else {
// Conflict between user rights
resolveConflict(state, right, access, policies);
}
} else if (!fromUser.contains(right)) {
for (GroupSecurityReference group : groups) {
if (rule.match(group)) {
// Conflict between group rights
resolveConflict(state, right, access, policies);
break;
}
}
}
}
Also used :
RuleState(org.xwiki.security.authorization.RuleState)
GroupSecurityReference(org.xwiki.security.GroupSecurityReference)
Example 13 with GroupSecurityReference
use of org.xwiki.security.GroupSecurityReference in project xwiki-platform by xwiki.
the class PrioritizingAuthorizationSettler method settle.
@Override
protected XWikiSecurityAccess settle(UserSecurityReference user, Collection<GroupSecurityReference> groups, SecurityRuleEntry entry, Policies policies) {
XWikiSecurityAccess access = new XWikiSecurityAccess();
Map<Right, Integer> priorities = new RightMap<Integer>();
SecurityReference reference = entry.getReference();
Set<Right> enabledRights = Right.getEnabledRights(reference.getSecurityType());
// Evaluate rules from current level
for (Right right : enabledRights) {
for (SecurityRule obj : entry.getRules()) {
if (obj.match(right)) {
resolveLevel(right, user, groups, obj, access, policies, priorities);
if (access.get(right) == ALLOW) {
implyRights(right, access, reference, policies, priorities);
}
}
}
}
return access;
}
Also used :
RightMap(org.xwiki.security.authorization.RightMap)
Right(org.xwiki.security.authorization.Right)
GroupSecurityReference(org.xwiki.security.GroupSecurityReference)
SecurityReference(org.xwiki.security.SecurityReference)
UserSecurityReference(org.xwiki.security.UserSecurityReference)
SecurityRule(org.xwiki.security.authorization.SecurityRule)
Example 14 with GroupSecurityReference
use of org.xwiki.security.GroupSecurityReference in project xwiki-platform by xwiki.
the class DefaultAuthorizationManagerIntegrationTest method initialiseWikiMock.
@Override
public TestDefinition initialiseWikiMock(String filename) throws Exception {
super.initialiseWikiMock(filename);
when(xWikiBridge.getMainWikiReference()).thenReturn(testDefinition.getMainWiki().getWikiReference());
when(xWikiBridge.isWikiReadOnly()).thenReturn(false);
when(userBridge.getAllGroupsFor(any(UserSecurityReference.class), any(WikiReference.class))).thenAnswer(new Answer<Collection<GroupSecurityReference>>() {
@Override
public Collection<GroupSecurityReference> answer(InvocationOnMock invocationOnMock) throws Throwable {
UserSecurityReference userReference = (UserSecurityReference) invocationOnMock.getArguments()[0];
WikiReference wikiReference = (WikiReference) invocationOnMock.getArguments()[1];
if (userReference.getOriginalReference() == null) {
// Public users (not logged in) may not appears in any group
return Collections.emptyList();
}
TestWiki wiki = testDefinition.getWiki(userReference.getOriginalReference().getWikiReference());
if (wiki == null) {
throw new AuthorizationException(String.format("Failed to get groups for user or group [%s] in wiki [%s]. Unknown wiki.", userReference, wikiReference), null);
}
TestUserDocument user = wiki.getUser(userReference.getName());
if (user == null) {
return Collections.emptyList();
}
Collection<GroupSecurityReference> groups = new ArrayList<GroupSecurityReference>();
for (TestGroup group : user.getGroups()) {
// Ensure we return only group of the requested wiki
if (group.getGroupReference().getWikiReference().equals(wikiReference)) {
groups.add(securityReferenceFactory.newGroupReference(group.getGroupReference()));
}
}
return groups;
}
});
when(securityEntryReader.read(any(SecurityReference.class))).thenAnswer(new Answer<SecurityRuleEntry>() {
@Override
public SecurityRuleEntry answer(InvocationOnMock invocationOnMock) throws Throwable {
final SecurityReference reference = (SecurityReference) invocationOnMock.getArguments()[0];
TestEntity entity = testDefinition.searchEntity(reference);
Collection<TestAccessRule> rules = (entity != null && entity instanceof SecureTestEntity) ? ((SecureTestEntity) entity).getAccessRules() : Collections.<TestAccessRule>emptyList();
final Collection<SecurityRule> mockedRules = new ArrayList<SecurityRule>();
for (final TestAccessRule rule : rules) {
mockedRules.add(mockSecurityRule(reference, rule.getRight(), rule.getState(), rule.getUser(), rule.isUser()));
}
if (entity instanceof TestWiki) {
TestWiki wiki = (TestWiki) entity;
if (wiki.getOwner() != null) {
mockedRules.add(mockSecurityRule(reference, Right.ADMIN, RuleState.ALLOW, wiki.getOwner(), true));
}
}
if (entity instanceof TestDocument) {
TestDocument document = (TestDocument) entity;
if (document.getCreator() != null) {
mockedRules.add(mockSecurityRule(reference, Right.CREATOR, RuleState.ALLOW, document.getCreator(), true));
}
}
return new AbstractSecurityRuleEntry() {
@Override
public Collection<SecurityRule> getRules() {
return mockedRules;
}
@Override
public SecurityReference getReference() {
return reference;
}
@Override
public String toString() {
return String.format("Rule entry for %s containing %d rules", reference.toString(), mockedRules.size());
}
@Override
public boolean equals(Object object) {
if (object == this) {
return true;
}
if (!(object instanceof SecurityRuleEntry)) {
return false;
}
SecurityRuleEntry other = (SecurityRuleEntry) object;
return compareReferenceNullSafe(other.getReference(), reference) && other.getRules().size() == mockedRules.size();
}
};
}
});
return testDefinition;
}
Also used :
TestWiki(org.xwiki.security.authorization.testwikis.TestWiki)
TestUserDocument(org.xwiki.security.authorization.testwikis.TestUserDocument)
AbstractSecurityRuleEntry(org.xwiki.security.authorization.internal.AbstractSecurityRuleEntry)
GroupSecurityReference(org.xwiki.security.GroupSecurityReference)
TestDocument(org.xwiki.security.authorization.testwikis.TestDocument)
UserSecurityReference(org.xwiki.security.UserSecurityReference)
SecureTestEntity(org.xwiki.security.authorization.testwikis.SecureTestEntity)
TestEntity(org.xwiki.security.authorization.testwikis.TestEntity)
SecureTestEntity(org.xwiki.security.authorization.testwikis.SecureTestEntity)
AbstractSecurityRuleEntry(org.xwiki.security.authorization.internal.AbstractSecurityRuleEntry)
TestGroup(org.xwiki.security.authorization.testwikis.TestGroup)
InvocationOnMock(org.mockito.invocation.InvocationOnMock)
TestAccessRule(org.xwiki.security.authorization.testwikis.TestAccessRule)
Collection(java.util.Collection)
SecurityReference(org.xwiki.security.SecurityReference)
GroupSecurityReference(org.xwiki.security.GroupSecurityReference)
UserSecurityReference(org.xwiki.security.UserSecurityReference)
WikiReference(org.xwiki.model.reference.WikiReference)
Example 15 with GroupSecurityReference
use of org.xwiki.security.GroupSecurityReference in project xwiki-platform by xwiki.
the class DefaultSecurityCacheLoaderTest method loadWithConflictingInsertionException.
@Test
public void loadWithConflictingInsertionException() throws Exception {
DocumentReference userReference = new DocumentReference("wiki", "Users", "mflorea");
UserSecurityReference user = securityReferenceFactory.newUserReference(userReference);
DocumentReference documentReference = new DocumentReference("wiki", "Space", "Document");
SecurityReference entity = securityReferenceFactory.newEntityReference(documentReference);
SecurityRuleEntry documentEntry = mock(SecurityRuleEntry.class, "document");
when(documentEntry.getReference()).thenReturn(entity);
when(documentEntry.isEmpty()).thenReturn(true);
SecurityRuleEntry spaceEntry = mock(SecurityRuleEntry.class, "space");
when(spaceEntry.getReference()).thenReturn(entity.getParentSecurityReference());
when(spaceEntry.isEmpty()).thenReturn(true);
SecurityRuleEntry wikiEntry = mock(SecurityRuleEntry.class, "wiki");
when(wikiEntry.getReference()).thenReturn(entity.getParentSecurityReference().getParentSecurityReference());
when(wikiEntry.isEmpty()).thenReturn(true);
SecurityCache securityCache = mocker.getInstance(SecurityCache.class);
when(securityCache.get(entity)).thenReturn(documentEntry);
when(securityCache.get(entity.getParentSecurityReference())).thenReturn(spaceEntry);
when(securityCache.get(entity.getParentSecurityReference().getParentSecurityReference())).thenReturn(wikiEntry);
when(securityCache.getGroupsFor(user, null)).thenReturn(null);
UserBridge userBridge = mocker.getInstance(UserBridge.class);
DocumentReference groupReference = new DocumentReference("wiki", "Groups", "AllGroup");
Set<GroupSecurityReference> groups = Collections.singleton(securityReferenceFactory.newGroupReference(groupReference));
when(userBridge.getAllGroupsFor(user, userReference.getWikiReference())).thenReturn(groups);
SecurityAccessEntry securityAccessEntry = mock(SecurityAccessEntry.class);
AuthorizationSettler authorizationSettler = mocker.getInstance(AuthorizationSettler.class);
Deque<SecurityRuleEntry> securityRuleEntries = new LinkedList<SecurityRuleEntry>(Arrays.asList(documentEntry, spaceEntry, wikiEntry));
when(authorizationSettler.settle(user, groups, securityRuleEntries)).thenReturn(securityAccessEntry);
doThrow(ConflictingInsertionException.class).when(securityCache).add(securityAccessEntry);
doThrow(ConflictingInsertionException.class).when(securityCache).add(securityAccessEntry, null);
try {
securityCacheLoader.load(user, entity);
fail();
} catch (AuthorizationException e) {
assertEquals("Failed to load the cache in 5 attempts. Giving up. when checking " + "access to [wiki:Space.Document] for user [wiki:Users.mflorea]", e.getMessage());
assertTrue(ExceptionUtils.getRootCauseMessage(e).contains("ConflictingInsertionException"));
}
// Assert that we've also emitted a log
assertEquals(1, this.logRule.size());
assertEquals("Failed to load the cache in 5 attempts. Giving up.", this.logRule.getMessage(0));
}
Also used :
UserBridge(org.xwiki.security.internal.UserBridge)
SecurityRuleEntry(org.xwiki.security.authorization.SecurityRuleEntry)
AuthorizationException(org.xwiki.security.authorization.AuthorizationException)
AuthorizationSettler(org.xwiki.security.authorization.AuthorizationSettler)
GroupSecurityReference(org.xwiki.security.GroupSecurityReference)
LinkedList(java.util.LinkedList)
SecurityAccessEntry(org.xwiki.security.authorization.SecurityAccessEntry)
GroupSecurityReference(org.xwiki.security.GroupSecurityReference)
SecurityReference(org.xwiki.security.SecurityReference)
UserSecurityReference(org.xwiki.security.UserSecurityReference)
UserSecurityReference(org.xwiki.security.UserSecurityReference)
DocumentReference(org.xwiki.model.reference.DocumentReference)
Test(org.junit.Test)
Aggregations
GroupSecurityReference (org.xwiki.security.GroupSecurityReference)20
UserSecurityReference (org.xwiki.security.UserSecurityReference)10
SecurityReference (org.xwiki.security.SecurityReference)9
ArrayList (java.util.ArrayList)6
Test (org.junit.Test)5
Right (org.xwiki.security.authorization.Right)4
SecurityRule (org.xwiki.security.authorization.SecurityRule)4
SecurityRuleEntry (org.xwiki.security.authorization.SecurityRuleEntry)4
HashSet (java.util.HashSet)3
DocumentReference (org.xwiki.model.reference.DocumentReference)2
SecurityAccessEntry (org.xwiki.security.authorization.SecurityAccessEntry)2
SecurityEntry (org.xwiki.security.authorization.SecurityEntry)2
SecurityShadowEntry (org.xwiki.security.authorization.cache.SecurityShadowEntry)2
AbstractSecurityRuleEntry (org.xwiki.security.authorization.internal.AbstractSecurityRuleEntry)2
ArrayDeque (java.util.ArrayDeque)1
Collection (java.util.Collection)1
LinkedList (java.util.LinkedList)1
Matcher (org.hamcrest.Matcher)1
InvocationOnMock (org.mockito.invocation.InvocationOnMock)1
WikiReference (org.xwiki.model.reference.WikiReference)1
