Examples with SecurityRuleEntry org.xwiki.security.authorization.SecurityRuleEntry used on opensource projects

Search in sources :

Example 1 with SecurityRuleEntry

use of org.xwiki.security.authorization.SecurityRuleEntry in project xwiki-platform by xwiki.

the class DefaultSecurityCacheTest method InsertUsersWithouShadow.

private Map<String, SecurityEntry> InsertUsersWithouShadow() throws ConflictingInsertionException, ParentEntryEvictedException {
    Map<String, SecurityEntry> entries = new HashMap<String, SecurityEntry>();
    // Add wikis
    for (SecurityReference ref : wikiRefs) {
        SecurityRuleEntry entry = mockSecurityRuleEntry(ref);
        entries.put(AddRuleEntry(entry), entry);
    }
    // XWiki spaces are required to load user entries
    for (SecurityReference ref : xwikiSpaceRefs) {
        SecurityRuleEntry entry = mockSecurityRuleEntry(ref);
        entries.put(AddRuleEntry(entry), entry);
    }
    // Insert some users
    for (SecurityReference ref : userRefs) {
        SecurityRuleEntry entry = mockSecurityRuleEntry(ref);
        entries.put(AddRuleEntry(entry), entry);
    }
    // Insert some groups
    for (SecurityReference ref : groupRefs.keySet()) {
        SecurityRuleEntry entry = mockSecurityRuleEntry(ref);
        entries.put(AddRuleEntry(entry), entry);
    }
    // Insert users in groups
    for (SecurityReference ref : groupUserRefs) {
        SecurityRuleEntry entry = mockSecurityRuleEntry(ref);
        entries.put(AddRuleEntry(entry), entry);
    }
    return entries;
}
Also used : HashMap(java.util.HashMap) SecurityRuleEntry(org.xwiki.security.authorization.SecurityRuleEntry) SecurityEntry(org.xwiki.security.authorization.SecurityEntry) GroupSecurityReference(org.xwiki.security.GroupSecurityReference) SecurityReference(org.xwiki.security.SecurityReference) UserSecurityReference(org.xwiki.security.UserSecurityReference)

Example 2 with SecurityRuleEntry

use of org.xwiki.security.authorization.SecurityRuleEntry in project xwiki-platform by xwiki.

the class DefaultSecurityCacheTest method mockSecurityRuleEntry.

private SecurityRuleEntry mockSecurityRuleEntry(final SecurityReference ref) {
    SecurityRuleEntry entry = mock(SecurityRuleEntry.class, "Rules for " + ref.toString());
    when(entry.getReference()).thenReturn(ref);
    return entry;
}
Also used : SecurityRuleEntry(org.xwiki.security.authorization.SecurityRuleEntry)

Example 3 with SecurityRuleEntry

use of org.xwiki.security.authorization.SecurityRuleEntry in project xwiki-platform by xwiki.

the class DefaultSecurityCacheTest method InsertEntities.

private Map<String, SecurityEntry> InsertEntities() throws ConflictingInsertionException, ParentEntryEvictedException {
    Map<String, SecurityEntry> entries = new HashMap<String, SecurityEntry>();
    for (SecurityReference ref : entityRefs) {
        if (securityCache.get(ref) == null) {
            SecurityRuleEntry entry = mockSecurityRuleEntry(ref);
            entries.put(AddRuleEntry(entry), entry);
        }
    }
    return entries;
}
Also used : HashMap(java.util.HashMap) SecurityRuleEntry(org.xwiki.security.authorization.SecurityRuleEntry) SecurityEntry(org.xwiki.security.authorization.SecurityEntry) GroupSecurityReference(org.xwiki.security.GroupSecurityReference) SecurityReference(org.xwiki.security.SecurityReference) UserSecurityReference(org.xwiki.security.UserSecurityReference)

Example 4 with SecurityRuleEntry

use of org.xwiki.security.authorization.SecurityRuleEntry in project xwiki-platform by xwiki.

the class DefaultSecurityCacheLoader method loadUserEntry.

/**
 * Load rules for a user/group into the cache with relations to immediate groups. Groups should be already loaded,
 * else a ParentEntryEvictedException will be thrown. The parent chain of the loaded user will be loaded as needed.
 *
 * @param user The user/group to load.
 * @param groups The collection of groups associated with the user/group
 * @throws ParentEntryEvictedException if any of the parent entries of the group were evicted.
 * @throws ConflictingInsertionException When different threads have inserted conflicting entries into the cache.
 * @throws org.xwiki.security.authorization.AuthorizationException on error.
 */
private void loadUserEntry(UserSecurityReference user, Collection<GroupSecurityReference> groups) throws ParentEntryEvictedException, ConflictingInsertionException, AuthorizationException {
    // Make sure the parent of the user document is loaded.
    Deque<SecurityReference> chain = user.getReversedSecurityReferenceChain();
    chain.removeLast();
    for (SecurityReference ref : chain) {
        SecurityRuleEntry entry = securityCache.get(ref);
        if (entry == null) {
            entry = securityEntryReader.read(ref);
            securityCache.add(entry);
        }
    }
    SecurityRuleEntry entry = securityEntryReader.read(user);
    securityCache.add(entry, groups);
}
Also used : AbstractSecurityRuleEntry(org.xwiki.security.authorization.internal.AbstractSecurityRuleEntry) SecurityRuleEntry(org.xwiki.security.authorization.SecurityRuleEntry) GroupSecurityReference(org.xwiki.security.GroupSecurityReference) SecurityReference(org.xwiki.security.SecurityReference) UserSecurityReference(org.xwiki.security.UserSecurityReference)

Example 5 with SecurityRuleEntry

use of org.xwiki.security.authorization.SecurityRuleEntry in project xwiki-platform by xwiki.

the class DefaultAuthorizationSettlerTest method testSettleTieResolutionPolicy.

@Test
public void testSettleTieResolutionPolicy() throws Exception {
    SecurityRule allowAllTestRightsUserAndAnotherGroup = getMockedSecurityRule("allowAllTestRightsUserAndAnotherGroup", Arrays.asList(userRef), Arrays.asList(anotherGroupRef), allTestRights, ALLOW);
    SecurityRule denyAllTestRightsUserAndAnotherGroup = getMockedSecurityRule("denyAllTestRightsUserAndAnotherGroup", Arrays.asList(userRef), Arrays.asList(anotherGroupRef), allTestRights, DENY);
    SecurityRule denyAllTestRightsAnotherUserAndGroup = getMockedSecurityRule("denyAllTestRightsAnotherUserAndGroup", Arrays.asList(anotherUserRef), Arrays.asList(groupRef), allTestRights, DENY);
    Deque<SecurityRuleEntry> conflictAllowDenySameTarget = getMockedSecurityRuleEntries("conflictAllowDenySameTarget", docRef, Arrays.asList(Arrays.asList(allowAllTestRightsUserAndAnotherGroup, denyAllTestRightsUserAndAnotherGroup)));
    Deque<SecurityRuleEntry> conflictDenyAllowSameTarget = getMockedSecurityRuleEntries("conflictDenyAllowSameTarget", docRef, Arrays.asList(Arrays.asList(denyAllTestRightsUserAndAnotherGroup, allowAllTestRightsUserAndAnotherGroup)));
    Deque<SecurityRuleEntry> conflictAllowDenyUserGroup = getMockedSecurityRuleEntries("conflictAllowDenyUserGroup", docRef, Arrays.asList(Arrays.asList(allowAllTestRightsUserAndAnotherGroup, denyAllTestRightsAnotherUserAndGroup)));
    Deque<SecurityRuleEntry> conflictDenyAllowUserGroup = getMockedSecurityRuleEntries("conflictDenyAllowUserGroup", docRef, Arrays.asList(Arrays.asList(denyAllTestRightsAnotherUserAndGroup, allowAllTestRightsUserAndAnotherGroup)));
    XWikiSecurityAccess allowAccess = defaultAccess.clone();
    for (Right right : allTestRights) {
        allowAccess.allow(right);
    }
    XWikiSecurityAccess denyAccess = defaultAccess.clone();
    for (Right right : allTestRights) {
        denyAccess.deny(right);
    }
    XWikiSecurityAccess tieAccess = defaultAccess.clone();
    for (Right right : allTestRights) {
        tieAccess.set(right, right.getTieResolutionPolicy());
    }
    assertAccess("When allowed right for user is denied for same user in another rule, use tie resolution policy", userRef, docRef, tieAccess, authorizationSettler.settle(userRef, Arrays.asList(groupRef), conflictAllowDenySameTarget));
    assertAccess("When denied right for user is allowed for same user in another rule, use tie resolution policy", userRef, docRef, tieAccess, authorizationSettler.settle(userRef, Arrays.asList(groupRef), conflictDenyAllowSameTarget));
    assertAccess("When allowed right for group is denied for same group in another rule, use tie resolution policy", anotherUserRef, docRef, tieAccess, authorizationSettler.settle(anotherUserRef, Arrays.asList(anotherGroupRef), conflictAllowDenySameTarget));
    assertAccess("When denied right for group is allowed for same group in another rule, use tie resolution policy", anotherUserRef, docRef, tieAccess, authorizationSettler.settle(anotherUserRef, Arrays.asList(anotherGroupRef), conflictDenyAllowSameTarget));
    assertAccess("When allowed right for user is denied for its group in another rule, allow it.", userRef, docRef, allowAccess, authorizationSettler.settle(userRef, Arrays.asList(groupRef), conflictAllowDenyUserGroup));
    assertAccess("When allowed right for group is denied for one of its user in another rule, deny it.", anotherUserRef, docRef, denyAccess, authorizationSettler.settle(anotherUserRef, Arrays.asList(anotherGroupRef), conflictAllowDenyUserGroup));
    assertAccess("When denied right for group is allowed for one of its user in another rule, allow it.", userRef, docRef, allowAccess, authorizationSettler.settle(userRef, Arrays.asList(groupRef), conflictDenyAllowUserGroup));
    assertAccess("When denied right for user is allowed for its group in another rule, deny it.", anotherUserRef, docRef, denyAccess, authorizationSettler.settle(anotherUserRef, Arrays.asList(anotherGroupRef), conflictDenyAllowUserGroup));
}
Also used : SecurityRuleEntry(org.xwiki.security.authorization.SecurityRuleEntry) Right(org.xwiki.security.authorization.Right) SecurityRule(org.xwiki.security.authorization.SecurityRule) Test(org.junit.Test)

Aggregations

SecurityRuleEntry (org.xwiki.security.authorization.SecurityRuleEntry)13 GroupSecurityReference (org.xwiki.security.GroupSecurityReference)9 SecurityReference (org.xwiki.security.SecurityReference)8 UserSecurityReference (org.xwiki.security.UserSecurityReference)8 Test (org.junit.Test)5 SecurityRule (org.xwiki.security.authorization.SecurityRule)4 HashMap (java.util.HashMap)3 Right (org.xwiki.security.authorization.Right)3 SecurityEntry (org.xwiki.security.authorization.SecurityEntry)3 ArrayList (java.util.ArrayList)2 LinkedList (java.util.LinkedList)2 SecurityAccessEntry (org.xwiki.security.authorization.SecurityAccessEntry)2 AbstractSecurityRuleEntry (org.xwiki.security.authorization.internal.AbstractSecurityRuleEntry)2 ArrayDeque (java.util.ArrayDeque)1 Map (java.util.Map)1 DocumentReference (org.xwiki.model.reference.DocumentReference)1 AuthorizationException (org.xwiki.security.authorization.AuthorizationException)1 AuthorizationSettler (org.xwiki.security.authorization.AuthorizationSettler)1 ConflictingInsertionException (org.xwiki.security.authorization.cache.ConflictingInsertionException)1 ParentEntryEvictedException (org.xwiki.security.authorization.cache.ParentEntryEvictedException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial