Search in sources :

Example 1 with AccessDeniedException

use of org.zalando.nakadi.exceptions.runtime.AccessDeniedException in project nakadi by zalando.

the class EventPublisherTest method whenPublishAuthorizationIsTakenIntoAccount.

@Test(expected = AccessDeniedException.class)
public void whenPublishAuthorizationIsTakenIntoAccount() throws Exception {
    final EventType et = buildDefaultEventType();
    mockSuccessfulValidation(et);
    Mockito.doThrow(new AccessDeniedException(null, null)).when(authzValidator).authorizeEventTypeWrite(Mockito.eq(et));
    publisher.publish(buildDefaultBatch(1).toString(), et.getName());
}
Also used : AccessDeniedException(org.zalando.nakadi.exceptions.runtime.AccessDeniedException) TestUtils.buildDefaultEventType(org.zalando.nakadi.utils.TestUtils.buildDefaultEventType) EventType(org.zalando.nakadi.domain.EventType) Test(org.junit.Test)

Example 2 with AccessDeniedException

use of org.zalando.nakadi.exceptions.runtime.AccessDeniedException in project nakadi by zalando.

the class EventStreamTest method whenAuthorizationChangedStreamClosed.

@Test(timeout = 10000)
public void whenAuthorizationChangedStreamClosed() throws NakadiException, InterruptedException, IOException {
    final EventStreamConfig config = EventStreamConfig.builder().withCursors(ImmutableList.of(NakadiCursor.of(TIMELINE, "0", "0"))).withBatchLimit(1).withBatchTimeout(1).withConsumingClient(mock(Client.class)).build();
    final EventStream eventStream = new EventStream(emptyConsumer(), mock(OutputStream.class), config, mock(BlacklistService.class), cursorConverter, BYTES_FLUSHED_METER, writerProvider, kpiPublisher, kpiEventType, kpiFrequencyMs);
    final AtomicBoolean triggerAuthChange = new AtomicBoolean(false);
    final AtomicBoolean accessDeniedTriggered = new AtomicBoolean(false);
    final Thread thread = new Thread(() -> {
        try {
            eventStream.streamEvents(new AtomicBoolean(true), () -> {
                if (triggerAuthChange.getAndSet(false)) {
                    throw new AccessDeniedException(null, null);
                }
            });
        } catch (final AccessDeniedException ex) {
            accessDeniedTriggered.set(true);
        }
    });
    thread.start();
    Thread.sleep(TimeUnit.SECONDS.toMillis(1));
    waitFor(() -> Assert.assertTrue(thread.isAlive()));
    // simulation of accessDenied
    triggerAuthChange.set(true);
    waitFor(() -> Assert.assertFalse(triggerAuthChange.get()), TimeUnit.SECONDS.toMillis(3));
    triggerAuthChange.set(true);
    waitFor(() -> Assert.assertFalse(thread.isAlive()), TimeUnit.SECONDS.toMillis(3));
    assertThat("The thread should be dead now, as we simulated that client closed connection", thread.isAlive(), is(false));
    thread.join();
    assertThat("Exception caught", accessDeniedTriggered.get());
    assertThat("Threre should be only one call to check accessDenied", triggerAuthChange.get());
}
Also used : AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) AccessDeniedException(org.zalando.nakadi.exceptions.runtime.AccessDeniedException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) OutputStream(java.io.OutputStream) Test(org.junit.Test)

Example 3 with AccessDeniedException

use of org.zalando.nakadi.exceptions.runtime.AccessDeniedException in project nakadi by zalando.

the class TestUtils method mockAccessDeniedException.

public static AccessDeniedException mockAccessDeniedException() {
    final Resource resource = mock(Resource.class);
    when(resource.getName()).thenReturn("some-name");
    when(resource.getType()).thenReturn("some-type");
    return new AccessDeniedException(AuthorizationService.Operation.READ, resource);
}
Also used : AccessDeniedException(org.zalando.nakadi.exceptions.runtime.AccessDeniedException) Resource(org.zalando.nakadi.plugin.api.authz.Resource)

Example 4 with AccessDeniedException

use of org.zalando.nakadi.exceptions.runtime.AccessDeniedException in project nakadi by zalando.

the class EventTypeAuthorizationTest method whenDELETENotAuthorized200.

@Test
public void whenDELETENotAuthorized200() throws Exception {
    final EventType eventType = EventTypeTestBuilder.builder().build();
    final Resource resource = new EventTypeResource(eventType.getName(), eventType.getAuthorization());
    doReturn(Optional.of(eventType)).when(eventTypeRepository).findByNameO(any());
    doThrow(new AccessDeniedException(AuthorizationService.Operation.ADMIN, resource)).when(authorizationValidator).authorizeEventTypeAdmin(eventType);
    deleteEventType(eventType.getName()).andExpect(status().isForbidden()).andExpect(content().string(matchesProblem(Problem.valueOf(Response.Status.FORBIDDEN, "Access on ADMIN event-type:" + eventType.getName() + " denied"))));
}
Also used : AccessDeniedException(org.zalando.nakadi.exceptions.runtime.AccessDeniedException) EventType(org.zalando.nakadi.domain.EventType) Resource(org.zalando.nakadi.plugin.api.authz.Resource) EventTypeResource(org.zalando.nakadi.domain.EventTypeResource) EventTypeResource(org.zalando.nakadi.domain.EventTypeResource) Test(org.junit.Test)

Example 5 with AccessDeniedException

use of org.zalando.nakadi.exceptions.runtime.AccessDeniedException in project nakadi by zalando.

the class StartingState method onEnter.

@Override
public void onEnter() {
    // 1. Check authorization
    getContext().registerForAuthorizationUpdates();
    try {
        getContext().checkAccessAuthorized();
    } catch (final AccessDeniedException e) {
        switchState(new CleanupState(new NakadiException(e.explain()) {

            @Override
            protected Response.StatusType getStatus() {
                return Response.Status.FORBIDDEN;
            }
        }));
        return;
    }
    getZk().runLocked(this::initializeStream);
}
Also used : AccessDeniedException(org.zalando.nakadi.exceptions.runtime.AccessDeniedException) NakadiException(org.zalando.nakadi.exceptions.NakadiException)

Aggregations

AccessDeniedException (org.zalando.nakadi.exceptions.runtime.AccessDeniedException)9 EventType (org.zalando.nakadi.domain.EventType)6 Test (org.junit.Test)4 Resource (org.zalando.nakadi.plugin.api.authz.Resource)4 Closeable (java.io.Closeable)2 IOException (java.io.IOException)2 OutputStream (java.io.OutputStream)2 Date (java.util.Date)2 List (java.util.List)2 Optional (java.util.Optional)2 AtomicBoolean (java.util.concurrent.atomic.AtomicBoolean)2 Collectors (java.util.stream.Collectors)2 Logger (org.slf4j.Logger)2 LoggerFactory (org.slf4j.LoggerFactory)2 Autowired (org.springframework.beans.factory.annotation.Autowired)2 Value (org.springframework.beans.factory.annotation.Value)2 EventTypeResource (org.zalando.nakadi.domain.EventTypeResource)2 Timeline (org.zalando.nakadi.domain.Timeline)2 InternalNakadiException (org.zalando.nakadi.exceptions.InternalNakadiException)2 NakadiException (org.zalando.nakadi.exceptions.NakadiException)2