List of usage examples for org.apache.shiro.authz AuthorizationInfo getObjectPermissions
Collection<Permission> getObjectPermissions();
From source file:com.josue.kingdom.security.application.ApplicationlRealmTest.java
@Test public void testDoGetAuthorizationInfoEmptyManager() { Application app = Mockito.mock(Application.class); Manager foundManager = Mockito.mock(Manager.class); KingdomSecurity security = new KingdomSecurity(app, foundManager, KingdomSecurity.ManagerStatus.EMPTY); PrincipalCollection principals = new SimplePrincipalCollection(security, realm.getName()); AuthorizationInfo info = realm.doGetAuthorizationInfo(principals); assertNull(info.getObjectPermissions()); assertNull(info.getRoles());/*from w w w . jav a 2 s. co m*/ assertNull(info.getStringPermissions()); }
From source file:com.josue.kingdom.security.application.ApplicationlRealmTest.java
@Test public void testDoGetAuthorizationInfo() { Application app = Mockito.mock(Application.class); Manager foundManager = Mockito.mock(Manager.class); KingdomSecurity security = new KingdomSecurity(app, foundManager, KingdomSecurity.ManagerStatus.AUTHENTICATED); List<ManagerMembership> memberships = Mockito.spy(new ArrayList<ManagerMembership>()); ManagerMembership membership = new ManagerMembership(); Domain domain = new Domain(); domain.setUuid("domain-uuid"); DomainPermission domainPerm = new DomainPermission(); membership.setDomain(domain);/*from ww w . j ava2 s. c o m*/ membership.setPermission(domainPerm); memberships.add(membership); PrincipalCollection principals = new SimplePrincipalCollection(security, realm.getName()); when(persistence.getManagerMemberships(security.getCurrentApplication().getUuid(), foundManager.getUuid())) .thenReturn(memberships); AuthorizationInfo info = realm.doGetAuthorizationInfo(principals); assertEquals(memberships.size(), info.getObjectPermissions().size()); assertTrue(info.getObjectPermissions().toArray()[0] instanceof AccessLevelPermission); AccessLevelPermission foundPermission = (AccessLevelPermission) info.getObjectPermissions().toArray()[0]; assertTrue(foundPermission.getAccessLevels().containsKey(domain.getUuid())); foundPermission.getAccessLevels().get(domain.getUuid()).equals(domainPerm); }
From source file:com.redhat.rcm.nexus.security.GracefulUNFAuthorizationRealm.java
License:Open Source License
@Override protected AuthorizationInfo doGetAuthorizationInfo(final PrincipalCollection principals) { AuthorizationInfo result = null; try {/*ww w . java2 s. c om*/ if (configuration.isAutoCreateEnabled()) { User user = autoCreateOnDemand(principals); if (user != null) { Set<String> roles = new LinkedHashSet<String>(); if (logger.isDebugEnabled()) { logger.debug("Roles for user: " + user + " are: " + roles); } if (user.getRoles() != null) { for (RoleIdentifier rid : user.getRoles()) { roles.add(rid.getRoleId()); } } result = new SimpleAuthorizationInfo(roles); } } } catch (ConfigurationException e) { throw new AuthorizationException("Error loading nx-sec configuration.", e); } if (result == null) { final String username = (String) principals.iterator().next(); if (logger.isDebugEnabled()) { logger.debug("delegating doGetAuthorizationInfo(..) for: " + username + "."); } try { result = super.doGetAuthorizationInfo(principals); } catch (AuthorizationException e) { logger.error("Delegated authorization failed for: " + username + ".", e); throw e; } } if (logger.isDebugEnabled()) { StringBuilder sb = new StringBuilder(); sb.append("AuthorizationInfo result: "); if (result.getRoles() != null) { sb.append("\n\nRoles:"); for (String role : result.getRoles()) { sb.append("\n\t").append(role); } } if (result.getStringPermissions() != null) { sb.append("\n\nString Permissions:"); for (String perm : result.getStringPermissions()) { sb.append("\n\t").append(perm); } } if (result.getObjectPermissions() != null) { sb.append("\n\nObject Permissions:"); for (Object perm : result.getObjectPermissions()) { sb.append("\n\t").append(perm); } } sb.append("\n\n"); logger.debug(sb.toString()); } return result; }
From source file:ddf.security.pdp.realm.AuthzRealm.java
License:Open Source License
/** * Returns a collection of {@link Permission} objects that the {@link AuthorizationInfo} object of * a {@link ddf.security.Subject} is asserting. * * @param authorizationInfo the application-specific subject/user identifier. * @return collection of Permissions./* w w w. j ava 2 s. c o m*/ */ @Override protected Collection<Permission> getPermissions(AuthorizationInfo authorizationInfo) { Set<Permission> permissions = new HashSet<>(); if (authorizationInfo != null) { Collection<Permission> perms = authorizationInfo.getObjectPermissions(); if (!CollectionUtils.isEmpty(perms)) { permissions.addAll(perms); } perms = resolvePermissions(authorizationInfo.getStringPermissions()); if (!CollectionUtils.isEmpty(perms)) { permissions.addAll(perms); } perms = resolveRolePermissions(authorizationInfo.getRoles()); if (!CollectionUtils.isEmpty(perms)) { permissions.addAll(perms); } } return Collections.unmodifiableSet(permissions); }
From source file:ddf.security.pdp.realm.SimpleAuthzRealm.java
License:Open Source License
/** * Returns a collection of {@link Permission} objects that the {@link AuthorizationInfo} object * of a {@link ddf.security.Subject} is asserting. * /* ww w .j a va 2s . c om*/ * @param info * the application-specific subject/user identifier. * @return collection of Permissions. */ private Collection<Permission> getPermissions(AuthorizationInfo info) { Set<Permission> permissions = new HashSet<Permission>(); if (info != null) { Collection<Permission> perms = info.getObjectPermissions(); if (!CollectionUtils.isEmpty(perms)) { permissions.addAll(perms); } perms = resolvePermissions(info.getStringPermissions()); if (!CollectionUtils.isEmpty(perms)) { permissions.addAll(perms); } perms = resolveRolePermissions(info.getRoles()); if (!CollectionUtils.isEmpty(perms)) { permissions.addAll(perms); } } return Collections.unmodifiableSet(permissions); }
From source file:ddf.security.pdp.realm.xacml.XacmlPdp.java
License:Open Source License
public boolean isPermitted(String primaryPrincipal, AuthorizationInfo info, KeyValueCollectionPermission curPermission) { boolean curResponse; LOGGER.debug("Checking if {} has access for action {}", primaryPrincipal, curPermission.getAction()); SecurityLogger/*from w w w. ja v a2 s.c o m*/ .audit("Checking if [" + primaryPrincipal + "] has access for action " + curPermission.getAction()); if (CollectionUtils.isEmpty(info.getObjectPermissions()) && CollectionUtils.isEmpty(info.getStringPermissions()) && CollectionUtils.isEmpty(info.getRoles()) && !CollectionUtils.isEmpty(curPermission.getKeyValuePermissionList())) { return false; } if ((!CollectionUtils.isEmpty(info.getObjectPermissions()) || !CollectionUtils.isEmpty(info.getStringPermissions()) || !CollectionUtils.isEmpty(info.getRoles())) && CollectionUtils.isEmpty(curPermission.getKeyValuePermissionList())) { return true; } LOGGER.debug("Received authZ info, creating XACML request."); RequestType curRequest = createXACMLRequest(primaryPrincipal, info, curPermission); LOGGER.debug("Created XACML request, calling PDP."); curResponse = isPermitted(curRequest); return curResponse; }
From source file:ddf.security.pdp.realm.xacml.XacmlPdp.java
License:Open Source License
private AttributesType createSubjectAttributes(String subject, AuthorizationInfo info) { AttributesType subjectAttributes = new AttributesType(); subjectAttributes.setCategory(ACCESS_SUBJECT_CATEGORY); AttributeType subjectAttribute = new AttributeType(); subjectAttribute.setAttributeId(SUBJECT_ID); subjectAttribute.setIncludeInResult(false); AttributeValueType subjectValue = new AttributeValueType(); subjectValue.setDataType(STRING_DATA_TYPE); LOGGER.debug("Adding subject: {}", subject); subjectValue.getContent().add(subject); subjectAttribute.getAttributeValue().add(subjectValue); subjectAttributes.getAttribute().add(subjectAttribute); AttributeType roleAttribute = new AttributeType(); roleAttribute.setAttributeId(ROLE_CLAIM); roleAttribute.setIncludeInResult(false); if (!info.getRoles().isEmpty()) { for (String curRole : info.getRoles()) { AttributeValueType roleValue = new AttributeValueType(); roleValue.setDataType(STRING_DATA_TYPE); LOGGER.trace("Adding role: {} for subject: {}", curRole, subject); roleValue.getContent().add(curRole); roleAttribute.getAttributeValue().add(roleValue); }//from www.j av a2s . co m subjectAttributes.getAttribute().add(roleAttribute); } for (Permission curPermission : info.getObjectPermissions()) { if (curPermission instanceof KeyValuePermission) { AttributeType subjAttr = new AttributeType(); subjAttr.setAttributeId(((KeyValuePermission) curPermission).getKey()); subjAttr.setIncludeInResult(false); if (!((KeyValuePermission) curPermission).getValues().isEmpty()) { for (String curPermValue : ((KeyValuePermission) curPermission).getValues()) { AttributeValueType subjAttrValue = new AttributeValueType(); subjAttrValue.setDataType(getXacmlDataType(curPermValue)); LOGGER.trace("Adding permission: {}:{} for subject: {}", ((KeyValuePermission) curPermission).getKey(), curPermValue, subject); subjAttrValue.getContent().add(curPermValue); subjAttr.getAttributeValue().add(subjAttrValue); } subjectAttributes.getAttribute().add(subjAttr); } } else { LOGGER.warn( "Permissions for subject were not of type KeyValuePermission, cannot add any subject permissions to the request."); } } return subjectAttributes; }
From source file:ddf.security.pdp.xacml.realm.XACMLRealm.java
License:Open Source License
private AttributesType createSubjectAttributes(String subject, AuthorizationInfo info) { AttributesType subjectAttributes = new AttributesType(); subjectAttributes.setCategory(XACMLConstants.ACCESS_SUBJECT_CATEGORY); AttributeType subjectAttribute = new AttributeType(); subjectAttribute.setAttributeId(XACMLConstants.SUBJECT_ID); subjectAttribute.setIncludeInResult(false); AttributeValueType subjectValue = new AttributeValueType(); subjectValue.setDataType(XACMLConstants.STRING_DATA_TYPE); logger.debug("Adding subject: {}", subject); subjectValue.getContent().add(subject); subjectAttribute.getAttributeValue().add(subjectValue); subjectAttributes.getAttribute().add(subjectAttribute); for (String curRole : info.getRoles()) { AttributeType roleAttribute = new AttributeType(); roleAttribute.setAttributeId(XACMLConstants.ROLE_CLAIM); roleAttribute.setIncludeInResult(false); AttributeValueType roleValue = new AttributeValueType(); roleValue.setDataType(XACMLConstants.STRING_DATA_TYPE); logger.trace("Adding role: {} for subject: {}", curRole, subject); roleValue.getContent().add(curRole); roleAttribute.getAttributeValue().add(roleValue); subjectAttributes.getAttribute().add(roleAttribute); }// www . jav a 2s . c o m for (Permission curPermission : info.getObjectPermissions()) { if (curPermission instanceof KeyValuePermission) { for (String curPermValue : ((KeyValuePermission) curPermission).getValues()) { AttributeType subjAttr = new AttributeType(); AttributeValueType subjAttrValue = new AttributeValueType(); subjAttr.setAttributeId(((KeyValuePermission) curPermission).getKey()); subjAttr.setIncludeInResult(false); subjAttrValue.setDataType(XACMLConstants.STRING_DATA_TYPE); logger.trace("Adding permission: {}:{} for subject: {}", new Object[] { ((KeyValuePermission) curPermission).getKey(), curPermValue, subject }); subjAttrValue.getContent().add(curPermValue); subjAttr.getAttributeValue().add(subjAttrValue); subjectAttributes.getAttribute().add(subjAttr); } } else { logger.warn( "Permissions for subject were not of type KeyValuePermission, cannot add any subject permissions to the request."); } } return subjectAttributes; }