List of usage examples for org.apache.shiro.authz AuthorizationInfo getRoles
Collection<String> getRoles();
From source file:com.josue.kingdom.security.application.ApplicationlRealmTest.java
@Test public void testDoGetAuthorizationInfoEmptyManager() { Application app = Mockito.mock(Application.class); Manager foundManager = Mockito.mock(Manager.class); KingdomSecurity security = new KingdomSecurity(app, foundManager, KingdomSecurity.ManagerStatus.EMPTY); PrincipalCollection principals = new SimplePrincipalCollection(security, realm.getName()); AuthorizationInfo info = realm.doGetAuthorizationInfo(principals); assertNull(info.getObjectPermissions()); assertNull(info.getRoles()); assertNull(info.getStringPermissions()); }
From source file:com.parallax.server.blocklyprop.security.CloudSessionAuthenticationRealm.java
License:Open Source License
/** * Retrieves the AuthorizationInfo for the given principals from the * underlying data store.//from w w w . java2s . c om * <p> * When returning an instance from this method, you might want to consider * using an instance of SimpleAuthorizationInfo, as it is suitable in * most cases. * * @param principals the primary identifying principals of the * AuthorizationInfo that should be retrieved. * @return the AuthorizationInfo associated with this principals. */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { LOG.debug("Authorization info"); AuthorizationInfo authorizationInfo = new SimpleAccount(); LOG.info("AuthInfo() details: {}", authorizationInfo.getRoles().size()); return authorizationInfo; }
From source file:com.redhat.rcm.nexus.security.GracefulUNFAuthorizationRealm.java
License:Open Source License
@Override protected AuthorizationInfo doGetAuthorizationInfo(final PrincipalCollection principals) { AuthorizationInfo result = null; try {//from ww w . jav a 2 s. c om if (configuration.isAutoCreateEnabled()) { User user = autoCreateOnDemand(principals); if (user != null) { Set<String> roles = new LinkedHashSet<String>(); if (logger.isDebugEnabled()) { logger.debug("Roles for user: " + user + " are: " + roles); } if (user.getRoles() != null) { for (RoleIdentifier rid : user.getRoles()) { roles.add(rid.getRoleId()); } } result = new SimpleAuthorizationInfo(roles); } } } catch (ConfigurationException e) { throw new AuthorizationException("Error loading nx-sec configuration.", e); } if (result == null) { final String username = (String) principals.iterator().next(); if (logger.isDebugEnabled()) { logger.debug("delegating doGetAuthorizationInfo(..) for: " + username + "."); } try { result = super.doGetAuthorizationInfo(principals); } catch (AuthorizationException e) { logger.error("Delegated authorization failed for: " + username + ".", e); throw e; } } if (logger.isDebugEnabled()) { StringBuilder sb = new StringBuilder(); sb.append("AuthorizationInfo result: "); if (result.getRoles() != null) { sb.append("\n\nRoles:"); for (String role : result.getRoles()) { sb.append("\n\t").append(role); } } if (result.getStringPermissions() != null) { sb.append("\n\nString Permissions:"); for (String perm : result.getStringPermissions()) { sb.append("\n\t").append(perm); } } if (result.getObjectPermissions() != null) { sb.append("\n\nObject Permissions:"); for (Object perm : result.getObjectPermissions()) { sb.append("\n\t").append(perm); } } sb.append("\n\n"); logger.debug(sb.toString()); } return result; }
From source file:com.tensorwrench.shiro.realm.MongoUserPasswordRealmAuthorizationTest.java
License:Apache License
@Test @MongoData("/principals.json") public void getsUserRoles() { SimplePrincipalCollection principals = new SimplePrincipalCollection(); principals.add("sample-principal-user", "fooRealm"); AuthorizationInfo info = realm.doGetAuthorizationInfo(principals); assertEqualsNoOrder(info.getRoles().toArray(), new String[] { "role:user" }); }
From source file:com.tensorwrench.shiro.realm.MongoUserPasswordRealmAuthorizationTest.java
License:Apache License
@Test @MongoData("/principals.json") public void getsAdminRoles() { SimplePrincipalCollection principals = new SimplePrincipalCollection(); principals.add("sample-principal-admin", "fooRealm"); AuthorizationInfo info = realm.doGetAuthorizationInfo(principals); assertEqualsNoOrder(info.getRoles().toArray(), new String[] { "role:user", "role:admin" }); }
From source file:ddf.security.pdp.realm.AuthzRealm.java
License:Open Source License
/** * Returns a collection of {@link Permission} objects that the {@link AuthorizationInfo} object of * a {@link ddf.security.Subject} is asserting. * * @param authorizationInfo the application-specific subject/user identifier. * @return collection of Permissions.//from w ww. ja v a2 s.c o m */ @Override protected Collection<Permission> getPermissions(AuthorizationInfo authorizationInfo) { Set<Permission> permissions = new HashSet<>(); if (authorizationInfo != null) { Collection<Permission> perms = authorizationInfo.getObjectPermissions(); if (!CollectionUtils.isEmpty(perms)) { permissions.addAll(perms); } perms = resolvePermissions(authorizationInfo.getStringPermissions()); if (!CollectionUtils.isEmpty(perms)) { permissions.addAll(perms); } perms = resolveRolePermissions(authorizationInfo.getRoles()); if (!CollectionUtils.isEmpty(perms)) { permissions.addAll(perms); } } return Collections.unmodifiableSet(permissions); }
From source file:ddf.security.pdp.realm.SimpleAuthzRealm.java
License:Open Source License
private boolean isPermitted(ActionPermission actionPermission, AuthorizationInfo info) { String action = actionPermission.getAction(); if (StringUtils.isNotEmpty(action)) { // check to see if the action they are trying to perform is an action anyone can do if (openAccessActionList != null) { for (String openAction : openAccessActionList) { if (action.indexOf(openAction) != -1) { if (SecurityLogger.isDebugEnabled()) { SecurityLogger.logDebug( "Action permission [" + actionPermission + "] implied as an open action."); }//www.ja v a 2s . c o m return true; } } } // it must be a restricted action, so check if the user has the correct role if (accessRoleList != null) { for (String accessRole : accessRoleList) { if (info.getRoles().contains(accessRole)) { if (SecurityLogger.isDebugEnabled()) { SecurityLogger.logDebug("User has access role " + accessRole); } return true; } } } } if (SecurityLogger.isDebugEnabled()) { SecurityLogger.logDebug("Action permission [" + actionPermission + "] not implied."); } return false; }
From source file:ddf.security.pdp.realm.SimpleAuthzRealm.java
License:Open Source License
/** * Returns a collection of {@link Permission} objects that the {@link AuthorizationInfo} object * of a {@link ddf.security.Subject} is asserting. * //w ww. j a va 2 s. c o m * @param info * the application-specific subject/user identifier. * @return collection of Permissions. */ private Collection<Permission> getPermissions(AuthorizationInfo info) { Set<Permission> permissions = new HashSet<Permission>(); if (info != null) { Collection<Permission> perms = info.getObjectPermissions(); if (!CollectionUtils.isEmpty(perms)) { permissions.addAll(perms); } perms = resolvePermissions(info.getStringPermissions()); if (!CollectionUtils.isEmpty(perms)) { permissions.addAll(perms); } perms = resolveRolePermissions(info.getRoles()); if (!CollectionUtils.isEmpty(perms)) { permissions.addAll(perms); } } return Collections.unmodifiableSet(permissions); }
From source file:ddf.security.pdp.realm.xacml.XacmlPdp.java
License:Open Source License
public boolean isPermitted(String primaryPrincipal, AuthorizationInfo info, KeyValueCollectionPermission curPermission) { boolean curResponse; LOGGER.debug("Checking if {} has access for action {}", primaryPrincipal, curPermission.getAction()); SecurityLogger// w w w . j a v a 2 s.c om .audit("Checking if [" + primaryPrincipal + "] has access for action " + curPermission.getAction()); if (CollectionUtils.isEmpty(info.getObjectPermissions()) && CollectionUtils.isEmpty(info.getStringPermissions()) && CollectionUtils.isEmpty(info.getRoles()) && !CollectionUtils.isEmpty(curPermission.getKeyValuePermissionList())) { return false; } if ((!CollectionUtils.isEmpty(info.getObjectPermissions()) || !CollectionUtils.isEmpty(info.getStringPermissions()) || !CollectionUtils.isEmpty(info.getRoles())) && CollectionUtils.isEmpty(curPermission.getKeyValuePermissionList())) { return true; } LOGGER.debug("Received authZ info, creating XACML request."); RequestType curRequest = createXACMLRequest(primaryPrincipal, info, curPermission); LOGGER.debug("Created XACML request, calling PDP."); curResponse = isPermitted(curRequest); return curResponse; }
From source file:ddf.security.pdp.realm.xacml.XacmlPdp.java
License:Open Source License
private AttributesType createSubjectAttributes(String subject, AuthorizationInfo info) { AttributesType subjectAttributes = new AttributesType(); subjectAttributes.setCategory(ACCESS_SUBJECT_CATEGORY); AttributeType subjectAttribute = new AttributeType(); subjectAttribute.setAttributeId(SUBJECT_ID); subjectAttribute.setIncludeInResult(false); AttributeValueType subjectValue = new AttributeValueType(); subjectValue.setDataType(STRING_DATA_TYPE); LOGGER.debug("Adding subject: {}", subject); subjectValue.getContent().add(subject); subjectAttribute.getAttributeValue().add(subjectValue); subjectAttributes.getAttribute().add(subjectAttribute); AttributeType roleAttribute = new AttributeType(); roleAttribute.setAttributeId(ROLE_CLAIM); roleAttribute.setIncludeInResult(false); if (!info.getRoles().isEmpty()) { for (String curRole : info.getRoles()) { AttributeValueType roleValue = new AttributeValueType(); roleValue.setDataType(STRING_DATA_TYPE); LOGGER.trace("Adding role: {} for subject: {}", curRole, subject); roleValue.getContent().add(curRole); roleAttribute.getAttributeValue().add(roleValue); }//from w w w .jav a 2 s . co m subjectAttributes.getAttribute().add(roleAttribute); } for (Permission curPermission : info.getObjectPermissions()) { if (curPermission instanceof KeyValuePermission) { AttributeType subjAttr = new AttributeType(); subjAttr.setAttributeId(((KeyValuePermission) curPermission).getKey()); subjAttr.setIncludeInResult(false); if (!((KeyValuePermission) curPermission).getValues().isEmpty()) { for (String curPermValue : ((KeyValuePermission) curPermission).getValues()) { AttributeValueType subjAttrValue = new AttributeValueType(); subjAttrValue.setDataType(getXacmlDataType(curPermValue)); LOGGER.trace("Adding permission: {}:{} for subject: {}", ((KeyValuePermission) curPermission).getKey(), curPermValue, subject); subjAttrValue.getContent().add(curPermValue); subjAttr.getAttributeValue().add(subjAttrValue); } subjectAttributes.getAttribute().add(subjAttr); } } else { LOGGER.warn( "Permissions for subject were not of type KeyValuePermission, cannot add any subject permissions to the request."); } } return subjectAttributes; }