List of usage examples for org.apache.shiro.authz AuthorizationInfo getStringPermissions
Collection<String> getStringPermissions();
From source file:com.josue.kingdom.security.application.ApplicationlRealmTest.java
@Test public void testDoGetAuthorizationInfoEmptyManager() { Application app = Mockito.mock(Application.class); Manager foundManager = Mockito.mock(Manager.class); KingdomSecurity security = new KingdomSecurity(app, foundManager, KingdomSecurity.ManagerStatus.EMPTY); PrincipalCollection principals = new SimplePrincipalCollection(security, realm.getName()); AuthorizationInfo info = realm.doGetAuthorizationInfo(principals); assertNull(info.getObjectPermissions()); assertNull(info.getRoles());//from w w w .ja va 2 s. c o m assertNull(info.getStringPermissions()); }
From source file:com.redhat.rcm.nexus.security.GracefulUNFAuthorizationRealm.java
License:Open Source License
@Override protected AuthorizationInfo doGetAuthorizationInfo(final PrincipalCollection principals) { AuthorizationInfo result = null; try {/*from w w w. j a va 2 s. c om*/ if (configuration.isAutoCreateEnabled()) { User user = autoCreateOnDemand(principals); if (user != null) { Set<String> roles = new LinkedHashSet<String>(); if (logger.isDebugEnabled()) { logger.debug("Roles for user: " + user + " are: " + roles); } if (user.getRoles() != null) { for (RoleIdentifier rid : user.getRoles()) { roles.add(rid.getRoleId()); } } result = new SimpleAuthorizationInfo(roles); } } } catch (ConfigurationException e) { throw new AuthorizationException("Error loading nx-sec configuration.", e); } if (result == null) { final String username = (String) principals.iterator().next(); if (logger.isDebugEnabled()) { logger.debug("delegating doGetAuthorizationInfo(..) for: " + username + "."); } try { result = super.doGetAuthorizationInfo(principals); } catch (AuthorizationException e) { logger.error("Delegated authorization failed for: " + username + ".", e); throw e; } } if (logger.isDebugEnabled()) { StringBuilder sb = new StringBuilder(); sb.append("AuthorizationInfo result: "); if (result.getRoles() != null) { sb.append("\n\nRoles:"); for (String role : result.getRoles()) { sb.append("\n\t").append(role); } } if (result.getStringPermissions() != null) { sb.append("\n\nString Permissions:"); for (String perm : result.getStringPermissions()) { sb.append("\n\t").append(perm); } } if (result.getObjectPermissions() != null) { sb.append("\n\nObject Permissions:"); for (Object perm : result.getObjectPermissions()) { sb.append("\n\t").append(perm); } } sb.append("\n\n"); logger.debug(sb.toString()); } return result; }
From source file:ddf.security.pdp.realm.AuthzRealm.java
License:Open Source License
/** * Returns a collection of {@link Permission} objects that the {@link AuthorizationInfo} object of * a {@link ddf.security.Subject} is asserting. * * @param authorizationInfo the application-specific subject/user identifier. * @return collection of Permissions./*from ww w . j av a2 s . co m*/ */ @Override protected Collection<Permission> getPermissions(AuthorizationInfo authorizationInfo) { Set<Permission> permissions = new HashSet<>(); if (authorizationInfo != null) { Collection<Permission> perms = authorizationInfo.getObjectPermissions(); if (!CollectionUtils.isEmpty(perms)) { permissions.addAll(perms); } perms = resolvePermissions(authorizationInfo.getStringPermissions()); if (!CollectionUtils.isEmpty(perms)) { permissions.addAll(perms); } perms = resolveRolePermissions(authorizationInfo.getRoles()); if (!CollectionUtils.isEmpty(perms)) { permissions.addAll(perms); } } return Collections.unmodifiableSet(permissions); }
From source file:ddf.security.pdp.realm.SimpleAuthzRealm.java
License:Open Source License
/** * Returns a collection of {@link Permission} objects that the {@link AuthorizationInfo} object * of a {@link ddf.security.Subject} is asserting. * //from w ww .j a va 2s . co m * @param info * the application-specific subject/user identifier. * @return collection of Permissions. */ private Collection<Permission> getPermissions(AuthorizationInfo info) { Set<Permission> permissions = new HashSet<Permission>(); if (info != null) { Collection<Permission> perms = info.getObjectPermissions(); if (!CollectionUtils.isEmpty(perms)) { permissions.addAll(perms); } perms = resolvePermissions(info.getStringPermissions()); if (!CollectionUtils.isEmpty(perms)) { permissions.addAll(perms); } perms = resolveRolePermissions(info.getRoles()); if (!CollectionUtils.isEmpty(perms)) { permissions.addAll(perms); } } return Collections.unmodifiableSet(permissions); }
From source file:ddf.security.pdp.realm.xacml.XacmlPdp.java
License:Open Source License
public boolean isPermitted(String primaryPrincipal, AuthorizationInfo info, KeyValueCollectionPermission curPermission) { boolean curResponse; LOGGER.debug("Checking if {} has access for action {}", primaryPrincipal, curPermission.getAction()); SecurityLogger// ww w . j a v a2 s . c o m .audit("Checking if [" + primaryPrincipal + "] has access for action " + curPermission.getAction()); if (CollectionUtils.isEmpty(info.getObjectPermissions()) && CollectionUtils.isEmpty(info.getStringPermissions()) && CollectionUtils.isEmpty(info.getRoles()) && !CollectionUtils.isEmpty(curPermission.getKeyValuePermissionList())) { return false; } if ((!CollectionUtils.isEmpty(info.getObjectPermissions()) || !CollectionUtils.isEmpty(info.getStringPermissions()) || !CollectionUtils.isEmpty(info.getRoles())) && CollectionUtils.isEmpty(curPermission.getKeyValuePermissionList())) { return true; } LOGGER.debug("Received authZ info, creating XACML request."); RequestType curRequest = createXACMLRequest(primaryPrincipal, info, curPermission); LOGGER.debug("Created XACML request, calling PDP."); curResponse = isPermitted(curRequest); return curResponse; }
From source file:org.killbill.billing.util.security.shiro.realm.TestKillBillJndiLdapRealm.java
License:Apache License
@Test(groups = "external", enabled = false) public void testCheckLDAPConnection() throws Exception { // Convenience method to verify your LDAP connectivity final Properties props = new Properties(); props.setProperty("org.killbill.security.ldap.userDnTemplate", "uid={0},ou=users,dc=mycompany,dc=com"); props.setProperty("org.killbill.security.ldap.searchBase", "ou=groups,dc=mycompany,dc=com"); props.setProperty("org.killbill.security.ldap.groupSearchFilter", "memberOf=uid={0},ou=users,dc=mycompany,dc=com"); props.setProperty("org.killbill.security.ldap.groupNameId", "cn"); props.setProperty("org.killbill.security.ldap.url", "ldap://ldap:389"); props.setProperty("org.killbill.security.ldap.disableSSLCheck", "true"); props.setProperty("org.killbill.security.ldap.systemUsername", "cn=root"); props.setProperty("org.killbill.security.ldap.systemPassword", "password"); props.setProperty("org.killbill.security.ldap.authenticationMechanism", "simple"); props.setProperty("org.killbill.security.ldap.permissionsByGroup", "support-group: entitlement:*\n" + "finance-group: invoice:*, payment:*\n" + "ops-group: *:*"); final ConfigSource customConfigSource = new SimplePropertyConfigSource(props); final SecurityConfig securityConfig = new ConfigurationObjectFactory(customConfigSource) .build(SecurityConfig.class); final KillBillJndiLdapRealm ldapRealm = new KillBillJndiLdapRealm(securityConfig); final String username = "pierre"; final String password = "password"; // Check authentication final UsernamePasswordToken token = new UsernamePasswordToken(username, password); final AuthenticationInfo authenticationInfo = ldapRealm.getAuthenticationInfo(token); System.out.println(authenticationInfo); // Check permissions final SimplePrincipalCollection principals = new SimplePrincipalCollection(username, username); final AuthorizationInfo authorizationInfo = ldapRealm.queryForAuthorizationInfo(principals, ldapRealm.getContextFactory()); System.out.println("Roles: " + authorizationInfo.getRoles()); System.out.println("Permissions: " + authorizationInfo.getStringPermissions()); }
From source file:org.killbill.billing.util.security.shiro.realm.TestKillBillOktaRealm.java
License:Apache License
@Test(groups = "external", enabled = false) public void testCheckOktaConnection() throws Exception { // Convenience method to verify your Okta connectivity final Properties props = new Properties(); props.setProperty("org.killbill.security.okta.url", "https://dev-XXXXXX.oktapreview.com"); props.setProperty("org.killbill.security.okta.apiToken", "YYYYYY"); props.setProperty("org.killbill.security.okta.permissionsByGroup", "support-group: entitlement:*\n" + "finance-group: invoice:*, payment:*\n" + "ops-group: *:*"); final ConfigSource customConfigSource = new SimplePropertyConfigSource(props); final SecurityConfig securityConfig = new ConfigurationObjectFactory(customConfigSource) .build(SecurityConfig.class); final KillBillOktaRealm oktaRealm = new KillBillOktaRealm(securityConfig); final String username = "pierre"; final String password = "password"; // Check authentication final UsernamePasswordToken token = new UsernamePasswordToken(username, password); final AuthenticationInfo authenticationInfo = oktaRealm.getAuthenticationInfo(token); System.out.println(authenticationInfo); // Check permissions final SimplePrincipalCollection principals = new SimplePrincipalCollection(username, username); final AuthorizationInfo authorizationInfo = oktaRealm.doGetAuthorizationInfo(principals); System.out.println("Roles: " + authorizationInfo.getRoles()); System.out.println("Permissions: " + authorizationInfo.getStringPermissions()); }
From source file:streamflow.server.security.DatastoreRealmTest.java
License:Apache License
@Test public void validateAuthorizationRolesAndPersmissions() { AuthenticationInfo authInfo = realm.doGetAuthenticationInfo( new UsernamePasswordToken(mockedUser.getUsername(), mockedUser.getPassword())); AuthorizationInfo authzInfo = realm.doGetAuthorizationInfo(authInfo.getPrincipals()); assertTrue("Authz info should contain all the roles specified for the user", authzInfo.getRoles().containsAll(mockedUser.getRoles())); assertTrue("Authz info should contain all the permissions specified for the user", authzInfo.getStringPermissions().containsAll(mockedRole.getPermissions())); }
From source file:uk.q3c.krail.core.shiro.DefaultRealmTest.java
License:Apache License
/** * Has authenticated subject been given permissions for private root *///from ww w . ja v a2 s.co m @Test public void uri() { // given // when(sitemap.getPrivateRoot()).thenReturn("private"); // when(sitemap.getPublicRoot()).thenReturn("public"); when(subjectIdentifer.userId()).thenReturn("ds"); PrincipalCollection pc = new SimplePrincipalCollection(); // when AuthorizationInfo info = realm.getAuthorizationInfo(pc); // then assertThat(info).isNotNull(); assertThat(info.getStringPermissions().contains("page:view:private:*")); }