List of usage examples for org.apache.shiro.authz SimpleAuthorizationInfo addObjectPermission
public void addObjectPermission(Permission permission)
From source file:com.stormpath.shiro.realm.ApplicationRealm.java
License:Apache License
@Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { assertState();/*from w w w . ja v a2 s . c o m*/ SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); String href = getAccountHref(principals); //TODO resource expansion (account + groups in one request instead of two): Account account = getClient().getDataStore().getResource(href, Account.class); GroupList groups = account.getGroups(); for (Group group : groups) { Set<String> groupRoles = resolveRoles(group); for (String roleName : groupRoles) { info.addRole(roleName); } Set<Permission> permissions = resolvePermissions(group); for (Permission permission : permissions) { info.addObjectPermission(permission); } } //since 0.3: Set<String> accountRoles = resolveRoles(account); for (String roleName : accountRoles) { info.addRole(roleName); } //since 0.3: Set<Permission> accountPermissions = resolvePermissions(account); for (Permission permission : accountPermissions) { info.addObjectPermission(permission); } if (CollectionUtils.isEmpty(info.getRoles()) && CollectionUtils.isEmpty(info.getObjectPermissions()) && CollectionUtils.isEmpty(info.getStringPermissions())) { //no authorization data associated with the Account return null; } return info; }
From source file:ddf.security.pdp.realm.test.AuthzRealmTest.java
License:Open Source License
@Before public void setup() throws PdpException { String ruleClaim = "FineAccessControls"; String countryClaim = "CountryOfAffiliation"; // setup the subject permissions List<Permission> permissions = new ArrayList<>(); KeyValuePermission rulePermission = new KeyValuePermission(ruleClaim); rulePermission.addValue("A"); rulePermission.addValue("B"); permissions.add(rulePermission);// w ww . j a v a2s . co m KeyValuePermission countryPermission = new KeyValuePermission(countryClaim); countryPermission.addValue("AUS"); permissions.add(countryPermission); SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); authorizationInfo.addObjectPermission(rulePermission); authorizationInfo.addObjectPermission(countryPermission); authorizationInfo.addObjectPermission(new KeyValuePermission("role", Arrays.asList("admin"))); authorizationInfo.addRole("admin"); authorizationInfo.addStringPermission("wild"); testRealm = new AuthzRealm("src/test/resources/policies", new XmlParser()) { @Override public AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals) { return authorizationInfo; } }; mockSubjectPrincipal = Mockito.mock(PrincipalCollection.class); when(mockSubjectPrincipal.getPrimaryPrincipal()).thenReturn("user"); // setup the resource permissions permissionList = new ArrayList<>(); security = new HashMap<>(); security.put("country", Arrays.asList("AUS", "CAN", "GBR")); security.put("rule", Arrays.asList("A", "B")); testRealm.setMatchOneMappings(Arrays.asList("CountryOfAffiliation=country")); testRealm.setMatchAllMappings(Arrays.asList("FineAccessControls=rule")); testRealm.setRolePermissionResolver( roleString -> Arrays.asList(new KeyValuePermission("role", Arrays.asList(roleString)))); }
From source file:ddf.security.pdp.realm.test.AuthzRealmTest.java
License:Open Source License
@Test public void testIsPermittedOneMultiple() throws PdpException { permissionList.clear();//w w w. j av a 2s . com KeyValuePermission kvp = new KeyValuePermission("country", Arrays.asList("AUS", "CAN", "GBR")); permissionList.add(kvp); String ruleClaim = "FineAccessControls"; String countryClaim = "CountryOfAffiliation"; // create a new user here with multiple country permissions to test List<Permission> permissions = new ArrayList<Permission>(); KeyValuePermission rulePermission = new KeyValuePermission(ruleClaim); rulePermission.addValue("A"); rulePermission.addValue("B"); permissions.add(rulePermission); KeyValuePermission countryPermission = new KeyValuePermission(countryClaim); countryPermission.addValue("USA"); countryPermission.addValue("AUS"); permissions.add(countryPermission); SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); authorizationInfo.addObjectPermission(rulePermission); authorizationInfo.addObjectPermission(countryPermission); authorizationInfo.addRole("admin"); AuthzRealm testRealm = new AuthzRealm("src/test/resources/policies", new XmlParser()) { @Override public AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals) { return authorizationInfo; } }; testRealm.setMatchOneMappings(Arrays.asList("CountryOfAffiliation=country")); testRealm.setMatchAllMappings(Arrays.asList("FineAccessControls=rule")); testRealm.setRolePermissionResolver( roleString -> Arrays.asList(new KeyValuePermission("role", Arrays.asList(roleString)))); boolean[] permittedArray = testRealm.isPermitted(mockSubjectPrincipal, permissionList); for (boolean permitted : permittedArray) { Assert.assertEquals(true, permitted); } }
From source file:ddf.security.pdp.realm.test.SimpleAuthzRealmTest.java
License:Open Source License
@Before public void setup() { testRealm = new SimpleAuthzRealm(); String ruleClaim = "FineAccessControls"; String countryClaim = "CountryOfAffiliation"; // setup the subject permissions List<Permission> permissions = new ArrayList<Permission>(); KeyValuePermission rulePermission = new KeyValuePermission(ruleClaim); rulePermission.addValue("A"); rulePermission.addValue("B"); permissions.add(rulePermission);/*ww w .j a va 2 s. c o m*/ KeyValuePermission countryPermission = new KeyValuePermission(countryClaim); countryPermission.addValue("AUS"); permissions.add(countryPermission); SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); authorizationInfo.addObjectPermission(rulePermission); authorizationInfo.addObjectPermission(countryPermission); authorizationInfo.addRole("admin"); // setup the resource permissions permissionList = new ArrayList<Permission>(); security = new HashMap<String, List<String>>(); security.put("country", Arrays.asList("AUS", "CAN", "GBR")); security.put("rule", Arrays.asList("A", "B")); testRealm.setAuthorizationInfo(authorizationInfo); testRealm.setMatchOneMappings(Arrays.asList("CountryOfAffiliation=country")); testRealm.setMatchAllMappings(Arrays.asList("FineAccessControls=rule")); }
From source file:ddf.security.pdp.realm.test.SimpleAuthzRealmTest.java
License:Open Source License
@Test public void testIsPermittedOneMultiple() { permissionList.clear();//from w w w. j a v a 2 s . c om KeyValuePermission kvp = new KeyValuePermission("country", Arrays.asList("AUS", "CAN", "GBR")); permissionList.add(kvp); String ruleClaim = "FineAccessControls"; String countryClaim = "CountryOfAffiliation"; // create a new user here with multiple country permissions to test List<Permission> permissions = new ArrayList<Permission>(); KeyValuePermission rulePermission = new KeyValuePermission(ruleClaim); rulePermission.addValue("A"); rulePermission.addValue("B"); permissions.add(rulePermission); KeyValuePermission countryPermission = new KeyValuePermission(countryClaim); countryPermission.addValue("USA"); countryPermission.addValue("AUS"); permissions.add(countryPermission); SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); authorizationInfo.addObjectPermission(rulePermission); authorizationInfo.addObjectPermission(countryPermission); authorizationInfo.addRole("admin"); testRealm.setAuthorizationInfo(authorizationInfo); PrincipalCollection mockSubjectPrincipal = Mockito.mock(PrincipalCollection.class); boolean[] permittedArray = testRealm.isPermitted(mockSubjectPrincipal, permissionList); for (boolean permitted : permittedArray) { Assert.assertEquals(true, permitted); } }
From source file:edu.upenn.cis.ppod.security.PPodRealm.java
License:Apache License
@Override protected AuthorizationInfo doGetAuthorizationInfo(final PrincipalCollection principals) { final Long userId = (Long) principals.fromRealm(getName()).iterator().next(); final User pPodUser = daoFactory.getPPodUserDAO().findById(userId, false); if (pPodUser != null) { final SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); for (final Permission permission : pPodUser.getPermissions()) { info.addObjectPermission(permission); }//from w ww . ja va 2 s . c om for (final Role pPodRole : pPodUser.getRoles()) { info.addRole(pPodRole.getName()); for (final Permission permission : pPodRole.getPermissions()) { info.addObjectPermission(permission); } } return info; } else { return null; } }
From source file:org.fcrepo.auth.webac.WebACAuthorizingRealm.java
License:Apache License
private void addPermissions(final SimpleAuthorizationInfo authzInfo, final Map<URI, Map<String, Collection<String>>> rolesForURI, final String agentName) { if (rolesForURI != null) { for (final URI uri : rolesForURI.keySet()) { log.debug("Adding permissions gathered for URI {}", uri); final Map<String, Collection<String>> roles = rolesForURI.get(uri); final Collection<String> modesForUser = roles.get(agentName); if (modesForUser != null) { // add WebACPermission instance for each mode in the Authorization for (final String mode : modesForUser) { final WebACPermission perm = new WebACPermission(URI.create(mode), uri); authzInfo.addObjectPermission(perm); log.debug("Added permission {}", perm); }/*from w w w . j a v a2 s .co m*/ } } } }
From source file:org.sonatype.security.realms.MemoryRealm.java
License:Open Source License
/** * This is where you build the list of permissions available to a user. * Note that these permissions are cached in memory, and will not be reloaded * until the clearAuthorizationCache() method is called. * /* w ww . ja v a2s . co m*/ * @see org.jsecurity.realm.AuthorizingRealm#doGetAuthorizationInfo(org.jsecurity.subject.PrincipalCollection) */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) { String username = (String) arg0.iterator().next(); SimpleAuthorizationInfo ai = new SimpleAuthorizationInfo(); for (String perm : authorizationMap.get(username)) { ai.addObjectPermission(new WildcardPermission(perm)); } return ai; }
From source file:StormpathShiro.src.main.java.com.stormpath.shiro.realm.ApplicationRealm.java
License:Apache License
@Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { assertState();/* ww w . j a v a2 s .c o m*/ SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); String href = getAccountHref(principals); //TODO resource expansion (account + groups in one request instead of two): Account account = getClient().getDataStore().getResource(href, Account.class); GroupList groups = account.getGroups(); for (Group group : groups) { Set<String> groupRoles = resolveRoles(group); for (String roleName : groupRoles) { info.addRole(roleName); } Set<Permission> permissions = resolvePermissions(group); for (Permission permission : permissions) { info.addObjectPermission(permission); } } //since 0.3: Set<String> accountRoles = resolveRoles(account); for (String roleName : accountRoles) { info.addRole(roleName); } //since 0.3: Set<Permission> accountPermissions = resolvePermissions(account); for (Permission permission : accountPermissions) { info.addObjectPermission(permission); } if (CollectionUtils.isEmpty(info.getRoles()) && CollectionUtils.isEmpty(info.getObjectPermissions()) && CollectionUtils.isEmpty(info.getStringPermissions())) { //no authorization data associated with the Account return null; } return info; }