public AuthorizationPolicy loadPolicy(Path policyDir) { AuthorizationPolicyBuilder builder = permissionManager.newAuthorizationPolicy(); AuthorizationPolicyMarshaller marshaller = new AuthorizationPolicyMarshaller(); if (policyDir != null) { try { NonEscapedProperties properties = readPolicyProperties(policyDir); marshaller.read(builder, properties); } catch (IOException e) { logger.warn("Error loading security policy files", e); } } return builder.build(); }
@Test public void testRoleMissing() { assertThatThrownBy(() -> marshaller.parse("role..priority")) .isInstanceOf(IllegalArgumentException.class) .hasMessage("Role value is empty"); }
AuthorizationPolicyMarshaller marshaller = new AuthorizationPolicyMarshaller(); NonEscapedProperties entries = new NonEscapedProperties(); marshaller.write(policy, entries);
/** * It reads key/value pair passed as a parameter and it calls to the right * {@link AuthorizationPolicyBuilder} method . * <p> * <p>The valid format for an key/value pair is specified in the <a href="#entriesFormat">class description</a>.</p> * @param builder The {@link AuthorizationPolicyBuilder} used to register the entry. * @param key The key to read * @param value The value to read * @param readMode The {@link ReadMode} determines if the specified key shall be included or excluded */ public void read(AuthorizationPolicyBuilder builder, String key, String value, ReadMode readMode) { Key keyObj = parse(key); if (isReadable(keyObj, readMode)) { read(builder, keyObj, value); } }
/** * It reads key/value pair passed as a parameter and it calls to the right * {@link AuthorizationPolicyBuilder} method . * <p> * <p>The valid format for an key/value pair is specified in the <a href="#entriesFormat">class description</a>.</p> * @param builder The {@link AuthorizationPolicyBuilder} used to register the entry. * @param key The key to read * @param value The value to read */ public void read(AuthorizationPolicyBuilder builder, String key, String value) { this.read(builder, key, value, EVERYTHING); }
AuthorizationPolicyMarshaller marshaller = new AuthorizationPolicyMarshaller();
write(policy.getHomePerspective(), out); write(policy.getPermissions(), out); write(subject, policy.getHomePerspective(subject), out); write(subject, policy.getPriority(subject), out); write(subject, policy.getPermissions(subject), out); write(subject, policy.getHomePerspective(subject), out); write(subject, policy.getPriority(subject), out); write(subject, policy.getPermissions(subject), out);
/** * It reads all the entries from the collection of property files passed as a parameter. For every entry * a call to the proper {@link AuthorizationPolicyBuilder} method is executed. * <p> * <p>The valid format for the entries is specified in the <a href="#entriesFormat">class description</a>.</p> * @param builder The {@link AuthorizationPolicyBuilder} used to register every processed entry. * @param input The property objects containing the authz policy entries */ public void read(AuthorizationPolicyBuilder builder, Map... input) { for (Map m : input) { // Process the global/default settings first in order to make sure the rest overwrite them and not viceversa m.forEach((x, y) -> read(builder, x.toString(), y.toString(), DEFAULT_ONLY)); } for (Map m : input) { // Process the rest of the settings m.forEach((x, y) -> read(builder, x.toString(), y.toString(), DEFAULT_EXCLUDED)); } }
@Before public void setUp() { permissionManager = new DefaultPermissionManager(new DefaultPermissionTypeRegistry()); builder = permissionManager.newAuthorizationPolicy(); marshaller = new AuthorizationPolicyMarshaller(); }
marshaller.write(policy, output);
@Test public void testRoleMissing() { assertThatThrownBy(() -> marshaller.parse("role..priority")) .isInstanceOf(IllegalArgumentException.class) .hasMessage("Role value is empty"); }
@Override public FileVisitResult visitFile(final Path file, final BasicFileAttributes attrs) throws IOException { try { checkNotNull("file", file); checkNotNull("attrs", attrs); if (isPolicyFile(file)) { String content = ioService.readAllString(file); NonEscapedProperties props = new NonEscapedProperties(); props.load(new StringReader(content)); marshaller.read(builder, props); } } catch (final Exception e) { logger.error("Authz policy file VFS read error: " + file.getFileName(), e); return FileVisitResult.TERMINATE; } return FileVisitResult.CONTINUE; } });
@Before public void setUp() { permissionManager = new DefaultPermissionManager(new DefaultPermissionTypeRegistry()); builder = permissionManager.newAuthorizationPolicy(); marshaller = new AuthorizationPolicyMarshaller(); }
marshaller.write(policy, output);
@Test public void testIncompleteEntry() { assertThatThrownBy(() -> marshaller.parse("role")) .isInstanceOf(IllegalArgumentException.class) .hasMessage("Role value is empty"); }
@Test public void testDefaultPermissionsNotOverwrite() { Map<String, String> input = new HashMap<>(); input.put("default.permission.perspective.read.p1", "false"); input.put("default.permission.perspective.read.p2", "false"); input.put("role.user.permission.perspective.read", "true"); input.put("role.user.permission.perspective.read.p2", "false"); marshaller.read(builder, input); permissionManager.setAuthorizationPolicy(builder.build()); User user = createUserMock("user"); PermissionCollection pc = permissionManager.resolvePermissions(user, VotingStrategy.PRIORITY); assertEquals(pc.collection().size(), 2); assertEquals(pc.get("perspective.read").getResult(), AuthorizationResult.ACCESS_GRANTED); assertNull(pc.get("perspective.read.p1")); assertEquals(pc.get("perspective.read.p2").getResult(), AuthorizationResult.ACCESS_DENIED); }
@Test public void testTypeMissing() { assertThatThrownBy(() -> marshaller.parse(".admin.priority")) .isInstanceOf(IllegalArgumentException.class) .hasMessage("Key must start with [default|role|group]"); }
@Test public void testDefaultPermissionsNotOverwrite() { Map<String, String> input = new HashMap<>(); input.put("default.permission.perspective.read.p1", "false"); input.put("default.permission.perspective.read.p2", "false"); input.put("role.user.permission.perspective.read", "true"); input.put("role.user.permission.perspective.read.p2", "false"); marshaller.read(builder, input); permissionManager.setAuthorizationPolicy(builder.build()); User user = createUserMock("user"); PermissionCollection pc = permissionManager.resolvePermissions(user, VotingStrategy.PRIORITY); assertEquals(pc.collection().size(), 2); assertEquals(pc.get("perspective.read").getResult(), AuthorizationResult.ACCESS_GRANTED); assertNull(pc.get("perspective.read.p1")); assertEquals(pc.get("perspective.read.p2").getResult(), AuthorizationResult.ACCESS_DENIED); }
@Test public void testTypeMissing() { assertThatThrownBy(() -> marshaller.parse(".admin.priority")) .isInstanceOf(IllegalArgumentException.class) .hasMessage("Key must start with [default|role|group]"); }
@Test public void testOverwriteDefault() { Map<String, String> input = new HashMap<>(); input.put("default.permission.perspective.read", "false"); input.put("default.permission.perspective.read.HomePerspective", "true"); input.put("role.user.permission.perspective.read", "false"); input.put("role.user.permission.perspective.read.HomePerspective", "true"); input.put("role.user.permission.perspective.read.Sales dashboard", "true"); marshaller.read(builder, input); permissionManager.setAuthorizationPolicy(builder.build()); User user = createUserMock("user", "manager"); PermissionCollection pc = permissionManager.resolvePermissions(user, VotingStrategy.PRIORITY); assertEquals(pc.collection().size(), 3); assertEquals(pc.get("perspective.read").getResult(), AuthorizationResult.ACCESS_DENIED); assertEquals(pc.get("perspective.read.HomePerspective").getResult(), AuthorizationResult.ACCESS_GRANTED); assertEquals(pc.get("perspective.read.Sales dashboard").getResult(), AuthorizationResult.ACCESS_GRANTED); }