Tabnine Logo
Authorizer.enforce
Code IndexAdd Tabnine to your IDE (free)

How to use
enforce
method
in
co.cask.cdap.security.spi.authorization.Authorizer

Best Java code snippets using co.cask.cdap.security.spi.authorization.Authorizer.enforce (Showing top 8 results out of 315)

origin: cdapio/cdap

private void assertAllAccess(Principal principal, EntityId... entityIds) throws Exception {
 for (EntityId entityId : entityIds) {
  getAuthorizer().enforce(entityId, principal, EnumSet.allOf(Action.class));
 }
}
origin: cdapio/cdap

 private void verifyAuthFailure(EntityId entity, Principal principal, Action action) throws Exception {
  try {
   get().enforce(entity, principal, action);
   Assert.fail(String.format("Expected authorization failure, but it succeeded for entity %s, principal %s," +
                 " action %s", entity, principal, action));
  } catch (UnauthorizedException expected) {
   // expected
  }
 }
}
origin: cdapio/cdap

@Test
public void testWildcard() throws Exception {
 Authorizer authorizer = get();
 verifyAuthFailure(namespace, user, Action.READ);
 authorizer.grant(Authorizable.fromEntityId(namespace), user, EnumSet.allOf(Action.class));
 authorizer.enforce(namespace, user, Action.READ);
 authorizer.enforce(namespace, user, Action.WRITE);
 authorizer.enforce(namespace, user, Action.ADMIN);
 authorizer.enforce(namespace, user, Action.EXECUTE);
 authorizer.revoke(Authorizable.fromEntityId(namespace), user, EnumSet.allOf(Action.class));
 verifyAuthFailure(namespace, user, Action.READ);
}
origin: cdapio/cdap

private void doEnforce(EntityId entity, Principal principal, Set<Action> actions) throws Exception {
 // bypass the check when the principal is the master user and the entity is in the system namespace
 if (isAccessingSystemNSAsMasterUser(entity, principal) || isEnforcingOnSamePrincipalId(entity, principal)) {
  return;
 }
 LOG.trace("Enforcing actions {} on {} for principal {}.", actions, entity, principal);
 // create new stopwatch instance every time enforce is called since the DefaultAuthorizationEnforcer is binded as
 // singleton we don't want the stopwatch instance to get re-used across multiple calls.
 StopWatch watch = new StopWatch();
 watch.start();
 try {
  authorizerInstantiator.get().enforce(entity, principal, actions);
 } finally {
  watch.stop();
  long timeTaken = watch.getTime();
  String logLine = "Enforced actions {} on {} for principal {}. Time spent in enforcement was {} ms.";
  if (timeTaken > logTimeTakenAsWarn) {
   LOG.warn(logLine, actions, entity, principal, watch.getTime());
  } else {
   LOG.trace(logLine, actions, entity, principal, watch.getTime());
  }
 }
}
origin: cdapio/cdap

@Test
public void testSimple() throws Exception {
 Authorizer authorizer = get();
 verifyAuthFailure(namespace, user, Action.READ);
 authorizer.grant(Authorizable.fromEntityId(namespace), user, Collections.singleton(Action.READ));
 authorizer.enforce(namespace, user, Action.READ);
 Set<Privilege> expectedPrivileges = new HashSet<>();
 expectedPrivileges.add(new Privilege(namespace, Action.READ));
 Assert.assertEquals(expectedPrivileges, authorizer.listPrivileges(user));
 authorizer.revoke(Authorizable.fromEntityId(namespace), user, Collections.singleton(Action.READ));
 verifyAuthFailure(namespace, user, Action.READ);
}
origin: cdapio/cdap

@Test
public void testAll() throws Exception {
 Authorizer authorizer = get();
 verifyAuthFailure(namespace, user, Action.READ);
 authorizer.grant(Authorizable.fromEntityId(namespace), user, EnumSet.allOf(Action.class));
 authorizer.enforce(namespace, user, Action.READ);
 authorizer.enforce(namespace, user, Action.WRITE);
 authorizer.enforce(namespace, user, Action.ADMIN);
 authorizer.enforce(namespace, user, Action.EXECUTE);
 authorizer.revoke(Authorizable.fromEntityId(namespace), user, EnumSet.allOf(Action.class));
 verifyAuthFailure(namespace, user, Action.READ);
 Principal role = new Principal("admins", Principal.PrincipalType.ROLE);
 authorizer.grant(Authorizable.fromEntityId(namespace), user, Collections.singleton(Action.READ));
 authorizer.grant(Authorizable.fromEntityId(namespace), role, EnumSet.allOf(Action.class));
 authorizer.revoke(Authorizable.fromEntityId(namespace));
 verifyAuthFailure(namespace, user, Action.READ);
 verifyAuthFailure(namespace, role, Action.ADMIN);
 verifyAuthFailure(namespace, role, Action.READ);
 verifyAuthFailure(namespace, role, Action.WRITE);
 verifyAuthFailure(namespace, role, Action.EXECUTE);
}
origin: cdapio/cdap

authorizer.enforce(ns1, spiderman, Action.READ);
origin: cdapio/cdap

 authorizer.enforce(SYSTEM_ARTIFACT, ALICE, EnumSet.allOf(Action.class));
 Assert.fail();
} catch (UnauthorizedException e) {
co.cask.cdap.security.spi.authorizationAuthorizerenforce

Popular methods of Authorizer

  • grant
  • listPrivileges
  • revoke
  • addRoleToPrincipal
    Add a role to the specified Principal.
  • createRole
    Create a role.
  • dropRole
    Drop a role.
  • isVisible
  • listAllRoles
    Returns all available Role. Only a super user can perform this operation.
  • listRoles
    Returns a set of all Role for the specified Principal.
  • removeRoleFromPrincipal
    Delete a role from the specified Principal.
  • destroy
    Destroys an Authorizer. Authorization extensions can use this method to write any cleanup code.
  • initialize
    Initialize the Authorizer. Authorization extensions can use this method to access an AuthorizationCo
  • destroy,
  • initialize

Popular in Java

  • Creating JSON documents from java classes using gson
  • getSystemService (Context)
  • getResourceAsStream (ClassLoader)
  • putExtra (Intent)
  • Rectangle (java.awt)
    A Rectangle specifies an area in a coordinate space that is enclosed by the Rectangle object's top-
  • BufferedReader (java.io)
    Wraps an existing Reader and buffers the input. Expensive interaction with the underlying reader is
  • Hashtable (java.util)
    A plug-in replacement for JDK1.5 java.util.Hashtable. This version is based on org.cliffc.high_scale
  • LinkedHashMap (java.util)
    LinkedHashMap is an implementation of Map that guarantees iteration order. All optional operations a
  • DateTimeFormat (org.joda.time.format)
    Factory that creates instances of DateTimeFormatter from patterns and styles. Datetime formatting i
  • Option (scala)
  • Top Vim plugins
Tabnine Logo

  • Products

    Search for Java codeSearch for JavaScript code

  • IDE Plugins

    IntelliJ IDEAWebStormVisual StudioAndroid StudioEclipseVisual Studio CodePyCharmSublime TextPhpStormVimGoLandRubyMineEmacsJupyter NotebookJupyter LabRiderDataGripAppCode

  • Company

    About UsContact UsCareers

  • Resources

    FAQBlogTabnine AcademyTerms of usePrivacy policyJava Code IndexJavascript Code Index
Get Tabnine for your IDE now