private String[] getAllPermissionsAsStrings() { if (allPermissions[0] == null) { synchronized (allPermissions) { if (allPermissions[0] == null) { final Permission[] killbillPermissions = Permission.values(); for (int i = 0; i < killbillPermissions.length; i++) { allPermissions[i] = killbillPermissions[i].toString(); } } } } return allPermissions; }
@Test(groups = "slow") public void testAuthorization() throws SecurityApiException { final String username = "i like"; final String password = "c0ff33"; securityApi.addRoleDefinition("restricted", ImmutableList.of("account:*", "invoice", "tag:create_tag_definition"), callContext); securityApi.addUserRoles(username, password, ImmutableList.of("restricted"), callContext); final AuthenticationToken goodToken = new UsernamePasswordToken(username, password); final Subject subject = securityManager.login(null, goodToken); subject.checkPermission(Permission.ACCOUNT_CAN_CHARGE.toString()); subject.checkPermission(Permission.INVOICE_CAN_CREDIT.toString()); subject.checkPermission(Permission.TAG_CAN_CREATE_TAG_DEFINITION.toString()); try { subject.checkPermission(Permission.TAG_CAN_DELETE_TAG_DEFINITION.toString()); Assert.fail("Subject should not have rights to delete tag definitions"); } catch (AuthorizationException e) { } subject.logout(); securityApi.addRoleDefinition("newRestricted", ImmutableList.of("account:*", "invoice", "tag:delete_tag_definition"), callContext); securityApi.updateUserRoles(username, ImmutableList.of("newRestricted"), callContext); final Subject newSubject = securityManager.login(null, goodToken); newSubject.checkPermission(Permission.ACCOUNT_CAN_CHARGE.toString()); newSubject.checkPermission(Permission.INVOICE_CAN_CREDIT.toString()); newSubject.checkPermission(Permission.TAG_CAN_DELETE_TAG_DEFINITION.toString()); try { newSubject.checkPermission(Permission.TAG_CAN_CREATE_TAG_DEFINITION.toString()); Assert.fail("Subject should not have rights to create tag definitions"); } catch (AuthorizationException e) { } }
protected void configureShiro() { final Ini config = new Ini(); config.addSection("users"); config.getSection("users").put("pierre", "password, creditor"); config.getSection("users").put("stephane", "password, refunder"); config.addSection("roles"); config.getSection("roles").put("creditor", Permission.INVOICE_CAN_CREDIT.toString() + "," + Permission.INVOICE_CAN_ITEM_ADJUST.toString()); config.getSection("roles").put("refunder", Permission.PAYMENT_CAN_REFUND.toString()); // Reset the security manager ThreadContext.unbindSecurityManager(); final Factory<SecurityManager> factory = new IniSecurityManagerFactory(config); final SecurityManager securityManager = factory.getInstance(); SecurityUtils.setSecurityManager(securityManager); } }
private String[] getAllPermissionsAsStrings() { if (allPermissions[0] == null) { synchronized (allPermissions) { if (allPermissions[0] == null) { final Permission[] killbillPermissions = Permission.values(); for (int i = 0; i < killbillPermissions.length; i++) { allPermissions[i] = killbillPermissions[i].toString(); } } } } return allPermissions; }
protected void configureShiro() { final Ini config = new Ini(); config.addSection("users"); config.getSection("users").put("EntitlementUser", "password, entitlement"); config.addSection("roles"); config.getSection("roles").put("entitlement", Permission.ACCOUNT_CAN_CREATE.toString() + "," + Permission.ENTITLEMENT_CAN_CREATE.toString() + "," + Permission.ENTITLEMENT_CAN_CHANGE_PLAN.toString() + "," + Permission.ENTITLEMENT_CAN_PAUSE_RESUME.toString() + "," + Permission.ENTITLEMENT_CAN_TRANSFER.toString() + "," + Permission.ENTITLEMENT_CAN_CANCEL.toString()); // Reset the security manager ThreadContext.unbindSecurityManager(); final Factory<SecurityManager> factory = new IniSecurityManagerFactory(config); final SecurityManager securityManager = factory.getInstance(); SecurityUtils.setSecurityManager(securityManager); }
@Test(groups = "slow") public void testAuthorization() throws SecurityApiException { final String username = "i like"; final String password = "c0ff33"; securityApi.addRoleDefinition("restricted", ImmutableList.of("account:*", "invoice", "tag:create_tag_definition"), callContext); securityApi.addUserRoles(username, password, ImmutableList.of("restricted"), callContext); final AuthenticationToken goodToken = new UsernamePasswordToken(username, password); final Subject subject = securityManager.login(null, goodToken); subject.checkPermission(Permission.ACCOUNT_CAN_CHARGE.toString()); subject.checkPermission(Permission.INVOICE_CAN_CREDIT.toString()); subject.checkPermission(Permission.TAG_CAN_CREATE_TAG_DEFINITION.toString()); try { subject.checkPermission(Permission.TAG_CAN_DELETE_TAG_DEFINITION.toString()); Assert.fail("Subject should not have rights to delete tag definitions"); } catch (AuthorizationException e) { } subject.logout(); securityApi.addRoleDefinition("newRestricted", ImmutableList.of("account:*", "invoice", "tag:delete_tag_definition"), callContext); securityApi.updateUserRoles(username, ImmutableList.of("newRestricted"), callContext); final Subject newSubject = securityManager.login(null, goodToken); newSubject.checkPermission(Permission.ACCOUNT_CAN_CHARGE.toString()); newSubject.checkPermission(Permission.INVOICE_CAN_CREDIT.toString()); newSubject.checkPermission(Permission.TAG_CAN_DELETE_TAG_DEFINITION.toString()); try { newSubject.checkPermission(Permission.TAG_CAN_CREATE_TAG_DEFINITION.toString()); Assert.fail("Subject should not have rights to create tag definitions"); } catch (AuthorizationException e) { } }
protected void configureShiro() { final Ini config = new Ini(); config.addSection("users"); config.getSection("users").put("pierre", "password, creditor"); config.getSection("users").put("stephane", "password, refunder"); config.addSection("roles"); config.getSection("roles").put("creditor", Permission.INVOICE_CAN_CREDIT.toString() + "," + Permission.INVOICE_CAN_ITEM_ADJUST.toString()); config.getSection("roles").put("refunder", Permission.PAYMENT_CAN_REFUND.toString()); // Reset the security manager ThreadContext.unbindSecurityManager(); final Factory<SecurityManager> factory = new IniSecurityManagerFactory(config); final SecurityManager securityManager = factory.getInstance(); SecurityUtils.setSecurityManager(securityManager); } }