/** * It reads key/value pair passed as a parameter and it calls to the right * {@link AuthorizationPolicyBuilder} method . * <p> * <p>The valid format for an key/value pair is specified in the <a href="#entriesFormat">class description</a>.</p> * @param builder The {@link AuthorizationPolicyBuilder} used to register the entry. * @param key The key to read * @param value The value to read */ public void read(AuthorizationPolicyBuilder builder, String key, String value) { this.read(builder, key, value, EVERYTHING); }
/** * It reads all the entries from the collection of property files passed as a parameter. For every entry * a call to the proper {@link AuthorizationPolicyBuilder} method is executed. * <p> * <p>The valid format for the entries is specified in the <a href="#entriesFormat">class description</a>.</p> * @param builder The {@link AuthorizationPolicyBuilder} used to register every processed entry. * @param input The property objects containing the authz policy entries */ public void read(AuthorizationPolicyBuilder builder, Map... input) { for (Map m : input) { // Process the global/default settings first in order to make sure the rest overwrite them and not viceversa m.forEach((x, y) -> read(builder, x.toString(), y.toString(), DEFAULT_ONLY)); } for (Map m : input) { // Process the rest of the settings m.forEach((x, y) -> read(builder, x.toString(), y.toString(), DEFAULT_EXCLUDED)); } }
/** * It reads key/value pair passed as a parameter and it calls to the right * {@link AuthorizationPolicyBuilder} method . * <p> * <p>The valid format for an key/value pair is specified in the <a href="#entriesFormat">class description</a>.</p> * @param builder The {@link AuthorizationPolicyBuilder} used to register the entry. * @param key The key to read * @param value The value to read * @param readMode The {@link ReadMode} determines if the specified key shall be included or excluded */ public void read(AuthorizationPolicyBuilder builder, String key, String value, ReadMode readMode) { Key keyObj = parse(key); if (isReadable(keyObj, readMode)) { read(builder, keyObj, value); } }
public AuthorizationPolicy loadPolicy(Path policyDir) { AuthorizationPolicyBuilder builder = permissionManager.newAuthorizationPolicy(); AuthorizationPolicyMarshaller marshaller = new AuthorizationPolicyMarshaller(); if (policyDir != null) { try { NonEscapedProperties properties = readPolicyProperties(policyDir); marshaller.read(builder, properties); } catch (IOException e) { logger.warn("Error loading security policy files", e); } } return builder.build(); }
@Override public FileVisitResult visitFile(final Path file, final BasicFileAttributes attrs) throws IOException { try { checkNotNull("file", file); checkNotNull("attrs", attrs); if (isPolicyFile(file)) { String content = ioService.readAllString(file); NonEscapedProperties props = new NonEscapedProperties(); props.load(new StringReader(content)); marshaller.read(builder, props); } } catch (final Exception e) { logger.error("Authz policy file VFS read error: " + file.getFileName(), e); return FileVisitResult.TERMINATE; } return FileVisitResult.CONTINUE; } });
@Test public void testDefaultPermissionsNotOverwrite() { Map<String, String> input = new HashMap<>(); input.put("default.permission.perspective.read.p1", "false"); input.put("default.permission.perspective.read.p2", "false"); input.put("role.user.permission.perspective.read", "true"); input.put("role.user.permission.perspective.read.p2", "false"); marshaller.read(builder, input); permissionManager.setAuthorizationPolicy(builder.build()); User user = createUserMock("user"); PermissionCollection pc = permissionManager.resolvePermissions(user, VotingStrategy.PRIORITY); assertEquals(pc.collection().size(), 2); assertEquals(pc.get("perspective.read").getResult(), AuthorizationResult.ACCESS_GRANTED); assertNull(pc.get("perspective.read.p1")); assertEquals(pc.get("perspective.read.p2").getResult(), AuthorizationResult.ACCESS_DENIED); }
@Test public void testDefaultPermissionsNotOverwrite() { Map<String, String> input = new HashMap<>(); input.put("default.permission.perspective.read.p1", "false"); input.put("default.permission.perspective.read.p2", "false"); input.put("role.user.permission.perspective.read", "true"); input.put("role.user.permission.perspective.read.p2", "false"); marshaller.read(builder, input); permissionManager.setAuthorizationPolicy(builder.build()); User user = createUserMock("user"); PermissionCollection pc = permissionManager.resolvePermissions(user, VotingStrategy.PRIORITY); assertEquals(pc.collection().size(), 2); assertEquals(pc.get("perspective.read").getResult(), AuthorizationResult.ACCESS_GRANTED); assertNull(pc.get("perspective.read.p1")); assertEquals(pc.get("perspective.read.p2").getResult(), AuthorizationResult.ACCESS_DENIED); }
@Test public void testOverwriteDefault() { Map<String, String> input = new HashMap<>(); input.put("default.permission.perspective.read", "false"); input.put("default.permission.perspective.read.HomePerspective", "true"); input.put("role.user.permission.perspective.read", "false"); input.put("role.user.permission.perspective.read.HomePerspective", "true"); input.put("role.user.permission.perspective.read.Sales dashboard", "true"); marshaller.read(builder, input); permissionManager.setAuthorizationPolicy(builder.build()); User user = createUserMock("user", "manager"); PermissionCollection pc = permissionManager.resolvePermissions(user, VotingStrategy.PRIORITY); assertEquals(pc.collection().size(), 3); assertEquals(pc.get("perspective.read").getResult(), AuthorizationResult.ACCESS_DENIED); assertEquals(pc.get("perspective.read.HomePerspective").getResult(), AuthorizationResult.ACCESS_GRANTED); assertEquals(pc.get("perspective.read.Sales dashboard").getResult(), AuthorizationResult.ACCESS_GRANTED); }
@Test public void testOverwriteDefault() { Map<String, String> input = new HashMap<>(); input.put("default.permission.perspective.read", "false"); input.put("default.permission.perspective.read.HomePerspective", "true"); input.put("role.user.permission.perspective.read", "false"); input.put("role.user.permission.perspective.read.HomePerspective", "true"); input.put("role.user.permission.perspective.read.Sales dashboard", "true"); marshaller.read(builder, input); permissionManager.setAuthorizationPolicy(builder.build()); User user = createUserMock("user", "manager"); PermissionCollection pc = permissionManager.resolvePermissions(user, VotingStrategy.PRIORITY); assertEquals(pc.collection().size(), 3); assertEquals(pc.get("perspective.read").getResult(), AuthorizationResult.ACCESS_DENIED); assertEquals(pc.get("perspective.read.HomePerspective").getResult(), AuthorizationResult.ACCESS_GRANTED); assertEquals(pc.get("perspective.read.Sales dashboard").getResult(), AuthorizationResult.ACCESS_GRANTED); }
NonEscapedProperties input = new NonEscapedProperties(); input.load(Files.newBufferedReader(policyPath)); marshaller.read(builder, input);
NonEscapedProperties input = new NonEscapedProperties(); input.load(Files.newBufferedReader(policyPath)); marshaller.read(builder, input);