@Override public Collection<ResourcePermission> getRequiredPermissions(String regionName) { return Collections.singletonList(new ResourcePermission(ResourcePermission.Resource.DATA, ResourcePermission.Operation.READ, regionName)); }
@Override public boolean authorize(final Object principal, final ResourcePermission permission) { String[] principals = principal.toString().toLowerCase().split(","); for (String role : principals) { String permissionString = permission.toString().replace(":", "").toLowerCase(); if (permissionString.startsWith(role)) return true; } return false; }
@Override public void authorize(ResourcePermission context, Subject currentUser) { if (context == null) { return; } if (context.getResource() == Resource.NULL && context.getOperation() == Operation.NULL) { return; } try { currentUser.checkPermission(context); } catch (ShiroException e) { String msg = currentUser.getPrincipal() + " not authorized for " + context; logger.info("NotAuthorizedException: {}", msg); throw new NotAuthorizedException(msg, e); } }
@Test public void testConstructor() { ResourcePermission permission = new ResourcePermission(); assertThat(Resource.NULL).isEqualTo(permission.getResource()); assertThat(Operation.NULL).isEqualTo(permission.getOperation()); assertThat(ResourcePermission.ALL).isEqualTo(permission.getTarget()); permission = new ResourcePermission(); assertThat(Resource.NULL).isEqualTo(permission.getResource()); assertThat(Operation.NULL).isEqualTo(permission.getOperation()); assertThat(ResourcePermission.ALL).isEqualTo(permission.getTarget()); permission = new ResourcePermission(Resource.DATA, null); assertThat(Resource.DATA).isEqualTo(permission.getResource()); assertThat(Operation.NULL).isEqualTo(permission.getOperation()); assertThat(ResourcePermission.ALL).isEqualTo(permission.getTarget()); permission = new ResourcePermission(Resource.CLUSTER, null); assertThat(Resource.CLUSTER).isEqualTo(permission.getResource()); assertThat(Operation.NULL).isEqualTo(permission.getOperation()); assertThat(ResourcePermission.ALL).isEqualTo(permission.getTarget()); permission = new ResourcePermission(null, Operation.MANAGE, "REGIONA"); assertThat(Resource.NULL).isEqualTo(permission.getResource()); assertThat(Operation.MANAGE).isEqualTo(permission.getOperation()); assertThat("REGIONA").isEqualTo(permission.getTarget()); permission = new ResourcePermission(Resource.DATA, Operation.MANAGE, "REGIONA"); assertThat(Resource.DATA).isEqualTo(permission.getResource()); assertThat(Operation.MANAGE).isEqualTo(permission.getOperation());
@Test public void regionNameIsStripped() { ResourcePermission permission = new ResourcePermission("DATA", "READ", "/regionA"); assertThat(permission.getResource()).isEqualTo(Resource.DATA); assertThat(permission.getOperation()).isEqualTo(Operation.READ); assertThat(permission.getTarget()).isEqualTo("regionA"); assertThat(permission.getKey()).isEqualTo(ResourcePermission.ALL); }
@Test public void testToString() { ResourcePermission context = new ResourcePermission(); assertThat("NULL:NULL").isEqualTo(context.toString()); context = new ResourcePermission("data", "manage"); assertThat("DATA:MANAGE").isEqualTo(context.toString()); context = new ResourcePermission("data", "read", "regionA"); assertThat("DATA:READ:regionA").isEqualTo(context.toString()); context = new ResourcePermission("DATA", "READ", "/regionA", "key"); assertThat("DATA:READ:regionA:key").isEqualTo(context.toString()); context = new ResourcePermission(Resource.DATA, Operation.MANAGE, "REGIONA"); assertThat("DATA:MANAGE:REGIONA").isEqualTo(context.toString()); context = new ResourcePermission(Resource.DATA, Operation.MANAGE); assertThat("DATA:MANAGE").isEqualTo(context.toString()); context = new ResourcePermission("ALL", "READ"); assertThat(context.toString()).isEqualTo("*:READ"); context = new ResourcePermission("DATA", "ALL"); assertThat(context.toString()).isEqualTo("DATA"); context = new ResourcePermission("ALL", "ALL", "regionA", "*"); assertThat(context.toString()).isEqualTo("*:*:regionA"); }
@Test public void allImplies() { ResourcePermission permission = ResourcePermissions.ALL; assertThat(permission.implies(new ResourcePermission("DATA", "READ"))).isTrue(); assertThat(permission.implies(new ResourcePermission("DATA", "WRITE"))).isTrue(); assertThat(permission.implies(new ResourcePermission("DATA", "MANAGE"))).isTrue(); assertThat(permission.implies(new ResourcePermission("CLUSTER", "READ"))).isTrue(); assertThat(permission.implies(new ResourcePermission("CLUSTER", "WRITE"))).isTrue(); assertThat(permission.implies(new ResourcePermission("CLUSTER", "MANAGE"))).isTrue(); permission = ResourcePermissions.DATA_ALL; assertThat(permission.implies(new ResourcePermission("DATA", "READ"))).isTrue(); assertThat(permission.implies(new ResourcePermission("DATA", "WRITE"))).isTrue(); assertThat(permission.implies(new ResourcePermission("DATA", "MANAGE"))).isTrue(); assertThat(permission.implies(new ResourcePermission("CLUSTER", "READ"))).isFalse(); assertThat(permission.implies(new ResourcePermission("CLUSTER", "WRITE"))).isFalse(); assertThat(permission.implies(new ResourcePermission("CLUSTER", "MANAGE"))).isFalse(); permission = ResourcePermissions.CLUSTER_ALL; assertThat(permission.implies(new ResourcePermission("DATA", "READ"))).isFalse(); assertThat(permission.implies(new ResourcePermission("DATA", "WRITE"))).isFalse(); assertThat(permission.implies(new ResourcePermission("DATA", "MANAGE"))).isFalse(); assertThat(permission.implies(new ResourcePermission("CLUSTER", "READ"))).isTrue(); assertThat(permission.implies(new ResourcePermission("CLUSTER", "WRITE"))).isTrue(); assertThat(permission.implies(new ResourcePermission("CLUSTER", "MANAGE"))).isTrue(); }
/** * @deprecated use getTarget() */ public String getRegionName() { return getTarget(); }
@Test public void testEmptyConstructor() { ResourcePermission context = new ResourcePermission(); assertThat(Resource.NULL).isEqualTo(context.getResource()); assertThat(Operation.NULL).isEqualTo(context.getOperation()); assertThat(ResourcePermission.ALL).isEqualTo(context.getTarget()); }
@Override public Collection<ResourcePermission> getRequiredPermissions(String regionName) { return Collections.singletonList(new ResourcePermission(ResourcePermission.Resource.DATA, ResourcePermission.Operation.READ, regionName)); }
@Override public void authorize(final ResourcePermission context) { if (context == null) { return; } if (context.getResource() == Resource.NULL && context.getOperation() == Operation.NULL) { return; } Subject currentUser = getSubject(); try { currentUser.checkPermission(context); } catch (ShiroException e) { String msg = currentUser.getPrincipal() + " not authorized for " + context; logger.info("NotAuthorizedException: {}", msg); throw new NotAuthorizedException(msg, e); } }
@Override public boolean authorize(final Object principal, final ResourcePermission permission) { String[] principals = principal.toString().toLowerCase().split(","); for (String role : principals) { String permissionString = permission.toString().replace(":", "").toLowerCase(); if (permissionString.startsWith(role)) return true; } return false; }
@Override public Collection<ResourcePermission> getRequiredPermissions(String onRegion) { return Collections.singletonList(new ResourcePermission(DATA, READ, onRegion)); }
@Override public void authorize(Resource resource, Operation operation, Target target, String key) { authorize(new ResourcePermission(resource, operation, target, key)); }
@Override public void authorize(Resource resource, Operation operation, String target, String key) { authorize(new ResourcePermission(resource, operation, target, key)); }
void authorize(ResourcePermission resourcePermission);
String keyPart = (keys != null) ? keys : "*"; role.permissions.add(new ResourcePermission(Resource.valueOf(resourcePart), Operation.valueOf(operationPart), regionPart, keyPart));
String keyPart = (keys != null) ? keys : "*"; role.permissions.add(new ResourcePermission(Resource.valueOf(resourcePart), Operation.valueOf(operationPart), regionPart, keyPart));
@Test public void invalidResourceOperation() { assertThatThrownBy(() -> new ResourcePermission("invalid", "invalid")) .isInstanceOf(java.lang.IllegalArgumentException.class); }
private void authorize(ResourcePermission.Resource resource, ResourcePermission.Operation operation, String region, String key) { doNothing().when(security).authorize(resource, operation, region, key); doNothing().when(security).authorize(new ResourcePermission(resource, operation, region, key)); }