private void verifyAuthFailure(EntityId entity, Principal principal, Action action) throws Exception { try { get().enforce(entity, principal, action); Assert.fail(String.format("Expected authorization failure, but it succeeded for entity %s, principal %s," + " action %s", entity, principal, action)); } catch (UnauthorizedException expected) { // expected } } }
@Test public void testSimple() throws Exception { Authorizer authorizer = get(); verifyAuthFailure(namespace, user, Action.READ); authorizer.grant(Authorizable.fromEntityId(namespace), user, Collections.singleton(Action.READ)); authorizer.enforce(namespace, user, Action.READ); Set<Privilege> expectedPrivileges = new HashSet<>(); expectedPrivileges.add(new Privilege(namespace, Action.READ)); Assert.assertEquals(expectedPrivileges, authorizer.listPrivileges(user)); authorizer.revoke(Authorizable.fromEntityId(namespace), user, Collections.singleton(Action.READ)); verifyAuthFailure(namespace, user, Action.READ); }
@Test public void testWildcard() throws Exception { Authorizer authorizer = get(); verifyAuthFailure(namespace, user, Action.READ); authorizer.grant(Authorizable.fromEntityId(namespace), user, EnumSet.allOf(Action.class)); authorizer.enforce(namespace, user, Action.READ); authorizer.enforce(namespace, user, Action.WRITE); authorizer.enforce(namespace, user, Action.ADMIN); authorizer.enforce(namespace, user, Action.EXECUTE); authorizer.revoke(Authorizable.fromEntityId(namespace), user, EnumSet.allOf(Action.class)); verifyAuthFailure(namespace, user, Action.READ); }
@Test public void testAll() throws Exception { Authorizer authorizer = get(); verifyAuthFailure(namespace, user, Action.READ); authorizer.grant(Authorizable.fromEntityId(namespace), user, EnumSet.allOf(Action.class)); authorizer.enforce(namespace, user, Action.READ); authorizer.enforce(namespace, user, Action.WRITE); authorizer.enforce(namespace, user, Action.ADMIN); authorizer.enforce(namespace, user, Action.EXECUTE); authorizer.revoke(Authorizable.fromEntityId(namespace), user, EnumSet.allOf(Action.class)); verifyAuthFailure(namespace, user, Action.READ); Principal role = new Principal("admins", Principal.PrincipalType.ROLE); authorizer.grant(Authorizable.fromEntityId(namespace), user, Collections.singleton(Action.READ)); authorizer.grant(Authorizable.fromEntityId(namespace), role, EnumSet.allOf(Action.class)); authorizer.revoke(Authorizable.fromEntityId(namespace)); verifyAuthFailure(namespace, user, Action.READ); verifyAuthFailure(namespace, role, Action.ADMIN); verifyAuthFailure(namespace, role, Action.READ); verifyAuthFailure(namespace, role, Action.WRITE); verifyAuthFailure(namespace, role, Action.EXECUTE); }
@Test public void testRBAC() throws Exception { Authorizer authorizer = get();