Package org.apache.qpid.server.security.access

Examples of org.apache.qpid.server.security.access.ObjectProperties


    public void testUserRuleParsing() throws Exception
    {
        validateRule(writeACLConfig("ACL ALLOW user1 CREATE USER"),
                "user1", Operation.CREATE, ObjectType.USER, ObjectProperties.EMPTY);
        validateRule(writeACLConfig("ACL ALLOW user1 CREATE USER name=\"otherUser\""),
                "user1", Operation.CREATE, ObjectType.USER, new ObjectProperties("otherUser"));

        validateRule(writeACLConfig("ACL ALLOW user1 DELETE USER"),
                "user1", Operation.DELETE, ObjectType.USER, ObjectProperties.EMPTY);
        validateRule(writeACLConfig("ACL ALLOW user1 DELETE USER name=\"otherUser\""),
                "user1", Operation.DELETE, ObjectType.USER, new ObjectProperties("otherUser"));

        validateRule(writeACLConfig("ACL ALLOW user1 UPDATE USER"),
                "user1", Operation.UPDATE, ObjectType.USER, ObjectProperties.EMPTY);
        validateRule(writeACLConfig("ACL ALLOW user1 UPDATE USER name=\"otherUser\""),
                "user1", Operation.UPDATE, ObjectType.USER, new ObjectProperties("otherUser"));

        validateRule(writeACLConfig("ACL ALLOW user1 ALL USER"),
                "user1", Operation.ALL, ObjectType.USER, ObjectProperties.EMPTY);
        validateRule(writeACLConfig("ACL ALLOW user1 ALL USER name=\"otherUser\""),
                "user1", Operation.ALL, ObjectType.USER, new ObjectProperties("otherUser"));
    }
View Full Code Here


    public void testGroupRuleParsing() throws Exception
    {
        validateRule(writeACLConfig("ACL ALLOW user1 CREATE GROUP"),
                "user1", Operation.CREATE, ObjectType.GROUP, ObjectProperties.EMPTY);
        validateRule(writeACLConfig("ACL ALLOW user1 CREATE GROUP name=\"groupName\""),
                "user1", Operation.CREATE, ObjectType.GROUP, new ObjectProperties("groupName"));

        validateRule(writeACLConfig("ACL ALLOW user1 DELETE GROUP"),
                "user1", Operation.DELETE, ObjectType.GROUP, ObjectProperties.EMPTY);
        validateRule(writeACLConfig("ACL ALLOW user1 DELETE GROUP name=\"groupName\""),
                "user1", Operation.DELETE, ObjectType.GROUP, new ObjectProperties("groupName"));

        validateRule(writeACLConfig("ACL ALLOW user1 UPDATE GROUP"),
                "user1", Operation.UPDATE, ObjectType.GROUP, ObjectProperties.EMPTY);
        validateRule(writeACLConfig("ACL ALLOW user1 UPDATE GROUP name=\"groupName\""),
                "user1", Operation.UPDATE, ObjectType.GROUP, new ObjectProperties("groupName"));

        validateRule(writeACLConfig("ACL ALLOW user1 ALL GROUP"),
                "user1", Operation.ALL, ObjectType.GROUP, ObjectProperties.EMPTY);
        validateRule(writeACLConfig("ACL ALLOW user1 ALL GROUP name=\"groupName\""),
                "user1", Operation.ALL, ObjectType.GROUP, new ObjectProperties("groupName"));
    }
View Full Code Here

    public void testAuthoriseAccessMethodWhenAllAccessOperationsAllowedOnAllComponents() throws ConfigurationException
    {
        final RuleSet rs = new RuleSet(mock(EventLoggerProvider.class));

        // grant user4 access right on any method in any component
        rs.grant(1, "user4", Permission.ALLOW, Operation.ACCESS, ObjectType.METHOD, new ObjectProperties(ObjectProperties.STAR));
        configureAccessControl(rs);
        Subject.doAs(TestPrincipalUtils.createTestSubject("user4"), new PrivilegedAction<Object>()
        {
            @Override
            public Object run()
            {
                ObjectProperties actionProperties = new ObjectProperties("getName");
                actionProperties.put(ObjectProperties.Property.COMPONENT, "Test");

                final Result result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, actionProperties);
                assertEquals(Result.ALLOWED, result);
                return null;
            }
View Full Code Here

    public void testAuthoriseAccessMethodWhenAllAccessOperationsAllowedOnSpecifiedComponent() throws ConfigurationException
    {
        final RuleSet rs = new RuleSet(mock(EventLoggerProvider.class));

        // grant user5 access right on any methods in "Test" component
        ObjectProperties ruleProperties = new ObjectProperties(ObjectProperties.STAR);
        ruleProperties.put(ObjectProperties.Property.COMPONENT, "Test");
        rs.grant(1, "user5", Permission.ALLOW, Operation.ACCESS, ObjectType.METHOD, ruleProperties);
        configureAccessControl(rs);
        Subject.doAs(TestPrincipalUtils.createTestSubject("user5"), new PrivilegedAction<Object>()
        {
            @Override
            public Object run()
            {
                ObjectProperties actionProperties = new ObjectProperties("getName");
                actionProperties.put(ObjectProperties.Property.COMPONENT, "Test");
                Result result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, actionProperties);
                assertEquals(Result.ALLOWED, result);

                actionProperties.put(ObjectProperties.Property.COMPONENT, "Test2");
                result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, actionProperties);
                assertEquals(Result.DEFER, result);
                return null;
            }
        });
View Full Code Here

    public void testAuthoriseAccessMethodWhenSpecifiedAccessOperationsAllowedOnSpecifiedComponent() throws ConfigurationException
    {
        final RuleSet rs = new RuleSet(mock(EventLoggerProvider.class));

        // grant user6 access right on "getAttribute" method in "Test" component
        ObjectProperties ruleProperties = new ObjectProperties("getAttribute");
        ruleProperties.put(ObjectProperties.Property.COMPONENT, "Test");
        rs.grant(1, "user6", Permission.ALLOW, Operation.ACCESS, ObjectType.METHOD, ruleProperties);
        configureAccessControl(rs);
        Subject.doAs(TestPrincipalUtils.createTestSubject("user6"), new PrivilegedAction<Object>()
        {
            @Override
            public Object run()
            {
                ObjectProperties properties = new ObjectProperties("getAttribute");
                properties.put(ObjectProperties.Property.COMPONENT, "Test");
                Result result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
                assertEquals(Result.ALLOWED, result);

                properties.put(ObjectProperties.Property.COMPONENT, "Test2");
                result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
                assertEquals(Result.DEFER, result);

                properties = new ObjectProperties("getAttribute2");
                properties.put(ObjectProperties.Property.COMPONENT, "Test");
                result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
                assertEquals(Result.DEFER, result);

                return null;
            }
View Full Code Here

    public void testAuthoriseAccessUpdateMethodWhenAllRightsGrantedOnSpecifiedMethodForAllComponents() throws ConfigurationException
    {
        final RuleSet rs = new RuleSet(mock(EventLoggerProvider.class));

        // grant user8 all rights on method queryNames in all component
        rs.grant(1, "user8", Permission.ALLOW, Operation.ALL, ObjectType.METHOD, new ObjectProperties("queryNames"));
        configureAccessControl(rs);
        Subject.doAs(TestPrincipalUtils.createTestSubject("user8"), new PrivilegedAction<Object>()
        {
            @Override
            public Object run()
            {
                ObjectProperties properties = new ObjectProperties();
                properties.put(ObjectProperties.Property.COMPONENT, "Test");
                properties.put(ObjectProperties.Property.NAME, "queryNames");

                Result result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
                assertEquals(Result.ALLOWED, result);

                result = _plugin.authorise(Operation.UPDATE, ObjectType.METHOD, properties);
                assertEquals(Result.ALLOWED, result);

                properties = new ObjectProperties("getAttribute");
                properties.put(ObjectProperties.Property.COMPONENT, "Test");
                result = _plugin.authorise(Operation.UPDATE, ObjectType.METHOD, properties);
                assertEquals(Result.DEFER, result);

                result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
                assertEquals(Result.DEFER, result);
View Full Code Here

    public void testAuthoriseAccessUpdateMethodWhenAllRightsGrantedOnAllMethodsInAllComponents() throws ConfigurationException
    {
        final RuleSet rs = new RuleSet(mock(EventLoggerProvider.class));

        // grant user9 all rights on any method in all component
        rs.grant(1, "user9", Permission.ALLOW, Operation.ALL, ObjectType.METHOD, new ObjectProperties());
        configureAccessControl(rs);
        Subject.doAs(TestPrincipalUtils.createTestSubject("user9"), new PrivilegedAction<Object>()
        {
            @Override
            public Object run()
            {
                ObjectProperties properties = new ObjectProperties("queryNames");
                properties.put(ObjectProperties.Property.COMPONENT, "Test");

                Result result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
                assertEquals(Result.ALLOWED, result);

                result = _plugin.authorise(Operation.UPDATE, ObjectType.METHOD, properties);
                assertEquals(Result.ALLOWED, result);

                properties = new ObjectProperties("getAttribute");
                properties.put(ObjectProperties.Property.COMPONENT, "Test");
                result = _plugin.authorise(Operation.UPDATE, ObjectType.METHOD, properties);
                assertEquals(Result.ALLOWED, result);

                result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
                assertEquals(Result.ALLOWED, result);
View Full Code Here

    public void testAuthoriseAccessMethodWhenMatchingAccessOperationsAllowedOnSpecifiedComponent() throws ConfigurationException
    {
        final RuleSet rs = new RuleSet(mock(EventLoggerProvider.class));

        // grant user9 all rights on "getAttribute*" methods in Test component
        ObjectProperties ruleProperties = new ObjectProperties();
        ruleProperties.put(ObjectProperties.Property.COMPONENT, "Test");
        ruleProperties.put(ObjectProperties.Property.NAME, "getAttribute*");

        rs.grant(1, "user9", Permission.ALLOW, Operation.ACCESS, ObjectType.METHOD, ruleProperties);
        configureAccessControl(rs);
        Subject.doAs(TestPrincipalUtils.createTestSubject("user9"), new PrivilegedAction<Object>()
        {
            @Override
            public Object run()
            {
                ObjectProperties properties = new ObjectProperties("getAttributes");
                properties.put(ObjectProperties.Property.COMPONENT, "Test");
                Result result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
                assertEquals(Result.ALLOWED, result);

                properties = new ObjectProperties("getAttribute");
                properties.put(ObjectProperties.Property.COMPONENT, "Test");
                result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
                assertEquals(Result.ALLOWED, result);

                properties = new ObjectProperties("getAttribut");
                properties.put(ObjectProperties.Property.COMPONENT, "Test");
                result = _plugin.authorise(Operation.ACCESS, ObjectType.METHOD, properties);
                assertEquals(Result.DEFER, result);
                return null;
            }
        });
View Full Code Here

        assertDenyGrantAllow(_testSubject, Operation.ACCESS, ObjectType.VIRTUALHOST);
    }

    public void testQueueCreateNamed() throws Exception
    {
        assertDenyGrantAllow(_testSubject, Operation.CREATE, ObjectType.QUEUE, new ObjectProperties(_queueName));
    }
View Full Code Here

        assertDenyGrantAllow(_testSubject, Operation.CREATE, ObjectType.QUEUE, new ObjectProperties(_queueName));
    }

    public void testQueueCreatenamedNullRoutingKey()
    {
        ObjectProperties properties = new ObjectProperties(_queueName);
        properties.put(ObjectProperties.Property.ROUTING_KEY, (String) null);

        assertDenyGrantAllow(_testSubject, Operation.CREATE, ObjectType.QUEUE, properties);
    }
View Full Code Here

TOP

Related Classes of org.apache.qpid.server.security.access.ObjectProperties

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.