@Test public void testAuthorize() throws VException { Call call = VSecurity.newCall( new CallParams() .withLocalPrincipal(SERVER_PRINCIPAL) .withLocalBlessings(SERVER_BLESSINGS) .withRemoteBlessings(clientBlessings) .withMethod(methodName) .withMethodTags(methodTags)); try { AUTHORIZER.authorize(CONTEXT, call); if (!shouldAccept) { fail(String.format("Access granted for method %s to %s", methodName, clientBlessings)); } } catch (VException e) { if (shouldAccept) { throw e; } } }
static { try { CONTEXT = V.withListenSpec( V.init(), V.getListenSpec(V.init()).withAddress(new ListenSpec.Address("tcp", "localhost:0"))); AccessList acl = new AccessList(ImmutableList.of(new BlessingPattern("...")), ImmutableList.<String>of()); Permissions allowAll = new Permissions( ImmutableMap.of( io.v.v23.security.access.Constants.READ.getValue(), acl, io.v.v23.security.access.Constants.WRITE.getValue(), acl, io.v.v23.security.access.Constants.ADMIN.getValue(), acl)); CLIENT_PRINCIPAL = newPrincipal(); SERVER_PRINCIPAL = newPrincipal(); SERVER_BLESSINGS = SERVER_PRINCIPAL.blessSelf("server"); // Start group server. GROUP_SERVER = V.getServer( GroupServer.withNewServer( CONTEXT, new GroupServer.Params().withStorageEngine(GroupServer.StorageEngine.MEMSTORE))); assertThat(GROUP_SERVER).isNotNull(); assertThat(GROUP_SERVER.getStatus().getEndpoints()).isNotEmpty(); Endpoint groupServerEndpoint = GROUP_SERVER.getStatus().getEndpoints()[0]; String groupNameReaders = NamingUtil.join(groupServerEndpoint.name(), "readers"); String groupNameWriters = NamingUtil.join(groupServerEndpoint.name(), "writers"); // Populate the group server. { GroupClient client = GroupClientFactory.getGroupClient(groupNameReaders); VFutures.sync( client.create( CONTEXT, allowAll, ImmutableList.of( new BlessingPatternChunk("root:alice"), new BlessingPatternChunk("root:bob")))); } { GroupClient client = GroupClientFactory.getGroupClient(groupNameWriters); VFutures.sync( client.create( CONTEXT, allowAll, ImmutableList.of(new BlessingPatternChunk("root:alice")))); } AUTHORIZER = PermissionsAuthorizer.create( new Permissions( ImmutableMap.of( "Read", new AccessList( ImmutableList.of( new BlessingPattern("<grp:" + groupNameReaders + ">")), null), "Write", new AccessList( ImmutableList.of( new BlessingPattern("<grp:" + groupNameWriters + ">")), null))), Access.typicalTagType()); } catch (VException e) { throw new RuntimeException(e); } catch (GroupServer.StartException e) { throw new RuntimeException(e); } }