Java RequestContext.Builder Examples

Programming Language: Java

Namespace/Package Name: io.liveoak.spi

Examples at hotexamples.com: 2

Java RequestContext.Builder - 2 examples found. These are the top rated real world Java examples of io.liveoak.spi.RequestContext.Builder extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

securityContext(2)

requestType(1)

resourcePath(1)

Example #1

Show file

File: URIPolicyRootResourceTest.java Project: rhauch/liveoak

  @Test
  public void testUpdateConfiguration() throws Exception {
    // READ request to storage
    RequestContext.Builder storageReq =
        new RequestContext.Builder()
            .requestType(RequestType.READ)
            .resourcePath(new ResourcePath("/testApp/storage"));
    assertAuthzDecision(storageReq.securityContext(anonymous), AuthzDecision.IGNORE);
    assertAuthzDecision(storageReq.securityContext(user), AuthzDecision.ACCEPT);
    assertAuthzDecision(storageReq.securityContext(evil), AuthzDecision.REJECT);

    // Find and remove storage rule
    RequestContext reqCtx = new RequestContext.Builder();
    ResourceState config = client.read(reqCtx, "/admin/applications/testApp/resources/uri-policy");
    List<ResourceState> rules =
        (List<ResourceState>) config.getProperty(URIPolicyConfigResource.RULES_PROPERTY);

    ResourceState storageRule = null;
    for (ResourceState rule : rules) {
      if (rule.getProperty("uriPattern").equals("/testApp/storage*")) {
        storageRule = rule;
        break;
      }
    }
    Assert.assertNotNull(storageRule);
    rules.remove(storageRule);

    // Update config with removed storage rule
    client.update(reqCtx, "/admin/applications/testApp/resources/uri-policy", config);

    // READ request to storage
    assertAuthzDecision(storageReq.securityContext(anonymous), AuthzDecision.IGNORE);
    assertAuthzDecision(storageReq.securityContext(user), AuthzDecision.IGNORE);
    assertAuthzDecision(storageReq.securityContext(evil), AuthzDecision.IGNORE);

    // Remove section about deniedUsers and add it back
    storageRule.removeProperty("deniedUsers");
    rules.add(storageRule);
    client.update(reqCtx, "/admin/applications/testApp/resources/uri-policy", config);

    // READ request to storage now allowed even for 'evil'
    assertAuthzDecision(storageReq.securityContext(anonymous), AuthzDecision.IGNORE);
    assertAuthzDecision(storageReq.securityContext(user), AuthzDecision.ACCEPT);
    assertAuthzDecision(storageReq.securityContext(evil), AuthzDecision.ACCEPT);
  }

Example #2

Show file

File: URIPolicyRootResourceTest.java Project: rhauch/liveoak

  @Test
  public void testAuthorizationRequest() throws Exception {
    // Request to 'client' page
    RequestContext.Builder clientReq =
        new RequestContext.Builder()
            .requestType(RequestType.READ)
            .resourcePath(new ResourcePath("/testApp/client/some"));
    assertAuthzDecision(clientReq.securityContext(anonymous), AuthzDecision.ACCEPT);
    assertAuthzDecision(clientReq.securityContext(user), AuthzDecision.ACCEPT);
    assertAuthzDecision(clientReq.securityContext(evil), AuthzDecision.ACCEPT);

    // request to /app/some
    RequestContext.Builder appReq =
        new RequestContext.Builder()
            .requestType(RequestType.READ)
            .resourcePath(new ResourcePath("/testApp/app/some"));
    assertAuthzDecision(appReq.securityContext(anonymous), AuthzDecision.IGNORE);
    assertAuthzDecision(appReq.securityContext(user), AuthzDecision.IGNORE);
    assertAuthzDecision(appReq.securityContext(evil), AuthzDecision.IGNORE);

    // request to /app/some
    RequestContext.Builder appIndexReq =
        new RequestContext.Builder()
            .requestType(RequestType.READ)
            .resourcePath(new ResourcePath("/testApp/app/index.html"));
    assertAuthzDecision(appIndexReq.securityContext(anonymous), AuthzDecision.ACCEPT);
    assertAuthzDecision(appIndexReq.securityContext(user), AuthzDecision.ACCEPT);
    assertAuthzDecision(appIndexReq.securityContext(evil), AuthzDecision.ACCEPT);

    // READ request to storage
    RequestContext.Builder storageReq =
        new RequestContext.Builder()
            .requestType(RequestType.READ)
            .resourcePath(new ResourcePath("/testApp/storage"));
    assertAuthzDecision(storageReq.securityContext(anonymous), AuthzDecision.IGNORE);
    assertAuthzDecision(storageReq.securityContext(user), AuthzDecision.ACCEPT);
    assertAuthzDecision(storageReq.securityContext(evil), AuthzDecision.REJECT);

    // READ some collection in storage
    storageReq.resourcePath(new ResourcePath("/testApp/storage/todomvc"));
    assertAuthzDecision(storageReq.securityContext(anonymous), AuthzDecision.IGNORE);
    assertAuthzDecision(storageReq.securityContext(user), AuthzDecision.ACCEPT);
    assertAuthzDecision(storageReq.securityContext(evil), AuthzDecision.REJECT);

    // CREATE request to storage
    storageReq.requestType(RequestType.CREATE);
    assertAuthzDecision(storageReq.securityContext(anonymous), AuthzDecision.IGNORE);
    assertAuthzDecision(storageReq.securityContext(user), AuthzDecision.IGNORE);
    assertAuthzDecision(storageReq.securityContext(evil), AuthzDecision.IGNORE);
  }