private void testAttribute(
      AuthorizerConfiguration authorizerConfiguration,
      StandardRole[] userRoles,
      StandardRole[] allowedRoles,
      boolean accessExpectation) {

    ConstraintFactory constraintFactory = new TestConstraintFactory(allowedRoles);
    TestRoleMapper roleMapper = new TestRoleMapper(userRoles);
    DefaultPermissionFactory permissionFactory =
        new DefaultPermissionFactory(
            roleMapper, Collections.singleton(constraintFactory), authorizerConfiguration);

    Action action = new Action(null, null, EnumSet.of(Action.ActionEffect.ADDRESS));
    TargetResource targetResource =
        TargetResource.forStandalone(PathAddress.EMPTY_ADDRESS, ROOT_RR, null);
    TargetAttribute targetAttribute =
        new TargetAttribute("test", null, new ModelNode(), targetResource);

    PermissionCollection userPermissions =
        permissionFactory.getUserPermissions(caller, environment, action, targetAttribute);
    PermissionCollection requiredPermissions =
        permissionFactory.getRequiredPermissions(action, targetAttribute);

    for (Permission requiredPermission : toSet(requiredPermissions)) {
      assertEquals(accessExpectation, userPermissions.implies(requiredPermission));
    }
  }
 private static boolean assertSameAddress(Action action, TargetResource target) {
   ModelNode operation = action.getOperation();
   // operation can be null in some unit tests; to be lazy ignore those cases
   return operation == null
       || target
           .getResourceAddress()
           .equals(PathAddress.pathAddress(operation.get(ModelDescriptionConstants.OP_ADDR)));
 }
  @Test
  public void testAuthorizerResourcePermit() {
    Action action =
        new Action(
            null, null, EnumSet.of(Action.ActionEffect.ADDRESS, Action.ActionEffect.READ_CONFIG));
    TargetResource targetResource =
        TargetResource.forStandalone(PathAddress.EMPTY_ADDRESS, ROOT_RR, null);
    AuthorizationResult result = authorizer.authorize(caller, environment, action, targetResource);

    assertEquals(AuthorizationResult.Decision.PERMIT, result.getDecision());
  }
  @Test
  public void testRoleCombinationRejecting() {
    Action action =
        new Action(
            null, null, EnumSet.of(Action.ActionEffect.ADDRESS, Action.ActionEffect.READ_CONFIG));
    TargetResource targetResource =
        TargetResource.forStandalone(PathAddress.EMPTY_ADDRESS, ROOT_RR, null);

    DefaultPermissionFactory permissionFactory = null;
    try {
      permissionFactory =
          new DefaultPermissionFactory(
              new TestRoleMapper(), Collections.<ConstraintFactory>emptySet(), REJECTING);
      permissionFactory.getUserPermissions(caller, environment, action, targetResource);
    } catch (Exception e) {
      fail();
    }

    try {
      permissionFactory =
          new DefaultPermissionFactory(
              new TestRoleMapper(StandardRole.MONITOR),
              Collections.<ConstraintFactory>emptySet(),
              REJECTING);
      permissionFactory.getUserPermissions(caller, environment, action, targetResource);
    } catch (Exception e) {
      fail();
    }

    permissionFactory =
        new DefaultPermissionFactory(
            new TestRoleMapper(StandardRole.MONITOR, StandardRole.DEPLOYER), REJECTING);
    try {
      permissionFactory.getUserPermissions(caller, environment, action, targetResource);
      fail();
    } catch (Exception e) {
      /* expected */
    }

    permissionFactory =
        new DefaultPermissionFactory(
            new TestRoleMapper(StandardRole.MONITOR, StandardRole.DEPLOYER, StandardRole.AUDITOR),
            Collections.<ConstraintFactory>emptySet(),
            REJECTING);
    try {
      permissionFactory.getUserPermissions(caller, environment, action, targetResource);
      fail();
    } catch (Exception e) {
      /* expected */
    }
  }
  @Test
  public void testAuthorizerAttributeDeny() {
    Action action =
        new Action(
            null,
            null,
            EnumSet.of(
                Action.ActionEffect.ADDRESS,
                Action.ActionEffect.READ_CONFIG,
                Action.ActionEffect.WRITE_CONFIG));
    TargetResource targetResource =
        TargetResource.forStandalone(PathAddress.EMPTY_ADDRESS, ROOT_RR, null);
    TargetAttribute targetAttribute =
        new TargetAttribute("test", null, new ModelNode(), targetResource);
    AuthorizationResult result = authorizer.authorize(caller, environment, action, targetAttribute);

    assertEquals(AuthorizationResult.Decision.DENY, result.getDecision());
  }
Пример #6
0
 private boolean isAuditResource(TargetResource target) {
   return AuditLogAddressUtil.isAuditLogAddress(target.getResourceAddress());
 }