camel-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From davscl...@apache.org
Subject git commit: CAMEL-7104: Added support for all permissions in camel-shiro. Thanks to Colm for the patch.
Date Sat, 04 Jan 2014 09:26:14 GMT
Updated Branches:
  refs/heads/master 78edbd8ce -> f6715cb0d


CAMEL-7104: Added support for all permissions in camel-shiro. Thanks to Colm for the patch.


Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/f6715cb0
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/f6715cb0
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/f6715cb0

Branch: refs/heads/master
Commit: f6715cb0d8a639def59b563c4574b77f97933d79
Parents: 78edbd8
Author: Claus Ibsen <davsclaus@apache.org>
Authored: Sat Jan 4 10:29:55 2014 +0100
Committer: Claus Ibsen <davsclaus@apache.org>
Committed: Sat Jan 4 10:29:55 2014 +0100

----------------------------------------------------------------------
 .../shiro/security/ShiroSecurityPolicy.java     |   9 ++
 .../shiro/security/ShiroSecurityProcessor.java  |  12 +-
 .../shiro/security/ShiroAuthorizationTest.java  | 112 +++++++++++++++++--
 3 files changed, 120 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/camel/blob/f6715cb0/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityPolicy.java
----------------------------------------------------------------------
diff --git a/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityPolicy.java
b/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityPolicy.java
index a031e70..35b4789 100644
--- a/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityPolicy.java
+++ b/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityPolicy.java
@@ -47,6 +47,7 @@ public class ShiroSecurityPolicy implements AuthorizationPolicy {
     private List<Permission> permissionsList;
     private boolean alwaysReauthenticate;
     private boolean base64;
+    private boolean allPermissionsRequired;
     
     public ShiroSecurityPolicy() {
         this.passPhrase = bits128;
@@ -158,4 +159,12 @@ public class ShiroSecurityPolicy implements AuthorizationPolicy {
     public void setBase64(boolean base64) {
         this.base64 = base64;
     }
+
+    public boolean isAllPermissionsRequired() {
+        return allPermissionsRequired;
+    }
+
+    public void setAllPermissionsRequired(boolean allPermissionsRequired) {
+        this.allPermissionsRequired = allPermissionsRequired;
+    }
 }

http://git-wip-us.apache.org/repos/asf/camel/blob/f6715cb0/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityProcessor.java
----------------------------------------------------------------------
diff --git a/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityProcessor.java
b/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityProcessor.java
index e942912..fc42a06 100644
--- a/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityProcessor.java
+++ b/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityProcessor.java
@@ -172,10 +172,14 @@ public class ShiroSecurityProcessor extends DelegateAsyncProcessor {
     private void authorizeUser(Subject currentUser, Exchange exchange) throws CamelAuthorizationException
{
         boolean authorized = false;
         if (!policy.getPermissionsList().isEmpty()) {
-            for (Permission permission : policy.getPermissionsList()) {
-                if (currentUser.isPermitted(permission)) {
-                    authorized = true;
-                    break;
+            if (policy.isAllPermissionsRequired()) {
+                authorized = currentUser.isPermittedAll(policy.getPermissionsList());
+            } else {
+                for (Permission permission : policy.getPermissionsList()) {
+                    if (currentUser.isPermitted(permission)) {
+                        authorized = true;
+                        break;
+                    }
                 }
             }
         } else {

http://git-wip-us.apache.org/repos/asf/camel/blob/f6715cb0/components/camel-shiro/src/test/java/org/apache/camel/component/shiro/security/ShiroAuthorizationTest.java
----------------------------------------------------------------------
diff --git a/components/camel-shiro/src/test/java/org/apache/camel/component/shiro/security/ShiroAuthorizationTest.java
b/components/camel-shiro/src/test/java/org/apache/camel/component/shiro/security/ShiroAuthorizationTest.java
index 946664d..df69a38 100644
--- a/components/camel-shiro/src/test/java/org/apache/camel/component/shiro/security/ShiroAuthorizationTest.java
+++ b/components/camel-shiro/src/test/java/org/apache/camel/component/shiro/security/ShiroAuthorizationTest.java
@@ -61,9 +61,9 @@ public class ShiroAuthorizationTest extends CamelTestSupport {
     
     @Test
     public void testSuccessfulAuthorization() throws Exception {        
-        // The user john has role sec-level2 with permission set as zone1:*
+        // The user george has role sec-level2 with permission set as zone1:*
         // Since the required permission incorporates zone1:readwrite:*, this request should
successfully pass authorization
-        ShiroSecurityToken shiroSecurityToken = new ShiroSecurityToken("john", "lennon");
+        ShiroSecurityToken shiroSecurityToken = new ShiroSecurityToken("george", "harrison");
         TestShiroSecurityTokenInjector shiroSecurityTokenInjector = new TestShiroSecurityTokenInjector(shiroSecurityToken,
passPhrase);
         
         successEndpoint.expectedMessageCount(1);
@@ -91,15 +91,68 @@ public class ShiroAuthorizationTest extends CamelTestSupport {
         failureEndpoint.assertIsSatisfied();
     }
     
-    protected RouteBuilder createRouteBuilder() throws Exception {
-        List<Permission> permissionsList = new ArrayList<Permission>();
-        Permission permission = new WildcardPermission("zone1:readwrite:*");
-        permissionsList.add(permission);
+    @Test
+    public void testSuccessfulAuthorizationAny() throws Exception {        
+        // The user ringo has role sec-level1 with permission set as zone1:readonly:*
+        // This permission is allowed and so this should work
+        ShiroSecurityToken shiroSecurityToken = new ShiroSecurityToken("ringo", "starr");
+        TestShiroSecurityTokenInjector shiroSecurityTokenInjector = new TestShiroSecurityTokenInjector(shiroSecurityToken,
passPhrase);
+        
+        successEndpoint.expectedMessageCount(1);
+        failureEndpoint.expectedMessageCount(0);
+        
+        template.send("direct:secureAnyEndpoint", shiroSecurityTokenInjector);
+        
+        successEndpoint.assertIsSatisfied();
+        failureEndpoint.assertIsSatisfied();
+    }
+    
+    @Test
+    public void testFailureAuthorizationAll() throws Exception {        
+        // The user ringo has role sec-level1 with permission set as zone1:readonly:*
+        // However, ringo does not have a permission of "zone1:writeonly:*" and so authorization
fails
+        ShiroSecurityToken shiroSecurityToken = new ShiroSecurityToken("ringo", "starr");
+        TestShiroSecurityTokenInjector shiroSecurityTokenInjector = new TestShiroSecurityTokenInjector(shiroSecurityToken,
passPhrase);
+        
+        successEndpoint.expectedMessageCount(0);
+        failureEndpoint.expectedMessageCount(1);
+        
+        template.send("direct:secureAllEndpoint", shiroSecurityTokenInjector);
+        
+        successEndpoint.assertIsSatisfied();
+        failureEndpoint.assertIsSatisfied();
+    }
+    
+    @Test
+    public void testSuccessfulAuthorizationAll() throws Exception {        
+        // The user george has role sec-level2 with permission set as zone1:*
+        // Since the required permission incorporates all permissions, this request should
successfully pass authorization
+        ShiroSecurityToken shiroSecurityToken = new ShiroSecurityToken("george", "harrison");
+        TestShiroSecurityTokenInjector shiroSecurityTokenInjector = new TestShiroSecurityTokenInjector(shiroSecurityToken,
passPhrase);
         
-        final ShiroSecurityPolicy securityPolicy = new ShiroSecurityPolicy("src/test/resources/securityconfig.ini",
passPhrase, true, permissionsList);
+        successEndpoint.expectedMessageCount(1);
+        failureEndpoint.expectedMessageCount(0);
         
-        return new RouteBuilder() {
+        template.send("direct:secureAllEndpoint", shiroSecurityTokenInjector);
+        
+        successEndpoint.assertIsSatisfied();
+        failureEndpoint.assertIsSatisfied();
+    }
+    
+    
+    @Override
+    protected RouteBuilder[] createRouteBuilders() throws Exception {
+    
+        return new RouteBuilder[] {new RouteBuilder() {
             public void configure() {
+                
+                List<Permission> permissionsList = new ArrayList<Permission>();
+                Permission permission = new WildcardPermission("zone1:readwrite:*");
+                permissionsList.add(permission);
+                
+                final ShiroSecurityPolicy securityPolicy = 
+                    new ShiroSecurityPolicy("src/test/resources/securityconfig.ini", passPhrase,
true, permissionsList);
+                
                 onException(CamelAuthorizationException.class).
                     to("mock:authorizationException");
                 
@@ -108,9 +161,50 @@ public class ShiroAuthorizationTest extends CamelTestSupport {
                     to("log:incoming payload").
                     to("mock:success");
             }
+        }, new RouteBuilder() {
+            public void configure() {
+                
+                List<Permission> permissionsList = new ArrayList<Permission>();
+                Permission permission = new WildcardPermission("zone1:readonly:*");
+                permissionsList.add(permission);
+                permission = new WildcardPermission("zone1:writeonly:*");
+                permissionsList.add(permission);
+                
+                final ShiroSecurityPolicy securityPolicy = 
+                    new ShiroSecurityPolicy("src/test/resources/securityconfig.ini", passPhrase,
true, permissionsList);
+                
+                onException(CamelAuthorizationException.class).
+                    to("mock:authorizationException");
+                
+                from("direct:secureAnyEndpoint").
+                    policy(securityPolicy).
+                    to("log:incoming payload").
+                    to("mock:success");
+            }
+        }, new RouteBuilder() {
+            public void configure() {
+                
+                List<Permission> permissionsList = new ArrayList<Permission>();
+                Permission permission = new WildcardPermission("zone1:readonly:*");
+                permissionsList.add(permission);
+                permission = new WildcardPermission("zone1:writeonly:*");
+                permissionsList.add(permission);
+                
+                final ShiroSecurityPolicy securityPolicy = 
+                    new ShiroSecurityPolicy("src/test/resources/securityconfig.ini", passPhrase,
true, permissionsList);
+                securityPolicy.setAllPermissionsRequired(true);
+                
+                onException(CamelAuthorizationException.class).
+                    to("mock:authorizationException");
+                
+                from("direct:secureAllEndpoint").
+                    policy(securityPolicy).
+                    to("log:incoming payload").
+                    to("mock:success");
+            }
+        }
         };
     }
-
     
     private static class TestShiroSecurityTokenInjector extends ShiroSecurityTokenInjector
{
 


Mime
View raw message