Examples of org.apache.qpid.server.security.access.config.RuleSet

• org.apache.qpid.server.security.access.config.RuleSet
  Models the rule configuration for the access control plugin. The access control rule definitions are loaded from an external configuration file, passed in as the target to the {@link load(ConfigurationFile)} method. The file specified

        }
        aclWriter.close();

        // Load ruleset
        ConfigurationFile configFile = new PlainConfiguration(acl);
        RuleSet ruleSet = configFile.load();
    }

    {
        try
        {
            // Load ruleset
          ConfigurationFile configFile = new PlainConfiguration(new File("doesnotexist"));
          RuleSet ruleSet = configFile.load();

            fail("fail");
        }
        catch (ConfigurationException ce)
        {

    @Override
    public void setUp() throws Exception
    {
        super.setUp();

        _ruleSet = new RuleSet();
        _ruleSet.configure(RuleSet.TRANSITIVE, Boolean.FALSE);
    }

    @Override
    public void setUp() throws Exception
    {
        super.setUp();

        _ruleSet = new RuleSet(mock(EventLoggerProvider.class));

        _virtualHost = mock(VirtualHost.class);
        _queue = mock(AMQQueue.class);
        when(_queue.getName()).thenReturn(_queueName);
        when(_queue.getParent(VirtualHost.class)).thenReturn(_virtualHost);

    private RuleSet createGroupRuleSet()
    {
        final EventLoggerProvider provider = mock(EventLoggerProvider.class);
        when(provider.getEventLogger()).thenReturn(_eventLogger);
        final RuleSet rs = new RuleSet(provider);

        // Rule expressed with username
        rs.grant(0, "user1", Permission.ALLOW, Operation.ACCESS, ObjectType.VIRTUALHOST, ObjectProperties.EMPTY);
        // Rules expressed with groups
        rs.grant(1, ALLOWED_GROUP, Permission.ALLOW, Operation.ACCESS, ObjectType.VIRTUALHOST, ObjectProperties.EMPTY);
        rs.grant(2, DENIED_GROUP, Permission.DENY, Operation.ACCESS, ObjectType.VIRTUALHOST, ObjectProperties.EMPTY);
        // Catch all rule
        rs.grant(3, Rule.ALL, Permission.DENY_LOG, Operation.ACCESS, ObjectType.VIRTUALHOST, ObjectProperties.EMPTY);

        return rs;
    }

    /**
     * Tests that a grant access method rule allows any access operation to be performed on any component
     */
    public void testAuthoriseAccessMethodWhenAllAccessOperationsAllowedOnAllComponents()
    {
        final RuleSet rs = new RuleSet(mock(EventLoggerProvider.class));

        // grant user4 access right on any method in any component
        rs.grant(1, "user4", Permission.ALLOW, Operation.ACCESS, ObjectType.METHOD, new ObjectProperties(ObjectProperties.WILD_CARD));
        configureAccessControl(rs);
        Subject.doAs(TestPrincipalUtils.createTestSubject("user4"), new PrivilegedAction<Object>()
        {
            @Override
            public Object run()

    /**
     * Tests that a grant access method rule allows any access operation to be performed on a specified component
     */
    public void testAuthoriseAccessMethodWhenAllAccessOperationsAllowedOnSpecifiedComponent()
    {
        final RuleSet rs = new RuleSet(mock(EventLoggerProvider.class));

        // grant user5 access right on any methods in "Test" component
        ObjectProperties ruleProperties = new ObjectProperties(ObjectProperties.WILD_CARD);
        ruleProperties.put(ObjectProperties.Property.COMPONENT, "Test");
        rs.grant(1, "user5", Permission.ALLOW, Operation.ACCESS, ObjectType.METHOD, ruleProperties);
        configureAccessControl(rs);
        Subject.doAs(TestPrincipalUtils.createTestSubject("user5"), new PrivilegedAction<Object>()
        {
            @Override
            public Object run()

        Subject.doAs(subject, new PrivilegedExceptionAction<Object>()
        {
            @Override
            public Object run() throws Exception
            {
                RuleSet mockRuleSet = mock(RuleSet.class);

                DefaultAccessControl accessControl = new DefaultAccessControl(mockRuleSet);

                ObjectProperties properties = new ObjectProperties(testVirtualHost);
                accessControl.authorise(Operation.ACCESS, ObjectType.VIRTUALHOST, properties);

            @Override
            public Object run() throws Exception
            {


                RuleSet mockRuleSet = mock(RuleSet.class);
                when(mockRuleSet.check(
                        subject,
                        Operation.ACCESS,
                        ObjectType.VIRTUALHOST,
                        ObjectProperties.EMPTY,
                        inetAddress)).thenThrow(new RuntimeException());

    /**
     * Tests that a grant access method rule allows any access operation to be performed on a specified component
     */
    public void testAuthoriseAccessMethodWhenSpecifiedAccessOperationsAllowedOnSpecifiedComponent()
    {
        final RuleSet rs = new RuleSet(mock(EventLoggerProvider.class));

        // grant user6 access right on "getAttribute" method in "Test" component
        ObjectProperties ruleProperties = new ObjectProperties("getAttribute");
        ruleProperties.put(ObjectProperties.Property.COMPONENT, "Test");
        rs.grant(1, "user6", Permission.ALLOW, Operation.ACCESS, ObjectType.METHOD, ruleProperties);
        configureAccessControl(rs);
        Subject.doAs(TestPrincipalUtils.createTestSubject("user6"), new PrivilegedAction<Object>()
        {
            @Override
            public Object run()