Examples of org.apache.qpid.server.security.access.config.RuleSet

• org.apache.qpid.server.security.access.config.RuleSet
  Models the rule configuration for the access control plugin. The access control rule definitions are loaded from an external configuration file, passed in as the target to the {@link load(ConfigurationFile)} method. The file specified

     *
     */
    public void testWhitespace() throws Exception
    {
        final PlainConfiguration config = writeACLConfig("ACL\tDENY-LOG\t\t user1\t \tACCESS VIRTUALHOST");
        final RuleSet rs = config.getConfiguration();
        assertEquals(1, rs.getRuleCount());

        final Map<Integer, Rule> rules = rs.getAllRules();
        assertEquals(1, rules.size());
        final Rule rule = rules.get(0);
        assertEquals("Rule has unexpected identity", "user1", rule.getIdentity());
        assertEquals("Rule has unexpected operation", Operation.ACCESS, rule.getAction().getOperation());
        assertEquals("Rule has unexpected operation", ObjectType.VIRTUALHOST, rule.getAction().getObjectType());

     */
    public void testLineContination() throws Exception
    {
        final PlainConfiguration config = writeACLConfig("ACL DENY-LOG user1 \\",
                                                         "ACCESS VIRTUALHOST");
        final RuleSet rs = config.getConfiguration();
        assertEquals(1, rs.getRuleCount());

        final Map<Integer, Rule> rules = rs.getAllRules();
        assertEquals(1, rules.size());
        final Rule rule = rules.get(0);
        assertEquals("Rule has unexpected identity", "user1", rule.getIdentity());
        assertEquals("Rule has unexpected operation", Operation.ACCESS, rule.getAction().getOperation());
        assertEquals("Rule has unexpected operation", ObjectType.VIRTUALHOST, rule.getAction().getObjectType());

    @Override
    public void setUp() throws Exception
    {
        super.setUp();

        _ruleSet = new RuleSet();
    }

        CurrentActor.set(new TestLogActor(messageLogger));
    }

    private RuleSet createGroupRuleSet()
    {
        final RuleSet rs = new RuleSet();
        rs.addGroup("aclGroup1", Arrays.asList(new String[] {"member1", "member2"}));

        // Rule expressed with username
        rs.grant(0, "user1", Permission.ALLOW, Operation.ACCESS, ObjectType.VIRTUALHOST, ObjectProperties.EMPTY);
        // Rule expressed with a acl group
        rs.grant(1, "aclGroup1", Permission.ALLOW, Operation.ACCESS, ObjectType.VIRTUALHOST, ObjectProperties.EMPTY);
        // Rule expressed with an external group
        rs.grant(2, "extGroup1", Permission.DENY, Operation.ACCESS, ObjectType.VIRTUALHOST, ObjectProperties.EMPTY);
        // Catch all rule
        rs.grant(3, Rule.ALL, Permission.DENY_LOG, Operation.ACCESS, ObjectType.VIRTUALHOST, ObjectProperties.EMPTY);

        return rs;
    }

    /**
     * Tests that a grant access method rule allows any access operation to be performed on any component
     */
    public void testAuthoriseAccessMethodWhenAllAccessOperationsAllowedOnAllComponents() throws ConfigurationException
    {
        final RuleSet rs = new RuleSet();

        // grant user4 access right on any method in any component
        rs.grant(1, "user4", Permission.ALLOW, Operation.ACCESS, ObjectType.METHOD, new ObjectProperties(ObjectProperties.STAR));
        configureAccessControl(rs);
        SecurityManager.setThreadSubject(TestPrincipalUtils.createTestSubject("user4"));

        ObjectProperties actionProperties = new ObjectProperties("getName");
        actionProperties.put(ObjectProperties.Property.COMPONENT, "Test");

    /**
     * Tests that a grant access method rule allows any access operation to be performed on a specified component
     */
    public void testAuthoriseAccessMethodWhenAllAccessOperationsAllowedOnSpecifiedComponent() throws ConfigurationException
    {
        final RuleSet rs = new RuleSet();

        // grant user5 access right on any methods in "Test" component
        ObjectProperties ruleProperties = new ObjectProperties(ObjectProperties.STAR);
        ruleProperties.put(ObjectProperties.Property.COMPONENT, "Test");
        rs.grant(1, "user5", Permission.ALLOW, Operation.ACCESS, ObjectType.METHOD, ruleProperties);
        configureAccessControl(rs);
        SecurityManager.setThreadSubject(TestPrincipalUtils.createTestSubject("user5"));

        ObjectProperties actionProperties = new ObjectProperties("getName");
        actionProperties.put(ObjectProperties.Property.COMPONENT, "Test");

    /**
     * Tests that a grant access method rule allows any access operation to be performed on a specified component
     */
    public void testAuthoriseAccessMethodWhenSpecifiedAccessOperationsAllowedOnSpecifiedComponent() throws ConfigurationException
    {
        final RuleSet rs = new RuleSet();

        // grant user6 access right on "getAttribute" method in "Test" component
        ObjectProperties ruleProperties = new ObjectProperties("getAttribute");
        ruleProperties.put(ObjectProperties.Property.COMPONENT, "Test");
        rs.grant(1, "user6", Permission.ALLOW, Operation.ACCESS, ObjectType.METHOD, ruleProperties);
        configureAccessControl(rs);
        SecurityManager.setThreadSubject(TestPrincipalUtils.createTestSubject("user6"));

        ObjectProperties properties = new ObjectProperties("getAttribute");
        properties.put(ObjectProperties.Property.COMPONENT, "Test");

    /**
     * Tests that granting of all method rights on a method allows a specified operation to be performed on any component
     */
    public void testAuthoriseAccessUpdateMethodWhenAllRightsGrantedOnSpecifiedMethodForAllComponents() throws ConfigurationException
    {
        final RuleSet rs = new RuleSet();

        // grant user8 all rights on method queryNames in all component
        rs.grant(1, "user8", Permission.ALLOW, Operation.ALL, ObjectType.METHOD, new ObjectProperties("queryNames"));
        configureAccessControl(rs);
        SecurityManager.setThreadSubject(TestPrincipalUtils.createTestSubject("user8"));

        ObjectProperties properties = new ObjectProperties();
        properties.put(ObjectProperties.Property.COMPONENT, "Test");

    /**
     * Tests that granting of all method rights allows any operation to be performed on any component
     */
    public void testAuthoriseAccessUpdateMethodWhenAllRightsGrantedOnAllMethodsInAllComponents() throws ConfigurationException
    {
        final RuleSet rs = new RuleSet();

        // grant user9 all rights on any method in all component
        rs.grant(1, "user9", Permission.ALLOW, Operation.ALL, ObjectType.METHOD, new ObjectProperties());
        configureAccessControl(rs);
        SecurityManager.setThreadSubject(TestPrincipalUtils.createTestSubject("user9"));

        ObjectProperties properties = new ObjectProperties("queryNames");
        properties.put(ObjectProperties.Property.COMPONENT, "Test");

    /**
     * Tests that granting of access method rights with mask allows matching operations to be performed on the specified component
     */
    public void testAuthoriseAccessMethodWhenMatchingAcessOperationsAllowedOnSpecifiedComponent() throws ConfigurationException
    {
        final RuleSet rs = new RuleSet();

        // grant user9 all rights on "getAttribute*" methods in Test component
        ObjectProperties ruleProperties = new ObjectProperties();
        ruleProperties.put(ObjectProperties.Property.COMPONENT, "Test");
        ruleProperties.put(ObjectProperties.Property.NAME, "getAttribute*");

        rs.grant(1, "user9", Permission.ALLOW, Operation.ACCESS, ObjectType.METHOD, ruleProperties);
        configureAccessControl(rs);
        SecurityManager.setThreadSubject(TestPrincipalUtils.createTestSubject("user9"));

        ObjectProperties properties = new ObjectProperties("getAttributes");
        properties.put(ObjectProperties.Property.COMPONENT, "Test");