Skip to content
Permalink
Browse files
Allowing foreign applications to access specific endpoints.
  • Loading branch information
mifosio-04-04-2018 committed May 29, 2017
1 parent 1bd0745 commit 7092a7dd8959619090f49d4695572ac7255ef7bb
Showing 3 changed files with 61 additions and 7 deletions.
@@ -69,7 +69,7 @@ boolean matches(final HttpServletRequest request, final AnubisPrincipal principa
return matchesHelper(
request.getServletPath(),
request.getMethod(),
(matcher, segment) -> matcher.matches(segment, principal, isSu));
(matcher, segment) -> matcher.matches(segment, principal, acceptTokenIntendedForForeignApplication, isSu));
}

private boolean matchesHelper(final String servletPath, final String method,
@@ -50,11 +50,17 @@ boolean isParameterSegment() {

public String getPermissionSegment() { return permissionSegment; }

public boolean matches(final String requestSegment, final AnubisPrincipal principal, boolean isSu) {
public boolean matches(
final String requestSegment,
final AnubisPrincipal principal,
boolean acceptTokenIntendedForForeignApplication,
boolean isSu) {
if (isStarSegment())
return true;
else if (isUserIdentifierSegment())
return requestSegment.equals(principal.getUser());
else if (isApplicationIdentifierSegment() && acceptTokenIntendedForForeignApplication)
return requestSegment.equals(principal.getForApplicationName());
else if (isParameterSegment())
return isSu;
else
@@ -40,10 +40,12 @@ public class ApplicationPermissionTest {
private final String caseName;
private String permittedPath = "/heart";
private AllowedOperation allowedOperation = AllowedOperation.READ;
private boolean acceptTokenIntendedForForeignApplication = false;
private String calledApplication = "grainCounter";
private String requestedPath = "/heart";
private String requestedOperation = "GET";
private String user = "Nebamun";
private String application = "grainCounter";
private String forApplication = "grainCounter";
private boolean expectedResult = true;

private TestCase(final String caseName) {
@@ -68,6 +70,26 @@ TestCase allowedOperation(AllowedOperation allowedOperation) {
return this;
}

boolean isAcceptTokenIntendedForForeignApplication() {
return acceptTokenIntendedForForeignApplication;
}

TestCase acceptTokenIntendedForForeignApplication(boolean newVal) {
this.acceptTokenIntendedForForeignApplication = newVal;
return this;
}

String getCalledApplication() {
return calledApplication;
}

TestCase calledApplication(final String newVal)
{
this.calledApplication = newVal;
return this;
}


String getRequestedPath() {
return requestedPath;
}
@@ -87,7 +109,7 @@ TestCase requestedOperation(String requestedOperation) {
}

AnubisPrincipal getPrincipal() {
return new AnubisPrincipal(user, application);
return new AnubisPrincipal(user, forApplication);
}

TestCase user(final String newVal)
@@ -96,6 +118,12 @@ TestCase user(final String newVal)
return this;
}

TestCase forApplication(final String newVal)
{
this.forApplication = newVal;
return this;
}

boolean getExpectedResult() {
return expectedResult;
}
@@ -156,15 +184,35 @@ public static Collection testCases() {
.permittedPath("/roles/*").requestedPath("/users/antony/password")
.expectedResult(false));
ret.add(new TestCase("* at end with request containing same # segments")
.permittedPath("/x/y/z/*").requestedPath("/m/n/o/")
.expectedResult(false));
.permittedPath("/x/y/z/*").requestedPath("/m/n/o/")
.expectedResult(false));
ret.add(new TestCase("{applicationidentifier} but permission doesn't allow foreign forApplication")
.permittedPath("/m/{applicationidentifier}/o").requestedPath("/m/b/o/")
.acceptTokenIntendedForForeignApplication(false)
.calledApplication("a").forApplication("b")
.expectedResult(false));
ret.add(new TestCase("{applicationidentifier} and permission does allow foreign forApplication")
.permittedPath("/m/{applicationidentifier}/o").requestedPath("/m/b/o/")
.acceptTokenIntendedForForeignApplication(true)
.calledApplication("a").forApplication("b")
.expectedResult(true));
ret.add(new TestCase("No {applicationidentifier} even though permission does allow foreign forApplication")
.permittedPath("/m/n/o").requestedPath("/m/b/o/")
.acceptTokenIntendedForForeignApplication(true)
.calledApplication("a").forApplication("b")
.expectedResult(false));
ret.add(new TestCase("{applicationidentifier} and permission does allow foreign forApplication, but application isn't foreign.")
.permittedPath("/m/{applicationidentifier}/o").requestedPath("/m/a/o/")
.acceptTokenIntendedForForeignApplication(true)
.calledApplication("a").forApplication("a")
.expectedResult(true));

return ret;
}

@Test public void test() {
final ApplicationPermission testSubject =
new ApplicationPermission(testCase.getPermittedPath(), testCase.getAllowedOperation(), false);
new ApplicationPermission(testCase.getPermittedPath(), testCase.getAllowedOperation(), testCase.isAcceptTokenIntendedForForeignApplication());

final HttpServletRequest requestMock = Mockito.mock(HttpServletRequest.class);
when(requestMock.getServletPath()).thenReturn(testCase.getRequestedPath());

0 comments on commit 7092a7d

Please sign in to comment.