org.sonatype.nexus.security.role.Role Java Examples

The following examples show how to use org.sonatype.nexus.security.role.Role. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AuthorizationManagerTest.java    From nexus-public with Eclipse Public License 1.0 6 votes vote down vote up 
@Test
public void testListRoles() throws Exception {
  AuthorizationManager authzManager = this.getAuthorizationManager();
  Set<Role> roles = authzManager.listRoles();

  Map<String, Role> roleMap = this.toRoleMap(roles);
  Assert.assertTrue(roleMap.containsKey("role1"));
  Assert.assertTrue(roleMap.containsKey("role2"));
  Assert.assertTrue(roleMap.containsKey("role3"));
  Assert.assertEquals(3, roles.size());

  Role role3 = roleMap.get("role3");

  Assert.assertEquals("role3", role3.getRoleId());
  Assert.assertEquals("RoleThree", role3.getName());
  Assert.assertEquals("Role Three", role3.getDescription());
  Assert.assertTrue(role3.getPrivileges().contains("1"));
  Assert.assertTrue(role3.getPrivileges().contains("4"));
  Assert.assertEquals(2, role3.getPrivileges().size());
}
Example #2
Source File: RoleApiResourceTest.java    From nexus-public with Eclipse Public License 1.0 6 votes vote down vote up 
@Test
public void testGetRoles() throws Exception {
  Role role1 = createRole("default", "id1", "role1", "role1", Arrays.asList("role1", "role2"),
      Arrays.asList("priv1", "priv2"));
  Role role2 = createRole("default", "id2", "role2", "role2", Arrays.asList("role2", "role3"),
      Arrays.asList("priv2", "priv3"));

  when(securitySystem.listRoles("default")).thenReturn(new LinkedHashSet<>(Arrays.asList(role2, role1)));

  List<RoleXOResponse> apiRoles = underTest.getRoles("default");

  assertThat(apiRoles.size(), is(2));

  assertApiRole(apiRoles.get(0), "default", "id1", "role1", "role1", Arrays.asList("role1", "role2"),
      Arrays.asList("priv1", "priv2"));
  assertApiRole(apiRoles.get(1), "default", "id2", "role2", "role2", Arrays.asList("role2", "role3"),
      Arrays.asList("priv2", "priv3"));
}
Example #3
Source File: RoleApiResourceTest.java    From nexus-public with Eclipse Public License 1.0 6 votes vote down vote up 
@Test
public void testCreateRole() throws Exception {
  RoleXORequest roleXo = createApiRole("roleId", "roleName", "description", Collections.singleton("childRole"),
      Collections.singleton("priv"));

  Role createdRole = new Role();
  createdRole.setRoleId("roleId");
  createdRole.setSource("default");
  createdRole.setName("roleName");
  createdRole.setDescription("description");
  createdRole.setReadOnly(false);
  createdRole.setRoles(Collections.singleton("childRole"));
  createdRole.setPrivileges(Collections.singleton("priv"));

  when(authorizationManager.addRole(any())).thenReturn(createdRole);

  RoleXOResponse result = underTest.create(roleXo);

  assertApiRole(result, "default", "roleId", "roleName", "description", Collections.singleton("childRole"),
      Collections.singleton("priv"));
}
Example #4
Source File: RoleApiResourceTest.java    From nexus-public with Eclipse Public License 1.0 6 votes vote down vote up 
@Test
public void testUpdateRole() {
  Role role = createRole("default", "id1", "role1", "role1", Arrays.asList("role1", "role2"),
      Arrays.asList("priv1", "priv2"));
  when(authorizationManager.getRole("id1")).thenReturn(role);

  RoleXORequest roleXo = createApiRole("id1", "role2", "role2", Arrays.asList("role3", "role4"),
      Arrays.asList("priv3", "priv4"));

  underTest.update("id1", roleXo);

  ArgumentCaptor<Role> argument = ArgumentCaptor.forClass(Role.class);
  verify(authorizationManager).updateRole(argument.capture());
  assertRole(argument.getValue(), "default", "id1", "role2", "role2", Arrays.asList("role3", "role4"),
      Arrays.asList("priv3", "priv4"));
}
Example #5
Source File: RoleApiResourceTest.java    From nexus-public with Eclipse Public License 1.0 6 votes vote down vote up 
@Test
public void testUpdateRole_readOnly() {
  Role role = createRole("default", "id", "name", "description", Collections.singleton("role1"),
      Collections.singleton("priv1"));

  when(authorizationManager.getRole("id")).thenReturn(role);
  when(authorizationManager.updateRole(role)).thenThrow(ReadonlyRoleException.class);

  RoleXORequest roleXo = createApiRole("id", "name", "description", Collections.singleton("role1"),
      Collections.singleton("priv1"));

  try {
    underTest.update("id", roleXo);
    fail("exception should have been thrown for internal role");
  }
  catch (WebApplicationMessageException e) {
    assertThat(e.getResponse().getStatus(), is(400));
    assertThat(e.getResponse().getMediaType(), is(MediaType.APPLICATION_JSON_TYPE));
    assertThat(e.getResponse().getEntity().toString(),
        is("\"Role 'id' is internal and cannot be modified or deleted.\""));
  }
}
Example #6
Source File: RoleApiResourceTest.java    From nexus-public with Eclipse Public License 1.0 6 votes vote down vote up 
private Role createRole(final String source,
                        final String id,
                        final String name,
                        final String description,
                        final Collection<String> roles,
                        final Collection<String> privileges)
{
  Role role = new Role();
  role.setRoleId(id);
  role.setName(name);
  role.setDescription(description);
  role.setSource(source);
  roles.forEach(role::addRole);
  privileges.forEach(role::addPrivilege);

  return role;
}
Example #7
Source File: SecurityRule.java    From nexus-public with Eclipse Public License 1.0 6 votes vote down vote up 
public Role createRole(final String name, final String[] roleIds, final String[] privilegeNames) {
  List<Privilege> privileges =
      Arrays.stream(privilegeNames).map(this::getPrivilege).filter(Objects::nonNull).collect(Collectors.toList());

  if (privileges.size() != privilegeNames.length) {
    throw new IllegalStateException(
        String.format("Missing privileges names: %s privileges: %s", privilegeNames, privileges));
  }

  List<Role> roles = Arrays.stream(roleIds).map(this::getRole).filter(Objects::nonNull).collect(Collectors.toList());

  if (roles.size() != roleIds.length) {
    throw new IllegalStateException("Missing privileges names: ${roleIds} privileges: ${roles}");
  }

  return createRole(name, roles, privileges);
}
Example #8
Source File: RoleApiResourceTest.java    From nexus-public with Eclipse Public License 1.0 6 votes vote down vote up 
private void assertRole(final Role role,
                        final String source,
                        final String id,
                        final String name,
                        final String description,
                        final Collection<String> roles,
                        final Collection<String> privileges)
{
  assertThat(role.getSource(), is(source));
  assertThat(role.getRoleId(), is(id));
  assertThat(role.getName(), is(name));
  assertThat(role.getDescription(), is(description));
  if (roles.isEmpty()) {
    assertThat(role.getRoles(), empty());
  }
  else {
    assertThat(role.getRoles(), containsInAnyOrder(roles.toArray(new String[] {})));
  }
  if (privileges.isEmpty()) {
    assertThat(role.getPrivileges(), empty());
  }
  else {
    assertThat(role.getPrivileges(), containsInAnyOrder(privileges.toArray(new String[] {})));
  }
}
Example #9
Source File: DefaultRoleHealthCheck.java    From nexus-public with Eclipse Public License 1.0 6 votes vote down vote up 
@Override
protected Result check() throws Exception {
  if (!realmManager.isRealmEnabled(DefaultRoleRealm.NAME)) {
    return Result.healthy("Default Role Realm not in use.");
  }

  if (defaultRoleRealm.getRole() == null) {
    return Result.unhealthy("Default Role Realm is enabled but not configured.");
  }

  Role matched = securitySystem.listRoles(DEFAULT_SOURCE).stream()
      .filter(role -> role.getRoleId().equals(defaultRoleRealm.getRole())).findFirst().orElse(null);

  if (matched == null) {
    return Result
        .unhealthy("Default Role Realm configured to use role %s which doesn't exist.", defaultRoleRealm.getRole());
  }

  return Result.healthy("Default Role Realm configured to use role %s.", defaultRoleRealm.getRole());
}
Example #10
Source File: MockAuthorizationManagerB.java    From nexus-public with Eclipse Public License 1.0 6 votes vote down vote up 
@Override
public Set<Role> listRoles() {
  Set<Role> roles = new HashSet<Role>();

  Role role1 = new Role();
  role1.setSource(this.getSource());
  role1.setName("Role 1");
  role1.setRoleId("test-role1");
  role1.addPrivilege("from-role1:read");
  role1.addPrivilege("from-role1:delete");

  Role role2 = new Role();
  role2.setSource(this.getSource());
  role2.setName("Role 2");
  role2.setRoleId("test-role2");
  role2.addPrivilege("from-role2:read");
  role2.addPrivilege("from-role2:delete");

  roles.add(role1);
  roles.add(role2);

  return roles;
}
Example #11
Source File: KeycloakMapper.java    From nexus3-keycloak-plugin with Apache License 2.0 6 votes vote down vote up 
private static Set<Role> toRoles(String source, String sourceCode, List<?>[] lists, boolean forCompatible) {
    Set<Role> roles = new LinkedHashSet<>();

    for (List<?> list : lists) {
        if (list == null || list.isEmpty()) {
            continue;
        }

        for (Object representation : list) {
            if (representation instanceof RoleRepresentation) {
                if (forCompatible && ((RoleRepresentation) representation).getClientRole()) {
                    roles.add(toCompatibleRole(source, (RoleRepresentation) representation));
                }

                roles.add(toRole(source, sourceCode, (RoleRepresentation) representation));
            } else if (representation instanceof GroupRepresentation) {
                roles.add(toRole(source, sourceCode, (GroupRepresentation) representation));
            }
        }
    }
    return roles;
}
Example #12
Source File: RoleApiResourceTest.java    From nexus-public with Eclipse Public License 1.0 6 votes vote down vote up 
@Test
public void testGetRoles_allSources() throws Exception {
  Role role1 = createRole("default", "id1", "role1", "role1", Arrays.asList("role1", "role2"),
      Arrays.asList("priv1", "priv2"));
  Role role2 = createRole("another", "id2", "role2", "role2", Arrays.asList("role2", "role3"),
      Arrays.asList("priv2", "priv3"));

  when(securitySystem.listRoles()).thenReturn(new LinkedHashSet<>(Arrays.asList(role2, role1)));

  List<RoleXOResponse> apiRoles = underTest.getRoles(null);

  assertThat(apiRoles.size(), is(2));

  assertApiRole(apiRoles.get(0), "default", "id1", "role1", "role1", Arrays.asList("role1", "role2"),
      Arrays.asList("priv1", "priv2"));
  assertApiRole(apiRoles.get(1), "another", "id2", "role2", "role2", Arrays.asList("role2", "role3"),
      Arrays.asList("priv2", "priv3"));
}
Example #13
Source File: AuthorizationManagerImpl.java    From nexus-public with Eclipse Public License 1.0 6 votes vote down vote up 
private CRole convert(final Role source) {
  CRole target = configuration.newRole();
  target.setId(source.getRoleId());
  target.setVersion(source.getVersion());
  target.setName(source.getName());
  target.setDescription(source.getDescription());
  target.setReadOnly(source.isReadOnly());

  if (source.getPrivileges() != null) {
    target.setPrivileges(Sets.newHashSet(source.getPrivileges()));
  }
  else {
    target.setPrivileges(Sets.<String>newHashSet());
  }

  if (source.getRoles() != null) {
    target.setRoles(Sets.newHashSet(source.getRoles()));
  }
  else {
    target.setRoles(Sets.<String>newHashSet());
  }

  return target;
}
Example #14
Source File: KeycloakMapper.java    From nexus3-keycloak-plugin with Apache License 2.0 6 votes vote down vote up 
public static Role toRole(String source, String sourceCode, GroupRepresentation representation) {
    if (representation == null) {
        return null;
    }

    Role role = new Role();
    String roleName = String.format("%s:%s%s",
                                    REALM_GROUP_PREFIX,
                                    sourceCode != null ? sourceCode + ":" : "",
                                    representation.getPath());

    role.setRoleId(roleName);
    role.setName(roleName);
    role.setReadOnly(true);
    role.setSource(source);

    return role;
}
Example #15
Source File: KeycloakMapper.java    From nexus3-keycloak-plugin with Apache License 2.0 6 votes vote down vote up 
public static Role toRole(String source, String sourceCode, RoleRepresentation representation) {
    if (representation == null) {
        return null;
    }

    Role role = new Role();
    String prefix = representation.getClientRole() ? CLIENT_ROLE_PREFIX : REALM_ROLE_PREFIX;
    String roleName = String.format("%s:%s%s",
                                    prefix,
                                    sourceCode != null ? sourceCode + ":" : "",
                                    representation.getName());

    // Use role name as role-id and role-name of Nexus3
    role.setRoleId(roleName);
    role.setName(roleName);
    if (representation.getDescription() != null && !representation.getDescription().isEmpty()) {
        role.setDescription(String.format("%s: %s", prefix, representation.getDescription()));
    }
    role.setReadOnly(true);
    role.setSource(source);

    return role;
}
Example #16
Source File: AuthorizationManagerTest.java    From nexus-public with Eclipse Public License 1.0 6 votes vote down vote up 
@Test
public void testAddRole() throws Exception {
  AuthorizationManager authzManager = this.getAuthorizationManager();

  Role role = new Role();
  role.setRoleId("new-role");
  role.setName("new-name");
  role.setDescription("new-description");
  role.addPrivilege("2");
  role.addPrivilege("4");

  authzManager.addRole(role);

  CRole secRole = this.getConfigurationManager().readRole(role.getRoleId());

  Assert.assertEquals(role.getRoleId(), secRole.getId());
  Assert.assertEquals(role.getName(), secRole.getName());
  Assert.assertEquals(role.getDescription(), secRole.getDescription());
  Assert.assertTrue(secRole.getPrivileges().contains("2"));
  Assert.assertTrue(secRole.getPrivileges().contains("4"));
  Assert.assertEquals(2, secRole.getPrivileges().size());
}
Example #17
Source File: AuthorizationManagerTest.java    From nexus-public with Eclipse Public License 1.0 6 votes vote down vote up 
@Test
public void testUpdateRole() throws Exception {
  AuthorizationManager authzManager = this.getAuthorizationManager();

  Role role2 = authzManager.getRole("role2");
  role2.setDescription("new description");
  role2.setName("new name");

  Set<String> permissions = new HashSet<String>();
  permissions.add("2");
  role2.setPrivileges(permissions);

  authzManager.updateRole(role2);

  CRole secRole = this.getConfigurationManager().readRole(role2.getRoleId());

  Assert.assertEquals(role2.getRoleId(), secRole.getId());
  Assert.assertEquals(role2.getName(), secRole.getName());
  Assert.assertEquals(role2.getDescription(), secRole.getDescription());
  Assert.assertTrue(secRole.getPrivileges().contains("2"));
  Assert.assertEquals(1, secRole.getPrivileges().size());
}
Example #18
Source File: NexusKeycloakClient.java    From nexus3-keycloak-plugin with Apache License 2.0 6 votes vote down vote up 
public Role findRoleByRoleId(String roleId) {
    String[] splits = roleId.split(":");
    String roleType = splits.length > 1 ? splits[0] : null;
    String roleSourceCode = splits.length > 2 ? splits[1] : null;
    String roleName = splits[splits.length - 1];

    if (!(roleSourceCode + "").equals(getSourceCode() + "")) {
        return null;
    }

    RoleRepresentation role;
    if (KeycloakMapper.REALM_GROUP_PREFIX.equals(roleType)) {
        GroupRepresentation group = this.keycloakAdminClient.getRealmGroupByGroupPath(roleName);

        return KeycloakMapper.toRole(getSource(), getSourceCode(), group);
    } else if (KeycloakMapper.REALM_ROLE_PREFIX.equals(roleType)) {
        role = this.keycloakAdminClient.getRealmRoleByRoleName(roleName);
    } else {
        String client = this.keycloakAdminClient.getConfig().getResource();
        role = this.keycloakAdminClient.getRealmClientRoleByRoleName(client, roleName);
    }

    return KeycloakMapper.toRole(getSource(), getSourceCode(), role);
}
Example #19
Source File: RoleAuditor.java    From nexus-public with Eclipse Public License 1.0 6 votes vote down vote up 
@Subscribe
@AllowConcurrentEvents
public void on(final RoleEvent event) {
  if (isRecording()) {
    Role role = event.getRole();

    AuditData data = new AuditData();
    data.setDomain(DOMAIN);
    data.setType(type(event.getClass()));
    data.setContext(role.getRoleId());

    Map<String, Object> attributes = data.getAttributes();
    attributes.put("id", role.getRoleId());
    attributes.put("name", role.getName());
    attributes.put("source", role.getSource());
    attributes.put("roles", string(role.getRoles()));
    attributes.put("privileges", string(role.getPrivileges()));

    record(data);
  }
}
Example #20
Source File: UserApiResourceTest.java    From nexus-public with Eclipse Public License 1.0 6 votes vote down vote up 
@Before
public void setup() throws Exception {
  when(applicationDirectories.getWorkDirectory()).thenReturn(util.createTempDir());
  adminPasswordFileManager = new AdminPasswordFileManagerImpl(applicationDirectories);
  underTest = new UserApiResource(securitySystem, adminPasswordFileManager);

  final User user = createUser();
  when(securitySystem.getUser(any(), any())).thenAnswer(i -> {
    if ("jdoe".equals(i.getArguments()[0]) && "LDAP".equals(i.getArguments()[1])) {
      throw new UserNotFoundException((String) i.getArguments()[0]);
    }
    return user;
  });
  when(securitySystem.getUser(user.getUserId())).thenReturn(user);

  UserManager ldap = mock(UserManager.class);
  when(ldap.supportsWrite()).thenReturn(false);
  when(securitySystem.getUserManager("LDAP")).thenReturn(ldap);

  when(securitySystem.getUserManager(UserManager.DEFAULT_SOURCE)).thenReturn(userManager);
  when(securitySystem.listRoles(UserManager.DEFAULT_SOURCE))
      .thenReturn(Collections.singleton(new Role("nx-admin", null, null, null, true, null, null)));
  when(userManager.supportsWrite()).thenReturn(true);
}
Example #21
Source File: DefaultSecuritySystemTest.java    From nexus-public with Eclipse Public License 1.0 6 votes vote down vote up 
@Test
public void testAuthorizationManager() throws Exception {
  SecuritySystem securitySystem = this.getSecuritySystem();

  Set<Role> roles = securitySystem.listRoles("sourceB");
  Assert.assertEquals(2, roles.size());

  Map<String, Role> roleMap = new HashMap<String, Role>();
  for (Role role : roles) {
    roleMap.put(role.getRoleId(), role);
  }

  Assert.assertTrue(roleMap.containsKey("test-role1"));
  Assert.assertTrue(roleMap.containsKey("test-role2"));

  Role role1 = roleMap.get("test-role1");
  Assert.assertEquals("Role 1", role1.getName());

  Assert.assertTrue(role1.getPrivileges().contains("from-role1:read"));
  Assert.assertTrue(role1.getPrivileges().contains("from-role1:delete"));
}
Example #22
Source File: AuthorizationManagerTest.java    From nexus-public with Eclipse Public License 1.0 5 votes vote down vote up 
@Test
public void testGetRole() throws Exception {
  AuthorizationManager authzManager = this.getAuthorizationManager();

  Role role1 = authzManager.getRole("role1");

  Assert.assertEquals("role1", role1.getRoleId());
  Assert.assertEquals("RoleOne", role1.getName());
  Assert.assertEquals("Role One", role1.getDescription());
  Assert.assertTrue(role1.getPrivileges().contains("1"));
  Assert.assertTrue(role1.getPrivileges().contains("2"));
  Assert.assertEquals(2, role1.getPrivileges().size());
}
Example #23
Source File: SelectorManagerImpl.java    From nexus-public with Eclipse Public License 1.0 5 votes vote down vote up 
private void getRoles(final String roleId, final AuthorizationManager authorizationManager, final List<Role> roles)
{
  try {
    Role role = authorizationManager.getRole(roleId);
    roles.add(role);
    role.getRoles().forEach(nestedRoleId -> getRoles(nestedRoleId, authorizationManager, roles));
  }
  catch (NoSuchRoleException e) {
    log.debug("Unable to find role for roleId={}, continue searching for roles", roleId, e);
  }
}
Example #24
Source File: AuthorizationManagerTest.java    From nexus-public with Eclipse Public License 1.0 5 votes vote down vote up 
private Map<String, Role> toRoleMap(Set<Role> roles) {
  Map<String, Role> roleMap = new HashMap<String, Role>();

  for (Role role : roles) {
    roleMap.put(role.getRoleId(), role);
  }

  return roleMap;
}
Example #25
Source File: AdditionalRoleSecuritySystemTest.java    From nexus-public with Eclipse Public License 1.0 5 votes vote down vote up 
private Set<String> getRoles() throws Exception {
  AuthorizationManager authzManager = lookup(AuthorizationManager.class);

  Set<String> roles = new HashSet<String>();
  for (Role role : authzManager.listRoles()) {
    roles.add(role.getRoleId());
  }

  return roles;
}
Example #26
Source File: AuthorizationManagerImpl.java    From nexus-public with Eclipse Public License 1.0 5 votes vote down vote up 
@Override
public void deleteRole(final String roleId) throws NoSuchRoleException {
  Role role = getRole(roleId);
  configuration.deleteRole(roleId);

  eventManager.post(new RoleDeletedEvent(role));

  // notify any listeners that the config changed
  this.fireAuthorizationChangedEvent();
}
Example #27
Source File: AuthorizationManagerImpl.java    From nexus-public with Eclipse Public License 1.0 5 votes vote down vote up 
@Override
public Role addRole(final Role role) {
  // the roleId of the secRole might change, so we need to keep the reference
  final CRole secRole = this.convert(role);

  configuration.createRole(secRole);

  eventManager.post(new RoleCreatedEvent(role));

  // notify any listeners that the config changed
  this.fireAuthorizationChangedEvent();

  return this.convert(secRole);
}
Example #28
Source File: AuthorizationManagerImpl.java    From nexus-public with Eclipse Public License 1.0 5 votes vote down vote up 
private Role convert(final CRole source) {
  Role target = new Role();
  target.setRoleId(source.getId());
  target.setVersion(source.getVersion());
  target.setName(source.getName());
  target.setSource(SOURCE);
  target.setDescription(source.getDescription());
  target.setReadOnly(source.isReadOnly());
  target.setPrivileges(Sets.newHashSet(source.getPrivileges()));
  target.setRoles(Sets.newHashSet(source.getRoles()));
  return target;
}
Example #29
Source File: DefaultSecuritySystem.java    From nexus-public with Eclipse Public License 1.0 5 votes vote down vote up 
@Override
public Set<Role> listRoles(String sourceId) throws NoSuchAuthorizationManagerException {
  if (ALL_ROLES_KEY.equalsIgnoreCase(sourceId)) {
    return listRoles();
  }
  else {
    AuthorizationManager authzManager = getAuthorizationManager(sourceId);
    return authzManager.listRoles();
  }
}
Example #30
Source File: DefaultSecuritySystem.java    From nexus-public with Eclipse Public License 1.0 5 votes vote down vote up 
@Override
public Set<Role> listRoles() {
  Set<Role> result = new HashSet<>();
  for (AuthorizationManager authzManager : authorizationManagers.values()) {
    Set<Role> roles = authzManager.listRoles();
    if (roles != null) {
      result.addAll(roles);
    }
  }

  return result;
}