Examples of PolicyFile

com.getperka.flatpack.policy.pst.PolicyFile
The root node for interpreting a policy file.
gnu.java.security.PolicyFile
org.apache.sentry.provider.file.PolicyFile
PolicyFile creator. Written specifically to be used with tests. Specifically due to the fact that methods that would typically return true or false to indicate success or failure these methods throw an unchecked exception. This is because in a test if you mean to remove a user from the policy file, the user should absolutely be there. If not, the test is mis-behaving.
sun.security.provider.PolicyFile
he code is comes from "foo.com" and is running as "Duke", // grant it read/write to all files in /tmp. grant codeBase "foo.com", principal foo.com.Principal "Duke" { permission java.io.FilePermission "/tmp/*", "read,write"; }; // grant any code running as "Duke" permission to read // the "java.vendor" Property. grant principal foo.com.Principal "Duke" { permission java.util.PropertyPermission "java.vendor"; This Policy implementation supports special handling of any permission that contains the string, "${{self}}", as part of its target name. When such a permission is evaluated (such as during a security check), ${{self}} is replaced with one or more Principal class/name pairs. The exact replacement performed depends upon the contents of the grant clause to which the permission belongs.
If the grant clause does not contain any principal information, the permission will be ignored (permissions containing ${{self}} in their target names are only valid in the context of a principal-based grant clause). For example, BarPermission will always be ignored in the following grant clause:
```
 grant codebase "www.foo.com", signedby "duke" { permission BarPermission "... ${{self}} ..."; }; 
```
If the grant clause contains principal information, ${{self}} will be replaced with that same principal information. For example, ${{self}} in BarPermission will be replaced by javax.security.auth.x500.X500Principal "cn=Duke" in the following grant clause:
```
 grant principal javax.security.auth.x500.X500Principal "cn=Duke" { permission BarPermission "... ${{self}} ..."; }; 
```
If there is a comma-separated list of principals in the grant clause, then ${{self}} will be replaced by the same comma-separated list or principals. In the case where both the principal class and name are wildcarded in the grant clause, ${{self}} is replaced with all the principals associated with the Subject in the current AccessControlContext.
For PrivateCredentialPermissions, you can also use "self" instead of "${{self}}". However the use of "self" is deprecated in favour of "${{self}}". @see java.security.CodeSource @see java.security.Permissions @see java.security.ProtectionDomain

Examples of org.apache.sentry.provider.file.PolicyFile

    fileSystem = dfs.getFileSystem();


    String policyURI;


    //TODO: We can probably get rid of this.
    PolicyFile policyFile = PolicyFile.setAdminOnServer1(ADMIN1)
        .setUserGroupMapping(StaticUserGroup.getStaticMapping());
    policyFile.write(policyFileLocation);


    if (policy_on_hdfs) {
      String dfsUri = fileSystem.getDefaultUri(fileSystem.getConf()).toString();
      LOGGER.error("dfsUri " + dfsUri);
      policyURI = dfsUri + System.getProperty("sentry.e2etest.hive.policy.location", "/user/hive/sentry");

View Full Code Here

Examples of org.apache.sentry.provider.file.PolicyFile

    clearDB();
  }


  @Test
  public void testPerDB() throws Exception {
    PolicyFile db2PolicyFile = new PolicyFile();
    File db2PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB2_POLICY_FILE);
    db2PolicyFile
        .addRolesToGroup(USERGROUP2, "select_tbl2")
        .addPermissionsToRole("select_tbl2", "server=server1->db=db2->table=tbl2->action=select")
        .write(db2PolicyFileHandle);


    policyFile

View Full Code Here

Examples of org.apache.sentry.provider.file.PolicyFile


    File db2PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB2_POLICY_FILE);
    File db3PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB3_POLICY_FILE);
    File db4PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB4_POLICY_FILE);


    PolicyFile db2PolicyFile = new PolicyFile();
    PolicyFile db3PolicyFile = new PolicyFile();
    PolicyFile db4PolicyFile = new PolicyFile();
    db2PolicyFile
        .addRolesToGroup(USERGROUP2, "select_tbl2")
        .addPermissionsToRole("select_tbl2", "server=server1->db=db2->table=tbl2->action=select")
        .write(db2PolicyFileHandle);
    db3PolicyFile
        .addRolesToGroup(USERGROUP3, "select_tbl3_BAD")
        .addPermissionsToRole("select_tbl3_BAD", "server=server1->db=db3------>table->action=select")
        .write(db3PolicyFileHandle);
    db4PolicyFile
        .addRolesToGroup(USERGROUP4, "select_tbl4")
        .addPermissionsToRole("select_tbl4", "server=server1->db=db4->table=tbl4->action=select")
        .write(db4PolicyFileHandle);
    policyFile
        .addRolesToGroup(USERGROUP1, "select_tbl1")

View Full Code Here

Examples of org.apache.sentry.provider.file.PolicyFile

        .addPermissionsToRole("select_tbl1", "server=server1->db=db1->table=tbl1->action=select")
        .addDatabase("db2", prefix + db2PolicyFileHandle.getName())
        .setUserGroupMapping(StaticUserGroup.getStaticMapping())
        .write(context.getPolicyFile());


    PolicyFile db2PolicyFile = new PolicyFile();
    db2PolicyFile
        .addRolesToGroup(USERGROUP2, "select_tbl2", "data_read", "insert_tbl2")
        .addPermissionsToRole("select_tbl2", "server=server1->db=db2->table=tbl2->action=select")
        .addPermissionsToRole("insert_tbl2", "server=server1->db=db2->table=tbl2->action=insert")
        .addPermissionsToRole("data_read", "server=server1->URI=file://" + dataFile)
        .write(db2PolicyFileHandle);

View Full Code Here

Examples of org.apache.sentry.provider.file.PolicyFile

        .addDatabase("db2", prefix + db2PolicyFileHandle.getName())
        .addDatabase("default", prefix + defaultPolicyFileHandle.getName())
        .setUserGroupMapping(StaticUserGroup.getStaticMapping())
        .write(context.getPolicyFile());


    PolicyFile db2PolicyFile = new PolicyFile();
    db2PolicyFile
        .addRolesToGroup(USERGROUP2, "select_tbl2")
        .addPermissionsToRole("select_tbl2", "server=server1->db=db2->table=tbl2->action=select")
        .write(db2PolicyFileHandle);


    PolicyFile defaultPolicyFile = new PolicyFile();
    defaultPolicyFile
        .addRolesToGroup(USERGROUP2, "select_def")
        .addPermissionsToRole("select_def", "server=server1->db=default->table=dtab->action=select")
        .write(defaultPolicyFileHandle);


    // setup db objects needed by the test

View Full Code Here

Examples of org.apache.sentry.provider.file.PolicyFile

  }
  @Test
  public void testPerDbFileCannotContainUsersOrDatabases() throws Exception {
    PolicyEngine policy;
    ImmutableSet<String> permissions;
    PolicyFile policyFile;
    // test sanity
    policyFile = PolicyFile.setAdminOnServer1("admin");
    policyFile.addGroupsToUser("admin1", "admin");
    policyFile.write(globalPolicyFile);
    policyFile.write(otherPolicyFile);
    policy = new DBPolicyFileBackend("server1", globalPolicyFile.getPath());
    permissions = policy.getAllPrivileges(Sets.newHashSet("admin"), ActiveRoleSet.ALL);
    Assert.assertEquals(permissions.toString(), "[server=server1]");
    // test to ensure [users] fails parsing of per-db file
    policyFile.addDatabase("other", otherPolicyFile.getPath());
    policyFile.write(globalPolicyFile);
    policyFile.write(otherPolicyFile);
    policy = new DBPolicyFileBackend("server1", globalPolicyFile.getPath());
    permissions = policy.getAllPrivileges(Sets.newHashSet("admin"), ActiveRoleSet.ALL);
    Assert.assertEquals(permissions.toString(), "[server=server1]");
    // test to ensure [databases] fails parsing of per-db file
    // by removing the user mapping from the per-db policy file
    policyFile.removeGroupsFromUser("admin1", "admin")
      .write(otherPolicyFile);
    policy = new DBPolicyFileBackend("server1", globalPolicyFile.getPath());
    permissions = policy.getAllPrivileges(Sets.newHashSet("admin"), ActiveRoleSet.ALL);
    Assert.assertEquals(permissions.toString(), "[server=server1]");
  }

View Full Code Here

Examples of org.apache.sentry.provider.file.PolicyFile

    statement.close();
    connection.close();


    File specificPolicyFileFile = new File(baseDir, "db2-policy.ini");


    PolicyFile specificPolicyFile = new PolicyFile()
    .addPermissionsToRole("db1_role", grant)
    .addRolesToGroup("group1", "db1_role");
    specificPolicyFile.write(specificPolicyFileFile);


    policyFile.addDatabase("db2", specificPolicyFileFile.getPath());
    writePolicyFile(policyFile);


    // test execution

View Full Code Here

Examples of org.apache.sentry.provider.file.PolicyFile

  /**
   * Tests that users in two groups work correctly
   **/
  @Test
  public void testAdmin5() throws Exception {
    policyFile = new PolicyFile();
    policyFile
        .addRolesToGroup("admin_group1", ADMINGROUP)
        .addRolesToGroup("admin_group2", ADMINGROUP)
        .addPermissionsToRole(ADMINGROUP, "server=server1")
        .addGroupsToUser("admin1", "admin_group1", "admin_group2")

View Full Code Here

Examples of org.apache.sentry.provider.file.PolicyFile

  /**
   * Tests that user with two roles the most powerful role takes effect
   **/
  @Test
  public void testGroup2() throws Exception {
    policyFile = new PolicyFile();
    policyFile
        .addRolesToGroup("group1", ADMINGROUP, "analytics")
        .addPermissionsToRole(ADMINGROUP, "server=server1")
        .addPermissionsToRole("analytics", "server=server1->db=" + dbName)
        .addGroupsToUser("user1", "group1")

View Full Code Here

Examples of org.apache.sentry.provider.file.PolicyFile

  /**
   * Tests that user names with special characters are handled correctly
   **/
  @Test
  public void testGroup7() throws Exception {
    policyFile = new PolicyFile();
    policyFile
        .addRolesToGroup("group1", ADMINGROUP)
        .addPermissionsToRole(ADMINGROUP, "server=server1")
        .addGroupsToUser("user1~!@#$%^&*()+-", "group1")
        .addGroupsToUser("user2", "group1")

View Full Code Here

0 1 2 3 4

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.