private void checkReadVaultExpressionReadSensitive(final StandardRole standardRole, final boolean readable) throws Exception {
VaultExpressionSensitivityConfig.INSTANCE.setConfiguredRequiresAccessPermission(false);
VaultExpressionSensitivityConfig.INSTANCE.setConfiguredRequiresReadPermission(true);
VaultExpressionSensitivityConfig.INSTANCE.setConfiguredRequiresWritePermission(false);
try {
ChildResourceDefinition oneChild = new ChildResourceDefinition(ONE);
oneChild.addAttribute("attr1");
oneChild.addOperation("test", true, false, null);
rootRegistration.registerSubModel(oneChild);
Resource resourceA = Resource.Factory.create();
resourceA.getModel().get("attr1").set("test-a");
rootResource.registerChild(ONE_A, resourceA);
Resource resourceB = Resource.Factory.create();
resourceB.getModel().get("attr1").set("${VAULT::AA::bb::cc}");
rootResource.registerChild(ONE_B, resourceB);
AccessAuditContext.doAs(roleToSecurityIdentity(standardRole), null, new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
Assert.assertEquals("test-a", server.getAttribute(ONE_A_NAME, "attr1"));
try {
Assert.assertEquals("${VAULT::AA::bb::cc}", server.getAttribute(ONE_B_NAME, "attr1"));
Assert.assertTrue(readable);
} catch (JMRuntimeException e) {
Assert.assertFalse(readable);
}
return null;
}
});
} finally {
VaultExpressionSensitivityConfig.INSTANCE.setConfiguredRequiresAccessPermission(null);
VaultExpressionSensitivityConfig.INSTANCE.setConfiguredRequiresReadPermission(null);
VaultExpressionSensitivityConfig.INSTANCE.setConfiguredRequiresWritePermission(null);
}
}
JmxFacadeRbacEnabledTestCase.java 文件源码
java
阅读 21
收藏 0
点赞 0
评论 0
项目:wildfly-core
作者:
评论列表
文章目录
