Add checkAccessAllowed method that consumes access token + certificate

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2020-01-16 15:14:18 +0100
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2020-01-24 14:48:09 +0100
commit: a4a2092b9eebec9f24b9818fe51113ea6341640d (patch)
tree: c7fe8458a28a98b8f383df7d0ab1b2ee7092221c /jdisc-security-filters
parent: 2d8e7e65a9ea6e80cee667ec7bcff3d488df8a2c (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java
index 197ba89f3e3..ecf746179a3 100644
--- a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java
+++ b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java
@@ -4,6 +4,7 @@ package com.yahoo.jdisc.http.filter.security.athenz;
 import com.yahoo.container.jdisc.RequestHandlerTestDriver;
 import com.yahoo.jdisc.Response;
 import com.yahoo.jdisc.http.filter.DiscFilterRequest;
+import com.yahoo.vespa.athenz.api.AthenzAccessToken;
 import com.yahoo.vespa.athenz.api.AthenzResourceName;
 import com.yahoo.vespa.athenz.api.AthenzRole;
 import com.yahoo.vespa.athenz.api.ZToken;
@@ -89,6 +90,11 @@ public class AthenzAuthorizationFilterTest {
         public AuthorizationResult checkAccessAllowed(X509Certificate roleCertificate, AthenzResourceName resourceName, String action) {
             return new AuthorizationResult(Type.ALLOW, new AthenzRole(resourceName.getDomain(), "rolename"));
         }
+
+        @Override
+        public AuthorizationResult checkAccessAllowed(AthenzAccessToken accessToken, X509Certificate identityCertificate, AthenzResourceName resourceName, String action) {
+            return new AuthorizationResult(Type.ALLOW, new AthenzRole(resourceName.getDomain(), "rolename"));
+        }
     }
 
     static class DenyingZpe implements Zpe {
@@ -101,6 +107,11 @@ public class AthenzAuthorizationFilterTest {
         public AuthorizationResult checkAccessAllowed(X509Certificate roleCertificate, AthenzResourceName resourceName, String action) {
             return new AuthorizationResult(Type.DENY);
         }
+
+        @Override
+        public AuthorizationResult checkAccessAllowed(AthenzAccessToken accessToken, X509Certificate identityCertificate, AthenzResourceName resourceName, String action) {
+            return new AuthorizationResult(Type.DENY);
+        }
     }
 
 }
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2020-01-16 15:14:18 +0100
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2020-01-24 14:48:09 +0100
commit	a4a2092b9eebec9f24b9818fe51113ea6341640d (patch)
tree	c7fe8458a28a98b8f383df7d0ab1b2ee7092221c /jdisc-security-filters
parent	2d8e7e65a9ea6e80cee667ec7bcff3d488df8a2c (diff)