org.eclipse.jetty.security.UserStore Java Examples

@Test
public void testPrincipalNames() {
  UserStore users = new UserStore();
  users.addUser(TEST_USER, SecurityUtils.NO_CREDENTIAL, new String[] { DefaultRoleSecurityProvider.ADMIN });
  UserStoreAuthorizationService usas = new SpnegoUserStoreAuthorizationService(users);

  UserIdentity result = usas.getUserIdentity(null, TEST_USER + "/host@REALM");
  assertNotNull(result);
  assertEquals(TEST_USER, result.getUserPrincipal().getName());

  result = usas.getUserIdentity(null, TEST_USER + "@REALM");
  assertNotNull(result);
  assertEquals(TEST_USER, result.getUserPrincipal().getName());

  result = usas.getUserIdentity(null, TEST_USER + "/host");
  assertNotNull(result);
  assertEquals(TEST_USER, result.getUserPrincipal().getName());

  result = usas.getUserIdentity(null, TEST_USER);
  assertNotNull(result);
  assertEquals(TEST_USER, result.getUserPrincipal().getName());
}
 

/**
 * Creates a basic auth security handler.
 */
protected SecurityHandler createSecurityHandler() throws Exception {
    HashLoginService l = new HashLoginService();
    UserStore userStore = new UserStore();
    l.setUserStore(userStore);
    for (User user : Users.getUsers()) {
        userStore.addUser(user.getId(), Credential.getCredential(user.getPassword()), user.getRolesAsArray());
    }
    l.setName("apimanrealm");

    ConstraintSecurityHandler csh = new ConstraintSecurityHandler();
    csh.setAuthenticator(new BasicAuthenticator());
    csh.setRealmName("apimanrealm");
    csh.setLoginService(l);

    return csh;
}
 

/**
 * Creates a basic auth security handler.
 */
private static SecurityHandler createSecurityHandler() {
    UserStore userStore = new UserStore();
    String user = "user";
    String pwd = "user123!";
    String[] roles = new String[] { "user" };
    userStore.addUser(user, Credential.getCredential(pwd), roles);

    HashLoginService l = new HashLoginService();
    l.setName("apimanrealm");
    l.setUserStore(userStore);

    ConstraintSecurityHandler csh = new ConstraintSecurityHandler();
    csh.setAuthenticator(new BasicAuthenticator());
    csh.setRealmName("apimanrealm");
    csh.setLoginService(l);

    return csh;
}
 

/**
 * Creates a basic auth security handler.
 */
private SecurityHandler createSecurityHandler() {
    HashLoginService l = new HashLoginService();
    UserStore userStore = new UserStore();
    l.setUserStore(userStore);

    for (String [] userInfo : TestUsers.USERS) {
        String user = userInfo[0];
        String pwd = userInfo[1];
        String[] roles = new String[] { "apiuser" };
        if (user.startsWith("admin")) {
            roles = new String[] { "apiuser", "apiadmin"};
        }
        userStore.addUser(user, Credential.getCredential(pwd), roles);
    }
    l.setName("apimanrealm");

    ConstraintSecurityHandler csh = new ConstraintSecurityHandler();
    csh.setAuthenticator(new BasicAuthenticator());
    csh.setRealmName("apimanrealm");
    csh.setLoginService(l);

    return csh;
}
 

/**
 * Creates a basic auth security handler.
 * @throws Exception
 */
protected SecurityHandler createSecurityHandler() throws Exception {
    HashLoginService l = new HashLoginService();
    // UserStore is now separate store entity and must be added to HashLoginService
    UserStore userStore = new UserStore();
    l.setUserStore(userStore);
    for (User user : Users.getUsers()) {
        userStore.addUser(user.getId(), Credential.getCredential(user.getPassword()), user.getRolesAsArray());
    }
    l.setName("apimanrealm");

    ConstraintSecurityHandler csh = new ConstraintSecurityHandler();
    csh.setAuthenticator(new BasicAuthenticator());
    csh.setRealmName("apimanrealm");
    csh.setLoginService(l);

    return csh;
}
 

@Test
public void testRevalidateTokenFails() throws Exception {
  UserStore testUserStore = new UserStore();
  testUserStore.addUser(TEST_USER, SecurityUtils.NO_CREDENTIAL, new String[] {"USER"});
  Instant now = Instant.now();
  TokenGenerator.TokenAndKeys tokenAndKeys = TokenGenerator.generateToken(TEST_USER, now.plusSeconds(10).toEpochMilli());
  Clock fixedClock = Clock.fixed(now, ZoneOffset.UTC);
  JwtLoginService loginService = new JwtLoginService(
      new UserStoreAuthorizationService(testUserStore), tokenAndKeys.publicKey(), null, fixedClock);

  SignedJWT jwtToken = SignedJWT.parse(tokenAndKeys.token());
  HttpServletRequest request = mock(HttpServletRequest.class);
  expect(request.getAttribute(JwtAuthenticator.JWT_TOKEN_REQUEST_ATTRIBUTE)).andReturn(tokenAndKeys.token());

  replay(request);
  UserIdentity identity = loginService.login(TEST_USER, jwtToken, request);
  verify(request);
  assertNotNull(identity);
  assertEquals(TEST_USER, identity.getUserPrincipal().getName());
  loginService.setClock(Clock.offset(fixedClock, Duration.ofSeconds(20)));
  assertFalse(loginService.validate(identity));
}
 

@Test
public void testRevalidateTokenPasses() throws Exception {
  UserStore testUserStore = new UserStore();
  testUserStore.addUser(TEST_USER, SecurityUtils.NO_CREDENTIAL, new String[] {"USER"});
  TokenGenerator.TokenAndKeys tokenAndKeys = TokenGenerator.generateToken(TEST_USER);
  JwtLoginService loginService = new JwtLoginService(new UserStoreAuthorizationService(testUserStore), tokenAndKeys.publicKey(), null);

  SignedJWT jwtToken = SignedJWT.parse(tokenAndKeys.token());
  HttpServletRequest request = mock(HttpServletRequest.class);
  expect(request.getAttribute(JwtAuthenticator.JWT_TOKEN_REQUEST_ATTRIBUTE)).andReturn(tokenAndKeys.token());

  replay(request);
  UserIdentity identity = loginService.login(TEST_USER, jwtToken, request);
  verify(request);
  assertNotNull(identity);
  assertEquals(TEST_USER, identity.getUserPrincipal().getName());
  assertTrue(loginService.validate(identity));
}
 

@Test
public void testValidateTokenSuccessfully() throws Exception {
  UserStore testUserStore = new UserStore();
  testUserStore.addUser(TEST_USER, SecurityUtils.NO_CREDENTIAL, new String[] {"USER"});
  TokenGenerator.TokenAndKeys tokenAndKeys = TokenGenerator.generateToken(TEST_USER);
  JwtLoginService loginService = new JwtLoginService(new UserStoreAuthorizationService(testUserStore), tokenAndKeys.publicKey(), null);

  SignedJWT jwtToken = SignedJWT.parse(tokenAndKeys.token());
  HttpServletRequest request = mock(HttpServletRequest.class);
  expect(request.getAttribute(JwtAuthenticator.JWT_TOKEN_REQUEST_ATTRIBUTE)).andReturn(tokenAndKeys.token());

  replay(request);
  UserIdentity identity = loginService.login(TEST_USER, jwtToken, request);
  verify(request);
  assertNotNull(identity);
  assertEquals(TEST_USER, identity.getUserPrincipal().getName());
}
 

@Test
public void testFailSignatureValidation() throws Exception {
  UserStore testUserStore = new UserStore();
  testUserStore.addUser(TEST_USER, SecurityUtils.NO_CREDENTIAL, new String[] {"USER"});
  TokenGenerator.TokenAndKeys tokenAndKeys = TokenGenerator.generateToken(TEST_USER);
  TokenGenerator.TokenAndKeys tokenAndKeys2 = TokenGenerator.generateToken(TEST_USER); // this will be signed with a different key
  JwtLoginService loginService = new JwtLoginService(new UserStoreAuthorizationService(testUserStore), tokenAndKeys2.publicKey(), null);

  SignedJWT jwtToken = SignedJWT.parse(tokenAndKeys.token());
  HttpServletRequest request = mock(HttpServletRequest.class);

  UserIdentity identity = loginService.login(TEST_USER, jwtToken, request);
  assertNull(identity);
}
 

@Test
public void testSuccessfulLogin() throws Exception {
  UserStore testUserStore = new UserStore();
  testUserStore.addUser(TEST_USER, SecurityUtils.NO_CREDENTIAL, new String[]{USER_ROLE});
  TokenGenerator.TokenAndKeys tokenAndKeys = TokenGenerator.generateToken(TEST_USER);
  JwtLoginService loginService = new JwtLoginService(new UserStoreAuthorizationService(testUserStore), tokenAndKeys.publicKey(), null);

  Authenticator.AuthConfiguration configuration = mock(Authenticator.AuthConfiguration.class);
  expect(configuration.getLoginService()).andReturn(loginService);
  expect(configuration.getIdentityService()).andReturn(new DefaultIdentityService());
  expect(configuration.isSessionRenewedOnAuthentication()).andReturn(true);

  Request request = niceMock(Request.class);
  expect(request.getMethod()).andReturn(HttpMethod.GET.asString());
  expect(request.getHeader(HttpHeader.AUTHORIZATION.asString())).andReturn(null);
  request.setAttribute(JwtAuthenticator.JWT_TOKEN_REQUEST_ATTRIBUTE, tokenAndKeys.token());
  expectLastCall().andVoid();
  expect(request.getCookies()).andReturn(new Cookie[] {new Cookie(JWT_TOKEN, tokenAndKeys.token())});
  expect(request.getAttribute(JwtAuthenticator.JWT_TOKEN_REQUEST_ATTRIBUTE)).andReturn(tokenAndKeys.token());

  HttpServletResponse response = mock(HttpServletResponse.class);

  replay(configuration, request, response);
  JwtAuthenticator authenticator = new JwtAuthenticator(TOKEN_PROVIDER, JWT_TOKEN);
  authenticator.setConfiguration(configuration);
  UserAuthentication authentication = (UserAuthentication) authenticator.validateRequest(request, response, true);
  verify(configuration, request, response);

  assertNotNull(authentication);
  assertTrue(authentication.getUserIdentity().getUserPrincipal() instanceof JwtUserPrincipal);
  JwtUserPrincipal userPrincipal = (JwtUserPrincipal) authentication.getUserIdentity().getUserPrincipal();
  assertEquals(TEST_USER, userPrincipal.getName());
  assertEquals(tokenAndKeys.token(), userPrincipal.getSerializedToken());
}
 

@Override
protected void run() {
    server = new Server(PORT);

    HashLoginService loginService = new HashLoginService();
    loginService.setName("My Realm");
    UserStore userStore = new UserStore();
    String[] roles = new String[] {"user"};
    userStore.addUser(USER, Credential.getCredential(PWD), roles);
    loginService.setUserStore(userStore);

    Constraint constraint = new Constraint();
    constraint.setName(Constraint.__DIGEST_AUTH);
    constraint.setRoles(roles);
    constraint.setAuthenticate(true);

    ConstraintMapping cm = new ConstraintMapping();
    cm.setConstraint(constraint);
    cm.setPathSpec("/*");

    ConstraintSecurityHandler csh = new ConstraintSecurityHandler();
    csh.setAuthenticator(new DigestAuthenticator());
    csh.addConstraintMapping(cm);
    csh.setLoginService(loginService);

    ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
    context.setSecurityHandler(csh);
    context.setContextPath("/");
    server.setHandler(context);
    context.addServlet(new ServletHolder(new TestServlet()), "/*");

    try {
        server.start();
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}
 

public static SecurityHandler getBasicAuthHandler(HttpSourceConfigs httpCourceConf) {
  List<CredentialValueUserPassBean> basicAuthUsers = httpCourceConf.getBasicAuthUsers();

  HashLoginService loginService = new HashLoginService();
  UserStore userStore = new UserStore();

  boolean empty = true;
  for (CredentialValueUserPassBean userPassBean : basicAuthUsers) {
    String username = userPassBean.getUsername();
    String password = userPassBean.get();
    if(StringUtils.isNotEmpty(username) && StringUtils.isNotEmpty(password)) {
      userStore.addUser(username, new Password(password), new String[]{"sdc"});
      empty = false;
    }
  }
  if(empty) {
    return null;
  }

  loginService.setUserStore(userStore);

  Constraint constraint = new Constraint(Constraint.__BASIC_AUTH,"sdc");
  constraint.setAuthenticate(true);

  ConstraintMapping mapping = new ConstraintMapping();
  mapping.setConstraint(constraint);
  mapping.setPathSpec("/*");

  ConstraintSecurityHandler handler = new ConstraintSecurityHandler();
  handler.setAuthenticator(new BasicAuthenticator());
  handler.addConstraintMapping(mapping);
  handler.setLoginService(loginService);

  return handler;
}
 

private void configureServer(Server server, WebAuthConfig authConfig, Handler servletHandler)
    throws BaleenException {
  Handler serverHandler;

  if (authConfig == null || authConfig.getType() == AuthType.NONE) {
    LOGGER.warn("No security applied to API");
    // No security
    serverHandler = servletHandler;
  } else if (authConfig.getType() == AuthType.BASIC) {
    // Basic authentication
    LOGGER.info("Using Basic HTTP authentication for API");

    HashLoginService loginService = new HashLoginService(authConfig.getName());

    UserStore userStore = new UserStore();
    for (WebUser user : authConfig.getUsers()) {
      Credential credential = Credential.getCredential(user.getPassword());
      userStore.addUser(user.getUsername(), credential, user.getRolesAsArray());
    }
    loginService.setUserStore(userStore);
    server.addBean(loginService);

    ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();

    securityHandler.setHandler(servletHandler);
    securityHandler.setConstraintMappings(constraintMappings);
    securityHandler.setAuthenticator(new BasicAuthenticator());
    securityHandler.setLoginService(loginService);

    serverHandler = securityHandler;
  } else {
    throw new InvalidParameterException("Configuration of authentication failed");
  }

  server.setHandler(serverHandler);
}
 

/**
 * Configures a security realm for a test.
 */
protected LoginService configureUserRealm() {
    HashLoginService realm = new HashLoginService();
    realm.setName("default");   // this is the magic realm name to make it effective on everywhere
    UserStore userStore = new UserStore();
    realm.setUserStore( userStore );
    userStore.addUser("alice", new Password("alice"), new String[]{"user","female"});
    userStore.addUser("bob", new Password("bob"), new String[]{"user","male"});
    userStore.addUser("charlie", new Password("charlie"), new String[]{"user","male"});

    return realm;
}
 

/**
 * Creates a {@link HashLoginService} with three users: alice, bob and charlie
 *
 * The password is same as the username
 * @return a new login service
 * @since 2.50
 */
public static LoginService _configureUserRealm() {
    HashLoginService realm = new HashLoginService();
    realm.setName("default");   // this is the magic realm name to make it effective on everywhere
    UserStore userStore = new UserStore();
    realm.setUserStore( userStore );
    userStore.addUser("alice", new Password("alice"), new String[]{"user","female"});
    userStore.addUser("bob", new Password("bob"), new String[]{"user","male"});
    userStore.addUser("charlie", new Password("charlie"), new String[]{"user","male"});

    return realm;
}
 

TrustedProxyAuthorizationService(List<String> userNames, String trustedProxyIpPattern) {
  _adminUserStore = new UserStore();
  userNames.forEach(u -> _adminUserStore.addUser(u, SecurityUtils.NO_CREDENTIAL, new String[] { DefaultRoleSecurityProvider.ADMIN }));
  if (trustedProxyIpPattern != null) {
    _trustedProxyIpPattern = Pattern.compile(trustedProxyIpPattern);
  } else {
    _trustedProxyIpPattern = null;
  }
}
 

@Test
public void testFailedLoginWithUserNotFound() throws Exception {
  UserStore testUserStore = new UserStore();
  testUserStore.addUser(TEST_USER_2, SecurityUtils.NO_CREDENTIAL, new String[] {USER_ROLE});
  TokenGenerator.TokenAndKeys tokenAndKeys = TokenGenerator.generateToken(TEST_USER);
  JwtLoginService loginService = new JwtLoginService(new UserStoreAuthorizationService(testUserStore), tokenAndKeys.publicKey(), null);

  Authenticator.AuthConfiguration configuration = mock(Authenticator.AuthConfiguration.class);
  expect(configuration.getLoginService()).andReturn(loginService);
  expect(configuration.getIdentityService()).andReturn(new DefaultIdentityService());
  expect(configuration.isSessionRenewedOnAuthentication()).andReturn(true);

  Request request = niceMock(Request.class);
  expect(request.getMethod()).andReturn(HttpMethod.GET.asString());
  expect(request.getHeader(HttpHeader.AUTHORIZATION.asString())).andReturn(null);
  request.setAttribute(JwtAuthenticator.JWT_TOKEN_REQUEST_ATTRIBUTE, tokenAndKeys.token());
  expectLastCall().andVoid();
  expect(request.getCookies()).andReturn(new Cookie[] {new Cookie(JWT_TOKEN, tokenAndKeys.token())});
  expect(request.getAttribute(JwtAuthenticator.JWT_TOKEN_REQUEST_ATTRIBUTE)).andReturn(tokenAndKeys.token());

  HttpServletResponse response = mock(HttpServletResponse.class);
  response.setStatus(HttpStatus.UNAUTHORIZED_401);
  expectLastCall().andVoid();

  replay(configuration, request, response);
  JwtAuthenticator authenticator = new JwtAuthenticator(TOKEN_PROVIDER, JWT_TOKEN);
  authenticator.setConfiguration(configuration);
  Authentication authentication = authenticator.validateRequest(request, response, true);
  verify(configuration, request, response);

  assertNotNull(authentication);
  assertEquals(Authentication.SEND_FAILURE, authentication);
}
 

@Test
public void testFailedLoginWithInvalidToken() throws Exception {
  UserStore testUserStore = new UserStore();
  testUserStore.addUser(TEST_USER_2, SecurityUtils.NO_CREDENTIAL, new String[] {USER_ROLE});
  TokenGenerator.TokenAndKeys tokenAndKeys = TokenGenerator.generateToken(TEST_USER);
  TokenGenerator.TokenAndKeys tokenAndKeys2 = TokenGenerator.generateToken(TEST_USER);
  JwtLoginService loginService = new JwtLoginService(new UserStoreAuthorizationService(testUserStore), tokenAndKeys.publicKey(), null);

  Authenticator.AuthConfiguration configuration = mock(Authenticator.AuthConfiguration.class);
  expect(configuration.getLoginService()).andReturn(loginService);
  expect(configuration.getIdentityService()).andReturn(new DefaultIdentityService());
  expect(configuration.isSessionRenewedOnAuthentication()).andReturn(true);

  Request request = niceMock(Request.class);
  expect(request.getMethod()).andReturn(HttpMethod.GET.asString());
  expect(request.getHeader(HttpHeader.AUTHORIZATION.asString())).andReturn(null);
  request.setAttribute(JwtAuthenticator.JWT_TOKEN_REQUEST_ATTRIBUTE, tokenAndKeys2.token());
  expectLastCall().andVoid();
  expect(request.getCookies()).andReturn(new Cookie[] {new Cookie(JWT_TOKEN, tokenAndKeys2.token())});

  HttpServletResponse response = mock(HttpServletResponse.class);
  response.setStatus(HttpStatus.UNAUTHORIZED_401);
  expectLastCall().andVoid();

  replay(configuration, request, response);
  JwtAuthenticator authenticator = new JwtAuthenticator(TOKEN_PROVIDER, JWT_TOKEN);
  authenticator.setConfiguration(configuration);
  Authentication authentication = authenticator.validateRequest(request, response, true);
  verify(configuration, request, response);

  assertNotNull(authentication);
  assertEquals(Authentication.SEND_FAILURE, authentication);
}
 

@Test
public void testFailExpirationValidation() throws Exception {
  UserStore testUserStore = new UserStore();
  testUserStore.addUser(TEST_USER, SecurityUtils.NO_CREDENTIAL, new String[] {"USER"});
  TokenGenerator.TokenAndKeys tokenAndKeys = TokenGenerator.generateToken(TEST_USER, 1L);
  JwtLoginService loginService = new JwtLoginService(new UserStoreAuthorizationService(testUserStore), tokenAndKeys.publicKey(), null);

  SignedJWT jwtToken = SignedJWT.parse(tokenAndKeys.token());
  HttpServletRequest request = mock(HttpServletRequest.class);

  UserIdentity identity = loginService.login(TEST_USER, jwtToken, request);
  assertNull(identity);
}
 

@Test
public void testFailAudienceValidation() throws Exception {
  UserStore testUserStore = new UserStore();
  testUserStore.addUser(TEST_USER, SecurityUtils.NO_CREDENTIAL, new String[] {"USER"});
  TokenGenerator.TokenAndKeys tokenAndKeys = TokenGenerator.generateToken(TEST_USER, Arrays.asList("A", "B"));
  JwtLoginService loginService = new JwtLoginService(
      new UserStoreAuthorizationService(testUserStore), tokenAndKeys.publicKey(), Arrays.asList("C", "D"));

  SignedJWT jwtToken = SignedJWT.parse(tokenAndKeys.token());
  HttpServletRequest request = mock(HttpServletRequest.class);

  UserIdentity identity = loginService.login(TEST_USER, jwtToken, request);
  assertNull(identity);
}
 

private UserStore buildUserStore() {
    UserStore userStore = new UserStore();
    userStore.addUser(username, new Password(password), ROLES);
    return userStore;
}
 

public void addUser(String userId, String password, String... roles) {
	UserStore userStore = new UserStore();
	userStore.addUser(userId, Credential.getCredential(password), roles);
	loginService.setUserStore(userStore);
}
 

/**
 * Configure the {@link UserStore} implementation to use.
 * If none, for backward compat if none the {@link PropertyUserStore} will be used
 * @param userStore the {@link UserStore} implementation to use
 */
public void setUserStore(UserStore userStore)
{
  Utils.checkArgument(userStore instanceof PropertyUserStore, "Only PropertyUserStore is supported.");
  this._userStore = userStore;
}
 

public void start() throws Exception {
    RequestLogHandler handler = new RequestLogHandler();

    if (context == null) {
        context = new ServletContextHandler(handler, "/", ServletContextHandler.SESSIONS);
    }

    context.setEventListeners(new EventListener[]{new EverrestInitializedListener()});
    ServletHolder servletHolder = new ServletHolder(new EverrestServlet());

    context.addServlet(servletHolder, UNSECURE_PATH_SPEC);
    context.addServlet(servletHolder, SECURE_PATH_SPEC);

    //set up security
    Constraint constraint = new Constraint();
    constraint.setName(Constraint.__BASIC_AUTH);
    constraint.setRoles(new String[]{"cloud-admin", "users", "user", "temp_user"});
    constraint.setAuthenticate(true);

    ConstraintMapping constraintMapping = new ConstraintMapping();
    constraintMapping.setConstraint(constraint);
    constraintMapping.setPathSpec(SECURE_PATH_SPEC);

    ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
    securityHandler.addConstraintMapping(constraintMapping);

    HashLoginService loginService = new HashLoginService();

    UserStore userStore = new UserStore();

    userStore.addUser(ADMIN_USER_NAME, new Password(ADMIN_USER_PASSWORD),
                         new String[]{"cloud-admin",
                                      "users",
                                      "user",
                                      "temp_user",
                                      "developer",
                                      "admin",
                                      "workspace/developer",
                                      "workspace/admin",
                                      "account/owner",
                                      "account/member",
                                      "system/admin",
                                      "system/manager"
                         });
    userStore.addUser(MANAGER_USER_NAME, new Password(MANAGER_USER_PASSWORD), new String[]{"cloud-admin",
                                                                                              "user",
                                                                                              "temp_user",
                                                                                              "users"});
    loginService.setUserStore(userStore);

    securityHandler.setLoginService(loginService);
    securityHandler.setAuthenticator(new BasicAuthenticator());

    context.setSecurityHandler(securityHandler);

    server.setHandler(handler);

    server.start();
    ResourceBinder binder =
            (ResourceBinder)context.getServletContext().getAttribute(ResourceBinder.class.getName());
    DependencySupplier dependencies =
            (DependencySupplier)context.getServletContext().getAttribute(DependencySupplier.class.getName());
    GroovyResourcePublisher groovyPublisher = new GroovyResourcePublisher(binder, dependencies);
    context.getServletContext().setAttribute(GroovyResourcePublisher.class.getName(), groovyPublisher);

}
 

public SpnegoUserStoreAuthorizationService(UserStore userStore) {
  super(userStore);
}
 

private static UserStore userStoreFromFile(String privilegesFilePath) {
  PropertyUserStore userStore = new PropertyUserStore();
  userStore.setConfig(privilegesFilePath);
  return userStore;
}
 

public UserStoreAuthorizationService(UserStore userStore) {
  _userStore = userStore;
}