Examples with GrantedAuthority org.springframework.security.core.GrantedAuthority used on opensource projects

Example 96 with GrantedAuthority

use of org.springframework.security.core.GrantedAuthority in project CzechIdMng by bcvsolutions.

the class DefaultGrantedAuthoritiesFactoryTest method testGroupAdmin.

/**
 * Group admin has all group authorities
 */
@Test
public void testGroupAdmin() {
    IdmRoleDto role = new IdmRoleDto();
    role.setName("role");
    role.setId(UUID.randomUUID());
    IdmIdentityDto identity = new IdmIdentityDto();
    identity.setId(UUID.randomUUID());
    identity.setUsername("identityAdmin");
    IdmIdentityContractDto contract = new IdmIdentityContractDto();
    contract.setId(UUID.randomUUID());
    contract.setIdentity(identity.getId());
    IdmIdentityRoleDto identityRole = new IdmIdentityRoleDto();
    identityRole.setIdentityContractDto(contract);
    identityRole.setRole(role.getId());
    List<IdmIdentityRoleDto> roles = Lists.newArrayList(identityRole);
    when(moduleService.getAvailablePermissions()).thenReturn(groupPermissions);
    when(identityService.getByUsername(identity.getUsername())).thenReturn(identity);
    when(roleService.get(role.getId())).thenReturn(role);
    when(identityRoleService.findValidRole(identity.getId(), null)).thenReturn(new PageImpl<>(new ArrayList<>(roles)));
    when(roleService.getSubroles(any(UUID.class))).thenReturn(Lists.newArrayList());
    when(authorizationPolicyService.getDefaultAuthorities(any())).thenReturn(Sets.newHashSet(new DefaultGrantedAuthority(CoreGroupPermission.IDENTITY, IdmBasePermission.ADMIN), new DefaultGrantedAuthority(CoreGroupPermission.IDENTITY, IdmBasePermission.READ), new DefaultGrantedAuthority(CoreGroupPermission.IDENTITY, IdmBasePermission.DELETE)));
    // returns trimmed authorities
    List<GrantedAuthority> grantedAuthorities = defaultGrantedAuthoritiesFactory.getGrantedAuthorities(identity.getUsername());
    // 
    assertEquals(1, grantedAuthorities.size());
    assertEquals(new DefaultGrantedAuthority(CoreGroupPermission.IDENTITY, IdmBasePermission.ADMIN), grantedAuthorities.iterator().next());
}

Example 97 with GrantedAuthority

use of org.springframework.security.core.GrantedAuthority in project CzechIdMng by bcvsolutions.

the class DefaultIdmRoleRequestServiceIntegrationTest method notRightForExecuteImmediatelyExceptionTest.

@Test(expected = RoleRequestException.class)
@Transactional()
public void notRightForExecuteImmediatelyExceptionTest() {
    this.logout();
    // Log as user without right for immediately execute role request (without approval)
    Collection<GrantedAuthority> authorities = IdmAuthorityUtils.toAuthorities(moduleService.getAvailablePermissions()).stream().filter(authority -> {
        return !CoreGroupPermission.ROLE_REQUEST_EXECUTE.equals(authority.getAuthority()) && !CoreGroupPermission.ROLE_REQUEST_ADMIN.equals(authority.getAuthority()) && !IdmGroupPermission.APP_ADMIN.equals(authority.getAuthority());
    }).collect(Collectors.toList());
    SecurityContextHolder.getContext().setAuthentication(new IdmJwtAuthentication(new IdmIdentityDto(USER_TEST_A), null, authorities, "test"));
    IdmIdentityDto testA = identityService.getByUsername(USER_TEST_A);
    IdmIdentityContractDto contractA = identityContractService.getPrimeContract(testA.getId());
    IdmRoleRequestDto request = new IdmRoleRequestDto();
    request.setApplicant(testA.getId());
    request.setExecuteImmediately(true);
    request.setRequestedByType(RoleRequestedByType.MANUALLY);
    request = roleRequestService.save(request);
    Assert.assertEquals(RoleRequestState.CONCEPT, request.getState());
    IdmConceptRoleRequestDto conceptA = new IdmConceptRoleRequestDto();
    conceptA.setRoleRequest(request.getId());
    conceptA.setOperation(ConceptRoleRequestOperation.ADD);
    conceptA.setRole(roleA.getId());
    conceptA.setIdentityContract(contractA.getId());
    conceptA = conceptRoleRequestService.save(conceptA);
    Assert.assertEquals(RoleRequestState.CONCEPT, conceptA.getState());
    // We expect exception state (we don`t have right for execute without approval)
    roleRequestService.startRequestInternal(request.getId(), true);
}

Example 98 with GrantedAuthority

use of org.springframework.security.core.GrantedAuthority in project CzechIdMng by bcvsolutions.

the class AbstractWorkflowIntegrationTest method loginAsNoAdmin.

public void loginAsNoAdmin(String user) {
    Collection<GrantedAuthority> authorities = IdmAuthorityUtils.toAuthorities(moduleService.getAvailablePermissions()).stream().filter(authority -> {
        return !IdmGroupPermission.APP_ADMIN.equals(authority.getAuthority());
    }).collect(Collectors.toList());
    IdmIdentityDto identity = (IdmIdentityDto) lookupService.getDtoLookup(IdmIdentityDto.class).lookup(user);
    SecurityContextHolder.getContext().setAuthentication(new IdmJwtAuthentication(identity, null, authorities, "test"));
}

Example 99 with GrantedAuthority

use of org.springframework.security.core.GrantedAuthority in project CzechIdMng by bcvsolutions.

the class DefaultIdmAutomaticRoleRequestServiceIntegrationTest method notRightForExecuteImmediatelyExceptionTest.

@Test(expected = RoleRequestException.class)
public void notRightForExecuteImmediatelyExceptionTest() {
    this.logout();
    IdmIdentityDto identity = helper.createIdentity();
    // Log as user without right for immediately execute role request (without
    // approval)
    Collection<GrantedAuthority> authorities = IdmAuthorityUtils.toAuthorities(moduleService.getAvailablePermissions()).stream().filter(authority -> {
        return !CoreGroupPermission.AUTOMATIC_ROLE_REQUEST_ADMIN.equals(authority.getAuthority()) && !IdmGroupPermission.APP_ADMIN.equals(authority.getAuthority());
    }).collect(Collectors.toList());
    SecurityContextHolder.getContext().setAuthentication(new IdmJwtAuthentication(new IdmIdentityDto(identity.getUsername()), null, authorities, "test"));
    IdmRoleDto role = prepareRole();
    IdmAutomaticRoleRequestDto request = new IdmAutomaticRoleRequestDto();
    request.setState(RequestState.EXECUTED);
    request.setOperation(RequestOperationType.ADD);
    request.setRequestType(AutomaticRoleRequestType.ATTRIBUTE);
    request.setExecuteImmediately(true);
    request.setName(role.getName());
    request.setRole(role.getId());
    request = roleRequestService.save(request);
    Assert.assertEquals(RequestState.CONCEPT, request.getState());
    IdmAutomaticRoleAttributeRuleRequestDto rule = new IdmAutomaticRoleAttributeRuleRequestDto();
    rule.setRequest(request.getId());
    rule.setOperation(RequestOperationType.ADD);
    rule.setAttributeName(IdmIdentity_.username.getName());
    rule.setComparison(AutomaticRoleAttributeRuleComparison.EQUALS);
    rule.setType(AutomaticRoleAttributeRuleType.IDENTITY);
    rule.setValue("test");
    rule = ruleRequestService.save(rule);
    // We expect exception state (we don`t have right for execute without approval)
    roleRequestService.startRequestInternal(request.getId(), true);
}

Example 100 with GrantedAuthority

use of org.springframework.security.core.GrantedAuthority in project zhcet-web by zhcet-amu.

the class UserDetailService method cloneWithRoles.

/**
 * Update current authentication by cloning it with new roles
 * Also saves the user with new roles
 *
 * Used when there is a need to dynamically update a user's roles
 * @param authentication {@link Authentication} to be cloned
 * @param user {@link User} containing roles
 */
void cloneWithRoles(Authentication authentication, User user) {
    Collection<GrantedAuthority> authorities = getAuthorities(user);
    Authentication clone = new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), authorities);
    saveUser(user);
    SecurityContextHolder.getContext().setAuthentication(clone);
}