Search in sources :

Example 1 with PolicyExceptionType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyExceptionType in project midpoint by Evolveum.

the class TestSecurityBasic method test273AutzJackRedyAssignmentExceptionRules.

/**
	 * Check that the #assign authorization does not allow assignment that contains
	 * policyException or policyRule.
	 */
@Test
public void test273AutzJackRedyAssignmentExceptionRules() throws Exception {
    final String TEST_NAME = "test273AutzJackRedyAssignmentExceptionRules";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    cleanupAutzTest(USER_JACK_OID);
    assignRole(USER_JACK_OID, ROLE_ASSIGN_ANY_ROLES_OID);
    assumeAssignmentPolicy(AssignmentPolicyEnforcementType.RELATIVE);
    login(USER_JACK_USERNAME);
    // WHEN
    TestUtil.displayWhen(TEST_NAME);
    assertReadAllow(NUMBER_OF_ALL_USERS + 1);
    assertAddDeny();
    assertModifyDeny();
    assertDeleteDeny();
    PrismObject<UserType> user = getUser(USER_JACK_OID);
    assertAssignments(user, 2);
    assertAssignedRole(user, ROLE_ASSIGN_ANY_ROLES_OID);
    assertDeny("assign application role to jack", (task, result) -> assignRole(USER_JACK_OID, ROLE_APPLICATION_1_OID, null, assignment -> {
        PolicyExceptionType policyException = new PolicyExceptionType();
        policyException.setRuleName("whatever");
        assignment.getPolicyException().add(policyException);
    }, task, result));
    user = getUser(USER_JACK_OID);
    assertAssignments(user, 2);
    assertDeny("assign application role to jack", (task, result) -> assignRole(USER_JACK_OID, ROLE_BUSINESS_1_OID, null, assignment -> {
        PolicyRuleType policyRule = new PolicyRuleType();
        policyRule.setName("whatever");
        assignment.setPolicyRule(policyRule);
    }, task, result));
    user = getUser(USER_JACK_OID);
    assertAssignments(user, 2);
    assertGlobalStateUntouched();
}
Also used : DirtiesContext(org.springframework.test.annotation.DirtiesContext) ObjectType(com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType) TypeFilter(com.evolveum.midpoint.prism.query.TypeFilter) ConfigurationException(com.evolveum.midpoint.util.exception.ConfigurationException) SchemaException(com.evolveum.midpoint.util.exception.SchemaException) Test(org.testng.annotations.Test) RoleType(com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType) PrismTestUtil(com.evolveum.midpoint.prism.util.PrismTestUtil) AssertJUnit.assertNull(org.testng.AssertJUnit.assertNull) MiscSchemaUtil(com.evolveum.midpoint.schema.util.MiscSchemaUtil) ObjectQueryUtil(com.evolveum.midpoint.schema.util.ObjectQueryUtil) SelectorOptions(com.evolveum.midpoint.schema.SelectorOptions) AssignmentType(com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType) ObjectDelta(com.evolveum.midpoint.prism.delta.ObjectDelta) PrismAsserts(com.evolveum.midpoint.prism.util.PrismAsserts) ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException) Collection(java.util.Collection) ObjectAlreadyExistsException(com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException) PolicyExceptionType(com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyExceptionType) Task(com.evolveum.midpoint.task.api.Task) TaskType(com.evolveum.midpoint.xml.ns._public.common.common_3.TaskType) MetadataType(com.evolveum.midpoint.xml.ns._public.common.common_3.MetadataType) SecurityQuestionsCredentialsPolicyType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionsCredentialsPolicyType) CommunicationException(com.evolveum.midpoint.util.exception.CommunicationException) QName(javax.xml.namespace.QName) ObjectReferenceType(com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType) ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType) ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType) PolicyViolationException(com.evolveum.midpoint.util.exception.PolicyViolationException) AssertJUnit(org.testng.AssertJUnit) RefFilter(com.evolveum.midpoint.prism.query.RefFilter) OrgType(com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType) CredentialsPolicyType(com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType) SchemaConstants(com.evolveum.midpoint.schema.constants.SchemaConstants) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) ObjectFilter(com.evolveum.midpoint.prism.query.ObjectFilter) ExpressionEvaluationException(com.evolveum.midpoint.util.exception.ExpressionEvaluationException) ArrayList(java.util.ArrayList) PrismObjectDefinition(com.evolveum.midpoint.prism.PrismObjectDefinition) ItemDelta(com.evolveum.midpoint.prism.delta.ItemDelta) AssignmentPolicyEnforcementType(com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentPolicyEnforcementType) RoleSelectionSpecification(com.evolveum.midpoint.model.api.RoleSelectionSpecification) SecurityViolationException(com.evolveum.midpoint.util.exception.SecurityViolationException) TestUtil(com.evolveum.midpoint.test.util.TestUtil) ModelExecuteOptions(com.evolveum.midpoint.model.api.ModelExecuteOptions) AuthorizationDecisionType(com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationDecisionType) ContainerDelta(com.evolveum.midpoint.prism.delta.ContainerDelta) AbstractRoleType(com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractRoleType) ActivationStatusType(com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType) ClassMode(org.springframework.test.annotation.DirtiesContext.ClassMode) AuthorizationPhaseType(com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType) PrismObject(com.evolveum.midpoint.prism.PrismObject) PolicyRuleType(com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyRuleType) RefinedObjectClassDefinition(com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition) ItemPath(com.evolveum.midpoint.prism.path.ItemPath) IntegrationTestTools.display(com.evolveum.midpoint.test.IntegrationTestTools.display) PrismContainerValue(com.evolveum.midpoint.prism.PrismContainerValue) SearchResultList(com.evolveum.midpoint.schema.SearchResultList) ContextConfiguration(org.springframework.test.context.ContextConfiguration) GetOperationOptions(com.evolveum.midpoint.schema.GetOperationOptions) AssertJUnit.assertNotNull(org.testng.AssertJUnit.assertNotNull) PrismReference(com.evolveum.midpoint.prism.PrismReference) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) ObjectQuery(com.evolveum.midpoint.prism.query.ObjectQuery) AssertJUnit.assertEquals(org.testng.AssertJUnit.assertEquals) ActivationType(com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType) PolicyRuleType(com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyRuleType) PolicyExceptionType(com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyExceptionType) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) Test(org.testng.annotations.Test)

Example 2 with PolicyExceptionType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyExceptionType in project midpoint by Evolveum.

the class TestSecurityMultitenant method test116AutzLetoProtectTenantAdminRole.

/**
 * Make sure that tenant admin cannot break tenant admin role.
 */
@Test
public void test116AutzLetoProtectTenantAdminRole() throws Exception {
    // GIVEN
    cleanupAutzTest(null);
    login(USER_LETO_ATREIDES_NAME);
    // WHEN
    when();
    assertAddDeny(ROLE_ATREIDES_HACKER_FILE);
    AuthorizationType superuserAuthorization = new AuthorizationType().action(AuthorizationConstants.AUTZ_ALL_URL);
    assertDeny("add authorizations to atreides admin", (task, result) -> modifyObjectAddContainer(RoleType.class, ROLE_ATREIDES_ADMIN_OID, RoleType.F_AUTHORIZATION, task, result, superuserAuthorization));
    assertDeny("induce superuser", (task, result) -> induceRole(ROLE_ATREIDES_ADMIN_OID, ROLE_SUPERUSER_OID, task, result));
    assertDeny("add dummy account", (task, result) -> assignAccount(UserType.class, USER_PAUL_ATREIDES_OID, RESOURCE_DUMMY_OID, null, task, result));
    PolicyRuleType policyRule = new PolicyRuleType();
    policyRule.beginPolicyConstraints().beginMinAssignees().multiplicity("1");
    assertDeny("assign policy rule", (task, result) -> assignPolicyRule(RoleType.class, ROLE_ATREIDES_ADMIN_OID, policyRule, task, result));
    AssignmentType policyExceptionAssignment = new AssignmentType();
    policyExceptionAssignment.beginPolicyException().ruleName("foobar");
    assertDeny("assign policy exception", (task, result) -> assign(RoleType.class, ROLE_ATREIDES_ADMIN_OID, policyExceptionAssignment, task, result));
    PolicyExceptionType policyException = new PolicyExceptionType().ruleName("foofoo");
    assertDeny("add policyException to atreides admin", (task, result) -> modifyObjectAddContainer(RoleType.class, ROLE_ATREIDES_ADMIN_OID, RoleType.F_POLICY_EXCEPTION, task, result, policyException));
    // THEN
    then();
    assertGlobalStateUntouched();
}
Also used : PolicyRuleType(com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyRuleType) PolicyExceptionType(com.evolveum.midpoint.xml.ns._public.common.common_3.PolicyExceptionType) RoleType(com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType) AssignmentType(com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType) AuthorizationType(com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationType) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) Test(org.testng.annotations.Test)

Aggregations

AssignmentType (com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType)2 RefinedObjectClassDefinition (com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition)1 ModelExecuteOptions (com.evolveum.midpoint.model.api.ModelExecuteOptions)1 RoleSelectionSpecification (com.evolveum.midpoint.model.api.RoleSelectionSpecification)1 PrismContainerValue (com.evolveum.midpoint.prism.PrismContainerValue)1 PrismObject (com.evolveum.midpoint.prism.PrismObject)1 PrismObjectDefinition (com.evolveum.midpoint.prism.PrismObjectDefinition)1 PrismReference (com.evolveum.midpoint.prism.PrismReference)1 ContainerDelta (com.evolveum.midpoint.prism.delta.ContainerDelta)1 ItemDelta (com.evolveum.midpoint.prism.delta.ItemDelta)1 ObjectDelta (com.evolveum.midpoint.prism.delta.ObjectDelta)1 ItemPath (com.evolveum.midpoint.prism.path.ItemPath)1 ObjectFilter (com.evolveum.midpoint.prism.query.ObjectFilter)1 ObjectQuery (com.evolveum.midpoint.prism.query.ObjectQuery)1 RefFilter (com.evolveum.midpoint.prism.query.RefFilter)1 TypeFilter (com.evolveum.midpoint.prism.query.TypeFilter)1 PrismAsserts (com.evolveum.midpoint.prism.util.PrismAsserts)1 PrismTestUtil (com.evolveum.midpoint.prism.util.PrismTestUtil)1 GetOperationOptions (com.evolveum.midpoint.schema.GetOperationOptions)1 SearchResultList (com.evolveum.midpoint.schema.SearchResultList)1