Search in sources :

Example 66 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class SubRealmGroupTest method removeOrganization.

private void removeOrganization() throws Exception {
    SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
    Set<AMIdentity> identities = new HashSet<AMIdentity>();
    identities.add(user1);
    identities.add(group1);
    IdRepoUtils.deleteIdentities("/", identities);
    OrganizationConfigManager orgMgr = new OrganizationConfigManager(adminToken, "/");
    orgMgr.deleteSubOrganization(SUB_REALM1, true);
    orgMgr.deleteSubOrganization(SUB_REALM2, true);
    EntitlementConfiguration ec = EntitlementConfiguration.getInstance(adminSubject, "/");
    Map<String, Set<String>> saccMap = ec.getSubjectAttributesCollectorConfiguration("OpenSSO");
    Set<String> tmpSet = saccMap.get("groupMembershipSearchIndexEnabled");
    tmpSet.clear();
    tmpSet.add(origGroupMembershipSearchIndexEnabled);
    ec.setSubjectAttributesCollectorConfiguration("OpenSSO", saccMap);
}
Also used : SSOToken(com.iplanet.sso.SSOToken) Set(java.util.Set) HashSet(java.util.HashSet) AMIdentity(com.sun.identity.idm.AMIdentity) OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager) HashSet(java.util.HashSet)

Example 67 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class SubRealmGroupTest method evaluate.

private boolean evaluate(String res) throws EntitlementException {
    Subject subject = createSubject(user1.getUniversalId());
    Set actions = new HashSet();
    actions.add("GET");
    SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
    Evaluator evaluator = new Evaluator(SubjectUtils.createSubject(adminToken), APPL_NAME);
    return evaluator.hasEntitlement("/", subject, new Entitlement(res, actions), Collections.EMPTY_MAP);
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) SSOToken(com.iplanet.sso.SSOToken) Subject(javax.security.auth.Subject) HashSet(java.util.HashSet)

Example 68 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class AuditTestUtils method mockAuditContext.

public static Context mockAuditContext() throws Exception {
    final Context httpContext = new HttpContext(jsonFromFile("/org/forgerock/openam/rest/fluent/httpContext.json"), AbstractAuditFilterTest.class.getClassLoader());
    final Subject callerSubject = new Subject();
    final Context securityContext = new SecurityContext(httpContext, null, null);
    final Context subjectContext = new SSOTokenContext(mock(Debug.class), null, securityContext) {

        @Override
        public Subject getCallerSubject() {
            return callerSubject;
        }

        @Override
        public SSOToken getCallerSSOToken() {
            SSOToken token = mock(SSOToken.class);
            try {
                given(token.getProperty(Constants.AM_CTX_ID)).willReturn("TRACKING_ID");
                given(token.getProperty(Constants.UNIVERSAL_IDENTIFIER)).willReturn("USER_ID");
            } catch (SSOException e) {
            // won't happen - it's a mock
            }
            return token;
        }
    };
    final Context clientContext = ClientContext.newInternalClientContext(subjectContext);
    return new RequestAuditContext(new AuditInfoContext(clientContext, AuditConstants.Component.AUDIT));
}
Also used : SecurityContext(org.forgerock.services.context.SecurityContext) HttpContext(org.forgerock.json.resource.http.HttpContext) AuditInfoContext(org.forgerock.openam.rest.resource.AuditInfoContext) Context(org.forgerock.services.context.Context) ClientContext(org.forgerock.services.context.ClientContext) RequestAuditContext(org.forgerock.services.context.RequestAuditContext) SSOTokenContext(org.forgerock.openam.rest.resource.SSOTokenContext) RequestAuditContext(org.forgerock.services.context.RequestAuditContext) SSOToken(com.iplanet.sso.SSOToken) SSOTokenContext(org.forgerock.openam.rest.resource.SSOTokenContext) HttpContext(org.forgerock.json.resource.http.HttpContext) SecurityContext(org.forgerock.services.context.SecurityContext) SSOException(com.iplanet.sso.SSOException) AuditInfoContext(org.forgerock.openam.rest.resource.AuditInfoContext) Subject(javax.security.auth.Subject) Debug(com.sun.identity.shared.debug.Debug)

Example 69 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class RestletRealmRouter method doHandle.

/**
     * <p>Takes the last realm URI parameter from the request and appends to the growing full realm value.</p>
     *
     * <p>i.e. last realm URI parameter: realm2, current full realm value: /realm1, after appending: /realm1/realm2.</p>
     *
     * @param next {@inheritDoc}
     * @param request {@inheritDoc}
     * @param response {@inheritDoc}
     */
@Override
protected void doHandle(Restlet next, Request request, Response response) {
    RealmInfo realmInfo = getRealmFromURI(request);
    if (realmInfo == null) {
        realmInfo = getRealmFromServerName(request);
    }
    if (next != delegateRoute) {
        String overrideRealm = getRealmFromQueryString(request);
        if (overrideRealm != null) {
            realmInfo = realmInfo.withOverrideRealm(overrideRealm);
        }
        request.getAttributes().put(REALM_URL, request.getResourceRef().getBaseRef().toString());
    }
    // Check that the path references an existing realm
    if (!realmValidator.isRealm(realmInfo.getAbsoluteRealm())) {
        String realm = realmInfo.getAbsoluteRealm();
        try {
            SSOToken adminToken = coreWrapper.getAdminToken();
            //Need to strip off leading '/' from realm otherwise just generates a DN based of the realm value, which is wrong
            if (realmInfo.getAbsoluteRealm().startsWith("/")) {
                realm = realm.substring(1);
            }
            String orgDN = coreWrapper.getOrganization(adminToken, realm);
            realmInfo = realmInfo.withAbsoluteRealm(coreWrapper.convertOrgNameToRealmName(orgDN));
        } catch (IdRepoException | SSOException e) {
            throw new ResourceException(Status.CLIENT_ERROR_BAD_REQUEST, "Invalid realm, " + realm);
        }
    }
    request.getAttributes().put(REALM, realmInfo.getAbsoluteRealm());
    request.getAttributes().put(REALM_INFO, realmInfo);
    HttpServletRequest httpRequest = ServletUtils.getRequest(request);
    httpRequest.setAttribute(REALM, realmInfo.getAbsoluteRealm());
    httpRequest.setAttribute(REALM_INFO, realmInfo);
    request.getAttributes().remove("subrealm");
    super.doHandle(next, request, response);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) RealmInfo(org.forgerock.openam.core.RealmInfo) SSOToken(com.iplanet.sso.SSOToken) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException) ResourceException(org.restlet.resource.ResourceException)

Example 70 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class RestletRealmRouterTest method shouldHandleQueryParamRealmWithNoLeadingSlash.

@Test
public void shouldHandleQueryParamRealmWithNoLeadingSlash() throws IdRepoException, SSOException {
    //Given
    SSOToken adminToken = mock(SSOToken.class);
    Restlet next = mock(Restlet.class);
    HttpServletRequest httpRequest = mock(HttpServletRequest.class);
    Request request = setUpRequest(httpRequest, adminToken);
    Response response = mock(Response.class);
    setUpServerName(request, adminToken, "/");
    Reference reference = mock(Reference.class);
    given(request.getResourceRef()).willReturn(reference);
    Reference baseRef = mock(Reference.class);
    given(reference.getBaseRef()).willReturn(baseRef);
    given(baseRef.toString()).willReturn("The base url");
    Form queryForm = mock(Form.class);
    given(reference.getQueryAsForm()).willReturn(queryForm);
    given(queryForm.getFirstValue("realm")).willReturn("REALM");
    setUpRealmValidator("REALM", false, adminToken);
    //When
    router.doHandle(next, request, response);
    //Then
    assertThat(request.getAttributes()).containsEntry("realm", "/REALM");
    verify(httpRequest).setAttribute("realm", "/REALM");
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Response(org.restlet.Response) SSOToken(com.iplanet.sso.SSOToken) Restlet(org.restlet.Restlet) Form(org.restlet.data.Form) Reference(org.restlet.data.Reference) HttpRequest(org.restlet.engine.adapter.HttpRequest) HttpServletRequest(javax.servlet.http.HttpServletRequest) Request(org.restlet.Request) Test(org.testng.annotations.Test)

Aggregations

SSOToken (com.iplanet.sso.SSOToken)776 SSOException (com.iplanet.sso.SSOException)390 Set (java.util.Set)226 SMSException (com.sun.identity.sm.SMSException)218 HashSet (java.util.HashSet)179 IdRepoException (com.sun.identity.idm.IdRepoException)144 HashMap (java.util.HashMap)130 Test (org.testng.annotations.Test)130 CLIException (com.sun.identity.cli.CLIException)117 Iterator (java.util.Iterator)115 AMIdentity (com.sun.identity.idm.AMIdentity)113 Map (java.util.Map)113 IOutput (com.sun.identity.cli.IOutput)99 IOException (java.io.IOException)68 List (java.util.List)57 AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)56 IdType (com.sun.identity.idm.IdType)54 ServiceConfigManager (com.sun.identity.sm.ServiceConfigManager)53 EntitlementException (com.sun.identity.entitlement.EntitlementException)52 ServiceConfig (com.sun.identity.sm.ServiceConfig)52