use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.
the class SubRealmGroupTest method removeOrganization.
private void removeOrganization() throws Exception {
SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
Set<AMIdentity> identities = new HashSet<AMIdentity>();
identities.add(user1);
identities.add(group1);
IdRepoUtils.deleteIdentities("/", identities);
OrganizationConfigManager orgMgr = new OrganizationConfigManager(adminToken, "/");
orgMgr.deleteSubOrganization(SUB_REALM1, true);
orgMgr.deleteSubOrganization(SUB_REALM2, true);
EntitlementConfiguration ec = EntitlementConfiguration.getInstance(adminSubject, "/");
Map<String, Set<String>> saccMap = ec.getSubjectAttributesCollectorConfiguration("OpenSSO");
Set<String> tmpSet = saccMap.get("groupMembershipSearchIndexEnabled");
tmpSet.clear();
tmpSet.add(origGroupMembershipSearchIndexEnabled);
ec.setSubjectAttributesCollectorConfiguration("OpenSSO", saccMap);
}
use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.
the class SubRealmGroupTest method evaluate.
private boolean evaluate(String res) throws EntitlementException {
Subject subject = createSubject(user1.getUniversalId());
Set actions = new HashSet();
actions.add("GET");
SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
Evaluator evaluator = new Evaluator(SubjectUtils.createSubject(adminToken), APPL_NAME);
return evaluator.hasEntitlement("/", subject, new Entitlement(res, actions), Collections.EMPTY_MAP);
}
use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.
the class AuditTestUtils method mockAuditContext.
public static Context mockAuditContext() throws Exception {
final Context httpContext = new HttpContext(jsonFromFile("/org/forgerock/openam/rest/fluent/httpContext.json"), AbstractAuditFilterTest.class.getClassLoader());
final Subject callerSubject = new Subject();
final Context securityContext = new SecurityContext(httpContext, null, null);
final Context subjectContext = new SSOTokenContext(mock(Debug.class), null, securityContext) {
@Override
public Subject getCallerSubject() {
return callerSubject;
}
@Override
public SSOToken getCallerSSOToken() {
SSOToken token = mock(SSOToken.class);
try {
given(token.getProperty(Constants.AM_CTX_ID)).willReturn("TRACKING_ID");
given(token.getProperty(Constants.UNIVERSAL_IDENTIFIER)).willReturn("USER_ID");
} catch (SSOException e) {
// won't happen - it's a mock
}
return token;
}
};
final Context clientContext = ClientContext.newInternalClientContext(subjectContext);
return new RequestAuditContext(new AuditInfoContext(clientContext, AuditConstants.Component.AUDIT));
}
use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.
the class RestletRealmRouter method doHandle.
/**
* <p>Takes the last realm URI parameter from the request and appends to the growing full realm value.</p>
*
* <p>i.e. last realm URI parameter: realm2, current full realm value: /realm1, after appending: /realm1/realm2.</p>
*
* @param next {@inheritDoc}
* @param request {@inheritDoc}
* @param response {@inheritDoc}
*/
@Override
protected void doHandle(Restlet next, Request request, Response response) {
RealmInfo realmInfo = getRealmFromURI(request);
if (realmInfo == null) {
realmInfo = getRealmFromServerName(request);
}
if (next != delegateRoute) {
String overrideRealm = getRealmFromQueryString(request);
if (overrideRealm != null) {
realmInfo = realmInfo.withOverrideRealm(overrideRealm);
}
request.getAttributes().put(REALM_URL, request.getResourceRef().getBaseRef().toString());
}
// Check that the path references an existing realm
if (!realmValidator.isRealm(realmInfo.getAbsoluteRealm())) {
String realm = realmInfo.getAbsoluteRealm();
try {
SSOToken adminToken = coreWrapper.getAdminToken();
//Need to strip off leading '/' from realm otherwise just generates a DN based of the realm value, which is wrong
if (realmInfo.getAbsoluteRealm().startsWith("/")) {
realm = realm.substring(1);
}
String orgDN = coreWrapper.getOrganization(adminToken, realm);
realmInfo = realmInfo.withAbsoluteRealm(coreWrapper.convertOrgNameToRealmName(orgDN));
} catch (IdRepoException | SSOException e) {
throw new ResourceException(Status.CLIENT_ERROR_BAD_REQUEST, "Invalid realm, " + realm);
}
}
request.getAttributes().put(REALM, realmInfo.getAbsoluteRealm());
request.getAttributes().put(REALM_INFO, realmInfo);
HttpServletRequest httpRequest = ServletUtils.getRequest(request);
httpRequest.setAttribute(REALM, realmInfo.getAbsoluteRealm());
httpRequest.setAttribute(REALM_INFO, realmInfo);
request.getAttributes().remove("subrealm");
super.doHandle(next, request, response);
}
use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.
the class RestletRealmRouterTest method shouldHandleQueryParamRealmWithNoLeadingSlash.
@Test
public void shouldHandleQueryParamRealmWithNoLeadingSlash() throws IdRepoException, SSOException {
//Given
SSOToken adminToken = mock(SSOToken.class);
Restlet next = mock(Restlet.class);
HttpServletRequest httpRequest = mock(HttpServletRequest.class);
Request request = setUpRequest(httpRequest, adminToken);
Response response = mock(Response.class);
setUpServerName(request, adminToken, "/");
Reference reference = mock(Reference.class);
given(request.getResourceRef()).willReturn(reference);
Reference baseRef = mock(Reference.class);
given(reference.getBaseRef()).willReturn(baseRef);
given(baseRef.toString()).willReturn("The base url");
Form queryForm = mock(Form.class);
given(reference.getQueryAsForm()).willReturn(queryForm);
given(queryForm.getFirstValue("realm")).willReturn("REALM");
setUpRealmValidator("REALM", false, adminToken);
//When
router.doHandle(next, request, response);
//Then
assertThat(request.getAttributes()).containsEntry("realm", "/REALM");
verify(httpRequest).setAttribute("realm", "/REALM");
}
Aggregations