Search in sources :

Example 21 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class SpecialOrAdminOrAgentAuthzModuleTest method shouldAuthorizeSpecialUser.

@Test
public void shouldAuthorizeSpecialUser() throws Exception {
    //given
    SSOTokenContext mockSSOTokenContext = mock(SSOTokenContext.class);
    SSOToken mockSSOToken = mock(SSOToken.class);
    Principal principal = mock(Principal.class);
    given(mockSSOToken.getPrincipal()).willReturn(principal);
    given(mockSSOTokenContext.getCallerSSOToken()).willReturn(mockSSOToken);
    given(mockSSOToken.getProperty(Constants.UNIVERSAL_IDENTIFIER)).willReturn("test");
    given(mockAgentIdentity.isAgent(mockSSOToken)).willReturn(false);
    given(mockSpecialUserIdentity.isSpecialUser(mockSSOToken)).willReturn(true);
    given(mockService.isSuperUser("test")).willReturn(false);
    //when
    Promise<AuthorizationResult, ResourceException> result = testModule.authorize(mockSSOTokenContext);
    //then
    assertTrue(result.get().isAuthorized());
}
Also used : SSOToken(com.iplanet.sso.SSOToken) SSOTokenContext(org.forgerock.openam.rest.resource.SSOTokenContext) ResourceException(org.forgerock.json.resource.ResourceException) AuthorizationResult(org.forgerock.authz.filter.api.AuthorizationResult) Principal(java.security.Principal) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Example 22 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class SpecialOrAdminOrAgentAuthzModuleTest method shouldAuthorizeAgent.

@Test
public void shouldAuthorizeAgent() throws Exception {
    //given
    SSOTokenContext mockSSOTokenContext = mock(SSOTokenContext.class);
    SSOToken mockSSOToken = mock(SSOToken.class);
    Principal principal = mock(Principal.class);
    given(mockSSOToken.getPrincipal()).willReturn(principal);
    given(mockSSOTokenContext.getCallerSSOToken()).willReturn(mockSSOToken);
    given(mockSSOToken.getProperty(Constants.UNIVERSAL_IDENTIFIER)).willReturn("test");
    given(mockAgentIdentity.isAgent(mockSSOToken)).willReturn(true);
    given(mockSpecialUserIdentity.isSpecialUser(mockSSOToken)).willReturn(false);
    given(mockService.isSuperUser("test")).willReturn(false);
    //when
    Promise<AuthorizationResult, ResourceException> result = testModule.authorize(mockSSOTokenContext);
    //then
    assertTrue(result.get().isAuthorized());
}
Also used : SSOToken(com.iplanet.sso.SSOToken) SSOTokenContext(org.forgerock.openam.rest.resource.SSOTokenContext) ResourceException(org.forgerock.json.resource.ResourceException) AuthorizationResult(org.forgerock.authz.filter.api.AuthorizationResult) Principal(java.security.Principal) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Example 23 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class SpecialOrAdminOrAgentAuthzModuleTest method shouldErrorInvalidContext.

@Test
public void shouldErrorInvalidContext() throws Exception {
    //given
    SSOTokenContext mockSSOTokenContext = mock(SSOTokenContext.class);
    SSOToken mockSSOToken = mock(SSOToken.class);
    Principal principal = mock(Principal.class);
    given(mockSSOToken.getPrincipal()).willReturn(principal);
    given(mockSSOTokenContext.getCallerSSOToken()).willReturn(mockSSOToken);
    given(mockSSOToken.getProperty(Constants.UNIVERSAL_IDENTIFIER)).willThrow(new SSOException(""));
    //when
    Promise<AuthorizationResult, ResourceException> result = testModule.authorize(mockSSOTokenContext);
    //then
    assertFalse(result.get().isAuthorized());
}
Also used : SSOToken(com.iplanet.sso.SSOToken) SSOTokenContext(org.forgerock.openam.rest.resource.SSOTokenContext) SSOException(com.iplanet.sso.SSOException) ResourceException(org.forgerock.json.resource.ResourceException) AuthorizationResult(org.forgerock.authz.filter.api.AuthorizationResult) Principal(java.security.Principal) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Example 24 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class RestRouterIT method setupMocks.

@BeforeMethod
public void setupMocks() {
    MockitoAnnotations.initMocks(this);
    configResource = mock(SingletonResourceProvider.class);
    usersResource = mock(CollectionResourceProvider.class);
    internalResource = mock(CollectionResourceProvider.class);
    dashboardResource = spy(new DashboardResource());
    authenticateResource = spy(new AuthenticateResource());
    httpAccessAuditFilter = spy(new AbstractHttpAccessAuditFilter(AUTHENTICATION, mock(AuditEventPublisher.class), mock(AuditEventFactory.class)) {

        @Override
        protected String getRealm(Context context) {
            return null;
        }
    });
    auditEventPublisher = mock(AuditEventPublisher.class);
    auditServiceProvider = mock(AuditServiceProvider.class);
    versionBehaviourManager = mock(ResourceApiVersionBehaviourManager.class);
    ssoTokenManager = mock(SSOTokenManager.class);
    authUtilsWrapper = mock(AuthUtilsWrapper.class);
    coreWrapper = mock(CoreWrapper.class);
    SSOToken adminToken = mock(SSOToken.class);
    given(coreWrapper.getAdminToken()).willReturn(adminToken);
    given(coreWrapper.isValidFQDN(anyString())).willReturn(true);
    realmValidator = mock(RestRealmValidator.class);
}
Also used : RootContext(org.forgerock.services.context.RootContext) RequestAuditContext(org.forgerock.services.context.RequestAuditContext) HttpContext(org.forgerock.json.resource.http.HttpContext) SessionContext(org.forgerock.http.session.SessionContext) SSOTokenContext(org.forgerock.openam.rest.resource.SSOTokenContext) AttributesContext(org.forgerock.services.context.AttributesContext) SecurityContext(org.forgerock.services.context.SecurityContext) Context(org.forgerock.services.context.Context) SSOTokenManager(com.iplanet.sso.SSOTokenManager) CoreWrapper(org.forgerock.openam.core.CoreWrapper) AuditServiceProvider(org.forgerock.openam.audit.AuditServiceProvider) SSOToken(com.iplanet.sso.SSOToken) SingletonResourceProvider(org.forgerock.json.resource.SingletonResourceProvider) AuditEventPublisher(org.forgerock.openam.audit.AuditEventPublisher) CollectionResourceProvider(org.forgerock.json.resource.CollectionResourceProvider) AuthUtilsWrapper(org.forgerock.openam.authentication.service.AuthUtilsWrapper) AuditEventFactory(org.forgerock.openam.audit.AuditEventFactory) ResourceApiVersionBehaviourManager(org.forgerock.http.routing.ResourceApiVersionBehaviourManager) RestRealmValidator(org.forgerock.openam.rest.router.RestRealmValidator) AbstractHttpAccessAuditFilter(org.forgerock.openam.audit.AbstractHttpAccessAuditFilter) BeforeMethod(org.testng.annotations.BeforeMethod)

Example 25 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class ElevatedConnectionFactoryWrapperTest method requestGetsElevatedToAdminSession.

@Test
public void requestGetsElevatedToAdminSession() throws Exception {
    // Given
    SSOToken ssoToken = mock(SSOToken.class);
    given(ssoTokenPrivilegedAction.run()).willReturn(ssoToken);
    SSOPrincipal principal = new SSOPrincipal("test");
    given(ssoToken.getPrincipal()).willReturn(principal);
    SSOTokenID tokenID = mock(SSOTokenID.class);
    given(ssoToken.getTokenID()).willReturn(tokenID);
    given(internalConnectionFactory.getConnection()).willReturn(connection);
    // When
    RootContext context = new RootContext();
    ReadRequest readRequest = Requests.newReadRequest("/test", "abc");
    try (Connection connection = connectionFactory.getConnection()) {
        connection.read(context, readRequest);
    }
    // Then
    verify(connection).read(contextCaptor.capture(), eq(readRequest));
    Context capturedContext = contextCaptor.getValue();
    assertThat(capturedContext.containsContext(SecurityContext.class)).isTrue();
    SecurityContext securityContext = capturedContext.asContext(SecurityContext.class);
    assertThat(securityContext.getAuthenticationId()).isEqualTo("test");
    assertThat(securityContext.getAuthorization()).containsOnlyKeys("authLevel", "tokenId");
}
Also used : SSOTokenID(com.iplanet.sso.SSOTokenID) RootContext(org.forgerock.services.context.RootContext) SecurityContext(org.forgerock.services.context.SecurityContext) Context(org.forgerock.services.context.Context) RootContext(org.forgerock.services.context.RootContext) SSOToken(com.iplanet.sso.SSOToken) SSOPrincipal(com.iplanet.sso.providers.dpro.SSOPrincipal) Connection(org.forgerock.json.resource.Connection) SecurityContext(org.forgerock.services.context.SecurityContext) ReadRequest(org.forgerock.json.resource.ReadRequest) Test(org.testng.annotations.Test)

Aggregations

SSOToken (com.iplanet.sso.SSOToken)776 SSOException (com.iplanet.sso.SSOException)390 Set (java.util.Set)226 SMSException (com.sun.identity.sm.SMSException)218 HashSet (java.util.HashSet)179 IdRepoException (com.sun.identity.idm.IdRepoException)144 HashMap (java.util.HashMap)130 Test (org.testng.annotations.Test)130 CLIException (com.sun.identity.cli.CLIException)117 Iterator (java.util.Iterator)115 AMIdentity (com.sun.identity.idm.AMIdentity)113 Map (java.util.Map)113 IOutput (com.sun.identity.cli.IOutput)99 IOException (java.io.IOException)68 List (java.util.List)57 AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)56 IdType (com.sun.identity.idm.IdType)54 ServiceConfigManager (com.sun.identity.sm.ServiceConfigManager)53 EntitlementException (com.sun.identity.entitlement.EntitlementException)52 ServiceConfig (com.sun.identity.sm.ServiceConfig)52