Example 1 with SSOTokenManager
use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.
the class FMSubjectMapper method mapToNativeSubject.
/**
* Returns native subject, OpenAM SSOToken
* @param xacmlContextSubjects XACML context Subject(s) from the
* xacml-context:Request
* @return native subject, OpenAM SSOToken, returns null if
* Subject did not match
* @exception XACMLException if can not map to native subject
*/
public Object mapToNativeSubject(List xacmlContextSubjects) throws XACMLException {
if (xacmlContextSubjects == null) {
return null;
}
String sid = null;
String userName = null;
//for (int subCount=0;subCount<xacmlContextSubjects.length;subCount++) {
for (Iterator iter = xacmlContextSubjects.iterator(); iter.hasNext(); ) {
//Subject subject = xacmlContextSubjects[subCount];
Subject subject = (Subject) iter.next();
if (subject == null) {
continue;
}
URI subjectCategory = subject.getSubjectCategory();
if ((subjectCategory != null) && (!subjectCategory.toString().equals(XACMLConstants.ACCESS_SUBJECT))) {
continue;
}
List attributes = subject.getAttributes();
if (attributes != null) {
for (int count = 0; count < attributes.size(); count++) {
Attribute attr = (Attribute) attributes.get(count);
if (attr != null) {
URI tmpURI = attr.getAttributeId();
if (tmpURI.toString().equals(XACMLConstants.SUBJECT_ID)) {
tmpURI = attr.getDataType();
if (tmpURI.toString().equals(XACMLConstants.OPENSSO_SESSION_ID)) {
Element sidElement = (Element) attr.getAttributeValues().get(0);
sid = XMLUtils.getElementValue(sidElement);
} else if (tmpURI.toString().equals(XACMLConstants.X500NAME)) {
Element sidElement = (Element) attr.getAttributeValues().get(0);
userName = XMLUtils.getElementValue(sidElement);
} else if (tmpURI.toString().equals(XACMLConstants.SAML2_NAMEID)) {
Element sidElement = (Element) attr.getAttributeValues().get(0);
String nameID = XMLUtils.getElementValue(sidElement);
if (nameID != null) {
userName = (String) IDPCache.userIDByTransientNameIDValue.get(nameID);
}
// TODO:Need to support non-transient nameid format
}
}
}
}
}
}
SSOToken ssoToken = null;
if (sid != null) {
//create ssoToken based on sessionId
try {
SSOTokenManager tokenManager = SSOTokenManager.getInstance();
ssoToken = tokenManager.createSSOToken(sid);
} catch (SSOException ssoExp) {
if (XACMLSDKUtils.debug.messageEnabled()) {
XACMLSDKUtils.debug.message("FMSubjectMapper.mapToNativeSubject()" + ":caught SSOException:", ssoExp);
}
}
}
//create ssoToken based on x500name (userName)
if ((ssoToken == null) && (userName != null)) {
try {
ssoToken = createFMSession(userName);
} catch (SessionException se) {
if (XACMLSDKUtils.debug.messageEnabled()) {
XACMLSDKUtils.debug.message("FMSubjectMapper.mapToNativeSubject()" + ":caught SessionException:", se);
}
}
}
return ssoToken;
}
Also used :
SSOTokenManager(com.iplanet.sso.SSOTokenManager)
SSOToken(com.iplanet.sso.SSOToken)
Attribute(com.sun.identity.xacml.context.Attribute)
Element(org.w3c.dom.Element)
Iterator(java.util.Iterator)
SessionException(com.sun.identity.plugin.session.SessionException)
List(java.util.List)
SSOException(com.iplanet.sso.SSOException)
URI(java.net.URI)
Subject(com.sun.identity.xacml.context.Subject)
Example 2 with SSOTokenManager
use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.
the class RestRouterIT method setupMocks.
@BeforeMethod
public void setupMocks() {
MockitoAnnotations.initMocks(this);
configResource = mock(SingletonResourceProvider.class);
usersResource = mock(CollectionResourceProvider.class);
internalResource = mock(CollectionResourceProvider.class);
dashboardResource = spy(new DashboardResource());
authenticateResource = spy(new AuthenticateResource());
httpAccessAuditFilter = spy(new AbstractHttpAccessAuditFilter(AUTHENTICATION, mock(AuditEventPublisher.class), mock(AuditEventFactory.class)) {
@Override
protected String getRealm(Context context) {
return null;
}
});
auditEventPublisher = mock(AuditEventPublisher.class);
auditServiceProvider = mock(AuditServiceProvider.class);
versionBehaviourManager = mock(ResourceApiVersionBehaviourManager.class);
ssoTokenManager = mock(SSOTokenManager.class);
authUtilsWrapper = mock(AuthUtilsWrapper.class);
coreWrapper = mock(CoreWrapper.class);
SSOToken adminToken = mock(SSOToken.class);
given(coreWrapper.getAdminToken()).willReturn(adminToken);
given(coreWrapper.isValidFQDN(anyString())).willReturn(true);
realmValidator = mock(RestRealmValidator.class);
}
Also used :
RootContext(org.forgerock.services.context.RootContext)
RequestAuditContext(org.forgerock.services.context.RequestAuditContext)
HttpContext(org.forgerock.json.resource.http.HttpContext)
SessionContext(org.forgerock.http.session.SessionContext)
SSOTokenContext(org.forgerock.openam.rest.resource.SSOTokenContext)
AttributesContext(org.forgerock.services.context.AttributesContext)
SecurityContext(org.forgerock.services.context.SecurityContext)
Context(org.forgerock.services.context.Context)
SSOTokenManager(com.iplanet.sso.SSOTokenManager)
CoreWrapper(org.forgerock.openam.core.CoreWrapper)
AuditServiceProvider(org.forgerock.openam.audit.AuditServiceProvider)
SSOToken(com.iplanet.sso.SSOToken)
SingletonResourceProvider(org.forgerock.json.resource.SingletonResourceProvider)
AuditEventPublisher(org.forgerock.openam.audit.AuditEventPublisher)
CollectionResourceProvider(org.forgerock.json.resource.CollectionResourceProvider)
AuthUtilsWrapper(org.forgerock.openam.authentication.service.AuthUtilsWrapper)
AuditEventFactory(org.forgerock.openam.audit.AuditEventFactory)
ResourceApiVersionBehaviourManager(org.forgerock.http.routing.ResourceApiVersionBehaviourManager)
RestRealmValidator(org.forgerock.openam.rest.router.RestRealmValidator)
AbstractHttpAccessAuditFilter(org.forgerock.openam.audit.AbstractHttpAccessAuditFilter)
BeforeMethod(org.testng.annotations.BeforeMethod)
Example 3 with SSOTokenManager
use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.
the class ISPermission method implies.
/**
* Checks if the specified permission's actions are "implied by"
* this object's actions.
* <P>
* The <code>implies</code> method is used by the
* <code>AccessController</code> to determine whether or not a requested
* permission is implied by another permission that is known to be valid
* in the current execution context.
*
* @param perm the permission to check against.
*
* @return true if the specified permission is implied by this object,
* false if not. The check is made against the OpenAM's
* policy service to determine this evaluation.
*/
public boolean implies(Permission perm) {
debug.message("ISPermission: implies called");
boolean allowed = false;
if (perm instanceof ISPermission) {
debug.message("ISPermission:passed perm is of type ISPermission");
if (protectionDomain != null) {
debug.message("ISPermission:implies:protectionDomain not null");
if (debug.messageEnabled()) {
debug.message("ISPermission::implies: protectionDomain:" + protectionDomain.toString());
}
final String serviceName = ((ISPermission) perm).getServiceName();
final String resourceName = ((ISPermission) perm).getResourceName();
final String actions = ((ISPermission) perm).getActions();
final Map envParams = ((ISPermission) perm).getEnvParams();
if (debug.messageEnabled()) {
debug.message("ISPermission: resourceName=" + resourceName);
debug.message("ISPermission: serviceName=" + serviceName);
debug.message("ISPermission: actions=" + actions);
}
SSOTokenPrincipal tokenPrincipal = null;
try {
Principal[] principals = protectionDomain.getPrincipals();
// principals should have only one entry
Principal principal = (Principal) principals[0];
if (principal.getName().equals("com.sun.identity." + "authentication.service.SSOTokenPrincipal")) {
if (debug.messageEnabled()) {
debug.message("ISPermission::implies:principals:" + principal.toString());
}
tokenPrincipal = (SSOTokenPrincipal) principal;
}
if (tokenPrincipal == null) {
if (debug.messageEnabled()) {
debug.error("ISPermission::implies:" + " Principal is null");
}
} else {
SSOTokenManager ssomgr = SSOTokenManager.getInstance();
final SSOToken token = ssomgr.createSSOToken(tokenPrincipal.getName());
/* TODO currently ISPermission uses remote policy
client API so if this class gets used from server side
, will always make remote call, need to make changes
in this code to to make a local/remote call accordingly.
*/
if (policyEvalFactory == null) {
policyEvalFactory = PolicyEvaluatorFactory.getInstance();
}
PolicyEvaluator policyEvaluator = policyEvalFactory.getPolicyEvaluator(serviceName);
if (debug.messageEnabled()) {
debug.message("ISPermission::implies::created " + "PolicyEvaluator for " + serviceName);
}
if (actions != null) {
StringTokenizer st = new StringTokenizer(actions, ",");
while (st.hasMoreTokens()) {
String action = (String) st.nextToken();
allowed = policyEvaluator.isAllowed(token, resourceName, action, envParams);
if (!allowed) {
// the final result is not allowwed
break;
}
if (debug.messageEnabled()) {
debug.message("ISPermission::result for " + action + " is :" + allowed);
}
}
if (debug.messageEnabled()) {
debug.message("ISPermission::result for " + actions + " is :" + allowed);
}
} else {
if (debug.messageEnabled()) {
debug.message("ISPermission:: actions is null");
}
}
}
} catch (SSOException ssoe) {
if (debug.messageEnabled()) {
debug.error("ISPermission::SSOException:" + ssoe.getMessage());
ssoe.printStackTrace();
}
} catch (Exception e) {
if (debug.messageEnabled()) {
debug.error("ISPermission::Exception:" + e.getMessage());
e.printStackTrace();
}
}
} else {
debug.message("ISPermission:: subject was null");
}
}
if (debug.messageEnabled()) {
debug.message("ISPermission: allowed::" + allowed);
}
return allowed;
}
Also used :
SSOTokenManager(com.iplanet.sso.SSOTokenManager)
SSOToken(com.iplanet.sso.SSOToken)
SSOTokenPrincipal(com.sun.identity.authentication.service.SSOTokenPrincipal)
SSOException(com.iplanet.sso.SSOException)
SSOException(com.iplanet.sso.SSOException)
StringTokenizer(java.util.StringTokenizer)
PolicyEvaluator(com.sun.identity.policy.client.PolicyEvaluator)
Map(java.util.Map)
Principal(java.security.Principal)
SSOTokenPrincipal(com.sun.identity.authentication.service.SSOTokenPrincipal)
Example 4 with SSOTokenManager
use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.
the class OpenAMTokenStoreTest method setUp.
@BeforeMethod
public void setUp() {
tokenStore = mock(OAuthTokenStore.class);
providerSettingsFactory = mock(OAuth2ProviderSettingsFactory.class);
oAuth2UrisFactory = mock(OAuth2UrisFactory.class);
clientRegistrationStore = mock(OpenIdConnectClientRegistrationStore.class);
realmNormaliser = mock(RealmNormaliser.class);
ssoTokenManager = mock(SSOTokenManager.class);
request = mock(Request.class);
cookieExtractor = mock(CookieExtractor.class);
auditLogger = mock(OAuth2AuditLogger.class);
debug = mock(Debug.class);
failureFactory = mock(ClientAuthenticationFailureFactory.class);
oAuth2RequestFactory = new RestletOAuth2RequestFactory(new JacksonRepresentationFactory(new ObjectMapper()));
ClientAuthenticationFailureFactory failureFactory = mock(ClientAuthenticationFailureFactory.class);
InvalidClientException expectedResult = mock(InvalidClientException.class);
when(expectedResult.getError()).thenReturn(new String("invalid_client"));
when(failureFactory.getException()).thenReturn(expectedResult);
when(failureFactory.getException(anyString())).thenReturn(expectedResult);
when(failureFactory.getException(any(OAuth2Request.class), anyString())).thenReturn(expectedResult);
openAMtokenStore = new OpenAMTokenStore(tokenStore, providerSettingsFactory, oAuth2UrisFactory, clientRegistrationStore, realmNormaliser, ssoTokenManager, cookieExtractor, auditLogger, debug, new SecureRandom(), failureFactory);
}
Also used :
OAuth2UrisFactory(org.forgerock.oauth2.core.OAuth2UrisFactory)
SSOTokenManager(com.iplanet.sso.SSOTokenManager)
JacksonRepresentationFactory(org.forgerock.openam.rest.representations.JacksonRepresentationFactory)
RestletOAuth2Request(org.forgerock.oauth2.restlet.RestletOAuth2Request)
Request(org.restlet.Request)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
SecureRandom(java.security.SecureRandom)
BDDMockito.anyString(org.mockito.BDDMockito.anyString)
OpenIdConnectClientRegistrationStore(org.forgerock.openidconnect.OpenIdConnectClientRegistrationStore)
ClientAuthenticationFailureFactory(org.forgerock.oauth2.core.exceptions.ClientAuthenticationFailureFactory)
RealmNormaliser(org.forgerock.openam.utils.RealmNormaliser)
RestletOAuth2Request(org.forgerock.oauth2.restlet.RestletOAuth2Request)
OAuth2Request(org.forgerock.oauth2.core.OAuth2Request)
OAuth2ProviderSettingsFactory(org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory)
InvalidClientException(org.forgerock.oauth2.core.exceptions.InvalidClientException)
RestletOAuth2RequestFactory(org.forgerock.oauth2.restlet.RestletOAuth2RequestFactory)
Debug(com.sun.identity.shared.debug.Debug)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
BeforeMethod(org.testng.annotations.BeforeMethod)
Example 5 with SSOTokenManager
use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.
the class TokenResource method getUid.
private AMIdentity getUid(Context context) throws SSOException, IdRepoException, UnauthorizedClientException {
String cookie = getCookieFromServerContext(context);
SSOTokenManager mgr = SSOTokenManager.getInstance();
SSOToken token = mgr.createSSOToken(cookie);
return identityManager.getResourceOwnerIdentity(token.getProperty("UserToken"), token.getProperty("Organization"));
}
Also used :
SSOTokenManager(com.iplanet.sso.SSOTokenManager)
SSOToken(com.iplanet.sso.SSOToken)
Aggregations
SSOTokenManager (com.iplanet.sso.SSOTokenManager)53
SSOToken (com.iplanet.sso.SSOToken)48
SSOException (com.iplanet.sso.SSOException)39
IdRepoException (com.sun.identity.idm.IdRepoException)11
AMIdentity (com.sun.identity.idm.AMIdentity)9
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)8
IOException (java.io.IOException)7
Map (java.util.Map)6
Set (java.util.Set)6
ForbiddenException (org.forgerock.json.resource.ForbiddenException)6
SessionException (com.iplanet.dpro.session.SessionException)5
InternalSession (com.iplanet.dpro.session.service.InternalSession)5
AuthPrincipal (com.sun.identity.authentication.internal.AuthPrincipal)5
AuthException (com.sun.identity.authentication.service.AuthException)5
Iterator (java.util.Iterator)5
AuthContext (com.sun.identity.authentication.AuthContext)4
SMSException (com.sun.identity.sm.SMSException)4
Response (com.iplanet.services.comm.share.Response)3
UnsupportedEncodingException (java.io.UnsupportedEncodingException)3
HashMap (java.util.HashMap)3
