Example 6 with DelegationEvaluator
use of com.sun.identity.delegation.DelegationEvaluator in project OpenAM by OpenRock.
the class XacmlServiceTest method testPermissionsCheckSuccess.
@Test
public void testPermissionsCheckSuccess() {
RestLog restLog = PowerMockito.mock(RestLog.class);
DelegationEvaluator evaluator = mock(DelegationEvaluator.class);
XacmlService xacmlService = new XacmlService(importExport, adminTokenAction, this.debug, restLog, evaluator, jacksonRepresentationFactory);
SSOToken adminToken = mock(SSOToken.class);
DelegationPermission delegationPermission = mock(DelegationPermission.class);
String urlLastSegment = "blah";
try {
// when
when(evaluator.isAllowed(adminToken, delegationPermission, Collections.EMPTY_MAP)).thenReturn(true);
boolean result = xacmlService.checkPermission(delegationPermission, adminToken, urlLastSegment);
assertThat(result).isTrue();
verify(restLog).auditAccessGranted(anyString(), anyString(), anyString(), any(SSOToken.class));
} catch (DelegationException de) {
// then
fail("Did not expect DelegationException");
} catch (SSOException ssoe) {
//then
fail("Did not expect SSOException");
} catch (Exception e) {
fail("Did not expect " + e.getClass().getName() + " with message " + e.getMessage());
}
}
Also used :
RestLog(org.forgerock.openam.forgerockrest.utils.RestLog)
SSOToken(com.iplanet.sso.SSOToken)
DelegationEvaluator(com.sun.identity.delegation.DelegationEvaluator)
DelegationException(com.sun.identity.delegation.DelegationException)
SSOException(com.iplanet.sso.SSOException)
DelegationPermission(com.sun.identity.delegation.DelegationPermission)
DelegationException(com.sun.identity.delegation.DelegationException)
ResourceException(org.restlet.resource.ResourceException)
SSOException(com.iplanet.sso.SSOException)
EntitlementException(com.sun.identity.entitlement.EntitlementException)
IOException(java.io.IOException)
Test(org.testng.annotations.Test)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Example 7 with DelegationEvaluator
use of com.sun.identity.delegation.DelegationEvaluator in project OpenAM by OpenRock.
the class DelegationIsAllowedSubResourceTest method test.
@Test
public void test() throws Exception {
Set<String> actions = new HashSet<String>();
actions.add("READ");
SSOToken token = AuthUtils.authenticate("/", USER1, USER1);
DelegationPermission dp = new DelegationPermission("/", "sunEntitlementService", "1.0", "application", "default/application/*", actions, null);
DelegationEvaluator de = new DelegationEvaluatorImpl();
if (!de.isAllowed(token, dp, Collections.EMPTY_MAP, true)) {
throw new Exception("DelegationIsAllowedSubResourceTest.test: failed");
}
}
Also used :
DelegationEvaluatorImpl(com.sun.identity.delegation.DelegationEvaluatorImpl)
SSOToken(com.iplanet.sso.SSOToken)
DelegationEvaluator(com.sun.identity.delegation.DelegationEvaluator)
DelegationPermission(com.sun.identity.delegation.DelegationPermission)
SMSException(com.sun.identity.sm.SMSException)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
HashSet(java.util.HashSet)
Test(org.testng.annotations.Test)
Example 8 with DelegationEvaluator
use of com.sun.identity.delegation.DelegationEvaluator in project OpenAM by OpenRock.
the class OrgConfigViaAMSDK method checkRealmPermission.
// Check to see if the user has realm permissions
private boolean checkRealmPermission(SSOToken token, String realm, Set action) {
boolean answer = false;
if (token != null) {
try {
DelegationEvaluator de = new DelegationEvaluatorImpl();
DelegationPermission dp = new DelegationPermission(realm, com.sun.identity.sm.SMSEntry.REALM_SERVICE, "1.0", "*", "*", action, Collections.EMPTY_MAP);
answer = de.isAllowed(token, dp, null);
} catch (DelegationException dex) {
debug.error("OrgConfigViaAMSDK.checkRealmPermission: " + "Got Delegation Exception: ", dex);
} catch (SSOException ssoe) {
if (debug.messageEnabled()) {
debug.message("OrgConfigViaAMSDK.checkRealmPermission: " + "Invalid SSOToken: ", ssoe);
}
}
}
return (answer);
}
Also used :
DelegationEvaluatorImpl(com.sun.identity.delegation.DelegationEvaluatorImpl)
DelegationEvaluator(com.sun.identity.delegation.DelegationEvaluator)
DelegationException(com.sun.identity.delegation.DelegationException)
SSOException(com.iplanet.sso.SSOException)
DelegationPermission(com.sun.identity.delegation.DelegationPermission)
Example 9 with DelegationEvaluator
use of com.sun.identity.delegation.DelegationEvaluator in project OpenAM by OpenRock.
the class RestUtils method isAdmin.
public static boolean isAdmin(Context context) {
boolean isAdmin = false;
try {
String realm = context.asContext(RealmContext.class).getResolvedRealm();
SSOToken userSSOToken = SSOTokenManager.getInstance().createSSOToken(getCookieFromServerContext(context));
// Simple check to see if user is super user and if so dont need to perform delegation check
if (SessionUtils.isAdmin(AccessController.doPrivileged(AdminTokenAction.getInstance()), userSSOToken)) {
return true;
}
DelegationEvaluator delegationEvaluator = new DelegationEvaluatorImpl();
DelegationPermission delegationPermission = new DelegationPermission();
delegationPermission.setVersion("*");
delegationPermission.setSubConfigName("default");
delegationPermission.setOrganizationName(realm);
delegationPermission.setActions(CollectionUtils.asSet("READ"));
for (Iterator i = getServiceNames().iterator(); i.hasNext() && !isAdmin; ) {
String name = (String) i.next();
delegationPermission.setServiceName(name);
isAdmin = delegationEvaluator.isAllowed(userSSOToken, delegationPermission, Collections.<String, Set<String>>emptyMap());
}
} catch (DelegationException | SSOException | SMSException e) {
debug.error("RestUtils::Failed to determine if user is an admin", e);
}
return isAdmin;
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
Set(java.util.Set)
SMSException(com.sun.identity.sm.SMSException)
DelegationEvaluator(com.sun.identity.delegation.DelegationEvaluator)
DelegationException(com.sun.identity.delegation.DelegationException)
SSOException(com.iplanet.sso.SSOException)
DelegationPermission(com.sun.identity.delegation.DelegationPermission)
DelegationEvaluatorImpl(com.sun.identity.delegation.DelegationEvaluatorImpl)
Iterator(java.util.Iterator)
Example 10 with DelegationEvaluator
use of com.sun.identity.delegation.DelegationEvaluator in project OpenAM by OpenRock.
the class AccessControlModelImpl method canView.
/**
* Returns true if a page can be viewed.
*
* @param permissions Permissions associated to the page.
* @param accessLevel Level of access i.e. either global or realm level.
* @param realmName Currently view realm Name.
* @param delegateUI true if this is a delegation administration page.
* @return true if a page can be viewed.
*/
public boolean canView(Set permissions, String accessLevel, String realmName, boolean delegateUI) {
boolean canView = false;
if (ssoToken != null) {
if (permissions.isEmpty()) {
canView = true;
} else {
try {
DelegationEvaluator delegationEvaluator = new DelegationEvaluatorImpl();
DelegationPermission delegationPermission = new DelegationPermission();
delegationPermission.setVersion("*");
delegationPermission.setSubConfigName("default");
if ((accessLevel != null) && (accessLevel.trim().length() > 0)) {
delegationPermission.setConfigType(accessLevel);
delegationPermission.setOrganizationName("/");
} else {
delegationPermission.setOrganizationName(realmName);
}
if (delegateUI) {
Set actions = new HashSet();
actions.add(AMAdminConstants.PERMISSION_DELEGATE);
delegationPermission.setActions(actions);
canView = delegationEvaluator.isAllowed(ssoToken, delegationPermission, Collections.EMPTY_MAP);
}
if (!delegateUI || canView) {
for (Iterator i = permissions.iterator(); i.hasNext() && !canView; ) {
String serviceName = (String) i.next();
canView = hasPermission(delegationEvaluator, delegationPermission, serviceName, AMAdminConstants.PERMISSION_READ);
}
}
} catch (DelegationException e) {
AMModelBase.debug.error("AccessControlModelImpl.canView", e);
} catch (SSOException e) {
AMModelBase.debug.error("AccessControlModelImpl.canView", e);
}
}
}
return canView;
}
Also used :
DelegationEvaluatorImpl(com.sun.identity.delegation.DelegationEvaluatorImpl)
Set(java.util.Set)
HashSet(java.util.HashSet)
Iterator(java.util.Iterator)
DelegationEvaluator(com.sun.identity.delegation.DelegationEvaluator)
DelegationException(com.sun.identity.delegation.DelegationException)
SSOException(com.iplanet.sso.SSOException)
DelegationPermission(com.sun.identity.delegation.DelegationPermission)
HashSet(java.util.HashSet)
Aggregations
DelegationEvaluator (com.sun.identity.delegation.DelegationEvaluator)14
DelegationPermission (com.sun.identity.delegation.DelegationPermission)14
DelegationEvaluatorImpl (com.sun.identity.delegation.DelegationEvaluatorImpl)12
SSOException (com.iplanet.sso.SSOException)11
DelegationException (com.sun.identity.delegation.DelegationException)11
HashSet (java.util.HashSet)8
Set (java.util.Set)8
SSOToken (com.iplanet.sso.SSOToken)7
IOException (java.io.IOException)3
Iterator (java.util.Iterator)3
Test (org.testng.annotations.Test)3
EntitlementException (com.sun.identity.entitlement.EntitlementException)2
IdRepoException (com.sun.identity.idm.IdRepoException)2
SMSException (com.sun.identity.sm.SMSException)2
HashMap (java.util.HashMap)2
Map (java.util.Map)2
RestLog (org.forgerock.openam.forgerockrest.utils.RestLog)2
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)2
ResourceException (org.restlet.resource.ResourceException)2
AMHashMap (com.iplanet.am.sdk.AMHashMap)1
