Examples with DelegationPermission com.sun.identity.delegation.DelegationPermission used on opensource projects

Search in sources :

Example 26 with DelegationPermission

use of com.sun.identity.delegation.DelegationPermission in project OpenAM by OpenRock.

the class PrivilegeAuthzModuleTest method crestActionBlowupIsAllowed.

@Test
public void crestActionBlowupIsAllowed() throws SSOException, DelegationException {
    // Given...
    final Set<String> actions = new HashSet<>(Arrays.asList("MODIFY"));
    final DelegationPermission permission = new DelegationPermission("/abc", "rest", "1.0", "policies", "destroy", actions, EXTENSIONS, DUMB_FUNC);
    given(factory.newInstance("/abc", "rest", "1.0", "policies", "destroy", actions, EXTENSIONS)).willReturn(permission);
    given(subjectContext.getCallerSSOToken()).willReturn(token);
    given(evaluator.isAllowed(eq(token), eq(permission), eq(ENVIRONMENT))).willReturn(true);
    JsonValue jsonValue = json(object(field("someKey", "someValue")));
    Promise<ActionResponse, ResourceException> promise = Promises.newResultPromise(Responses.newActionResponse(jsonValue));
    given(provider.actionCollection(isA(Context.class), isA(ActionRequest.class))).willReturn(promise);
    // When...
    final FilterChain chain = AuthorizationFilters.createAuthorizationFilter(provider, module);
    final Router router = new Router();
    router.addRoute(RoutingMode.STARTS_WITH, Router.uriTemplate("/policies"), chain);
    final RealmContext context = new RealmContext(subjectContext);
    context.setSubRealm("abc", "abc");
    final ActionRequest request = Requests.newActionRequest("/policies", "blowup");
    Promise<ActionResponse, ResourceException> result = router.handleAction(context, request);
    // Then...
    assertThat(result).succeeded().withContent().stringAt("someKey").isEqualTo("someValue");
}
Also used : RealmContext(org.forgerock.openam.rest.RealmContext) SubjectContext(org.forgerock.openam.rest.resource.SubjectContext) Context(org.forgerock.services.context.Context) RealmContext(org.forgerock.openam.rest.RealmContext) FilterChain(org.forgerock.json.resource.FilterChain) JsonValue(org.forgerock.json.JsonValue) Router(org.forgerock.json.resource.Router) Matchers.anyString(org.mockito.Matchers.anyString) DelegationPermission(com.sun.identity.delegation.DelegationPermission) ActionResponse(org.forgerock.json.resource.ActionResponse) ActionRequest(org.forgerock.json.resource.ActionRequest) ResourceException(org.forgerock.json.resource.ResourceException) HashSet(java.util.HashSet) Test(org.testng.annotations.Test)

Example 27 with DelegationPermission

use of com.sun.identity.delegation.DelegationPermission in project OpenAM by OpenRock.

the class PrivilegeAuthzModuleTest method crestDeleteIsAllowed.

@Test
public void crestDeleteIsAllowed() throws SSOException, DelegationException {
    // Given...
    final Set<String> actions = new HashSet<>(Arrays.asList("MODIFY"));
    final DelegationPermission permission = new DelegationPermission("/abc", "rest", "1.0", "policies", "modify", actions, EXTENSIONS, DUMB_FUNC);
    given(factory.newInstance("/abc", "rest", "1.0", "policies", "modify", actions, EXTENSIONS)).willReturn(permission);
    given(subjectContext.getCallerSSOToken()).willReturn(token);
    given(evaluator.isAllowed(eq(token), eq(permission), eq(ENVIRONMENT))).willReturn(true);
    JsonValue jsonValue = json(object(field("someKey", "someValue")));
    Promise<ResourceResponse, ResourceException> promise = Promises.newResultPromise(Responses.newResourceResponse("1", "1.0", jsonValue));
    given(provider.deleteInstance(isA(Context.class), eq("123"), isA(DeleteRequest.class))).willReturn(promise);
    // When...
    final FilterChain chain = AuthorizationFilters.createAuthorizationFilter(provider, module);
    final Router router = new Router();
    router.addRoute(RoutingMode.STARTS_WITH, Router.uriTemplate("/policies"), chain);
    final RealmContext context = new RealmContext(subjectContext);
    context.setSubRealm("abc", "abc");
    final DeleteRequest request = Requests.newDeleteRequest("/policies/123");
    Promise<ResourceResponse, ResourceException> result = router.handleDelete(context, request);
    // Then...
    assertThat(result).succeeded().withContent().stringAt("someKey").isEqualTo("someValue");
}
Also used : RealmContext(org.forgerock.openam.rest.RealmContext) SubjectContext(org.forgerock.openam.rest.resource.SubjectContext) Context(org.forgerock.services.context.Context) RealmContext(org.forgerock.openam.rest.RealmContext) FilterChain(org.forgerock.json.resource.FilterChain) JsonValue(org.forgerock.json.JsonValue) Router(org.forgerock.json.resource.Router) Matchers.anyString(org.mockito.Matchers.anyString) DelegationPermission(com.sun.identity.delegation.DelegationPermission) ResourceResponse(org.forgerock.json.resource.ResourceResponse) ResourceException(org.forgerock.json.resource.ResourceException) DeleteRequest(org.forgerock.json.resource.DeleteRequest) HashSet(java.util.HashSet) Test(org.testng.annotations.Test)

Example 28 with DelegationPermission

use of com.sun.identity.delegation.DelegationPermission in project OpenAM by OpenRock.

the class PrivilegeAuthzModuleTest method crestReadIsAllowed.

@Test
public void crestReadIsAllowed() throws SSOException, DelegationException {
    // Given...
    final Set<String> actions = new HashSet<>(Arrays.asList("READ"));
    final DelegationPermission permission = new DelegationPermission("/abc", "rest", "1.0", "policies", "read", actions, EXTENSIONS, DUMB_FUNC);
    given(factory.newInstance("/abc", "rest", "1.0", "policies", "read", actions, EXTENSIONS)).willReturn(permission);
    given(subjectContext.getCallerSSOToken()).willReturn(token);
    given(evaluator.isAllowed(token, permission, ENVIRONMENT)).willReturn(true);
    JsonValue jsonValue = json(object(field("someKey", "someValue")));
    Promise<ResourceResponse, ResourceException> promise = Promises.newResultPromise(Responses.newResourceResponse("1", "1.0", jsonValue));
    given(provider.readInstance(isA(Context.class), eq("123"), isA(ReadRequest.class))).willReturn(promise);
    // When...
    final FilterChain chain = AuthorizationFilters.createAuthorizationFilter(provider, module);
    final Router router = new Router();
    router.addRoute(RoutingMode.STARTS_WITH, Router.uriTemplate("/policies"), chain);
    final RealmContext context = new RealmContext(subjectContext);
    final ReadRequest request = Requests.newReadRequest("/policies/123");
    context.setSubRealm("abc", "abc");
    Promise<ResourceResponse, ResourceException> result = router.handleRead(context, request);
    // Then...
    assertThat(result).succeeded().withContent().stringAt("someKey").isEqualTo("someValue");
}
Also used : RealmContext(org.forgerock.openam.rest.RealmContext) SubjectContext(org.forgerock.openam.rest.resource.SubjectContext) Context(org.forgerock.services.context.Context) RealmContext(org.forgerock.openam.rest.RealmContext) FilterChain(org.forgerock.json.resource.FilterChain) JsonValue(org.forgerock.json.JsonValue) Router(org.forgerock.json.resource.Router) Matchers.anyString(org.mockito.Matchers.anyString) DelegationPermission(com.sun.identity.delegation.DelegationPermission) ResourceResponse(org.forgerock.json.resource.ResourceResponse) ResourceException(org.forgerock.json.resource.ResourceException) HashSet(java.util.HashSet) ReadRequest(org.forgerock.json.resource.ReadRequest) Test(org.testng.annotations.Test)

Example 29 with DelegationPermission

use of com.sun.identity.delegation.DelegationPermission in project OpenAM by OpenRock.

the class PrivilegeAuthzModuleTest method crestUpdateIsAllowed.

@Test
public void crestUpdateIsAllowed() throws SSOException, DelegationException {
    // Given...
    final Set<String> actions = new HashSet<>(Arrays.asList("MODIFY"));
    final DelegationPermission permission = new DelegationPermission("/abc", "rest", "1.0", "policies", "modify", actions, EXTENSIONS, DUMB_FUNC);
    given(factory.newInstance("/abc", "rest", "1.0", "policies", "modify", actions, EXTENSIONS)).willReturn(permission);
    given(subjectContext.getCallerSSOToken()).willReturn(token);
    given(evaluator.isAllowed(eq(token), eq(permission), eq(ENVIRONMENT))).willReturn(true);
    JsonValue jsonValue = json(object(field("someKey", "someValue")));
    Promise<ResourceResponse, ResourceException> promise = Promises.newResultPromise(Responses.newResourceResponse("1", "1.0", jsonValue));
    given(provider.updateInstance(isA(Context.class), eq("123"), isA(UpdateRequest.class))).willReturn(promise);
    // When...
    final FilterChain chain = AuthorizationFilters.createAuthorizationFilter(provider, module);
    final Router router = new Router();
    router.addRoute(RoutingMode.STARTS_WITH, Router.uriTemplate("/policies"), chain);
    final RealmContext context = new RealmContext(subjectContext);
    context.setSubRealm("abc", "abc");
    final UpdateRequest request = Requests.newUpdateRequest("/policies/123", JsonValue.json(new Object()));
    Promise<ResourceResponse, ResourceException> result = router.handleUpdate(context, request);
    // Then...
    assertThat(result).succeeded().withContent().stringAt("someKey").isEqualTo("someValue");
}
Also used : RealmContext(org.forgerock.openam.rest.RealmContext) SubjectContext(org.forgerock.openam.rest.resource.SubjectContext) Context(org.forgerock.services.context.Context) RealmContext(org.forgerock.openam.rest.RealmContext) UpdateRequest(org.forgerock.json.resource.UpdateRequest) FilterChain(org.forgerock.json.resource.FilterChain) JsonValue(org.forgerock.json.JsonValue) Router(org.forgerock.json.resource.Router) Matchers.anyString(org.mockito.Matchers.anyString) DelegationPermission(com.sun.identity.delegation.DelegationPermission) ResourceResponse(org.forgerock.json.resource.ResourceResponse) ResourceException(org.forgerock.json.resource.ResourceException) HashSet(java.util.HashSet) Test(org.testng.annotations.Test)

Example 30 with DelegationPermission

use of com.sun.identity.delegation.DelegationPermission in project OpenAM by OpenRock.

the class PrivilegeAuthzModuleTest method crestCreateIsAllowed.

@Test
public void crestCreateIsAllowed() throws SSOException, DelegationException {
    // Given...
    final Set<String> actions = new HashSet<>(Arrays.asList("MODIFY"));
    final DelegationPermission permission = new DelegationPermission("/abc", "rest", "1.0", "policies", "modify", actions, EXTENSIONS, DUMB_FUNC);
    given(factory.newInstance("/abc", "rest", "1.0", "policies", "modify", actions, EXTENSIONS)).willReturn(permission);
    given(subjectContext.getCallerSSOToken()).willReturn(token);
    given(evaluator.isAllowed(eq(token), eq(permission), eq(ENVIRONMENT))).willReturn(true);
    JsonValue jsonValue = json(object(field("someKey", "someValue")));
    Promise<ResourceResponse, ResourceException> promise = Promises.newResultPromise(Responses.newResourceResponse("1", "1.0", jsonValue));
    given(provider.createInstance(isA(Context.class), isA(CreateRequest.class))).willReturn(promise);
    // When...
    final FilterChain chain = AuthorizationFilters.createAuthorizationFilter(provider, module);
    final Router router = new Router();
    router.addRoute(RoutingMode.STARTS_WITH, Router.uriTemplate("/policies"), chain);
    final RealmContext context = new RealmContext(subjectContext);
    context.setSubRealm("abc", "abc");
    final CreateRequest request = Requests.newCreateRequest("/policies", JsonValue.json(new Object()));
    Promise<ResourceResponse, ResourceException> result = router.handleCreate(context, request);
    // Then...
    assertThat(result).succeeded().withContent().stringAt("someKey").isEqualTo("someValue");
}
Also used : RealmContext(org.forgerock.openam.rest.RealmContext) SubjectContext(org.forgerock.openam.rest.resource.SubjectContext) Context(org.forgerock.services.context.Context) RealmContext(org.forgerock.openam.rest.RealmContext) CreateRequest(org.forgerock.json.resource.CreateRequest) FilterChain(org.forgerock.json.resource.FilterChain) JsonValue(org.forgerock.json.JsonValue) Router(org.forgerock.json.resource.Router) Matchers.anyString(org.mockito.Matchers.anyString) DelegationPermission(com.sun.identity.delegation.DelegationPermission) ResourceResponse(org.forgerock.json.resource.ResourceResponse) ResourceException(org.forgerock.json.resource.ResourceException) HashSet(java.util.HashSet) Test(org.testng.annotations.Test)

Aggregations

DelegationPermission (com.sun.identity.delegation.DelegationPermission)30 HashSet (java.util.HashSet)22 DelegationException (com.sun.identity.delegation.DelegationException)17 SSOException (com.iplanet.sso.SSOException)16 DelegationEvaluator (com.sun.identity.delegation.DelegationEvaluator)14 Set (java.util.Set)13 DelegationEvaluatorImpl (com.sun.identity.delegation.DelegationEvaluatorImpl)12 Test (org.testng.annotations.Test)12 FilterChain (org.forgerock.json.resource.FilterChain)9 ResourceException (org.forgerock.json.resource.ResourceException)9 Router (org.forgerock.json.resource.Router)9 RealmContext (org.forgerock.openam.rest.RealmContext)9 SubjectContext (org.forgerock.openam.rest.resource.SubjectContext)9 Matchers.anyString (org.mockito.Matchers.anyString)9 Context (org.forgerock.services.context.Context)8 SSOToken (com.iplanet.sso.SSOToken)7 Iterator (java.util.Iterator)6 JsonValue (org.forgerock.json.JsonValue)6 ResourceResponse (org.forgerock.json.resource.ResourceResponse)6 IdRepoException (com.sun.identity.idm.IdRepoException)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial