Search in sources :

Example 1 with AndCondition

use of com.sun.identity.entitlement.AndCondition in project OpenAM by OpenRock.

the class PolicyConditionUpgraderTest method isPolicyWithAndEnvironmentConditionUpgradable.

@Test(dataProvider = "isPolicyWithAndEnvironmentConditionUpgradableDataProvider")
public void isPolicyWithAndEnvironmentConditionUpgradable(Class<? extends EntitlementCondition> con1, boolean con1InMap, Class<? extends EntitlementCondition> con2, boolean con2InMap, boolean expectedResult) {
    //Given
    Privilege policy = mock(Privilege.class);
    AndCondition andCondition = mock(AndCondition.class);
    Set<EntitlementCondition> andConditions = new HashSet<EntitlementCondition>();
    EntitlementCondition condition1 = mock(con1);
    EntitlementCondition condition2 = mock(con2);
    andConditions.add(condition1);
    andConditions.add(condition2);
    given(policy.getCondition()).willReturn(andCondition);
    given(andCondition.getEConditions()).willReturn(andConditions);
    if (condition1 instanceof PolicyCondition) {
        given(((PolicyCondition) condition1).getClassName()).willReturn("CONDITION1_CLASS_NAME");
    }
    if (condition2 instanceof PolicyCondition) {
        given(((PolicyCondition) condition2).getClassName()).willReturn("CONDITION2_CLASS_NAME");
    }
    given(conditionUpgradeMap.containsEnvironmentCondition("CONDITION1_CLASS_NAME")).willReturn(con1InMap);
    given(conditionUpgradeMap.containsEnvironmentCondition("CONDITION2_CLASS_NAME")).willReturn(con2InMap);
    //When
    boolean upgradable = conditionUpgrader.isPolicyUpgradable(policy);
    //Then
    assertThat(upgradable).isEqualTo(expectedResult);
}
Also used : EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition) PolicyCondition(com.sun.identity.entitlement.opensso.PolicyCondition) Privilege(com.sun.identity.entitlement.Privilege) AndCondition(com.sun.identity.entitlement.AndCondition) HashSet(java.util.HashSet) Test(org.testng.annotations.Test)

Example 2 with AndCondition

use of com.sun.identity.entitlement.AndCondition in project OpenAM by OpenRock.

the class PrivilegeUtils method nConditionsToECondition.

private static EntitlementCondition nConditionsToECondition(Set nConditons) throws EntitlementException {
    Set<EntitlementCondition> ecSet = new HashSet<EntitlementCondition>();
    for (Object nConditionObj : nConditons) {
        Object[] nCondition = (Object[]) nConditionObj;
        EntitlementCondition ec = mapGenericCondition(nCondition);
        ecSet.add(ec);
    }
    if (ecSet.isEmpty()) {
        return null;
    }
    if (ecSet.size() == 1) {
        return ecSet.iterator().next();
    }
    Map<String, Set<EntitlementCondition>> cnEntcMap = new HashMap<String, Set<EntitlementCondition>>();
    for (EntitlementCondition ec : ecSet) {
        String key = (ec instanceof PolicyCondition) ? ((PolicyCondition) ec).getClassName() : ec.getClass().getName();
        Set<EntitlementCondition> values = cnEntcMap.get(key);
        if (values == null) {
            values = new HashSet<EntitlementCondition>();
            cnEntcMap.put(key, values);
        }
        values.add(ec);
    }
    Set<String> keySet = cnEntcMap.keySet();
    if (keySet.size() == 1) {
        Set<EntitlementCondition> values = cnEntcMap.get(keySet.iterator().next());
        return (values.size() == 1) ? values.iterator().next() : new OrCondition(values);
    }
    Set andSet = new HashSet();
    for (String key : keySet) {
        Set values = (Set) cnEntcMap.get(key);
        if (values.size() == 1) {
            andSet.add(values.iterator().next());
        } else {
            andSet.add(new OrCondition(values));
        }
    }
    return new AndCondition(andSet);
}
Also used : EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition) HashSet(java.util.HashSet) Set(java.util.Set) HashMap(java.util.HashMap) AndCondition(com.sun.identity.entitlement.AndCondition) OrCondition(com.sun.identity.entitlement.OrCondition) HashSet(java.util.HashSet)

Example 3 with AndCondition

use of com.sun.identity.entitlement.AndCondition in project OpenAM by OpenRock.

the class JsonPolicyParserTest method shouldParseNestedAndConditions.

@Test
public void shouldParseNestedAndConditions() throws Exception {
    // Given
    // An AND condition containing a single OAuth2Scope condition
    String scope = "givenName";
    JsonValue content = buildJson(field("condition", object(field("type", "AND"), field("conditions", Collections.singletonList(object(field("type", "OAuth2Scope"), field("requiredScopes", array(scope))))))));
    // When
    Privilege result = parser.parsePolicy(POLICY_NAME, content);
    // Then
    assertThat(result.getCondition()).isInstanceOf(AndCondition.class);
    AndCondition and = (AndCondition) result.getCondition();
    assertThat(and.getEConditions()).hasSize(1);
    assertThat(and.getEConditions().iterator().next()).isInstanceOf(OAuth2ScopeCondition.class);
    OAuth2ScopeCondition oauth2Scope = (OAuth2ScopeCondition) and.getEConditions().iterator().next();
    assertThat(oauth2Scope.getRequiredScopes()).isEqualTo(Collections.singleton(scope));
}
Also used : OAuth2ScopeCondition(org.forgerock.openam.entitlement.conditions.environment.OAuth2ScopeCondition) JsonValue(org.forgerock.json.JsonValue) OpenSSOPrivilege(com.sun.identity.entitlement.opensso.OpenSSOPrivilege) Privilege(com.sun.identity.entitlement.Privilege) AndCondition(com.sun.identity.entitlement.AndCondition) Test(org.testng.annotations.Test)

Example 4 with AndCondition

use of com.sun.identity.entitlement.AndCondition in project OpenAM by OpenRock.

the class PolicyConditionUpgraderTest method shouldMigratePolicyWithAndEnvironmentCondition.

@SuppressWarnings("unchecked")
@Test
public void shouldMigratePolicyWithAndEnvironmentCondition() throws EntitlementException, UpgradeException {
    //Given
    Privilege policy = mock(Privilege.class);
    AndCondition andCondition = mock(AndCondition.class);
    Set<EntitlementCondition> andConditions = new HashSet<EntitlementCondition>();
    PolicyCondition condition1 = mock(PolicyCondition.class);
    PolicyCondition condition2 = mock(PolicyCondition.class);
    andConditions.add(condition1);
    andConditions.add(condition2);
    EntitlementCondition migratedCondition1 = mock(EntitlementCondition.class);
    EntitlementCondition migratedCondition2 = mock(EntitlementCondition.class);
    given(policy.getCondition()).willReturn(andCondition);
    given(andCondition.getEConditions()).willReturn(andConditions);
    given(condition1.getClassName()).willReturn("CONDITION1_CLASS_NAME");
    given(condition2.getClassName()).willReturn("CONDITION2_CLASS_NAME");
    given(conditionUpgradeMap.migrateEnvironmentCondition(eq("CONDITION1_CLASS_NAME"), eq(condition1), Matchers.<MigrationReport>anyObject())).willReturn(migratedCondition1);
    given(conditionUpgradeMap.migrateEnvironmentCondition(eq("CONDITION2_CLASS_NAME"), eq(condition2), Matchers.<MigrationReport>anyObject())).willReturn(migratedCondition2);
    //When
    conditionUpgrader.dryRunPolicyUpgrade(policy);
    //Then
    ArgumentCaptor<Set> conditionCaptor = ArgumentCaptor.forClass(Set.class);
    verify(andCondition).setEConditions(conditionCaptor.capture());
    assertThat(conditionCaptor.getValue()).hasSize(2).contains(migratedCondition1, migratedCondition2);
    verify(policy, never()).setSubject(Matchers.<EntitlementSubject>anyObject());
    verify(policy, never()).setCondition(Matchers.<EntitlementCondition>anyObject());
}
Also used : EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition) HashSet(java.util.HashSet) Set(java.util.Set) PolicyCondition(com.sun.identity.entitlement.opensso.PolicyCondition) Privilege(com.sun.identity.entitlement.Privilege) AndCondition(com.sun.identity.entitlement.AndCondition) HashSet(java.util.HashSet) Test(org.testng.annotations.Test)

Example 5 with AndCondition

use of com.sun.identity.entitlement.AndCondition in project OpenAM by OpenRock.

the class JsonPolicyParserTest method shouldPrintComplexConditions.

@Test
public void shouldPrintComplexConditions() throws Exception {
    // Given
    Privilege policy = new StubPrivilege();
    AndCondition and = new AndCondition();
    Set<EntitlementCondition> subConditions = new LinkedHashSet<EntitlementCondition>();
    Map<String, Set<String>> props = new HashMap<String, Set<String>>();
    props.put("AuthenticateToRealm", Collections.singleton("REALM"));
    PolicyCondition policyCondition = new PolicyCondition("test", AuthenticateToRealmCondition.class.getName(), props);
    NotCondition not = new NotCondition(policyCondition);
    subConditions.add(not);
    and.setEConditions(subConditions);
    policy.setCondition(and);
    // When
    JsonValue result = parser.printPolicy(policy);
    // Then
    assertThat(result.get(new JsonPointer("condition/type")).asString()).isEqualTo("AND");
    assertThat(result.get(new JsonPointer("condition/conditions/0/type")).asString()).isEqualTo("NOT");
    assertThat(result.get(new JsonPointer("condition/conditions/0/condition/type")).asString()).isEqualTo("Policy");
    assertThat(result.get(new JsonPointer("condition/conditions/0/condition/className")).asString()).isEqualTo(AuthenticateToRealmCondition.class.getName());
    assertThat(result.get(new JsonPointer("condition/conditions/0/condition/properties")).asMapOfList(String.class)).includes(entry("AuthenticateToRealm", Arrays.asList("REALM")));
}
Also used : LinkedHashSet(java.util.LinkedHashSet) EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet) Set(java.util.Set) NotCondition(com.sun.identity.entitlement.NotCondition) HashMap(java.util.HashMap) JsonValue(org.forgerock.json.JsonValue) PolicyCondition(com.sun.identity.entitlement.opensso.PolicyCondition) JsonPointer(org.forgerock.json.JsonPointer) AndCondition(com.sun.identity.entitlement.AndCondition) AuthenticateToRealmCondition(com.sun.identity.policy.plugins.AuthenticateToRealmCondition) OpenSSOPrivilege(com.sun.identity.entitlement.opensso.OpenSSOPrivilege) Privilege(com.sun.identity.entitlement.Privilege) Test(org.testng.annotations.Test)

Aggregations

AndCondition (com.sun.identity.entitlement.AndCondition)7 EntitlementCondition (com.sun.identity.entitlement.EntitlementCondition)6 Privilege (com.sun.identity.entitlement.Privilege)6 HashSet (java.util.HashSet)6 Test (org.testng.annotations.Test)6 HashMap (java.util.HashMap)4 PolicyCondition (com.sun.identity.entitlement.opensso.PolicyCondition)3 Set (java.util.Set)3 Entitlement (com.sun.identity.entitlement.Entitlement)2 EntitlementSubject (com.sun.identity.entitlement.EntitlementSubject)2 OrCondition (com.sun.identity.entitlement.OrCondition)2 OrSubject (com.sun.identity.entitlement.OrSubject)2 ResourceAttribute (com.sun.identity.entitlement.ResourceAttribute)2 StaticAttributes (com.sun.identity.entitlement.StaticAttributes)2 UserAttributes (com.sun.identity.entitlement.UserAttributes)2 UserSubject (com.sun.identity.entitlement.UserSubject)2 OpenSSOPrivilege (com.sun.identity.entitlement.opensso.OpenSSOPrivilege)2 OpenSSOUserSubject (com.sun.identity.entitlement.opensso.OpenSSOUserSubject)2 JsonValue (org.forgerock.json.JsonValue)2 IPv4Condition (org.forgerock.openam.entitlement.conditions.environment.IPv4Condition)2