Search in sources :

Example 41 with Application

use of com.sun.identity.entitlement.Application in project OpenAM by OpenRock.

the class UpgradeEntitlementSubConfigsStep method addChangedConditions.

/**
     * Clears the conditions currently associated with an application, then replaces them with
     * the new set of conditions defined.
     *
     * @throws UpgradeException If there was an error while updating the application.
     */
private void addChangedConditions() throws UpgradeException {
    for (final Map.Entry<String, Set<String>> entry : changedConditions.entrySet()) {
        final String name = entry.getKey();
        final Set<String> conditions = entry.getValue();
        try {
            UpgradeProgress.reportStart(AUDIT_MODIFIED_CON_START, name);
            if (DEBUG.messageEnabled()) {
                DEBUG.message("Modifying application " + name + " ; adding conditions: " + conditions);
            }
            final Application application = getApplication(name);
            application.setConditions(conditions);
            entitlementService.storeApplication(application);
            UpgradeProgress.reportEnd(AUDIT_UPGRADE_SUCCESS);
        } catch (EntitlementException ee) {
            UpgradeProgress.reportEnd(AUDIT_UPGRADE_FAIL);
            throw new UpgradeException(ee);
        }
    }
}
Also used : UpgradeException(org.forgerock.openam.upgrade.UpgradeException) EntitlementException(com.sun.identity.entitlement.EntitlementException) HashSet(java.util.HashSet) Set(java.util.Set) HashMap(java.util.HashMap) Map(java.util.Map) EntitlementUtils.resourceTypeFromMap(org.forgerock.openam.entitlement.utils.EntitlementUtils.resourceTypeFromMap) Application(com.sun.identity.entitlement.Application)

Example 42 with Application

use of com.sun.identity.entitlement.Application in project OpenAM by OpenRock.

the class RemoveReferralsStepTest method simpleSuccessfulPassThrough.

@Test
public void simpleSuccessfulPassThrough() throws Exception {
    // Given
    given(connectionFactory.create()).willReturn(connection);
    given(connection.search(isA(SearchRequest.class))).willReturn(entryReader);
    given(entryReader.hasNext()).willReturn(true).willReturn(false);
    given(entryReader.readEntry()).willReturn(resultEntry);
    given(resultEntry.getName()).willReturn(DN.valueOf("ou=test,ou=forgerock,ou=org"));
    JsonValue jsonValue = json(object(field("name", "ref"), field("mapApplNameToResources", object(field("app1", array("*://*:*/*")))), field("realms", array("/a"))));
    Set<String> values = singleton("serializable=" + jsonValue.toString());
    Attribute attribute = new LinkedAttribute("ou", values);
    AttributeParser attributeParser = AttributeParser.parseAttribute(attribute);
    given(resultEntry.parseAttribute("sunKeyValue")).willReturn(attributeParser);
    Application app1 = new Application();
    app1.setName("app1");
    app1.addAllResourceTypeUuids(singleton("123"));
    given(applicationService.getApplication(isA(Subject.class), eq("/"), eq("app1"))).willReturn(app1);
    given(policyServiceFactory.get(eq("/a"), isA(Subject.class))).willReturn(policyService);
    Privilege policy1 = new OpenSSOPrivilege();
    policy1.setName("pol1");
    given(policyService.findAllPoliciesByApplication("app1")).willReturn(singletonList(policy1));
    ResourceType resourceType1 = ResourceType.builder().setName("resourceType1").setUUID("123").build();
    given(resourceTypeService.getResourceType(isA(Subject.class), eq("/"), eq("123"))).willReturn(resourceType1);
    // When
    testStep.initialize();
    boolean isApplicable = testStep.isApplicable();
    testStep.perform();
    String shortReport = testStep.getShortReport("");
    String longReport = testStep.getDetailedReport("");
    // Then
    assertThat(isApplicable).isTrue();
    assertThat(shortReport).containsSequence("applications to be cloned", "Referrals found");
    assertThat(longReport).containsSequence("app1", "ou=test,ou=forgerock,ou=org");
    verify(resourceTypeService).saveResourceType(isA(Subject.class), eq("/a"), resourceTypeCaptor.capture());
    verify(applicationService).saveApplication(isA(Subject.class), eq("/a"), applicationCaptor.capture());
    verify(policyService).modify(policyCaptor.capture());
    ResourceType clonedResourceType = resourceTypeCaptor.getValue();
    assertThat(clonedResourceType).isNotEqualTo(resourceType1);
    assertThat(clonedResourceType.getName()).isEqualTo("resourceType1");
    Application clonedApplication = applicationCaptor.getValue();
    assertThat(clonedApplication).isNotEqualTo(app1);
    assertThat(clonedApplication.getName()).isEqualTo("app1");
    assertThat(clonedApplication.getResourceTypeUuids()).containsExactly(clonedResourceType.getUUID());
    Privilege modifiedPolicy = policyCaptor.getValue();
    assertThat(modifiedPolicy).isEqualTo(modifiedPolicy);
    assertThat(modifiedPolicy.getResourceTypeUuid()).isEqualTo(clonedResourceType.getUUID());
    verify(connection).delete(deleteRequestCaptor.capture());
    DeleteRequest request = deleteRequestCaptor.getValue();
    assertThat(request.getName().toString()).isEqualTo("ou=test,ou=forgerock,ou=org");
}
Also used : SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest) Attribute(org.forgerock.opendj.ldap.Attribute) LinkedAttribute(org.forgerock.opendj.ldap.LinkedAttribute) JsonValue(org.forgerock.json.JsonValue) OpenSSOPrivilege(com.sun.identity.entitlement.opensso.OpenSSOPrivilege) ResourceType(org.forgerock.openam.entitlement.ResourceType) Subject(javax.security.auth.Subject) LinkedAttribute(org.forgerock.opendj.ldap.LinkedAttribute) AttributeParser(org.forgerock.opendj.ldap.AttributeParser) OpenSSOPrivilege(com.sun.identity.entitlement.opensso.OpenSSOPrivilege) Privilege(com.sun.identity.entitlement.Privilege) Application(com.sun.identity.entitlement.Application) DeleteRequest(org.forgerock.opendj.ldap.requests.DeleteRequest) Test(org.testng.annotations.Test)

Example 43 with Application

use of com.sun.identity.entitlement.Application in project OpenAM by OpenRock.

the class UpgradeResourceTypeStep method perform.

/**
     * {@inheritDoc}
     */
@Override
public void perform() throws UpgradeException {
    for (Map.Entry<String, Set<ResourceTypeState>> entry : resourceTypeStatePerRealm.entrySet()) {
        final String realm = entry.getKey();
        final EntitlementConfiguration ec = EntitlementConfiguration.getInstance(getAdminSubject(), realm);
        final PrivilegeManager pm = PrivilegeManager.getInstance(realm, getAdminSubject());
        for (ResourceTypeState state : entry.getValue()) {
            if (state.applicationNeedsResourceType) {
                ResourceType resourceType = createResourceType(state, realm);
                upgradeApplication(ec, state.appName, resourceType.getUUID());
                // Application modified, clear cache.
                ApplicationManager.clearCache(realm);
            }
            if (state.policiesNeedsResourceType) {
                final Application application = ec.getApplication(state.appName);
                final Set<String> uuids = application.getResourceTypeUuids();
                if (!uuids.isEmpty()) {
                    // there should only be one resource type associated with the application at this stage
                    upgradePrivileges(pm, state.appName, uuids.iterator().next());
                }
            }
        }
    }
}
Also used : Set(java.util.Set) CollectionUtils.transformSet(org.forgerock.openam.utils.CollectionUtils.transformSet) HashSet(java.util.HashSet) PrivilegeManager(com.sun.identity.entitlement.PrivilegeManager) EntitlementConfiguration(com.sun.identity.entitlement.EntitlementConfiguration) ResourceType(org.forgerock.openam.entitlement.ResourceType) Map(java.util.Map) HashMap(java.util.HashMap) Application(com.sun.identity.entitlement.Application)

Example 44 with Application

use of com.sun.identity.entitlement.Application in project OpenAM by OpenRock.

the class UpgradeEntitlementSubConfigsStepTest method setUp.

@BeforeMethod
public void setUp() throws IllegalAccessException, InstantiationException {
    mockTypes = new HashSet<ApplicationType>(3);
    final ApplicationType type1 = newType("type1");
    final ApplicationType type2 = newType("type2");
    final ApplicationType type3 = newType("type3");
    mockTypes.addAll(Arrays.asList(type1, type2, type3));
    this.type1 = type1;
    mockApplications = new HashSet<Application>(3);
    final Application application1 = newApplication("application1", type1);
    final Application application2 = newApplication("application2", type1);
    final Application application3 = newApplication("application3", type1);
    mockApplications.addAll(Arrays.asList(application1, application2, application3));
    entitlementService = mock(EntitlementConfiguration.class);
    adminTokenAction = mock(PrivilegedAction.class);
    connectionFactory = mock(ConnectionFactory.class);
    resourceTypeConfiguration = mock(ResourceTypeConfiguration.class);
    upgradeStep = new SafeUpgradeEntitlementSubConfigsStep(entitlementService, resourceTypeConfiguration, adminTokenAction, connectionFactory);
    final HashSet<String> conditions = new HashSet<String>();
    conditions.add("condition.entry.1");
    conditions.add("condition.entry.2");
    final HashSet<String> subjects = new HashSet<String>();
    subjects.add("subject.entry.1");
    subjects.add("subject.entry.2");
    final HashSet<String> resources = new HashSet<String>();
    resources.add("http://*");
    resources.add("https://*");
    app = newApplication("application4", type1);
    app.setConditions(conditions);
    app.setSubjects(subjects);
    app.setEntitlementCombinerName(DEFAULT_COMBINER);
}
Also used : ApplicationType(com.sun.identity.entitlement.ApplicationType) ConnectionFactory(org.forgerock.openam.sm.datalayer.api.ConnectionFactory) PrivilegedAction(java.security.PrivilegedAction) EntitlementConfiguration(com.sun.identity.entitlement.EntitlementConfiguration) ResourceTypeConfiguration(org.forgerock.openam.entitlement.configuration.ResourceTypeConfiguration) Application(com.sun.identity.entitlement.Application) HashSet(java.util.HashSet) BeforeMethod(org.testng.annotations.BeforeMethod)

Example 45 with Application

use of com.sun.identity.entitlement.Application in project OpenAM by OpenRock.

the class PolicyV1Filter method retrieveResourceType.

/**
     * Retrieves the resource type Id from the containing application
     * and sets it within the policies' JSON representation.
     *
     * @param jsonValue
     *         the policies' JSON representation
     * @param callingSubject
     *         the calling subject
     * @param realm
     *         the realm
     *
     * @throws EntitlementException
     *         should some policy error occur
     * @throws ResourceException
     *         should some violation occur that doesn't satisfy policy v1.0
     */
private void retrieveResourceType(JsonValue jsonValue, Subject callingSubject, String realm) throws EntitlementException, ResourceException {
    final String applicationName = jsonValue.get("applicationName").asString();
    if (applicationName == null) {
        throw new BadRequestException("Invalid application name defined in request");
    }
    final ApplicationService applicationService = applicationServiceFactory.create(callingSubject, realm);
    final Application application = applicationService.getApplication(applicationName);
    if (application == null) {
        throw new NotFoundException("Unable to find application " + applicationName);
    }
    if (application.getResourceTypeUuids().size() != 1) {
        throw new BadRequestException("Cannot create policy under an application with more than " + "one resource type using version 1.0 of this endpoint");
    }
    // Retrieve the resource type from the applications single resource type.
    final String resourceTypeUuid = application.getResourceTypeUuids().iterator().next();
    jsonValue.put(RESOURCE_TYPE_UUID, resourceTypeUuid);
}
Also used : BadRequestException(org.forgerock.json.resource.BadRequestException) NotFoundException(org.forgerock.json.resource.NotFoundException) Application(com.sun.identity.entitlement.Application) ApplicationService(org.forgerock.openam.entitlement.service.ApplicationService)

Aggregations

Application (com.sun.identity.entitlement.Application)65 EntitlementException (com.sun.identity.entitlement.EntitlementException)37 Subject (javax.security.auth.Subject)29 ResourceResponse (org.forgerock.json.resource.ResourceResponse)22 Test (org.testng.annotations.Test)22 HashSet (java.util.HashSet)20 JsonValue (org.forgerock.json.JsonValue)18 Set (java.util.Set)16 ResourceException (org.forgerock.json.resource.ResourceException)16 RealmContext (org.forgerock.openam.rest.RealmContext)16 SSOTokenContext (org.forgerock.openam.rest.resource.SSOTokenContext)16 HashMap (java.util.HashMap)15 ClientContext (org.forgerock.services.context.ClientContext)13 Context (org.forgerock.services.context.Context)13 Matchers.anyString (org.mockito.Matchers.anyString)13 UpgradeException (org.forgerock.openam.upgrade.UpgradeException)10 UpdateRequest (org.forgerock.json.resource.UpdateRequest)9 ApplicationWrapper (org.forgerock.openam.entitlement.rest.wrappers.ApplicationWrapper)9 Map (java.util.Map)8 BadRequestException (org.forgerock.json.resource.BadRequestException)7