Example 11 with ConditionDecision
use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.
the class ScriptConditionTest method successfulEvaluation.
@Test
public void successfulEvaluation() throws EntitlementException, ScriptException, javax.script.ScriptException, IdRepoException, SSOException {
// Given
Subject subject = new Subject();
SSOToken token = mock(SSOToken.class);
subject.getPrivateCredentials().add(token);
subject.getPrincipals().add(new AuthSPrincipal("user"));
Map<String, Set<String>> env = new HashMap<>();
Map<String, Set<String>> advice = new HashMap<>();
final ScriptConfiguration configuration = ScriptConfiguration.builder().setId("123-456-789").setName("test-script").setContext(ScriptContext.POLICY_CONDITION).setLanguage(SupportedScriptingLanguage.JAVASCRIPT).setScript("some-script-here").build();
scriptCondition = new ScriptCondition() {
@Override
protected ScriptConfiguration getScriptConfiguration(String realm) throws ScriptException {
return configuration;
}
};
given(coreWrapper.getIdentity(token)).willReturn(mock(AMIdentity.class));
// When
scriptCondition.setScriptId("123-456-789");
ConditionDecision decision = scriptCondition.evaluate("/abc", subject, "http://a:b/c", env);
// Then
// Hard to test true scenario
assertThat(decision.isSatisfied()).isFalse();
verify(scriptEvaluator).evaluateScript(scriptObjectCaptor.capture(), bindingsCaptor.capture());
ScriptObject scriptObject = scriptObjectCaptor.getValue();
assertThat(scriptObject.getName()).isEqualTo("test-script");
assertThat(scriptObject.getLanguage()).isEqualTo(SupportedScriptingLanguage.JAVASCRIPT);
assertThat(scriptObject.getScript()).isEqualTo("some-script-here");
Bindings bindings = bindingsCaptor.getValue();
assertThat(bindings.get("logger")).isEqualTo(PolicyConstants.DEBUG);
assertThat(bindings.get("username")).isEqualTo("user");
assertThat(bindings.get("resourceURI")).isEqualTo("http://a:b/c");
assertThat(bindings.get("environment")).isEqualTo(env);
assertThat(bindings.get("advice")).isEqualTo(advice);
assertThat(bindings.get("httpClient")).isEqualTo(restletHttpClient);
assertThat(bindings.get("authorized")).isEqualTo(Boolean.FALSE);
assertThat(bindings.get("ttl")).isEqualTo(Long.MAX_VALUE);
}
Also used :
ScriptObject(org.forgerock.openam.scripting.ScriptObject)
SSOToken(com.iplanet.sso.SSOToken)
Set(java.util.Set)
HashMap(java.util.HashMap)
ConditionDecision(com.sun.identity.entitlement.ConditionDecision)
Bindings(javax.script.Bindings)
Subject(javax.security.auth.Subject)
ScriptException(org.forgerock.openam.scripting.ScriptException)
AMIdentity(com.sun.identity.idm.AMIdentity)
AuthSPrincipal(com.sun.identity.rest.AuthSPrincipal)
ScriptConfiguration(org.forgerock.openam.scripting.service.ScriptConfiguration)
Test(org.testng.annotations.Test)
Example 12 with ConditionDecision
use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.
the class LEAuthLevelConditionTest method conditionShouldEvaluateToFalseWhenUsingRequestAuthLevelsFromEnvironmentWithoutRealmAndNotLE.
@Test
public void conditionShouldEvaluateToFalseWhenUsingRequestAuthLevelsFromEnvironmentWithoutRealmAndNotLE() throws EntitlementException {
//Given
String realm = "REALM";
Subject subject = new Subject();
String resourceName = "RESOURCE_NAME";
Map<String, Set<String>> env = new HashMap<String, Set<String>>();
Set<String> requestAuthLevels = new HashSet<String>();
given(authUtils.getDataFromRealmQualifiedData("3")).willReturn("3");
given(authUtils.getDataFromRealmQualifiedData("4")).willReturn("4");
given(authUtils.getDataFromRealmQualifiedData("6")).willReturn("6");
requestAuthLevels.add("3");
requestAuthLevels.add("4");
requestAuthLevels.add("6");
env.put("requestAuthLevel", requestAuthLevels);
condition.setState("{\"authLevel\": 5}");
//When
ConditionDecision decision = condition.evaluate(realm, subject, resourceName, env);
//Then
assertThat(decision.isSatisfied()).isFalse();
assertThat(decision.getAdvice()).isEmpty();
}Example 13 with ConditionDecision
use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.
the class LEAuthLevelConditionTest method conditionShouldEvaluateToTrueWhenUsingRequestAuthLevelsFromEnvironmentWithRealmAndIsLE.
@Test
public void conditionShouldEvaluateToTrueWhenUsingRequestAuthLevelsFromEnvironmentWithRealmAndIsLE() throws EntitlementException {
//Given
String realm = "REALM";
Subject subject = new Subject();
String resourceName = "RESOURCE_NAME";
Map<String, Set<String>> env = new HashMap<String, Set<String>>();
Set<String> requestAuthLevels = new HashSet<String>();
given(authUtils.getRealmFromRealmQualifiedData("5")).willReturn("REALM");
given(authUtils.getRealmFromRealmQualifiedData("3")).willReturn("REALM");
given(authUtils.getRealmFromRealmQualifiedData("4")).willReturn("REALM");
given(authUtils.getRealmFromRealmQualifiedData("6")).willReturn("OTHER_REALM");
given(authUtils.getDataFromRealmQualifiedData("3")).willReturn("3");
given(authUtils.getDataFromRealmQualifiedData("4")).willReturn("4");
given(authUtils.getDataFromRealmQualifiedData("6")).willReturn("6");
requestAuthLevels.add("3");
requestAuthLevels.add("4");
requestAuthLevels.add("6");
env.put("requestAuthLevel", requestAuthLevels);
condition.setState("{\"authLevel\": 5}");
//When
ConditionDecision decision = condition.evaluate(realm, subject, resourceName, env);
//Then
assertThat(decision.isSatisfied()).isTrue();
assertThat(decision.getAdvice()).isEmpty();
}Example 14 with ConditionDecision
use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.
the class OAuth2ScopeConditionTest method conditionShouldEvaluateToFalseWhenNoRequiredScopesSetAndEmptyScopeSetInEnvironment.
@Test
public void conditionShouldEvaluateToFalseWhenNoRequiredScopesSetAndEmptyScopeSetInEnvironment() throws EntitlementException {
//Given
String realm = "REALM";
Subject subject = new Subject();
String resourceName = "RESOURCE_NAME";
Map<String, Set<String>> env = new HashMap<String, Set<String>>();
env.put("scope", Collections.singleton(""));
//When
ConditionDecision decision = condition.evaluate(realm, subject, resourceName, env);
//Then
assertThat(decision.isSatisfied()).isFalse();
assertThat(decision.getAdvice()).isEmpty();
}Example 15 with ConditionDecision
use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.
the class OAuth2ScopeConditionTest method conditionShouldEvaluateToFalseWhenNoRequiredScopesSetAndNoneSetInEnvironment.
@Test
public void conditionShouldEvaluateToFalseWhenNoRequiredScopesSetAndNoneSetInEnvironment() throws EntitlementException {
//Given
String realm = "REALM";
Subject subject = new Subject();
String resourceName = "RESOURCE_NAME";
Map<String, Set<String>> env = new HashMap<String, Set<String>>();
//When
ConditionDecision decision = condition.evaluate(realm, subject, resourceName, env);
//Then
assertThat(decision.isSatisfied()).isFalse();
assertThat(decision.getAdvice()).isEmpty();
}Aggregations
ConditionDecision (com.sun.identity.entitlement.ConditionDecision)59
Set (java.util.Set)56
HashMap (java.util.HashMap)54
HashSet (java.util.HashSet)53
Test (org.testng.annotations.Test)48
Subject (javax.security.auth.Subject)47
SSOToken (com.iplanet.sso.SSOToken)24
AMIdentity (com.sun.identity.idm.AMIdentity)7
SSOException (com.iplanet.sso.SSOException)5
EntitlementException (com.sun.identity.entitlement.EntitlementException)4
IdType (com.sun.identity.idm.IdType)4
Date (java.util.Date)4
CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)1
Entitlement (com.sun.identity.entitlement.Entitlement)1
SubjectDecision (com.sun.identity.entitlement.SubjectDecision)1
PolicyException (com.sun.identity.policy.PolicyException)1
Condition (com.sun.identity.policy.interfaces.Condition)1
AuthSPrincipal (com.sun.identity.rest.AuthSPrincipal)1
ParseException (java.text.ParseException)1
ArrayList (java.util.ArrayList)1
