Example 16 with ConditionDecision
use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.
the class AuthenticateToServiceConditionTest method conditionShouldEvaluateToTrueWhenEnvironmentDoesNotContainServicesAndRealmIsPresentAndMatches.
@Test
public void conditionShouldEvaluateToTrueWhenEnvironmentDoesNotContainServicesAndRealmIsPresentAndMatches() throws EntitlementException {
//Given
String realm = "REALM";
Subject subject = new Subject();
String resourceName = "RESOURCE_NAME";
Map<String, Set<String>> env = new HashMap<String, Set<String>>();
Set<String> services = new HashSet<String>();
SSOToken ssoToken = mock(SSOToken.class);
given(coreWrapper.getDataFromRealmQualifiedData("OTHER_SERVICE_NAME")).willReturn("SERVICE_NAME");
given(coreWrapper.convertOrgNameToRealmName("REALM")).willReturn("REALM");
services.add("OTHER_SERVICE_NAME");
subject.getPrivateCredentials().add(ssoToken);
given(entitlementCoreWrapper.getRealmQualifiedAuthenticatedServices(ssoToken)).willReturn(services);
condition.setState("{\"authenticateToService\": \"SERVICE_NAME\"}");
//When
ConditionDecision decision = condition.evaluate(realm, subject, resourceName, env);
//Then
assertThat(decision.isSatisfied()).isTrue();
assertThat(decision.getAdvice()).isEmpty();
}Example 17 with ConditionDecision
use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.
the class IPvXConditionTest method assertConditionDecision.
protected void assertConditionDecision(boolean satisified, String ipAddress, String dnsName) throws EntitlementException {
// Given
Map<String, Set<String>> env = new HashMap<String, Set<String>>();
if (ipAddress != null) {
env.put(REQUEST_IP, asSet(ipAddress));
}
if (dnsName != null) {
env.put(REQUEST_DNS_NAME, asSet(dnsName));
}
// When
ConditionDecision result = condition.evaluate("/", subject, "resource", env);
// Then
String description = "\n\nEvaluating IPv4Condition:\n" + condition + "\n\nWith environment: " + env + "\nAnd SSOToken IP address: " + ssoTokenIpAddress;
if (satisified) {
assertThat(result.isSatisfied()).as(description).isTrue();
} else {
assertThat(result.isSatisfied()).as(description).isFalse();
}
}
Also used :
HashSet(java.util.HashSet)
LinkedHashSet(java.util.LinkedHashSet)
Set(java.util.Set)
CollectionUtils.asSet(org.forgerock.openam.utils.CollectionUtils.asSet)
HashMap(java.util.HashMap)
ConditionDecision(com.sun.identity.entitlement.ConditionDecision)
Example 18 with ConditionDecision
use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.
the class SessionConditionTest method conditionShouldEvaluateToFalseWhenEnvironmentHasTokenCreationTimeEqualToMaxSessionTime.
@Test
public void conditionShouldEvaluateToFalseWhenEnvironmentHasTokenCreationTimeEqualToMaxSessionTime() throws EntitlementException, SSOException {
//Given
String realm = "REALM";
Subject subject = new Subject();
String resourceName = "RESOURCE_NAME";
Map<String, Set<String>> env = new HashMap<String, Set<String>>();
SSOToken ssoToken = mock(SSOToken.class);
long now = System.currentTimeMillis();
long tokenCreationTime = now - (5 * 60000);
given(timeService.now()).willReturn(now);
env.put(REQUEST_SESSION_CREATION_TIME, Collections.singleton(tokenCreationTime + ""));
subject.getPrivateCredentials().add(ssoToken);
condition.setState("{\"maxSessionTime\": 5, \"terminateSession\": false}");
//When
ConditionDecision decision = condition.evaluate(realm, subject, resourceName, env);
//Then
assertThat(decision.isSatisfied()).isFalse();
assertThat(decision.getAdvice()).containsOnly(entry(SESSION_CONDITION_ADVICE, Collections.singleton(ADVICE_DENY)));
assertThat(decision.getTimeToLive()).isEqualTo(Long.MAX_VALUE);
verify(coreWrapper, never()).destroyToken(ssoToken);
}Example 19 with ConditionDecision
use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.
the class SessionConditionTest method conditionShouldEvaluateToFalseWhenSSOTokenCreationTimeEqualToMaxSessionTime.
@Test
public void conditionShouldEvaluateToFalseWhenSSOTokenCreationTimeEqualToMaxSessionTime() throws EntitlementException, SSOException {
//Given
String realm = "REALM";
Subject subject = new Subject();
String resourceName = "RESOURCE_NAME";
Map<String, Set<String>> env = new HashMap<String, Set<String>>();
SSOToken ssoToken = mock(SSOToken.class);
long now = System.currentTimeMillis();
String tokenCreationTime = DateUtils.dateToString(new Date(now - (5 * 60000)));
given(timeService.now()).willReturn(now);
subject.getPrivateCredentials().add(ssoToken);
given(ssoToken.getProperty("authInstant")).willReturn(tokenCreationTime);
condition.setState("{\"maxSessionTime\": 5, \"terminateSession\": false}");
//When
ConditionDecision decision = condition.evaluate(realm, subject, resourceName, env);
//Then
assertThat(decision.isSatisfied()).isFalse();
assertThat(decision.getAdvice()).containsOnly(entry(SESSION_CONDITION_ADVICE, Collections.singleton(ADVICE_DENY)));
assertThat(decision.getTimeToLive()).isEqualTo(Long.MAX_VALUE);
verify(coreWrapper, never()).destroyToken(ssoToken);
}Example 20 with ConditionDecision
use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.
the class AuthenticateToServiceConditionTest method conditionShouldEvaluateToTrueWhenEnvironmentContainsServicesAndMatches.
@Test
public void conditionShouldEvaluateToTrueWhenEnvironmentContainsServicesAndMatches() throws EntitlementException {
//Given
String realm = "REALM";
Subject subject = new Subject();
String resourceName = "RESOURCE_NAME";
Map<String, Set<String>> env = new HashMap<String, Set<String>>();
Set<String> services = new HashSet<String>();
given(coreWrapper.getRealmFromRealmQualifiedData("SERVICE_NAME")).willReturn("REALM");
given(coreWrapper.convertOrgNameToRealmName("REALM")).willReturn("REALM");
services.add("SERVICE_NAME");
env.put(REQUEST_AUTHENTICATED_TO_SERVICES, services);
condition.setState("{\"authenticateToService\": \"SERVICE_NAME\"}");
//When
ConditionDecision decision = condition.evaluate(realm, subject, resourceName, env);
//Then
assertThat(decision.isSatisfied()).isTrue();
assertThat(decision.getAdvice()).isEmpty();
}Aggregations
ConditionDecision (com.sun.identity.entitlement.ConditionDecision)59
Set (java.util.Set)56
HashMap (java.util.HashMap)54
HashSet (java.util.HashSet)53
Test (org.testng.annotations.Test)48
Subject (javax.security.auth.Subject)47
SSOToken (com.iplanet.sso.SSOToken)24
AMIdentity (com.sun.identity.idm.AMIdentity)7
SSOException (com.iplanet.sso.SSOException)5
EntitlementException (com.sun.identity.entitlement.EntitlementException)4
IdType (com.sun.identity.idm.IdType)4
Date (java.util.Date)4
CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)1
Entitlement (com.sun.identity.entitlement.Entitlement)1
SubjectDecision (com.sun.identity.entitlement.SubjectDecision)1
PolicyException (com.sun.identity.policy.PolicyException)1
Condition (com.sun.identity.policy.interfaces.Condition)1
AuthSPrincipal (com.sun.identity.rest.AuthSPrincipal)1
ParseException (java.text.ParseException)1
ArrayList (java.util.ArrayList)1
