Examples with ConditionDecision com.sun.identity.entitlement.ConditionDecision used on opensource projects

Search in sources :

Example 21 with ConditionDecision

use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.

the class AuthenticateToServiceConditionTest method conditionShouldEvaluateToTrueWhenEnvironmentContainsServicesAndRealmIsPresentAndMatches.

@Test
public void conditionShouldEvaluateToTrueWhenEnvironmentContainsServicesAndRealmIsPresentAndMatches() throws EntitlementException {
    //Given
    String realm = "REALM";
    Subject subject = new Subject();
    String resourceName = "RESOURCE_NAME";
    Map<String, Set<String>> env = new HashMap<String, Set<String>>();
    Set<String> services = new HashSet<String>();
    given(coreWrapper.getDataFromRealmQualifiedData("OTHER_SERVICE_NAME")).willReturn("SERVICE_NAME");
    given(coreWrapper.convertOrgNameToRealmName("REALM")).willReturn("REALM");
    services.add("OTHER_SERVICE_NAME");
    env.put(REQUEST_AUTHENTICATED_TO_SERVICES, services);
    condition.setState("{\"authenticateToService\": \"SERVICE_NAME\"}");
    //When
    ConditionDecision decision = condition.evaluate(realm, subject, resourceName, env);
    //Then
    assertThat(decision.isSatisfied()).isTrue();
    assertThat(decision.getAdvice()).isEmpty();
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) HashMap(java.util.HashMap) ConditionDecision(com.sun.identity.entitlement.ConditionDecision) Subject(javax.security.auth.Subject) HashSet(java.util.HashSet) Test(org.testng.annotations.Test)

Example 22 with ConditionDecision

use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.

the class AuthenticateToServiceConditionTest method conditionShouldEvaluateToTrueWhenEnvironmentDoesNotContainServicesAndRealmIsPresentAndDoesNotMatch.

@Test
public void conditionShouldEvaluateToTrueWhenEnvironmentDoesNotContainServicesAndRealmIsPresentAndDoesNotMatch() throws EntitlementException {
    //Given
    String realm = "REALM";
    Subject subject = new Subject();
    String resourceName = "RESOURCE_NAME";
    Map<String, Set<String>> env = new HashMap<String, Set<String>>();
    Set<String> services = new HashSet<String>();
    SSOToken ssoToken = mock(SSOToken.class);
    given(coreWrapper.getDataFromRealmQualifiedData("OTHER_SERVICE_NAME")).willReturn("OTHER_SERVICE_NAME");
    given(coreWrapper.convertOrgNameToRealmName("REALM")).willReturn("REALM");
    services.add("OTHER_SERVICE_NAME");
    subject.getPrivateCredentials().add(ssoToken);
    given(entitlementCoreWrapper.getRealmQualifiedAuthenticatedServices(ssoToken)).willReturn(services);
    condition.setState("{\"authenticateToService\": \"SERVICE_NAME\"}");
    //When
    ConditionDecision decision = condition.evaluate(realm, subject, resourceName, env);
    //Then
    assertThat(decision.isSatisfied()).isFalse();
    assertThat(decision.getAdvice()).containsOnly(entry(AUTHENTICATE_TO_SERVICE_CONDITION_ADVICE, Collections.singleton("REALM:SERVICE_NAME")));
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) SSOToken(com.iplanet.sso.SSOToken) HashMap(java.util.HashMap) ConditionDecision(com.sun.identity.entitlement.ConditionDecision) Subject(javax.security.auth.Subject) HashSet(java.util.HashSet) Test(org.testng.annotations.Test)

Example 23 with ConditionDecision

use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.

the class AuthenticateToServiceConditionTest method conditionShouldEvaluateToTrueWhenEnvironmentDoesNotContainServicesAndMatches.

@Test
public void conditionShouldEvaluateToTrueWhenEnvironmentDoesNotContainServicesAndMatches() throws EntitlementException {
    //Given
    String realm = "REALM";
    Subject subject = new Subject();
    String resourceName = "RESOURCE_NAME";
    Map<String, Set<String>> env = new HashMap<String, Set<String>>();
    Set<String> services = new HashSet<String>();
    SSOToken ssoToken = mock(SSOToken.class);
    given(coreWrapper.getRealmFromRealmQualifiedData("SERVICE_NAME")).willReturn("REALM");
    given(coreWrapper.convertOrgNameToRealmName("REALM")).willReturn("REALM");
    services.add("SERVICE_NAME");
    subject.getPrivateCredentials().add(ssoToken);
    given(entitlementCoreWrapper.getRealmQualifiedAuthenticatedServices(ssoToken)).willReturn(services);
    condition.setState("{\"authenticateToService\": \"SERVICE_NAME\"}");
    //When
    ConditionDecision decision = condition.evaluate(realm, subject, resourceName, env);
    //Then
    assertThat(decision.isSatisfied()).isTrue();
    assertThat(decision.getAdvice()).isEmpty();
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) SSOToken(com.iplanet.sso.SSOToken) HashMap(java.util.HashMap) ConditionDecision(com.sun.identity.entitlement.ConditionDecision) Subject(javax.security.auth.Subject) HashSet(java.util.HashSet) Test(org.testng.annotations.Test)

Example 24 with ConditionDecision

use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.

the class OpenSSOPrivilege method internalEvaluate.

private List<Entitlement> internalEvaluate(Subject adminSubject, String realm, Subject subject, String applicationName, String resourceName, Set<String> actionNames, Map<String, Set<String>> environment, boolean recursive) throws EntitlementException {
    Entitlement originalEntitlement = getEntitlement();
    if (!isActive()) {
        Entitlement entitlement = new Entitlement(originalEntitlement.getApplicationName(), originalEntitlement.getResourceName(), Collections.<String>emptySet());
        return Arrays.asList(entitlement);
    }
    // First evaluate subject conditions.
    SubjectDecision subjectDecision = doesSubjectMatch(adminSubject, realm, subject, resourceName, environment);
    if (!subjectDecision.isSatisfied()) {
        Entitlement entitlement = new Entitlement(originalEntitlement.getApplicationName(), originalEntitlement.getResourceName(), Collections.<String>emptySet());
        entitlement.setAdvices(subjectDecision.getAdvices());
        return Arrays.asList(entitlement);
    }
    // Second evaluate environment conditions.
    ConditionDecision conditionDecision = doesConditionMatch(realm, subject, resourceName, environment);
    if (!conditionDecision.isSatisfied()) {
        Entitlement entitlement = new Entitlement(originalEntitlement.getApplicationName(), originalEntitlement.getResourceName(), Collections.<String>emptySet());
        entitlement.setAdvices(conditionDecision.getAdvice());
        entitlement.setTTL(conditionDecision.getTimeToLive());
        return Arrays.asList(entitlement);
    }
    // Finally verify the resource.
    Set<String> matchedResources = originalEntitlement.evaluate(adminSubject, realm, subject, applicationName, resourceName, actionNames, environment, recursive);
    if (PolicyConstants.DEBUG.messageEnabled()) {
        PolicyConstants.DEBUG.message("[PolicyEval] OpenSSOPrivilege.evaluate: resources=" + matchedResources);
    }
    // Retrieve the collection of response attributes base on the resource.
    Map<String, Set<String>> attributes = getAttributes(adminSubject, realm, subject, resourceName, environment);
    squashMaps(attributes, conditionDecision.getResponseAttributes());
    List<Entitlement> results = new ArrayList<>();
    for (String matchedResource : matchedResources) {
        Entitlement entitlement = new Entitlement(originalEntitlement.getApplicationName(), matchedResource, originalEntitlement.getActionValues());
        entitlement.setAdvices(conditionDecision.getAdvice());
        entitlement.setAttributes(attributes);
        entitlement.setTTL(conditionDecision.getTimeToLive());
        results.add(entitlement);
    }
    return results;
}
Also used : Set(java.util.Set) SubjectDecision(com.sun.identity.entitlement.SubjectDecision) ArrayList(java.util.ArrayList) Entitlement(com.sun.identity.entitlement.Entitlement) ConditionDecision(com.sun.identity.entitlement.ConditionDecision)

Example 25 with ConditionDecision

use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.

the class AMIdentityMembershipConditionTest method conditionShouldEvaluateToFalseWhenConfiguredIdentityCanHaveMembersButInvocatorIsNotAMember.

@Test
public void conditionShouldEvaluateToFalseWhenConfiguredIdentityCanHaveMembersButInvocatorIsNotAMember() throws EntitlementException, IdRepoException, SSOException {
    //Given
    String realm = "REALM";
    Subject subject = new Subject();
    String resourceName = "RESOURCE_NAME";
    Map<String, Set<String>> env = new HashMap<String, Set<String>>();
    AMIdentity invocatorIdentity = mock(AMIdentity.class);
    AMIdentity identity = mock(AMIdentity.class);
    IdType invocatorIdType = mock(IdType.class);
    IdType identityIdType = mock(IdType.class);
    env.put(INVOCATOR_PRINCIPAL_UUID, Collections.singleton("INVOCATOR_UUID"));
    condition.setState("{\"amIdentityName\": [\"IDENTITY\"]}");
    given(coreWrapper.getIdentity(adminToken, "INVOCATOR_UUID")).willReturn(invocatorIdentity);
    given(coreWrapper.getIdentity(adminToken, "IDENTITY")).willReturn(identity);
    given(invocatorIdentity.getType()).willReturn(invocatorIdType);
    given(identity.getType()).willReturn(identityIdType);
    given(identityIdType.canHaveMembers()).willReturn(Collections.singleton(invocatorIdType));
    given(invocatorIdentity.isMember(identity)).willReturn(false);
    //When
    ConditionDecision decision = condition.evaluate(realm, subject, resourceName, env);
    //Then
    assertThat(decision.isSatisfied()).isFalse();
    assertThat(decision.getAdvice()).isEmpty();
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) HashMap(java.util.HashMap) AMIdentity(com.sun.identity.idm.AMIdentity) ConditionDecision(com.sun.identity.entitlement.ConditionDecision) Subject(javax.security.auth.Subject) IdType(com.sun.identity.idm.IdType) Test(org.testng.annotations.Test)

Aggregations

ConditionDecision (com.sun.identity.entitlement.ConditionDecision)59 Set (java.util.Set)56 HashMap (java.util.HashMap)54 HashSet (java.util.HashSet)53 Test (org.testng.annotations.Test)48 Subject (javax.security.auth.Subject)47 SSOToken (com.iplanet.sso.SSOToken)24 AMIdentity (com.sun.identity.idm.AMIdentity)7 SSOException (com.iplanet.sso.SSOException)5 EntitlementException (com.sun.identity.entitlement.EntitlementException)4 IdType (com.sun.identity.idm.IdType)4 Date (java.util.Date)4 CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)1 Entitlement (com.sun.identity.entitlement.Entitlement)1 SubjectDecision (com.sun.identity.entitlement.SubjectDecision)1 PolicyException (com.sun.identity.policy.PolicyException)1 Condition (com.sun.identity.policy.interfaces.Condition)1 AuthSPrincipal (com.sun.identity.rest.AuthSPrincipal)1 ParseException (java.text.ParseException)1 ArrayList (java.util.ArrayList)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial