Example 26 with ConditionDecision
use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.
the class AMIdentityMembershipConditionTest method conditionShouldEvaluateToFalseWhenInvocatorPrincipalNotSet.
@Test
public void conditionShouldEvaluateToFalseWhenInvocatorPrincipalNotSet() throws EntitlementException {
//Given
String realm = "REALM";
Subject subject = new Subject();
String resourceName = "RESOURCE_NAME";
Map<String, Set<String>> env = new HashMap<String, Set<String>>();
condition.setState("{\"amIdentityName\": [\"IDENTITY_ONE\", \"IDENTITY_TWO\"]}");
//When
ConditionDecision decision = condition.evaluate(realm, subject, resourceName, env);
//Then
assertThat(decision.isSatisfied()).isFalse();
assertThat(decision.getAdvice()).isEmpty();
}Example 27 with ConditionDecision
use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.
the class AMIdentityMembershipConditionTest method conditionShouldEvaluateToTrueWhenUsingIdentitiesMatch.
@Test
public void conditionShouldEvaluateToTrueWhenUsingIdentitiesMatch() throws EntitlementException, IdRepoException, SSOException {
//Given
String realm = "REALM";
Subject subject = new Subject();
String resourceName = "RESOURCE_NAME";
Map<String, Set<String>> env = new HashMap<String, Set<String>>();
AMIdentity invocatorIdentity = mock(AMIdentity.class);
AMIdentity identity = invocatorIdentity;
env.put(INVOCATOR_PRINCIPAL_UUID, Collections.singleton("INVOCATOR_UUID"));
condition.setState("{\"amIdentityName\": [\"IDENTITY\"]}");
given(coreWrapper.getIdentity(adminToken, "INVOCATOR_UUID")).willReturn(invocatorIdentity);
given(coreWrapper.getIdentity(adminToken, "IDENTITY")).willReturn(identity);
//When
ConditionDecision decision = condition.evaluate(realm, subject, resourceName, env);
//Then
assertThat(decision.isSatisfied()).isTrue();
assertThat(decision.getAdvice()).isEmpty();
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
HashMap(java.util.HashMap)
AMIdentity(com.sun.identity.idm.AMIdentity)
ConditionDecision(com.sun.identity.entitlement.ConditionDecision)
Subject(javax.security.auth.Subject)
Test(org.testng.annotations.Test)
Example 28 with ConditionDecision
use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.
the class AMIdentityMembershipConditionTest method conditionShouldEvaluateToFalseWhenInvocatorPrincipalIsEmpty.
@Test
public void conditionShouldEvaluateToFalseWhenInvocatorPrincipalIsEmpty() throws EntitlementException {
//Given
String realm = "REALM";
Subject subject = new Subject();
String resourceName = "RESOURCE_NAME";
Map<String, Set<String>> env = new HashMap<String, Set<String>>();
Set<String> invocatorUuids = new HashSet<String>();
env.put(INVOCATOR_PRINCIPAL_UUID, invocatorUuids);
condition.setState("{\"amIdentityName\": [\"IDENTITY_ONE\", \"IDENTITY_TWO\"]}");
//When
ConditionDecision decision = condition.evaluate(realm, subject, resourceName, env);
//Then
assertThat(decision.isSatisfied()).isFalse();
assertThat(decision.getAdvice()).isEmpty();
}Example 29 with ConditionDecision
use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.
the class PolicyCondition method evaluate.
/**
* Returns condition decision.
*
* @param realm Realm name.
* @param subject Subject to be evaluated.
* @param resourceName Resource name.
* @param environment Environment map.
* @return condition decision.
* @throws com.sun.identity.entitlement.EntitlementException if error occur.
*/
public ConditionDecision evaluate(String realm, Subject subject, String resourceName, Map<String, Set<String>> environment) throws EntitlementException {
try {
SSOToken token = (subject != null) ? getSSOToken(subject) : null;
Condition cond = getPolicyCondition();
com.sun.identity.policy.ConditionDecision dec = cond.getConditionDecision(token, environment);
return new ConditionDecision(dec.isAllowed(), dec.getAdvices(), dec.getTimeToLive());
} catch (SSOException ex) {
throw new EntitlementException(510, ex);
} catch (PolicyException ex) {
throw new EntitlementException(510, ex);
}
}
Also used :
Condition(com.sun.identity.policy.interfaces.Condition)
EntitlementException(com.sun.identity.entitlement.EntitlementException)
SSOToken(com.iplanet.sso.SSOToken)
PolicyException(com.sun.identity.policy.PolicyException)
SSOException(com.iplanet.sso.SSOException)
ConditionDecision(com.sun.identity.entitlement.ConditionDecision)
Example 30 with ConditionDecision
use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.
the class CachingEntitlementCondition method evaluate.
/**
* First checks whether the backing condition has been evaluated already, if no, then evaluates the condition once
* and saves the result in the {@link PrivilegeEvaluatorContext#conditionDecisionCache}. If the result of the
* condition is already cached, then it returns the cached result.
* In case the context is not available for any reason, then the condition will be executed
*
* @param realm {@inheritDoc}
* @param subject {@inheritDoc}
* @param resourceName {@inheritDoc}
* @param environment {@inheritDoc}
* @return {@inheritDoc}
* @throws EntitlementException {@inheritDoc}
*/
public ConditionDecision evaluate(String realm, Subject subject, String resourceName, Map<String, Set<String>> environment) throws EntitlementException {
String classMethod = "CachingEntitlementCondition.evaluate() ";
PrivilegeEvaluatorContext context = PrivilegeEvaluatorContext.getCurrent();
if (context == null) {
DEBUG.warning(classMethod + "PrivilegeEvaluatorContext is not available, condition cache is discarded.");
return backingCondition.evaluate(realm, subject, resourceName, environment);
}
//context is shared across evaluator threads, so we can synchronize on it. Different privilege evaluations have
//different contexts as well.
final String cacheKey = backingCondition.getClass().getName() + getState();
synchronized (context) {
ConditionDecision cachedResult = context.getConditionDecisionCache().get(cacheKey);
if (cachedResult != null) {
if (DEBUG.messageEnabled()) {
DEBUG.message(classMethod + "returning cached condition decision");
}
return cachedResult;
}
ConditionDecision result = backingCondition.evaluate(realm, subject, resourceName, environment);
if (DEBUG.messageEnabled()) {
DEBUG.message(classMethod + "caching condition decision \"" + result.isSatisfied() + "\" for condition: " + cacheKey);
}
context.getConditionDecisionCache().put(cacheKey, result);
return result;
}
}
Also used :
ConditionDecision(com.sun.identity.entitlement.ConditionDecision)
Aggregations
ConditionDecision (com.sun.identity.entitlement.ConditionDecision)59
Set (java.util.Set)56
HashMap (java.util.HashMap)54
HashSet (java.util.HashSet)53
Test (org.testng.annotations.Test)48
Subject (javax.security.auth.Subject)47
SSOToken (com.iplanet.sso.SSOToken)24
AMIdentity (com.sun.identity.idm.AMIdentity)7
SSOException (com.iplanet.sso.SSOException)5
EntitlementException (com.sun.identity.entitlement.EntitlementException)4
IdType (com.sun.identity.idm.IdType)4
Date (java.util.Date)4
CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)1
Entitlement (com.sun.identity.entitlement.Entitlement)1
SubjectDecision (com.sun.identity.entitlement.SubjectDecision)1
PolicyException (com.sun.identity.policy.PolicyException)1
Condition (com.sun.identity.policy.interfaces.Condition)1
AuthSPrincipal (com.sun.identity.rest.AuthSPrincipal)1
ParseException (java.text.ParseException)1
ArrayList (java.util.ArrayList)1
