use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.
the class ResourceEnvIPConditionTest method conditionCanGrantAccessIfSpecificModuleUsedForAuthentication.
@Test
public void conditionCanGrantAccessIfSpecificModuleUsedForAuthentication() throws EntitlementException {
//Given
String realm = "REALM";
String resourceName = "RESOURCE_NAME";
Map<String, Set<String>> env = new HashMap<String, Set<String>>();
env.put(ConditionConstants.REQUEST_IP, CollectionUtils.asSet("127.0.0.1"));
env.put(ConditionConstants.REQUEST_AUTH_SCHEMES, CollectionUtils.asSet("LDAP"));
condition.setState("{\"resourceEnvIPConditionValue\": [\"IF IP=[127.0.0.1] THEN module=LDAP\"]}");
//When
ConditionDecision result = condition.evaluate(realm, subject, resourceName, env);
//Then
assertThat(result.isSatisfied()).isTrue();
assertThat(result.getAdvice()).isEmpty();
}
use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.
the class SessionConditionTest method conditionShouldEvaluateToTrueWhenSSOTokenCreationTimeLessThanMaxSessionTime.
@Test
public void conditionShouldEvaluateToTrueWhenSSOTokenCreationTimeLessThanMaxSessionTime() throws EntitlementException, SSOException, ParseException {
//Given
String realm = "REALM";
Subject subject = new Subject();
String resourceName = "RESOURCE_NAME";
Map<String, Set<String>> env = new HashMap<String, Set<String>>();
SSOToken ssoToken = mock(SSOToken.class);
long now = System.currentTimeMillis();
String tokenCreationTime = DateUtils.dateToString(new Date(now - (5 * 60000) + 60000));
given(timeService.now()).willReturn(now);
subject.getPrivateCredentials().add(ssoToken);
given(ssoToken.getProperty("authInstant")).willReturn(tokenCreationTime);
condition.setState("{\"maxSessionTime\": 5, \"terminateSession\": false}");
//When
ConditionDecision decision = condition.evaluate(realm, subject, resourceName, env);
//Then
assertThat(decision.isSatisfied()).isTrue();
assertThat(decision.getAdvice()).isEmpty();
assertThat(decision.getTimeToLive()).isEqualTo(DateUtils.stringToDate(tokenCreationTime).getTime() + (5 * 60000));
verify(coreWrapper, never()).destroyToken(ssoToken);
}
use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.
the class SessionConditionTest method conditionShouldEvaluateToTrueWhenSubjectHasNoSSOToken.
@Test
public void conditionShouldEvaluateToTrueWhenSubjectHasNoSSOToken() throws EntitlementException, SSOException {
//Given
String realm = "REALM";
Subject subject = new Subject();
String resourceName = "RESOURCE_NAME";
Map<String, Set<String>> env = new HashMap<String, Set<String>>();
condition.setState("{\"maxSessionTime\": 5, \"terminateSession\": false}");
//When
ConditionDecision decision = condition.evaluate(realm, subject, resourceName, env);
//Then
assertThat(decision.isSatisfied()).isTrue();
assertThat(decision.getAdvice()).isEmpty();
assertThat(decision.getTimeToLive()).isEqualTo(Long.MAX_VALUE);
verify(coreWrapper, never()).destroyToken(Matchers.<SSOToken>anyObject());
}
use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.
the class SessionConditionTest method conditionShouldEvaluateToFalseWhenSSOTokenCreationTimeEqualToMaxSessionTimeWithTerminateSessionAdvice.
@Test
public void conditionShouldEvaluateToFalseWhenSSOTokenCreationTimeEqualToMaxSessionTimeWithTerminateSessionAdvice() throws EntitlementException, SSOException {
//Given
String realm = "REALM";
Subject subject = new Subject();
String resourceName = "RESOURCE_NAME";
Map<String, Set<String>> env = new HashMap<String, Set<String>>();
SSOToken ssoToken = mock(SSOToken.class);
long now = System.currentTimeMillis();
String tokenCreationTime = DateUtils.dateToString(new Date(now - (5 * 60000)));
given(timeService.now()).willReturn(now);
subject.getPrivateCredentials().add(ssoToken);
given(ssoToken.getProperty("authInstant")).willReturn(tokenCreationTime);
condition.setState("{\"maxSessionTime\": 5, \"terminateSession\": true}");
//When
ConditionDecision decision = condition.evaluate(realm, subject, resourceName, env);
//Then
assertThat(decision.isSatisfied()).isFalse();
Set<String> expectedAdvice = new HashSet<String>();
expectedAdvice.add(ADVICE_DENY);
expectedAdvice.add(ADVICE_TERMINATE_SESSION);
assertThat(decision.getAdvice()).containsOnly(entry(SESSION_CONDITION_ADVICE, expectedAdvice));
assertThat(decision.getTimeToLive()).isEqualTo(Long.MAX_VALUE);
verify(coreWrapper).destroyToken(ssoToken);
}
use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.
the class SessionConditionTest method conditionShouldEvaluateToFalseWhenEnvHasTokenCreationTimeEqualToMaxSessionTimeWithTerminateAdvice.
@Test
public void conditionShouldEvaluateToFalseWhenEnvHasTokenCreationTimeEqualToMaxSessionTimeWithTerminateAdvice() throws EntitlementException, SSOException {
//Given
String realm = "REALM";
Subject subject = new Subject();
String resourceName = "RESOURCE_NAME";
Map<String, Set<String>> env = new HashMap<String, Set<String>>();
SSOToken ssoToken = mock(SSOToken.class);
long now = System.currentTimeMillis();
long tokenCreationTime = now - (5 * 60000);
given(timeService.now()).willReturn(now);
env.put(REQUEST_SESSION_CREATION_TIME, Collections.singleton(tokenCreationTime + ""));
subject.getPrivateCredentials().add(ssoToken);
condition.setState("{\"maxSessionTime\": 5, \"terminateSession\": true}");
//When
ConditionDecision decision = condition.evaluate(realm, subject, resourceName, env);
//Then
assertThat(decision.isSatisfied()).isFalse();
Set<String> expectedAdvice = new HashSet<String>();
expectedAdvice.add(ADVICE_DENY);
expectedAdvice.add(ADVICE_TERMINATE_SESSION);
assertThat(decision.getAdvice()).containsOnly(entry(SESSION_CONDITION_ADVICE, expectedAdvice));
assertThat(decision.getTimeToLive()).isEqualTo(Long.MAX_VALUE);
verify(coreWrapper).destroyToken(ssoToken);
}
Aggregations