Search in sources :

Example 36 with ConditionDecision

use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.

the class ResourceEnvIPConditionTest method conditionCanGrantAccessIfSpecificModuleUsedForAuthentication.

@Test
public void conditionCanGrantAccessIfSpecificModuleUsedForAuthentication() throws EntitlementException {
    //Given
    String realm = "REALM";
    String resourceName = "RESOURCE_NAME";
    Map<String, Set<String>> env = new HashMap<String, Set<String>>();
    env.put(ConditionConstants.REQUEST_IP, CollectionUtils.asSet("127.0.0.1"));
    env.put(ConditionConstants.REQUEST_AUTH_SCHEMES, CollectionUtils.asSet("LDAP"));
    condition.setState("{\"resourceEnvIPConditionValue\": [\"IF IP=[127.0.0.1] THEN module=LDAP\"]}");
    //When
    ConditionDecision result = condition.evaluate(realm, subject, resourceName, env);
    //Then
    assertThat(result.isSatisfied()).isTrue();
    assertThat(result.getAdvice()).isEmpty();
}
Also used : Set(java.util.Set) HashMap(java.util.HashMap) ConditionDecision(com.sun.identity.entitlement.ConditionDecision) Test(org.testng.annotations.Test)

Example 37 with ConditionDecision

use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.

the class SessionConditionTest method conditionShouldEvaluateToTrueWhenSSOTokenCreationTimeLessThanMaxSessionTime.

@Test
public void conditionShouldEvaluateToTrueWhenSSOTokenCreationTimeLessThanMaxSessionTime() throws EntitlementException, SSOException, ParseException {
    //Given
    String realm = "REALM";
    Subject subject = new Subject();
    String resourceName = "RESOURCE_NAME";
    Map<String, Set<String>> env = new HashMap<String, Set<String>>();
    SSOToken ssoToken = mock(SSOToken.class);
    long now = System.currentTimeMillis();
    String tokenCreationTime = DateUtils.dateToString(new Date(now - (5 * 60000) + 60000));
    given(timeService.now()).willReturn(now);
    subject.getPrivateCredentials().add(ssoToken);
    given(ssoToken.getProperty("authInstant")).willReturn(tokenCreationTime);
    condition.setState("{\"maxSessionTime\": 5, \"terminateSession\": false}");
    //When
    ConditionDecision decision = condition.evaluate(realm, subject, resourceName, env);
    //Then
    assertThat(decision.isSatisfied()).isTrue();
    assertThat(decision.getAdvice()).isEmpty();
    assertThat(decision.getTimeToLive()).isEqualTo(DateUtils.stringToDate(tokenCreationTime).getTime() + (5 * 60000));
    verify(coreWrapper, never()).destroyToken(ssoToken);
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) SSOToken(com.iplanet.sso.SSOToken) HashMap(java.util.HashMap) ConditionDecision(com.sun.identity.entitlement.ConditionDecision) Subject(javax.security.auth.Subject) Date(java.util.Date) Test(org.testng.annotations.Test)

Example 38 with ConditionDecision

use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.

the class SessionConditionTest method conditionShouldEvaluateToTrueWhenSubjectHasNoSSOToken.

@Test
public void conditionShouldEvaluateToTrueWhenSubjectHasNoSSOToken() throws EntitlementException, SSOException {
    //Given
    String realm = "REALM";
    Subject subject = new Subject();
    String resourceName = "RESOURCE_NAME";
    Map<String, Set<String>> env = new HashMap<String, Set<String>>();
    condition.setState("{\"maxSessionTime\": 5, \"terminateSession\": false}");
    //When
    ConditionDecision decision = condition.evaluate(realm, subject, resourceName, env);
    //Then
    assertThat(decision.isSatisfied()).isTrue();
    assertThat(decision.getAdvice()).isEmpty();
    assertThat(decision.getTimeToLive()).isEqualTo(Long.MAX_VALUE);
    verify(coreWrapper, never()).destroyToken(Matchers.<SSOToken>anyObject());
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) HashMap(java.util.HashMap) ConditionDecision(com.sun.identity.entitlement.ConditionDecision) Subject(javax.security.auth.Subject) Test(org.testng.annotations.Test)

Example 39 with ConditionDecision

use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.

the class SessionConditionTest method conditionShouldEvaluateToFalseWhenSSOTokenCreationTimeEqualToMaxSessionTimeWithTerminateSessionAdvice.

@Test
public void conditionShouldEvaluateToFalseWhenSSOTokenCreationTimeEqualToMaxSessionTimeWithTerminateSessionAdvice() throws EntitlementException, SSOException {
    //Given
    String realm = "REALM";
    Subject subject = new Subject();
    String resourceName = "RESOURCE_NAME";
    Map<String, Set<String>> env = new HashMap<String, Set<String>>();
    SSOToken ssoToken = mock(SSOToken.class);
    long now = System.currentTimeMillis();
    String tokenCreationTime = DateUtils.dateToString(new Date(now - (5 * 60000)));
    given(timeService.now()).willReturn(now);
    subject.getPrivateCredentials().add(ssoToken);
    given(ssoToken.getProperty("authInstant")).willReturn(tokenCreationTime);
    condition.setState("{\"maxSessionTime\": 5, \"terminateSession\": true}");
    //When
    ConditionDecision decision = condition.evaluate(realm, subject, resourceName, env);
    //Then
    assertThat(decision.isSatisfied()).isFalse();
    Set<String> expectedAdvice = new HashSet<String>();
    expectedAdvice.add(ADVICE_DENY);
    expectedAdvice.add(ADVICE_TERMINATE_SESSION);
    assertThat(decision.getAdvice()).containsOnly(entry(SESSION_CONDITION_ADVICE, expectedAdvice));
    assertThat(decision.getTimeToLive()).isEqualTo(Long.MAX_VALUE);
    verify(coreWrapper).destroyToken(ssoToken);
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) SSOToken(com.iplanet.sso.SSOToken) HashMap(java.util.HashMap) ConditionDecision(com.sun.identity.entitlement.ConditionDecision) Subject(javax.security.auth.Subject) Date(java.util.Date) HashSet(java.util.HashSet) Test(org.testng.annotations.Test)

Example 40 with ConditionDecision

use of com.sun.identity.entitlement.ConditionDecision in project OpenAM by OpenRock.

the class SessionConditionTest method conditionShouldEvaluateToFalseWhenEnvHasTokenCreationTimeEqualToMaxSessionTimeWithTerminateAdvice.

@Test
public void conditionShouldEvaluateToFalseWhenEnvHasTokenCreationTimeEqualToMaxSessionTimeWithTerminateAdvice() throws EntitlementException, SSOException {
    //Given
    String realm = "REALM";
    Subject subject = new Subject();
    String resourceName = "RESOURCE_NAME";
    Map<String, Set<String>> env = new HashMap<String, Set<String>>();
    SSOToken ssoToken = mock(SSOToken.class);
    long now = System.currentTimeMillis();
    long tokenCreationTime = now - (5 * 60000);
    given(timeService.now()).willReturn(now);
    env.put(REQUEST_SESSION_CREATION_TIME, Collections.singleton(tokenCreationTime + ""));
    subject.getPrivateCredentials().add(ssoToken);
    condition.setState("{\"maxSessionTime\": 5, \"terminateSession\": true}");
    //When
    ConditionDecision decision = condition.evaluate(realm, subject, resourceName, env);
    //Then
    assertThat(decision.isSatisfied()).isFalse();
    Set<String> expectedAdvice = new HashSet<String>();
    expectedAdvice.add(ADVICE_DENY);
    expectedAdvice.add(ADVICE_TERMINATE_SESSION);
    assertThat(decision.getAdvice()).containsOnly(entry(SESSION_CONDITION_ADVICE, expectedAdvice));
    assertThat(decision.getTimeToLive()).isEqualTo(Long.MAX_VALUE);
    verify(coreWrapper).destroyToken(ssoToken);
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) SSOToken(com.iplanet.sso.SSOToken) HashMap(java.util.HashMap) ConditionDecision(com.sun.identity.entitlement.ConditionDecision) Subject(javax.security.auth.Subject) HashSet(java.util.HashSet) Test(org.testng.annotations.Test)

Aggregations

ConditionDecision (com.sun.identity.entitlement.ConditionDecision)59 Set (java.util.Set)56 HashMap (java.util.HashMap)54 HashSet (java.util.HashSet)53 Test (org.testng.annotations.Test)48 Subject (javax.security.auth.Subject)47 SSOToken (com.iplanet.sso.SSOToken)24 AMIdentity (com.sun.identity.idm.AMIdentity)7 SSOException (com.iplanet.sso.SSOException)5 EntitlementException (com.sun.identity.entitlement.EntitlementException)4 IdType (com.sun.identity.idm.IdType)4 Date (java.util.Date)4 CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)1 Entitlement (com.sun.identity.entitlement.Entitlement)1 SubjectDecision (com.sun.identity.entitlement.SubjectDecision)1 PolicyException (com.sun.identity.policy.PolicyException)1 Condition (com.sun.identity.policy.interfaces.Condition)1 AuthSPrincipal (com.sun.identity.rest.AuthSPrincipal)1 ParseException (java.text.ParseException)1 ArrayList (java.util.ArrayList)1