Example 1 with Entitlement
use of com.sun.identity.entitlement.Entitlement in project OpenAM by OpenRock.
the class PolicyResourceEvaluationTest method shouldMakeBatchEvaluation.
@Test
public void shouldMakeBatchEvaluation() throws EntitlementException {
// Given...
given(request.getAction()).willReturn("evaluate");
Context context = buildContextStructure("/abc");
given(requestFactory.buildRequest(PolicyAction.EVALUATE, context, request)).willReturn(policyRequest);
given(policyRequest.getRestSubject()).willReturn(restSubject);
given(policyRequest.getApplication()).willReturn("some-application");
given(factory.getEvaluator(restSubject, "some-application")).willReturn(evaluator);
given(policyRequest.getApplication()).willReturn("some-application");
given(policyRequest.getRealm()).willReturn("/abc");
List<Entitlement> decisions = Arrays.asList(new Entitlement());
given(evaluator.routePolicyRequest(policyRequest)).willReturn(decisions);
JsonValue jsonDecision = JsonValue.json(array());
given(parser.printEntitlements(decisions)).willReturn(jsonDecision);
// When...
Promise<ActionResponse, ResourceException> promise = policyResource.actionCollection(context, request);
// Then...
verify(request).getAction();
verify(requestFactory).buildRequest(PolicyAction.EVALUATE, context, request);
verify(policyRequest).getRestSubject();
verify(policyRequest, times(2)).getApplication();
verify(policyRequest).getRealm();
verify(factory).getEvaluator(restSubject, "some-application");
verify(evaluator).routePolicyRequest(policyRequest);
verify(parser).printEntitlements(decisions);
assertThat(promise).succeeded().withContent().isEqualTo(jsonDecision);
verifyNoMoreInteractions(request, requestFactory, policyRequest, factory, evaluator, parser);
}
Also used :
ClientContext(org.forgerock.services.context.ClientContext)
RealmContext(org.forgerock.openam.rest.RealmContext)
Context(org.forgerock.services.context.Context)
SubjectContext(org.forgerock.openam.rest.resource.SubjectContext)
JsonValue(org.forgerock.json.JsonValue)
ResourceException(org.forgerock.json.resource.ResourceException)
Entitlement(com.sun.identity.entitlement.Entitlement)
ActionResponse(org.forgerock.json.resource.ActionResponse)
Test(org.testng.annotations.Test)
Example 2 with Entitlement
use of com.sun.identity.entitlement.Entitlement in project OpenAM by OpenRock.
the class JsonPolicyParserTest method shouldNotPrintPolicyTTL.
@Test
public void shouldNotPrintPolicyTTL() throws Exception {
// Given
Privilege policy = new StubPrivilege();
policy.setEntitlement(new Entitlement());
policy.getEntitlement().setTTL(1234l);
// When
JsonValue result = parser.printPolicy(policy);
// Then
// TTL should not appear on the policy entitlement
assertThat(result.get("ttl").asLong()).isNull();
}
Also used :
JsonValue(org.forgerock.json.JsonValue)
OpenSSOPrivilege(com.sun.identity.entitlement.opensso.OpenSSOPrivilege)
Privilege(com.sun.identity.entitlement.Privilege)
Entitlement(com.sun.identity.entitlement.Entitlement)
Test(org.testng.annotations.Test)
Example 3 with Entitlement
use of com.sun.identity.entitlement.Entitlement in project OpenAM by OpenRock.
the class OpenProvisioning method createPolicy.
private void createPolicy(SSOToken adminToken) throws EntitlementException {
PrivilegeManager pMgr = new PolicyPrivilegeManager(applicationServiceFactory, resourceTypeService, constraintValidator);
pMgr.initialize("/", SubjectUtils.createSubject(adminToken));
Map<String, Boolean> actionValues = new HashMap<String, Boolean>();
actionValues.put("CREATE", Boolean.TRUE);
actionValues.put("READ", Boolean.TRUE);
actionValues.put("UPDATE", Boolean.TRUE);
actionValues.put("DELETE", Boolean.TRUE);
Entitlement entitlement = new Entitlement(APPLICATION, "/OP/*", actionValues);
entitlement.setName("openProvisioningPrivilege");
UserSubject sbj = new OpenSSOUserSubject();
sbj.setID(jSmith.getUniversalId());
AttributeLookupCondition cond = new AttributeLookupCondition("$USER.postaladdress", "$RES.postaladdress");
Privilege privilege = Privilege.getNewInstance();
privilege.setName(PRIVILEGE_NAME);
privilege.setEntitlement(entitlement);
privilege.setSubject(sbj);
privilege.setCondition(cond);
pMgr.add(privilege);
}
Also used :
OpenSSOUserSubject(com.sun.identity.entitlement.opensso.OpenSSOUserSubject)
UserSubject(com.sun.identity.entitlement.UserSubject)
AttributeLookupCondition(com.sun.identity.entitlement.AttributeLookupCondition)
HashMap(java.util.HashMap)
PolicyPrivilegeManager(com.sun.identity.entitlement.opensso.PolicyPrivilegeManager)
PrivilegeManager(com.sun.identity.entitlement.PrivilegeManager)
OpenSSOUserSubject(com.sun.identity.entitlement.opensso.OpenSSOUserSubject)
Entitlement(com.sun.identity.entitlement.Entitlement)
Privilege(com.sun.identity.entitlement.Privilege)
PolicyPrivilegeManager(com.sun.identity.entitlement.opensso.PolicyPrivilegeManager)
Example 4 with Entitlement
use of com.sun.identity.entitlement.Entitlement in project OpenAM by OpenRock.
the class PrivilegeUtils method privilegeToPolicy.
public static Policy privilegeToPolicy(String realm, Privilege privilege) throws PolicyException, SSOException, EntitlementException {
Policy policy = new Policy(privilege.getName());
policy.setDescription(privilege.getDescription());
if (privilege.getEntitlement() != null) {
Entitlement entitlement = privilege.getEntitlement();
Set<Rule> rules = entitlementToRule(realm, entitlement);
for (Rule rule : rules) {
policy.addRule(rule);
}
}
EntitlementSubject es = privilege.getSubject();
if ((es != null) && (es != Privilege.NOT_SUBJECT)) {
Subject sbj = eSubjectToEPSubject(es);
policy.addSubject(getSubjectName(es), sbj, false);
}
EntitlementCondition ec = privilege.getCondition();
if (ec != null) {
Condition cond = eConditionToEPCondition(ec);
policy.addCondition(getConditionName(ec), cond);
}
if (privilege.getResourceAttributes() != null) {
Map<String, ResponseProvider> nrps = resourceAttributesToResponseProviders(privilege.getResourceAttributes());
for (String rpName : nrps.keySet()) {
ResponseProvider responseProvider = nrps.get(rpName);
policy.addResponseProvider(rpName, responseProvider);
}
}
policy.setCreatedBy(privilege.getCreatedBy());
policy.setCreationDate(privilege.getCreationDate());
policy.setLastModifiedBy(privilege.getLastModifiedBy());
policy.setLastModifiedDate(privilege.getLastModifiedDate());
return policy;
}
Also used :
Policy(com.sun.identity.policy.Policy)
EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject)
OrCondition(com.sun.identity.entitlement.OrCondition)
AndCondition(com.sun.identity.entitlement.AndCondition)
PrivilegeCondition(com.sun.identity.policy.plugins.PrivilegeCondition)
Condition(com.sun.identity.policy.interfaces.Condition)
EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition)
EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition)
IDRepoResponseProvider(com.sun.identity.policy.plugins.IDRepoResponseProvider)
ResponseProvider(com.sun.identity.policy.interfaces.ResponseProvider)
Rule(com.sun.identity.policy.Rule)
Entitlement(com.sun.identity.entitlement.Entitlement)
EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject)
PrivilegeSubject(com.sun.identity.policy.plugins.PrivilegeSubject)
Subject(com.sun.identity.policy.interfaces.Subject)
OrSubject(com.sun.identity.entitlement.OrSubject)
Example 5 with Entitlement
use of com.sun.identity.entitlement.Entitlement in project OpenAM by OpenRock.
the class ListPolicyNamesTest method createPrivilege.
private void createPrivilege(String name) throws EntitlementException {
Map<String, Boolean> actionValues = new HashMap<String, Boolean>();
actionValues.put("GET", Boolean.TRUE);
actionValues.put("POST", Boolean.FALSE);
String resourceName = "http://www.listpolicynamestest.com:80";
Entitlement entitlement = new Entitlement(APPL_NAME, resourceName, actionValues);
entitlement.setName("ent1");
String user = "id=demo,ou=user," + ServiceManager.getBaseDN();
OpenSSOUserSubject usersubj = new OpenSSOUserSubject();
usersubj.setID(user);
Privilege priv = Privilege.getNewInstance();
priv.setName(name);
priv.setEntitlement(entitlement);
priv.setSubject(usersubj);
pm.addPrivilege(priv);
}
Also used :
HashMap(java.util.HashMap)
OpenSSOUserSubject(com.sun.identity.entitlement.opensso.OpenSSOUserSubject)
Entitlement(com.sun.identity.entitlement.Entitlement)
Privilege(com.sun.identity.entitlement.Privilege)
Aggregations
Entitlement (com.sun.identity.entitlement.Entitlement)43
Privilege (com.sun.identity.entitlement.Privilege)19
HashMap (java.util.HashMap)19
HashSet (java.util.HashSet)19
EntitlementSubject (com.sun.identity.entitlement.EntitlementSubject)14
Test (org.testng.annotations.Test)14
Subject (javax.security.auth.Subject)13
EntitlementException (com.sun.identity.entitlement.EntitlementException)12
Evaluator (com.sun.identity.entitlement.Evaluator)9
Set (java.util.Set)9
JsonValue (org.forgerock.json.JsonValue)9
EntitlementCondition (com.sun.identity.entitlement.EntitlementCondition)8
SSOToken (com.iplanet.sso.SSOToken)7
OrSubject (com.sun.identity.entitlement.OrSubject)6
PrivilegeManager (com.sun.identity.entitlement.PrivilegeManager)6
ResourceAttribute (com.sun.identity.entitlement.ResourceAttribute)6
SSOException (com.iplanet.sso.SSOException)5
OpenSSOPrivilege (com.sun.identity.entitlement.opensso.OpenSSOPrivilege)5
OpenSSOUserSubject (com.sun.identity.entitlement.opensso.OpenSSOUserSubject)5
AuthenticatedUsers (org.forgerock.openam.entitlement.conditions.subject.AuthenticatedUsers)5
