Search in sources :

Example 26 with Entitlement

use of com.sun.identity.entitlement.Entitlement in project OpenAM by OpenRock.

the class OpenSSOApplicationPrivilegeManager method toApplicationPrivilege.

private ApplicationPrivilege toApplicationPrivilege(Privilege p) throws EntitlementException {
    ApplicationPrivilege ap = new ApplicationPrivilege(p.getName());
    ap.setDescription(p.getDescription());
    ap.setCreatedBy(p.getCreatedBy());
    ap.setCreationDate(p.getCreationDate());
    ap.setLastModifiedBy(p.getLastModifiedBy());
    ap.setLastModifiedDate(p.getLastModifiedDate());
    Entitlement ent = p.getEntitlement();
    Set<String> resourceNames = ent.getResourceNames();
    Map<String, Set<String>> mapAppToRes = getApplicationPrivilegeResourceNames(resourceNames);
    ap.setApplicationResources(mapAppToRes);
    ap.setActionValues(getActionValues(ent.getActionValues()));
    Set<SubjectImplementation> subjects = new HashSet<SubjectImplementation>();
    if (p.getSubject() instanceof OrSubject) {
        OrSubject orSubject = (OrSubject) p.getSubject();
        for (EntitlementSubject es : orSubject.getESubjects()) {
            if (es instanceof SubjectImplementation) {
                subjects.add((SubjectImplementation) es);
            }
        }
    } else if (p.getSubject() instanceof SubjectImplementation) {
        subjects.add((SubjectImplementation) p.getSubject());
    }
    ap.setSubject(subjects);
    EntitlementCondition cond = p.getCondition();
    if (cond instanceof SimpleTimeCondition) {
        ap.setCondition(cond);
    }
    return ap;
}
Also used : EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition) HashSet(java.util.HashSet) Set(java.util.Set) SimpleTimeCondition(org.forgerock.openam.entitlement.conditions.environment.SimpleTimeCondition) OrSubject(com.sun.identity.entitlement.OrSubject) EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject) ApplicationPrivilege(com.sun.identity.entitlement.ApplicationPrivilege) SubjectImplementation(com.sun.identity.entitlement.SubjectImplementation) Entitlement(com.sun.identity.entitlement.Entitlement) HashSet(java.util.HashSet)

Example 27 with Entitlement

use of com.sun.identity.entitlement.Entitlement in project OpenAM by OpenRock.

the class PolicyResourceEvaluationTest method shouldMakeTreeEvaluation.

@Test
public void shouldMakeTreeEvaluation() throws EntitlementException {
    // Given...
    given(request.getAction()).willReturn("evaluateTree");
    Context context = buildContextStructure("/abc");
    given(requestFactory.buildRequest(PolicyAction.TREE_EVALUATE, context, request)).willReturn(policyRequest);
    given(policyRequest.getRestSubject()).willReturn(restSubject);
    given(policyRequest.getApplication()).willReturn("some-application");
    given(factory.getEvaluator(restSubject, "some-application")).willReturn(evaluator);
    given(policyRequest.getApplication()).willReturn("some-application");
    given(policyRequest.getRealm()).willReturn("/abc");
    List<Entitlement> decisions = Arrays.asList(new Entitlement());
    given(evaluator.routePolicyRequest(policyRequest)).willReturn(decisions);
    JsonValue jsonDecision = JsonValue.json(array());
    given(parser.printEntitlements(decisions)).willReturn(jsonDecision);
    // When...
    Promise<ActionResponse, ResourceException> promise = policyResource.actionCollection(context, request);
    // Then...
    verify(request).getAction();
    verify(requestFactory).buildRequest(PolicyAction.TREE_EVALUATE, context, request);
    verify(policyRequest).getRestSubject();
    verify(policyRequest, times(2)).getApplication();
    verify(policyRequest).getRealm();
    verify(factory).getEvaluator(restSubject, "some-application");
    verify(evaluator).routePolicyRequest(policyRequest);
    verify(parser).printEntitlements(decisions);
    assertThat(promise).succeeded().withContent().isEqualTo(jsonDecision);
    verifyNoMoreInteractions(request, subjectContext, requestFactory, policyRequest, factory, evaluator, parser);
}
Also used : ClientContext(org.forgerock.services.context.ClientContext) RealmContext(org.forgerock.openam.rest.RealmContext) Context(org.forgerock.services.context.Context) SubjectContext(org.forgerock.openam.rest.resource.SubjectContext) JsonValue(org.forgerock.json.JsonValue) ResourceException(org.forgerock.json.resource.ResourceException) Entitlement(com.sun.identity.entitlement.Entitlement) ActionResponse(org.forgerock.json.resource.ActionResponse) Test(org.testng.annotations.Test)

Example 28 with Entitlement

use of com.sun.identity.entitlement.Entitlement in project OpenAM by OpenRock.

the class JsonPolicyParserTest method shouldNotPrintPolicyAttributes.

@Test
public void shouldNotPrintPolicyAttributes() throws Exception {
    // Given
    Privilege policy = new StubPrivilege();
    policy.setEntitlement(new Entitlement());
    policy.getEntitlement().setAttributes(Collections.singletonMap("one", CollectionUtils.asSet("two")));
    // When
    JsonValue result = parser.printPolicy(policy);
    // Then
    // Attributes should not appear on the policy entitlement
    assertThat(result.get("attributes").asMapOfList(String.class)).isNullOrEmpty();
}
Also used : JsonValue(org.forgerock.json.JsonValue) OpenSSOPrivilege(com.sun.identity.entitlement.opensso.OpenSSOPrivilege) Privilege(com.sun.identity.entitlement.Privilege) Entitlement(com.sun.identity.entitlement.Entitlement) Test(org.testng.annotations.Test)

Example 29 with Entitlement

use of com.sun.identity.entitlement.Entitlement in project OpenAM by OpenRock.

the class JsonPolicyParserTest method shouldPrintPolicyResourceSet.

@Test
public void shouldPrintPolicyResourceSet() throws Exception {
    // Given
    Privilege policy = new StubPrivilege();
    Set<String> included = CollectionUtils.asSet("one", "two", "three");
    Entitlement resources = new Entitlement();
    resources.setResourceNames(included);
    policy.setEntitlement(resources);
    // When
    JsonValue result = parser.printPolicy(policy);
    // Then
    assertThat(result.get("resources").asList()).containsOnly(included.toArray());
}
Also used : JsonValue(org.forgerock.json.JsonValue) OpenSSOPrivilege(com.sun.identity.entitlement.opensso.OpenSSOPrivilege) Privilege(com.sun.identity.entitlement.Privilege) Entitlement(com.sun.identity.entitlement.Entitlement) Test(org.testng.annotations.Test)

Example 30 with Entitlement

use of com.sun.identity.entitlement.Entitlement in project OpenAM by OpenRock.

the class JsonPolicyParserTest method shouldPrintPolicyActionValues.

@Test
public void shouldPrintPolicyActionValues() throws Exception {
    // Given
    Privilege policy = new StubPrivilege();
    policy.setEntitlement(new Entitlement());
    Map<String, Boolean> actionValues = new HashMap<String, Boolean>();
    actionValues.put("one", true);
    actionValues.put("two", false);
    policy.getEntitlement().setActionValues(actionValues);
    // When
    JsonValue result = parser.printPolicy(policy);
    // Then
    assertThat(result.get("actionValues").asMap(Boolean.class)).isEqualTo(actionValues);
}
Also used : HashMap(java.util.HashMap) JsonValue(org.forgerock.json.JsonValue) OpenSSOPrivilege(com.sun.identity.entitlement.opensso.OpenSSOPrivilege) Privilege(com.sun.identity.entitlement.Privilege) Entitlement(com.sun.identity.entitlement.Entitlement) Test(org.testng.annotations.Test)

Aggregations

Entitlement (com.sun.identity.entitlement.Entitlement)43 Privilege (com.sun.identity.entitlement.Privilege)19 HashMap (java.util.HashMap)19 HashSet (java.util.HashSet)19 EntitlementSubject (com.sun.identity.entitlement.EntitlementSubject)14 Test (org.testng.annotations.Test)14 Subject (javax.security.auth.Subject)13 EntitlementException (com.sun.identity.entitlement.EntitlementException)12 Evaluator (com.sun.identity.entitlement.Evaluator)9 Set (java.util.Set)9 JsonValue (org.forgerock.json.JsonValue)9 EntitlementCondition (com.sun.identity.entitlement.EntitlementCondition)8 SSOToken (com.iplanet.sso.SSOToken)7 OrSubject (com.sun.identity.entitlement.OrSubject)6 PrivilegeManager (com.sun.identity.entitlement.PrivilegeManager)6 ResourceAttribute (com.sun.identity.entitlement.ResourceAttribute)6 SSOException (com.iplanet.sso.SSOException)5 OpenSSOPrivilege (com.sun.identity.entitlement.opensso.OpenSSOPrivilege)5 OpenSSOUserSubject (com.sun.identity.entitlement.opensso.OpenSSOUserSubject)5 AuthenticatedUsers (org.forgerock.openam.entitlement.conditions.subject.AuthenticatedUsers)5