Search in sources :

Example 31 with Privilege

use of com.sun.identity.entitlement.Privilege in project OpenAM by OpenRock.

the class JsonPolicyParserTest method shouldParseSimpleSubjects.

@Test
public void shouldParseSimpleSubjects() throws Exception {
    // Given
    JsonValue content = buildJson(field("subject", object(field("type", "AuthenticatedUsers"))));
    // When
    Privilege result = parser.parsePolicy(POLICY_NAME, content);
    // Then
    assertThat(result.getSubject()).isInstanceOf(AuthenticatedUsers.class);
}
Also used : JsonValue(org.forgerock.json.JsonValue) OpenSSOPrivilege(com.sun.identity.entitlement.opensso.OpenSSOPrivilege) Privilege(com.sun.identity.entitlement.Privilege) Test(org.testng.annotations.Test)

Example 32 with Privilege

use of com.sun.identity.entitlement.Privilege in project OpenAM by OpenRock.

the class JsonPolicyParserTest method shouldCorrectlyParseConditionTypes.

@Test
public void shouldCorrectlyParseConditionTypes() throws Exception {
    // Given
    String scope = "givenName";
    JsonValue content = buildJson(field("condition", object(field("type", "OAuth2Scope"), field("requiredScopes", array(scope)))));
    // When
    Privilege result = parser.parsePolicy(POLICY_NAME, content);
    // Then
    assertThat(result.getCondition()).isInstanceOf(OAuth2ScopeCondition.class);
    assertThat(((OAuth2ScopeCondition) result.getCondition()).getRequiredScopes()).isEqualTo(Collections.singleton(scope));
}
Also used : OAuth2ScopeCondition(org.forgerock.openam.entitlement.conditions.environment.OAuth2ScopeCondition) JsonValue(org.forgerock.json.JsonValue) OpenSSOPrivilege(com.sun.identity.entitlement.opensso.OpenSSOPrivilege) Privilege(com.sun.identity.entitlement.Privilege) Test(org.testng.annotations.Test)

Example 33 with Privilege

use of com.sun.identity.entitlement.Privilege in project OpenAM by OpenRock.

the class JsonPolicyParserTest method shouldUsePassedNameIfJsonNameIsMissing.

@Test
public void shouldUsePassedNameIfJsonNameIsMissing() throws Exception {
    // Given
    String name = "resourceName";
    JsonValue content = buildJson(null);
    // When
    Privilege result = parser.parsePolicy(name, content);
    // Then
    assertThat(result.getName()).isEqualTo(name);
}
Also used : JsonValue(org.forgerock.json.JsonValue) OpenSSOPrivilege(com.sun.identity.entitlement.opensso.OpenSSOPrivilege) Privilege(com.sun.identity.entitlement.Privilege) Test(org.testng.annotations.Test)

Example 34 with Privilege

use of com.sun.identity.entitlement.Privilege in project OpenAM by OpenRock.

the class JsonPolicyParserTest method shouldIgnoreTTLForPolicies.

@Test
public void shouldIgnoreTTLForPolicies() throws Exception {
    // Given
    long ttl = 1234l;
    JsonValue content = buildJson(field("ttl", ttl));
    // When
    Privilege result = parser.parsePolicy(POLICY_NAME, content);
    // Then
    assertThat(result.getEntitlement().getTTL()).isNotSameAs(ttl);
}
Also used : JsonValue(org.forgerock.json.JsonValue) OpenSSOPrivilege(com.sun.identity.entitlement.opensso.OpenSSOPrivilege) Privilege(com.sun.identity.entitlement.Privilege) Test(org.testng.annotations.Test)

Example 35 with Privilege

use of com.sun.identity.entitlement.Privilege in project OpenAM by OpenRock.

the class OpenProvisioning method createPolicy.

private void createPolicy(SSOToken adminToken) throws EntitlementException {
    PrivilegeManager pMgr = new PolicyPrivilegeManager(applicationServiceFactory, resourceTypeService, constraintValidator);
    pMgr.initialize("/", SubjectUtils.createSubject(adminToken));
    Map<String, Boolean> actionValues = new HashMap<String, Boolean>();
    actionValues.put("CREATE", Boolean.TRUE);
    actionValues.put("READ", Boolean.TRUE);
    actionValues.put("UPDATE", Boolean.TRUE);
    actionValues.put("DELETE", Boolean.TRUE);
    Entitlement entitlement = new Entitlement(APPLICATION, "/OP/*", actionValues);
    entitlement.setName("openProvisioningPrivilege");
    UserSubject sbj = new OpenSSOUserSubject();
    sbj.setID(jSmith.getUniversalId());
    AttributeLookupCondition cond = new AttributeLookupCondition("$USER.postaladdress", "$RES.postaladdress");
    Privilege privilege = Privilege.getNewInstance();
    privilege.setName(PRIVILEGE_NAME);
    privilege.setEntitlement(entitlement);
    privilege.setSubject(sbj);
    privilege.setCondition(cond);
    pMgr.add(privilege);
}
Also used : OpenSSOUserSubject(com.sun.identity.entitlement.opensso.OpenSSOUserSubject) UserSubject(com.sun.identity.entitlement.UserSubject) AttributeLookupCondition(com.sun.identity.entitlement.AttributeLookupCondition) HashMap(java.util.HashMap) PolicyPrivilegeManager(com.sun.identity.entitlement.opensso.PolicyPrivilegeManager) PrivilegeManager(com.sun.identity.entitlement.PrivilegeManager) OpenSSOUserSubject(com.sun.identity.entitlement.opensso.OpenSSOUserSubject) Entitlement(com.sun.identity.entitlement.Entitlement) Privilege(com.sun.identity.entitlement.Privilege) PolicyPrivilegeManager(com.sun.identity.entitlement.opensso.PolicyPrivilegeManager)

Aggregations

Privilege (com.sun.identity.entitlement.Privilege)122 Test (org.testng.annotations.Test)76 JsonValue (org.forgerock.json.JsonValue)46 OpenSSOPrivilege (com.sun.identity.entitlement.opensso.OpenSSOPrivilege)39 HashSet (java.util.HashSet)30 ReferralPrivilege (com.sun.identity.entitlement.ReferralPrivilege)26 EntitlementException (com.sun.identity.entitlement.EntitlementException)23 IPrivilege (com.sun.identity.entitlement.IPrivilege)23 Entitlement (com.sun.identity.entitlement.Entitlement)19 EntitlementSubject (com.sun.identity.entitlement.EntitlementSubject)18 PrivilegeManager (com.sun.identity.entitlement.PrivilegeManager)17 HashMap (java.util.HashMap)15 EntitlementCondition (com.sun.identity.entitlement.EntitlementCondition)13 ApplicationPrivilege (com.sun.identity.entitlement.ApplicationPrivilege)11 PolicyCondition (com.sun.identity.entitlement.opensso.PolicyCondition)10 Set (java.util.Set)9 SSOToken (com.iplanet.sso.SSOToken)8 PolicySubject (com.sun.identity.entitlement.opensso.PolicySubject)8 Subject (javax.security.auth.Subject)8 ResourceResponse (org.forgerock.json.resource.ResourceResponse)8