Example 6 with ConditionDecision
use of com.sun.identity.policy.ConditionDecision in project OpenAM by OpenRock.
the class AuthenticateToRealmConditionTest method testValidMixedCaseRealm.
@Test
public void testValidMixedCaseRealm() throws Exception {
Map<String, Set<String>> properties = new HashMap<String, Set<String>>(1);
Set<String> realm = new HashSet<String>(1);
realm.add("/vAliDrEalM");
properties.put(AuthenticateToRealmCondition.AUTHENTICATE_TO_REALM, realm);
AuthenticateToRealmCondition condition = new AuthenticateToRealmCondition();
condition.setProperties(properties);
Set<String> passedRealm = new HashSet<String>(1);
passedRealm.add("/ValidRealm");
Map<String, Set<String>> env = new HashMap<String, Set<String>>(1);
env.put(AuthenticateToRealmCondition.REQUEST_AUTHENTICATED_TO_REALMS, passedRealm);
ConditionDecision conditionDecision = condition.getConditionDecision(null, env);
assertTrue(conditionDecision.isAllowed());
}Example 7 with ConditionDecision
use of com.sun.identity.policy.ConditionDecision in project OpenAM by OpenRock.
the class AuthenticateToRealmConditionTest method testInValidRealm.
@Test
public void testInValidRealm() throws Exception {
Map<String, Set<String>> properties = new HashMap<String, Set<String>>(1);
Set<String> realm = new HashSet<String>(1);
realm.add("/InvalidRealm");
properties.put(AuthenticateToRealmCondition.AUTHENTICATE_TO_REALM, realm);
AuthenticateToRealmCondition condition = new AuthenticateToRealmCondition();
condition.setProperties(properties);
Set<String> passedRealm = new HashSet<String>(1);
passedRealm.add("/ValidRealm");
Map<String, Set<String>> env = new HashMap<String, Set<String>>(1);
env.put(AuthenticateToRealmCondition.REQUEST_AUTHENTICATED_TO_REALMS, passedRealm);
ConditionDecision conditionDecision = condition.getConditionDecision(null, env);
assertFalse(conditionDecision.isAllowed());
}Example 8 with ConditionDecision
use of com.sun.identity.policy.ConditionDecision in project OpenAM by OpenRock.
the class AuthenticateToServiceCondition method getConditionDecision.
/**
* Returns the decision computed by this condition object, based on the
* map of environment parameters
*
* @param token single sign on token of the user
*
* @param env request specific environment map of key/value pairs
* <code>AuthenticateToServiceCondition</code> looks for value of key
* <code>REQUEST_AUTHENTICATED_TO_SERVICES</code> in the map.
* The value should be a <code>Set</code> with <code>String</code>
* elements.
* If the <code>env</code> parameter is <code>null</code> or does not
* define the value for
* <code>REQUEST_AUTHENTICATED_TO_SERVICES</code>, value for
* <code>REQUEST_AUTHENTICATED_TO_SERVICES</code> is computed
* from sso token.
*
* @return the condition decision. The condition decision encapsulates
* whether a policy applies for the request and advice messages
* generated by the condition.
*
* Policy framework continues evaluating a policy only if it applies
* to the request as indicated by the <code>ConditionDecision</code>.
* Otherwise, further evaluation of the policy is skipped.
* However, the advice messages encapsulated in the
* <code>ConditionDecision</code> are aggregated and passed up, encapsulated
* in the policy decision.
*
* @throws PolicyException if the condition has not been initialized with a
* successful call to <code>setProperties(Map)</code> and/or the
* value of <code>REQUEST_AUTHENTICATED_TO_SERVICES</code>
* could not be determined.
* @throws SSOException if the token is invalid
*
* @see #setProperties(Map)
* @see #AUTHENTICATE_TO_SERVICE
* @see #REQUEST_AUTHENTICATED_TO_SERVICES
* @see com.sun.identity.policy.ConditionDecision
*/
public ConditionDecision getConditionDecision(SSOToken token, Map env) throws PolicyException, SSOException {
boolean allowed = false;
Set requestAuthnServices = new HashSet();
if ((env != null) && (env.get(REQUEST_AUTHENTICATED_TO_SERVICES) != null)) {
try {
requestAuthnServices = (Set) env.get(REQUEST_AUTHENTICATED_TO_SERVICES);
if (DEBUG.messageEnabled()) {
DEBUG.message("At AuthenticateToServiceCondition." + "getConditionDecision(): " + "requestAuthnServices from request = " + requestAuthnServices);
}
} catch (ClassCastException e) {
String[] args = { REQUEST_AUTHENTICATED_TO_SERVICES };
throw new PolicyException(ResBundleUtils.rbName, "property_is_not_a_Set", args, e);
}
} else {
if (token != null) {
Set authenticatedServices = AMAuthUtils.getRealmQualifiedAuthenticatedServices(token);
if (authenticatedServices != null) {
requestAuthnServices.addAll(authenticatedServices);
}
if (DEBUG.messageEnabled()) {
DEBUG.message("At AuthenticateToServiceCondition." + "getConditionDecision(): " + "requestAuthnServices from ssoToken = " + requestAuthnServices);
}
}
}
Set adviceMessages = new HashSet(1);
if (requestAuthnServices.contains(authenticateToService)) {
allowed = true;
} else if (realmEmpty) {
for (Iterator iter = requestAuthnServices.iterator(); iter.hasNext(); ) {
String requestAuthnService = (String) iter.next();
String service = AMAuthUtils.getDataFromRealmQualifiedData(requestAuthnService);
if (authenticateToService.equals(service)) {
allowed = true;
break;
}
}
}
if (!allowed) {
adviceMessages.add(authenticateToService);
if (DEBUG.messageEnabled()) {
DEBUG.message("At AuthenticateToServiceCondition." + "getConditionDecision():" + "authenticateToService not satisfied = " + authenticateToService);
}
}
if (DEBUG.messageEnabled()) {
DEBUG.message("At AuthenticateToServiceCondition." + "getConditionDecision():authenticateToService = " + authenticateToService + "," + " requestAuthnServices = " + requestAuthnServices + ", " + " allowed = " + allowed);
}
Map advices = new HashMap();
if (!allowed) {
advices.put(AUTHENTICATE_TO_SERVICE_CONDITION_ADVICE, adviceMessages);
}
return new ConditionDecision(allowed, advices);
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
PolicyException(com.sun.identity.policy.PolicyException)
HashMap(java.util.HashMap)
Iterator(java.util.Iterator)
HashMap(java.util.HashMap)
Map(java.util.Map)
ConditionDecision(com.sun.identity.policy.ConditionDecision)
HashSet(java.util.HashSet)
Example 9 with ConditionDecision
use of com.sun.identity.policy.ConditionDecision in project OpenAM by OpenRock.
the class UserSelfCheckCondition method getConditionDecision.
/**
* Gets the decision computed by this condition object.
*
* @param token single sign on token of the user
*
* @param env request specific environment map of key/value pairs.
*
* @return the condition decision. The condition decision
* encapsulates whether a policy applies for the request.
*
* Policy framework continues evaluating a policy only if it
* applies to the request as indicated by the CondtionDecision.
* Otherwise, further evaluation of the policy is skipped.
*
* @throws SSOException if the token is invalid
*/
public ConditionDecision getConditionDecision(SSOToken token, Map env) throws PolicyException, SSOException {
boolean allowed = false;
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition.getConditionDecision: " + "called with Token: " + token.getPrincipal().getName() + ", requestedResourcename: " + env.get(PolicyEvaluator.SUN_AM_REQUESTED_RESOURCE));
}
// Check if attributes in envMap are a subset of "attributes"
boolean attributeCheckOk = allowAllAttributes;
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition.getConditionDecision: " + "attributeCheckOk:" + attributeCheckOk);
}
Set attrSet = null;
if (!attributeCheckOk) {
Object o = env.get(ATTRIBUTES);
if (o != null && o instanceof Set) {
Set s = (Set) o;
if (!s.isEmpty()) {
attrSet = new CaseInsensitiveHashSet();
attrSet.addAll((Set) o);
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition." + "getConditionDecision: Is attributes " + attrSet + " subset of config attrs: " + attributes);
}
if (attributes.containsAll(attrSet)) {
attributeCheckOk = true;
}
}
} else if (debug.warningEnabled()) {
debug.warning("UserSelfCheckCondition.getConditionDecision " + "Invalid attribute set in env params");
}
}
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition.getConditionDecision: " + "attributes check:" + attributeCheckOk);
}
if (!attributeCheckOk && (notAttributes != null) && !(notAttributes.isEmpty())) {
if ((attrSet != null) && !(attrSet.isEmpty())) {
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition." + "getConditionDecision: Is attributes " + attrSet + " subset of notattrs:" + notAttributes);
}
Iterator it = attrSet.iterator();
for (int i = 0; it.hasNext(); i++) {
String attr = (String) it.next();
if ((notAttributes.contains(attr))) {
attributeCheckOk = false;
break;
}
// If notAttributes schema is defined and if
// none of the attributes are in NotAttributes set,
// then return true.
attributeCheckOk = true;
}
}
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition.getConditionDecision:" + " attributeCheckOk " + attributeCheckOk + " for notAttributes " + notAttributes);
}
}
if (attributeCheckOk) {
// Construct the users' resource string
StringBuffer name = new StringBuffer(100);
name.append(RESOURCE_PREFIX);
try {
AMIdentity id = IdUtils.getIdentity(token);
name.append(id.getRealm());
name.append(RESOURCE_NAME);
name.append(id.getType().getName()).append("/");
name.append(id.getName());
} catch (SSOException ssoe) {
// Debug it
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition." + "getConditionDecision: invalid sso token: " + ssoe.getMessage());
}
throw ssoe;
} catch (IdRepoException ide) {
// Debug it
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition." + "getConditionDecision IdRepo exception: ", ide);
}
throw new PolicyException(ide);
}
// Get the resource name from the env
Object o = env.get(PolicyEvaluator.SUN_AM_REQUESTED_RESOURCE);
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition.getConditionDecision:" + " name: " + name + " resource: " + o);
}
if (o != null) {
String resource = null;
if (o instanceof String) {
resource = (String) o;
} else if (o instanceof Set) {
resource = (String) ((Set) o).iterator().next();
} else if (debug.warningEnabled()) {
resource = "";
debug.warning("UserSelfCheckCondition." + "getConditionDecision: Unable to get resource name");
}
// compare the resource and the name
if (resource.equalsIgnoreCase(name.toString())) {
allowed = true;
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition." + "getConditionDecision: " + "returning true");
}
} else if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition." + "getConditionDecision:Resource names donot match: " + resource + " " + name);
}
}
}
return new ConditionDecision(allowed);
}
Also used :
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
ConditionDecision(com.sun.identity.policy.ConditionDecision)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
PolicyException(com.sun.identity.policy.PolicyException)
AMIdentity(com.sun.identity.idm.AMIdentity)
Example 10 with ConditionDecision
use of com.sun.identity.policy.ConditionDecision in project OpenAM by OpenRock.
the class AuthenticateToRealmConditionTest method testValidRealm.
@Test
public void testValidRealm() throws Exception {
Map<String, Set<String>> properties = new HashMap<String, Set<String>>(1);
Set<String> realm = new HashSet<String>(1);
realm.add("/ValidRealm");
properties.put(AuthenticateToRealmCondition.AUTHENTICATE_TO_REALM, realm);
AuthenticateToRealmCondition condition = new AuthenticateToRealmCondition();
condition.setProperties(properties);
Set<String> passedRealm = new HashSet<String>(3);
passedRealm.add("/Realm");
passedRealm.add("/ValidRealm");
passedRealm.add("/AnotherRealm");
Map<String, Set<String>> env = new HashMap<String, Set<String>>(1);
env.put(AuthenticateToRealmCondition.REQUEST_AUTHENTICATED_TO_REALMS, passedRealm);
ConditionDecision conditionDecision = condition.getConditionDecision(null, env);
assertTrue(conditionDecision.isAllowed());
}Aggregations
ConditionDecision (com.sun.identity.policy.ConditionDecision)14
HashSet (java.util.HashSet)12
Set (java.util.Set)12
HashMap (java.util.HashMap)11
PolicyException (com.sun.identity.policy.PolicyException)8
Map (java.util.Map)7
Test (org.testng.annotations.Test)4
SSOException (com.iplanet.sso.SSOException)3
CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)3
Iterator (java.util.Iterator)3
AMIdentity (com.sun.identity.idm.AMIdentity)2
IdRepoException (com.sun.identity.idm.IdRepoException)2
SSOToken (com.iplanet.sso.SSOToken)1
OrderedSet (com.sun.identity.shared.datastruct.OrderedSet)1
ServiceConfig (com.sun.identity.sm.ServiceConfig)1
ParseException (java.text.ParseException)1
