Example 1 with TypePermission
use of edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypePermission in project OA4MP by ncsa.
the class ClientServerTest method testRemove.
public void testRemove(CMTestStoreProvider tp2) throws Exception {
CC cc = setupClients(tp2);
// so approve this
ClientServer server = new ClientServer(tp2.getCOSE());
ApproveRequest approveRequest = RequestFactory.createRequest(cc.adminClient, new TypeClient(), new ActionApprove(), cc.client, null);
server.process(approveRequest);
assert tp2.getClientApprovalStore().containsKey(cc.client.getIdentifier());
assert tp2.getClientApprovalStore().get(cc.client.getIdentifier()).isApproved();
assert !tp2.getPermissionStore().get(cc.adminClient.getIdentifier(), cc.client.getIdentifier()).isEmpty();
AdminClient ac2 = getAdminClient(tp2.getAdminClientStore());
PermissionServer permissionServer = new PermissionServer(tp2.getCOSE());
AddClientRequest addClientRequest = RequestFactory.createRequest(ac2, new TypePermission(), new ActionAdd(), cc.client, null);
permissionServer.process(addClientRequest);
assert !tp2.getPermissionStore().get(ac2.getIdentifier(), cc.client.getIdentifier()).isEmpty();
// ok, so now we have a couple of admin clients with permissions on this client and it is approved. Let's
// see if everything gets cleaned out.
RemoveRequest removeRequest = RequestFactory.createRequest(cc.adminClient, new TypeClient(), new ActionRemove(), cc.client, null);
server.process(removeRequest);
assert !tp2.getClientStore().containsKey(cc.client.getIdentifier());
assert !tp2.getClientApprovalStore().containsKey(cc.client.getIdentifier());
assert tp2.getPermissionStore().get(cc.adminClient.getIdentifier(), cc.client.getIdentifier()).isEmpty();
assert tp2.getPermissionStore().get(ac2.getIdentifier(), cc.client.getIdentifier()).isEmpty();
}
Also used :
PermissionServer(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.cm.util.permissions.PermissionServer)
TypeClient(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypeClient)
TypePermission(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypePermission)
AdminClient(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.adminClient.AdminClient)
AddClientRequest(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.cm.util.permissions.AddClientRequest)
Example 2 with TypePermission
use of edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypePermission in project OA4MP by ncsa.
the class PermissionServerTest method testGetAdmins.
public void testGetAdmins(CMTestStoreProvider tp2) throws Exception {
int clientCount = 4;
CC cc = setupClients(tp2);
List<AdminClient> admins = new LinkedList<>();
for (int i = 0; i < clientCount; i++) {
AdminClient ac2 = getAdminClient(tp2.getAdminClientStore());
Permission p = tp2.getPermissionStore().create();
p.setDelete(true);
p.setRead(true);
p.setApprove(true);
p.setCreate(true);
p.setWrite(true);
p.setAdminID(ac2.getIdentifier());
p.setClientID(cc.client.getIdentifier());
tp2.getPermissionStore().save(p);
admins.add(ac2);
}
admins.add(cc.adminClient);
// need this list of identifiers later for checking that the returned result is correct.
List<Identifier> adminIDs = new LinkedList<>();
for (AdminClient ac : admins) {
adminIDs.add(ac.getIdentifier());
}
PermissionServer permissionServer = new PermissionServer(tp2.getCOSE());
// ListAdminsRequest req = new ListAdminsRequest(cc.adminClient, cc.client);
ListAdminsRequest req = (ListAdminsRequest) RequestFactory.createRequest(null, new TypePermission(), new ActionList(), cc.client, null);
ListAdminsResponse resp = (ListAdminsResponse) permissionServer.process(req);
// so add a bunch of admins for a single client and check that they all come back.
List<AdminClient> returnedACs = resp.getAdmins();
assert returnedACs.size() == admins.size();
for (AdminClient x : returnedACs) {
assert adminIDs.contains(x.getIdentifier());
}
}
Also used :
LinkedList(java.util.LinkedList)
Identifier(edu.uiuc.ncsa.security.core.Identifier)
TypePermission(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypePermission)
TypePermission(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypePermission)
Permission(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.permissions.Permission)
ActionList(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.actions.ActionList)
AdminClient(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.adminClient.AdminClient)
Example 3 with TypePermission
use of edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypePermission in project OA4MP by ncsa.
the class ClientServer method create.
public CreateResponse create(CreateRequest request) {
if (request.getAdminClient() != null && (request.getAdminClient().getIdentifier() == null || request.getAdminClient().getIdentifierString().length() == 0)) {
throw new GeneralException("Error: An admin client was specified, but no identifier for this client was given. Request rejected.");
}
// canCreate(request);
// requires and admin client and hashmap
ColumnMap values = new ColumnMap();
values.putAll(request.getAttributes());
// values.putAll(); // add all the values passed in
ClientKeys keys = (ClientKeys) getClientStore().getACConverter().getKeys();
OA2Client client = (OA2Client) getClientStore().create();
values.put(keys.identifier(), client.getIdentifier());
values.put(keys.creationTS(), client.getCreationTS());
String secret = null;
if (values.containsKey(keys.secret())) {
// if the secret is supplied, just store its hash
secret = (String) values.get(keys.secret());
} else {
// no secret means to create one.
byte[] bytes = new byte[cose.getClientSecretLength()];
random.nextBytes(bytes);
secret = Base64.encodeBase64URLSafeString(bytes);
}
String hash = DigestUtils.sha1Hex(secret);
values.put(keys.secret(), hash);
getClientStore().getACConverter().fromMap(values, client);
getClientStore().save(client);
// set the permissions for this.
if (request.getAdminClient() != null) {
// if there is no admin client, then do not set permissions for it. It is possible for a client to simply
// be created and manage itself.
PermissionServer permissionServer = new PermissionServer(cose);
permissionServer.process(RequestFactory.createRequest(request.getAdminClient(), new TypePermission(), new ActionAdd(), client, null));
}
// CIL-414 Make sure an approval record is created here so we can accurately track how many approvals are pending
ClientApproval approval = (ClientApproval) getClientApprovalStore().create();
approval.setApproved(false);
approval.setIdentifier(client.getIdentifier());
getClientApprovalStore().save(approval);
return new CreateResponse(client, secret);
}
Also used :
ColumnMap(edu.uiuc.ncsa.security.storage.sql.internals.ColumnMap)
OA2Client(edu.uiuc.ncsa.security.oauth_2_0.OA2Client)
PermissionServer(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.cm.util.permissions.PermissionServer)
GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException)
ClientApproval(edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval)
TypePermission(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypePermission)
ActionAdd(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.actions.ActionAdd)
ClientKeys(edu.uiuc.ncsa.security.delegation.storage.ClientKeys)
Example 4 with TypePermission
use of edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypePermission in project OA4MP by ncsa.
the class PermissionServerTest method testGetClients.
public void testGetClients(CMTestStoreProvider tp2) throws Exception {
int clientCount = 4;
CC cc = setupClients(tp2);
List<OA2Client> clients = new LinkedList<>();
for (int i = 0; i < clientCount; i++) {
OA2Client client2 = getOa2Client(tp2.getClientStore());
Permission p = tp2.getPermissionStore().create();
p.setDelete(true);
p.setRead(true);
p.setApprove(true);
p.setCreate(true);
p.setWrite(true);
p.setAdminID(cc.adminClient.getIdentifier());
p.setClientID(client2.getIdentifier());
tp2.getPermissionStore().save(p);
clients.add(client2);
}
clients.add(cc.client);
// need this list of identifiers later for checking that the returned result is correct.
List<Identifier> clientIDs = new LinkedList<>();
for (OA2Client ac : clients) {
clientIDs.add(ac.getIdentifier());
}
PermissionServer permissionServer = new PermissionServer(tp2.getCOSE());
ListClientsRequest req = (ListClientsRequest) RequestFactory.createRequest(cc.adminClient, new TypePermission(), new ActionList(), null, null);
ListClientResponse resp = (ListClientResponse) permissionServer.process(req);
// so add a bunch of admins for a single client and check that they all come back.
List<OA2Client> returnedACs = resp.getClients();
assert returnedACs.size() == clients.size();
for (OA2Client x : returnedACs) {
assert clientIDs.contains(x.getIdentifier());
}
}
Also used :
LinkedList(java.util.LinkedList)
OA2Client(edu.uiuc.ncsa.security.oauth_2_0.OA2Client)
Identifier(edu.uiuc.ncsa.security.core.Identifier)
TypePermission(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypePermission)
TypePermission(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypePermission)
Permission(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.permissions.Permission)
ActionList(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.actions.ActionList)
Example 5 with TypePermission
use of edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypePermission in project OA4MP by ncsa.
the class PermissionServerTest method addClient.
/**
* Adds a client to the permissions of an admin.
*
* @param tp2
* @throws Exception
*/
public void addClient(CMTestStoreProvider tp2) throws Exception {
AdminClient adminClient = getAdminClient(tp2.getAdminClientStore());
OA2Client client = getOa2Client(tp2.getClientStore());
PermissionServer permissionServer = new PermissionServer(tp2.getCOSE());
AddClientRequest req = RequestFactory.createRequest(adminClient, new TypePermission(), new ActionAdd(), client, null);
// AddClientRequest req = new AddClientRequest(adminClient, client);
AddClientResponse response = (AddClientResponse) permissionServer.process(req);
PermissionList permissionList = tp2.getPermissionStore().get(adminClient.getIdentifier(), client.getIdentifier());
try {
permissionList.canApprove();
permissionList.canCreate();
permissionList.canDelete();
permissionList.canRead();
permissionList.canWrite();
} catch (Throwable t) {
assert false : "failed to have correct permissions";
}
}
Also used :
OA2Client(edu.uiuc.ncsa.security.oauth_2_0.OA2Client)
PermissionList(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.permissions.PermissionList)
TypePermission(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypePermission)
ActionAdd(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.actions.ActionAdd)
AdminClient(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.adminClient.AdminClient)
Aggregations
TypePermission (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypePermission)6
AdminClient (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.adminClient.AdminClient)3
OA2Client (edu.uiuc.ncsa.security.oauth_2_0.OA2Client)3
PermissionServer (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.cm.util.permissions.PermissionServer)2
Permission (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.permissions.Permission)2
ActionAdd (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.actions.ActionAdd)2
ActionList (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.actions.ActionList)2
Identifier (edu.uiuc.ncsa.security.core.Identifier)2
LinkedList (java.util.LinkedList)2
AddClientRequest (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.cm.util.permissions.AddClientRequest)1
PermissionList (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.permissions.PermissionList)1
ActionRemove (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.actions.ActionRemove)1
TypeClient (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypeClient)1
GeneralException (edu.uiuc.ncsa.security.core.exceptions.GeneralException)1
ClientApproval (edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval)1
ClientKeys (edu.uiuc.ncsa.security.delegation.storage.ClientKeys)1
ColumnMap (edu.uiuc.ncsa.security.storage.sql.internals.ColumnMap)1
