Search in sources :

Example 36 with IdmAuthorizationPolicyDto

use of eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto in project CzechIdMng by bcvsolutions.

the class RoleTransitiveEvaluatorsIntegrationTest method testUpdateAuthorizationPolicy.

@Test(expected = ForbiddenEntityException.class)
public void testUpdateAuthorizationPolicy() {
    IdmIdentityDto identity = createIdentityWithRole(true);
    // 
    try {
        loginService.login(new LoginDto(identity.getUsername(), identity.getPassword()));
        // 
        IdmAuthorizationPolicyDto policy = authorizationPolicyService.find(null, IdmBasePermission.READ).getContent().get(0);
        policy.setDisabled(true);
        authorizationPolicyService.save(policy, IdmBasePermission.UPDATE);
    } finally {
        logout();
    }
}
Also used : IdmAuthorizationPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 37 with IdmAuthorizationPolicyDto

use of eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto in project CzechIdMng by bcvsolutions.

the class RoleTransitiveEvaluatorsIntegrationTest method testDisabledPolicy.

@Test
public void testDisabledPolicy() {
    IdmIdentityDto identity = createIdentityWithRole(true);
    IdmRoleDto role = null;
    // before disbale
    try {
        loginService.login(new LoginDto(identity.getUsername(), identity.getPassword()));
        // 
        role = roleService.get(TEST_ROLE_ID, IdmBasePermission.READ);
        assertEquals(TEST_ROLE_ID, role.getId());
        assertEquals(1, roleService.find(null, IdmBasePermission.READ).getTotalElements());
        assertEquals(1, roleTreeNodeService.find(null, IdmBasePermission.READ).getTotalElements());
        assertEquals(3, authorizationPolicyService.find(null, IdmBasePermission.READ).getTotalElements());
    } finally {
        logout();
    }
    // 
    // disable policy
    loginAsAdmin(InitTestData.TEST_ADMIN_USERNAME);
    IdmAuthorizationPolicyFilter filter = new IdmAuthorizationPolicyFilter();
    filter.setRoleId(role.getId());
    filter.setAuthorizableType(IdmRole.class.getCanonicalName());
    IdmAuthorizationPolicyDto policy = authorizationPolicyService.find(filter, null).getContent().get(0);
    policy.setDisabled(true);
    authorizationPolicyService.save(policy);
    logout();
    // after disable
    try {
        loginService.login(new LoginDto(identity.getUsername(), identity.getPassword()));
        // 
        assertEquals(0, roleService.find(null, IdmBasePermission.READ).getTotalElements());
        assertEquals(0, roleTreeNodeService.find(null, IdmBasePermission.READ).getTotalElements());
        assertEquals(0, authorizationPolicyService.find(null, IdmBasePermission.READ).getTotalElements());
    } finally {
        logout();
    }
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmAuthorizationPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto) IdmRole(eu.bcvsolutions.idm.core.model.entity.IdmRole) IdmAuthorizationPolicyFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmAuthorizationPolicyFilter) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 38 with IdmAuthorizationPolicyDto

use of eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto in project CzechIdMng by bcvsolutions.

the class RoleTransitiveEvaluatorsIntegrationTest method createIdentityWithRole.

private IdmIdentityDto createIdentityWithRole(boolean transitive) {
    TEST_ROLE_ID = UUID.randomUUID();
    loginAsAdmin(InitTestData.TEST_ADMIN_USERNAME);
    IdmRoleDto role = helper.createRole(TEST_ROLE_ID, null);
    IdmTreeNodeDto treeNode = helper.createTreeNode();
    helper.createRoleTreeNode(role, treeNode, true);
    // self policy
    IdmAuthorizationPolicyDto readRolePolicy = new IdmAuthorizationPolicyDto();
    readRolePolicy.setPermissions(IdmBasePermission.READ);
    readRolePolicy.setRole(role.getId());
    readRolePolicy.setGroupPermission(CoreGroupPermission.ROLE.getName());
    readRolePolicy.setAuthorizableType(IdmRole.class.getCanonicalName());
    readRolePolicy.setEvaluator(CodeableEvaluator.class);
    readRolePolicy.getEvaluatorProperties().put(CodeableEvaluator.PARAMETER_IDENTIFIER, role.getId());
    authorizationPolicyService.save(readRolePolicy);
    if (transitive) {
        // create transitive policies
        IdmAuthorizationPolicyDto readRoleTreeNodePolicy = new IdmAuthorizationPolicyDto();
        readRoleTreeNodePolicy.setRole(role.getId());
        readRoleTreeNodePolicy.setGroupPermission(CoreGroupPermission.ROLETREENODE.getName());
        readRoleTreeNodePolicy.setAuthorizableType(IdmRoleTreeNode.class.getCanonicalName());
        readRoleTreeNodePolicy.setEvaluator(RoleTreeNodeByRoleEvaluator.class);
        authorizationPolicyService.save(readRoleTreeNodePolicy);
        // 
        IdmAuthorizationPolicyDto readAuthoritiesPolicy = new IdmAuthorizationPolicyDto();
        readAuthoritiesPolicy.setRole(role.getId());
        readAuthoritiesPolicy.setGroupPermission(CoreGroupPermission.AUTHORIZATIONPOLICY.getName());
        readAuthoritiesPolicy.setAuthorizableType(IdmAuthorizationPolicy.class.getCanonicalName());
        readAuthoritiesPolicy.setEvaluator(AuthorizationPolicyByRoleEvaluator.class);
        authorizationPolicyService.save(readAuthoritiesPolicy);
    }
    // prepare identity
    IdmIdentityDto identity = helper.createIdentity();
    identity.setPassword(new GuardedString("heslo"));
    identity = identityService.save(identity);
    // assign role
    helper.createIdentityRole(identity, role);
    logout();
    // 
    return identity;
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmRoleTreeNode(eu.bcvsolutions.idm.core.model.entity.IdmRoleTreeNode) IdmAuthorizationPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto) IdmRole(eu.bcvsolutions.idm.core.model.entity.IdmRole) IdmTreeNodeDto(eu.bcvsolutions.idm.core.api.dto.IdmTreeNodeDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmAuthorizationPolicy(eu.bcvsolutions.idm.core.model.entity.IdmAuthorizationPolicy)

Example 39 with IdmAuthorizationPolicyDto

use of eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto in project CzechIdMng by bcvsolutions.

the class DefaultAuthorizationManagerIntegrationTest method testFindValidPoliciesWithInvalidIdentityContractByDates.

@Test
@Transactional
public void testFindValidPoliciesWithInvalidIdentityContractByDates() {
    try {
        loginAsAdmin(InitTestData.TEST_USER_1);
        // prepare role
        IdmRoleDto role = helper.createRole();
        IdmRoleDto role2 = helper.createRole();
        helper.createUuidPolicy(role.getId(), role.getId(), IdmBasePermission.READ);
        helper.createBasePolicy(role2.getId(), IdmBasePermission.AUTOCOMPLETE);
        // prepare identity
        IdmIdentityDto identity = helper.createIdentity();
        // assign role
        helper.createIdentityRole(identity, role);
        IdmIdentityContractDto contract = new IdmIdentityContractDto();
        contract.setIdentity(identity.getId());
        contract.setPosition("position-" + System.currentTimeMillis());
        contract.setValidFrom(new LocalDate().plusDays(1));
        contract = identityContractService.save(contract);
        helper.createIdentityRole(contract, role2);
        // 
        List<IdmAuthorizationPolicyDto> policies = service.getEnabledPolicies(identity.getId(), IdmRole.class);
        assertEquals(1, policies.size());
        assertEquals(role.getId(), policies.get(0).getRole());
    } finally {
        logout();
    }
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmAuthorizationPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) LocalDate(org.joda.time.LocalDate) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Example 40 with IdmAuthorizationPolicyDto

use of eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto in project CzechIdMng by bcvsolutions.

the class DefaultAuthorizationManagerIntegrationTest method testFindValidPoliciesWithInvalidRole.

@Test
@Transactional
public void testFindValidPoliciesWithInvalidRole() {
    try {
        loginAsAdmin(InitTestData.TEST_USER_1);
        // prepare role
        IdmRoleDto role = helper.createRole();
        IdmRoleDto role2 = helper.createRole();
        role2.setDisabled(true);
        roleService.save(role2);
        helper.createUuidPolicy(role.getId(), role.getId(), IdmBasePermission.READ);
        helper.createBasePolicy(role2.getId(), IdmBasePermission.AUTOCOMPLETE);
        // prepare identity
        IdmIdentityDto identity = helper.createIdentity();
        // assign role
        helper.createIdentityRole(identity, role);
        helper.createIdentityRole(identity, role2);
        // 
        List<IdmAuthorizationPolicyDto> policies = service.getEnabledPolicies(identity.getId(), IdmRole.class);
        assertEquals(1, policies.size());
        assertEquals(role.getId(), policies.get(0).getRole());
    } finally {
        logout();
    }
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmAuthorizationPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Aggregations

IdmAuthorizationPolicyDto (eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto)41 Test (org.junit.Test)25 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)23 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)22 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)18 IdmRole (eu.bcvsolutions.idm.core.model.entity.IdmRole)16 LoginDto (eu.bcvsolutions.idm.core.security.api.dto.LoginDto)14 GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)11 AbstractUnitTest (eu.bcvsolutions.idm.test.api.AbstractUnitTest)7 AccAccount (eu.bcvsolutions.idm.acc.entity.AccAccount)6 AccAccountDto (eu.bcvsolutions.idm.acc.dto.AccAccountDto)5 SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)5 UUID (java.util.UUID)5 Transactional (org.springframework.transaction.annotation.Transactional)5 IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)4 IdmConfiguration (eu.bcvsolutions.idm.core.model.entity.IdmConfiguration)4 IdmIdentity (eu.bcvsolutions.idm.core.model.entity.IdmIdentity)4 IcConnectorObject (eu.bcvsolutions.idm.ic.api.IcConnectorObject)4 LocalDateTime (org.joda.time.LocalDateTime)4 AccIdentityAccountDto (eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)3