Examples with IdmAuthorityChange eu.bcvsolutions.idm.core.model.entity.IdmAuthorityChange used on opensource projects

Example 11 with IdmAuthorityChange

use of eu.bcvsolutions.idm.core.model.entity.IdmAuthorityChange in project CzechIdMng by bcvsolutions.

the class PermissionsAuthorityChangeProcessorTest method testAddAuthorityUpdateUsers.

@Test
public void testAddAuthorityUpdateUsers() throws Exception {
    IdmRoleDto role = getTestRole();
    IdmIdentityDto i = getTestUser();
    IdmIdentityContractDto c = getTestContract(i);
    getTestIdentityRole(role, c);
    IdmAuthorityChange ac = acRepository.findOneByIdentity_Id(i.getId());
    Assert.assertNotNull(ac);
    Assert.assertNotNull(ac.getAuthChangeTimestamp());
    DateTime origChangeTime = ac.getAuthChangeTimestamp();
    sleep();
    getTransactionTemplate().execute(new TransactionCallback<Object>() {

        public Object doInTransaction(TransactionStatus transactionStatus) {
            getTestPolicy(role, IdmBasePermission.EXECUTE, IdmGroupPermission.APP);
            return null;
        }
    });
    ac = acRepository.findOneByIdentity_Id(i.getId());
    Assert.assertNotNull(ac);
    Assert.assertNotNull(ac.getAuthChangeTimestamp());
    Assert.assertTrue(origChangeTime.getMillis() < ac.getAuthChangeTimestamp().getMillis());
}

Example 12 with IdmAuthorityChange

use of eu.bcvsolutions.idm.core.model.entity.IdmAuthorityChange in project CzechIdMng by bcvsolutions.

the class IdentityRoleAddAuthoritiesProcessor method checkAddedPermissions.

private void checkAddedPermissions(IdmIdentityRoleDto identityRole) {
    IdmIdentityContract contract = contractRepository.findOne(identityRole.getIdentityContract());
    IdmIdentity identity = contract.getIdentity();
    List<IdmIdentityRoleDto> withoutAdded = identityRoleService.findAllByIdentity(identity.getId());
    withoutAdded.remove(identityRole);
    // represents the final authorities set after role removal
    Collection<? extends GrantedAuthority> original = authorityHierarchy.getReachableGrantedAuthorities(authoritiesFactory.getGrantedAuthoritiesForValidRoles(identity.getId(), withoutAdded));
    Collection<? extends GrantedAuthority> addedAuthorities = authorityHierarchy.getReachableGrantedAuthorities(authoritiesFactory.getGrantedAuthoritiesForValidRoles(identity.getId(), Collections.singletonList(identityRole)));
    if (!authoritiesFactory.containsAllAuthorities(original, addedAuthorities)) {
        // authorities were changed, update identity flag
        IdmAuthorityChange ac = repository.findOneByIdentity_Id(identity.getId());
        if (ac == null) {
            ac = new IdmAuthorityChange();
            ac.setIdentity(identity);
        }
        ac.authoritiesChanged();
        repository.save(ac);
    }
}

Example 13 with IdmAuthorityChange

use of eu.bcvsolutions.idm.core.model.entity.IdmAuthorityChange in project CzechIdMng by bcvsolutions.

the class IdentityRoleDeleteAuthoritiesProcessor method checkRevokedPermissions.

private void checkRevokedPermissions(IdmIdentityRoleDto identityRole) {
    IdmIdentityContract contract = contractRepository.findOne(identityRole.getIdentityContract());
    IdmIdentity identity = contract.getIdentity();
    List<IdmIdentityRoleDto> roles = identityRoleService.findAllByIdentity(identity.getId());
    roles.remove(identityRole);
    // represents the final authorities set after role removal
    Collection<? extends GrantedAuthority> withoutDeleted = authorityHierarchy.getReachableGrantedAuthorities(authoritiesFactory.getGrantedAuthoritiesForValidRoles(identity.getId(), roles));
    Collection<? extends GrantedAuthority> deletedAuthorities = authorityHierarchy.getReachableGrantedAuthorities(authoritiesFactory.getGrantedAuthoritiesForValidRoles(identity.getId(), Collections.singletonList(identityRole)));
    if (!authoritiesFactory.containsAllAuthorities(withoutDeleted, deletedAuthorities)) {
        // authorities were changed, update identity flag
        IdmAuthorityChange ac = repository.findOneByIdentity_Id(identity.getId());
        if (ac == null) {
            ac = new IdmAuthorityChange();
            ac.setIdentity(identity);
        }
        ac.authoritiesChanged();
        repository.save(ac);
    }
}

Example 14 with IdmAuthorityChange

use of eu.bcvsolutions.idm.core.model.entity.IdmAuthorityChange in project CzechIdMng by bcvsolutions.

the class DefaultIdmIdentityService method createAuthorityChange.

private void createAuthorityChange(Collection<IdmIdentity> withoutAuthChange, DateTime changeTime) {
    for (IdmIdentity identity : withoutAuthChange) {
        IdmAuthorityChange ac = new IdmAuthorityChange();
        ac.setAuthChangeTimestamp(changeTime);
        ac.setIdentity(identity);
        authChangeRepository.save(ac);
    }
}

Example 15 with IdmAuthorityChange

use of eu.bcvsolutions.idm.core.model.entity.IdmAuthorityChange in project CzechIdMng by bcvsolutions.

the class OAuthAuthenticationManagerTest method testAuthorityModification.

/**
 * Removing a role which grants authorities results in authentication
 * expiration.
 */
@Test
public void testAuthorityModification() {
    IdmIdentityDto i = getTestIdentity();
    IdmAuthorityChange ac = getAuthChange(i, DateTime.now());
    IdmJwtAuthentication authentication = getAuthentication(USER_NAME, DateTime.now().plusHours(1), DateTime.now().minusHours(1));
    when(identityService.getByUsername(USER_NAME)).thenReturn(i);
    when(acRepository.findOneByIdentity_Id(i.getId())).thenReturn(ac);
    try {
        authManager.authenticate(authentication);
        Assert.fail("Cannot authenticate identity with modified authorities.");
    } catch (ResultCodeException e) {
        Assert.assertEquals(CoreResultCode.AUTHORITIES_CHANGED.getStatus(), e.getStatus());
        Assert.assertEquals(CoreResultCode.AUTHORITIES_CHANGED.getMessage(), e.getMessage());
        verify(identityService).getByUsername(USER_NAME);
        verify(acRepository).findOneByIdentity_Id(i.getId());
    }
}