Examples with GuardedString eu.bcvsolutions.idm.core.security.api.domain.GuardedString used on opensource projects

Search in sources :

Example 61 with GuardedString

use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.

the class RoleAccountByRoleEvaluatorIntegrationTest method createIdentityWithRole.

private IdmIdentityDto createIdentityWithRole(boolean transitive) {
    loginAsAdmin(InitTestData.TEST_ADMIN_USERNAME);
    IdmRoleDto role = helper.createRole();
    TEST_ROLE_ID = role.getId();
    // self policy
    IdmAuthorizationPolicyDto readRolePolicy = new IdmAuthorizationPolicyDto();
    readRolePolicy.setPermissions(IdmBasePermission.READ);
    readRolePolicy.setRole(role.getId());
    readRolePolicy.setGroupPermission(CoreGroupPermission.ROLE.getName());
    readRolePolicy.setAuthorizableType(IdmRole.class.getCanonicalName());
    readRolePolicy.setEvaluator(CodeableEvaluator.class);
    readRolePolicy.getEvaluatorProperties().put(CodeableEvaluator.PARAMETER_IDENTIFIER, role.getId());
    authorizationPolicyService.save(readRolePolicy);
    if (transitive) {
        // create transitive policies
        IdmAuthorizationPolicyDto readAuthoritiesPolicy = new IdmAuthorizationPolicyDto();
        readAuthoritiesPolicy.setRole(role.getId());
        readAuthoritiesPolicy.setGroupPermission(CoreGroupPermission.AUTHORIZATIONPOLICY.getName());
        readAuthoritiesPolicy.setAuthorizableType(IdmAuthorizationPolicy.class.getCanonicalName());
        readAuthoritiesPolicy.setEvaluator(AuthorizationPolicyByRoleEvaluator.class);
        authorizationPolicyService.save(readAuthoritiesPolicy);
        IdmAuthorizationPolicyDto readRoleAccountPolicy = new IdmAuthorizationPolicyDto();
        readRoleAccountPolicy.setRole(role.getId());
        readRoleAccountPolicy.setGroupPermission(AccGroupPermission.ROLEACCOUNT.getName());
        readRoleAccountPolicy.setAuthorizableType(AccRoleAccount.class.getCanonicalName());
        readRoleAccountPolicy.setEvaluator(RoleAccountByRoleEvaluator.class);
        authorizationPolicyService.save(readRoleAccountPolicy);
    }
    // prepare identity
    IdmIdentityDto identity = helper.createIdentity();
    identity.setPassword(new GuardedString("heslo"));
    identity = identityService.save(identity);
    // assign role
    helper.createIdentityRole(identity, role);
    logout();
    // 
    return identity;
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) IdmAuthorizationPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto) IdmRole(eu.bcvsolutions.idm.core.model.entity.IdmRole) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmAuthorizationPolicy(eu.bcvsolutions.idm.core.model.entity.IdmAuthorizationPolicy) AccRoleAccount(eu.bcvsolutions.idm.acc.entity.AccRoleAccount)

Example 62 with GuardedString

use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.

the class DefaultProvisioningExecutorIntegrationTest method testDisabledSystem.

@Test
public void testDisabledSystem() {
    SysSystemDto system = helper.createTestResourceSystem(true);
    system.setDisabled(true);
    system = systemService.save(system);
    // 
    ProvisioningAttributeDto usernameAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_NAME);
    ProvisioningAttributeDto firstNameAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_FIRSTNAME);
    ProvisioningAttributeDto lastNameAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_LASTNAME);
    ProvisioningAttributeDto passwordAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_PASSWORD);
    // 
    // create test provisioning context
    SysProvisioningOperationDto provisioningOperation = createProvisioningOperation(system, "firstname");
    IcObjectClass objectClass = provisioningOperation.getProvisioningContext().getConnectorObject().getObjectClass();
    Map<ProvisioningAttributeDto, Object> accoutObject = provisioningOperation.getProvisioningContext().getAccountObject();
    String uid = (String) accoutObject.get(usernameAttribute);
    GuardedString password = (GuardedString) accoutObject.get(passwordAttribute);
    // 
    // publish event
    provisioningExecutor.execute(provisioningOperation);
    // is necessary to get again operation from service
    SysProvisioningOperationFilter filter = new SysProvisioningOperationFilter();
    filter.setSystemEntity(provisioningOperation.getSystemEntity());
    filter.setSystemId(system.getId());
    SysProvisioningOperationDto operation = provisioningOperationService.find(filter, null).getContent().get(0);
    // 
    assertEquals(OperationState.NOT_EXECUTED, operation.getResultState());
    assertEquals(AccResultCode.PROVISIONING_SYSTEM_DISABLED.name(), operation.getResult().getModel().getStatusEnum());
    // 
    IcUidAttribute uidAttribute = new IcUidAttributeImpl(null, uid, null);
    IcConnectorObject existsConnectorObject = connectorFacade.readObject(system.getConnectorInstance(), systemService.getConnectorConfiguration(system), objectClass, uidAttribute);
    // 
    assertNull(existsConnectorObject);
    // password is stored in confidential storage
    assertNotNull(confidentialStorage.get(operation.getId(), SysProvisioningOperation.class, provisioningOperationService.createAccountObjectPropertyKey(passwordAttribute.getKey(), 0)));
    // 
    system.setDisabled(false);
    system = systemService.save(system);
    // 
    provisioningExecutor.execute(operation);
    // 
    // check target account
    existsConnectorObject = connectorFacade.readObject(system.getConnectorInstance(), systemService.getConnectorConfiguration(system), objectClass, uidAttribute);
    // 
    assertNotNull(existsConnectorObject);
    assertEquals(uid, existsConnectorObject.getUidValue());
    assertEquals(accoutObject.get(firstNameAttribute), existsConnectorObject.getAttributeByName(TestHelper.ATTRIBUTE_MAPPING_FIRSTNAME).getValue());
    assertEquals(accoutObject.get(lastNameAttribute), existsConnectorObject.getAttributeByName(TestHelper.ATTRIBUTE_MAPPING_LASTNAME).getValue());
    // authenticate for password check
    IcUidAttribute attribute = connectorFacade.authenticateObject(system.getConnectorInstance(), systemService.getConnectorConfiguration(system), objectClass, uid, password);
    assertNotNull(attribute);
    assertEquals(uid, attribute.getUidValue());
    // password is removed in confidential storage
    assertNull(confidentialStorage.get(operation.getId(), SysProvisioningOperation.class, provisioningOperationService.createAccountObjectPropertyKey(passwordAttribute.getKey(), 0)));
}
Also used : SysProvisioningOperationFilter(eu.bcvsolutions.idm.acc.dto.filter.SysProvisioningOperationFilter) ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) SysProvisioningOperation(eu.bcvsolutions.idm.acc.entity.SysProvisioningOperation) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) IcUidAttributeImpl(eu.bcvsolutions.idm.ic.impl.IcUidAttributeImpl) IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) IcUidAttribute(eu.bcvsolutions.idm.ic.api.IcUidAttribute) SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 63 with GuardedString

use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.

the class DefaultProvisioningExecutorIntegrationTest method testGreenLineAccountProvisioning.

@Test
public void testGreenLineAccountProvisioning() {
    SysSystemDto system = helper.createTestResourceSystem(true);
    ProvisioningAttributeDto usernameAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_NAME);
    ProvisioningAttributeDto firstNameAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_FIRSTNAME);
    ProvisioningAttributeDto lastNameAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_LASTNAME);
    ProvisioningAttributeDto passwordAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_PASSWORD);
    // 
    // create test provisioning context
    SysProvisioningOperationDto provisioningOperation = createProvisioningOperation(system, "firstname");
    IcObjectClass objectClass = provisioningOperation.getProvisioningContext().getConnectorObject().getObjectClass();
    Map<ProvisioningAttributeDto, Object> accoutObject = provisioningOperation.getProvisioningContext().getAccountObject();
    String uid = (String) accoutObject.get(usernameAttribute);
    GuardedString password = (GuardedString) accoutObject.get(passwordAttribute);
    // 
    // publish event
    provisioningExecutor.execute(provisioningOperation);
    // 
    // check target account
    IcUidAttribute uidAttribute = new IcUidAttributeImpl(null, uid, null);
    IcConnectorObject existsConnectorObject = connectorFacade.readObject(system.getConnectorInstance(), systemService.getConnectorConfiguration(system), objectClass, uidAttribute);
    // 
    assertNotNull(existsConnectorObject);
    assertEquals(uid, existsConnectorObject.getUidValue());
    assertEquals(accoutObject.get(firstNameAttribute), existsConnectorObject.getAttributeByName(TestHelper.ATTRIBUTE_MAPPING_FIRSTNAME).getValue());
    assertEquals(accoutObject.get(lastNameAttribute), existsConnectorObject.getAttributeByName(TestHelper.ATTRIBUTE_MAPPING_LASTNAME).getValue());
    // authenticate for password check
    IcUidAttribute attribute = connectorFacade.authenticateObject(system.getConnectorInstance(), systemService.getConnectorConfiguration(system), objectClass, uid, password);
    assertNotNull(attribute);
    assertEquals(uid, attribute.getUidValue());
    // 
    // check system entity
    SysSystemEntityDto systemEntity = systemEntityService.getBySystemAndEntityTypeAndUid(system, SystemEntityType.IDENTITY, uid);
    assertFalse(systemEntity.isWish());
}
Also used : IcUidAttributeImpl(eu.bcvsolutions.idm.ic.impl.IcUidAttributeImpl) IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) IcUidAttribute(eu.bcvsolutions.idm.ic.api.IcUidAttribute) SysSystemEntityDto(eu.bcvsolutions.idm.acc.dto.SysSystemEntityDto) SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 64 with GuardedString

use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.

the class DefaultProvisioningExecutorIntegrationTest method testReadonlySystem.

@Test
public void testReadonlySystem() {
    SysSystemDto system = helper.createTestResourceSystem(true);
    system.setReadonly(true);
    system = systemService.save(system);
    ProvisioningAttributeDto usernameAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_NAME);
    ProvisioningAttributeDto firstNameAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_FIRSTNAME);
    ProvisioningAttributeDto lastNameAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_LASTNAME);
    ProvisioningAttributeDto passwordAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_PASSWORD);
    // 
    // create test provisioning context
    SysProvisioningOperationDto provisioningOperation = createProvisioningOperation(system, "firstname");
    IcObjectClass objectClass = provisioningOperation.getProvisioningContext().getConnectorObject().getObjectClass();
    Map<ProvisioningAttributeDto, Object> accoutObject = provisioningOperation.getProvisioningContext().getAccountObject();
    String uid = (String) accoutObject.get(usernameAttribute);
    GuardedString password = (GuardedString) accoutObject.get(passwordAttribute);
    // 
    // publish event
    provisioningExecutor.execute(provisioningOperation);
    // is necessary to get again operation from service
    SysProvisioningOperationFilter filter = new SysProvisioningOperationFilter();
    filter.setSystemEntity(provisioningOperation.getSystemEntity());
    filter.setSystemId(system.getId());
    SysProvisioningOperationDto readOnlyoperation = provisioningOperationService.find(filter, null).getContent().get(0);
    // 
    assertEquals(OperationState.NOT_EXECUTED, readOnlyoperation.getResultState());
    assertEquals(AccResultCode.PROVISIONING_SYSTEM_READONLY.name(), readOnlyoperation.getResult().getModel().getStatusEnum());
    // 
    IcUidAttribute uidAttribute = new IcUidAttributeImpl(null, uid, null);
    IcConnectorObject existsConnectorObject = connectorFacade.readObject(system.getConnectorInstance(), systemService.getConnectorConfiguration(system), objectClass, uidAttribute);
    // 
    assertNull(existsConnectorObject);
    // passwords are stored in confidential storage
    assertNotNull(confidentialStorage.get(readOnlyoperation.getId(), SysProvisioningOperation.class, provisioningOperationService.createAccountObjectPropertyKey(passwordAttribute.getKey(), 0)));
    assertNotNull(confidentialStorage.get(readOnlyoperation.getId(), SysProvisioningOperation.class, provisioningOperationService.createConnectorObjectPropertyKey(readOnlyoperation.getProvisioningContext().getConnectorObject().getAttributeByName(passwordAttribute.getSchemaAttributeName()), 0)));
    // 
    system.setReadonly(false);
    system = systemService.save(system);
    // 
    provisioningExecutor.execute(readOnlyoperation);
    // is necessary to get again operation from service
    Assert.assertNull(provisioningOperationService.get(readOnlyoperation.getId()));
    // 
    // check target account
    existsConnectorObject = connectorFacade.readObject(system.getConnectorInstance(), systemService.getConnectorConfiguration(system), objectClass, uidAttribute);
    // 
    assertNotNull(existsConnectorObject);
    assertEquals(uid, existsConnectorObject.getUidValue());
    assertEquals(accoutObject.get(firstNameAttribute), existsConnectorObject.getAttributeByName(TestHelper.ATTRIBUTE_MAPPING_FIRSTNAME).getValue());
    assertEquals(accoutObject.get(lastNameAttribute), existsConnectorObject.getAttributeByName(TestHelper.ATTRIBUTE_MAPPING_LASTNAME).getValue());
    // authenticate for password check
    IcUidAttribute attribute = connectorFacade.authenticateObject(system.getConnectorInstance(), systemService.getConnectorConfiguration(system), objectClass, uid, password);
    assertNotNull(attribute);
    assertEquals(uid, attribute.getUidValue());
    // passwords are removed in confidential storage
    assertNull(confidentialStorage.get(readOnlyoperation.getId(), SysProvisioningOperation.class, provisioningOperationService.createAccountObjectPropertyKey(TestHelper.ATTRIBUTE_MAPPING_PASSWORD, 0)));
    // 
    String connectorObjectPropertyKey = provisioningOperationService.createConnectorObjectPropertyKey(readOnlyoperation.getProvisioningContext().getConnectorObject().getAttributeByName(TestHelper.ATTRIBUTE_MAPPING_PASSWORD), 0);
    // 
    assertNull(confidentialStorage.get(readOnlyoperation.getId(), SysProvisioningOperation.class, connectorObjectPropertyKey));
}
Also used : SysProvisioningOperationFilter(eu.bcvsolutions.idm.acc.dto.filter.SysProvisioningOperationFilter) ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) SysProvisioningOperation(eu.bcvsolutions.idm.acc.entity.SysProvisioningOperation) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) IcUidAttributeImpl(eu.bcvsolutions.idm.ic.impl.IcUidAttributeImpl) IcObjectClass(eu.bcvsolutions.idm.ic.api.IcObjectClass) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) IcUidAttribute(eu.bcvsolutions.idm.ic.api.IcUidAttribute) SysProvisioningOperationDto(eu.bcvsolutions.idm.acc.dto.SysProvisioningOperationDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 65 with GuardedString

use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.

the class DefaultSysProvisioningOperationServiceUnitTest method testReplaceArrayGuardedStringsInAccountObject.

@Test
public void testReplaceArrayGuardedStringsInAccountObject() {
    ProvisioningContext context = new ProvisioningContext();
    Map<ProvisioningAttributeDto, Object> accoutObject = new HashMap<>();
    context.setAccountObject(accoutObject);
    // 
    // fill properties
    ProvisioningAttributeDto guarded = new ProvisioningAttributeDto("guarded", AttributeMappingStrategyType.SET);
    GuardedString guardedOne = new GuardedString("one");
    GuardedString guardedTwo = new GuardedString("two");
    accoutObject.put(guarded, new GuardedString[] { guardedOne, guardedTwo });
    // 
    // run
    Map<String, Serializable> confidentiaValues = service.replaceGuardedStrings(context);
    // 
    // check
    assertEquals(2, confidentiaValues.size());
    assertEquals(guardedOne.asString(), confidentiaValues.get(service.createAccountObjectPropertyKey(guarded.getKey(), 0)));
    assertEquals(guardedTwo.asString(), confidentiaValues.get(service.createAccountObjectPropertyKey(guarded.getKey(), 1)));
    assertEquals(2, ((Object[]) accoutObject.get(guarded)).length);
    assertEquals(service.createAccountObjectPropertyKey(guarded.getKey(), 0), ((ConfidentialString) ((Object[]) accoutObject.get(guarded))[0]).getKey());
    assertEquals(service.createAccountObjectPropertyKey(guarded.getKey(), 1), ((ConfidentialString) ((Object[]) accoutObject.get(guarded))[1]).getKey());
}
Also used : ProvisioningContext(eu.bcvsolutions.idm.acc.domain.ProvisioningContext) Serializable(java.io.Serializable) HashMap(java.util.HashMap) ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) ConfidentialString(eu.bcvsolutions.idm.core.security.api.domain.ConfidentialString) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) AbstractVerifiableUnitTest(eu.bcvsolutions.idm.test.api.AbstractVerifiableUnitTest) Test(org.junit.Test)

Aggregations

GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)97 Test (org.junit.Test)61 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)59 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)49 LoginDto (eu.bcvsolutions.idm.core.security.api.dto.LoginDto)40 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)30 SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)26 PasswordChangeDto (eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto)20 ArrayList (java.util.ArrayList)13 IdmAuthorizationPolicyDto (eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto)11 IcConnectorObject (eu.bcvsolutions.idm.ic.api.IcConnectorObject)11 AccIdentityAccountDto (eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)10 AccIdentityAccountFilter (eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)9 HashMap (java.util.HashMap)9 IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)8 Transactional (org.springframework.transaction.annotation.Transactional)8 ProvisioningAttributeDto (eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto)7 SysSystemAttributeMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)7 IdmRole (eu.bcvsolutions.idm.core.model.entity.IdmRole)7 List (java.util.List)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial