Search in sources :

Example 1 with UMASettings

use of io.gravitee.am.model.uma.UMASettings in project gravitee-access-management by gravitee-io.

the class UmaTokenGranterTest method setUp.

@Before
public void setUp() {
    // Init parameters
    parameters.add(TICKET, TICKET_ID);
    parameters.add(CLAIM_TOKEN, RQP_ID_TOKEN);
    parameters.add(CLAIM_TOKEN_FORMAT, TokenType.ID_TOKEN);
    tokenRequest = new TokenRequest();
    tokenRequest.setParameters(parameters);
    List<PermissionRequest> permissions = Arrays.asList(new PermissionRequest().setResourceId(RS_ONE).setResourceScopes(new ArrayList<>(Arrays.asList("scopeA"))), new PermissionRequest().setResourceId(RS_TWO).setResourceScopes(new ArrayList<>(Arrays.asList("scopeA"))));
    Map permission = new HashMap();
    permission.put("resourceId", RS_ONE);
    permission.put("resourceScopes", Arrays.asList("scopeB"));
    // Init mocks
    when(domain.getUma()).thenReturn(new UMASettings().setEnabled(true));
    when(client.getClientId()).thenReturn(CLIENT_ID);
    when(client.getScopeSettings()).thenReturn(Arrays.asList(new ApplicationScopeSettings("scopeA"), new ApplicationScopeSettings("scopeB"), new ApplicationScopeSettings("scopeC"), new ApplicationScopeSettings("scopeD")));
    when(client.getAuthorizedGrantTypes()).thenReturn(Arrays.asList(GrantType.UMA, GrantType.REFRESH_TOKEN));
    when(user.getId()).thenReturn(USER_ID);
    when(jwt.getSub()).thenReturn(USER_ID);
    when(rpt.getSub()).thenReturn(USER_ID);
    when(rpt.getAud()).thenReturn(CLIENT_ID);
    when(rpt.get("permissions")).thenReturn(new LinkedList(Arrays.asList(permission)));
    when(jwtService.decodeAndVerify(RQP_ID_TOKEN, client)).thenReturn(Single.just(jwt));
    when(jwtService.decodeAndVerify(RPT_OLD_TOKEN, client)).thenReturn(Single.just(rpt));
    when(userAuthenticationManager.loadPreAuthenticatedUser(USER_ID, tokenRequest)).thenReturn(Maybe.just(user));
    when(permissionTicketService.remove(TICKET_ID)).thenReturn(Single.just(new PermissionTicket().setId(TICKET_ID).setPermissionRequest(permissions)));
    when(resourceService.findByResources(Arrays.asList(RS_ONE, RS_TWO))).thenReturn(Flowable.just(new Resource().setId(RS_ONE).setResourceScopes(Arrays.asList("scopeA", "scopeB", "scopeC")), new Resource().setId(RS_TWO).setResourceScopes(Arrays.asList("scopeA", "scopeB", "scopeD"))));
    when(tokenService.create(oauth2RequestCaptor.capture(), eq(client), any())).thenReturn(Single.just(new AccessToken("success")));
    when(resourceService.findAccessPoliciesByResources(anyList())).thenReturn(Flowable.empty());
}
Also used : PermissionRequest(io.gravitee.am.model.uma.PermissionRequest) PermissionTicket(io.gravitee.am.model.uma.PermissionTicket) AccessToken(io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken) TokenRequest(io.gravitee.am.gateway.handler.oauth2.service.request.TokenRequest) ApplicationScopeSettings(io.gravitee.am.model.application.ApplicationScopeSettings) Resource(io.gravitee.am.model.uma.Resource) MultiValueMap(io.gravitee.common.util.MultiValueMap) LinkedMultiValueMap(io.gravitee.common.util.LinkedMultiValueMap) UMASettings(io.gravitee.am.model.uma.UMASettings) Before(org.junit.Before)

Example 2 with UMASettings

use of io.gravitee.am.model.uma.UMASettings in project gravitee-access-management by gravitee-io.

the class ResourceRegistrationAccessHandlerTest method testUmaDisabled.

@Test
public void testUmaDisabled() {
    when(domain.getUma()).thenReturn(new UMASettings());
    handler.handle(context);
    verify(context, times(1)).fail(exceptionCaptor.capture());
    Assert.assertTrue("Should return a forbidden exception", exceptionCaptor.getValue() instanceof UMAProtectionApiForbiddenException);
}
Also used : UMAProtectionApiForbiddenException(io.gravitee.am.gateway.handler.uma.exception.UMAProtectionApiForbiddenException) UMASettings(io.gravitee.am.model.uma.UMASettings) Test(org.junit.Test)

Example 3 with UMASettings

use of io.gravitee.am.model.uma.UMASettings in project gravitee-access-management by gravitee-io.

the class PatchDomainTest method testGetRequiredPermissions.

@Test
public void testGetRequiredPermissions() {
    PatchDomain patchDomain = new PatchDomain();
    assertEquals(Collections.emptySet(), patchDomain.getRequiredPermissions());
    patchDomain.setName(Optional.of("patchName"));
    assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SETTINGS)), patchDomain.getRequiredPermissions());
    patchDomain = new PatchDomain();
    patchDomain.setDescription(Optional.of("patchDescription"));
    assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SETTINGS)), patchDomain.getRequiredPermissions());
    patchDomain = new PatchDomain();
    patchDomain.setEnabled(Optional.of(true));
    assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SETTINGS)), patchDomain.getRequiredPermissions());
    patchDomain = new PatchDomain();
    patchDomain.setPath(Optional.of("patchPath"));
    assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SETTINGS)), patchDomain.getRequiredPermissions());
    patchDomain = new PatchDomain();
    patchDomain.setLoginSettings(Optional.of(new LoginSettings()));
    assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SETTINGS)), patchDomain.getRequiredPermissions());
    patchDomain = new PatchDomain();
    patchDomain.setAccountSettings(Optional.of(new AccountSettings()));
    assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SETTINGS)), patchDomain.getRequiredPermissions());
    patchDomain = new PatchDomain();
    patchDomain.setTags(Optional.of(Collections.singleton("patchTag")));
    assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SETTINGS)), patchDomain.getRequiredPermissions());
    patchDomain = new PatchDomain();
    PatchOIDCSettings oidcSettings = new PatchOIDCSettings();
    patchDomain.setOidc(Optional.of(oidcSettings));
    assertEquals(Collections.emptySet(), patchDomain.getRequiredPermissions());
    oidcSettings.setClientRegistrationSettings(Optional.of(new PatchClientRegistrationSettings()));
    oidcSettings.setRedirectUriStrictMatching(Optional.of(true));
    assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_OPENID)), patchDomain.getRequiredPermissions());
    patchDomain = new PatchDomain();
    patchDomain.setScim(Optional.of(new SCIMSettings()));
    assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SCIM)), patchDomain.getRequiredPermissions());
    patchDomain = new PatchDomain();
    patchDomain.setUma(Optional.of(new UMASettings()));
    assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_UMA)), patchDomain.getRequiredPermissions());
    // Check multiple permissions.
    patchDomain = new PatchDomain();
    patchDomain.setPath(Optional.of("patchPath"));
    patchDomain.setOidc(Optional.of(oidcSettings));
    patchDomain.setScim(Optional.of(new SCIMSettings()));
    assertEquals(new HashSet<>(Arrays.asList(Permission.DOMAIN_SETTINGS, Permission.DOMAIN_OPENID, Permission.DOMAIN_SCIM)), patchDomain.getRequiredPermissions());
}
Also used : AccountSettings(io.gravitee.am.model.account.AccountSettings) SCIMSettings(io.gravitee.am.model.scim.SCIMSettings) PatchOIDCSettings(io.gravitee.am.service.model.openid.PatchOIDCSettings) LoginSettings(io.gravitee.am.model.login.LoginSettings) PatchClientRegistrationSettings(io.gravitee.am.service.model.openid.PatchClientRegistrationSettings) UMASettings(io.gravitee.am.model.uma.UMASettings) Test(org.junit.Test)

Example 4 with UMASettings

use of io.gravitee.am.model.uma.UMASettings in project gravitee-access-management by gravitee-io.

the class MongoDomainRepository method convert.

private static UMASettings convert(UMASettingsMongo umaMongo) {
    if (umaMongo == null) {
        return null;
    }
    UMASettings umaSettings = new UMASettings();
    umaSettings.setEnabled(umaMongo.isEnabled());
    return umaSettings;
}
Also used : UMASettings(io.gravitee.am.model.uma.UMASettings)

Example 5 with UMASettings

use of io.gravitee.am.model.uma.UMASettings in project gravitee-access-management by gravitee-io.

the class DomainRepositoryTest method initDomain.

private Domain initDomain(String name) {
    Domain domain = new Domain();
    domain.setName(name);
    domain.setHrid(name);
    domain.setCreatedAt(new Date());
    domain.setUpdatedAt(domain.getCreatedAt());
    domain.setDescription(name + " description");
    domain.setEnabled(true);
    domain.setAlertEnabled(false);
    domain.setPath("/" + name);
    domain.setReferenceId("refId" + name);
    domain.setReferenceType(ReferenceType.ENVIRONMENT);
    domain.setVhostMode(true);
    VirtualHost host = new VirtualHost();
    host.setHost("hostname-" + name);
    host.setPath("/hostname-" + name);
    host.setOverrideEntrypoint(true);
    VirtualHost host2 = new VirtualHost();
    host2.setHost("hostname2-" + name);
    host2.setPath("/hostname2-" + name);
    host2.setOverrideEntrypoint(true);
    domain.setVhosts(Arrays.asList(host, host2));
    domain.setTags(new HashSet<>(Arrays.asList("tag1", "tag2")));
    domain.setIdentities(new HashSet<>(Arrays.asList("id1", "id2")));
    domain.setAccountSettings(new AccountSettings());
    domain.setLoginSettings(new LoginSettings());
    final OIDCSettings oidc = new OIDCSettings();
    final CIBASettings cibaSettings = new CIBASettings();
    cibaSettings.setEnabled(true);
    final CIBASettingNotifier notifier = new CIBASettingNotifier();
    notifier.setId(UUID.randomUUID().toString());
    cibaSettings.setDeviceNotifiers(Arrays.asList(notifier));
    oidc.setCibaSettings(cibaSettings);
    domain.setOidc(oidc);
    domain.setScim(new SCIMSettings());
    domain.setUma(new UMASettings());
    domain.setWebAuthnSettings(new WebAuthnSettings());
    domain.setSelfServiceAccountManagementSettings(new SelfServiceAccountManagementSettings());
    return domain;
}
Also used : SCIMSettings(io.gravitee.am.model.scim.SCIMSettings) CIBASettings(io.gravitee.am.model.oidc.CIBASettings) OIDCSettings(io.gravitee.am.model.oidc.OIDCSettings) WebAuthnSettings(io.gravitee.am.model.login.WebAuthnSettings) UMASettings(io.gravitee.am.model.uma.UMASettings) AccountSettings(io.gravitee.am.model.account.AccountSettings) CIBASettingNotifier(io.gravitee.am.model.oidc.CIBASettingNotifier) SelfServiceAccountManagementSettings(io.gravitee.am.model.SelfServiceAccountManagementSettings) LoginSettings(io.gravitee.am.model.login.LoginSettings) VirtualHost(io.gravitee.am.model.VirtualHost) Domain(io.gravitee.am.model.Domain)

Aggregations

UMASettings (io.gravitee.am.model.uma.UMASettings)5 AccountSettings (io.gravitee.am.model.account.AccountSettings)2 LoginSettings (io.gravitee.am.model.login.LoginSettings)2 SCIMSettings (io.gravitee.am.model.scim.SCIMSettings)2 Test (org.junit.Test)2 TokenRequest (io.gravitee.am.gateway.handler.oauth2.service.request.TokenRequest)1 AccessToken (io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken)1 UMAProtectionApiForbiddenException (io.gravitee.am.gateway.handler.uma.exception.UMAProtectionApiForbiddenException)1 Domain (io.gravitee.am.model.Domain)1 SelfServiceAccountManagementSettings (io.gravitee.am.model.SelfServiceAccountManagementSettings)1 VirtualHost (io.gravitee.am.model.VirtualHost)1 ApplicationScopeSettings (io.gravitee.am.model.application.ApplicationScopeSettings)1 WebAuthnSettings (io.gravitee.am.model.login.WebAuthnSettings)1 CIBASettingNotifier (io.gravitee.am.model.oidc.CIBASettingNotifier)1 CIBASettings (io.gravitee.am.model.oidc.CIBASettings)1 OIDCSettings (io.gravitee.am.model.oidc.OIDCSettings)1 PermissionRequest (io.gravitee.am.model.uma.PermissionRequest)1 PermissionTicket (io.gravitee.am.model.uma.PermissionTicket)1 Resource (io.gravitee.am.model.uma.Resource)1 PatchClientRegistrationSettings (io.gravitee.am.service.model.openid.PatchClientRegistrationSettings)1