use of io.gravitee.am.model.uma.policy.AccessPolicy in project gravitee-access-management by gravitee-io.
the class ResourceAccessPoliciesEndpoint method list.
public void list(RoutingContext context) {
final JWT accessToken = context.get(ConstantKeys.TOKEN_CONTEXT_KEY);
final Client client = context.get(ConstantKeys.CLIENT_CONTEXT_KEY);
final String resource = context.request().getParam(RESOURCE_ID);
resourceService.findAccessPolicies(domain.getId(), client.getId(), accessToken.getSub(), resource).map(AccessPolicy::getId).toList().subscribe(response -> context.response().putHeader(HttpHeaders.CACHE_CONTROL, "no-store").putHeader(HttpHeaders.PRAGMA, "no-cache").putHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON).setStatusCode(response.isEmpty() ? HttpStatusCode.NO_CONTENT_204 : HttpStatusCode.OK_200).end(Json.encodePrettily(response)), error -> context.fail(error));
}
use of io.gravitee.am.model.uma.policy.AccessPolicy in project gravitee-access-management by gravitee-io.
the class ResourceAccessPoliciesEndpoint method extractRequest.
private AccessPolicy extractRequest(RoutingContext context) {
try {
// get body request
JsonObject body = context.getBodyAsJson();
// check missing values
Arrays.asList("name", "type", "description", "condition").forEach(key -> {
if (!body.containsKey(key)) {
throw new InvalidRequestException("[" + key + ": must not be null]");
}
});
// check type value
AccessPolicyType accessPolicyType = AccessPolicyType.fromString(body.getString("type"));
// check condition value
AccessPolicyCondition condition = body.getJsonObject("condition").mapTo(accessPolicyType.getConditionClazz());
// create access policy object
AccessPolicy accessPolicy = new AccessPolicy();
accessPolicy.setType(accessPolicyType);
accessPolicy.setName(body.getString("name"));
accessPolicy.setDescription(body.getString("description"));
accessPolicy.setCondition(condition.toString());
accessPolicy.setEnabled(body.getBoolean("enabled", true));
return accessPolicy;
} catch (DecodeException ex) {
throw new InvalidRequestException("Bad request payload");
} catch (Exception ex) {
throw new InvalidRequestException(ex.getMessage());
}
}
use of io.gravitee.am.model.uma.policy.AccessPolicy in project gravitee-access-management by gravitee-io.
the class ResourceAccessPoliciesEndpoint method create.
public void create(RoutingContext context) {
final JWT accessToken = context.get(ConstantKeys.TOKEN_CONTEXT_KEY);
final Client client = context.get(ConstantKeys.CLIENT_CONTEXT_KEY);
final String resource = context.request().getParam(RESOURCE_ID);
final String basePath = UriBuilderRequest.resolveProxyRequest(context);
// extract access policy payload
AccessPolicy accessPolicy = extractRequest(context);
// store the access policy
resourceService.createAccessPolicy(accessPolicy, domain.getId(), client.getId(), accessToken.getSub(), resource).subscribe(p -> context.response().putHeader(HttpHeaders.CACHE_CONTROL, "no-store").putHeader(HttpHeaders.PRAGMA, "no-cache").putHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON).putHeader(HttpHeaders.LOCATION, resourceLocation(basePath, p)).setStatusCode(HttpStatusCode.CREATED_201).end(Json.encodePrettily(p)), error -> context.fail(error));
}
use of io.gravitee.am.model.uma.policy.AccessPolicy in project gravitee-access-management by gravitee-io.
the class ResourceServiceImpl method create.
@Override
public Single<Resource> create(NewResource newResource, String domain, String client, String userId) {
LOGGER.debug("Creating resource for resource owner {} and client {}", userId, client);
Resource toCreate = new Resource();
toCreate.setResourceScopes(newResource.getResourceScopes()).setDescription(newResource.getDescription()).setIconUri(newResource.getIconUri()).setName(newResource.getName()).setType(newResource.getType()).setDomain(domain).setClientId(client).setUserId(userId).setCreatedAt(new Date()).setUpdatedAt(toCreate.getCreatedAt());
return this.validateScopes(toCreate).flatMap(this::validateIconUri).flatMap(repository::create).flatMap(r -> {
AccessPolicy accessPolicy = new AccessPolicy();
accessPolicy.setName("Deny all");
accessPolicy.setDescription("Default deny access policy. Created by Gravitee.io.");
accessPolicy.setType(AccessPolicyType.GROOVY);
accessPolicy.setCondition("{\"onRequestScript\":\"import io.gravitee.policy.groovy.PolicyResult.State\\nresult.state = State.FAILURE;\"}");
accessPolicy.setEnabled(true);
accessPolicy.setDomain(domain);
accessPolicy.setResource(r.getId());
return accessPolicyRepository.create(accessPolicy).map(__ -> r);
});
}
use of io.gravitee.am.model.uma.policy.AccessPolicy in project gravitee-access-management by gravitee-io.
the class AccessPolicyRepositoryTest method update.
@Test
public void update() throws TechnicalException {
AccessPolicy accessPolicy = new AccessPolicy();
accessPolicy.setName("accessPolicyName");
AccessPolicy apCreated = repository.create(accessPolicy).blockingGet();
AccessPolicy toUpdate = new AccessPolicy();
toUpdate.setId(apCreated.getId());
toUpdate.setName("accessPolicyUpdatedName");
TestObserver<AccessPolicy> testObserver = repository.update(toUpdate).test();
testObserver.awaitTerminalEvent();
testObserver.assertComplete();
testObserver.assertNoErrors();
testObserver.assertValue(ap -> ap.getName().equals("accessPolicyUpdatedName"));
}
Aggregations