Search in sources :

Example 1 with AccessPolicy

use of io.gravitee.am.model.uma.policy.AccessPolicy in project gravitee-access-management by gravitee-io.

the class ResourceAccessPoliciesEndpoint method list.

public void list(RoutingContext context) {
    final JWT accessToken = context.get(ConstantKeys.TOKEN_CONTEXT_KEY);
    final Client client = context.get(ConstantKeys.CLIENT_CONTEXT_KEY);
    final String resource = context.request().getParam(RESOURCE_ID);
    resourceService.findAccessPolicies(domain.getId(), client.getId(), accessToken.getSub(), resource).map(AccessPolicy::getId).toList().subscribe(response -> context.response().putHeader(HttpHeaders.CACHE_CONTROL, "no-store").putHeader(HttpHeaders.PRAGMA, "no-cache").putHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON).setStatusCode(response.isEmpty() ? HttpStatusCode.NO_CONTENT_204 : HttpStatusCode.OK_200).end(Json.encodePrettily(response)), error -> context.fail(error));
}
Also used : JWT(io.gravitee.am.common.jwt.JWT) Client(io.gravitee.am.model.oidc.Client) AccessPolicy(io.gravitee.am.model.uma.policy.AccessPolicy)

Example 2 with AccessPolicy

use of io.gravitee.am.model.uma.policy.AccessPolicy in project gravitee-access-management by gravitee-io.

the class ResourceAccessPoliciesEndpoint method extractRequest.

private AccessPolicy extractRequest(RoutingContext context) {
    try {
        // get body request
        JsonObject body = context.getBodyAsJson();
        // check missing values
        Arrays.asList("name", "type", "description", "condition").forEach(key -> {
            if (!body.containsKey(key)) {
                throw new InvalidRequestException("[" + key + ": must not be null]");
            }
        });
        // check type value
        AccessPolicyType accessPolicyType = AccessPolicyType.fromString(body.getString("type"));
        // check condition value
        AccessPolicyCondition condition = body.getJsonObject("condition").mapTo(accessPolicyType.getConditionClazz());
        // create access policy object
        AccessPolicy accessPolicy = new AccessPolicy();
        accessPolicy.setType(accessPolicyType);
        accessPolicy.setName(body.getString("name"));
        accessPolicy.setDescription(body.getString("description"));
        accessPolicy.setCondition(condition.toString());
        accessPolicy.setEnabled(body.getBoolean("enabled", true));
        return accessPolicy;
    } catch (DecodeException ex) {
        throw new InvalidRequestException("Bad request payload");
    } catch (Exception ex) {
        throw new InvalidRequestException(ex.getMessage());
    }
}
Also used : AccessPolicyCondition(io.gravitee.am.model.uma.policy.AccessPolicyCondition) AccessPolicyType(io.gravitee.am.model.uma.policy.AccessPolicyType) JsonObject(io.vertx.core.json.JsonObject) InvalidRequestException(io.gravitee.am.common.exception.oauth2.InvalidRequestException) DecodeException(io.vertx.core.json.DecodeException) AccessPolicy(io.gravitee.am.model.uma.policy.AccessPolicy) DecodeException(io.vertx.core.json.DecodeException) InvalidRequestException(io.gravitee.am.common.exception.oauth2.InvalidRequestException) AccessPolicyNotFoundException(io.gravitee.am.service.exception.AccessPolicyNotFoundException)

Example 3 with AccessPolicy

use of io.gravitee.am.model.uma.policy.AccessPolicy in project gravitee-access-management by gravitee-io.

the class ResourceAccessPoliciesEndpoint method create.

public void create(RoutingContext context) {
    final JWT accessToken = context.get(ConstantKeys.TOKEN_CONTEXT_KEY);
    final Client client = context.get(ConstantKeys.CLIENT_CONTEXT_KEY);
    final String resource = context.request().getParam(RESOURCE_ID);
    final String basePath = UriBuilderRequest.resolveProxyRequest(context);
    // extract access policy payload
    AccessPolicy accessPolicy = extractRequest(context);
    // store the access policy
    resourceService.createAccessPolicy(accessPolicy, domain.getId(), client.getId(), accessToken.getSub(), resource).subscribe(p -> context.response().putHeader(HttpHeaders.CACHE_CONTROL, "no-store").putHeader(HttpHeaders.PRAGMA, "no-cache").putHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON).putHeader(HttpHeaders.LOCATION, resourceLocation(basePath, p)).setStatusCode(HttpStatusCode.CREATED_201).end(Json.encodePrettily(p)), error -> context.fail(error));
}
Also used : JWT(io.gravitee.am.common.jwt.JWT) Client(io.gravitee.am.model.oidc.Client) AccessPolicy(io.gravitee.am.model.uma.policy.AccessPolicy)

Example 4 with AccessPolicy

use of io.gravitee.am.model.uma.policy.AccessPolicy in project gravitee-access-management by gravitee-io.

the class ResourceServiceImpl method create.

@Override
public Single<Resource> create(NewResource newResource, String domain, String client, String userId) {
    LOGGER.debug("Creating resource for resource owner {} and client {}", userId, client);
    Resource toCreate = new Resource();
    toCreate.setResourceScopes(newResource.getResourceScopes()).setDescription(newResource.getDescription()).setIconUri(newResource.getIconUri()).setName(newResource.getName()).setType(newResource.getType()).setDomain(domain).setClientId(client).setUserId(userId).setCreatedAt(new Date()).setUpdatedAt(toCreate.getCreatedAt());
    return this.validateScopes(toCreate).flatMap(this::validateIconUri).flatMap(repository::create).flatMap(r -> {
        AccessPolicy accessPolicy = new AccessPolicy();
        accessPolicy.setName("Deny all");
        accessPolicy.setDescription("Default deny access policy. Created by Gravitee.io.");
        accessPolicy.setType(AccessPolicyType.GROOVY);
        accessPolicy.setCondition("{\"onRequestScript\":\"import io.gravitee.policy.groovy.PolicyResult.State\\nresult.state = State.FAILURE;\"}");
        accessPolicy.setEnabled(true);
        accessPolicy.setDomain(domain);
        accessPolicy.setResource(r.getId());
        return accessPolicyRepository.create(accessPolicy).map(__ -> r);
    });
}
Also used : Resource(io.gravitee.am.model.uma.Resource) NewResource(io.gravitee.am.service.model.NewResource) AccessPolicy(io.gravitee.am.model.uma.policy.AccessPolicy)

Example 5 with AccessPolicy

use of io.gravitee.am.model.uma.policy.AccessPolicy in project gravitee-access-management by gravitee-io.

the class AccessPolicyRepositoryTest method update.

@Test
public void update() throws TechnicalException {
    AccessPolicy accessPolicy = new AccessPolicy();
    accessPolicy.setName("accessPolicyName");
    AccessPolicy apCreated = repository.create(accessPolicy).blockingGet();
    AccessPolicy toUpdate = new AccessPolicy();
    toUpdate.setId(apCreated.getId());
    toUpdate.setName("accessPolicyUpdatedName");
    TestObserver<AccessPolicy> testObserver = repository.update(toUpdate).test();
    testObserver.awaitTerminalEvent();
    testObserver.assertComplete();
    testObserver.assertNoErrors();
    testObserver.assertValue(ap -> ap.getName().equals("accessPolicyUpdatedName"));
}
Also used : AccessPolicy(io.gravitee.am.model.uma.policy.AccessPolicy) Test(org.junit.Test) AbstractManagementTest(io.gravitee.am.repository.management.AbstractManagementTest)

Aggregations

AccessPolicy (io.gravitee.am.model.uma.policy.AccessPolicy)25 Test (org.junit.Test)19 AbstractManagementTest (io.gravitee.am.repository.management.AbstractManagementTest)7 JWT (io.gravitee.am.common.jwt.JWT)3 Client (io.gravitee.am.model.oidc.Client)3 List (java.util.List)3 Token (io.gravitee.am.gateway.handler.oauth2.service.token.Token)2 AccessToken (io.gravitee.am.gateway.handler.oauth2.service.token.impl.AccessToken)2 Page (io.gravitee.am.model.common.Page)2 Resource (io.gravitee.am.model.uma.Resource)2 AccessPolicyType (io.gravitee.am.model.uma.policy.AccessPolicyType)2 NewResource (io.gravitee.am.service.model.NewResource)2 ExecutionContext (io.gravitee.gateway.api.ExecutionContext)2 JsonObject (io.vertx.core.json.JsonObject)2 Date (java.util.Date)2 InvalidRequestException (io.gravitee.am.common.exception.oauth2.InvalidRequestException)1 OAuth2Request (io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request)1 PolicyChainException (io.gravitee.am.gateway.policy.PolicyChainException)1 AccessPolicyCondition (io.gravitee.am.model.uma.policy.AccessPolicyCondition)1 TechnicalException (io.gravitee.am.repository.exceptions.TechnicalException)1