use of io.gravitee.rest.api.model.RoleEntity in project gravitee-management-rest-api by gravitee-io.
the class RoleService_CreateTest method shouldCreate.
@Test
public void shouldCreate() throws TechnicalException {
NewRoleEntity newRoleEntityMock = mock(NewRoleEntity.class);
when(newRoleEntityMock.getName()).thenReturn("new mock role");
when(newRoleEntityMock.getScope()).thenReturn(io.gravitee.rest.api.model.permissions.RoleScope.ENVIRONMENT);
when(newRoleEntityMock.getPermissions()).thenReturn(Collections.singletonMap(DOCUMENTATION.getName(), new char[] { RolePermissionAction.CREATE.getId() }));
Role roleMock = mock(Role.class);
when(roleMock.getId()).thenReturn("new_mock_role");
when(roleMock.getName()).thenReturn("new mock role");
when(roleMock.getScope()).thenReturn(RoleScope.ENVIRONMENT);
when(roleMock.getPermissions()).thenReturn(new int[] { 3008 });
when(mockRoleRepository.create(any())).thenReturn(roleMock);
RoleEntity entity = roleService.create(newRoleEntityMock);
assertNotNull("no entoty created", entity);
assertEquals("invalid id", "new_mock_role", entity.getId());
assertEquals("invalid name", "new mock role", entity.getName());
assertEquals("invalid scope", io.gravitee.rest.api.model.permissions.RoleScope.ENVIRONMENT, entity.getScope());
assertFalse("no permissions found", entity.getPermissions().isEmpty());
assertTrue("invalid Permission name", entity.getPermissions().containsKey(DOCUMENTATION.getName()));
char[] perms = entity.getPermissions().get(DOCUMENTATION.getName());
assertEquals("not enough permissions", 1, perms.length);
assertEquals("not the good permission", RolePermissionAction.CREATE.getId(), perms[0]);
}
use of io.gravitee.rest.api.model.RoleEntity in project gravitee-management-rest-api by gravitee-io.
the class AuthResource method login.
@POST
@Path("/login")
@Produces(MediaType.APPLICATION_JSON)
public Response login(@Context final javax.ws.rs.core.HttpHeaders headers, @Context final HttpServletResponse servletResponse) {
final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null && authentication.getPrincipal() instanceof UserDetails) {
// JWT signer
final UserDetails userDetails = (UserDetails) authentication.getPrincipal();
// Manage authorities, initialize it with dynamic permissions from the IDP
List<Map<String, String>> authorities = userDetails.getAuthorities().stream().map(authority -> Maps.<String, String>builder().put("authority", authority.getAuthority()).build()).collect(Collectors.toList());
// We must also load permissions from repository for configured environment role
Set<RoleEntity> userRoles = membershipService.getRoles(MembershipReferenceType.ENVIRONMENT, GraviteeContext.getCurrentEnvironment(), MembershipMemberType.USER, userDetails.getId());
if (!userRoles.isEmpty()) {
userRoles.forEach(role -> authorities.add(Maps.<String, String>builder().put("authority", role.getScope().toString() + ':' + role.getName()).build()));
}
Algorithm algorithm = Algorithm.HMAC256(environment.getProperty("jwt.secret"));
Date issueAt = new Date();
Instant expireAt = issueAt.toInstant().plus(Duration.ofSeconds(environment.getProperty("jwt.expire-after", Integer.class, DEFAULT_JWT_EXPIRE_AFTER)));
final String sign = JWT.create().withIssuer(environment.getProperty("jwt.issuer", DEFAULT_JWT_ISSUER)).withIssuedAt(issueAt).withExpiresAt(Date.from(expireAt)).withSubject(userDetails.getUsername()).withClaim(Claims.PERMISSIONS, authorities).withClaim(Claims.EMAIL, userDetails.getEmail()).withClaim(Claims.FIRSTNAME, userDetails.getFirstname()).withClaim(Claims.LASTNAME, userDetails.getLastname()).withJWTId(UUID.randomUUID().toString()).sign(algorithm);
final Token tokenEntity = new Token();
tokenEntity.setTokenType(TokenTypeEnum.BEARER);
tokenEntity.setToken(sign);
final Cookie bearerCookie = cookieGenerator.generate("Bearer%20" + sign);
servletResponse.addCookie(bearerCookie);
return ok(tokenEntity).build();
}
return ok().build();
}
use of io.gravitee.rest.api.model.RoleEntity in project gravitee-management-rest-api by gravitee-io.
the class RoleServiceImpl method convert.
private RoleEntity convert(final Role role) {
if (role == null) {
return null;
}
final RoleEntity roleEntity = new RoleEntity();
roleEntity.setId(role.getId());
roleEntity.setName(role.getName());
roleEntity.setDescription(role.getDescription());
roleEntity.setScope(convert(role.getScope()));
roleEntity.setDefaultRole(role.isDefaultRole());
roleEntity.setSystem(role.isSystem());
roleEntity.setPermissions(convertPermissions(roleEntity.getScope(), role.getPermissions()));
return roleEntity;
}
use of io.gravitee.rest.api.model.RoleEntity in project gravitee-management-rest-api by gravitee-io.
the class ConfigurationResourceTest method shouldGetApplicationRoles.
@Test
public void shouldGetApplicationRoles() throws TechnicalException {
resetAllMocks();
RoleEntity appRoleEntity = new RoleEntity();
appRoleEntity.setDefaultRole(true);
appRoleEntity.setName("appRole");
appRoleEntity.setSystem(false);
when(roleService.findByScope(RoleScope.APPLICATION)).thenReturn(Collections.singletonList(appRoleEntity));
final Response response = target().path("applications").path("roles").request().get();
assertEquals(HttpStatusCode.OK_200, response.getStatus());
final ConfigurationApplicationRolesResponse appRoles = response.readEntity(ConfigurationApplicationRolesResponse.class);
assertNotNull(appRoles);
@Valid List<ApplicationRole> roles = appRoles.getData();
assertNotNull(roles);
assertEquals(1, roles.size());
assertEquals("appRole", roles.get(0).getId());
assertEquals(true, roles.get(0).getDefault());
assertEquals("appRole", roles.get(0).getName());
assertEquals(false, roles.get(0).getSystem());
}
use of io.gravitee.rest.api.model.RoleEntity in project gravitee-management-rest-api by gravitee-io.
the class MembershipService_FindUserMembershipTest method shouldGetApiWithApiAndGroups.
@Test
public void shouldGetApiWithApiAndGroups() throws Exception {
RoleEntity roleEntity = new RoleEntity();
roleEntity.setId("role");
roleEntity.setName("PO");
roleEntity.setScope(RoleScope.API);
when(mockRoleService.findByScope(any())).thenReturn(Collections.singletonList(roleEntity));
Membership mApi = mock(Membership.class);
when(mApi.getReferenceId()).thenReturn("api-id1");
when(mApi.getRoleId()).thenReturn("role");
Membership mGroup = mock(Membership.class);
when(mGroup.getReferenceId()).thenReturn("api-id2");
when(mApi.getRoleId()).thenReturn("role");
when(mockMembershipRepository.findByMemberIdAndMemberTypeAndReferenceType(eq(USER_ID), eq(MembershipMemberType.USER), eq(MembershipReferenceType.API))).thenReturn(Collections.singleton(mApi));
when(mockMembershipRepository.findByMemberIdAndMemberTypeAndReferenceType(eq("GROUP"), eq(MembershipMemberType.GROUP), eq(MembershipReferenceType.API))).thenReturn(Collections.singleton(mGroup));
GroupEntity group1 = mock(GroupEntity.class);
doReturn("GROUP").when(group1).getId();
doReturn(new HashSet<>(asList(group1))).when(mockGroupService).findByUser(USER_ID);
List<UserMembership> references = membershipService.findUserMembership(io.gravitee.rest.api.model.MembershipReferenceType.API, USER_ID);
assertFalse(references.isEmpty());
assertEquals(2, references.size());
assertNotEquals(references.get(0).getReference(), references.get(1).getReference());
assertTrue(references.get(0).getReference().equals("api-id1") || references.get(0).getReference().equals("api-id2"));
assertTrue(references.get(1).getReference().equals("api-id1") || references.get(1).getReference().equals("api-id2"));
assertEquals("API", references.get(0).getType());
}
Aggregations