Example 6 with SyncopeClient
use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.
the class UserSelfITCase method updateWithApproval.
@Test
public void updateWithApproval() {
assumeTrue(FlowableDetector.isFlowableEnabledForUsers(syncopeService));
// 1. create user as admin
UserTO created = createUser(UserITCase.getUniqueSampleTO("anonymous@syncope.apache.org")).getEntity();
assertNotNull(created);
assertFalse(created.getUsername().endsWith("XX"));
// 2. self-update (username + memberships + resource) - works but needs approval
UserPatch userPatch = new UserPatch();
userPatch.setKey(created.getKey());
userPatch.setUsername(new StringReplacePatchItem.Builder().value(created.getUsername() + "XX").build());
userPatch.getMemberships().add(new MembershipPatch.Builder().operation(PatchOperation.ADD_REPLACE).group("bf825fe1-7320-4a54-bd64-143b5c18ab97").build());
userPatch.getResources().add(new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(RESOURCE_NAME_TESTDB).build());
userPatch.setPassword(new PasswordPatch.Builder().value("newPassword123").onSyncope(false).resource(RESOURCE_NAME_TESTDB).build());
SyncopeClient authClient = clientFactory.create(created.getUsername(), "password123");
UserTO updated = authClient.getService(UserSelfService.class).update(userPatch).readEntity(new GenericType<ProvisioningResult<UserTO>>() {
}).getEntity();
assertNotNull(updated);
assertEquals("updateApproval", updated.getStatus());
assertFalse(updated.getUsername().endsWith("XX"));
assertTrue(updated.getMemberships().isEmpty());
// no propagation happened
assertTrue(updated.getResources().isEmpty());
try {
resourceService.readConnObject(RESOURCE_NAME_TESTDB, AnyTypeKind.USER.name(), updated.getKey());
fail("This should not happen");
} catch (SyncopeClientException e) {
assertEquals(ClientExceptionType.NotFound, e.getType());
}
// 3. approve self-update as admin
WorkflowFormTO form = userWorkflowService.getFormForUser(updated.getKey());
form = userWorkflowService.claimForm(form.getTaskId());
form.getProperty("approveUpdate").get().setValue(Boolean.TRUE.toString());
updated = userWorkflowService.submitForm(form);
assertNotNull(updated);
assertEquals("active", updated.getStatus());
assertTrue(updated.getUsername().endsWith("XX"));
assertEquals(1, updated.getMemberships().size());
// check that propagation also happened
assertTrue(updated.getResources().contains(RESOURCE_NAME_TESTDB));
assertNotNull(resourceService.readConnObject(RESOURCE_NAME_TESTDB, AnyTypeKind.USER.name(), updated.getKey()));
}
Also used :
GenericType(javax.ws.rs.core.GenericType)
PasswordPatch(org.apache.syncope.common.lib.patch.PasswordPatch)
StringReplacePatchItem(org.apache.syncope.common.lib.patch.StringReplacePatchItem)
UserSelfService(org.apache.syncope.common.rest.api.service.UserSelfService)
UserTO(org.apache.syncope.common.lib.to.UserTO)
SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException)
UserPatch(org.apache.syncope.common.lib.patch.UserPatch)
SyncopeClient(org.apache.syncope.client.lib.SyncopeClient)
WorkflowFormTO(org.apache.syncope.common.lib.to.WorkflowFormTO)
Test(org.junit.jupiter.api.Test)
Example 7 with SyncopeClient
use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.
the class UserWorkflowITCase method updateApproval.
@Test
public void updateApproval() {
assumeTrue(FlowableDetector.isFlowableEnabledForUsers(syncopeService));
// read forms *before* any operation
List<WorkflowFormTO> forms = userWorkflowService.getForms();
assertNotNull(forms);
int preForms = forms.size();
UserTO created = createUser(UserITCase.getUniqueSampleTO("updateApproval@syncope.apache.org")).getEntity();
assertNotNull(created);
assertEquals("/", created.getRealm());
assertEquals(0, created.getMemberships().size());
UserPatch patch = new UserPatch();
patch.setKey(created.getKey());
patch.getMemberships().add(new MembershipPatch.Builder().group("b1f7c12d-ec83-441f-a50e-1691daaedf3b").build());
SyncopeClient client = clientFactory.create(created.getUsername(), "password123");
Response response = client.getService(UserSelfService.class).update(patch);
assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
assertEquals("updateApproval", userService.read(created.getKey()).getStatus());
forms = userWorkflowService.getForms();
assertNotNull(forms);
assertEquals(preForms + 1, forms.size());
WorkflowFormTO form = userWorkflowService.getFormForUser(created.getKey());
assertNotNull(form);
assertNotNull(form.getTaskId());
assertNull(form.getOwner());
assertNotNull(form.getUserTO());
assertNotNull(form.getUserPatch());
assertEquals(patch, form.getUserPatch());
// as admin, request for more changes: still pending approval
patch.setRealm(new StringReplacePatchItem.Builder().value("/even/two").build());
response = userService.update(patch);
assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
assertEquals("updateApproval", userService.read(created.getKey()).getStatus());
// the patch is updated in the approval form
form = userWorkflowService.getFormForUser(created.getKey());
assertEquals(patch, form.getUserPatch());
// approve the user
form = userWorkflowService.claimForm(form.getTaskId());
form.getProperty("approveUpdate").get().setValue(Boolean.TRUE.toString());
userWorkflowService.submitForm(form);
// verify that the approved user bears both original and further changes
UserTO approved = userService.read(created.getKey());
assertNotNull(approved);
assertEquals("/even/two", approved.getRealm());
assertEquals(1, approved.getMemberships().size());
assertNotNull(approved.getMembership("b1f7c12d-ec83-441f-a50e-1691daaedf3b").get());
}
Also used :
Response(javax.ws.rs.core.Response)
MembershipPatch(org.apache.syncope.common.lib.patch.MembershipPatch)
StringReplacePatchItem(org.apache.syncope.common.lib.patch.StringReplacePatchItem)
UserSelfService(org.apache.syncope.common.rest.api.service.UserSelfService)
UserTO(org.apache.syncope.common.lib.to.UserTO)
WorkflowFormTO(org.apache.syncope.common.lib.to.WorkflowFormTO)
UserPatch(org.apache.syncope.common.lib.patch.UserPatch)
SyncopeClient(org.apache.syncope.client.lib.SyncopeClient)
Test(org.junit.jupiter.api.Test)
Example 8 with SyncopeClient
use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.
the class GroupITCase method anonymous.
@Test
public void anonymous() {
GroupService unauthenticated = clientFactory.create().getService(GroupService.class);
try {
unauthenticated.search(new AnyQuery.Builder().realm("/even").build());
fail("This should not happen");
} catch (AccessControlException e) {
assertNotNull(e);
}
SyncopeClient anonymous = clientFactory.create(new AnonymousAuthenticationHandler(ANONYMOUS_UNAME, ANONYMOUS_KEY));
try {
anonymous.getService(GroupService.class).search(new AnyQuery.Builder().realm("/even").build());
fail("This should not happen");
} catch (ForbiddenException e) {
assertNotNull(e);
}
assertFalse(anonymous.getService(SyncopeService.class).searchAssignableGroups("/even", null, 1, 100).getResult().isEmpty());
}
Also used :
ForbiddenException(javax.ws.rs.ForbiddenException)
AccessControlException(java.security.AccessControlException)
AnonymousAuthenticationHandler(org.apache.syncope.client.lib.AnonymousAuthenticationHandler)
AnyQuery(org.apache.syncope.common.rest.api.beans.AnyQuery)
GroupService(org.apache.syncope.common.rest.api.service.GroupService)
SyncopeClient(org.apache.syncope.client.lib.SyncopeClient)
Test(org.junit.jupiter.api.Test)
Example 9 with SyncopeClient
use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.
the class JWTITCase method thirdPartyTokenUnknownUser.
@Test
public void thirdPartyTokenUnknownUser() throws ParseException {
// Create a new token
Date now = new Date();
long currentTime = now.getTime() / 1000L;
Calendar expiry = Calendar.getInstance();
expiry.setTime(now);
expiry.add(Calendar.MINUTE, 5);
JwtClaims jwtClaims = new JwtClaims();
jwtClaims.setTokenId(UUID.randomUUID().toString());
jwtClaims.setSubject("strauss@apache.org");
jwtClaims.setIssuedAt(currentTime);
jwtClaims.setIssuer(CustomJWTSSOProvider.ISSUER);
jwtClaims.setExpiryTime(expiry.getTime().getTime() / 1000L);
jwtClaims.setNotBefore(currentTime);
JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512);
JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
JwsSignatureProvider jwsSignatureProvider = new HmacJwsSignatureProvider(CustomJWTSSOProvider.CUSTOM_KEY.getBytes(), SignatureAlgorithm.HS512);
String signed = producer.signWith(jwsSignatureProvider);
SyncopeClient jwtClient = clientFactory.create(signed);
try {
jwtClient.self();
fail("Failure expected on an unknown subject");
} catch (AccessControlException ex) {
// expected
}
}
Also used :
JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken)
JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders)
JwsJwtCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer)
JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims)
Calendar(java.util.Calendar)
HmacJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider)
AccessControlException(java.security.AccessControlException)
Date(java.util.Date)
SyncopeClient(org.apache.syncope.client.lib.SyncopeClient)
JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)
NoneJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider)
HmacJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider)
Test(org.junit.jupiter.api.Test)
Example 10 with SyncopeClient
use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.
the class JWTITCase method expiredToken.
@Test
public void expiredToken() throws ParseException {
// Get an initial token
SyncopeClient localClient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD);
AccessTokenService accessTokenService = localClient.getService(AccessTokenService.class);
Response response = accessTokenService.login();
String token = response.getHeaderString(RESTHeaders.TOKEN);
assertNotNull(token);
JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(token);
String tokenId = consumer.getJwtClaims().getTokenId();
// Create a new token using the Id of the first token
Date now = new Date();
long currentTime = now.getTime() / 1000L;
Calendar expiry = Calendar.getInstance();
expiry.setTime(now);
expiry.add(Calendar.MINUTE, 5);
JwtClaims jwtClaims = new JwtClaims();
jwtClaims.setTokenId(tokenId);
jwtClaims.setSubject(ADMIN_UNAME);
jwtClaims.setIssuedAt(currentTime);
jwtClaims.setIssuer(JWT_ISSUER);
jwtClaims.setExpiryTime((now.getTime() - 5000L) / 1000L);
jwtClaims.setNotBefore(currentTime);
JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512);
JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
JwsSignatureProvider jwsSignatureProvider = new HmacJwsSignatureProvider(JWS_KEY.getBytes(), SignatureAlgorithm.HS512);
String signed = producer.signWith(jwsSignatureProvider);
SyncopeClient jwtClient = clientFactory.create(signed);
UserSelfService jwtUserSelfService = jwtClient.getService(UserSelfService.class);
try {
jwtUserSelfService.read();
fail("Failure expected on an expired token");
} catch (AccessControlException ex) {
// expected
}
}
Also used :
JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims)
UserSelfService(org.apache.syncope.common.rest.api.service.UserSelfService)
Calendar(java.util.Calendar)
AccessControlException(java.security.AccessControlException)
SyncopeClient(org.apache.syncope.client.lib.SyncopeClient)
Date(java.util.Date)
Response(javax.ws.rs.core.Response)
JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken)
JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders)
JwsJwtCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer)
AccessTokenService(org.apache.syncope.common.rest.api.service.AccessTokenService)
HmacJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider)
JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)
JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)
NoneJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider)
HmacJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider)
Test(org.junit.jupiter.api.Test)
Aggregations
SyncopeClient (org.apache.syncope.client.lib.SyncopeClient)40
Test (org.junit.jupiter.api.Test)31
Response (javax.ws.rs.core.Response)15
UserTO (org.apache.syncope.common.lib.to.UserTO)15
UserSelfService (org.apache.syncope.common.rest.api.service.UserSelfService)15
AccessControlException (java.security.AccessControlException)12
JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)11
Date (java.util.Date)10
HmacJwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider)10
JwsHeaders (org.apache.cxf.rs.security.jose.jws.JwsHeaders)10
JwsJwtCompactProducer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer)10
JwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)10
NoneJwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider)10
JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)10
Calendar (java.util.Calendar)9
IOException (java.io.IOException)8
SyncopeClientException (org.apache.syncope.common.lib.SyncopeClientException)8
AccessTokenService (org.apache.syncope.common.rest.api.service.AccessTokenService)8
JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)7
SyncopeClientFactoryBean (org.apache.syncope.client.lib.SyncopeClientFactoryBean)7
