Search in sources :

Example 16 with SyncopeClient

use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.

the class JWTITCase method queryUsingToken.

@Test
public void queryUsingToken() throws ParseException {
    // Get the token
    SyncopeClient localClient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD);
    AccessTokenService accessTokenService = localClient.getService(AccessTokenService.class);
    Response response = accessTokenService.login();
    String token = response.getHeaderString(RESTHeaders.TOKEN);
    assertNotNull(token);
    // Query the UserSelfService using the token
    SyncopeClient jwtClient = clientFactory.create(token);
    UserSelfService jwtUserSelfService = jwtClient.getService(UserSelfService.class);
    jwtUserSelfService.read();
    // Test a "bad" token
    jwtClient = clientFactory.create(token + "xyz");
    jwtUserSelfService = jwtClient.getService(UserSelfService.class);
    try {
        jwtUserSelfService.read();
        fail("Failure expected on a modified token");
    } catch (WebServiceException ex) {
    // expected
    }
}
Also used : Response(javax.ws.rs.core.Response) WebServiceException(javax.xml.ws.WebServiceException) AccessTokenService(org.apache.syncope.common.rest.api.service.AccessTokenService) UserSelfService(org.apache.syncope.common.rest.api.service.UserSelfService) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) Test(org.junit.jupiter.api.Test)

Example 17 with SyncopeClient

use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.

the class RESTITCase method noContent.

@Test
public void noContent() throws IOException {
    SyncopeClient noContentclient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD);
    GroupService noContentService = noContentclient.prefer(noContentclient.getService(GroupService.class), Preference.RETURN_NO_CONTENT);
    GroupTO group = GroupITCase.getSampleTO("noContent");
    Response response = noContentService.create(group);
    assertEquals(Response.Status.CREATED.getStatusCode(), response.getStatus());
    assertEquals(Preference.RETURN_NO_CONTENT.toString(), response.getHeaderString(RESTHeaders.PREFERENCE_APPLIED));
    assertEquals(StringUtils.EMPTY, IOUtils.toString((InputStream) response.getEntity(), StandardCharsets.UTF_8));
    group = getObject(response.getLocation(), GroupService.class, GroupTO.class);
    assertNotNull(group);
    GroupPatch groupPatch = new GroupPatch();
    groupPatch.setKey(group.getKey());
    groupPatch.getPlainAttrs().add(attrAddReplacePatch("badge", "xxxxxxxxxx"));
    response = noContentService.update(groupPatch);
    assertEquals(Response.Status.NO_CONTENT.getStatusCode(), response.getStatus());
    assertEquals(Preference.RETURN_NO_CONTENT.toString(), response.getHeaderString(RESTHeaders.PREFERENCE_APPLIED));
    assertEquals(StringUtils.EMPTY, IOUtils.toString((InputStream) response.getEntity(), StandardCharsets.UTF_8));
    response = noContentService.delete(group.getKey());
    assertEquals(Response.Status.NO_CONTENT.getStatusCode(), response.getStatus());
    assertEquals(Preference.RETURN_NO_CONTENT.toString(), response.getHeaderString(RESTHeaders.PREFERENCE_APPLIED));
    assertEquals(StringUtils.EMPTY, IOUtils.toString((InputStream) response.getEntity(), StandardCharsets.UTF_8));
}
Also used : Response(javax.ws.rs.core.Response) InputStream(java.io.InputStream) GroupService(org.apache.syncope.common.rest.api.service.GroupService) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) GroupPatch(org.apache.syncope.common.lib.patch.GroupPatch) GroupTO(org.apache.syncope.common.lib.to.GroupTO) Test(org.junit.jupiter.api.Test)

Example 18 with SyncopeClient

use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.

the class ConnectorITCase method authorizations.

@Test
public void authorizations() {
    SyncopeClient puccini = clientFactory.create("puccini", ADMIN_PWD);
    ConnectorService pcs = puccini.getService(ConnectorService.class);
    // 1. list connectors: get only the ones allowed
    List<ConnInstanceTO> connInstances = pcs.list(null);
    assertEquals(2, connInstances.size());
    assertTrue(connInstances.stream().allMatch(connInstance -> "a6d017fd-a705-4507-bb7c-6ab6a6745997".equals(connInstance.getKey()) || "44c02549-19c3-483c-8025-4919c3283c37".equals(connInstance.getKey())));
    // 2. attempt to read a connector with a different admin realm: fail
    try {
        pcs.read("88a7a819-dab5-46b4-9b90-0b9769eabdb8", null);
        fail("This should not happen");
    } catch (SyncopeClientException e) {
        assertEquals(ClientExceptionType.DelegatedAdministration, e.getType());
    }
    // 3. read and upate a connector in the realm for which entitlements are owned: succeed
    try {
        ConnInstanceTO scriptedsql = pcs.read("a6d017fd-a705-4507-bb7c-6ab6a6745997", null);
        ConnConfProperty reloadScriptOnExecution = scriptedsql.getConf("reloadScriptOnExecution").get();
        assertEquals("true", reloadScriptOnExecution.getValues().get(0).toString());
        reloadScriptOnExecution.getValues().set(0, "false");
        pcs.update(scriptedsql);
        scriptedsql = pcs.read(scriptedsql.getKey(), null);
        reloadScriptOnExecution = scriptedsql.getConf("reloadScriptOnExecution").get();
        assertEquals("false", reloadScriptOnExecution.getValues().get(0).toString());
    } finally {
        ConnInstanceTO scriptedsql = connectorService.read("a6d017fd-a705-4507-bb7c-6ab6a6745997", null);
        ConnConfProperty reloadScriptOnExecution = scriptedsql.getConf("reloadScriptOnExecution").get();
        reloadScriptOnExecution.getValues().set(0, "true");
        connectorService.update(scriptedsql);
    }
}
Also used : Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) Assertions.fail(org.junit.jupiter.api.Assertions.fail) Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull) ProvisionTO(org.apache.syncope.common.lib.to.ProvisionTO) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) Assertions.assertNotEquals(org.junit.jupiter.api.Assertions.assertNotEquals) Assertions.assertNull(org.junit.jupiter.api.Assertions.assertNull) SerializationUtils(org.apache.commons.lang3.SerializationUtils) ConnConfPropSchema(org.apache.syncope.common.lib.types.ConnConfPropSchema) HashSet(java.util.HashSet) AnyTypeKind(org.apache.syncope.common.lib.types.AnyTypeKind) GuardedString(org.identityconnectors.common.security.GuardedString) ConnConfProperty(org.apache.syncope.common.lib.types.ConnConfProperty) Assertions.assertFalse(org.junit.jupiter.api.Assertions.assertFalse) BeforeAll(org.junit.jupiter.api.BeforeAll) Locale(java.util.Locale) ItemTO(org.apache.syncope.common.lib.to.ItemTO) ClientExceptionType(org.apache.syncope.common.lib.types.ClientExceptionType) Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals) AbstractITCase(org.apache.syncope.fit.AbstractITCase) EnumSet(java.util.EnumSet) SyncopeConstants(org.apache.syncope.common.lib.SyncopeConstants) Properties(java.util.Properties) ResourceTO(org.apache.syncope.common.lib.to.ResourceTO) MappingTO(org.apache.syncope.common.lib.to.MappingTO) Collection(java.util.Collection) Set(java.util.Set) IOException(java.io.IOException) UUID(java.util.UUID) ConnIdObjectClassTO(org.apache.syncope.common.lib.to.ConnIdObjectClassTO) ResourceService(org.apache.syncope.common.rest.api.service.ResourceService) Collectors(java.util.stream.Collectors) Test(org.junit.jupiter.api.Test) List(java.util.List) ConnInstanceHistoryConfTO(org.apache.syncope.common.lib.to.ConnInstanceHistoryConfTO) Response(javax.ws.rs.core.Response) ConnectorCapability(org.apache.syncope.common.lib.types.ConnectorCapability) ObjectClass(org.identityconnectors.framework.common.objects.ObjectClass) Assertions.assertTrue(org.junit.jupiter.api.Assertions.assertTrue) ConnectorService(org.apache.syncope.common.rest.api.service.ConnectorService) ConnInstanceTO(org.apache.syncope.common.lib.to.ConnInstanceTO) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) InputStream(java.io.InputStream) ExceptionUtils(org.apache.commons.lang3.exception.ExceptionUtils) ConnBundleTO(org.apache.syncope.common.lib.to.ConnBundleTO) ConnPoolConfTO(org.apache.syncope.common.lib.to.ConnPoolConfTO) ConnInstanceTO(org.apache.syncope.common.lib.to.ConnInstanceTO) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) ConnConfProperty(org.apache.syncope.common.lib.types.ConnConfProperty) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) ConnectorService(org.apache.syncope.common.rest.api.service.ConnectorService) Test(org.junit.jupiter.api.Test)

Example 19 with SyncopeClient

use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.

the class AssertionConsumer method doPost.

@Override
protected void doPost(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
    SyncopeClient anonymous = (SyncopeClient) request.getServletContext().getAttribute(Constants.SYNCOPE_ANONYMOUS_CLIENT);
    try {
        SAML2LoginResponseTO responseTO = anonymous.getService(SAML2SPService.class).validateLoginResponse(extract(StringUtils.substringBefore(request.getRequestURL().toString(), "/saml2sp"), "saml2sp", request.getRemoteAddr(), request.getInputStream()));
        if (responseTO.isSelfReg()) {
            responseTO.getAttrs().add(new AttrTO.Builder().schema("username").values(responseTO.getUsername()).build());
            request.getSession(true).setAttribute(Constants.SAML2SP_USER_ATTRS, MAPPER.writeValueAsString(responseTO.getAttrs()));
            String selfRegRedirectURL = getServletContext().getInitParameter(Constants.CONTEXT_PARAM_REDIRECT_SELFREG_URL);
            if (selfRegRedirectURL == null) {
                request.setAttribute("responseTO", responseTO);
                request.getRequestDispatcher("loginSuccess.jsp").forward(request, response);
            } else {
                response.sendRedirect(selfRegRedirectURL);
            }
        } else {
            request.getSession(true).setAttribute(Constants.SAML2SPJWT, responseTO.getAccessToken());
            request.getSession(true).setAttribute(Constants.SAML2SPJWT_EXPIRE, responseTO.getAccessTokenExpiryTime());
            String successURL = getServletContext().getInitParameter(Constants.CONTEXT_PARAM_LOGIN_SUCCESS_URL);
            if (successURL == null) {
                request.setAttribute("responseTO", responseTO);
                request.getRequestDispatcher("loginSuccess.jsp").forward(request, response);
            } else {
                response.sendRedirect(successURL + "?sloSupported=" + responseTO.isSloSupported());
            }
        }
    } catch (Exception e) {
        LOG.error("While processing authentication response from IdP", e);
        String errorURL = getServletContext().getInitParameter(Constants.CONTEXT_PARAM_LOGIN_ERROR_URL);
        if (errorURL == null) {
            request.setAttribute("exception", e);
            request.getRequestDispatcher("loginError.jsp").forward(request, response);
            e.printStackTrace(response.getWriter());
        } else {
            response.sendRedirect(errorURL + "?errorMessage=" + URLEncoder.encode(e.getMessage(), StandardCharsets.UTF_8.name()));
        }
    }
}
Also used : SAML2SPService(org.apache.syncope.common.rest.api.service.SAML2SPService) SAML2LoginResponseTO(org.apache.syncope.common.lib.to.SAML2LoginResponseTO) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) ServletException(javax.servlet.ServletException) IOException(java.io.IOException)

Example 20 with SyncopeClient

use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.

the class Login method doGet.

@Override
protected void doGet(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
    String idp = request.getParameter(Constants.PARAM_IDP);
    SyncopeClient anonymous = (SyncopeClient) request.getServletContext().getAttribute(Constants.SYNCOPE_ANONYMOUS_CLIENT);
    try {
        SAML2RequestTO requestTO = anonymous.getService(SAML2SPService.class).createLoginRequest(StringUtils.substringBefore(request.getRequestURL().toString(), "/saml2sp"), idp);
        prepare(response, requestTO);
    } catch (Exception e) {
        LOG.error("While preparing authentication request to IdP", e);
        String errorURL = getServletContext().getInitParameter(Constants.CONTEXT_PARAM_LOGIN_ERROR_URL);
        if (errorURL == null) {
            request.setAttribute("exception", e);
            request.getRequestDispatcher("loginError.jsp").forward(request, response);
            e.printStackTrace(response.getWriter());
        } else {
            response.sendRedirect(errorURL + "?errorMessage=" + URLEncoder.encode(e.getMessage(), StandardCharsets.UTF_8.name()));
        }
    }
}
Also used : SAML2SPService(org.apache.syncope.common.rest.api.service.SAML2SPService) SAML2RequestTO(org.apache.syncope.common.lib.to.SAML2RequestTO) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) ServletException(javax.servlet.ServletException) IOException(java.io.IOException)

Aggregations

SyncopeClient (org.apache.syncope.client.lib.SyncopeClient)40 Test (org.junit.jupiter.api.Test)31 Response (javax.ws.rs.core.Response)15 UserTO (org.apache.syncope.common.lib.to.UserTO)15 UserSelfService (org.apache.syncope.common.rest.api.service.UserSelfService)15 AccessControlException (java.security.AccessControlException)12 JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)11 Date (java.util.Date)10 HmacJwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider)10 JwsHeaders (org.apache.cxf.rs.security.jose.jws.JwsHeaders)10 JwsJwtCompactProducer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer)10 JwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)10 NoneJwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider)10 JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)10 Calendar (java.util.Calendar)9 IOException (java.io.IOException)8 SyncopeClientException (org.apache.syncope.common.lib.SyncopeClientException)8 AccessTokenService (org.apache.syncope.common.rest.api.service.AccessTokenService)8 JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)7 SyncopeClientFactoryBean (org.apache.syncope.client.lib.SyncopeClientFactoryBean)7