use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.
the class RESTITCase method defaultContentType.
@Test
public void defaultContentType() {
// manualy instantiate SyncopeClient so that media type can be set to */*
SyncopeClientFactoryBean factory = new SyncopeClientFactoryBean().setAddress(ADDRESS);
SyncopeClient client = new SyncopeClient(MediaType.WILDCARD_TYPE, factory.getRestClientFactoryBean(), factory.getExceptionMapper(), new BasicAuthenticationHandler(ADMIN_UNAME, ADMIN_PWD), false);
// perform operation
AnyTypeClassService service = client.getService(AnyTypeClassService.class);
service.list();
// check that */* was actually sent
MultivaluedMap<String, String> requestHeaders = WebClient.client(service).getHeaders();
assertEquals(MediaType.WILDCARD, requestHeaders.getFirst(HttpHeaders.ACCEPT));
// check that application/json was received
String contentType = WebClient.client(service).getResponse().getHeaderString(HttpHeaders.CONTENT_TYPE);
assertTrue(contentType.startsWith(MediaType.APPLICATION_JSON));
}
use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.
the class ResourceITCase method authorizations.
@Test
public void authorizations() {
SyncopeClient puccini = clientFactory.create("puccini", ADMIN_PWD);
ResourceService prs = puccini.getService(ResourceService.class);
// 1. attempt to read a resource for a connector with a different admin realm: fail
try {
prs.read(RESOURCE_NAME_WS1);
fail("This should not happen");
} catch (SyncopeClientException e) {
assertEquals(ClientExceptionType.DelegatedAdministration, e.getType());
}
// 2. read and upate a resource for a connector in the realm for which entitlements are owned: succeed
try {
ResourceTO scriptedsql = prs.read(RESOURCE_NAME_DBSCRIPTED);
assertEquals(TraceLevel.ALL, scriptedsql.getCreateTraceLevel());
scriptedsql.setCreateTraceLevel(TraceLevel.FAILURES);
prs.update(scriptedsql);
scriptedsql = prs.read(RESOURCE_NAME_DBSCRIPTED);
assertEquals(TraceLevel.FAILURES, scriptedsql.getCreateTraceLevel());
} finally {
ResourceTO scriptedsql = resourceService.read(RESOURCE_NAME_DBSCRIPTED);
scriptedsql.setCreateTraceLevel(TraceLevel.ALL);
resourceService.update(scriptedsql);
}
}
use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.
the class AuthenticationITCase method anyTypeEntitlement.
@Test
public void anyTypeEntitlement() {
final String anyTypeKey = "FOLDER " + getUUIDString();
// 1. no entitlement exists (yet) for the any type to be created
assertFalse(syncopeService.platform().getEntitlements().stream().anyMatch(entitlement -> entitlement.contains(anyTypeKey)));
// 2. create plain schema, any type class and any type
PlainSchemaTO path = new PlainSchemaTO();
path.setKey("path" + getUUIDString());
path.setType(AttrSchemaType.String);
path = createSchema(SchemaType.PLAIN, path);
AnyTypeClassTO anyTypeClass = new AnyTypeClassTO();
anyTypeClass.setKey("folder" + getUUIDString());
anyTypeClass.getPlainSchemas().add(path.getKey());
anyTypeClassService.create(anyTypeClass);
AnyTypeTO anyTypeTO = new AnyTypeTO();
anyTypeTO.setKey(anyTypeKey);
anyTypeTO.setKind(AnyTypeKind.ANY_OBJECT);
anyTypeTO.getClasses().add(anyTypeClass.getKey());
anyTypeService.create(anyTypeTO);
// 2. now entitlement exists for the any type just created
assertTrue(syncopeService.platform().getEntitlements().stream().anyMatch(entitlement -> entitlement.contains(anyTypeKey)));
// 3. attempt to create an instance of the type above: fail because no entitlement was assigned
AnyObjectTO folder = new AnyObjectTO();
folder.setName("home");
folder.setRealm(SyncopeConstants.ROOT_REALM);
folder.setType(anyTypeKey);
folder.getPlainAttrs().add(attrTO(path.getKey(), "/home"));
SyncopeClient belliniClient = clientFactory.create("bellini", ADMIN_PWD);
try {
belliniClient.getService(AnyObjectService.class).create(folder);
fail("This should not happen");
} catch (SyncopeClientException e) {
assertEquals(ClientExceptionType.DelegatedAdministration, e.getType());
}
// 4. give create entitlement for the any type just created
RoleTO role = new RoleTO();
role.setKey("role" + getUUIDString());
role.getRealms().add(SyncopeConstants.ROOT_REALM);
role.getEntitlements().add(anyTypeKey + "_READ");
role.getEntitlements().add(anyTypeKey + "_CREATE");
role = createRole(role);
UserTO bellini = userService.read("bellini");
UserPatch patch = new UserPatch();
patch.setKey(bellini.getKey());
patch.getRoles().add(new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(role.getKey()).build());
bellini = updateUser(patch).getEntity();
assertTrue(bellini.getRoles().contains(role.getKey()));
// 5. now the instance of the type above can be created successfully
belliniClient.logout();
belliniClient.login(new BasicAuthenticationHandler("bellini", ADMIN_PWD));
belliniClient.getService(AnyObjectService.class).create(folder);
}
use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.
the class AuthenticationITCase method checkUserSuspension.
@Test
public void checkUserSuspension() {
UserTO userTO = UserITCase.getUniqueSampleTO("checkSuspension@syncope.apache.org");
userTO.setRealm("/odd");
userTO.getRoles().add("User manager");
userTO = createUser(userTO).getEntity();
String userKey = userTO.getKey();
assertNotNull(userTO);
assertEquals(0, getFailedLogins(userService, userKey));
// authentications failed ...
try {
clientFactory.create(userTO.getUsername(), "wrongpwd1");
fail("This should not happen");
} catch (AccessControlException e) {
assertNotNull(e);
}
try {
clientFactory.create(userTO.getUsername(), "wrongpwd1");
fail("This should not happen");
} catch (AccessControlException e) {
assertNotNull(e);
}
try {
clientFactory.create(userTO.getUsername(), "wrongpwd1");
fail("This should not happen");
} catch (AccessControlException e) {
assertNotNull(e);
}
assertEquals(3, getFailedLogins(userService, userKey));
// last authentication before suspension
try {
clientFactory.create(userTO.getUsername(), "wrongpwd1");
fail("This should not happen");
} catch (AccessControlException e) {
assertNotNull(e);
}
userTO = userService.read(userTO.getKey());
assertNotNull(userTO);
assertNotNull(userTO.getFailedLogins());
assertEquals(3, userTO.getFailedLogins().intValue());
assertEquals("suspended", userTO.getStatus());
// Access with correct credentials should fail as user is suspended
try {
clientFactory.create(userTO.getUsername(), "password123");
fail("This should not happen");
} catch (AccessControlException e) {
assertNotNull(e);
}
StatusPatch reactivate = new StatusPatch.Builder().key(userTO.getKey()).type(StatusPatchType.REACTIVATE).build();
userTO = userService.status(reactivate).readEntity(new GenericType<ProvisioningResult<UserTO>>() {
}).getEntity();
assertNotNull(userTO);
assertEquals("active", userTO.getStatus());
SyncopeClient goodPwdClient = clientFactory.create(userTO.getUsername(), "password123");
assertEquals(0, goodPwdClient.self().getRight().getFailedLogins().intValue());
}
use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.
the class JWTITCase method getJWTToken.
@Test
public void getJWTToken() throws ParseException {
// Get the token
SyncopeClient localClient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD);
AccessTokenService accessTokenService = localClient.getService(AccessTokenService.class);
Response response = accessTokenService.login();
String token = response.getHeaderString(RESTHeaders.TOKEN);
assertNotNull(token);
String expiry = response.getHeaderString(RESTHeaders.TOKEN_EXPIRE);
assertNotNull(expiry);
// Validate the signature
JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(token);
JwsSignatureVerifier jwsSignatureVerifier = new HmacJwsSignatureVerifier(JWS_KEY.getBytes(), SignatureAlgorithm.HS512);
assertTrue(consumer.verifySignatureWith(jwsSignatureVerifier));
Date now = new Date();
// Verify the expiry header matches that of the token
Long expiryTime = consumer.getJwtClaims().getExpiryTime();
assertNotNull(expiryTime);
SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssXXX");
Date tokenDate = dateFormat.parse(dateFormat.format(new Date(expiryTime * 1000L)));
Date parsedDate = dateFormat.parse(expiry);
assertEquals(tokenDate, parsedDate);
assertTrue(parsedDate.after(now));
// Verify issuedAt
Long issuedAt = consumer.getJwtClaims().getIssuedAt();
assertNotNull(issuedAt);
assertTrue(new Date(issuedAt).before(now));
// Validate subject + issuer
assertEquals(ADMIN_UNAME, consumer.getJwtClaims().getSubject());
assertEquals(JWT_ISSUER, consumer.getJwtClaims().getIssuer());
// Verify NotBefore
Long notBefore = consumer.getJwtClaims().getNotBefore();
assertNotNull(notBefore);
assertTrue(new Date(notBefore).before(now));
}
Aggregations