Examples with SyncopeClient org.apache.syncope.client.lib.SyncopeClient used on opensource projects

Example 26 with SyncopeClient

use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.

the class RESTITCase method defaultContentType.

@Test
public void defaultContentType() {
    // manualy instantiate SyncopeClient so that media type can be set to */*
    SyncopeClientFactoryBean factory = new SyncopeClientFactoryBean().setAddress(ADDRESS);
    SyncopeClient client = new SyncopeClient(MediaType.WILDCARD_TYPE, factory.getRestClientFactoryBean(), factory.getExceptionMapper(), new BasicAuthenticationHandler(ADMIN_UNAME, ADMIN_PWD), false);
    // perform operation
    AnyTypeClassService service = client.getService(AnyTypeClassService.class);
    service.list();
    // check that */* was actually sent
    MultivaluedMap<String, String> requestHeaders = WebClient.client(service).getHeaders();
    assertEquals(MediaType.WILDCARD, requestHeaders.getFirst(HttpHeaders.ACCEPT));
    // check that application/json was received
    String contentType = WebClient.client(service).getResponse().getHeaderString(HttpHeaders.CONTENT_TYPE);
    assertTrue(contentType.startsWith(MediaType.APPLICATION_JSON));
}

Example 27 with SyncopeClient

use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.

the class ResourceITCase method authorizations.

@Test
public void authorizations() {
    SyncopeClient puccini = clientFactory.create("puccini", ADMIN_PWD);
    ResourceService prs = puccini.getService(ResourceService.class);
    // 1. attempt to read a resource for a connector with a different admin realm: fail
    try {
        prs.read(RESOURCE_NAME_WS1);
        fail("This should not happen");
    } catch (SyncopeClientException e) {
        assertEquals(ClientExceptionType.DelegatedAdministration, e.getType());
    }
    // 2. read and upate a resource for a connector in the realm for which entitlements are owned: succeed
    try {
        ResourceTO scriptedsql = prs.read(RESOURCE_NAME_DBSCRIPTED);
        assertEquals(TraceLevel.ALL, scriptedsql.getCreateTraceLevel());
        scriptedsql.setCreateTraceLevel(TraceLevel.FAILURES);
        prs.update(scriptedsql);
        scriptedsql = prs.read(RESOURCE_NAME_DBSCRIPTED);
        assertEquals(TraceLevel.FAILURES, scriptedsql.getCreateTraceLevel());
    } finally {
        ResourceTO scriptedsql = resourceService.read(RESOURCE_NAME_DBSCRIPTED);
        scriptedsql.setCreateTraceLevel(TraceLevel.ALL);
        resourceService.update(scriptedsql);
    }
}

Example 28 with SyncopeClient

use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.

the class AuthenticationITCase method anyTypeEntitlement.

@Test
public void anyTypeEntitlement() {
    final String anyTypeKey = "FOLDER " + getUUIDString();
    // 1. no entitlement exists (yet) for the any type to be created
    assertFalse(syncopeService.platform().getEntitlements().stream().anyMatch(entitlement -> entitlement.contains(anyTypeKey)));
    // 2. create plain schema, any type class and any type
    PlainSchemaTO path = new PlainSchemaTO();
    path.setKey("path" + getUUIDString());
    path.setType(AttrSchemaType.String);
    path = createSchema(SchemaType.PLAIN, path);
    AnyTypeClassTO anyTypeClass = new AnyTypeClassTO();
    anyTypeClass.setKey("folder" + getUUIDString());
    anyTypeClass.getPlainSchemas().add(path.getKey());
    anyTypeClassService.create(anyTypeClass);
    AnyTypeTO anyTypeTO = new AnyTypeTO();
    anyTypeTO.setKey(anyTypeKey);
    anyTypeTO.setKind(AnyTypeKind.ANY_OBJECT);
    anyTypeTO.getClasses().add(anyTypeClass.getKey());
    anyTypeService.create(anyTypeTO);
    // 2. now entitlement exists for the any type just created
    assertTrue(syncopeService.platform().getEntitlements().stream().anyMatch(entitlement -> entitlement.contains(anyTypeKey)));
    // 3. attempt to create an instance of the type above: fail because no entitlement was assigned
    AnyObjectTO folder = new AnyObjectTO();
    folder.setName("home");
    folder.setRealm(SyncopeConstants.ROOT_REALM);
    folder.setType(anyTypeKey);
    folder.getPlainAttrs().add(attrTO(path.getKey(), "/home"));
    SyncopeClient belliniClient = clientFactory.create("bellini", ADMIN_PWD);
    try {
        belliniClient.getService(AnyObjectService.class).create(folder);
        fail("This should not happen");
    } catch (SyncopeClientException e) {
        assertEquals(ClientExceptionType.DelegatedAdministration, e.getType());
    }
    // 4. give create entitlement for the any type just created
    RoleTO role = new RoleTO();
    role.setKey("role" + getUUIDString());
    role.getRealms().add(SyncopeConstants.ROOT_REALM);
    role.getEntitlements().add(anyTypeKey + "_READ");
    role.getEntitlements().add(anyTypeKey + "_CREATE");
    role = createRole(role);
    UserTO bellini = userService.read("bellini");
    UserPatch patch = new UserPatch();
    patch.setKey(bellini.getKey());
    patch.getRoles().add(new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(role.getKey()).build());
    bellini = updateUser(patch).getEntity();
    assertTrue(bellini.getRoles().contains(role.getKey()));
    // 5. now the instance of the type above can be created successfully
    belliniClient.logout();
    belliniClient.login(new BasicAuthenticationHandler("bellini", ADMIN_PWD));
    belliniClient.getService(AnyObjectService.class).create(folder);
}

Example 29 with SyncopeClient

use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.

the class AuthenticationITCase method checkUserSuspension.

@Test
public void checkUserSuspension() {
    UserTO userTO = UserITCase.getUniqueSampleTO("checkSuspension@syncope.apache.org");
    userTO.setRealm("/odd");
    userTO.getRoles().add("User manager");
    userTO = createUser(userTO).getEntity();
    String userKey = userTO.getKey();
    assertNotNull(userTO);
    assertEquals(0, getFailedLogins(userService, userKey));
    // authentications failed ...
    try {
        clientFactory.create(userTO.getUsername(), "wrongpwd1");
        fail("This should not happen");
    } catch (AccessControlException e) {
        assertNotNull(e);
    }
    try {
        clientFactory.create(userTO.getUsername(), "wrongpwd1");
        fail("This should not happen");
    } catch (AccessControlException e) {
        assertNotNull(e);
    }
    try {
        clientFactory.create(userTO.getUsername(), "wrongpwd1");
        fail("This should not happen");
    } catch (AccessControlException e) {
        assertNotNull(e);
    }
    assertEquals(3, getFailedLogins(userService, userKey));
    // last authentication before suspension
    try {
        clientFactory.create(userTO.getUsername(), "wrongpwd1");
        fail("This should not happen");
    } catch (AccessControlException e) {
        assertNotNull(e);
    }
    userTO = userService.read(userTO.getKey());
    assertNotNull(userTO);
    assertNotNull(userTO.getFailedLogins());
    assertEquals(3, userTO.getFailedLogins().intValue());
    assertEquals("suspended", userTO.getStatus());
    // Access with correct credentials should fail as user is suspended
    try {
        clientFactory.create(userTO.getUsername(), "password123");
        fail("This should not happen");
    } catch (AccessControlException e) {
        assertNotNull(e);
    }
    StatusPatch reactivate = new StatusPatch.Builder().key(userTO.getKey()).type(StatusPatchType.REACTIVATE).build();
    userTO = userService.status(reactivate).readEntity(new GenericType<ProvisioningResult<UserTO>>() {
    }).getEntity();
    assertNotNull(userTO);
    assertEquals("active", userTO.getStatus());
    SyncopeClient goodPwdClient = clientFactory.create(userTO.getUsername(), "password123");
    assertEquals(0, goodPwdClient.self().getRight().getFailedLogins().intValue());
}

Example 30 with SyncopeClient

use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.

the class JWTITCase method getJWTToken.

@Test
public void getJWTToken() throws ParseException {
    // Get the token
    SyncopeClient localClient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD);
    AccessTokenService accessTokenService = localClient.getService(AccessTokenService.class);
    Response response = accessTokenService.login();
    String token = response.getHeaderString(RESTHeaders.TOKEN);
    assertNotNull(token);
    String expiry = response.getHeaderString(RESTHeaders.TOKEN_EXPIRE);
    assertNotNull(expiry);
    // Validate the signature
    JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(token);
    JwsSignatureVerifier jwsSignatureVerifier = new HmacJwsSignatureVerifier(JWS_KEY.getBytes(), SignatureAlgorithm.HS512);
    assertTrue(consumer.verifySignatureWith(jwsSignatureVerifier));
    Date now = new Date();
    // Verify the expiry header matches that of the token
    Long expiryTime = consumer.getJwtClaims().getExpiryTime();
    assertNotNull(expiryTime);
    SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssXXX");
    Date tokenDate = dateFormat.parse(dateFormat.format(new Date(expiryTime * 1000L)));
    Date parsedDate = dateFormat.parse(expiry);
    assertEquals(tokenDate, parsedDate);
    assertTrue(parsedDate.after(now));
    // Verify issuedAt
    Long issuedAt = consumer.getJwtClaims().getIssuedAt();
    assertNotNull(issuedAt);
    assertTrue(new Date(issuedAt).before(now));
    // Validate subject + issuer
    assertEquals(ADMIN_UNAME, consumer.getJwtClaims().getSubject());
    assertEquals(JWT_ISSUER, consumer.getJwtClaims().getIssuer());
    // Verify NotBefore
    Long notBefore = consumer.getJwtClaims().getNotBefore();
    assertNotNull(notBefore);
    assertTrue(new Date(notBefore).before(now));
}