Search in sources :

Example 26 with SyncopeClient

use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.

the class RESTITCase method defaultContentType.

@Test
public void defaultContentType() {
    // manualy instantiate SyncopeClient so that media type can be set to */*
    SyncopeClientFactoryBean factory = new SyncopeClientFactoryBean().setAddress(ADDRESS);
    SyncopeClient client = new SyncopeClient(MediaType.WILDCARD_TYPE, factory.getRestClientFactoryBean(), factory.getExceptionMapper(), new BasicAuthenticationHandler(ADMIN_UNAME, ADMIN_PWD), false);
    // perform operation
    AnyTypeClassService service = client.getService(AnyTypeClassService.class);
    service.list();
    // check that */* was actually sent
    MultivaluedMap<String, String> requestHeaders = WebClient.client(service).getHeaders();
    assertEquals(MediaType.WILDCARD, requestHeaders.getFirst(HttpHeaders.ACCEPT));
    // check that application/json was received
    String contentType = WebClient.client(service).getResponse().getHeaderString(HttpHeaders.CONTENT_TYPE);
    assertTrue(contentType.startsWith(MediaType.APPLICATION_JSON));
}
Also used : AnyTypeClassService(org.apache.syncope.common.rest.api.service.AnyTypeClassService) SyncopeClientFactoryBean(org.apache.syncope.client.lib.SyncopeClientFactoryBean) BasicAuthenticationHandler(org.apache.syncope.client.lib.BasicAuthenticationHandler) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) Test(org.junit.jupiter.api.Test)

Example 27 with SyncopeClient

use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.

the class ResourceITCase method authorizations.

@Test
public void authorizations() {
    SyncopeClient puccini = clientFactory.create("puccini", ADMIN_PWD);
    ResourceService prs = puccini.getService(ResourceService.class);
    // 1. attempt to read a resource for a connector with a different admin realm: fail
    try {
        prs.read(RESOURCE_NAME_WS1);
        fail("This should not happen");
    } catch (SyncopeClientException e) {
        assertEquals(ClientExceptionType.DelegatedAdministration, e.getType());
    }
    // 2. read and upate a resource for a connector in the realm for which entitlements are owned: succeed
    try {
        ResourceTO scriptedsql = prs.read(RESOURCE_NAME_DBSCRIPTED);
        assertEquals(TraceLevel.ALL, scriptedsql.getCreateTraceLevel());
        scriptedsql.setCreateTraceLevel(TraceLevel.FAILURES);
        prs.update(scriptedsql);
        scriptedsql = prs.read(RESOURCE_NAME_DBSCRIPTED);
        assertEquals(TraceLevel.FAILURES, scriptedsql.getCreateTraceLevel());
    } finally {
        ResourceTO scriptedsql = resourceService.read(RESOURCE_NAME_DBSCRIPTED);
        scriptedsql.setCreateTraceLevel(TraceLevel.ALL);
        resourceService.update(scriptedsql);
    }
}
Also used : ResourceTO(org.apache.syncope.common.lib.to.ResourceTO) ResourceService(org.apache.syncope.common.rest.api.service.ResourceService) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) Test(org.junit.jupiter.api.Test)

Example 28 with SyncopeClient

use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.

the class AuthenticationITCase method anyTypeEntitlement.

@Test
public void anyTypeEntitlement() {
    final String anyTypeKey = "FOLDER " + getUUIDString();
    // 1. no entitlement exists (yet) for the any type to be created
    assertFalse(syncopeService.platform().getEntitlements().stream().anyMatch(entitlement -> entitlement.contains(anyTypeKey)));
    // 2. create plain schema, any type class and any type
    PlainSchemaTO path = new PlainSchemaTO();
    path.setKey("path" + getUUIDString());
    path.setType(AttrSchemaType.String);
    path = createSchema(SchemaType.PLAIN, path);
    AnyTypeClassTO anyTypeClass = new AnyTypeClassTO();
    anyTypeClass.setKey("folder" + getUUIDString());
    anyTypeClass.getPlainSchemas().add(path.getKey());
    anyTypeClassService.create(anyTypeClass);
    AnyTypeTO anyTypeTO = new AnyTypeTO();
    anyTypeTO.setKey(anyTypeKey);
    anyTypeTO.setKind(AnyTypeKind.ANY_OBJECT);
    anyTypeTO.getClasses().add(anyTypeClass.getKey());
    anyTypeService.create(anyTypeTO);
    // 2. now entitlement exists for the any type just created
    assertTrue(syncopeService.platform().getEntitlements().stream().anyMatch(entitlement -> entitlement.contains(anyTypeKey)));
    // 3. attempt to create an instance of the type above: fail because no entitlement was assigned
    AnyObjectTO folder = new AnyObjectTO();
    folder.setName("home");
    folder.setRealm(SyncopeConstants.ROOT_REALM);
    folder.setType(anyTypeKey);
    folder.getPlainAttrs().add(attrTO(path.getKey(), "/home"));
    SyncopeClient belliniClient = clientFactory.create("bellini", ADMIN_PWD);
    try {
        belliniClient.getService(AnyObjectService.class).create(folder);
        fail("This should not happen");
    } catch (SyncopeClientException e) {
        assertEquals(ClientExceptionType.DelegatedAdministration, e.getType());
    }
    // 4. give create entitlement for the any type just created
    RoleTO role = new RoleTO();
    role.setKey("role" + getUUIDString());
    role.getRealms().add(SyncopeConstants.ROOT_REALM);
    role.getEntitlements().add(anyTypeKey + "_READ");
    role.getEntitlements().add(anyTypeKey + "_CREATE");
    role = createRole(role);
    UserTO bellini = userService.read("bellini");
    UserPatch patch = new UserPatch();
    patch.setKey(bellini.getKey());
    patch.getRoles().add(new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(role.getKey()).build());
    bellini = updateUser(patch).getEntity();
    assertTrue(bellini.getRoles().contains(role.getKey()));
    // 5. now the instance of the type above can be created successfully
    belliniClient.logout();
    belliniClient.login(new BasicAuthenticationHandler("bellini", ADMIN_PWD));
    belliniClient.getService(AnyObjectService.class).create(folder);
}
Also used : StringPatchItem(org.apache.syncope.common.lib.patch.StringPatchItem) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) Autowired(org.springframework.beans.factory.annotation.Autowired) UserPatch(org.apache.syncope.common.lib.patch.UserPatch) ProvisioningResult(org.apache.syncope.common.lib.to.ProvisioningResult) ResourceDeassociationAction(org.apache.syncope.common.lib.types.ResourceDeassociationAction) AnyTypeKind(org.apache.syncope.common.lib.types.AnyTypeKind) SpringJUnitConfig(org.springframework.test.context.junit.jupiter.SpringJUnitConfig) Assertions.assertFalse(org.junit.jupiter.api.Assertions.assertFalse) Pair(org.apache.commons.lang3.tuple.Pair) AttrSchemaType(org.apache.syncope.common.lib.types.AttrSchemaType) Map(java.util.Map) RESTHeaders(org.apache.syncope.common.rest.api.RESTHeaders) PagedResult(org.apache.syncope.common.lib.to.PagedResult) FlowableDetector(org.apache.syncope.fit.FlowableDetector) BasicAuthenticationHandler(org.apache.syncope.client.lib.BasicAuthenticationHandler) BulkActionResult(org.apache.syncope.common.lib.to.BulkActionResult) SchemaService(org.apache.syncope.common.rest.api.service.SchemaService) Set(java.util.Set) WorkflowFormTO(org.apache.syncope.common.lib.to.WorkflowFormTO) SchemaType(org.apache.syncope.common.lib.types.SchemaType) Collectors(java.util.stream.Collectors) StatusPatch(org.apache.syncope.common.lib.patch.StatusPatch) GenericType(javax.ws.rs.core.GenericType) Test(org.junit.jupiter.api.Test) Response(javax.ws.rs.core.Response) DeassociationPatch(org.apache.syncope.common.lib.patch.DeassociationPatch) Assertions.assertTrue(org.junit.jupiter.api.Assertions.assertTrue) AccessControlException(java.security.AccessControlException) Assertions.fail(org.junit.jupiter.api.Assertions.fail) Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull) StandardEntitlement(org.apache.syncope.common.lib.types.StandardEntitlement) AnonymousAuthenticationHandler(org.apache.syncope.client.lib.AnonymousAuthenticationHandler) UserService(org.apache.syncope.common.rest.api.service.UserService) JdbcTemplate(org.springframework.jdbc.core.JdbcTemplate) PlainSchemaTO(org.apache.syncope.common.lib.to.PlainSchemaTO) RoleTO(org.apache.syncope.common.lib.to.RoleTO) Assumptions.assumeTrue(org.junit.jupiter.api.Assumptions.assumeTrue) DataSource(javax.sql.DataSource) ClientExceptionType(org.apache.syncope.common.lib.types.ClientExceptionType) Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals) AbstractITCase(org.apache.syncope.fit.AbstractITCase) AnyQuery(org.apache.syncope.common.rest.api.beans.AnyQuery) AnyObjectService(org.apache.syncope.common.rest.api.service.AnyObjectService) MembershipTO(org.apache.syncope.common.lib.to.MembershipTO) CipherAlgorithm(org.apache.syncope.common.lib.types.CipherAlgorithm) AnyTypeClassTO(org.apache.syncope.common.lib.to.AnyTypeClassTO) SyncopeConstants(org.apache.syncope.common.lib.SyncopeConstants) Encryptor(org.apache.syncope.core.spring.security.Encryptor) ForbiddenException(javax.ws.rs.ForbiddenException) StatusPatchType(org.apache.syncope.common.lib.types.StatusPatchType) AnyTypeTO(org.apache.syncope.common.lib.to.AnyTypeTO) PasswordPatch(org.apache.syncope.common.lib.patch.PasswordPatch) PatchOperation(org.apache.syncope.common.lib.types.PatchOperation) StringReplacePatchItem(org.apache.syncope.common.lib.patch.StringReplacePatchItem) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) UserTO(org.apache.syncope.common.lib.to.UserTO) AnyObjectTO(org.apache.syncope.common.lib.to.AnyObjectTO) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) AnyTypeTO(org.apache.syncope.common.lib.to.AnyTypeTO) RoleTO(org.apache.syncope.common.lib.to.RoleTO) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) UserPatch(org.apache.syncope.common.lib.patch.UserPatch) PlainSchemaTO(org.apache.syncope.common.lib.to.PlainSchemaTO) AnyObjectTO(org.apache.syncope.common.lib.to.AnyObjectTO) AnyObjectService(org.apache.syncope.common.rest.api.service.AnyObjectService) UserTO(org.apache.syncope.common.lib.to.UserTO) BasicAuthenticationHandler(org.apache.syncope.client.lib.BasicAuthenticationHandler) AnyTypeClassTO(org.apache.syncope.common.lib.to.AnyTypeClassTO) Test(org.junit.jupiter.api.Test)

Example 29 with SyncopeClient

use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.

the class AuthenticationITCase method checkUserSuspension.

@Test
public void checkUserSuspension() {
    UserTO userTO = UserITCase.getUniqueSampleTO("checkSuspension@syncope.apache.org");
    userTO.setRealm("/odd");
    userTO.getRoles().add("User manager");
    userTO = createUser(userTO).getEntity();
    String userKey = userTO.getKey();
    assertNotNull(userTO);
    assertEquals(0, getFailedLogins(userService, userKey));
    // authentications failed ...
    try {
        clientFactory.create(userTO.getUsername(), "wrongpwd1");
        fail("This should not happen");
    } catch (AccessControlException e) {
        assertNotNull(e);
    }
    try {
        clientFactory.create(userTO.getUsername(), "wrongpwd1");
        fail("This should not happen");
    } catch (AccessControlException e) {
        assertNotNull(e);
    }
    try {
        clientFactory.create(userTO.getUsername(), "wrongpwd1");
        fail("This should not happen");
    } catch (AccessControlException e) {
        assertNotNull(e);
    }
    assertEquals(3, getFailedLogins(userService, userKey));
    // last authentication before suspension
    try {
        clientFactory.create(userTO.getUsername(), "wrongpwd1");
        fail("This should not happen");
    } catch (AccessControlException e) {
        assertNotNull(e);
    }
    userTO = userService.read(userTO.getKey());
    assertNotNull(userTO);
    assertNotNull(userTO.getFailedLogins());
    assertEquals(3, userTO.getFailedLogins().intValue());
    assertEquals("suspended", userTO.getStatus());
    // Access with correct credentials should fail as user is suspended
    try {
        clientFactory.create(userTO.getUsername(), "password123");
        fail("This should not happen");
    } catch (AccessControlException e) {
        assertNotNull(e);
    }
    StatusPatch reactivate = new StatusPatch.Builder().key(userTO.getKey()).type(StatusPatchType.REACTIVATE).build();
    userTO = userService.status(reactivate).readEntity(new GenericType<ProvisioningResult<UserTO>>() {
    }).getEntity();
    assertNotNull(userTO);
    assertEquals("active", userTO.getStatus());
    SyncopeClient goodPwdClient = clientFactory.create(userTO.getUsername(), "password123");
    assertEquals(0, goodPwdClient.self().getRight().getFailedLogins().intValue());
}
Also used : UserTO(org.apache.syncope.common.lib.to.UserTO) ProvisioningResult(org.apache.syncope.common.lib.to.ProvisioningResult) AccessControlException(java.security.AccessControlException) StatusPatch(org.apache.syncope.common.lib.patch.StatusPatch) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) Test(org.junit.jupiter.api.Test)

Example 30 with SyncopeClient

use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.

the class JWTITCase method getJWTToken.

@Test
public void getJWTToken() throws ParseException {
    // Get the token
    SyncopeClient localClient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD);
    AccessTokenService accessTokenService = localClient.getService(AccessTokenService.class);
    Response response = accessTokenService.login();
    String token = response.getHeaderString(RESTHeaders.TOKEN);
    assertNotNull(token);
    String expiry = response.getHeaderString(RESTHeaders.TOKEN_EXPIRE);
    assertNotNull(expiry);
    // Validate the signature
    JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(token);
    JwsSignatureVerifier jwsSignatureVerifier = new HmacJwsSignatureVerifier(JWS_KEY.getBytes(), SignatureAlgorithm.HS512);
    assertTrue(consumer.verifySignatureWith(jwsSignatureVerifier));
    Date now = new Date();
    // Verify the expiry header matches that of the token
    Long expiryTime = consumer.getJwtClaims().getExpiryTime();
    assertNotNull(expiryTime);
    SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssXXX");
    Date tokenDate = dateFormat.parse(dateFormat.format(new Date(expiryTime * 1000L)));
    Date parsedDate = dateFormat.parse(expiry);
    assertEquals(tokenDate, parsedDate);
    assertTrue(parsedDate.after(now));
    // Verify issuedAt
    Long issuedAt = consumer.getJwtClaims().getIssuedAt();
    assertNotNull(issuedAt);
    assertTrue(new Date(issuedAt).before(now));
    // Validate subject + issuer
    assertEquals(ADMIN_UNAME, consumer.getJwtClaims().getSubject());
    assertEquals(JWT_ISSUER, consumer.getJwtClaims().getIssuer());
    // Verify NotBefore
    Long notBefore = consumer.getJwtClaims().getNotBefore();
    assertNotNull(notBefore);
    assertTrue(new Date(notBefore).before(now));
}
Also used : Response(javax.ws.rs.core.Response) HmacJwsSignatureVerifier(org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureVerifier) JwsSignatureVerifier(org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier) AccessTokenService(org.apache.syncope.common.rest.api.service.AccessTokenService) HmacJwsSignatureVerifier(org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureVerifier) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) SimpleDateFormat(java.text.SimpleDateFormat) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) Date(java.util.Date) Test(org.junit.jupiter.api.Test)

Aggregations

SyncopeClient (org.apache.syncope.client.lib.SyncopeClient)40 Test (org.junit.jupiter.api.Test)31 Response (javax.ws.rs.core.Response)15 UserTO (org.apache.syncope.common.lib.to.UserTO)15 UserSelfService (org.apache.syncope.common.rest.api.service.UserSelfService)15 AccessControlException (java.security.AccessControlException)12 JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)11 Date (java.util.Date)10 HmacJwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider)10 JwsHeaders (org.apache.cxf.rs.security.jose.jws.JwsHeaders)10 JwsJwtCompactProducer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer)10 JwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)10 NoneJwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider)10 JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)10 Calendar (java.util.Calendar)9 IOException (java.io.IOException)8 SyncopeClientException (org.apache.syncope.common.lib.SyncopeClientException)8 AccessTokenService (org.apache.syncope.common.rest.api.service.AccessTokenService)8 JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)7 SyncopeClientFactoryBean (org.apache.syncope.client.lib.SyncopeClientFactoryBean)7