use of org.apereo.cas.uma.ticket.resource.ResourceSetPolicyPermission in project cas by apereo.
the class JpaResourceSetRepositoryTests method verifyOperation.
@Test
public void verifyOperation() {
var r = buildTestResource();
assertTrue(umaResourceSetRepository.getAll().isEmpty());
assertFalse(umaResourceSetRepository.getById(r.getId()).isPresent());
r = umaResourceSetRepository.save(r);
assertFalse(umaResourceSetRepository.getAll().isEmpty());
assertTrue(umaResourceSetRepository.getById(r.getId()).isPresent());
val perms = new ResourceSetPolicyPermission();
perms.setSubject("casuser");
perms.setScopes(CollectionUtils.wrapHashSet("read", "write"));
perms.setClaims(new LinkedHashMap<>(CollectionUtils.wrap("givenName", "CAS")));
val policy = new ResourceSetPolicy();
policy.setPermissions(CollectionUtils.wrapHashSet(perms));
r.setOwner("UMA");
r.setPolicies(CollectionUtils.wrapHashSet(policy));
r = umaResourceSetRepository.save(r);
assertEquals("UMA", r.getOwner());
assertFalse(r.getPolicies().isEmpty());
umaResourceSetRepository.removeAll();
assertTrue(umaResourceSetRepository.getAll().isEmpty());
}
use of org.apereo.cas.uma.ticket.resource.ResourceSetPolicyPermission in project cas by apereo.
the class DefaultResourceSetRepositoryTests method verifyUpdateFails.
@Test
public void verifyUpdateFails() {
val repo = new DefaultResourceSetRepository();
val set1 = buildTestResource();
val set2 = buildTestResource();
set2.setId(0);
assertThrows(IllegalArgumentException.class, () -> repo.update(set1, set2));
set2.setId(1230);
assertThrows(IllegalArgumentException.class, () -> repo.update(set1, set2));
set1.setId(9876);
set2.setId(set1.getId());
val perm = new ResourceSetPolicyPermission().setScopes(CollectionUtils.wrapHashSet("unknown"));
val policy = new ResourceSetPolicy().setPermissions(CollectionUtils.wrapHashSet(perm));
set2.getPolicies().add(policy);
assertThrows(IllegalArgumentException.class, () -> repo.update(set1, set2));
}
use of org.apereo.cas.uma.ticket.resource.ResourceSetPolicyPermission in project cas by apereo.
the class DefaultUmaResourceSetClaimPermissionExaminerTests method verifyUnmatchedOperation.
@Test
public void verifyUnmatchedOperation() {
val ticketId = UUID.randomUUID().toString();
val permissionTicket = mock(UmaPermissionTicket.class);
when(permissionTicket.getId()).thenReturn(ticketId);
when(permissionTicket.isExpired()).thenReturn(Boolean.FALSE);
when(permissionTicket.getClaims()).thenReturn(Map.of("c1", "v1", "c2", "v2"));
when(permissionTicket.getScopes()).thenReturn(Set.of("s1", "s2", "s3"));
val id = UUID.randomUUID().toString();
val resourceSet = new ResourceSet();
resourceSet.setClientId(id);
resourceSet.setScopes(CollectionUtils.wrapHashSet("s2"));
val policy = new ResourceSetPolicy();
val permission = new ResourceSetPolicyPermission();
permission.setId(1000);
permission.setSubject("casuser");
permission.setClaims(new LinkedHashMap<>(Map.of("c10", "v10")));
permission.setScopes(CollectionUtils.wrapHashSet("s1", "s2"));
policy.setPermissions(CollectionUtils.wrapHashSet(permission));
resourceSet.setPolicies(CollectionUtils.wrapHashSet(policy));
val result = umaResourceSetClaimPermissionExaminer.examine(resourceSet, permissionTicket);
assertNotNull(result);
assertTrue(result.getDetails().containsKey(permission.getId()));
}
use of org.apereo.cas.uma.ticket.resource.ResourceSetPolicyPermission in project cas by apereo.
the class DefaultUmaResourceSetClaimPermissionExaminerTests method verifyMatchedOperation.
@Test
public void verifyMatchedOperation() {
val ticketId = UUID.randomUUID().toString();
val permissionTicket = mock(UmaPermissionTicket.class);
when(permissionTicket.getId()).thenReturn(ticketId);
when(permissionTicket.isExpired()).thenReturn(Boolean.FALSE);
when(permissionTicket.getClaims()).thenReturn(Map.of("c1", "v1"));
when(permissionTicket.getScopes()).thenReturn(Set.of("s1", "s2"));
val id = UUID.randomUUID().toString();
val resourceSet = new ResourceSet();
resourceSet.setClientId(id);
val policy = new ResourceSetPolicy();
val permission = new ResourceSetPolicyPermission();
permission.setId(1000);
permission.setSubject("casuser");
permission.setClaims(new LinkedHashMap<>(Map.of("c1", "v1")));
permission.setScopes(CollectionUtils.wrapHashSet("s1", "s2"));
policy.setPermissions(CollectionUtils.wrapHashSet(permission));
resourceSet.setPolicies(CollectionUtils.wrapHashSet(policy));
val result = umaResourceSetClaimPermissionExaminer.examine(resourceSet, permissionTicket);
assertNotNull(result);
assertFalse(result.getDetails().containsKey(permission.getId()));
}
use of org.apereo.cas.uma.ticket.resource.ResourceSetPolicyPermission in project cas by apereo.
the class UmaAuthorizationRequestEndpointControllerTests method verifyMismatchedClaims.
@Test
public void verifyMismatchedClaims() throws Exception {
val permissionTicket = getPermissionTicketWith(List.of("delete", "open"));
val results = authenticateUmaRequestWithAuthorizationScope();
val authzRequest = new UmaAuthorizationRequest().setGrantType(OAuth20GrantTypes.UMA_TICKET.getType()).setTicket(permissionTicket).toJson();
val permission = new ResourceSetPolicyPermission();
permission.getClaims().put("lastName", "Apereo");
val ticket = ticketRegistry.getTicket(permissionTicket, UmaPermissionTicket.class);
ticket.getResourceSet().getScopes().add("hello");
val resourceSetPolicy = new ResourceSetPolicy().setId(2000);
resourceSetPolicy.getPermissions().add(permission);
ticket.getResourceSet().getPolicies().add(resourceSetPolicy);
val response = umaAuthorizationRequestEndpointController.handleAuthorizationRequest(authzRequest, results.getLeft(), results.getMiddle());
assertEquals(HttpStatus.PERMANENT_REDIRECT, response.getStatusCode());
}
Aggregations