Examples with Approval org.cloudfoundry.identity.uaa.approval.Approval used on opensource projects

Search in sources :

Example 11 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class ClientAdminEndpointsIntegrationTests method testClientTxApprovalsDeleted.

@Test
public void testClientTxApprovalsDeleted() throws Exception {
    // create client
    BaseClientDetails client = createClient("client_credentials", "password");
    assertNotNull(getClient(client.getClientId()));
    // issue a user token for this client
    OAuth2AccessToken userToken = getUserAccessToken(client.getClientId(), "secret", testAccounts.getUserName(), testAccounts.getPassword(), "oauth.approvals");
    // make sure we don't have any approvals
    Approval[] approvals = getApprovals(userToken.getValue(), client.getClientId());
    Assert.assertEquals(0, approvals.length);
    // create three approvals
    addApprovals(userToken.getValue(), client.getClientId());
    approvals = getApprovals(userToken.getValue(), client.getClientId());
    Assert.assertEquals(3, approvals.length);
    // delete the client
    ResponseEntity<Void> result = serverRunning.getRestTemplate().exchange(serverRunning.getUrl("/oauth/clients/tx/delete"), HttpMethod.POST, new HttpEntity<BaseClientDetails[]>(new BaseClientDetails[] { client }, getAuthenticatedHeaders(getClientCredentialsAccessToken("clients.admin"))), Void.class);
    assertEquals(HttpStatus.OK, result.getStatusCode());
    // create a client that can read another clients approvals
    String deletedClientId = client.getClientId();
    client = createApprovalsClient("password");
    userToken = getUserAccessToken(client.getClientId(), "secret", testAccounts.getUserName(), testAccounts.getPassword(), "oauth.approvals");
    // make sure we don't have any approvals
    approvals = getApprovals(userToken.getValue(), deletedClientId);
    Assert.assertEquals(0, approvals.length);
    assertNull(getClient(deletedClientId));
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) Approval(org.cloudfoundry.identity.uaa.approval.Approval) Test(org.junit.Test)

Example 12 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class ClientAdminEndpointsIntegrationTests method testClientTxModifyApprovalsDeleted.

@Test
public void testClientTxModifyApprovalsDeleted() throws Exception {
    // create client
    ClientDetailsModification client = createClient("client_credentials", "password");
    assertNotNull(getClient(client.getClientId()));
    // issue a user token for this client
    OAuth2AccessToken userToken = getUserAccessToken(client.getClientId(), "secret", testAccounts.getUserName(), testAccounts.getPassword(), "oauth.approvals");
    // make sure we don't have any approvals
    Approval[] approvals = getApprovals(userToken.getValue(), client.getClientId());
    Assert.assertEquals(0, approvals.length);
    // create three approvals
    addApprovals(userToken.getValue(), client.getClientId());
    approvals = getApprovals(userToken.getValue(), client.getClientId());
    Assert.assertEquals(3, approvals.length);
    // delete the client
    client.setAction(ClientDetailsModification.DELETE);
    ResponseEntity<Void> result = serverRunning.getRestTemplate().exchange(serverRunning.getUrl("/oauth/clients/tx/modify"), HttpMethod.POST, new HttpEntity<BaseClientDetails[]>(new BaseClientDetails[] { client }, getAuthenticatedHeaders(getClientCredentialsAccessToken("clients.admin"))), Void.class);
    assertEquals(HttpStatus.OK, result.getStatusCode());
    // create a client that can read another clients approvals
    String deletedClientId = client.getClientId();
    client = createApprovalsClient("password");
    userToken = getUserAccessToken(client.getClientId(), "secret", testAccounts.getUserName(), testAccounts.getPassword(), "oauth.approvals");
    // make sure we don't have any approvals
    approvals = getApprovals(userToken.getValue(), deletedClientId);
    Assert.assertEquals(0, approvals.length);
    assertNull(getClient(deletedClientId));
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) Approval(org.cloudfoundry.identity.uaa.approval.Approval) ClientDetailsModification(org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification) Test(org.junit.Test)

Example 13 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class ScimUserEndpoints method createUser.

@RequestMapping(value = "/Users", method = RequestMethod.POST)
@ResponseStatus(HttpStatus.CREATED)
@ResponseBody
public ScimUser createUser(@RequestBody ScimUser user, HttpServletRequest request, HttpServletResponse response) {
    // default to UAA origin
    if (isEmpty(user.getOrigin())) {
        user.setOrigin(OriginKeys.UAA);
    }
    throwWhenUserManagementIsDisallowed(user.getOrigin(), request);
    ScimUtils.validate(user);
    if (!isUaaUser(user)) {
        // set a default password, "" for non UAA users.
        user.setPassword("");
    } else {
        // only validate for UAA users
        List<IdentityProvider> idpsForEmailDomain = DomainFilter.getIdpsForEmailDomain(identityProviderProvisioning.retrieveActive(identityZoneManager.getCurrentIdentityZoneId()), user.getEmails().get(0).getValue());
        idpsForEmailDomain = idpsForEmailDomain.stream().filter(idp -> !idp.getOriginKey().equals(OriginKeys.UAA)).collect(Collectors.toList());
        if (!idpsForEmailDomain.isEmpty()) {
            List<String> idpOrigins = idpsForEmailDomain.stream().map(IdentityProvider::getOriginKey).collect(Collectors.toList());
            throw new ScimException(String.format("The user account is set up for single sign-on. Please use one of these origin(s) : %s", idpOrigins.toString()), HttpStatus.BAD_REQUEST);
        }
        passwordValidator.validate(user.getPassword());
    }
    ScimUser scimUser = scimUserProvisioning.createUser(user, user.getPassword(), identityZoneManager.getCurrentIdentityZoneId());
    if (user.getApprovals() != null) {
        for (Approval approval : user.getApprovals()) {
            approval.setUserId(scimUser.getId());
            approvalStore.addApproval(approval, identityZoneManager.getCurrentIdentityZoneId());
        }
    }
    scimUser = syncApprovals(syncGroups(scimUser));
    addETagHeader(response, scimUser);
    return scimUser;
}
Also used : ScimUser(org.cloudfoundry.identity.uaa.scim.ScimUser) ScimException(org.cloudfoundry.identity.uaa.scim.exception.ScimException) IdentityProvider(org.cloudfoundry.identity.uaa.provider.IdentityProvider) Approval(org.cloudfoundry.identity.uaa.approval.Approval) ResponseStatus(org.springframework.web.bind.annotation.ResponseStatus) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) ResponseBody(org.springframework.web.bind.annotation.ResponseBody)

Example 14 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class ScimUserEndpoints method syncApprovals.

private ScimUser syncApprovals(ScimUser user) {
    if (user == null || approvalStore == null) {
        return user;
    }
    Set<Approval> approvals = new HashSet<>(approvalStore.getApprovalsForUser(user.getId(), identityZoneManager.getCurrentIdentityZoneId()));
    Set<Approval> active = new HashSet<>(approvals);
    for (Approval approval : approvals) {
        if (!approval.isActiveAsOf(new Date())) {
            active.remove(approval);
        }
    }
    user.setApprovals(active);
    return user;
}
Also used : Approval(org.cloudfoundry.identity.uaa.approval.Approval) Date(java.util.Date) HashSet(java.util.HashSet)

Example 15 with Approval

use of org.cloudfoundry.identity.uaa.approval.Approval in project uaa by cloudfoundry.

the class ApprovalsAdminEndpointsTests method attemptingToCreateDuplicateApprovalsExtendsValidity.

@Test
void attemptingToCreateDuplicateApprovalsExtendsValidity() {
    addApproval(marissa.getId(), "uaa.user", 6000, APPROVED);
    addApproval(marissa.getId(), "uaa.admin", 12000, DENIED);
    addApproval(marissa.getId(), "openid", 6000, APPROVED);
    addApproval(marissa.getId(), "openid", 10000, APPROVED);
    List<Approval> updatedApprovals = endpoints.getApprovals(userIdFilter(marissa.getId()), 1, 100);
    assertEquals(3, updatedApprovals.size());
    assertTrue(updatedApprovals.contains(new Approval().setUserId(marissa.getId()).setClientId("c1").setScope("uaa.user").setExpiresAt(Approval.timeFromNow(6000)).setStatus(APPROVED)));
    assertTrue(updatedApprovals.contains(new Approval().setUserId(marissa.getId()).setClientId("c1").setScope("uaa.admin").setExpiresAt(Approval.timeFromNow(12000)).setStatus(DENIED)));
    assertTrue(updatedApprovals.contains(new Approval().setUserId(marissa.getId()).setClientId("c1").setScope("openid").setExpiresAt(Approval.timeFromNow(10000)).setStatus(APPROVED)));
}
Also used : Approval(org.cloudfoundry.identity.uaa.approval.Approval) Test(org.junit.jupiter.api.Test)

Aggregations

Approval (org.cloudfoundry.identity.uaa.approval.Approval)80 Test (org.junit.jupiter.api.Test)34 AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)29 Date (java.util.Date)26 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)21 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)19 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)18 Authentication (org.springframework.security.core.Authentication)17 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)17 IsEmptyString.isEmptyString (org.hamcrest.text.IsEmptyString.isEmptyString)16 Test (org.junit.Test)16 ApprovalStore (org.cloudfoundry.identity.uaa.approval.ApprovalStore)7 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)6 ClientDetailsModification (org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification)5 ScimUser (org.cloudfoundry.identity.uaa.scim.ScimUser)5 ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)5 ArrayList (java.util.ArrayList)4 ClientDetailsHelper.arrayFromString (org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.arrayFromString)4 ClientDetailsHelper.clientArrayFromString (org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientArrayFromString)4 ClientDetailsHelper.clientFromString (org.cloudfoundry.identity.uaa.mock.util.ClientDetailsHelper.clientFromString)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial