use of org.forgerock.oauth2.resources.ResourceSetDescription in project OpenAM by OpenRock.
the class PolicyGraphTest method shouldCreatePolicyWhenMakingValid.
/*
Alice had removed Dave's ability to VIEW, EDIT and DELETE, so Dave's resharing
policies to Ed had been made inactive. Alice has re-granted Dave's VIEW and DELETE,
so those need to be active, while EDIT stays inactive.
*/
@Test
public void shouldCreatePolicyWhenMakingValid() throws Exception {
// Given
List<ResourceResponse> policies = excludePolicies(DAVE, ED);
policies.add(makePolicy(DAVE, ED, false, VIEW, DELETE, EDIT));
PolicyGraph graph = makePolicyGraph(policies);
graph.computeGraph();
given(resourceSetStore.read(anyString(), anyString())).willReturn(new ResourceSetDescription(RESOURCE_SET_ID, "RESOURCE_SERVER_ID", ALICE, null));
given(delegate.updatePolicies(isNull(Context.class), anySet())).willReturn(Promises.<List<ResourceResponse>, ResourceException>newResultPromise(Collections.<ResourceResponse>emptyList()));
given(delegate.createPolicies(isNull(Context.class), anySet())).willReturn(Promises.<List<ResourceResponse>, ResourceException>newResultPromise(Collections.<ResourceResponse>emptyList()));
// When
Promise<List<List<ResourceResponse>>, ResourceException> promise = graph.update(null, delegate);
// Then
AssertJPromiseAssert.assertThat(promise).succeeded();
JsonValue created = policyCreated();
assertThat(UmaPolicyUtils.getPolicyScopes(created)).containsOnly(VIEW, DELETE);
assertThat(created.get("active").asBoolean()).isTrue();
assertThat(UmaPolicyUtils.getPolicyScopes(policyUpdated())).containsOnly(EDIT);
verifyNoMoreInteractions(delegate);
}
use of org.forgerock.oauth2.resources.ResourceSetDescription in project OpenAM by OpenRock.
the class ResourceSetServiceTest method shouldGetResourceSetsWhenResourceSetsExistQueryingByOrWithPolicies.
@Test
public void shouldGetResourceSetsWhenResourceSetsExistQueryingByOrWithPolicies() throws Exception {
//Given
Context context = createContext();
String realm = "REALM";
ResourceSetWithPolicyQuery query = new ResourceSetWithPolicyQuery();
String resourceOwnerId = "RESOURCE_OWNER_ID";
boolean augmentWithPolicies = true;
QueryFilter<String> resourceSetQuery = QueryFilter.contains("name", "RS_THREE");
QueryFilter policyQuery = QueryFilter.alwaysFalse();
Set<ResourceSetDescription> queriedResourceSets = new HashSet<>();
ResourceSetDescription resourceSetOne = new ResourceSetDescription("RS_ID_ONE", "CLIENT_ID_ONE", "RESOURCE_OWNER_ID", singletonMap("name", (Object) "RS_ONE"));
ResourceSetDescription resourceSetTwo = new ResourceSetDescription("RS_ID_TWO", "CLIENT_ID_TWO", "RESOURCE_OWNER_ID", singletonMap("name", (Object) "RS_TWO"));
ResourceSetDescription resourceSetThree = new ResourceSetDescription("RS_ID_THREE", "CLIENT_ID_TWO", "RESOURCE_OWNER_ID", singletonMap("name", (Object) "RS_THREE"));
Collection<UmaPolicy> queriedPolicies = new HashSet<>();
UmaPolicy policyOne = mock(UmaPolicy.class);
UmaPolicy policyTwo = mock(UmaPolicy.class);
UmaPolicy policyThree = mock(UmaPolicy.class);
JsonValue policyOneJson = mock(JsonValue.class);
JsonValue policyTwoJson = mock(JsonValue.class);
JsonValue policyThreeJson = mock(JsonValue.class);
Pair<QueryResponse, Collection<UmaPolicy>> queriedPoliciesPair = Pair.of(newQueryResponse(), queriedPolicies);
Promise<Pair<QueryResponse, Collection<UmaPolicy>>, ResourceException> queriedPoliciesPromise = Promises.newResultPromise(queriedPoliciesPair);
Promise<UmaPolicy, ResourceException> policyOnePromise = Promises.newResultPromise(policyOne);
Promise<UmaPolicy, ResourceException> policyTwoPromise = Promises.newResultPromise(policyTwo);
mockResourceOwnerIdentity(resourceOwnerId, realm);
query.setResourceSetQuery(resourceSetQuery);
query.setPolicyQuery(policyQuery);
queriedResourceSets.add(resourceSetOne);
queriedResourceSets.add(resourceSetTwo);
queriedPolicies.add(policyOne);
queriedPolicies.add(policyThree);
given(policyOne.getId()).willReturn("RS_ID_ONE");
given(policyOne.getResourceSet()).willReturn(resourceSetOne);
given(policyTwo.getId()).willReturn("RS_ID_TWO");
given(policyTwo.getResourceSet()).willReturn(resourceSetTwo);
given(policyThree.getId()).willReturn("RS_ID_THREE");
given(policyThree.getResourceSet()).willReturn(resourceSetThree);
given(policyOne.asJson()).willReturn(policyOneJson);
given(policyTwo.asJson()).willReturn(policyTwoJson);
given(policyThree.asJson()).willReturn(policyThreeJson);
given(resourceSetStore.query(QueryFilter.and(resourceSetQuery, equalTo(ResourceSetTokenField.RESOURCE_OWNER_ID, "RESOURCE_OWNER_ID")))).willReturn(queriedResourceSets);
given(policyService.queryPolicies(eq(context), Matchers.<QueryRequest>anyObject())).willReturn(queriedPoliciesPromise);
given(resourceSetStore.read("RS_ID_ONE", resourceOwnerId)).willReturn(resourceSetOne);
given(resourceSetStore.read("RS_ID_THREE", resourceOwnerId)).willReturn(resourceSetThree);
given(policyService.readPolicy(context, "RS_ID_ONE")).willReturn(policyOnePromise);
given(policyService.readPolicy(context, "RS_ID_TWO")).willReturn(policyTwoPromise);
Entitlement entitlement = new Entitlement();
Map<String, Boolean> actionValues = new HashMap();
actionValues.put("actionValueKey", true);
entitlement.setActionValues(actionValues);
Evaluator evaluator = mock(Evaluator.class);
given(umaProviderSettings.getPolicyEvaluator(any(Subject.class), anyString())).willReturn(evaluator);
given(evaluator.evaluate(eq(realm), any(Subject.class), eq("RS_ONE"), isNull(Map.class), eq(false))).willReturn(singletonList(entitlement));
given(evaluator.evaluate(eq(realm), any(Subject.class), eq("RS_TWO"), isNull(Map.class), eq(false))).willReturn(singletonList(entitlement));
given(evaluator.evaluate(eq(realm), any(Subject.class), eq("RS_THREE"), isNull(Map.class), eq(false))).willReturn(Collections.<Entitlement>emptyList());
//When
Collection<ResourceSetDescription> resourceSets = service.getResourceSets(context, realm, query, resourceOwnerId, augmentWithPolicies).getOrThrowUninterruptibly();
//Then
assertThat(resourceSets).hasSize(2).contains(resourceSetOne, resourceSetThree);
assertThat(resourceSetOne.getPolicy()).isEqualTo(policyOneJson);
assertThat(resourceSetThree.getPolicy()).isEqualTo(policyThreeJson);
}
use of org.forgerock.oauth2.resources.ResourceSetDescription in project OpenAM by OpenRock.
the class ResourceSetServiceTest method getResourceSetsShouldReturnEmptySetWhenResourceSetsExistQueryingByAnd.
@Test
public void getResourceSetsShouldReturnEmptySetWhenResourceSetsExistQueryingByAnd() throws Exception {
//Given
Context context = createContext();
String realm = "REALM";
ResourceSetWithPolicyQuery query = new ResourceSetWithPolicyQuery();
String resourceOwnerId = "RESOURCE_OWNER_ID";
boolean augmentWithPolicies = false;
QueryFilter<String> resourceSetQuery = mock(QueryFilter.class);
QueryFilter policyQuery = QueryFilter.alwaysFalse();
Set<ResourceSetDescription> queriedResourceSets = new HashSet<>();
ResourceSetDescription resourceSetOne = new ResourceSetDescription("RS_ID_ONE", "CLIENT_ID_ONE", "RESOURCE_OWNER_ID", Collections.<String, Object>emptyMap());
ResourceSetDescription resourceSetTwo = new ResourceSetDescription("RS_ID_TWO", "CLIENT_ID_TWO", "RESOURCE_OWNER_ID", Collections.<String, Object>emptyMap());
ResourceSetDescription resourceSetThree = new ResourceSetDescription("RS_ID_THREE", "CLIENT_ID_TWO", "RESOURCE_OWNER_ID", Collections.<String, Object>emptyMap());
Collection<UmaPolicy> queriedPolicies = new HashSet<>();
UmaPolicy policyOne = mock(UmaPolicy.class);
UmaPolicy policyTwo = mock(UmaPolicy.class);
Pair<QueryResponse, Collection<UmaPolicy>> queriedPoliciesPair = Pair.of(newQueryResponse(), queriedPolicies);
Promise<Pair<QueryResponse, Collection<UmaPolicy>>, ResourceException> queriedPoliciesPromise = Promises.newResultPromise(queriedPoliciesPair);
query.setResourceSetQuery(resourceSetQuery);
query.setPolicyQuery(policyQuery);
query.setOperator(AggregateQuery.Operator.AND);
queriedResourceSets.add(resourceSetOne);
queriedResourceSets.add(resourceSetTwo);
queriedPolicies.add(policyOne);
queriedPolicies.add(policyTwo);
mockResourceOwnerIdentity(resourceOwnerId, realm);
mockFilteredResourceSetsQueryVisitor(resourceSetQuery, queriedResourceSets);
given(policyOne.getId()).willReturn("RS_ID_ONE");
given(policyOne.getResourceSet()).willReturn(resourceSetOne);
given(policyTwo.getId()).willReturn("RS_ID_THREE");
given(policyTwo.getResourceSet()).willReturn(resourceSetTwo);
given(resourceSetStore.query(resourceSetQuery)).willReturn(queriedResourceSets);
mockPolicyEvaluator("RS_CLIENT_ID");
given(policyService.queryPolicies(eq(context), Matchers.<QueryRequest>anyObject())).willReturn(queriedPoliciesPromise);
given(resourceSetStore.read("RS_ID_THREE", resourceOwnerId)).willReturn(resourceSetThree);
//When
Collection<ResourceSetDescription> resourceSets = service.getResourceSets(context, realm, query, resourceOwnerId, augmentWithPolicies).getOrThrowUninterruptibly();
//Then
assertThat(resourceSets).hasSize(1).contains(resourceSetOne);
assertThat(resourceSetOne.getPolicy()).isNull();
assertThat(resourceSetTwo.getPolicy()).isNull();
assertThat(resourceSetThree.getPolicy()).isNull();
}
use of org.forgerock.oauth2.resources.ResourceSetDescription in project OpenAM by OpenRock.
the class ResourceSetServiceTest method getResourceSetsShouldReturnSetWhenResourceSetsExistQueryingByOr.
@Test
public void getResourceSetsShouldReturnSetWhenResourceSetsExistQueryingByOr() throws Exception {
//Given
Context context = createContext();
String realm = "REALM";
ResourceSetWithPolicyQuery query = new ResourceSetWithPolicyQuery();
query.setOperator(AggregateQuery.Operator.OR);
String resourceOwnerId = "RESOURCE_OWNER_ID";
boolean augmentWithPolicies = false;
QueryFilter<String> resourceSetQuery = mock(QueryFilter.class);
QueryFilter policyQuery = QueryFilter.alwaysFalse();
Set<ResourceSetDescription> queriedResourceSets = new HashSet<>();
ResourceSetDescription resourceSetOne = new ResourceSetDescription("RS_ID_ONE", "CLIENT_ID_ONE", "RESOURCE_OWNER_ID", Collections.<String, Object>emptyMap());
ResourceSetDescription resourceSetTwo = new ResourceSetDescription("RS_ID_TWO", "CLIENT_ID_TWO", "RESOURCE_OWNER_ID", Collections.<String, Object>emptyMap());
ResourceSetDescription resourceSetThree = new ResourceSetDescription("RS_ID_THREE", "CLIENT_ID_TWO", "RESOURCE_OWNER_ID", Collections.<String, Object>emptyMap());
Collection<UmaPolicy> queriedPolicies = new HashSet<>();
UmaPolicy policyOne = mock(UmaPolicy.class);
UmaPolicy policyTwo = mock(UmaPolicy.class);
Pair<QueryResponse, Collection<UmaPolicy>> queriedPoliciesPair = Pair.of(newQueryResponse(), queriedPolicies);
Promise<Pair<QueryResponse, Collection<UmaPolicy>>, ResourceException> queriedPoliciesPromise = Promises.newResultPromise(queriedPoliciesPair);
query.setResourceSetQuery(resourceSetQuery);
query.setPolicyQuery(policyQuery);
queriedResourceSets.add(resourceSetOne);
queriedResourceSets.add(resourceSetTwo);
queriedPolicies.add(policyOne);
queriedPolicies.add(policyTwo);
mockResourceOwnerIdentity(resourceOwnerId, realm);
mockFilteredResourceSetsQueryVisitor(resourceSetQuery, queriedResourceSets);
given(policyOne.getResourceSet()).willReturn(resourceSetOne);
given(policyOne.getId()).willReturn("RS_ID_ONE");
given(policyTwo.getId()).willReturn("RS_ID_THREE");
given(policyTwo.getResourceSet()).willReturn(resourceSetTwo);
given(resourceSetStore.query(resourceSetQuery)).willReturn(queriedResourceSets);
given(policyService.queryPolicies(eq(context), Matchers.<QueryRequest>anyObject())).willReturn(queriedPoliciesPromise);
given(resourceSetStore.read("RS_ID_THREE", resourceOwnerId)).willReturn(resourceSetThree);
mockPolicyEvaluator("RS_CLIENT_ID");
//When
Collection<ResourceSetDescription> resourceSets = service.getResourceSets(context, realm, query, resourceOwnerId, augmentWithPolicies).getOrThrowUninterruptibly();
//Then
assertThat(resourceSets).hasSize(3).contains(resourceSetOne, resourceSetTwo, resourceSetThree);
assertThat(resourceSetOne.getPolicy()).isNull();
assertThat(resourceSetTwo.getPolicy()).isNull();
assertThat(resourceSetThree.getPolicy()).isNull();
}
use of org.forgerock.oauth2.resources.ResourceSetDescription in project OpenAM by OpenRock.
the class ResourceSetServiceTest method shouldRevokeAllResourceSetPolicies.
@Test
public void shouldRevokeAllResourceSetPolicies() throws Exception {
//Given
String realm = "REALM";
Context context = mockContext(realm);
String resourceOwnerId = "RESOURCE_OWNER_ID";
Set<ResourceSetDescription> queriedResourceSets = new HashSet<>();
ResourceSetDescription resourceSetOne = new ResourceSetDescription("RS_ID_ONE", "CLIENT_ID_ONE", "RESOURCE_OWNER_ID", Collections.<String, Object>emptyMap());
ResourceSetDescription resourceSetTwo = new ResourceSetDescription("RS_ID_TWO", "CLIENT_ID_TWO", "RESOURCE_OWNER_ID", Collections.<String, Object>emptyMap());
Collection<UmaPolicy> queriedPolicies = new HashSet<>();
Pair<QueryResponse, Collection<UmaPolicy>> queriedPoliciesPair = Pair.of(newQueryResponse(), queriedPolicies);
Promise<Pair<QueryResponse, Collection<UmaPolicy>>, ResourceException> queriedPoliciesPromise = Promises.newResultPromise(queriedPoliciesPair);
mockResourceOwnerIdentity(resourceOwnerId, realm);
queriedResourceSets.add(resourceSetOne);
queriedResourceSets.add(resourceSetTwo);
given(resourceSetStore.query(Matchers.<QueryFilter<String>>anyObject())).willReturn(queriedResourceSets);
given(policyService.queryPolicies(eq(context), Matchers.<QueryRequest>anyObject())).willReturn(queriedPoliciesPromise);
given(policyService.deletePolicy(context, "RS_ID_ONE")).willReturn(Promises.<Void, ResourceException>newResultPromise(null));
given(policyService.deletePolicy(context, "RS_ID_TWO")).willReturn(Promises.<Void, ResourceException>newResultPromise(null));
//When
service.revokeAllPolicies(context, realm, resourceOwnerId).getOrThrowUninterruptibly();
//Then
verify(policyService).deletePolicy(context, "RS_ID_ONE");
verify(policyService).deletePolicy(context, "RS_ID_TWO");
}
Aggregations