Search in sources :

Example 11 with ResourceSetDescription

use of org.forgerock.oauth2.resources.ResourceSetDescription in project OpenAM by OpenRock.

the class PolicyGraphTest method shouldCreatePolicyWhenMakingValid.

/*
      Alice had removed Dave's ability to VIEW, EDIT and DELETE, so Dave's resharing
      policies to Ed had been made inactive. Alice has re-granted Dave's VIEW and DELETE,
      so those need to be active, while EDIT stays inactive.
     */
@Test
public void shouldCreatePolicyWhenMakingValid() throws Exception {
    // Given
    List<ResourceResponse> policies = excludePolicies(DAVE, ED);
    policies.add(makePolicy(DAVE, ED, false, VIEW, DELETE, EDIT));
    PolicyGraph graph = makePolicyGraph(policies);
    graph.computeGraph();
    given(resourceSetStore.read(anyString(), anyString())).willReturn(new ResourceSetDescription(RESOURCE_SET_ID, "RESOURCE_SERVER_ID", ALICE, null));
    given(delegate.updatePolicies(isNull(Context.class), anySet())).willReturn(Promises.<List<ResourceResponse>, ResourceException>newResultPromise(Collections.<ResourceResponse>emptyList()));
    given(delegate.createPolicies(isNull(Context.class), anySet())).willReturn(Promises.<List<ResourceResponse>, ResourceException>newResultPromise(Collections.<ResourceResponse>emptyList()));
    // When
    Promise<List<List<ResourceResponse>>, ResourceException> promise = graph.update(null, delegate);
    // Then
    AssertJPromiseAssert.assertThat(promise).succeeded();
    JsonValue created = policyCreated();
    assertThat(UmaPolicyUtils.getPolicyScopes(created)).containsOnly(VIEW, DELETE);
    assertThat(created.get("active").asBoolean()).isTrue();
    assertThat(UmaPolicyUtils.getPolicyScopes(policyUpdated())).containsOnly(EDIT);
    verifyNoMoreInteractions(delegate);
}
Also used : Context(org.forgerock.services.context.Context) ResourceResponse(org.forgerock.json.resource.ResourceResponse) PolicyGraph(org.forgerock.openam.uma.rest.PolicyGraph) JsonValue(org.forgerock.json.JsonValue) ArrayList(java.util.ArrayList) List(java.util.List) ResourceException(org.forgerock.json.resource.ResourceException) ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription) Test(org.testng.annotations.Test)

Example 12 with ResourceSetDescription

use of org.forgerock.oauth2.resources.ResourceSetDescription in project OpenAM by OpenRock.

the class ResourceSetServiceTest method shouldGetResourceSetsWhenResourceSetsExistQueryingByOrWithPolicies.

@Test
public void shouldGetResourceSetsWhenResourceSetsExistQueryingByOrWithPolicies() throws Exception {
    //Given
    Context context = createContext();
    String realm = "REALM";
    ResourceSetWithPolicyQuery query = new ResourceSetWithPolicyQuery();
    String resourceOwnerId = "RESOURCE_OWNER_ID";
    boolean augmentWithPolicies = true;
    QueryFilter<String> resourceSetQuery = QueryFilter.contains("name", "RS_THREE");
    QueryFilter policyQuery = QueryFilter.alwaysFalse();
    Set<ResourceSetDescription> queriedResourceSets = new HashSet<>();
    ResourceSetDescription resourceSetOne = new ResourceSetDescription("RS_ID_ONE", "CLIENT_ID_ONE", "RESOURCE_OWNER_ID", singletonMap("name", (Object) "RS_ONE"));
    ResourceSetDescription resourceSetTwo = new ResourceSetDescription("RS_ID_TWO", "CLIENT_ID_TWO", "RESOURCE_OWNER_ID", singletonMap("name", (Object) "RS_TWO"));
    ResourceSetDescription resourceSetThree = new ResourceSetDescription("RS_ID_THREE", "CLIENT_ID_TWO", "RESOURCE_OWNER_ID", singletonMap("name", (Object) "RS_THREE"));
    Collection<UmaPolicy> queriedPolicies = new HashSet<>();
    UmaPolicy policyOne = mock(UmaPolicy.class);
    UmaPolicy policyTwo = mock(UmaPolicy.class);
    UmaPolicy policyThree = mock(UmaPolicy.class);
    JsonValue policyOneJson = mock(JsonValue.class);
    JsonValue policyTwoJson = mock(JsonValue.class);
    JsonValue policyThreeJson = mock(JsonValue.class);
    Pair<QueryResponse, Collection<UmaPolicy>> queriedPoliciesPair = Pair.of(newQueryResponse(), queriedPolicies);
    Promise<Pair<QueryResponse, Collection<UmaPolicy>>, ResourceException> queriedPoliciesPromise = Promises.newResultPromise(queriedPoliciesPair);
    Promise<UmaPolicy, ResourceException> policyOnePromise = Promises.newResultPromise(policyOne);
    Promise<UmaPolicy, ResourceException> policyTwoPromise = Promises.newResultPromise(policyTwo);
    mockResourceOwnerIdentity(resourceOwnerId, realm);
    query.setResourceSetQuery(resourceSetQuery);
    query.setPolicyQuery(policyQuery);
    queriedResourceSets.add(resourceSetOne);
    queriedResourceSets.add(resourceSetTwo);
    queriedPolicies.add(policyOne);
    queriedPolicies.add(policyThree);
    given(policyOne.getId()).willReturn("RS_ID_ONE");
    given(policyOne.getResourceSet()).willReturn(resourceSetOne);
    given(policyTwo.getId()).willReturn("RS_ID_TWO");
    given(policyTwo.getResourceSet()).willReturn(resourceSetTwo);
    given(policyThree.getId()).willReturn("RS_ID_THREE");
    given(policyThree.getResourceSet()).willReturn(resourceSetThree);
    given(policyOne.asJson()).willReturn(policyOneJson);
    given(policyTwo.asJson()).willReturn(policyTwoJson);
    given(policyThree.asJson()).willReturn(policyThreeJson);
    given(resourceSetStore.query(QueryFilter.and(resourceSetQuery, equalTo(ResourceSetTokenField.RESOURCE_OWNER_ID, "RESOURCE_OWNER_ID")))).willReturn(queriedResourceSets);
    given(policyService.queryPolicies(eq(context), Matchers.<QueryRequest>anyObject())).willReturn(queriedPoliciesPromise);
    given(resourceSetStore.read("RS_ID_ONE", resourceOwnerId)).willReturn(resourceSetOne);
    given(resourceSetStore.read("RS_ID_THREE", resourceOwnerId)).willReturn(resourceSetThree);
    given(policyService.readPolicy(context, "RS_ID_ONE")).willReturn(policyOnePromise);
    given(policyService.readPolicy(context, "RS_ID_TWO")).willReturn(policyTwoPromise);
    Entitlement entitlement = new Entitlement();
    Map<String, Boolean> actionValues = new HashMap();
    actionValues.put("actionValueKey", true);
    entitlement.setActionValues(actionValues);
    Evaluator evaluator = mock(Evaluator.class);
    given(umaProviderSettings.getPolicyEvaluator(any(Subject.class), anyString())).willReturn(evaluator);
    given(evaluator.evaluate(eq(realm), any(Subject.class), eq("RS_ONE"), isNull(Map.class), eq(false))).willReturn(singletonList(entitlement));
    given(evaluator.evaluate(eq(realm), any(Subject.class), eq("RS_TWO"), isNull(Map.class), eq(false))).willReturn(singletonList(entitlement));
    given(evaluator.evaluate(eq(realm), any(Subject.class), eq("RS_THREE"), isNull(Map.class), eq(false))).willReturn(Collections.<Entitlement>emptyList());
    //When
    Collection<ResourceSetDescription> resourceSets = service.getResourceSets(context, realm, query, resourceOwnerId, augmentWithPolicies).getOrThrowUninterruptibly();
    //Then
    assertThat(resourceSets).hasSize(2).contains(resourceSetOne, resourceSetThree);
    assertThat(resourceSetOne.getPolicy()).isEqualTo(policyOneJson);
    assertThat(resourceSetThree.getPolicy()).isEqualTo(policyThreeJson);
}
Also used : HashMap(java.util.HashMap) ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription) ResourceException(org.forgerock.json.resource.ResourceException) UmaPolicy(org.forgerock.openam.uma.UmaPolicy) HashSet(java.util.HashSet) Pair(org.forgerock.util.Pair) RootContext(org.forgerock.services.context.RootContext) RealmContext(org.forgerock.openam.rest.RealmContext) Context(org.forgerock.services.context.Context) JsonValue(org.forgerock.json.JsonValue) Evaluator(com.sun.identity.entitlement.Evaluator) Subject(javax.security.auth.Subject) QueryFilter(org.forgerock.util.query.QueryFilter) Responses.newQueryResponse(org.forgerock.json.resource.Responses.newQueryResponse) QueryResponse(org.forgerock.json.resource.QueryResponse) Collection(java.util.Collection) Entitlement(com.sun.identity.entitlement.Entitlement) HashMap(java.util.HashMap) Map(java.util.Map) Test(org.testng.annotations.Test)

Example 13 with ResourceSetDescription

use of org.forgerock.oauth2.resources.ResourceSetDescription in project OpenAM by OpenRock.

the class ResourceSetServiceTest method getResourceSetsShouldReturnEmptySetWhenResourceSetsExistQueryingByAnd.

@Test
public void getResourceSetsShouldReturnEmptySetWhenResourceSetsExistQueryingByAnd() throws Exception {
    //Given
    Context context = createContext();
    String realm = "REALM";
    ResourceSetWithPolicyQuery query = new ResourceSetWithPolicyQuery();
    String resourceOwnerId = "RESOURCE_OWNER_ID";
    boolean augmentWithPolicies = false;
    QueryFilter<String> resourceSetQuery = mock(QueryFilter.class);
    QueryFilter policyQuery = QueryFilter.alwaysFalse();
    Set<ResourceSetDescription> queriedResourceSets = new HashSet<>();
    ResourceSetDescription resourceSetOne = new ResourceSetDescription("RS_ID_ONE", "CLIENT_ID_ONE", "RESOURCE_OWNER_ID", Collections.<String, Object>emptyMap());
    ResourceSetDescription resourceSetTwo = new ResourceSetDescription("RS_ID_TWO", "CLIENT_ID_TWO", "RESOURCE_OWNER_ID", Collections.<String, Object>emptyMap());
    ResourceSetDescription resourceSetThree = new ResourceSetDescription("RS_ID_THREE", "CLIENT_ID_TWO", "RESOURCE_OWNER_ID", Collections.<String, Object>emptyMap());
    Collection<UmaPolicy> queriedPolicies = new HashSet<>();
    UmaPolicy policyOne = mock(UmaPolicy.class);
    UmaPolicy policyTwo = mock(UmaPolicy.class);
    Pair<QueryResponse, Collection<UmaPolicy>> queriedPoliciesPair = Pair.of(newQueryResponse(), queriedPolicies);
    Promise<Pair<QueryResponse, Collection<UmaPolicy>>, ResourceException> queriedPoliciesPromise = Promises.newResultPromise(queriedPoliciesPair);
    query.setResourceSetQuery(resourceSetQuery);
    query.setPolicyQuery(policyQuery);
    query.setOperator(AggregateQuery.Operator.AND);
    queriedResourceSets.add(resourceSetOne);
    queriedResourceSets.add(resourceSetTwo);
    queriedPolicies.add(policyOne);
    queriedPolicies.add(policyTwo);
    mockResourceOwnerIdentity(resourceOwnerId, realm);
    mockFilteredResourceSetsQueryVisitor(resourceSetQuery, queriedResourceSets);
    given(policyOne.getId()).willReturn("RS_ID_ONE");
    given(policyOne.getResourceSet()).willReturn(resourceSetOne);
    given(policyTwo.getId()).willReturn("RS_ID_THREE");
    given(policyTwo.getResourceSet()).willReturn(resourceSetTwo);
    given(resourceSetStore.query(resourceSetQuery)).willReturn(queriedResourceSets);
    mockPolicyEvaluator("RS_CLIENT_ID");
    given(policyService.queryPolicies(eq(context), Matchers.<QueryRequest>anyObject())).willReturn(queriedPoliciesPromise);
    given(resourceSetStore.read("RS_ID_THREE", resourceOwnerId)).willReturn(resourceSetThree);
    //When
    Collection<ResourceSetDescription> resourceSets = service.getResourceSets(context, realm, query, resourceOwnerId, augmentWithPolicies).getOrThrowUninterruptibly();
    //Then
    assertThat(resourceSets).hasSize(1).contains(resourceSetOne);
    assertThat(resourceSetOne.getPolicy()).isNull();
    assertThat(resourceSetTwo.getPolicy()).isNull();
    assertThat(resourceSetThree.getPolicy()).isNull();
}
Also used : RootContext(org.forgerock.services.context.RootContext) RealmContext(org.forgerock.openam.rest.RealmContext) Context(org.forgerock.services.context.Context) ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription) QueryFilter(org.forgerock.util.query.QueryFilter) Responses.newQueryResponse(org.forgerock.json.resource.Responses.newQueryResponse) QueryResponse(org.forgerock.json.resource.QueryResponse) Collection(java.util.Collection) ResourceException(org.forgerock.json.resource.ResourceException) UmaPolicy(org.forgerock.openam.uma.UmaPolicy) HashSet(java.util.HashSet) Pair(org.forgerock.util.Pair) Test(org.testng.annotations.Test)

Example 14 with ResourceSetDescription

use of org.forgerock.oauth2.resources.ResourceSetDescription in project OpenAM by OpenRock.

the class ResourceSetServiceTest method getResourceSetsShouldReturnSetWhenResourceSetsExistQueryingByOr.

@Test
public void getResourceSetsShouldReturnSetWhenResourceSetsExistQueryingByOr() throws Exception {
    //Given
    Context context = createContext();
    String realm = "REALM";
    ResourceSetWithPolicyQuery query = new ResourceSetWithPolicyQuery();
    query.setOperator(AggregateQuery.Operator.OR);
    String resourceOwnerId = "RESOURCE_OWNER_ID";
    boolean augmentWithPolicies = false;
    QueryFilter<String> resourceSetQuery = mock(QueryFilter.class);
    QueryFilter policyQuery = QueryFilter.alwaysFalse();
    Set<ResourceSetDescription> queriedResourceSets = new HashSet<>();
    ResourceSetDescription resourceSetOne = new ResourceSetDescription("RS_ID_ONE", "CLIENT_ID_ONE", "RESOURCE_OWNER_ID", Collections.<String, Object>emptyMap());
    ResourceSetDescription resourceSetTwo = new ResourceSetDescription("RS_ID_TWO", "CLIENT_ID_TWO", "RESOURCE_OWNER_ID", Collections.<String, Object>emptyMap());
    ResourceSetDescription resourceSetThree = new ResourceSetDescription("RS_ID_THREE", "CLIENT_ID_TWO", "RESOURCE_OWNER_ID", Collections.<String, Object>emptyMap());
    Collection<UmaPolicy> queriedPolicies = new HashSet<>();
    UmaPolicy policyOne = mock(UmaPolicy.class);
    UmaPolicy policyTwo = mock(UmaPolicy.class);
    Pair<QueryResponse, Collection<UmaPolicy>> queriedPoliciesPair = Pair.of(newQueryResponse(), queriedPolicies);
    Promise<Pair<QueryResponse, Collection<UmaPolicy>>, ResourceException> queriedPoliciesPromise = Promises.newResultPromise(queriedPoliciesPair);
    query.setResourceSetQuery(resourceSetQuery);
    query.setPolicyQuery(policyQuery);
    queriedResourceSets.add(resourceSetOne);
    queriedResourceSets.add(resourceSetTwo);
    queriedPolicies.add(policyOne);
    queriedPolicies.add(policyTwo);
    mockResourceOwnerIdentity(resourceOwnerId, realm);
    mockFilteredResourceSetsQueryVisitor(resourceSetQuery, queriedResourceSets);
    given(policyOne.getResourceSet()).willReturn(resourceSetOne);
    given(policyOne.getId()).willReturn("RS_ID_ONE");
    given(policyTwo.getId()).willReturn("RS_ID_THREE");
    given(policyTwo.getResourceSet()).willReturn(resourceSetTwo);
    given(resourceSetStore.query(resourceSetQuery)).willReturn(queriedResourceSets);
    given(policyService.queryPolicies(eq(context), Matchers.<QueryRequest>anyObject())).willReturn(queriedPoliciesPromise);
    given(resourceSetStore.read("RS_ID_THREE", resourceOwnerId)).willReturn(resourceSetThree);
    mockPolicyEvaluator("RS_CLIENT_ID");
    //When
    Collection<ResourceSetDescription> resourceSets = service.getResourceSets(context, realm, query, resourceOwnerId, augmentWithPolicies).getOrThrowUninterruptibly();
    //Then
    assertThat(resourceSets).hasSize(3).contains(resourceSetOne, resourceSetTwo, resourceSetThree);
    assertThat(resourceSetOne.getPolicy()).isNull();
    assertThat(resourceSetTwo.getPolicy()).isNull();
    assertThat(resourceSetThree.getPolicy()).isNull();
}
Also used : RootContext(org.forgerock.services.context.RootContext) RealmContext(org.forgerock.openam.rest.RealmContext) Context(org.forgerock.services.context.Context) ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription) QueryFilter(org.forgerock.util.query.QueryFilter) Responses.newQueryResponse(org.forgerock.json.resource.Responses.newQueryResponse) QueryResponse(org.forgerock.json.resource.QueryResponse) Collection(java.util.Collection) ResourceException(org.forgerock.json.resource.ResourceException) UmaPolicy(org.forgerock.openam.uma.UmaPolicy) HashSet(java.util.HashSet) Pair(org.forgerock.util.Pair) Test(org.testng.annotations.Test)

Example 15 with ResourceSetDescription

use of org.forgerock.oauth2.resources.ResourceSetDescription in project OpenAM by OpenRock.

the class ResourceSetServiceTest method shouldRevokeAllResourceSetPolicies.

@Test
public void shouldRevokeAllResourceSetPolicies() throws Exception {
    //Given
    String realm = "REALM";
    Context context = mockContext(realm);
    String resourceOwnerId = "RESOURCE_OWNER_ID";
    Set<ResourceSetDescription> queriedResourceSets = new HashSet<>();
    ResourceSetDescription resourceSetOne = new ResourceSetDescription("RS_ID_ONE", "CLIENT_ID_ONE", "RESOURCE_OWNER_ID", Collections.<String, Object>emptyMap());
    ResourceSetDescription resourceSetTwo = new ResourceSetDescription("RS_ID_TWO", "CLIENT_ID_TWO", "RESOURCE_OWNER_ID", Collections.<String, Object>emptyMap());
    Collection<UmaPolicy> queriedPolicies = new HashSet<>();
    Pair<QueryResponse, Collection<UmaPolicy>> queriedPoliciesPair = Pair.of(newQueryResponse(), queriedPolicies);
    Promise<Pair<QueryResponse, Collection<UmaPolicy>>, ResourceException> queriedPoliciesPromise = Promises.newResultPromise(queriedPoliciesPair);
    mockResourceOwnerIdentity(resourceOwnerId, realm);
    queriedResourceSets.add(resourceSetOne);
    queriedResourceSets.add(resourceSetTwo);
    given(resourceSetStore.query(Matchers.<QueryFilter<String>>anyObject())).willReturn(queriedResourceSets);
    given(policyService.queryPolicies(eq(context), Matchers.<QueryRequest>anyObject())).willReturn(queriedPoliciesPromise);
    given(policyService.deletePolicy(context, "RS_ID_ONE")).willReturn(Promises.<Void, ResourceException>newResultPromise(null));
    given(policyService.deletePolicy(context, "RS_ID_TWO")).willReturn(Promises.<Void, ResourceException>newResultPromise(null));
    //When
    service.revokeAllPolicies(context, realm, resourceOwnerId).getOrThrowUninterruptibly();
    //Then
    verify(policyService).deletePolicy(context, "RS_ID_ONE");
    verify(policyService).deletePolicy(context, "RS_ID_TWO");
}
Also used : RootContext(org.forgerock.services.context.RootContext) RealmContext(org.forgerock.openam.rest.RealmContext) Context(org.forgerock.services.context.Context) ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription) Responses.newQueryResponse(org.forgerock.json.resource.Responses.newQueryResponse) QueryResponse(org.forgerock.json.resource.QueryResponse) Collection(java.util.Collection) ResourceException(org.forgerock.json.resource.ResourceException) UmaPolicy(org.forgerock.openam.uma.UmaPolicy) HashSet(java.util.HashSet) Pair(org.forgerock.util.Pair) Test(org.testng.annotations.Test)

Aggregations

ResourceSetDescription (org.forgerock.oauth2.resources.ResourceSetDescription)59 Test (org.testng.annotations.Test)33 ResourceException (org.forgerock.json.resource.ResourceException)19 HashSet (java.util.HashSet)15 UmaPolicy (org.forgerock.openam.uma.UmaPolicy)15 Context (org.forgerock.services.context.Context)14 JsonValue (org.forgerock.json.JsonValue)12 QueryResponse (org.forgerock.json.resource.QueryResponse)12 Collection (java.util.Collection)11 ResourceSetStore (org.forgerock.oauth2.resources.ResourceSetStore)11 RealmContext (org.forgerock.openam.rest.RealmContext)11 HashMap (java.util.HashMap)10 Responses.newQueryResponse (org.forgerock.json.resource.Responses.newQueryResponse)10 RootContext (org.forgerock.services.context.RootContext)10 Pair (org.forgerock.util.Pair)10 ServerException (org.forgerock.oauth2.core.exceptions.ServerException)9 QueryFilter (org.forgerock.util.query.QueryFilter)9 JsonRepresentation (org.restlet.ext.json.JsonRepresentation)9 List (java.util.List)8 ResourceSetLabel (org.forgerock.openam.oauth2.resources.labels.ResourceSetLabel)8