use of org.forgerock.oauth2.resources.ResourceSetStore in project OpenAM by OpenRock.
the class PermissionRequestEndpointTest method setup.
@BeforeMethod
@SuppressWarnings("unchecked")
public void setup() throws ServerException, InvalidGrantException, NotFoundException {
resourceSetStore = mock(ResourceSetStore.class);
OAuth2RequestFactory<?, Request> requestFactory = mock(OAuth2RequestFactory.class);
umaTokenStore = mock(UmaTokenStore.class);
OAuth2ProviderSettingsFactory providerSettingFactory = mock(OAuth2ProviderSettingsFactory.class);
OAuth2ProviderSettings providerSettings = mock(OAuth2ProviderSettings.class);
given(providerSettingFactory.get(Matchers.<OAuth2Request>anyObject())).willReturn(providerSettings);
given(providerSettings.getResourceSetStore()).willReturn(resourceSetStore);
UmaProviderSettingsFactory umaProviderSettingsFactory = mock(UmaProviderSettingsFactory.class);
UmaProviderSettings umaProviderSettings = mock(UmaProviderSettings.class);
given(umaProviderSettingsFactory.get(any(Request.class))).willReturn(umaProviderSettings);
given(umaProviderSettings.getUmaTokenStore()).willReturn(umaTokenStore);
ExtensionFilterManager extensionFilterManager = mock(ExtensionFilterManager.class);
permissionRequestFilter = mock(PermissionRequestFilter.class);
given(extensionFilterManager.getFilters(PermissionRequestFilter.class)).willReturn(Collections.singleton(permissionRequestFilter));
UmaExceptionHandler exceptionHandler = mock(UmaExceptionHandler.class);
endpoint = spy(new PermissionRequestEndpoint(providerSettingFactory, requestFactory, umaProviderSettingsFactory, extensionFilterManager, exceptionHandler, jacksonRepresentationFactory));
response = mock(Response.class);
endpoint.setResponse(response);
Request request = mock(Request.class);
given(endpoint.getRequest()).willReturn(request);
AccessToken accessToken = mock(AccessToken.class);
given(accessToken.getClientId()).willReturn("CLIENT_ID");
given(accessToken.getResourceOwnerId()).willReturn("RESOURCE_OWNER_ID");
OAuth2Request oAuth2Request = mock(OAuth2Request.class);
given(requestFactory.create(request)).willReturn(oAuth2Request);
given(oAuth2Request.getToken(AccessToken.class)).willReturn(accessToken);
}
use of org.forgerock.oauth2.resources.ResourceSetStore in project OpenAM by OpenRock.
the class AuthorizationRequestEndpoint method getResourceSet.
private ResourceSetDescription getResourceSet(String resourceSetId, OAuth2ProviderSettings providerSettings) throws UmaException {
try {
ResourceSetStore store = providerSettings.getResourceSetStore();
Set<ResourceSetDescription> results = store.query(QueryFilter.equalTo(ResourceSetTokenField.RESOURCE_SET_ID, resourceSetId));
if (results.size() != 1) {
throw new UmaException(400, "invalid_resource_set_id", "Could not fing Resource Set, " + resourceSetId);
}
return results.iterator().next();
} catch (ServerException e) {
throw new UmaException(400, "invalid_resource_set_id", e.getMessage());
}
}
use of org.forgerock.oauth2.resources.ResourceSetStore in project OpenAM by OpenRock.
the class AuthorizationRequestEndpoint method isEntitled.
private boolean isEntitled(UmaProviderSettings umaProviderSettings, OAuth2ProviderSettings oauth2ProviderSettings, PermissionTicket permissionTicket, String requestingPartyId) throws EntitlementException, ServerException, UmaException {
String realm = permissionTicket.getRealm();
String resourceSetId = permissionTicket.getResourceSetId();
String resourceName = UmaConstants.UMA_POLICY_SCHEME;
Subject resourceOwnerSubject;
try {
ResourceSetStore store = oauth2ProviderSettings.getResourceSetStore();
Set<ResourceSetDescription> results = store.query(QueryFilter.equalTo(ResourceSetTokenField.RESOURCE_SET_ID, resourceSetId));
if (results.size() != 1) {
throw new NotFoundException("Could not find Resource Set, " + resourceSetId);
}
resourceName += results.iterator().next().getId();
resourceOwnerSubject = UmaUtils.createSubject(createIdentity(results.iterator().next().getResourceOwnerId(), realm));
} catch (NotFoundException e) {
debug.message("Couldn't find resource that permission ticket is registered for", e);
throw new ServerException("Couldn't find resource that permission ticket is registered for");
}
Subject requestingPartySubject = UmaUtils.createSubject(createIdentity(requestingPartyId, realm));
beforeAuthorization(permissionTicket, requestingPartySubject, resourceOwnerSubject);
// Implicitly grant access to the resource owner
if (isRequestingPartyResourceOwner(requestingPartySubject, resourceOwnerSubject)) {
afterAuthorization(true, permissionTicket, requestingPartySubject, resourceOwnerSubject);
return true;
}
List<Entitlement> entitlements = umaProviderSettings.getPolicyEvaluator(requestingPartySubject, permissionTicket.getResourceServerClientId().toLowerCase()).evaluate(realm, requestingPartySubject, resourceName, null, false);
Set<String> requestedScopes = permissionTicket.getScopes();
Set<String> requiredScopes = new HashSet<>(requestedScopes);
for (Entitlement entitlement : entitlements) {
for (String requestedScope : requestedScopes) {
final Boolean actionValue = entitlement.getActionValue(requestedScope);
if (actionValue != null && actionValue) {
requiredScopes.remove(requestedScope);
}
}
}
boolean isAuthorized = requiredScopes.isEmpty();
afterAuthorization(isAuthorized, permissionTicket, requestingPartySubject, resourceOwnerSubject);
return isAuthorized;
}
use of org.forgerock.oauth2.resources.ResourceSetStore in project OpenAM by OpenRock.
the class UmaAuditLogger method getResourceSet.
private ResourceSetDescription getResourceSet(String resourceSetId, OAuth2ProviderSettings providerSettings) throws UmaException {
try {
ResourceSetStore store = providerSettings.getResourceSetStore();
Set<ResourceSetDescription> results = store.query(QueryFilter.equalTo(ResourceSetTokenField.RESOURCE_SET_ID, resourceSetId));
if (results.size() != 1) {
throw new UmaException(400, "invalid_resource_set_id", "Could not find Resource Set, " + resourceSetId);
}
return results.iterator().next();
} catch (org.forgerock.oauth2.core.exceptions.ServerException e) {
throw new UmaException(400, "invalid_resource_set_id", e.getMessage());
}
}
use of org.forgerock.oauth2.resources.ResourceSetStore in project OpenAM by OpenRock.
the class AuthorizationRequestEndpointTest method setup.
@BeforeMethod
@SuppressWarnings("unchecked")
public void setup() throws ServerException, InvalidGrantException, NotFoundException, EntitlementException, JSONException {
requestFactory = mock(OAuth2RequestFactory.class);
OAuth2Request oAuth2Request = mock(OAuth2Request.class);
given(requestFactory.create(any(Request.class))).willReturn(oAuth2Request);
given(oAuth2Request.getParameter("realm")).willReturn("REALM");
accessToken = mock(AccessToken.class);
oauth2TokenStore = mock(TokenStore.class);
given(oauth2TokenStore.readAccessToken(Matchers.<OAuth2Request>anyObject(), anyString())).willReturn(accessToken);
given(accessToken.getClientId()).willReturn(RS_CLIENT_ID);
given(accessToken.getResourceOwnerId()).willReturn(REQUESTING_PARTY_ID);
umaAuditLogger = mock(UmaAuditLogger.class);
umaTokenStore = mock(UmaTokenStore.class);
rpt = mock(RequestingPartyToken.class);
given(rpt.getId()).willReturn("1");
permissionTicket = mock(PermissionTicket.class);
given(permissionTicket.getExpiryTime()).willReturn(System.currentTimeMillis() + 10000);
given(permissionTicket.getResourceSetId()).willReturn(RS_ID);
given(permissionTicket.getResourceServerClientId()).willReturn(RS_CLIENT_ID);
given(permissionTicket.getRealm()).willReturn("REALM");
given(umaTokenStore.readPermissionTicket(anyString())).willReturn(permissionTicket);
given(umaTokenStore.createRPT(Matchers.<PermissionTicket>anyObject())).willReturn(rpt);
resourceSetStore = mock(ResourceSetStore.class);
ResourceSetDescription resourceSet = new ResourceSetDescription();
resourceSet.setId(RS_DESCRIPTION_ID);
resourceSet.setResourceOwnerId(RESOURCE_OWNER_ID);
given(resourceSetStore.query(QueryFilter.equalTo(ResourceSetTokenField.RESOURCE_SET_ID, RS_ID))).willReturn(Collections.singleton(resourceSet));
umaProviderSettings = mock(UmaProviderSettings.class);
policyEvaluator = mock(Evaluator.class);
given(umaProviderSettings.getPolicyEvaluator(any(Subject.class), eq(RS_CLIENT_ID.toLowerCase()))).willReturn(policyEvaluator);
given(umaProviderSettings.getUmaTokenStore()).willReturn(umaTokenStore);
umaProviderSettingsFactory = mock(UmaProviderSettingsFactory.class);
given(umaProviderSettingsFactory.get(Matchers.<Request>anyObject())).willReturn(umaProviderSettings);
given(umaProviderSettings.getUmaTokenStore()).willReturn(umaTokenStore);
OAuth2ProviderSettingsFactory oauth2ProviderSettingsFactory = mock(OAuth2ProviderSettingsFactory.class);
OAuth2ProviderSettings oauth2ProviderSettings = mock(OAuth2ProviderSettings.class);
given(oauth2ProviderSettingsFactory.get(any(OAuth2Request.class))).willReturn(oauth2ProviderSettings);
given(oauth2ProviderSettings.getResourceSetStore()).willReturn(resourceSetStore);
OAuth2UrisFactory<RealmInfo> oauth2UrisFactory = mock(OAuth2UrisFactory.class);
OAuth2Uris oauth2Uris = mock(OAuth2Uris.class);
given(oauth2UrisFactory.get(any(OAuth2Request.class))).willReturn(oauth2Uris);
given(oauth2Uris.getIssuer()).willReturn("ISSUER");
pendingRequestsService = mock(PendingRequestsService.class);
Map<String, ClaimGatherer> claimGatherers = new HashMap<>();
idTokenClaimGatherer = mock(IdTokenClaimGatherer.class);
claimGatherers.put(IdTokenClaimGatherer.FORMAT, idTokenClaimGatherer);
ExtensionFilterManager extensionFilterManager = mock(ExtensionFilterManager.class);
requestAuthorizationFilter = mock(RequestAuthorizationFilter.class);
given(extensionFilterManager.getFilters(RequestAuthorizationFilter.class)).willReturn(Collections.singletonList(requestAuthorizationFilter));
UmaExceptionHandler exceptionHandler = mock(UmaExceptionHandler.class);
endpoint = spy(new AuthorizationRequestEndpoint2(umaProviderSettingsFactory, oauth2TokenStore, requestFactory, oauth2ProviderSettingsFactory, oauth2UrisFactory, umaAuditLogger, pendingRequestsService, claimGatherers, extensionFilterManager, exceptionHandler, jacksonRepresentationFactory));
request = mock(Request.class);
given(endpoint.getRequest()).willReturn(request);
response = mock(Response.class);
endpoint.setResponse(response);
requestBody = mock(JSONObject.class);
given(requestBody.toString()).willReturn("{\"ticket\": \"016f84e8-f9b9-11e0-bd6f-0021cc6004de\"}");
entity = mock(JsonRepresentation.class);
given(entity.getJsonObject()).willReturn(requestBody);
}
Aggregations