Search in sources :

Example 6 with ResourceSetStore

use of org.forgerock.oauth2.resources.ResourceSetStore in project OpenAM by OpenRock.

the class PermissionRequestEndpointTest method setup.

@BeforeMethod
@SuppressWarnings("unchecked")
public void setup() throws ServerException, InvalidGrantException, NotFoundException {
    resourceSetStore = mock(ResourceSetStore.class);
    OAuth2RequestFactory<?, Request> requestFactory = mock(OAuth2RequestFactory.class);
    umaTokenStore = mock(UmaTokenStore.class);
    OAuth2ProviderSettingsFactory providerSettingFactory = mock(OAuth2ProviderSettingsFactory.class);
    OAuth2ProviderSettings providerSettings = mock(OAuth2ProviderSettings.class);
    given(providerSettingFactory.get(Matchers.<OAuth2Request>anyObject())).willReturn(providerSettings);
    given(providerSettings.getResourceSetStore()).willReturn(resourceSetStore);
    UmaProviderSettingsFactory umaProviderSettingsFactory = mock(UmaProviderSettingsFactory.class);
    UmaProviderSettings umaProviderSettings = mock(UmaProviderSettings.class);
    given(umaProviderSettingsFactory.get(any(Request.class))).willReturn(umaProviderSettings);
    given(umaProviderSettings.getUmaTokenStore()).willReturn(umaTokenStore);
    ExtensionFilterManager extensionFilterManager = mock(ExtensionFilterManager.class);
    permissionRequestFilter = mock(PermissionRequestFilter.class);
    given(extensionFilterManager.getFilters(PermissionRequestFilter.class)).willReturn(Collections.singleton(permissionRequestFilter));
    UmaExceptionHandler exceptionHandler = mock(UmaExceptionHandler.class);
    endpoint = spy(new PermissionRequestEndpoint(providerSettingFactory, requestFactory, umaProviderSettingsFactory, extensionFilterManager, exceptionHandler, jacksonRepresentationFactory));
    response = mock(Response.class);
    endpoint.setResponse(response);
    Request request = mock(Request.class);
    given(endpoint.getRequest()).willReturn(request);
    AccessToken accessToken = mock(AccessToken.class);
    given(accessToken.getClientId()).willReturn("CLIENT_ID");
    given(accessToken.getResourceOwnerId()).willReturn("RESOURCE_OWNER_ID");
    OAuth2Request oAuth2Request = mock(OAuth2Request.class);
    given(requestFactory.create(request)).willReturn(oAuth2Request);
    given(oAuth2Request.getToken(AccessToken.class)).willReturn(accessToken);
}
Also used : PermissionRequestFilter(org.forgerock.openam.uma.extensions.PermissionRequestFilter) Request(org.restlet.Request) OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) Response(org.restlet.Response) OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) OAuth2ProviderSettingsFactory(org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory) ResourceSetStore(org.forgerock.oauth2.resources.ResourceSetStore) AccessToken(org.forgerock.oauth2.core.AccessToken) OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings) ExtensionFilterManager(org.forgerock.openam.oauth2.extensions.ExtensionFilterManager) BeforeMethod(org.testng.annotations.BeforeMethod)

Example 7 with ResourceSetStore

use of org.forgerock.oauth2.resources.ResourceSetStore in project OpenAM by OpenRock.

the class AuthorizationRequestEndpoint method getResourceSet.

private ResourceSetDescription getResourceSet(String resourceSetId, OAuth2ProviderSettings providerSettings) throws UmaException {
    try {
        ResourceSetStore store = providerSettings.getResourceSetStore();
        Set<ResourceSetDescription> results = store.query(QueryFilter.equalTo(ResourceSetTokenField.RESOURCE_SET_ID, resourceSetId));
        if (results.size() != 1) {
            throw new UmaException(400, "invalid_resource_set_id", "Could not fing Resource Set, " + resourceSetId);
        }
        return results.iterator().next();
    } catch (ServerException e) {
        throw new UmaException(400, "invalid_resource_set_id", e.getMessage());
    }
}
Also used : ServerException(org.forgerock.oauth2.core.exceptions.ServerException) ResourceSetStore(org.forgerock.oauth2.resources.ResourceSetStore) ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription)

Example 8 with ResourceSetStore

use of org.forgerock.oauth2.resources.ResourceSetStore in project OpenAM by OpenRock.

the class AuthorizationRequestEndpoint method isEntitled.

private boolean isEntitled(UmaProviderSettings umaProviderSettings, OAuth2ProviderSettings oauth2ProviderSettings, PermissionTicket permissionTicket, String requestingPartyId) throws EntitlementException, ServerException, UmaException {
    String realm = permissionTicket.getRealm();
    String resourceSetId = permissionTicket.getResourceSetId();
    String resourceName = UmaConstants.UMA_POLICY_SCHEME;
    Subject resourceOwnerSubject;
    try {
        ResourceSetStore store = oauth2ProviderSettings.getResourceSetStore();
        Set<ResourceSetDescription> results = store.query(QueryFilter.equalTo(ResourceSetTokenField.RESOURCE_SET_ID, resourceSetId));
        if (results.size() != 1) {
            throw new NotFoundException("Could not find Resource Set, " + resourceSetId);
        }
        resourceName += results.iterator().next().getId();
        resourceOwnerSubject = UmaUtils.createSubject(createIdentity(results.iterator().next().getResourceOwnerId(), realm));
    } catch (NotFoundException e) {
        debug.message("Couldn't find resource that permission ticket is registered for", e);
        throw new ServerException("Couldn't find resource that permission ticket is registered for");
    }
    Subject requestingPartySubject = UmaUtils.createSubject(createIdentity(requestingPartyId, realm));
    beforeAuthorization(permissionTicket, requestingPartySubject, resourceOwnerSubject);
    // Implicitly grant access to the resource owner
    if (isRequestingPartyResourceOwner(requestingPartySubject, resourceOwnerSubject)) {
        afterAuthorization(true, permissionTicket, requestingPartySubject, resourceOwnerSubject);
        return true;
    }
    List<Entitlement> entitlements = umaProviderSettings.getPolicyEvaluator(requestingPartySubject, permissionTicket.getResourceServerClientId().toLowerCase()).evaluate(realm, requestingPartySubject, resourceName, null, false);
    Set<String> requestedScopes = permissionTicket.getScopes();
    Set<String> requiredScopes = new HashSet<>(requestedScopes);
    for (Entitlement entitlement : entitlements) {
        for (String requestedScope : requestedScopes) {
            final Boolean actionValue = entitlement.getActionValue(requestedScope);
            if (actionValue != null && actionValue) {
                requiredScopes.remove(requestedScope);
            }
        }
    }
    boolean isAuthorized = requiredScopes.isEmpty();
    afterAuthorization(isAuthorized, permissionTicket, requestingPartySubject, resourceOwnerSubject);
    return isAuthorized;
}
Also used : ServerException(org.forgerock.oauth2.core.exceptions.ServerException) NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException) ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription) Subject(javax.security.auth.Subject) ResourceSetStore(org.forgerock.oauth2.resources.ResourceSetStore) Entitlement(com.sun.identity.entitlement.Entitlement) HashSet(java.util.HashSet)

Example 9 with ResourceSetStore

use of org.forgerock.oauth2.resources.ResourceSetStore in project OpenAM by OpenRock.

the class UmaAuditLogger method getResourceSet.

private ResourceSetDescription getResourceSet(String resourceSetId, OAuth2ProviderSettings providerSettings) throws UmaException {
    try {
        ResourceSetStore store = providerSettings.getResourceSetStore();
        Set<ResourceSetDescription> results = store.query(QueryFilter.equalTo(ResourceSetTokenField.RESOURCE_SET_ID, resourceSetId));
        if (results.size() != 1) {
            throw new UmaException(400, "invalid_resource_set_id", "Could not find Resource Set, " + resourceSetId);
        }
        return results.iterator().next();
    } catch (org.forgerock.oauth2.core.exceptions.ServerException e) {
        throw new UmaException(400, "invalid_resource_set_id", e.getMessage());
    }
}
Also used : ResourceSetStore(org.forgerock.oauth2.resources.ResourceSetStore) UmaException(org.forgerock.openam.uma.UmaException) ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription)

Example 10 with ResourceSetStore

use of org.forgerock.oauth2.resources.ResourceSetStore in project OpenAM by OpenRock.

the class AuthorizationRequestEndpointTest method setup.

@BeforeMethod
@SuppressWarnings("unchecked")
public void setup() throws ServerException, InvalidGrantException, NotFoundException, EntitlementException, JSONException {
    requestFactory = mock(OAuth2RequestFactory.class);
    OAuth2Request oAuth2Request = mock(OAuth2Request.class);
    given(requestFactory.create(any(Request.class))).willReturn(oAuth2Request);
    given(oAuth2Request.getParameter("realm")).willReturn("REALM");
    accessToken = mock(AccessToken.class);
    oauth2TokenStore = mock(TokenStore.class);
    given(oauth2TokenStore.readAccessToken(Matchers.<OAuth2Request>anyObject(), anyString())).willReturn(accessToken);
    given(accessToken.getClientId()).willReturn(RS_CLIENT_ID);
    given(accessToken.getResourceOwnerId()).willReturn(REQUESTING_PARTY_ID);
    umaAuditLogger = mock(UmaAuditLogger.class);
    umaTokenStore = mock(UmaTokenStore.class);
    rpt = mock(RequestingPartyToken.class);
    given(rpt.getId()).willReturn("1");
    permissionTicket = mock(PermissionTicket.class);
    given(permissionTicket.getExpiryTime()).willReturn(System.currentTimeMillis() + 10000);
    given(permissionTicket.getResourceSetId()).willReturn(RS_ID);
    given(permissionTicket.getResourceServerClientId()).willReturn(RS_CLIENT_ID);
    given(permissionTicket.getRealm()).willReturn("REALM");
    given(umaTokenStore.readPermissionTicket(anyString())).willReturn(permissionTicket);
    given(umaTokenStore.createRPT(Matchers.<PermissionTicket>anyObject())).willReturn(rpt);
    resourceSetStore = mock(ResourceSetStore.class);
    ResourceSetDescription resourceSet = new ResourceSetDescription();
    resourceSet.setId(RS_DESCRIPTION_ID);
    resourceSet.setResourceOwnerId(RESOURCE_OWNER_ID);
    given(resourceSetStore.query(QueryFilter.equalTo(ResourceSetTokenField.RESOURCE_SET_ID, RS_ID))).willReturn(Collections.singleton(resourceSet));
    umaProviderSettings = mock(UmaProviderSettings.class);
    policyEvaluator = mock(Evaluator.class);
    given(umaProviderSettings.getPolicyEvaluator(any(Subject.class), eq(RS_CLIENT_ID.toLowerCase()))).willReturn(policyEvaluator);
    given(umaProviderSettings.getUmaTokenStore()).willReturn(umaTokenStore);
    umaProviderSettingsFactory = mock(UmaProviderSettingsFactory.class);
    given(umaProviderSettingsFactory.get(Matchers.<Request>anyObject())).willReturn(umaProviderSettings);
    given(umaProviderSettings.getUmaTokenStore()).willReturn(umaTokenStore);
    OAuth2ProviderSettingsFactory oauth2ProviderSettingsFactory = mock(OAuth2ProviderSettingsFactory.class);
    OAuth2ProviderSettings oauth2ProviderSettings = mock(OAuth2ProviderSettings.class);
    given(oauth2ProviderSettingsFactory.get(any(OAuth2Request.class))).willReturn(oauth2ProviderSettings);
    given(oauth2ProviderSettings.getResourceSetStore()).willReturn(resourceSetStore);
    OAuth2UrisFactory<RealmInfo> oauth2UrisFactory = mock(OAuth2UrisFactory.class);
    OAuth2Uris oauth2Uris = mock(OAuth2Uris.class);
    given(oauth2UrisFactory.get(any(OAuth2Request.class))).willReturn(oauth2Uris);
    given(oauth2Uris.getIssuer()).willReturn("ISSUER");
    pendingRequestsService = mock(PendingRequestsService.class);
    Map<String, ClaimGatherer> claimGatherers = new HashMap<>();
    idTokenClaimGatherer = mock(IdTokenClaimGatherer.class);
    claimGatherers.put(IdTokenClaimGatherer.FORMAT, idTokenClaimGatherer);
    ExtensionFilterManager extensionFilterManager = mock(ExtensionFilterManager.class);
    requestAuthorizationFilter = mock(RequestAuthorizationFilter.class);
    given(extensionFilterManager.getFilters(RequestAuthorizationFilter.class)).willReturn(Collections.singletonList(requestAuthorizationFilter));
    UmaExceptionHandler exceptionHandler = mock(UmaExceptionHandler.class);
    endpoint = spy(new AuthorizationRequestEndpoint2(umaProviderSettingsFactory, oauth2TokenStore, requestFactory, oauth2ProviderSettingsFactory, oauth2UrisFactory, umaAuditLogger, pendingRequestsService, claimGatherers, extensionFilterManager, exceptionHandler, jacksonRepresentationFactory));
    request = mock(Request.class);
    given(endpoint.getRequest()).willReturn(request);
    response = mock(Response.class);
    endpoint.setResponse(response);
    requestBody = mock(JSONObject.class);
    given(requestBody.toString()).willReturn("{\"ticket\": \"016f84e8-f9b9-11e0-bd6f-0021cc6004de\"}");
    entity = mock(JsonRepresentation.class);
    given(entity.getJsonObject()).willReturn(requestBody);
}
Also used : OAuth2Uris(org.forgerock.oauth2.core.OAuth2Uris) HashMap(java.util.HashMap) Matchers.anyString(org.mockito.Matchers.anyString) ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription) RealmInfo(org.forgerock.openam.core.RealmInfo) OAuth2RequestFactory(org.forgerock.oauth2.core.OAuth2RequestFactory) OAuth2ProviderSettingsFactory(org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory) AccessToken(org.forgerock.oauth2.core.AccessToken) ResourceSetStore(org.forgerock.oauth2.resources.ResourceSetStore) OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings) UmaAuditLogger(org.forgerock.openam.uma.audit.UmaAuditLogger) UmaPendingRequest(org.forgerock.openam.sm.datalayer.impl.uma.UmaPendingRequest) OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) HttpServletRequest(javax.servlet.http.HttpServletRequest) Request(org.restlet.Request) RequestAuthorizationFilter(org.forgerock.openam.uma.extensions.RequestAuthorizationFilter) Evaluator(com.sun.identity.entitlement.Evaluator) Subject(javax.security.auth.Subject) Response(org.restlet.Response) OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) JSONObject(org.json.JSONObject) TokenStore(org.forgerock.oauth2.core.TokenStore) JsonRepresentation(org.restlet.ext.json.JsonRepresentation) ExtensionFilterManager(org.forgerock.openam.oauth2.extensions.ExtensionFilterManager) BeforeMethod(org.testng.annotations.BeforeMethod)

Aggregations

ResourceSetStore (org.forgerock.oauth2.resources.ResourceSetStore)14 ResourceSetDescription (org.forgerock.oauth2.resources.ResourceSetDescription)11 OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)4 BeforeMethod (org.testng.annotations.BeforeMethod)4 HashSet (java.util.HashSet)3 Subject (javax.security.auth.Subject)3 OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)3 ServerException (org.forgerock.oauth2.core.exceptions.ServerException)3 ExtensionFilterManager (org.forgerock.openam.oauth2.extensions.ExtensionFilterManager)3 Evaluator (com.sun.identity.entitlement.Evaluator)2 HashMap (java.util.HashMap)2 JsonValue (org.forgerock.json.JsonValue)2 AccessToken (org.forgerock.oauth2.core.AccessToken)2 OAuth2ProviderSettingsFactory (org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory)2 NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)2 ResourceSetRegistrationHook (org.forgerock.oauth2.restlet.resources.ResourceSetRegistrationHook)2 ResourceSetStoreFactory (org.forgerock.openam.oauth2.resources.ResourceSetStoreFactory)2 UmaAuditLogger (org.forgerock.openam.uma.audit.UmaAuditLogger)2 Matchers.anyString (org.mockito.Matchers.anyString)2 Request (org.restlet.Request)2