Examples with ResourceType org.forgerock.openam.entitlement.ResourceType used on opensource projects

Example 1 with ResourceType

use of org.forgerock.openam.entitlement.ResourceType in project OpenAM by OpenRock.

the class ConfigureOAuth2 method getUrlResourceTypeId.

private String getUrlResourceTypeId(Subject adminSubject, String realm) throws EntitlementException, WorkflowException {
    Application application = ApplicationManager.getApplication(adminSubject, realm, POLICY_APPLICATION_NAME);
    if (application == null) {
        ApplicationType applicationType = ApplicationTypeManager.getAppplicationType(adminSubject, ApplicationTypeManager.URL_APPLICATION_TYPE_NAME);
        application = ApplicationManager.newApplication(POLICY_APPLICATION_NAME, applicationType);
    }
    Set<String> resourceTypeIds = application.getResourceTypeUuids();
    ResourceTypeService resourceTypeService = InjectorHolder.getInstance(ResourceTypeService.class);
    for (String id : resourceTypeIds) {
        ResourceType resourceType = resourceTypeService.getResourceType(adminSubject, realm, id);
        if (POLICY_RESOURCE_TYPE_NAME.equalsIgnoreCase(resourceType.getName())) {
            return id;
        }
    }
    QueryFilter<SmsAttribute> name = equalTo(SmsAttribute.newSearchableInstance("name"), POLICY_RESOURCE_TYPE_NAME);
    Set<ResourceType> types = resourceTypeService.getResourceTypes(name, adminSubject, realm);
    ResourceType resourceType;
    if (types == null || types.isEmpty()) {
        resourceType = ResourceType.builder().addPatterns(asSet("*://*:*/*/authorize?*")).addActions(new ImmutableMap.Builder<String, Boolean>().put("GET", true).put("POST", true).build()).setName(POLICY_RESOURCE_TYPE_NAME).setUUID(UUID.randomUUID().toString()).build();
        resourceType = resourceTypeService.saveResourceType(adminSubject, realm, resourceType);
    } else {
        resourceType = types.iterator().next();
    }
    application.addAllResourceTypeUuids(asSet(resourceType.getUUID()));
    application.setEntitlementCombiner(DenyOverride.class);
    ApplicationManager.saveApplication(adminSubject, realm, application);
    return resourceType.getUUID();
}

Example 2 with ResourceType

use of org.forgerock.openam.entitlement.ResourceType in project OpenAM by OpenRock.

the class PrivilegeManager method validate.

/**
     * Validates the passed policy.
     *
     * @param privilege
     *         the policy instance
     *
     * @throws EntitlementException
     *         should validator fail
     */
protected void validate(Privilege privilege) throws EntitlementException {
    final String pName = privilege.getName();
    if (pName == null || pName.trim().isEmpty()) {
        throw new EntitlementException(EntitlementException.EMPTY_PRIVILEGE_NAME);
    }
    final Entitlement entitlement = privilege.getEntitlement();
    if (entitlement == null) {
        throw new EntitlementException(EntitlementException.NULL_ENTITLEMENT);
    }
    privilege.validateSubject(privilege.getSubject());
    ApplicationService applicationService = applicationServiceFactory.create(adminSubject, realm);
    Application application = applicationService.getApplication(entitlement.getApplicationName());
    if (application == null) {
        throw new EntitlementException(EntitlementException.APP_RETRIEVAL_ERROR, realm);
    }
    if (CollectionUtils.isEmpty(application.getResourceTypeUuids())) {
        if (StringUtils.isNotEmpty(privilege.getResourceTypeUuid())) {
            throw new EntitlementException(EntitlementException.NO_RESOURCE_TYPE_EXPECTED);
        }
        // If no resource types have been defined then the following resource type validation is irrelevant.
        return;
    }
    if (!application.getResourceTypeUuids().contains(privilege.getResourceTypeUuid())) {
        throw new EntitlementException(EntitlementException.POLICY_DEFINES_INVALID_RESOURCE_TYPE, privilege.getResourceTypeUuid());
    }
    final ResourceType resourceType = resourceTypeService.getResourceType(superAdminSubject, realm, privilege.getResourceTypeUuid());
    if (resourceType == null) {
        throw new EntitlementException(EntitlementException.NO_SUCH_RESOURCE_TYPE, privilege.getResourceTypeUuid(), realm);
    }
    validator.verifyActions(entitlement.getActionValues().keySet()).against(resourceType).throwExceptionIfFailure();
    validator.verifyResources(entitlement.getResourceNames()).using(entitlement.getResourceComparator(superAdminSubject, realm)).against(resourceType).throwExceptionIfFailure();
}

Example 3 with ResourceType

use of org.forgerock.openam.entitlement.ResourceType in project OpenAM by OpenRock.

the class ResourceTypeServiceTest method shouldModifyResourceTypeMetaData.

@Test
public void shouldModifyResourceTypeMetaData() throws EntitlementException {
    // given
    ResourceType resourceType = ResourceType.builder().generateUUID().setName("URL").setDescription("This is a URL resource type").addPattern("*://*:*/*").addPattern("*://*:*/*?*").addAction("GET", true).addAction("PUT", false).build();
    // when
    resourceType = service.saveResourceType(subject, "/testRealm", resourceType);
    // then
    assertNotNull(resourceType.getCreatedBy());
    assertEquals(resourceType.getCreatedBy(), TEST_USER);
    assertNotNull(resourceType.getCreationDate());
    assertNotEquals(resourceType.getCreationDate(), 0);
    assertNotNull(resourceType.getLastModifiedBy());
    assertEquals(resourceType.getLastModifiedBy(), TEST_USER);
    assertNotNull(resourceType.getLastModifiedDate());
    assertNotEquals(resourceType.getLastModifiedDate(), 0);
}

Example 4 with ResourceType

use of org.forgerock.openam.entitlement.ResourceType in project OpenAM by OpenRock.

the class ApplicationV1FilterTransformerTest method testSuccessfulTransformation.

@Test
public void testSuccessfulTransformation() throws EntitlementException {
    //given
    JsonValue jsonValue = json(object(field(RESOURCE_TYPE_UUIDS, array("abc-def-ghi", "def-ghj-kli"))));
    Subject subject = new Subject();
    ResourceType resourceType = ResourceType.builder().setName("name").setUUID("uuid").addAction("action", true).addPattern("pattern").build();
    ResourceType resourceType2 = ResourceType.builder().setName("name2").setUUID("uuid2").addAction("action2", true).addPattern("pattern2").build();
    given(mockResourceTypeService.getResourceType(eq(subject), eq("realm"), eq("abc-def-ghi"))).willReturn(resourceType);
    given(mockResourceTypeService.getResourceType(eq(subject), eq("realm"), eq("def-ghj-kli"))).willReturn(resourceType2);
    //when
    transformer.transformJson(jsonValue, subject, "realm");
    //then
    assertTrue(jsonValue.get(RESOURCE_TYPE_UUIDS).isNull());
    assertTrue(jsonValue.get("actions").get("action").asBoolean());
    assertTrue(jsonValue.get("actions").get("action2").asBoolean());
    assertTrue(jsonValue.get("resources").contains("pattern"));
    assertTrue(jsonValue.get("resources").contains("pattern2"));
}

Example 5 with ResourceType

use of org.forgerock.openam.entitlement.ResourceType in project OpenAM by OpenRock.

the class UpgradeResourceTypeStep method createResourceType.

/**
     * Create the resource type for the given application if a suitable resource type does not already exist.
     * @param state The state object that contains the various parameters for creating the resource type.
     * @param realm The realm in which the application and resource type resides.
     * @return The resource type if it could be created or {@code null} if it could not.
     * @throws UpgradeException If the application types could not be read.
     */
private ResourceType createResourceType(ResourceTypeState state, String realm) throws UpgradeException {
    final Set<QueryFilter<SmsAttribute>> actionFilters = transformSet(state.actions, new Function<String, QueryFilter<SmsAttribute>, NeverThrowsException>() {

        @Override
        public QueryFilter<SmsAttribute> apply(String value) {
            return QueryFilter.equalTo(ResourceTypeSmsAttributes.ACTIONS, value);
        }
    });
    final Set<QueryFilter<SmsAttribute>> patternFilters = transformSet(state.patterns, new Function<String, QueryFilter<SmsAttribute>, NeverThrowsException>() {

        @Override
        public QueryFilter<SmsAttribute> apply(String value) {
            return QueryFilter.equalTo(ResourceTypeSmsAttributes.PATTERNS, value);
        }
    });
    final Set<ResourceType> resourceTypes;
    try {
        resourceTypes = resourceTypeService.getResourceTypes(QueryFilter.and(QueryFilter.and(actionFilters), QueryFilter.and(patternFilters)), getAdminSubject(), realm);
    } catch (EntitlementException e) {
        throw new UpgradeException("Failed to retrieve resource type for " + state.appName, e);
    }
    if (!resourceTypes.isEmpty()) {
        // Some matching resource types have been found, return the first one.
        return resourceTypes.iterator().next();
    }
    ResourceType resourceType = ResourceType.builder().setName(state.appName + RESOURCES_TYPE_NAME_SUFFIX).addActions(getActions(state.actions)).addPatterns(state.patterns).setDescription(RESOURCE_TYPE_DESCRIPTION + state.appName).generateUUID().build();
    saveResourceType(resourceType, realm);
    state.resourceTypeName = resourceType.getName();
    return resourceType;
}