Examples with ResourceType org.forgerock.openam.entitlement.ResourceType used on opensource projects

Example 21 with ResourceType

use of org.forgerock.openam.entitlement.ResourceType in project OpenAM by OpenRock.

the class UmaResourceSetRegistrationHook method resourceSetCreated.

/**
     * Creates a ResourceType for the Resource Set and adds it to the Resource Server's policy Application.
     *
     * @param realm {@inheritDoc}
     * @param resourceSet {@inheritDoc}
     */
@Override
public void resourceSetCreated(String realm, ResourceSetDescription resourceSet) throws ServerException {
    Map<String, Boolean> resourceTypeActions = new HashMap<String, Boolean>();
    for (String umaScope : resourceSet.getScopes()) {
        resourceTypeActions.put(umaScope, Boolean.TRUE);
    }
    ResourceType resourceType = ResourceType.builder().setName(resourceSet.getName() + " - " + resourceSet.getId()).setUUID(resourceSet.getId()).setDescription("Dynamically created resource type for the UMA resource set. " + "Used to find all Policy Engine Policies that make up an UMA Policy").setActions(resourceTypeActions).addPattern(UmaConstants.UMA_POLICY_SCHEME_PATTERN).build();
    Subject adminSubject = SubjectUtils.createSuperAdminSubject();
    try {
        resourceTypeService.saveResourceType(adminSubject, realm, resourceType);
    } catch (EntitlementException e) {
        logger.error("Failed to create resource type for resource set, {}", resourceSet, e);
        throw new ServerException(e);
    }
    try {
        Application application = applicationManager.getApplication(adminSubject, realm, resourceSet.getClientId().toLowerCase());
        application.addResourceTypeUuid(resourceType.getUUID());
        applicationManager.saveApplication(adminSubject, realm, application);
    } catch (EntitlementException e) {
        logger.error("Failed to add Resource Type, " + resourceType.getUUID() + " to application, " + resourceSet.getClientId(), e);
        throw new ServerException(e);
    }
}

Example 22 with ResourceType

use of org.forgerock.openam.entitlement.ResourceType in project OpenAM by OpenRock.

the class UpgradeEntitlementSubConfigsStep method addMissingResourceTypes.

/**
     * Adds any missing ResourceTypes.
     *
     * @throws UpgradeException If there was an error while adding a ResourceType
     */
private void addMissingResourceTypes() throws UpgradeException {
    for (final Node typeNode : missingResourceTypes) {
        final Map<String, Set<String>> keyValueMap = parseAttributeValuePairTags(typeNode);
        final String uuid = getNodeAttributeValue(typeNode, NAME);
        final String name = retrieveSingleValue(NAME, keyValueMap);
        final ResourceType resourceType = resourceTypeFromMap(uuid, keyValueMap);
        UpgradeProgress.reportStart(AUDIT_NEW_RESOURCE_TYPE_START, name);
        try {
            DEBUG.message("Saving standard resource type {} with UUID {}", name, uuid);
            resourceTypeConfiguration.storeResourceType(getAdminSubject(), ROOT_REALM, resourceType);
            UpgradeProgress.reportEnd(AUDIT_UPGRADE_SUCCESS);
        } catch (EntitlementException eE) {
            UpgradeProgress.reportEnd(AUDIT_UPGRADE_FAIL);
            throw new UpgradeException(eE);
        }
    }
}

Example 23 with ResourceType

use of org.forgerock.openam.entitlement.ResourceType in project OpenAM by OpenRock.

the class RemoveReferralsStepTest method simpleSuccessfulPassThrough.

@Test
public void simpleSuccessfulPassThrough() throws Exception {
    // Given
    given(connectionFactory.create()).willReturn(connection);
    given(connection.search(isA(SearchRequest.class))).willReturn(entryReader);
    given(entryReader.hasNext()).willReturn(true).willReturn(false);
    given(entryReader.readEntry()).willReturn(resultEntry);
    given(resultEntry.getName()).willReturn(DN.valueOf("ou=test,ou=forgerock,ou=org"));
    JsonValue jsonValue = json(object(field("name", "ref"), field("mapApplNameToResources", object(field("app1", array("*://*:*/*")))), field("realms", array("/a"))));
    Set<String> values = singleton("serializable=" + jsonValue.toString());
    Attribute attribute = new LinkedAttribute("ou", values);
    AttributeParser attributeParser = AttributeParser.parseAttribute(attribute);
    given(resultEntry.parseAttribute("sunKeyValue")).willReturn(attributeParser);
    Application app1 = new Application();
    app1.setName("app1");
    app1.addAllResourceTypeUuids(singleton("123"));
    given(applicationService.getApplication(isA(Subject.class), eq("/"), eq("app1"))).willReturn(app1);
    given(policyServiceFactory.get(eq("/a"), isA(Subject.class))).willReturn(policyService);
    Privilege policy1 = new OpenSSOPrivilege();
    policy1.setName("pol1");
    given(policyService.findAllPoliciesByApplication("app1")).willReturn(singletonList(policy1));
    ResourceType resourceType1 = ResourceType.builder().setName("resourceType1").setUUID("123").build();
    given(resourceTypeService.getResourceType(isA(Subject.class), eq("/"), eq("123"))).willReturn(resourceType1);
    // When
    testStep.initialize();
    boolean isApplicable = testStep.isApplicable();
    testStep.perform();
    String shortReport = testStep.getShortReport("");
    String longReport = testStep.getDetailedReport("");
    // Then
    assertThat(isApplicable).isTrue();
    assertThat(shortReport).containsSequence("applications to be cloned", "Referrals found");
    assertThat(longReport).containsSequence("app1", "ou=test,ou=forgerock,ou=org");
    verify(resourceTypeService).saveResourceType(isA(Subject.class), eq("/a"), resourceTypeCaptor.capture());
    verify(applicationService).saveApplication(isA(Subject.class), eq("/a"), applicationCaptor.capture());
    verify(policyService).modify(policyCaptor.capture());
    ResourceType clonedResourceType = resourceTypeCaptor.getValue();
    assertThat(clonedResourceType).isNotEqualTo(resourceType1);
    assertThat(clonedResourceType.getName()).isEqualTo("resourceType1");
    Application clonedApplication = applicationCaptor.getValue();
    assertThat(clonedApplication).isNotEqualTo(app1);
    assertThat(clonedApplication.getName()).isEqualTo("app1");
    assertThat(clonedApplication.getResourceTypeUuids()).containsExactly(clonedResourceType.getUUID());
    Privilege modifiedPolicy = policyCaptor.getValue();
    assertThat(modifiedPolicy).isEqualTo(modifiedPolicy);
    assertThat(modifiedPolicy.getResourceTypeUuid()).isEqualTo(clonedResourceType.getUUID());
    verify(connection).delete(deleteRequestCaptor.capture());
    DeleteRequest request = deleteRequestCaptor.getValue();
    assertThat(request.getName().toString()).isEqualTo("ou=test,ou=forgerock,ou=org");
}

Example 24 with ResourceType

use of org.forgerock.openam.entitlement.ResourceType in project OpenAM by OpenRock.

the class UpgradeResourceTypeStep method perform.

/**
     * {@inheritDoc}
     */
@Override
public void perform() throws UpgradeException {
    for (Map.Entry<String, Set<ResourceTypeState>> entry : resourceTypeStatePerRealm.entrySet()) {
        final String realm = entry.getKey();
        final EntitlementConfiguration ec = EntitlementConfiguration.getInstance(getAdminSubject(), realm);
        final PrivilegeManager pm = PrivilegeManager.getInstance(realm, getAdminSubject());
        for (ResourceTypeState state : entry.getValue()) {
            if (state.applicationNeedsResourceType) {
                ResourceType resourceType = createResourceType(state, realm);
                upgradeApplication(ec, state.appName, resourceType.getUUID());
                // Application modified, clear cache.
                ApplicationManager.clearCache(realm);
            }
            if (state.policiesNeedsResourceType) {
                final Application application = ec.getApplication(state.appName);
                final Set<String> uuids = application.getResourceTypeUuids();
                if (!uuids.isEmpty()) {
                    // there should only be one resource type associated with the application at this stage
                    upgradePrivileges(pm, state.appName, uuids.iterator().next());
                }
            }
        }
    }
}

Example 25 with ResourceType

use of org.forgerock.openam.entitlement.ResourceType in project OpenAM by OpenRock.

the class ResourceTypesResource method updateInstance.

/**
     * Update a {@link org.forgerock.openam.entitlement.ResourceType} in the system.
     *
     * The user's {@link org.forgerock.json.resource.SecurityContext} must indicate they are a user with
     * administrator-level access.
     *
     * @param context {@inheritDoc}
     * @param request {@inheritDoc}
     */
@Override
public Promise<ResourceResponse, ResourceException> updateInstance(Context context, String resourceId, UpdateRequest request) {
    String principalName = "unknown";
    try {
        final Subject subject = getSubject(context);
        principalName = PrincipalRestUtils.getPrincipalNameFromSubject(subject);
        final JsonResourceType jsonWrapper = createJsonResourceType(request.getContent());
        if (StringUtils.isEmpty(jsonWrapper.getName())) {
            throw new EntitlementException(MISSING_RESOURCE_TYPE_NAME);
        }
        ResourceType resourceTypeToUpdate = jsonWrapper.getResourceType(false);
        if (!StringUtils.isEqualTo(resourceId, resourceTypeToUpdate.getUUID())) {
            throw new EntitlementException(RESOURCE_TYPE_ID_MISMATCH);
        }
        final ResourceType updatedResourceType = resourceTypeService.updateResourceType(subject, getRealm(context), resourceTypeToUpdate);
        if (logger.messageEnabled()) {
            logger.message("ResourceTypeResource :: UPDATE by " + principalName + ": for Resource Type: " + jsonWrapper.getName());
        }
        return newResultPromise(newResourceResponse(updatedResourceType.getUUID(), null, new JsonResourceType(updatedResourceType).toJsonValue()));
    } catch (EntitlementException e) {
        if (logger.errorEnabled()) {
            logger.error("ResourceTypeResource :: UPDATE by " + principalName + ": Resource Type update failed. ", e);
        }
        return exceptionMappingHandler.handleError(context, request, e).asPromise();
    }
}