Search in sources :

Example 86 with RealmContext

use of org.forgerock.openam.rest.RealmContext in project OpenAM by OpenRock.

the class PrivilegeAuthzModuleTest method crestReadIsAllowed.

@Test
public void crestReadIsAllowed() throws SSOException, DelegationException {
    // Given...
    final Set<String> actions = new HashSet<>(Arrays.asList("READ"));
    final DelegationPermission permission = new DelegationPermission("/abc", "rest", "1.0", "policies", "read", actions, EXTENSIONS, DUMB_FUNC);
    given(factory.newInstance("/abc", "rest", "1.0", "policies", "read", actions, EXTENSIONS)).willReturn(permission);
    given(subjectContext.getCallerSSOToken()).willReturn(token);
    given(evaluator.isAllowed(token, permission, ENVIRONMENT)).willReturn(true);
    JsonValue jsonValue = json(object(field("someKey", "someValue")));
    Promise<ResourceResponse, ResourceException> promise = Promises.newResultPromise(Responses.newResourceResponse("1", "1.0", jsonValue));
    given(provider.readInstance(isA(Context.class), eq("123"), isA(ReadRequest.class))).willReturn(promise);
    // When...
    final FilterChain chain = AuthorizationFilters.createAuthorizationFilter(provider, module);
    final Router router = new Router();
    router.addRoute(RoutingMode.STARTS_WITH, Router.uriTemplate("/policies"), chain);
    final RealmContext context = new RealmContext(subjectContext);
    final ReadRequest request = Requests.newReadRequest("/policies/123");
    context.setSubRealm("abc", "abc");
    Promise<ResourceResponse, ResourceException> result = router.handleRead(context, request);
    // Then...
    assertThat(result).succeeded().withContent().stringAt("someKey").isEqualTo("someValue");
}
Also used : RealmContext(org.forgerock.openam.rest.RealmContext) SubjectContext(org.forgerock.openam.rest.resource.SubjectContext) Context(org.forgerock.services.context.Context) RealmContext(org.forgerock.openam.rest.RealmContext) FilterChain(org.forgerock.json.resource.FilterChain) JsonValue(org.forgerock.json.JsonValue) Router(org.forgerock.json.resource.Router) Matchers.anyString(org.mockito.Matchers.anyString) DelegationPermission(com.sun.identity.delegation.DelegationPermission) ResourceResponse(org.forgerock.json.resource.ResourceResponse) ResourceException(org.forgerock.json.resource.ResourceException) HashSet(java.util.HashSet) ReadRequest(org.forgerock.json.resource.ReadRequest) Test(org.testng.annotations.Test)

Example 87 with RealmContext

use of org.forgerock.openam.rest.RealmContext in project OpenAM by OpenRock.

the class PrivilegeAuthzModuleTest method crestUpdateIsAllowed.

@Test
public void crestUpdateIsAllowed() throws SSOException, DelegationException {
    // Given...
    final Set<String> actions = new HashSet<>(Arrays.asList("MODIFY"));
    final DelegationPermission permission = new DelegationPermission("/abc", "rest", "1.0", "policies", "modify", actions, EXTENSIONS, DUMB_FUNC);
    given(factory.newInstance("/abc", "rest", "1.0", "policies", "modify", actions, EXTENSIONS)).willReturn(permission);
    given(subjectContext.getCallerSSOToken()).willReturn(token);
    given(evaluator.isAllowed(eq(token), eq(permission), eq(ENVIRONMENT))).willReturn(true);
    JsonValue jsonValue = json(object(field("someKey", "someValue")));
    Promise<ResourceResponse, ResourceException> promise = Promises.newResultPromise(Responses.newResourceResponse("1", "1.0", jsonValue));
    given(provider.updateInstance(isA(Context.class), eq("123"), isA(UpdateRequest.class))).willReturn(promise);
    // When...
    final FilterChain chain = AuthorizationFilters.createAuthorizationFilter(provider, module);
    final Router router = new Router();
    router.addRoute(RoutingMode.STARTS_WITH, Router.uriTemplate("/policies"), chain);
    final RealmContext context = new RealmContext(subjectContext);
    context.setSubRealm("abc", "abc");
    final UpdateRequest request = Requests.newUpdateRequest("/policies/123", JsonValue.json(new Object()));
    Promise<ResourceResponse, ResourceException> result = router.handleUpdate(context, request);
    // Then...
    assertThat(result).succeeded().withContent().stringAt("someKey").isEqualTo("someValue");
}
Also used : RealmContext(org.forgerock.openam.rest.RealmContext) SubjectContext(org.forgerock.openam.rest.resource.SubjectContext) Context(org.forgerock.services.context.Context) RealmContext(org.forgerock.openam.rest.RealmContext) UpdateRequest(org.forgerock.json.resource.UpdateRequest) FilterChain(org.forgerock.json.resource.FilterChain) JsonValue(org.forgerock.json.JsonValue) Router(org.forgerock.json.resource.Router) Matchers.anyString(org.mockito.Matchers.anyString) DelegationPermission(com.sun.identity.delegation.DelegationPermission) ResourceResponse(org.forgerock.json.resource.ResourceResponse) ResourceException(org.forgerock.json.resource.ResourceException) HashSet(java.util.HashSet) Test(org.testng.annotations.Test)

Example 88 with RealmContext

use of org.forgerock.openam.rest.RealmContext in project OpenAM by OpenRock.

the class PrivilegeAuthzModuleTest method crestCreateIsAllowed.

@Test
public void crestCreateIsAllowed() throws SSOException, DelegationException {
    // Given...
    final Set<String> actions = new HashSet<>(Arrays.asList("MODIFY"));
    final DelegationPermission permission = new DelegationPermission("/abc", "rest", "1.0", "policies", "modify", actions, EXTENSIONS, DUMB_FUNC);
    given(factory.newInstance("/abc", "rest", "1.0", "policies", "modify", actions, EXTENSIONS)).willReturn(permission);
    given(subjectContext.getCallerSSOToken()).willReturn(token);
    given(evaluator.isAllowed(eq(token), eq(permission), eq(ENVIRONMENT))).willReturn(true);
    JsonValue jsonValue = json(object(field("someKey", "someValue")));
    Promise<ResourceResponse, ResourceException> promise = Promises.newResultPromise(Responses.newResourceResponse("1", "1.0", jsonValue));
    given(provider.createInstance(isA(Context.class), isA(CreateRequest.class))).willReturn(promise);
    // When...
    final FilterChain chain = AuthorizationFilters.createAuthorizationFilter(provider, module);
    final Router router = new Router();
    router.addRoute(RoutingMode.STARTS_WITH, Router.uriTemplate("/policies"), chain);
    final RealmContext context = new RealmContext(subjectContext);
    context.setSubRealm("abc", "abc");
    final CreateRequest request = Requests.newCreateRequest("/policies", JsonValue.json(new Object()));
    Promise<ResourceResponse, ResourceException> result = router.handleCreate(context, request);
    // Then...
    assertThat(result).succeeded().withContent().stringAt("someKey").isEqualTo("someValue");
}
Also used : RealmContext(org.forgerock.openam.rest.RealmContext) SubjectContext(org.forgerock.openam.rest.resource.SubjectContext) Context(org.forgerock.services.context.Context) RealmContext(org.forgerock.openam.rest.RealmContext) CreateRequest(org.forgerock.json.resource.CreateRequest) FilterChain(org.forgerock.json.resource.FilterChain) JsonValue(org.forgerock.json.JsonValue) Router(org.forgerock.json.resource.Router) Matchers.anyString(org.mockito.Matchers.anyString) DelegationPermission(com.sun.identity.delegation.DelegationPermission) ResourceResponse(org.forgerock.json.resource.ResourceResponse) ResourceException(org.forgerock.json.resource.ResourceException) HashSet(java.util.HashSet) Test(org.testng.annotations.Test)

Example 89 with RealmContext

use of org.forgerock.openam.rest.RealmContext in project OpenAM by OpenRock.

the class UmaPolicyApplicationListener method deletePolicies.

private void deletePolicies(String realm, String resourceServerId) {
    RealmContext realmContext = new RealmContext(new RootContext());
    realmContext.setDnsAlias("/", realm);
    final Context context = new AdminSubjectContext(logger, sessionCache, realmContext);
    QueryRequest request = Requests.newQueryRequest("").setQueryFilter(QueryFilter.equalTo(new JsonPointer("applicationName"), resourceServerId));
    final List<ResourceResponse> resources = new ArrayList<>();
    policyResource.handleQuery(context, request, new QueryResourceHandler() {

        @Override
        public boolean handleResource(ResourceResponse resource) {
            resources.add(resource);
            return true;
        }
    }).thenAsync(new AsyncFunction<QueryResponse, List<ResourceResponse>, ResourceException>() {

        @Override
        public Promise<List<ResourceResponse>, ResourceException> apply(QueryResponse response) {
            List<Promise<ResourceResponse, ResourceException>> promises = new ArrayList<>();
            for (ResourceResponse policy : resources) {
                DeleteRequest deleteRequest = Requests.newDeleteRequest("", policy.getId());
                promises.add(policyResource.handleDelete(context, deleteRequest));
            }
            Promise<List<ResourceResponse>, ResourceException> when = Promises.when(promises);
            return when;
        }
    }).thenOnException(new ExceptionHandler<ResourceException>() {

        @Override
        public void handleException(ResourceException error) {
            logger.error(error.getReason());
        }
    });
}
Also used : RootContext(org.forgerock.services.context.RootContext) RealmContext(org.forgerock.openam.rest.RealmContext) AdminSubjectContext(org.forgerock.openam.rest.resource.AdminSubjectContext) Context(org.forgerock.services.context.Context) RealmContext(org.forgerock.openam.rest.RealmContext) QueryRequest(org.forgerock.json.resource.QueryRequest) AdminSubjectContext(org.forgerock.openam.rest.resource.AdminSubjectContext) ArrayList(java.util.ArrayList) JsonPointer(org.forgerock.json.JsonPointer) AsyncFunction(org.forgerock.util.AsyncFunction) RootContext(org.forgerock.services.context.RootContext) Promise(org.forgerock.util.promise.Promise) ResourceResponse(org.forgerock.json.resource.ResourceResponse) QueryResponse(org.forgerock.json.resource.QueryResponse) List(java.util.List) ArrayList(java.util.ArrayList) ResourceException(org.forgerock.json.resource.ResourceException) QueryResourceHandler(org.forgerock.json.resource.QueryResourceHandler) DenyOverride(com.sun.identity.entitlement.DenyOverride) DeleteRequest(org.forgerock.json.resource.DeleteRequest)

Example 90 with RealmContext

use of org.forgerock.openam.rest.RealmContext in project OpenAM by OpenRock.

the class ResourceSetService method combine.

private Collection<ResourceSetDescription> combine(Context context, ResourceSetWithPolicyQuery resourceSetWithPolicyQuery, Collection<ResourceSetDescription> resourceSets, Collection<UmaPolicy> policies, boolean augmentWithPolicies, String resourceOwnerId) throws org.forgerock.oauth2.core.exceptions.NotFoundException, ServerException {
    Map<String, ResourceSetDescription> resourceSetsById = new HashMap<String, ResourceSetDescription>();
    Map<String, UmaPolicy> policiesById = new HashMap<String, UmaPolicy>();
    for (ResourceSetDescription resourceSet : resourceSets) {
        resourceSetsById.put(resourceSet.getId(), resourceSet);
    }
    for (UmaPolicy policy : policies) {
        policiesById.put(policy.getId(), policy);
    }
    if (AggregateQuery.Operator.AND.equals(resourceSetWithPolicyQuery.getOperator())) {
        resourceSetsById.keySet().retainAll(policiesById.keySet());
        if (augmentWithPolicies) {
            for (ResourceSetDescription resourceSet : resourceSetsById.values()) {
                resourceSet.setPolicy(policiesById.get(resourceSet.getId()).asJson());
            }
        }
    } else if (AggregateQuery.Operator.OR.equals(resourceSetWithPolicyQuery.getOperator())) {
        if (augmentWithPolicies) {
            for (ResourceSetDescription resourceSet : resourceSetsById.values()) {
                augmentWithPolicy(context, resourceSet.getId(), resourceSet);
            }
        }
        for (Map.Entry<String, UmaPolicy> entry : policiesById.entrySet()) {
            ResourceSetDescription resourceSet;
            if (resourceSetsById.containsKey(entry.getKey())) {
                resourceSet = resourceSetsById.get(entry.getKey());
            } else {
                RealmContext realmContext = context.asContext(RealmContext.class);
                resourceSet = resourceSetStoreFactory.create(realmContext.getResolvedRealm()).read(entry.getKey(), resourceOwnerId);
            }
            if (augmentWithPolicies) {
                resourceSet.setPolicy(entry.getValue().asJson());
            }
            resourceSetsById.put(entry.getKey(), resourceSet);
        }
    }
    return resourceSetsById.values();
}
Also used : RealmContext(org.forgerock.openam.rest.RealmContext) HashMap(java.util.HashMap) UmaPolicy(org.forgerock.openam.uma.UmaPolicy) ResourceSetDescription(org.forgerock.oauth2.resources.ResourceSetDescription)

Aggregations

RealmContext (org.forgerock.openam.rest.RealmContext)94 ResourceException (org.forgerock.json.resource.ResourceException)63 ResourceResponse (org.forgerock.json.resource.ResourceResponse)58 Context (org.forgerock.services.context.Context)53 Test (org.testng.annotations.Test)53 Subject (javax.security.auth.Subject)42 ClientContext (org.forgerock.services.context.ClientContext)41 SSOTokenContext (org.forgerock.openam.rest.resource.SSOTokenContext)40 JsonValue (org.forgerock.json.JsonValue)35 Matchers.anyString (org.mockito.Matchers.anyString)27 SubjectContext (org.forgerock.openam.rest.resource.SubjectContext)20 BadRequestException (org.forgerock.json.resource.BadRequestException)19 SSOException (com.iplanet.sso.SSOException)17 Application (com.sun.identity.entitlement.Application)16 ForbiddenException (org.forgerock.json.resource.ForbiddenException)16 NotFoundException (org.forgerock.json.resource.NotFoundException)15 PermanentException (org.forgerock.json.resource.PermanentException)15 QueryResourceHandler (org.forgerock.json.resource.QueryResourceHandler)15 ReadRequest (org.forgerock.json.resource.ReadRequest)15 SSOToken (com.iplanet.sso.SSOToken)14