use of org.forgerock.openam.rest.RealmContext in project OpenAM by OpenRock.
the class PrivilegeAuthzModuleTest method crestReadIsAllowed.
@Test
public void crestReadIsAllowed() throws SSOException, DelegationException {
// Given...
final Set<String> actions = new HashSet<>(Arrays.asList("READ"));
final DelegationPermission permission = new DelegationPermission("/abc", "rest", "1.0", "policies", "read", actions, EXTENSIONS, DUMB_FUNC);
given(factory.newInstance("/abc", "rest", "1.0", "policies", "read", actions, EXTENSIONS)).willReturn(permission);
given(subjectContext.getCallerSSOToken()).willReturn(token);
given(evaluator.isAllowed(token, permission, ENVIRONMENT)).willReturn(true);
JsonValue jsonValue = json(object(field("someKey", "someValue")));
Promise<ResourceResponse, ResourceException> promise = Promises.newResultPromise(Responses.newResourceResponse("1", "1.0", jsonValue));
given(provider.readInstance(isA(Context.class), eq("123"), isA(ReadRequest.class))).willReturn(promise);
// When...
final FilterChain chain = AuthorizationFilters.createAuthorizationFilter(provider, module);
final Router router = new Router();
router.addRoute(RoutingMode.STARTS_WITH, Router.uriTemplate("/policies"), chain);
final RealmContext context = new RealmContext(subjectContext);
final ReadRequest request = Requests.newReadRequest("/policies/123");
context.setSubRealm("abc", "abc");
Promise<ResourceResponse, ResourceException> result = router.handleRead(context, request);
// Then...
assertThat(result).succeeded().withContent().stringAt("someKey").isEqualTo("someValue");
}
use of org.forgerock.openam.rest.RealmContext in project OpenAM by OpenRock.
the class PrivilegeAuthzModuleTest method crestUpdateIsAllowed.
@Test
public void crestUpdateIsAllowed() throws SSOException, DelegationException {
// Given...
final Set<String> actions = new HashSet<>(Arrays.asList("MODIFY"));
final DelegationPermission permission = new DelegationPermission("/abc", "rest", "1.0", "policies", "modify", actions, EXTENSIONS, DUMB_FUNC);
given(factory.newInstance("/abc", "rest", "1.0", "policies", "modify", actions, EXTENSIONS)).willReturn(permission);
given(subjectContext.getCallerSSOToken()).willReturn(token);
given(evaluator.isAllowed(eq(token), eq(permission), eq(ENVIRONMENT))).willReturn(true);
JsonValue jsonValue = json(object(field("someKey", "someValue")));
Promise<ResourceResponse, ResourceException> promise = Promises.newResultPromise(Responses.newResourceResponse("1", "1.0", jsonValue));
given(provider.updateInstance(isA(Context.class), eq("123"), isA(UpdateRequest.class))).willReturn(promise);
// When...
final FilterChain chain = AuthorizationFilters.createAuthorizationFilter(provider, module);
final Router router = new Router();
router.addRoute(RoutingMode.STARTS_WITH, Router.uriTemplate("/policies"), chain);
final RealmContext context = new RealmContext(subjectContext);
context.setSubRealm("abc", "abc");
final UpdateRequest request = Requests.newUpdateRequest("/policies/123", JsonValue.json(new Object()));
Promise<ResourceResponse, ResourceException> result = router.handleUpdate(context, request);
// Then...
assertThat(result).succeeded().withContent().stringAt("someKey").isEqualTo("someValue");
}
use of org.forgerock.openam.rest.RealmContext in project OpenAM by OpenRock.
the class PrivilegeAuthzModuleTest method crestCreateIsAllowed.
@Test
public void crestCreateIsAllowed() throws SSOException, DelegationException {
// Given...
final Set<String> actions = new HashSet<>(Arrays.asList("MODIFY"));
final DelegationPermission permission = new DelegationPermission("/abc", "rest", "1.0", "policies", "modify", actions, EXTENSIONS, DUMB_FUNC);
given(factory.newInstance("/abc", "rest", "1.0", "policies", "modify", actions, EXTENSIONS)).willReturn(permission);
given(subjectContext.getCallerSSOToken()).willReturn(token);
given(evaluator.isAllowed(eq(token), eq(permission), eq(ENVIRONMENT))).willReturn(true);
JsonValue jsonValue = json(object(field("someKey", "someValue")));
Promise<ResourceResponse, ResourceException> promise = Promises.newResultPromise(Responses.newResourceResponse("1", "1.0", jsonValue));
given(provider.createInstance(isA(Context.class), isA(CreateRequest.class))).willReturn(promise);
// When...
final FilterChain chain = AuthorizationFilters.createAuthorizationFilter(provider, module);
final Router router = new Router();
router.addRoute(RoutingMode.STARTS_WITH, Router.uriTemplate("/policies"), chain);
final RealmContext context = new RealmContext(subjectContext);
context.setSubRealm("abc", "abc");
final CreateRequest request = Requests.newCreateRequest("/policies", JsonValue.json(new Object()));
Promise<ResourceResponse, ResourceException> result = router.handleCreate(context, request);
// Then...
assertThat(result).succeeded().withContent().stringAt("someKey").isEqualTo("someValue");
}
use of org.forgerock.openam.rest.RealmContext in project OpenAM by OpenRock.
the class UmaPolicyApplicationListener method deletePolicies.
private void deletePolicies(String realm, String resourceServerId) {
RealmContext realmContext = new RealmContext(new RootContext());
realmContext.setDnsAlias("/", realm);
final Context context = new AdminSubjectContext(logger, sessionCache, realmContext);
QueryRequest request = Requests.newQueryRequest("").setQueryFilter(QueryFilter.equalTo(new JsonPointer("applicationName"), resourceServerId));
final List<ResourceResponse> resources = new ArrayList<>();
policyResource.handleQuery(context, request, new QueryResourceHandler() {
@Override
public boolean handleResource(ResourceResponse resource) {
resources.add(resource);
return true;
}
}).thenAsync(new AsyncFunction<QueryResponse, List<ResourceResponse>, ResourceException>() {
@Override
public Promise<List<ResourceResponse>, ResourceException> apply(QueryResponse response) {
List<Promise<ResourceResponse, ResourceException>> promises = new ArrayList<>();
for (ResourceResponse policy : resources) {
DeleteRequest deleteRequest = Requests.newDeleteRequest("", policy.getId());
promises.add(policyResource.handleDelete(context, deleteRequest));
}
Promise<List<ResourceResponse>, ResourceException> when = Promises.when(promises);
return when;
}
}).thenOnException(new ExceptionHandler<ResourceException>() {
@Override
public void handleException(ResourceException error) {
logger.error(error.getReason());
}
});
}
use of org.forgerock.openam.rest.RealmContext in project OpenAM by OpenRock.
the class ResourceSetService method combine.
private Collection<ResourceSetDescription> combine(Context context, ResourceSetWithPolicyQuery resourceSetWithPolicyQuery, Collection<ResourceSetDescription> resourceSets, Collection<UmaPolicy> policies, boolean augmentWithPolicies, String resourceOwnerId) throws org.forgerock.oauth2.core.exceptions.NotFoundException, ServerException {
Map<String, ResourceSetDescription> resourceSetsById = new HashMap<String, ResourceSetDescription>();
Map<String, UmaPolicy> policiesById = new HashMap<String, UmaPolicy>();
for (ResourceSetDescription resourceSet : resourceSets) {
resourceSetsById.put(resourceSet.getId(), resourceSet);
}
for (UmaPolicy policy : policies) {
policiesById.put(policy.getId(), policy);
}
if (AggregateQuery.Operator.AND.equals(resourceSetWithPolicyQuery.getOperator())) {
resourceSetsById.keySet().retainAll(policiesById.keySet());
if (augmentWithPolicies) {
for (ResourceSetDescription resourceSet : resourceSetsById.values()) {
resourceSet.setPolicy(policiesById.get(resourceSet.getId()).asJson());
}
}
} else if (AggregateQuery.Operator.OR.equals(resourceSetWithPolicyQuery.getOperator())) {
if (augmentWithPolicies) {
for (ResourceSetDescription resourceSet : resourceSetsById.values()) {
augmentWithPolicy(context, resourceSet.getId(), resourceSet);
}
}
for (Map.Entry<String, UmaPolicy> entry : policiesById.entrySet()) {
ResourceSetDescription resourceSet;
if (resourceSetsById.containsKey(entry.getKey())) {
resourceSet = resourceSetsById.get(entry.getKey());
} else {
RealmContext realmContext = context.asContext(RealmContext.class);
resourceSet = resourceSetStoreFactory.create(realmContext.getResolvedRealm()).read(entry.getKey(), resourceOwnerId);
}
if (augmentWithPolicies) {
resourceSet.setPolicy(entry.getValue().asJson());
}
resourceSetsById.put(entry.getKey(), resourceSet);
}
}
return resourceSetsById.values();
}
Aggregations