use of org.forgerock.openam.rest.resource.SubjectContext in project OpenAM by OpenRock.
the class DecisionCombinersResourceTest method shouldThrowErrorWthInvalidCondition.
@Test(expectedExceptions = NotFoundException.class)
public void shouldThrowErrorWthInvalidCondition() throws JsonMappingException, ResourceException {
//given
SubjectContext mockSubjectContext = mock(SubjectContext.class);
RealmContext realmContext = new RealmContext(mockSubjectContext);
Context mockServerContext = ClientContext.newInternalClientContext(realmContext);
Subject mockSubject = new Subject();
given(mockSubjectContext.getCallerSubject()).willReturn(mockSubject);
ReadRequest mockRequest = mock(ReadRequest.class);
JsonSchema mockSchema = mock(JsonSchema.class);
given(mockMapper.generateJsonSchema((Class<?>) any(Class.class))).willReturn(mockSchema);
//when
Promise<ResourceResponse, ResourceException> result = testResource.readInstance(mockServerContext, "invalidCondition", mockRequest);
//then
result.getOrThrowUninterruptibly();
}
use of org.forgerock.openam.rest.resource.SubjectContext in project OpenAM by OpenRock.
the class PrivilegeAuthzModuleTest method crestQueryIsAllowed.
@Test
public void crestQueryIsAllowed() throws SSOException, DelegationException, ResourceException {
// Given...
final Set<String> actions = new HashSet<>(Arrays.asList("READ"));
final DelegationPermission permission = new DelegationPermission("/abc", "rest", "1.0", "policies", "read", actions, EXTENSIONS, DUMB_FUNC);
given(factory.newInstance("/abc", "rest", "1.0", "policies", "read", actions, EXTENSIONS)).willReturn(permission);
given(subjectContext.getCallerSSOToken()).willReturn(token);
given(evaluator.isAllowed(eq(token), eq(permission), eq(ENVIRONMENT))).willReturn(true);
QueryResourceHandler handler = mock(QueryResourceHandler.class);
Promise<QueryResponse, ResourceException> promise = Promises.newResultPromise(Responses.newQueryResponse("abc-def"));
given(provider.queryCollection(isA(Context.class), isA(QueryRequest.class), isA(QueryResourceHandler.class))).willReturn(promise);
// When...
final FilterChain chain = AuthorizationFilters.createAuthorizationFilter(provider, module);
final Router router = new Router();
router.addRoute(RoutingMode.STARTS_WITH, Router.uriTemplate("/policies"), chain);
final RealmContext context = new RealmContext(subjectContext);
context.setSubRealm("abc", "abc");
final QueryRequest request = Requests.newQueryRequest("/policies");
Promise<QueryResponse, ResourceException> result = router.handleQuery(context, request, handler);
// Then...
QueryResponse response = result.getOrThrowUninterruptibly();
assertThat(response.getPagedResultsCookie()).isEqualTo("abc-def");
}
use of org.forgerock.openam.rest.resource.SubjectContext in project OpenAM by OpenRock.
the class PrivilegeAuthzModuleTest method crestPatchIsAllowed.
@Test
public void crestPatchIsAllowed() throws SSOException, DelegationException {
// Given...
final Set<String> actions = new HashSet<>(Arrays.asList("MODIFY"));
final DelegationPermission permission = new DelegationPermission("/abc", "rest", "1.0", "policies", "modify", actions, EXTENSIONS, DUMB_FUNC);
given(factory.newInstance("/abc", "rest", "1.0", "policies", "modify", actions, EXTENSIONS)).willReturn(permission);
given(subjectContext.getCallerSSOToken()).willReturn(token);
given(evaluator.isAllowed(eq(token), eq(permission), eq(ENVIRONMENT))).willReturn(true);
JsonValue jsonValue = json(object(field("someKey", "someValue")));
Promise<ResourceResponse, ResourceException> promise = Promises.newResultPromise(Responses.newResourceResponse("1", "1.0", jsonValue));
given(provider.patchInstance(isA(Context.class), eq("123"), isA(PatchRequest.class))).willReturn(promise);
// When...
final FilterChain chain = AuthorizationFilters.createAuthorizationFilter(provider, module);
final Router router = new Router();
router.addRoute(RoutingMode.STARTS_WITH, Router.uriTemplate("/policies"), chain);
final RealmContext context = new RealmContext(subjectContext);
context.setSubRealm("abc", "abc");
final PatchRequest request = Requests.newPatchRequest("/policies/123", PatchOperation.add("abc", "123"));
Promise<ResourceResponse, ResourceException> result = router.handlePatch(context, request);
// Then...
assertThat(result).succeeded().withContent().stringAt("someKey").isEqualTo("someValue");
}
use of org.forgerock.openam.rest.resource.SubjectContext in project OpenAM by OpenRock.
the class PrivilegeAuthzModuleTest method crestActionNoMappingFails.
@Test
public void crestActionNoMappingFails() throws SSOException, DelegationException {
// When...
final FilterChain chain = AuthorizationFilters.createAuthorizationFilter(provider, module);
final Router router = new Router();
router.addRoute(RoutingMode.STARTS_WITH, Router.uriTemplate("/policies"), chain);
final Context context = new RealmContext(subjectContext);
final ActionRequest request = Requests.newActionRequest("/policies", "unknownAction");
Promise<ActionResponse, ResourceException> promise = router.handleAction(context, request);
// Then...
assertThat(promise).failedWithException().isInstanceOf(ForbiddenException.class);
}
use of org.forgerock.openam.rest.resource.SubjectContext in project OpenAM by OpenRock.
the class UmaPolicyServiceImplTest method createContextForLoggedInUser.
private Context createContextForLoggedInUser(String userShortName) throws SSOException {
SubjectContext subjectContext = mock(SSOTokenContext.class);
SSOToken ssoToken = mock(SSOToken.class);
Principal principal = mock(Principal.class);
given(subjectContext.getCallerSSOToken()).willReturn(ssoToken);
given(ssoToken.getProperty(Constants.UNIVERSAL_IDENTIFIER)).willReturn("id=" + userShortName + ",ou=REALM,dc=forgerock,dc=org");
given(ssoToken.getPrincipal()).willReturn(principal);
given(principal.getName()).willReturn(userShortName);
return ClientContext.newInternalClientContext(new RealmContext(subjectContext));
}
Aggregations