Search in sources :

Example 6 with SubjectContext

use of org.forgerock.openam.rest.resource.SubjectContext in project OpenAM by OpenRock.

the class DecisionCombinersResourceTest method shouldThrowErrorWthInvalidCondition.

@Test(expectedExceptions = NotFoundException.class)
public void shouldThrowErrorWthInvalidCondition() throws JsonMappingException, ResourceException {
    //given
    SubjectContext mockSubjectContext = mock(SubjectContext.class);
    RealmContext realmContext = new RealmContext(mockSubjectContext);
    Context mockServerContext = ClientContext.newInternalClientContext(realmContext);
    Subject mockSubject = new Subject();
    given(mockSubjectContext.getCallerSubject()).willReturn(mockSubject);
    ReadRequest mockRequest = mock(ReadRequest.class);
    JsonSchema mockSchema = mock(JsonSchema.class);
    given(mockMapper.generateJsonSchema((Class<?>) any(Class.class))).willReturn(mockSchema);
    //when
    Promise<ResourceResponse, ResourceException> result = testResource.readInstance(mockServerContext, "invalidCondition", mockRequest);
    //then
    result.getOrThrowUninterruptibly();
}
Also used : ClientContext(org.forgerock.services.context.ClientContext) RealmContext(org.forgerock.openam.rest.RealmContext) Context(org.forgerock.services.context.Context) SubjectContext(org.forgerock.openam.rest.resource.SubjectContext) RealmContext(org.forgerock.openam.rest.RealmContext) ResourceResponse(org.forgerock.json.resource.ResourceResponse) SubjectContext(org.forgerock.openam.rest.resource.SubjectContext) JsonSchema(com.fasterxml.jackson.databind.jsonschema.JsonSchema) ResourceException(org.forgerock.json.resource.ResourceException) Subject(javax.security.auth.Subject) ReadRequest(org.forgerock.json.resource.ReadRequest) Test(org.testng.annotations.Test)

Example 7 with SubjectContext

use of org.forgerock.openam.rest.resource.SubjectContext in project OpenAM by OpenRock.

the class PrivilegeAuthzModuleTest method crestQueryIsAllowed.

@Test
public void crestQueryIsAllowed() throws SSOException, DelegationException, ResourceException {
    // Given...
    final Set<String> actions = new HashSet<>(Arrays.asList("READ"));
    final DelegationPermission permission = new DelegationPermission("/abc", "rest", "1.0", "policies", "read", actions, EXTENSIONS, DUMB_FUNC);
    given(factory.newInstance("/abc", "rest", "1.0", "policies", "read", actions, EXTENSIONS)).willReturn(permission);
    given(subjectContext.getCallerSSOToken()).willReturn(token);
    given(evaluator.isAllowed(eq(token), eq(permission), eq(ENVIRONMENT))).willReturn(true);
    QueryResourceHandler handler = mock(QueryResourceHandler.class);
    Promise<QueryResponse, ResourceException> promise = Promises.newResultPromise(Responses.newQueryResponse("abc-def"));
    given(provider.queryCollection(isA(Context.class), isA(QueryRequest.class), isA(QueryResourceHandler.class))).willReturn(promise);
    // When...
    final FilterChain chain = AuthorizationFilters.createAuthorizationFilter(provider, module);
    final Router router = new Router();
    router.addRoute(RoutingMode.STARTS_WITH, Router.uriTemplate("/policies"), chain);
    final RealmContext context = new RealmContext(subjectContext);
    context.setSubRealm("abc", "abc");
    final QueryRequest request = Requests.newQueryRequest("/policies");
    Promise<QueryResponse, ResourceException> result = router.handleQuery(context, request, handler);
    // Then...
    QueryResponse response = result.getOrThrowUninterruptibly();
    assertThat(response.getPagedResultsCookie()).isEqualTo("abc-def");
}
Also used : RealmContext(org.forgerock.openam.rest.RealmContext) SubjectContext(org.forgerock.openam.rest.resource.SubjectContext) Context(org.forgerock.services.context.Context) QueryRequest(org.forgerock.json.resource.QueryRequest) RealmContext(org.forgerock.openam.rest.RealmContext) FilterChain(org.forgerock.json.resource.FilterChain) Router(org.forgerock.json.resource.Router) Matchers.anyString(org.mockito.Matchers.anyString) DelegationPermission(com.sun.identity.delegation.DelegationPermission) QueryResponse(org.forgerock.json.resource.QueryResponse) ResourceException(org.forgerock.json.resource.ResourceException) QueryResourceHandler(org.forgerock.json.resource.QueryResourceHandler) HashSet(java.util.HashSet) Test(org.testng.annotations.Test)

Example 8 with SubjectContext

use of org.forgerock.openam.rest.resource.SubjectContext in project OpenAM by OpenRock.

the class PrivilegeAuthzModuleTest method crestPatchIsAllowed.

@Test
public void crestPatchIsAllowed() throws SSOException, DelegationException {
    // Given...
    final Set<String> actions = new HashSet<>(Arrays.asList("MODIFY"));
    final DelegationPermission permission = new DelegationPermission("/abc", "rest", "1.0", "policies", "modify", actions, EXTENSIONS, DUMB_FUNC);
    given(factory.newInstance("/abc", "rest", "1.0", "policies", "modify", actions, EXTENSIONS)).willReturn(permission);
    given(subjectContext.getCallerSSOToken()).willReturn(token);
    given(evaluator.isAllowed(eq(token), eq(permission), eq(ENVIRONMENT))).willReturn(true);
    JsonValue jsonValue = json(object(field("someKey", "someValue")));
    Promise<ResourceResponse, ResourceException> promise = Promises.newResultPromise(Responses.newResourceResponse("1", "1.0", jsonValue));
    given(provider.patchInstance(isA(Context.class), eq("123"), isA(PatchRequest.class))).willReturn(promise);
    // When...
    final FilterChain chain = AuthorizationFilters.createAuthorizationFilter(provider, module);
    final Router router = new Router();
    router.addRoute(RoutingMode.STARTS_WITH, Router.uriTemplate("/policies"), chain);
    final RealmContext context = new RealmContext(subjectContext);
    context.setSubRealm("abc", "abc");
    final PatchRequest request = Requests.newPatchRequest("/policies/123", PatchOperation.add("abc", "123"));
    Promise<ResourceResponse, ResourceException> result = router.handlePatch(context, request);
    // Then...
    assertThat(result).succeeded().withContent().stringAt("someKey").isEqualTo("someValue");
}
Also used : RealmContext(org.forgerock.openam.rest.RealmContext) SubjectContext(org.forgerock.openam.rest.resource.SubjectContext) Context(org.forgerock.services.context.Context) RealmContext(org.forgerock.openam.rest.RealmContext) FilterChain(org.forgerock.json.resource.FilterChain) JsonValue(org.forgerock.json.JsonValue) Router(org.forgerock.json.resource.Router) Matchers.anyString(org.mockito.Matchers.anyString) PatchRequest(org.forgerock.json.resource.PatchRequest) DelegationPermission(com.sun.identity.delegation.DelegationPermission) ResourceResponse(org.forgerock.json.resource.ResourceResponse) ResourceException(org.forgerock.json.resource.ResourceException) HashSet(java.util.HashSet) Test(org.testng.annotations.Test)

Example 9 with SubjectContext

use of org.forgerock.openam.rest.resource.SubjectContext in project OpenAM by OpenRock.

the class PrivilegeAuthzModuleTest method crestActionNoMappingFails.

@Test
public void crestActionNoMappingFails() throws SSOException, DelegationException {
    // When...
    final FilterChain chain = AuthorizationFilters.createAuthorizationFilter(provider, module);
    final Router router = new Router();
    router.addRoute(RoutingMode.STARTS_WITH, Router.uriTemplate("/policies"), chain);
    final Context context = new RealmContext(subjectContext);
    final ActionRequest request = Requests.newActionRequest("/policies", "unknownAction");
    Promise<ActionResponse, ResourceException> promise = router.handleAction(context, request);
    // Then...
    assertThat(promise).failedWithException().isInstanceOf(ForbiddenException.class);
}
Also used : RealmContext(org.forgerock.openam.rest.RealmContext) SubjectContext(org.forgerock.openam.rest.resource.SubjectContext) Context(org.forgerock.services.context.Context) RealmContext(org.forgerock.openam.rest.RealmContext) ActionRequest(org.forgerock.json.resource.ActionRequest) FilterChain(org.forgerock.json.resource.FilterChain) Router(org.forgerock.json.resource.Router) ResourceException(org.forgerock.json.resource.ResourceException) ActionResponse(org.forgerock.json.resource.ActionResponse) Test(org.testng.annotations.Test)

Example 10 with SubjectContext

use of org.forgerock.openam.rest.resource.SubjectContext in project OpenAM by OpenRock.

the class UmaPolicyServiceImplTest method createContextForLoggedInUser.

private Context createContextForLoggedInUser(String userShortName) throws SSOException {
    SubjectContext subjectContext = mock(SSOTokenContext.class);
    SSOToken ssoToken = mock(SSOToken.class);
    Principal principal = mock(Principal.class);
    given(subjectContext.getCallerSSOToken()).willReturn(ssoToken);
    given(ssoToken.getProperty(Constants.UNIVERSAL_IDENTIFIER)).willReturn("id=" + userShortName + ",ou=REALM,dc=forgerock,dc=org");
    given(ssoToken.getPrincipal()).willReturn(principal);
    given(principal.getName()).willReturn(userShortName);
    return ClientContext.newInternalClientContext(new RealmContext(subjectContext));
}
Also used : SSOToken(com.iplanet.sso.SSOToken) RealmContext(org.forgerock.openam.rest.RealmContext) SubjectContext(org.forgerock.openam.rest.resource.SubjectContext) Principal(java.security.Principal)

Aggregations

SubjectContext (org.forgerock.openam.rest.resource.SubjectContext)33 RealmContext (org.forgerock.openam.rest.RealmContext)31 Test (org.testng.annotations.Test)28 Context (org.forgerock.services.context.Context)27 ClientContext (org.forgerock.services.context.ClientContext)18 ResourceException (org.forgerock.json.resource.ResourceException)15 ResourceResponse (org.forgerock.json.resource.ResourceResponse)12 HashMap (java.util.HashMap)10 DelegationPermission (com.sun.identity.delegation.DelegationPermission)9 FilterChain (org.forgerock.json.resource.FilterChain)9 Router (org.forgerock.json.resource.Router)9 HashSet (java.util.HashSet)8 Subject (javax.security.auth.Subject)8 JsonValue (org.forgerock.json.JsonValue)8 Matchers.anyString (org.mockito.Matchers.anyString)8 JsonSchema (com.fasterxml.jackson.databind.jsonschema.JsonSchema)7 ReadRequest (org.forgerock.json.resource.ReadRequest)6 SSOToken (com.iplanet.sso.SSOToken)4 ActionResponse (org.forgerock.json.resource.ActionResponse)4 Map (java.util.Map)3