use of org.forgerock.openam.uma.UmaConstants.UmaPolicy in project OpenAM by OpenRock.
the class UmaPolicy method fromUnderlyingPolicies.
/**
* Converts underlying backend policies into an {@code UmaPolicy}.
*
* @param resourceSet The resource set the policy relates to.
* @param policies The collection of underlying backend policies.
* @return A {@code UmaPolicy} instance.
* @throws BadRequestException If the underlying policies do not underpin a valid UMA policy.
*/
public static UmaPolicy fromUnderlyingPolicies(ResourceSetDescription resourceSet, Collection<ResourceResponse> policies) throws BadRequestException {
Set<String> underlyingPolicyIds = new HashSet<>();
Map<String, Set<String>> subjectPermissions = new HashMap<>();
for (ResourceResponse policy : policies) {
underlyingPolicyIds.add(policy.getId());
JsonValue policyContent = policy.getContent();
String subject = getPolicySubject(policyContent);
subjectPermissions.put(subject, getPolicyScopes(policyContent));
}
List<Object> permissions = array();
JsonValue umaPolicy = json(object(field(POLICY_ID_KEY, resourceSet.getId()), field(POLICY_NAME, resourceSet.getName()), field(PERMISSIONS_KEY, permissions)));
for (Map.Entry<String, Set<String>> permission : subjectPermissions.entrySet()) {
permissions.add(object(field(SUBJECT_KEY, permission.getKey()), field(SCOPES_KEY, permission.getValue())));
}
return new UmaPolicy(resourceSet, umaPolicy, underlyingPolicyIds);
}
use of org.forgerock.openam.uma.UmaConstants.UmaPolicy in project OpenAM by OpenRock.
the class PendingRequestsService method approvePendingRequest.
private AsyncFunction<UmaPolicy, Void, ResourceException> approvePendingRequest(final UmaPendingRequest request, final Collection<String> scopes, final String id, final String realm) {
return new AsyncFunction<UmaPolicy, Void, ResourceException>() {
@Override
public Promise<Void, ResourceException> apply(UmaPolicy value) {
try {
if (isEmailRequestingPartyOnPendingRequestApprovalEnabled(realm)) {
Pair<String, String> template = pendingRequestEmailTemplate.getApprovalTemplate(request.getRequestingPartyId(), realm);
try {
emailService.email(realm, request.getRequestingPartyId(), template.getFirst(), MessageFormat.format(template.getSecond(), request.getResourceOwnerId(), request.getResourceSetName(), pendingRequestEmailTemplate.buildScopeString(scopes, request.getRequestingPartyId(), realm)));
} catch (MessagingException e) {
debug.warning("Pending Request Approval email could not be sent", e);
}
}
store.delete(id);
AMIdentity resourceOwner = coreWrapper.getIdentity(request.getResourceOwnerId(), realm);
auditLogger.log(request.getResourceSetId(), request.getResourceSetName(), resourceOwner, UmaAuditType.REQUEST_APPROVED, request.getRequestingPartyId());
return newResultPromise(null);
} catch (NotFoundException e) {
return new org.forgerock.json.resource.NotFoundException("Pending request, " + id + ", not found", e).asPromise();
} catch (ServerException e) {
return new InternalServerErrorException("Failed to mark pending request, " + id + ", as approved", e).asPromise();
}
}
};
}
use of org.forgerock.openam.uma.UmaConstants.UmaPolicy in project OpenAM by OpenRock.
the class PendingRequestsServiceTest method shouldApprovePendingRequestUpdatingExistingPolicy.
@Test
public void shouldApprovePendingRequestUpdatingExistingPolicy() throws Exception {
//Given
Context context = mock(Context.class);
createPendingRequest(PENDING_REQUEST_ID, RESOURCE_SET_ID, RESOURCE_SET_NAME, RESOURCE_OWNER_ID, REALM, REQUESTING_PARTY_ID, Collections.singleton(SCOPE));
UmaPolicy existingPolicy = existingUmaPolicy("charlie", "SCOPE_A");
mockSuccessfulPolicyUpdateForPendingRequest(existingPolicy);
JsonValue content = json(object());
//When
service.approvePendingRequest(context, PENDING_REQUEST_ID, content, REALM);
//Then
ArgumentCaptor<JsonValue> policyCaptor = ArgumentCaptor.forClass(JsonValue.class);
verify(policyService).updatePolicy(eq(context), eq(RESOURCE_SET_ID), policyCaptor.capture());
JsonValue policy = policyCaptor.getValue();
assertThat(policy).stringAt("policyId").isEqualTo(RESOURCE_SET_ID);
assertThat(policy).hasArray("permissions").hasSize(2);
assertThat(policy).stringAt("permissions/0/subject").isEqualTo("charlie");
assertThat(policy).hasArray("permissions/0/scopes").containsOnly("SCOPE_A");
assertThat(policy).stringAt("permissions/1/subject").isEqualTo(REQUESTING_PARTY_ID);
assertThat(policy).hasArray("permissions/1/scopes").containsOnly(SCOPE);
verify(store).delete(PENDING_REQUEST_ID);
verify(auditLogger).log(RESOURCE_SET_ID, RESOURCE_SET_NAME, resourceOwnerIdentity, UmaAuditType.REQUEST_APPROVED, REQUESTING_PARTY_ID);
}
Aggregations