Search in sources :

Example 1 with UmaPolicy

use of org.forgerock.openam.uma.UmaConstants.UmaPolicy in project OpenAM by OpenRock.

the class UmaPolicy method fromUnderlyingPolicies.

/**
     * Converts underlying backend policies into an {@code UmaPolicy}.
     *
     * @param resourceSet The resource set the policy relates to.
     * @param policies    The collection of underlying backend policies.
     * @return A {@code UmaPolicy} instance.
     * @throws BadRequestException If the underlying policies do not underpin a valid UMA policy.
     */
public static UmaPolicy fromUnderlyingPolicies(ResourceSetDescription resourceSet, Collection<ResourceResponse> policies) throws BadRequestException {
    Set<String> underlyingPolicyIds = new HashSet<>();
    Map<String, Set<String>> subjectPermissions = new HashMap<>();
    for (ResourceResponse policy : policies) {
        underlyingPolicyIds.add(policy.getId());
        JsonValue policyContent = policy.getContent();
        String subject = getPolicySubject(policyContent);
        subjectPermissions.put(subject, getPolicyScopes(policyContent));
    }
    List<Object> permissions = array();
    JsonValue umaPolicy = json(object(field(POLICY_ID_KEY, resourceSet.getId()), field(POLICY_NAME, resourceSet.getName()), field(PERMISSIONS_KEY, permissions)));
    for (Map.Entry<String, Set<String>> permission : subjectPermissions.entrySet()) {
        permissions.add(object(field(SUBJECT_KEY, permission.getKey()), field(SCOPES_KEY, permission.getValue())));
    }
    return new UmaPolicy(resourceSet, umaPolicy, underlyingPolicyIds);
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) HashMap(java.util.HashMap) JsonValue(org.forgerock.json.JsonValue) ResourceResponse(org.forgerock.json.resource.ResourceResponse) UmaPolicy(org.forgerock.openam.uma.UmaConstants.UmaPolicy) HashMap(java.util.HashMap) Map(java.util.Map) HashSet(java.util.HashSet)

Example 2 with UmaPolicy

use of org.forgerock.openam.uma.UmaConstants.UmaPolicy in project OpenAM by OpenRock.

the class PendingRequestsService method approvePendingRequest.

private AsyncFunction<UmaPolicy, Void, ResourceException> approvePendingRequest(final UmaPendingRequest request, final Collection<String> scopes, final String id, final String realm) {
    return new AsyncFunction<UmaPolicy, Void, ResourceException>() {

        @Override
        public Promise<Void, ResourceException> apply(UmaPolicy value) {
            try {
                if (isEmailRequestingPartyOnPendingRequestApprovalEnabled(realm)) {
                    Pair<String, String> template = pendingRequestEmailTemplate.getApprovalTemplate(request.getRequestingPartyId(), realm);
                    try {
                        emailService.email(realm, request.getRequestingPartyId(), template.getFirst(), MessageFormat.format(template.getSecond(), request.getResourceOwnerId(), request.getResourceSetName(), pendingRequestEmailTemplate.buildScopeString(scopes, request.getRequestingPartyId(), realm)));
                    } catch (MessagingException e) {
                        debug.warning("Pending Request Approval email could not be sent", e);
                    }
                }
                store.delete(id);
                AMIdentity resourceOwner = coreWrapper.getIdentity(request.getResourceOwnerId(), realm);
                auditLogger.log(request.getResourceSetId(), request.getResourceSetName(), resourceOwner, UmaAuditType.REQUEST_APPROVED, request.getRequestingPartyId());
                return newResultPromise(null);
            } catch (NotFoundException e) {
                return new org.forgerock.json.resource.NotFoundException("Pending request, " + id + ", not found", e).asPromise();
            } catch (ServerException e) {
                return new InternalServerErrorException("Failed to mark pending request, " + id + ", as approved", e).asPromise();
            }
        }
    };
}
Also used : ServerException(org.forgerock.openam.sm.datalayer.store.ServerException) MessagingException(javax.mail.MessagingException) NotFoundException(org.forgerock.openam.sm.datalayer.store.NotFoundException) AsyncFunction(org.forgerock.util.AsyncFunction) AMIdentity(com.sun.identity.idm.AMIdentity) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException) ResourceException(org.forgerock.json.resource.ResourceException) UmaPolicy(org.forgerock.openam.uma.UmaConstants.UmaPolicy)

Example 3 with UmaPolicy

use of org.forgerock.openam.uma.UmaConstants.UmaPolicy in project OpenAM by OpenRock.

the class PendingRequestsServiceTest method shouldApprovePendingRequestUpdatingExistingPolicy.

@Test
public void shouldApprovePendingRequestUpdatingExistingPolicy() throws Exception {
    //Given
    Context context = mock(Context.class);
    createPendingRequest(PENDING_REQUEST_ID, RESOURCE_SET_ID, RESOURCE_SET_NAME, RESOURCE_OWNER_ID, REALM, REQUESTING_PARTY_ID, Collections.singleton(SCOPE));
    UmaPolicy existingPolicy = existingUmaPolicy("charlie", "SCOPE_A");
    mockSuccessfulPolicyUpdateForPendingRequest(existingPolicy);
    JsonValue content = json(object());
    //When
    service.approvePendingRequest(context, PENDING_REQUEST_ID, content, REALM);
    //Then
    ArgumentCaptor<JsonValue> policyCaptor = ArgumentCaptor.forClass(JsonValue.class);
    verify(policyService).updatePolicy(eq(context), eq(RESOURCE_SET_ID), policyCaptor.capture());
    JsonValue policy = policyCaptor.getValue();
    assertThat(policy).stringAt("policyId").isEqualTo(RESOURCE_SET_ID);
    assertThat(policy).hasArray("permissions").hasSize(2);
    assertThat(policy).stringAt("permissions/0/subject").isEqualTo("charlie");
    assertThat(policy).hasArray("permissions/0/scopes").containsOnly("SCOPE_A");
    assertThat(policy).stringAt("permissions/1/subject").isEqualTo(REQUESTING_PARTY_ID);
    assertThat(policy).hasArray("permissions/1/scopes").containsOnly(SCOPE);
    verify(store).delete(PENDING_REQUEST_ID);
    verify(auditLogger).log(RESOURCE_SET_ID, RESOURCE_SET_NAME, resourceOwnerIdentity, UmaAuditType.REQUEST_APPROVED, REQUESTING_PARTY_ID);
}
Also used : Context(org.forgerock.services.context.Context) JsonValue(org.forgerock.json.JsonValue) UmaPolicy(org.forgerock.openam.uma.UmaConstants.UmaPolicy) Test(org.testng.annotations.Test)

Aggregations

UmaPolicy (org.forgerock.openam.uma.UmaConstants.UmaPolicy)3 JsonValue (org.forgerock.json.JsonValue)2 AMIdentity (com.sun.identity.idm.AMIdentity)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 Map (java.util.Map)1 Set (java.util.Set)1 MessagingException (javax.mail.MessagingException)1 InternalServerErrorException (org.forgerock.json.resource.InternalServerErrorException)1 ResourceException (org.forgerock.json.resource.ResourceException)1 ResourceResponse (org.forgerock.json.resource.ResourceResponse)1 NotFoundException (org.forgerock.openam.sm.datalayer.store.NotFoundException)1 ServerException (org.forgerock.openam.sm.datalayer.store.ServerException)1 Context (org.forgerock.services.context.Context)1 AsyncFunction (org.forgerock.util.AsyncFunction)1 Test (org.testng.annotations.Test)1