use of org.forgerock.util.Pair in project OpenAM by OpenRock.
the class ResourceSetService method getResourceSets.
/**
* Queries resource sets across the resource set store and UMA policy store.
*
* @param context The context.
* @param realm The realm.
* @param query The aggregated query.
* @param resourceOwnerId The resource owner id.
* @param augmentWithPolicies {@code true} to pull in UMA policies into the resource set.
* @return A Promise containing the Resource Sets or a ResourceException.
*/
Promise<Collection<ResourceSetDescription>, ResourceException> getResourceSets(final Context context, String realm, final ResourceSetWithPolicyQuery query, final String resourceOwnerId, final boolean augmentWithPolicies) {
final Set<ResourceSetDescription> resourceSets;
try {
resourceSets = new ResourceSetSharedFilter(this, resourceOwnerId, realm).filter(resourceSetStoreFactory.create(realm).query(query.getResourceSetQuery()));
} catch (ServerException e) {
return new InternalServerErrorException(e).asPromise();
}
QueryRequest policyQuery = newQueryRequest("").setQueryId("searchAll");
policyQuery.setQueryFilter(QueryFilter.<JsonPointer>alwaysTrue());
return getSharedResourceSets(context, policyQuery, resourceOwnerId).thenAsync(new AsyncFunction<Set<ResourceSetDescription>, Collection<ResourceSetDescription>, ResourceException>() {
@Override
public Promise<Collection<ResourceSetDescription>, ResourceException> apply(final Set<ResourceSetDescription> sharedResourceSets) {
//combine the owned ResourceSets with the shared ones, then filter based on the query
sharedResourceSets.addAll(resourceSets);
final Collection<ResourceSetDescription> filteredResourceSets = filterPolicies(resourceSets, query);
Promise<Collection<ResourceSetDescription>, ResourceException> resourceSetsPromise;
if (query.getPolicyQuery() != null) {
QueryRequest policyQuery = newQueryRequest("").setQueryFilter(query.getPolicyQuery());
resourceSetsPromise = policyService.queryPolicies(context, policyQuery).thenAsync(new AsyncFunction<Pair<QueryResponse, Collection<UmaPolicy>>, Collection<ResourceSetDescription>, ResourceException>() {
@Override
public Promise<Collection<ResourceSetDescription>, ResourceException> apply(Pair<QueryResponse, Collection<UmaPolicy>> result) throws ResourceException {
try {
return newResultPromise(combine(context, query, filteredResourceSets, result.getSecond(), augmentWithPolicies, resourceOwnerId));
} catch (org.forgerock.oauth2.core.exceptions.NotFoundException e) {
return new InternalServerErrorException(e).asPromise();
} catch (ServerException e) {
return new InternalServerErrorException(e).asPromise();
}
}
});
} else {
if (augmentWithPolicies) {
List<Promise<ResourceSetDescription, ResourceException>> promises = new ArrayList<>();
PromiseImpl<ResourceSetDescription, ResourceException> kicker = PromiseImpl.create();
promises.add(kicker);
for (ResourceSetDescription resourceSet : filteredResourceSets) {
promises.add(augmentWithPolicy(context, resourceSet.getId(), resourceSet));
}
resourceSetsPromise = Promises.when(promises).thenAsync(new AsyncFunction<List<ResourceSetDescription>, Collection<ResourceSetDescription>, ResourceException>() {
@Override
public Promise<Collection<ResourceSetDescription>, ResourceException> apply(List<ResourceSetDescription> resourceSets) {
Collection<ResourceSetDescription> resourceSetDescriptions = new HashSet<>();
for (ResourceSetDescription rs : filteredResourceSets) {
if (rs != null) {
resourceSetDescriptions.add(rs);
}
}
return newResultPromise(resourceSetDescriptions);
}
});
kicker.handleResult(null);
} else {
resourceSetsPromise = newResultPromise(filteredResourceSets);
}
}
return resourceSetsPromise;
}
});
}
use of org.forgerock.util.Pair in project OpenAM by OpenRock.
the class UmaPolicyServiceImpl method queryPolicies.
/**
* {@inheritDoc}
*/
@Override
public Promise<Pair<QueryResponse, Collection<UmaPolicy>>, ResourceException> queryPolicies(final Context context, final QueryRequest umaQueryRequest) {
if (umaQueryRequest.getQueryExpression() != null) {
return new BadRequestException("Query expressions not supported").asPromise();
}
QueryRequest request = Requests.newQueryRequest("");
final AggregateQuery<QueryFilter<JsonPointer>, QueryFilter<JsonPointer>> filter = umaQueryRequest.getQueryFilter().accept(new AggregateUmaPolicyQueryFilter(), new AggregateQuery<QueryFilter<JsonPointer>, QueryFilter<JsonPointer>>());
String queryId = umaQueryRequest.getQueryId();
if (queryId != null && queryId.equals("searchAll")) {
request.setQueryFilter(QueryFilter.<JsonPointer>alwaysTrue());
} else {
String resourceOwnerUid = getResourceOwnerUid(context);
if (filter.getFirstQuery() == null) {
request.setQueryFilter(QueryFilter.equalTo(new JsonPointer("createdBy"), resourceOwnerUid));
} else {
request.setQueryFilter(QueryFilter.and(QueryFilter.equalTo(new JsonPointer("createdBy"), resourceOwnerUid), filter.getFirstQuery()));
}
}
return policyResourceDelegate.queryPolicies(context, request).thenAsync(new AsyncFunction<Pair<QueryResponse, List<ResourceResponse>>, Collection<UmaPolicy>, ResourceException>() {
@Override
public Promise<Collection<UmaPolicy>, ResourceException> apply(Pair<QueryResponse, List<ResourceResponse>> value) {
Map<String, Set<ResourceResponse>> policyMapping = new HashMap<>();
for (ResourceResponse policy : value.getSecond()) {
String resource = policy.getContent().get("resources").asList(String.class).get(0);
if (!resource.startsWith(UMA_POLICY_SCHEME)) {
continue;
}
resource = resource.replaceFirst(UMA_POLICY_SCHEME, "");
if (resource.indexOf(":") > 0) {
resource = resource.substring(0, resource.indexOf(":"));
}
Set<ResourceResponse> mapping = policyMapping.get(resource);
if (mapping == null) {
mapping = new HashSet<>();
policyMapping.put(resource, mapping);
}
mapping.add(policy);
}
try {
Collection<UmaPolicy> umaPolicies = new HashSet<>();
for (Map.Entry<String, Set<ResourceResponse>> entry : policyMapping.entrySet()) {
ResourceSetDescription resourceSet = getResourceSetDescription(entry.getKey(), context);
UmaPolicy umaPolicy = UmaPolicy.fromUnderlyingPolicies(resourceSet, entry.getValue());
resolveUIDToUsername(umaPolicy.asJson());
umaPolicies.add(umaPolicy);
}
return newResultPromise(umaPolicies);
} catch (ResourceException e) {
return e.asPromise();
}
}
}).thenAsync(new AsyncFunction<Collection<UmaPolicy>, Pair<QueryResponse, Collection<UmaPolicy>>, ResourceException>() {
@Override
public Promise<Pair<QueryResponse, Collection<UmaPolicy>>, ResourceException> apply(Collection<UmaPolicy> policies) {
Collection<UmaPolicy> results = policies;
if (filter.getSecondQuery() != null) {
PolicySearch search = filter.getSecondQuery().accept(new UmaPolicyQueryFilterVisitor(), new PolicySearch(policies));
if (AggregateQuery.Operator.AND.equals(filter.getOperator())) {
results.retainAll(search.getPolicies());
}
}
int pageSize = umaQueryRequest.getPageSize();
String pagedResultsCookie = umaQueryRequest.getPagedResultsCookie();
int pagedResultsOffset = umaQueryRequest.getPagedResultsOffset();
Collection<UmaPolicy> pagedPolicies = new HashSet<UmaPolicy>();
int count = 0;
for (UmaPolicy policy : results) {
if (count >= pagedResultsOffset * pageSize) {
pagedPolicies.add(policy);
}
count++;
}
int remainingPagedResults = results.size() - pagedPolicies.size();
if (pageSize > 0) {
remainingPagedResults /= pageSize;
}
return newResultPromise(Pair.of(newQueryResponse(pagedResultsCookie, CountPolicy.EXACT, remainingPagedResults), pagedPolicies));
}
});
}
use of org.forgerock.util.Pair in project OpenAM by OpenRock.
the class ResourceSetServiceTest method shouldGetResourceSetsWhenResourceSetsExistQueryingByOrWithPolicies.
@Test
public void shouldGetResourceSetsWhenResourceSetsExistQueryingByOrWithPolicies() throws Exception {
//Given
Context context = createContext();
String realm = "REALM";
ResourceSetWithPolicyQuery query = new ResourceSetWithPolicyQuery();
String resourceOwnerId = "RESOURCE_OWNER_ID";
boolean augmentWithPolicies = true;
QueryFilter<String> resourceSetQuery = QueryFilter.contains("name", "RS_THREE");
QueryFilter policyQuery = QueryFilter.alwaysFalse();
Set<ResourceSetDescription> queriedResourceSets = new HashSet<>();
ResourceSetDescription resourceSetOne = new ResourceSetDescription("RS_ID_ONE", "CLIENT_ID_ONE", "RESOURCE_OWNER_ID", singletonMap("name", (Object) "RS_ONE"));
ResourceSetDescription resourceSetTwo = new ResourceSetDescription("RS_ID_TWO", "CLIENT_ID_TWO", "RESOURCE_OWNER_ID", singletonMap("name", (Object) "RS_TWO"));
ResourceSetDescription resourceSetThree = new ResourceSetDescription("RS_ID_THREE", "CLIENT_ID_TWO", "RESOURCE_OWNER_ID", singletonMap("name", (Object) "RS_THREE"));
Collection<UmaPolicy> queriedPolicies = new HashSet<>();
UmaPolicy policyOne = mock(UmaPolicy.class);
UmaPolicy policyTwo = mock(UmaPolicy.class);
UmaPolicy policyThree = mock(UmaPolicy.class);
JsonValue policyOneJson = mock(JsonValue.class);
JsonValue policyTwoJson = mock(JsonValue.class);
JsonValue policyThreeJson = mock(JsonValue.class);
Pair<QueryResponse, Collection<UmaPolicy>> queriedPoliciesPair = Pair.of(newQueryResponse(), queriedPolicies);
Promise<Pair<QueryResponse, Collection<UmaPolicy>>, ResourceException> queriedPoliciesPromise = Promises.newResultPromise(queriedPoliciesPair);
Promise<UmaPolicy, ResourceException> policyOnePromise = Promises.newResultPromise(policyOne);
Promise<UmaPolicy, ResourceException> policyTwoPromise = Promises.newResultPromise(policyTwo);
mockResourceOwnerIdentity(resourceOwnerId, realm);
query.setResourceSetQuery(resourceSetQuery);
query.setPolicyQuery(policyQuery);
queriedResourceSets.add(resourceSetOne);
queriedResourceSets.add(resourceSetTwo);
queriedPolicies.add(policyOne);
queriedPolicies.add(policyThree);
given(policyOne.getId()).willReturn("RS_ID_ONE");
given(policyOne.getResourceSet()).willReturn(resourceSetOne);
given(policyTwo.getId()).willReturn("RS_ID_TWO");
given(policyTwo.getResourceSet()).willReturn(resourceSetTwo);
given(policyThree.getId()).willReturn("RS_ID_THREE");
given(policyThree.getResourceSet()).willReturn(resourceSetThree);
given(policyOne.asJson()).willReturn(policyOneJson);
given(policyTwo.asJson()).willReturn(policyTwoJson);
given(policyThree.asJson()).willReturn(policyThreeJson);
given(resourceSetStore.query(QueryFilter.and(resourceSetQuery, equalTo(ResourceSetTokenField.RESOURCE_OWNER_ID, "RESOURCE_OWNER_ID")))).willReturn(queriedResourceSets);
given(policyService.queryPolicies(eq(context), Matchers.<QueryRequest>anyObject())).willReturn(queriedPoliciesPromise);
given(resourceSetStore.read("RS_ID_ONE", resourceOwnerId)).willReturn(resourceSetOne);
given(resourceSetStore.read("RS_ID_THREE", resourceOwnerId)).willReturn(resourceSetThree);
given(policyService.readPolicy(context, "RS_ID_ONE")).willReturn(policyOnePromise);
given(policyService.readPolicy(context, "RS_ID_TWO")).willReturn(policyTwoPromise);
Entitlement entitlement = new Entitlement();
Map<String, Boolean> actionValues = new HashMap();
actionValues.put("actionValueKey", true);
entitlement.setActionValues(actionValues);
Evaluator evaluator = mock(Evaluator.class);
given(umaProviderSettings.getPolicyEvaluator(any(Subject.class), anyString())).willReturn(evaluator);
given(evaluator.evaluate(eq(realm), any(Subject.class), eq("RS_ONE"), isNull(Map.class), eq(false))).willReturn(singletonList(entitlement));
given(evaluator.evaluate(eq(realm), any(Subject.class), eq("RS_TWO"), isNull(Map.class), eq(false))).willReturn(singletonList(entitlement));
given(evaluator.evaluate(eq(realm), any(Subject.class), eq("RS_THREE"), isNull(Map.class), eq(false))).willReturn(Collections.<Entitlement>emptyList());
//When
Collection<ResourceSetDescription> resourceSets = service.getResourceSets(context, realm, query, resourceOwnerId, augmentWithPolicies).getOrThrowUninterruptibly();
//Then
assertThat(resourceSets).hasSize(2).contains(resourceSetOne, resourceSetThree);
assertThat(resourceSetOne.getPolicy()).isEqualTo(policyOneJson);
assertThat(resourceSetThree.getPolicy()).isEqualTo(policyThreeJson);
}
use of org.forgerock.util.Pair in project OpenAM by OpenRock.
the class ResourceSetServiceTest method getResourceSetsShouldReturnEmptySetWhenResourceSetsExistQueryingByAnd.
@Test
public void getResourceSetsShouldReturnEmptySetWhenResourceSetsExistQueryingByAnd() throws Exception {
//Given
Context context = createContext();
String realm = "REALM";
ResourceSetWithPolicyQuery query = new ResourceSetWithPolicyQuery();
String resourceOwnerId = "RESOURCE_OWNER_ID";
boolean augmentWithPolicies = false;
QueryFilter<String> resourceSetQuery = mock(QueryFilter.class);
QueryFilter policyQuery = QueryFilter.alwaysFalse();
Set<ResourceSetDescription> queriedResourceSets = new HashSet<>();
ResourceSetDescription resourceSetOne = new ResourceSetDescription("RS_ID_ONE", "CLIENT_ID_ONE", "RESOURCE_OWNER_ID", Collections.<String, Object>emptyMap());
ResourceSetDescription resourceSetTwo = new ResourceSetDescription("RS_ID_TWO", "CLIENT_ID_TWO", "RESOURCE_OWNER_ID", Collections.<String, Object>emptyMap());
ResourceSetDescription resourceSetThree = new ResourceSetDescription("RS_ID_THREE", "CLIENT_ID_TWO", "RESOURCE_OWNER_ID", Collections.<String, Object>emptyMap());
Collection<UmaPolicy> queriedPolicies = new HashSet<>();
UmaPolicy policyOne = mock(UmaPolicy.class);
UmaPolicy policyTwo = mock(UmaPolicy.class);
Pair<QueryResponse, Collection<UmaPolicy>> queriedPoliciesPair = Pair.of(newQueryResponse(), queriedPolicies);
Promise<Pair<QueryResponse, Collection<UmaPolicy>>, ResourceException> queriedPoliciesPromise = Promises.newResultPromise(queriedPoliciesPair);
query.setResourceSetQuery(resourceSetQuery);
query.setPolicyQuery(policyQuery);
query.setOperator(AggregateQuery.Operator.AND);
queriedResourceSets.add(resourceSetOne);
queriedResourceSets.add(resourceSetTwo);
queriedPolicies.add(policyOne);
queriedPolicies.add(policyTwo);
mockResourceOwnerIdentity(resourceOwnerId, realm);
mockFilteredResourceSetsQueryVisitor(resourceSetQuery, queriedResourceSets);
given(policyOne.getId()).willReturn("RS_ID_ONE");
given(policyOne.getResourceSet()).willReturn(resourceSetOne);
given(policyTwo.getId()).willReturn("RS_ID_THREE");
given(policyTwo.getResourceSet()).willReturn(resourceSetTwo);
given(resourceSetStore.query(resourceSetQuery)).willReturn(queriedResourceSets);
mockPolicyEvaluator("RS_CLIENT_ID");
given(policyService.queryPolicies(eq(context), Matchers.<QueryRequest>anyObject())).willReturn(queriedPoliciesPromise);
given(resourceSetStore.read("RS_ID_THREE", resourceOwnerId)).willReturn(resourceSetThree);
//When
Collection<ResourceSetDescription> resourceSets = service.getResourceSets(context, realm, query, resourceOwnerId, augmentWithPolicies).getOrThrowUninterruptibly();
//Then
assertThat(resourceSets).hasSize(1).contains(resourceSetOne);
assertThat(resourceSetOne.getPolicy()).isNull();
assertThat(resourceSetTwo.getPolicy()).isNull();
assertThat(resourceSetThree.getPolicy()).isNull();
}
use of org.forgerock.util.Pair in project OpenAM by OpenRock.
the class ResourceSetServiceTest method getResourceSetsShouldReturnSetWhenResourceSetsExistQueryingByOr.
@Test
public void getResourceSetsShouldReturnSetWhenResourceSetsExistQueryingByOr() throws Exception {
//Given
Context context = createContext();
String realm = "REALM";
ResourceSetWithPolicyQuery query = new ResourceSetWithPolicyQuery();
query.setOperator(AggregateQuery.Operator.OR);
String resourceOwnerId = "RESOURCE_OWNER_ID";
boolean augmentWithPolicies = false;
QueryFilter<String> resourceSetQuery = mock(QueryFilter.class);
QueryFilter policyQuery = QueryFilter.alwaysFalse();
Set<ResourceSetDescription> queriedResourceSets = new HashSet<>();
ResourceSetDescription resourceSetOne = new ResourceSetDescription("RS_ID_ONE", "CLIENT_ID_ONE", "RESOURCE_OWNER_ID", Collections.<String, Object>emptyMap());
ResourceSetDescription resourceSetTwo = new ResourceSetDescription("RS_ID_TWO", "CLIENT_ID_TWO", "RESOURCE_OWNER_ID", Collections.<String, Object>emptyMap());
ResourceSetDescription resourceSetThree = new ResourceSetDescription("RS_ID_THREE", "CLIENT_ID_TWO", "RESOURCE_OWNER_ID", Collections.<String, Object>emptyMap());
Collection<UmaPolicy> queriedPolicies = new HashSet<>();
UmaPolicy policyOne = mock(UmaPolicy.class);
UmaPolicy policyTwo = mock(UmaPolicy.class);
Pair<QueryResponse, Collection<UmaPolicy>> queriedPoliciesPair = Pair.of(newQueryResponse(), queriedPolicies);
Promise<Pair<QueryResponse, Collection<UmaPolicy>>, ResourceException> queriedPoliciesPromise = Promises.newResultPromise(queriedPoliciesPair);
query.setResourceSetQuery(resourceSetQuery);
query.setPolicyQuery(policyQuery);
queriedResourceSets.add(resourceSetOne);
queriedResourceSets.add(resourceSetTwo);
queriedPolicies.add(policyOne);
queriedPolicies.add(policyTwo);
mockResourceOwnerIdentity(resourceOwnerId, realm);
mockFilteredResourceSetsQueryVisitor(resourceSetQuery, queriedResourceSets);
given(policyOne.getResourceSet()).willReturn(resourceSetOne);
given(policyOne.getId()).willReturn("RS_ID_ONE");
given(policyTwo.getId()).willReturn("RS_ID_THREE");
given(policyTwo.getResourceSet()).willReturn(resourceSetTwo);
given(resourceSetStore.query(resourceSetQuery)).willReturn(queriedResourceSets);
given(policyService.queryPolicies(eq(context), Matchers.<QueryRequest>anyObject())).willReturn(queriedPoliciesPromise);
given(resourceSetStore.read("RS_ID_THREE", resourceOwnerId)).willReturn(resourceSetThree);
mockPolicyEvaluator("RS_CLIENT_ID");
//When
Collection<ResourceSetDescription> resourceSets = service.getResourceSets(context, realm, query, resourceOwnerId, augmentWithPolicies).getOrThrowUninterruptibly();
//Then
assertThat(resourceSets).hasSize(3).contains(resourceSetOne, resourceSetTwo, resourceSetThree);
assertThat(resourceSetOne.getPolicy()).isNull();
assertThat(resourceSetTwo.getPolicy()).isNull();
assertThat(resourceSetThree.getPolicy()).isNull();
}
Aggregations