use of org.forgerock.util.annotations.VisibleForTesting in project OpenAM by OpenRock.
the class XacmlService method checkPermission.
/**
* Check if this user has permission to perform the given action (which will be "read" in the case of export
* and "modify" in the case of import).
*
* @return true if the user has permission, false otherwise.
*/
@VisibleForTesting
boolean checkPermission(String action) throws EntitlementException {
try {
Request restletRequest = getRequest();
String urlLastSegment = restletRequest.getResourceRef().getLastSegment();
String realm = RestletRealmRouter.getRealmFromRequest(restletRequest);
final Map<String, String> context = (Map<String, String>) ServletUtils.getRequest(getRequest()).getAttribute(FORGEROCK_AUTH_CONTEXT);
final String tokenId = context.get("tokenId");
final SSOToken token = SSOTokenManager.getInstance().createSSOToken(tokenId);
return checkPermission(action, urlLastSegment, realm, token);
} catch (SSOException e) {
debug.warning("XacmlService permission evaluation failed", e);
throw new EntitlementException(INTERNAL_ERROR, e);
}
}
use of org.forgerock.util.annotations.VisibleForTesting in project OpenAM by OpenRock.
the class XacmlService method exportXACML.
/**
* This version of exportXACML here for testing - it saves trying to mock the static getRealmFromRequest
* @param realm The realm
* @return Representation object wrapping the converted XACML
*/
@VisibleForTesting
Representation exportXACML(String realm) {
List<String> filters = new ArrayList<String>(Arrays.asList(getQuery().getValuesArray(QUERY_PARAM_STRING)));
PolicySet policySet;
try {
if (!checkPermission("READ")) {
throw new ResourceException(new Status(FORBIDDEN));
}
policySet = importExport.exportXACML(realm, getAdminToken(), filters);
getResponse().setStatus(Status.SUCCESS_OK);
} catch (EntitlementException e) {
debug.warning("Reading Policies failed", e);
throw new ResourceException(new Status(INTERNAL_ERROR, e.getLocalizedMessage(getRequestLocale()), null, null));
}
final PolicySet finalPolicySet = policySet;
Representation result = new OutputRepresentation(XACMLServiceEndpointApplication.APPLICATION_XML_XACML3) {
@Override
public void write(OutputStream outputStream) throws IOException {
try {
XACMLPrivilegeUtils.writeXMLToStream(finalPolicySet, outputStream);
} catch (EntitlementException e) {
throw new IOException(e);
}
}
};
// OPENAM-4974
Disposition disposition = new Disposition();
disposition.setType(Disposition.TYPE_ATTACHMENT);
disposition.setFilename(getPolicyAttachmentFileName(realm));
result.setDisposition(disposition);
return result;
}
use of org.forgerock.util.annotations.VisibleForTesting in project OpenAM by OpenRock.
the class IDPSSOFederate method process.
@VisibleForTesting
void process(final HttpServletRequest request, final HttpServletResponse response, final PrintWriter out, final String reqBinding) throws FederatedSSOException, IOException, SessionException {
if (cookieRedirector.needSetLBCookieAndRedirect(request, response, true)) {
return;
}
final IDPRequestValidator validator = saml2ActorFactory.getIDPRequestValidator(reqBinding, isFromECP);
//IDP Proxy with introduction cookie case.
//After reading the introduction cookie, it redirects to here.
String requestID = request.getParameter("requestID");
if (idpProxyCase(requestID, request, response)) {
return;
}
// Fetch a number of properties about the request.
String idpMetaAlias = validator.getMetaAlias(request);
String realm = validator.getRealmByMetaAlias(idpMetaAlias);
String idpEntityID = validator.getIDPEntity(idpMetaAlias, realm);
SAML2IdentityProviderAdapter idpAdapter = validator.getIDPAdapter(realm, idpEntityID);
String reqID = request.getParameter(REQ_ID);
if (null != auditor && StringUtils.isNotEmpty(reqID)) {
auditor.setRequestId(reqID);
}
IDPSSOFederateRequest reqData = new IDPSSOFederateRequest(reqID, realm, idpAdapter, idpMetaAlias, idpEntityID);
reqData.setEventAuditor(auditor);
// id should be there.
if (StringUtils.isEmpty(reqData.getRequestID())) {
SAMLAuthenticator samlAuthenticator = saml2ActorFactory.getSAMLAuthenticator(reqData, request, response, out, isFromECP);
samlAuthenticator.authenticate();
} else {
SAMLAuthenticatorLookup samlLookup = saml2ActorFactory.getSAMLAuthenticatorLookup(reqData, request, response, out);
samlLookup.retrieveAuthenticationFromCache();
}
}
Aggregations