Search in sources :

Example 1 with VisibleForTesting

use of org.forgerock.util.annotations.VisibleForTesting in project OpenAM by OpenRock.

the class XacmlService method checkPermission.

/**
     * Check if this user has permission to perform the given action (which will be "read" in the case of export
     * and "modify" in the case of import).
     *
     * @return true if the user has permission, false otherwise.
     */
@VisibleForTesting
boolean checkPermission(String action) throws EntitlementException {
    try {
        Request restletRequest = getRequest();
        String urlLastSegment = restletRequest.getResourceRef().getLastSegment();
        String realm = RestletRealmRouter.getRealmFromRequest(restletRequest);
        final Map<String, String> context = (Map<String, String>) ServletUtils.getRequest(getRequest()).getAttribute(FORGEROCK_AUTH_CONTEXT);
        final String tokenId = context.get("tokenId");
        final SSOToken token = SSOTokenManager.getInstance().createSSOToken(tokenId);
        return checkPermission(action, urlLastSegment, realm, token);
    } catch (SSOException e) {
        debug.warning("XacmlService permission evaluation failed", e);
        throw new EntitlementException(INTERNAL_ERROR, e);
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) SSOToken(com.iplanet.sso.SSOToken) HttpServletRequest(javax.servlet.http.HttpServletRequest) Request(org.restlet.Request) SSOException(com.iplanet.sso.SSOException) Map(java.util.Map) HashMap(java.util.HashMap) VisibleForTesting(org.forgerock.util.annotations.VisibleForTesting)

Example 2 with VisibleForTesting

use of org.forgerock.util.annotations.VisibleForTesting in project OpenAM by OpenRock.

the class XacmlService method exportXACML.

/**
     * This version of exportXACML here for testing - it saves trying to mock the static getRealmFromRequest
     * @param realm The realm
     * @return Representation object wrapping the converted XACML
     */
@VisibleForTesting
Representation exportXACML(String realm) {
    List<String> filters = new ArrayList<String>(Arrays.asList(getQuery().getValuesArray(QUERY_PARAM_STRING)));
    PolicySet policySet;
    try {
        if (!checkPermission("READ")) {
            throw new ResourceException(new Status(FORBIDDEN));
        }
        policySet = importExport.exportXACML(realm, getAdminToken(), filters);
        getResponse().setStatus(Status.SUCCESS_OK);
    } catch (EntitlementException e) {
        debug.warning("Reading Policies failed", e);
        throw new ResourceException(new Status(INTERNAL_ERROR, e.getLocalizedMessage(getRequestLocale()), null, null));
    }
    final PolicySet finalPolicySet = policySet;
    Representation result = new OutputRepresentation(XACMLServiceEndpointApplication.APPLICATION_XML_XACML3) {

        @Override
        public void write(OutputStream outputStream) throws IOException {
            try {
                XACMLPrivilegeUtils.writeXMLToStream(finalPolicySet, outputStream);
            } catch (EntitlementException e) {
                throw new IOException(e);
            }
        }
    };
    // OPENAM-4974
    Disposition disposition = new Disposition();
    disposition.setType(Disposition.TYPE_ATTACHMENT);
    disposition.setFilename(getPolicyAttachmentFileName(realm));
    result.setDisposition(disposition);
    return result;
}
Also used : Status(org.restlet.data.Status) EntitlementException(com.sun.identity.entitlement.EntitlementException) OutputRepresentation(org.restlet.representation.OutputRepresentation) OutputStream(java.io.OutputStream) ArrayList(java.util.ArrayList) Disposition(org.restlet.data.Disposition) ResourceException(org.restlet.resource.ResourceException) ResourceException(org.forgerock.json.resource.ResourceException) JacksonRepresentation(org.restlet.ext.jackson.JacksonRepresentation) OutputRepresentation(org.restlet.representation.OutputRepresentation) Representation(org.restlet.representation.Representation) IOException(java.io.IOException) PolicySet(com.sun.identity.entitlement.xacml3.core.PolicySet) VisibleForTesting(org.forgerock.util.annotations.VisibleForTesting)

Example 3 with VisibleForTesting

use of org.forgerock.util.annotations.VisibleForTesting in project OpenAM by OpenRock.

the class IDPSSOFederate method process.

@VisibleForTesting
void process(final HttpServletRequest request, final HttpServletResponse response, final PrintWriter out, final String reqBinding) throws FederatedSSOException, IOException, SessionException {
    if (cookieRedirector.needSetLBCookieAndRedirect(request, response, true)) {
        return;
    }
    final IDPRequestValidator validator = saml2ActorFactory.getIDPRequestValidator(reqBinding, isFromECP);
    //IDP Proxy with introduction cookie case.
    //After reading the introduction cookie, it redirects to here.
    String requestID = request.getParameter("requestID");
    if (idpProxyCase(requestID, request, response)) {
        return;
    }
    // Fetch a number of properties about the request.
    String idpMetaAlias = validator.getMetaAlias(request);
    String realm = validator.getRealmByMetaAlias(idpMetaAlias);
    String idpEntityID = validator.getIDPEntity(idpMetaAlias, realm);
    SAML2IdentityProviderAdapter idpAdapter = validator.getIDPAdapter(realm, idpEntityID);
    String reqID = request.getParameter(REQ_ID);
    if (null != auditor && StringUtils.isNotEmpty(reqID)) {
        auditor.setRequestId(reqID);
    }
    IDPSSOFederateRequest reqData = new IDPSSOFederateRequest(reqID, realm, idpAdapter, idpMetaAlias, idpEntityID);
    reqData.setEventAuditor(auditor);
    // id should be there.
    if (StringUtils.isEmpty(reqData.getRequestID())) {
        SAMLAuthenticator samlAuthenticator = saml2ActorFactory.getSAMLAuthenticator(reqData, request, response, out, isFromECP);
        samlAuthenticator.authenticate();
    } else {
        SAMLAuthenticatorLookup samlLookup = saml2ActorFactory.getSAMLAuthenticatorLookup(reqData, request, response, out);
        samlLookup.retrieveAuthenticationFromCache();
    }
}
Also used : SAMLAuthenticator(org.forgerock.openam.saml2.SAMLAuthenticator) IDPSSOFederateRequest(org.forgerock.openam.saml2.IDPSSOFederateRequest) SAMLAuthenticatorLookup(org.forgerock.openam.saml2.SAMLAuthenticatorLookup) IDPRequestValidator(org.forgerock.openam.saml2.IDPRequestValidator) SAML2IdentityProviderAdapter(com.sun.identity.saml2.plugins.SAML2IdentityProviderAdapter) VisibleForTesting(org.forgerock.util.annotations.VisibleForTesting)

Aggregations

VisibleForTesting (org.forgerock.util.annotations.VisibleForTesting)3 EntitlementException (com.sun.identity.entitlement.EntitlementException)2 SSOException (com.iplanet.sso.SSOException)1 SSOToken (com.iplanet.sso.SSOToken)1 PolicySet (com.sun.identity.entitlement.xacml3.core.PolicySet)1 SAML2IdentityProviderAdapter (com.sun.identity.saml2.plugins.SAML2IdentityProviderAdapter)1 IOException (java.io.IOException)1 OutputStream (java.io.OutputStream)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 Map (java.util.Map)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 ResourceException (org.forgerock.json.resource.ResourceException)1 IDPRequestValidator (org.forgerock.openam.saml2.IDPRequestValidator)1 IDPSSOFederateRequest (org.forgerock.openam.saml2.IDPSSOFederateRequest)1 SAMLAuthenticator (org.forgerock.openam.saml2.SAMLAuthenticator)1 SAMLAuthenticatorLookup (org.forgerock.openam.saml2.SAMLAuthenticatorLookup)1 Request (org.restlet.Request)1 Disposition (org.restlet.data.Disposition)1 Status (org.restlet.data.Status)1