use of org.springframework.security.core.GrantedAuthority in project CzechIdMng by bcvsolutions.
the class DefaultGrantedAuthoritiesFactoryTest method testGroupAdmin.
/**
* Group admin has all group authorities
*/
@Test
public void testGroupAdmin() {
IdmRoleDto role = new IdmRoleDto();
role.setName("role");
role.setId(UUID.randomUUID());
IdmIdentityDto identity = new IdmIdentityDto();
identity.setId(UUID.randomUUID());
identity.setUsername("identityAdmin");
IdmIdentityContractDto contract = new IdmIdentityContractDto();
contract.setId(UUID.randomUUID());
contract.setIdentity(identity.getId());
IdmIdentityRoleDto identityRole = new IdmIdentityRoleDto();
identityRole.setIdentityContractDto(contract);
identityRole.setRole(role.getId());
List<IdmIdentityRoleDto> roles = Lists.newArrayList(identityRole);
when(moduleService.getAvailablePermissions()).thenReturn(groupPermissions);
when(identityService.getByUsername(identity.getUsername())).thenReturn(identity);
when(roleService.get(role.getId())).thenReturn(role);
when(identityRoleService.findValidRole(identity.getId(), null)).thenReturn(new PageImpl<>(new ArrayList<>(roles)));
when(roleService.getSubroles(any(UUID.class))).thenReturn(Lists.newArrayList());
when(authorizationPolicyService.getDefaultAuthorities(any())).thenReturn(Sets.newHashSet(new DefaultGrantedAuthority(CoreGroupPermission.IDENTITY, IdmBasePermission.ADMIN), new DefaultGrantedAuthority(CoreGroupPermission.IDENTITY, IdmBasePermission.READ), new DefaultGrantedAuthority(CoreGroupPermission.IDENTITY, IdmBasePermission.DELETE)));
// returns trimmed authorities
List<GrantedAuthority> grantedAuthorities = defaultGrantedAuthoritiesFactory.getGrantedAuthorities(identity.getUsername());
//
assertEquals(1, grantedAuthorities.size());
assertEquals(new DefaultGrantedAuthority(CoreGroupPermission.IDENTITY, IdmBasePermission.ADMIN), grantedAuthorities.iterator().next());
}
use of org.springframework.security.core.GrantedAuthority in project CzechIdMng by bcvsolutions.
the class DefaultIdmRoleRequestServiceIntegrationTest method notRightForExecuteImmediatelyExceptionTest.
@Test(expected = RoleRequestException.class)
@Transactional()
public void notRightForExecuteImmediatelyExceptionTest() {
this.logout();
// Log as user without right for immediately execute role request (without approval)
Collection<GrantedAuthority> authorities = IdmAuthorityUtils.toAuthorities(moduleService.getAvailablePermissions()).stream().filter(authority -> {
return !CoreGroupPermission.ROLE_REQUEST_EXECUTE.equals(authority.getAuthority()) && !CoreGroupPermission.ROLE_REQUEST_ADMIN.equals(authority.getAuthority()) && !IdmGroupPermission.APP_ADMIN.equals(authority.getAuthority());
}).collect(Collectors.toList());
SecurityContextHolder.getContext().setAuthentication(new IdmJwtAuthentication(new IdmIdentityDto(USER_TEST_A), null, authorities, "test"));
IdmIdentityDto testA = identityService.getByUsername(USER_TEST_A);
IdmIdentityContractDto contractA = identityContractService.getPrimeContract(testA.getId());
IdmRoleRequestDto request = new IdmRoleRequestDto();
request.setApplicant(testA.getId());
request.setExecuteImmediately(true);
request.setRequestedByType(RoleRequestedByType.MANUALLY);
request = roleRequestService.save(request);
Assert.assertEquals(RoleRequestState.CONCEPT, request.getState());
IdmConceptRoleRequestDto conceptA = new IdmConceptRoleRequestDto();
conceptA.setRoleRequest(request.getId());
conceptA.setOperation(ConceptRoleRequestOperation.ADD);
conceptA.setRole(roleA.getId());
conceptA.setIdentityContract(contractA.getId());
conceptA = conceptRoleRequestService.save(conceptA);
Assert.assertEquals(RoleRequestState.CONCEPT, conceptA.getState());
// We expect exception state (we don`t have right for execute without approval)
roleRequestService.startRequestInternal(request.getId(), true);
}
use of org.springframework.security.core.GrantedAuthority in project CzechIdMng by bcvsolutions.
the class AbstractWorkflowIntegrationTest method loginAsNoAdmin.
public void loginAsNoAdmin(String user) {
Collection<GrantedAuthority> authorities = IdmAuthorityUtils.toAuthorities(moduleService.getAvailablePermissions()).stream().filter(authority -> {
return !IdmGroupPermission.APP_ADMIN.equals(authority.getAuthority());
}).collect(Collectors.toList());
IdmIdentityDto identity = (IdmIdentityDto) lookupService.getDtoLookup(IdmIdentityDto.class).lookup(user);
SecurityContextHolder.getContext().setAuthentication(new IdmJwtAuthentication(identity, null, authorities, "test"));
}
use of org.springframework.security.core.GrantedAuthority in project CzechIdMng by bcvsolutions.
the class DefaultIdmAutomaticRoleRequestServiceIntegrationTest method notRightForExecuteImmediatelyExceptionTest.
@Test(expected = RoleRequestException.class)
public void notRightForExecuteImmediatelyExceptionTest() {
this.logout();
IdmIdentityDto identity = helper.createIdentity();
// Log as user without right for immediately execute role request (without
// approval)
Collection<GrantedAuthority> authorities = IdmAuthorityUtils.toAuthorities(moduleService.getAvailablePermissions()).stream().filter(authority -> {
return !CoreGroupPermission.AUTOMATIC_ROLE_REQUEST_ADMIN.equals(authority.getAuthority()) && !IdmGroupPermission.APP_ADMIN.equals(authority.getAuthority());
}).collect(Collectors.toList());
SecurityContextHolder.getContext().setAuthentication(new IdmJwtAuthentication(new IdmIdentityDto(identity.getUsername()), null, authorities, "test"));
IdmRoleDto role = prepareRole();
IdmAutomaticRoleRequestDto request = new IdmAutomaticRoleRequestDto();
request.setState(RequestState.EXECUTED);
request.setOperation(RequestOperationType.ADD);
request.setRequestType(AutomaticRoleRequestType.ATTRIBUTE);
request.setExecuteImmediately(true);
request.setName(role.getName());
request.setRole(role.getId());
request = roleRequestService.save(request);
Assert.assertEquals(RequestState.CONCEPT, request.getState());
IdmAutomaticRoleAttributeRuleRequestDto rule = new IdmAutomaticRoleAttributeRuleRequestDto();
rule.setRequest(request.getId());
rule.setOperation(RequestOperationType.ADD);
rule.setAttributeName(IdmIdentity_.username.getName());
rule.setComparison(AutomaticRoleAttributeRuleComparison.EQUALS);
rule.setType(AutomaticRoleAttributeRuleType.IDENTITY);
rule.setValue("test");
rule = ruleRequestService.save(rule);
// We expect exception state (we don`t have right for execute without approval)
roleRequestService.startRequestInternal(request.getId(), true);
}
use of org.springframework.security.core.GrantedAuthority in project zhcet-web by zhcet-amu.
the class UserDetailService method cloneWithRoles.
/**
* Update current authentication by cloning it with new roles
* Also saves the user with new roles
*
* Used when there is a need to dynamically update a user's roles
* @param authentication {@link Authentication} to be cloned
* @param user {@link User} containing roles
*/
void cloneWithRoles(Authentication authentication, User user) {
Collection<GrantedAuthority> authorities = getAuthorities(user);
Authentication clone = new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), authorities);
saveUser(user);
SecurityContextHolder.getContext().setAuthentication(clone);
}
Aggregations