/* * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. * * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved * * The contents of this file are subject to the terms * of the Common Development and Distribution License * (the License). You may not use this file except in * compliance with the License. * * You can obtain a copy of the License at * https://opensso.dev.java.net/public/CDDLv1.0.html or * opensso/legal/CDDLv1.0.txt * See the License for the specific language governing * permission and limitations under the License. * * When distributing Covered Code, include this CDDL * Header Notice in each file and include the License file * at opensso/legal/CDDLv1.0.txt. * If applicable, add the following below the CDDL Header, * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: DelegationPrivilegeTest.java,v 1.5 2009/12/17 18:03:51 veiming Exp $ * * Portions Copyrighted 2015 ForgeRock AS. */ package com.sun.identity.entitlement; import com.iplanet.sso.SSOException; import com.iplanet.sso.SSOToken; import com.sun.identity.entitlement.opensso.OpenSSOUserSubject; import org.testng.annotations.Test; import com.sun.identity.entitlement.opensso.SubjectUtils; import com.sun.identity.entitlement.util.AuthUtils; import com.sun.identity.entitlement.util.IdRepoUtils; import com.sun.identity.entitlement.util.SearchFilter; import com.sun.identity.idm.AMIdentity; import com.sun.identity.idm.AMIdentityRepository; import com.sun.identity.idm.IdRepoException; import com.sun.identity.idm.IdType; import com.sun.identity.security.AdminTokenAction; import java.security.AccessController; import java.util.HashMap; import java.util.HashSet; import java.util.Map; import java.util.Set; import org.testng.annotations.AfterTest; import org.testng.annotations.BeforeTest; /** * * @author dennis */ public class DelegationPrivilegeTest { protected SSOToken adminToken = (SSOToken) AccessController.doPrivileged( AdminTokenAction.getInstance()); private AMIdentity delegatedUser; private AMIdentity nonDelegatedUser; protected String realm; protected Map testParams; public DelegationPrivilegeTest() { init(); } protected void init() { realm = "/"; testParams = new HashMap(); testParams.put("DELEGATE_PRIVILEGE_NAME", "DelegationPrivilegeTestDelegatePrivilege"); testParams.put("DELEGATED_RESOURCE", "http://www.delegationprivilegetest.com/*"); testParams.put("DELEGATED_SUB_RESOURCE", "http://www.delegationprivilegetest.com/sub/*"); testParams.put("DELEGATED_USER", "DelegationPrivilegeTestDelegatedUser"); testParams.put("NON_DELEGATED_USER", "DelegationPrivilegeTestNonDelegatedUser"); } @BeforeTest public void setup() throws Exception { delegatedUser = createUser(testParams.get("DELEGATED_USER")); nonDelegatedUser = createUser(testParams.get("NON_DELEGATED_USER")); } @AfterTest public void cleanup() throws Exception { Set identities = new HashSet(); identities.add(nonDelegatedUser); identities.add(delegatedUser); IdRepoUtils.deleteIdentities(realm, identities); } @Test public void testAdd() throws Exception { ApplicationPrivilegeManager mgr = ApplicationPrivilegeManager.getInstance(realm, SubjectUtils.createSubject(adminToken)); ApplicationPrivilege ap = new ApplicationPrivilege( testParams.get("DELEGATE_PRIVILEGE_NAME")); OpenSSOUserSubject sbj = new OpenSSOUserSubject(); sbj.setID(delegatedUser.getUniversalId()); Set subjects = new HashSet(); subjects.add(sbj); ap.setSubject(subjects); String delResource = testParams.get("DELEGATED_RESOURCE"); Map> appRes = new HashMap>(); Set res = new HashSet(); appRes.put(ApplicationTypeManager.URL_APPLICATION_TYPE_NAME, res); res.add(delResource); ap.setApplicationResources(appRes); ap.setActionValues( ApplicationPrivilege.PossibleAction.READ_MODIFY_DELEGATE); mgr.addPrivilege(ap); Application app = ApplicationServiceTestHelper.getApplication( PrivilegeManager.superAdminSubject, realm, ApplicationTypeManager.URL_APPLICATION_TYPE_NAME); // Test disabled, unable to fix model change. // if (app.getResources().contains(delResource)) { // throw new Exception("DelegationPrivilegeTest.testAdd:" + // "application resources should not have delegated resource"); // } } @Test (dependsOnMethods = {"testAdd"}) public void testModify() throws Exception { SSOToken userSSOToken = AuthUtils.authenticate("/", testParams.get("DELEGATED_USER"), testParams.get("DELEGATED_USER")); ApplicationPrivilegeManager mgr = ApplicationPrivilegeManager.getInstance(realm, SubjectUtils.createSubject(userSSOToken)); Set filters = new HashSet(); String privilegeName = testParams.get("DELEGATE_PRIVILEGE_NAME"); filters.add(new SearchFilter(Privilege.NAME_SEARCH_ATTRIBUTE, privilegeName)); Set names = mgr.search(filters); if ((names == null) || names.isEmpty()) { throw new Exception( "DelegationPrivilegeTest.testModify: search failed"); } ApplicationPrivilege ap = mgr.getPrivilege(privilegeName); Set appRes = ap.getResourceNames( ApplicationTypeManager.URL_APPLICATION_TYPE_NAME); appRes.add(testParams.get("DELEGATED_SUB_RESOURCE")); mgr.replacePrivilege(ap); } @Test (dependsOnMethods = {"testModify"}) public void testModifyNegative() throws Exception { SSOToken userSSOToken = AuthUtils.authenticate("/", testParams.get("NON_DELEGATED_USER"), testParams.get("NON_DELEGATED_USER")); ApplicationPrivilegeManager mgr = ApplicationPrivilegeManager.getInstance(realm, SubjectUtils.createSubject(userSSOToken)); Set filters = new HashSet(); String privilegeName = testParams.get("DELEGATE_PRIVILEGE_NAME"); filters.add(new SearchFilter(Privilege.NAME_SEARCH_ATTRIBUTE, privilegeName)); Set privilegeNames = mgr.search(filters); if ((privilegeNames != null) && !privilegeNames.isEmpty()) { throw new Exception("DelegationPrivilegeTest.testModifyNegative" + "privilegeNames should be empty"); } try { ApplicationPrivilege ap = mgr.getPrivilege( testParams.get("DELEGATE_PRIVILEGE_NAME")); } catch (EntitlementException e) { if (e.getErrorCode() != 325) { throw e; } } } @Test (dependsOnMethods = {"testModifyNegative"}) public void testRemove() throws Exception { ApplicationPrivilegeManager mgr = ApplicationPrivilegeManager.getInstance(realm, SubjectUtils.createSubject(adminToken)); mgr.removePrivilege( testParams.get("DELEGATE_PRIVILEGE_NAME")); } private AMIdentity createUser(String name) throws SSOException, IdRepoException { AMIdentityRepository amir = new AMIdentityRepository( adminToken, realm); Map> attrValues =new HashMap>(); Set set = new HashSet(); set.add(name); attrValues.put("givenname", set); attrValues.put("sn", set); attrValues.put("cn", set); attrValues.put("userpassword", set); return amir.createIdentity(IdType.USER, name, attrValues); } }