869a36e2649ae064c98063cf1e55198488d78d12Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster * The contents of this file are subject to the terms
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster * of the Common Development and Distribution License
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster * (the License). You may not use this file except in
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster * compliance with the License.
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster * You can obtain a copy of the License at
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster * See the License for the specific language governing
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster * permission and limitations under the License.
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster * When distributing Covered Code, include this CDDL
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster * Header Notice in each file and include the License file
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster * If applicable, add the following below the CDDL Header,
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster * with the fields enclosed by brackets [] replaced by
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster * your own identifying information:
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster * $Id: DelegationPrivilegeTest.java,v 1.5 2009/12/17 18:03:51 veiming Exp $
f6f4beaed9593cdf10a4c4842aa49ceb3b21219cJames Phillpotts * Portions Copyrighted 2015 ForgeRock AS.
869a36e2649ae064c98063cf1e55198488d78d12Allan Fosterimport com.sun.identity.entitlement.opensso.OpenSSOUserSubject;
869a36e2649ae064c98063cf1e55198488d78d12Allan Fosterimport com.sun.identity.entitlement.opensso.SubjectUtils;
869a36e2649ae064c98063cf1e55198488d78d12Allan Fosterimport com.sun.identity.entitlement.util.AuthUtils;
869a36e2649ae064c98063cf1e55198488d78d12Allan Fosterimport com.sun.identity.entitlement.util.IdRepoUtils;
869a36e2649ae064c98063cf1e55198488d78d12Allan Fosterimport com.sun.identity.entitlement.util.SearchFilter;
869a36e2649ae064c98063cf1e55198488d78d12Allan Fosterimport com.sun.identity.idm.AMIdentityRepository;
869a36e2649ae064c98063cf1e55198488d78d12Allan Fosterimport com.sun.identity.security.AdminTokenAction;
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster * @author dennis
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster protected SSOToken adminToken = (SSOToken) AccessController.doPrivileged(
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster "DelegationPrivilegeTestDelegatePrivilege");
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster "http://www.delegationprivilegetest.com/sub/*");
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster "DelegationPrivilegeTestDelegatedUser");
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster "DelegationPrivilegeTestNonDelegatedUser");
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster delegatedUser = createUser(testParams.get("DELEGATED_USER"));
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster nonDelegatedUser = createUser(testParams.get("NON_DELEGATED_USER"));
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster Set<AMIdentity> identities = new HashSet<AMIdentity>();
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster IdRepoUtils.deleteIdentities(realm, identities);
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster ApplicationPrivilege ap = new ApplicationPrivilege(
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster OpenSSOUserSubject sbj = new OpenSSOUserSubject();
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster String delResource = testParams.get("DELEGATED_RESOURCE");
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster Map<String, Set<String>> appRes = new HashMap<String, Set<String>>();
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster appRes.put(ApplicationTypeManager.URL_APPLICATION_TYPE_NAME, res);
ba3008548cd047b233fcd32bb3c5d69926eed22fAndrew Forrest ApplicationPrivilege.PossibleAction.READ_MODIFY_DELEGATE);
abecb4c15c1d3057f88dbae1db109e9b51fe1c35Jaco Jooste Application app = ApplicationServiceTestHelper.getApplication(
abecb4c15c1d3057f88dbae1db109e9b51fe1c35Jaco Jooste PrivilegeManager.superAdminSubject, realm, ApplicationTypeManager.URL_APPLICATION_TYPE_NAME);
74dca04245920444925c2544c591c3da5dad607eAndrew Forrest // Test disabled, unable to fix model change.
74dca04245920444925c2544c591c3da5dad607eAndrew Forrest // if (app.getResources().contains(delResource)) {
74dca04245920444925c2544c591c3da5dad607eAndrew Forrest // throw new Exception("DelegationPrivilegeTest.testAdd:" +
74dca04245920444925c2544c591c3da5dad607eAndrew Forrest // "application resources should not have delegated resource");
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster SSOToken userSSOToken = AuthUtils.authenticate("/",
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster Set<SearchFilter> filters = new HashSet<SearchFilter>();
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster String privilegeName = testParams.get("DELEGATE_PRIVILEGE_NAME");
f6f4beaed9593cdf10a4c4842aa49ceb3b21219cJames Phillpotts filters.add(new SearchFilter(Privilege.NAME_SEARCH_ATTRIBUTE, privilegeName));
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster "DelegationPrivilegeTest.testModify: search failed");
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster ApplicationPrivilege ap = mgr.getPrivilege(privilegeName);
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster ApplicationTypeManager.URL_APPLICATION_TYPE_NAME);
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster appRes.add(testParams.get("DELEGATED_SUB_RESOURCE"));
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster public void testModifyNegative() throws Exception {
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster SSOToken userSSOToken = AuthUtils.authenticate("/",
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster Set<SearchFilter> filters = new HashSet<SearchFilter>();
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster String privilegeName = testParams.get("DELEGATE_PRIVILEGE_NAME");
f6f4beaed9593cdf10a4c4842aa49ceb3b21219cJames Phillpotts filters.add(new SearchFilter(Privilege.NAME_SEARCH_ATTRIBUTE, privilegeName));
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster Set<String> privilegeNames = mgr.search(filters);
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster if ((privilegeNames != null) && !privilegeNames.isEmpty()) {
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster throw new Exception("DelegationPrivilegeTest.testModifyNegative" +
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster "privilegeNames should be empty");
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster @Test (dependsOnMethods = {"testModifyNegative"})
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster AMIdentityRepository amir = new AMIdentityRepository(
869a36e2649ae064c98063cf1e55198488d78d12Allan Foster Map<String, Set<String>> attrValues =new HashMap<String, Set<String>>();