AuthorizationRequestEndpointTest.java revision cc87cf22700a4a41bf0eba0d9579db53e7cedd94
/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2015-2016 ForgeRock AS.
*/
public class AuthorizationRequestEndpointTest {
private AuthorizationRequestEndpoint endpoint;
private UmaProviderSettings umaProviderSettings;
private TokenStore oauth2TokenStore;
private Evaluator policyEvaluator;
private UmaTokenStore umaTokenStore;
private AccessToken accessToken;
private PermissionTicket permissionTicket;
private JsonRepresentation entity;
private JSONObject requestBody;
private RequestingPartyToken rpt;
private ResourceSetStore resourceSetStore;
private UmaAuditLogger umaAuditLogger;
private IdTokenClaimGatherer idTokenClaimGatherer;
new JacksonRepresentationFactory(new ObjectMapper());
private class AuthorizationRequestEndpoint2 extends AuthorizationRequestEndpoint {
}
} else {
}
return identity;
}
return accessToken;
}
}
@SuppressWarnings("unchecked")
public void setup() throws ServerException, InvalidGrantException, NotFoundException, EntitlementException, JSONException {
given(oauth2TokenStore.readAccessToken(Matchers.<OAuth2Request>anyObject(), anyString())).willReturn(accessToken);
given(umaProviderSettings.getPolicyEvaluator(any(Subject.class), eq(RS_CLIENT_ID.toLowerCase()))).willReturn(policyEvaluator);
given(umaProviderSettingsFactory.get(Matchers.<Request>anyObject())).willReturn(umaProviderSettings);
OAuth2ProviderSettingsFactory oauth2ProviderSettingsFactory = mock(OAuth2ProviderSettingsFactory.class);
given(oauth2ProviderSettingsFactory.get(any(OAuth2Request.class))).willReturn(oauth2ProviderSettings);
}
public void shouldThrowRequestSubmittedErrorWhenScopeDoesNotExistInPermissionTicket() throws Exception {
//Given
given(policyEvaluator.evaluate(anyString(), Matchers.<Subject>anyObject(), eq(RESOURCE_NAME), Matchers.<Map<String,
//Then
try {
} catch (UmaException e) {
inOrder.verify(requestAuthorizationFilter).beforeAuthorization(eq(permissionTicket), any(Subject.class),
inOrder.verify(policyEvaluator).evaluate(anyString(), any(Subject.class), anyString(), anyMap(), eq(false));
throw e;
}
}
public void shouldThrowRequestSubmittedErrorWhenScopeDoesNotExistInPermissionTicket2() throws Exception {
//Given
given(policyEvaluator.evaluate(anyString(), Matchers.<Subject>anyObject(), eq(RESOURCE_NAME), Matchers.<Map<String,
//Then
try {
} catch (UmaException e) {
inOrder.verify(requestAuthorizationFilter).beforeAuthorization(eq(permissionTicket), any(Subject.class),
inOrder.verify(policyEvaluator).evaluate(anyString(), any(Subject.class), anyString(), anyMap(), eq(false));
throw e;
}
}
@Test
public void shouldReturnTrueWhenRequestedScopesExactlyMatchesEntitlements() throws Exception {
//Given
given(policyEvaluator.evaluate(anyString(), Matchers.<Subject>anyObject(), eq(RESOURCE_NAME), Matchers.<Map<String,
//Then
inOrder.verify(requestAuthorizationFilter).beforeAuthorization(eq(permissionTicket), any(Subject.class),
inOrder.verify(policyEvaluator).evaluate(anyString(), any(Subject.class), anyString(), anyMap(), eq(false));
}
@Test
public void shouldReturnTrueWhenRequestedScopesSubsetOfEntitlements() throws Exception {
//Given
given(policyEvaluator.evaluate(anyString(), Matchers.<Subject>anyObject(), eq(RESOURCE_NAME), Matchers.<Map<String,
//Then
inOrder.verify(requestAuthorizationFilter).beforeAuthorization(eq(permissionTicket), any(Subject.class),
inOrder.verify(policyEvaluator).evaluate(anyString(), any(Subject.class), anyString(), anyMap(), eq(false));
}
public void shouldThrowNeedInfoExceptionWhenTrustElevationRequiredButClaimNotPresent() throws Exception {
//Given
//Then
try {
} catch (UmaException e) {
throw e;
}
}
public void shouldThrowNeedInfoExceptionWhenTrustElevationRequiredAndUnknownClaimPresent() throws Exception {
//Given
//Then
try {
} catch (UmaException e) {
throw e;
}
}
public void shouldThrowNeedInfoExceptionWhenTrustElevationRequiredAndClaimGatheringFails() throws Exception {
//Given
//Then
try {
} catch (UmaException e) {
throw e;
}
}
@Test
public void shouldReturnRptWhenTrustElevationRequiredAndIdTokenClaimPresent() throws Exception {
//Given
//Then
}
public void shouldCreatePendingRequestAndThrowRequestSubmittedExceptionWhenNoEntitlementsForRequestedScopes()
throws Exception {
//Given
given(policyEvaluator.evaluate(anyString(), Matchers.<Subject>anyObject(), eq(RESOURCE_NAME), Matchers.<Map<String,
//Then
try {
} catch (UmaException e) {
verify(pendingRequestsService).createPendingRequest(any(HttpServletRequest.class), eq("RESOURCE_SET_ID"),
verify(umaAuditLogger).log(eq("RESOURCE_SET_ID"), any(AMIdentity.class), eq(UmaAuditType.REQUEST_SUBMITTED),
throw e;
}
}
public void shouldCreatePendingRequestForAuthorizationRequestWithDifferentScopes() throws Exception {
//Given
given(policyEvaluator.evaluate(anyString(), Matchers.<Subject>anyObject(), eq(RESOURCE_NAME), Matchers.<Map<String,
//Then
try {
} catch (UmaException e) {
verify(pendingRequestsService).createPendingRequest(any(HttpServletRequest.class), eq("RESOURCE_SET_ID"),
verify(umaAuditLogger).log(eq("RESOURCE_SET_ID"), any(AMIdentity.class), eq(UmaAuditType.REQUEST_SUBMITTED),
throw e;
}
}
public void shouldThrowRequestSubmittedExceptionWhenNoEntitlementsForRequestedScopes() throws Exception {
//Given
given(policyEvaluator.evaluate(anyString(), Matchers.<Subject>anyObject(), eq(RESOURCE_NAME), Matchers.<Map<String,
//Then
try {
} catch (UmaException e) {
verify(umaAuditLogger, never()).log(eq("RESOURCE_SET_ID"), any(AMIdentity.class), eq(UmaAuditType.REQUEST_SUBMITTED),
throw e;
}
}
return entitlement;
}
return pendingRequest;
}
given(pendingRequestsService.queryPendingRequests(anyString(), anyString(), anyString(), anyString()))
}
private void enableRequiredTrustElevation() throws ServerException {
}
private void mockRequestBodyWithIdTokenClaim() {
+ "\"claim_tokens\": [{"
+ "\"token\": \"ID_TOKEN\"}]}");
}
private void mockRequestBodyWithInvalidIdTokenClaim() {
+ "\"claim_tokens\": [{"
+ "\"token\": \"ID_TOKEN\"}]}");
}
private void mockIdTokenClaimGatherRequiredClaimsDetails() {
field("CLAIMS_REQUIRED", true))));
}
private void mockRequestBodyWithUnknownClaim() {
+ "\"claim_tokens\": [{"
+ "\"format\": \"UNKNOWN_FORMAT\", "
+ "\"token\": \"TOKEN\"}]}");
}
}