in component-test/src/main/java/TestApplications.java [133:209]
public void testApplicationPermissionUserApprovalProvisioning() throws InterruptedException {
final ApplicationSignatureTestData appPlusSig;
final Permission identityManagementPermission;
try (final AutoUserContext ignored
= tenantApplicationSecurityEnvironment.createAutoSeshatContext()) {
appPlusSig = setApplicationSignature();
identityManagementPermission = new Permission(
PermittableGroupIds.ROLE_MANAGEMENT,
Collections.singleton(AllowedOperation.READ));
createApplicationPermission(appPlusSig.getApplicationIdentifier(), identityManagementPermission);
}
final String user1Password;
final String user1id;
final String user2Password;
final String user2id;
try (final AutoUserContext ignored = loginAdmin()) {
final String selfManagementRoleId = createSelfManagementRole();
final String roleManagementRoleId = createRoleManagementRole();
user1Password = RandomStringUtils.randomAlphanumeric(5);
user1id = createUserWithNonexpiredPassword(user1Password, selfManagementRoleId);
user2Password = RandomStringUtils.randomAlphanumeric(5);
user2id = createUserWithNonexpiredPassword(user2Password, roleManagementRoleId);
}
try (final AutoUserContext ignored = loginUser(user1id, user1Password)) {
Assert.assertFalse(getTestSubject().getApplicationPermissionEnabledForUser(
appPlusSig.getApplicationIdentifier(),
identityManagementPermission.getPermittableEndpointGroupIdentifier(),
user1id));
getTestSubject().setApplicationPermissionEnabledForUser(
appPlusSig.getApplicationIdentifier(),
identityManagementPermission.getPermittableEndpointGroupIdentifier(),
user1id,
true);
Assert.assertTrue(eventRecorder.wait(EventConstants.OPERATION_PUT_APPLICATION_PERMISSION_USER_ENABLED,
new ApplicationPermissionUserEvent(
appPlusSig.getApplicationIdentifier(),
identityManagementPermission.getPermittableEndpointGroupIdentifier(),
user1id)));
Assert.assertTrue(getTestSubject().getApplicationPermissionEnabledForUser(
appPlusSig.getApplicationIdentifier(),
identityManagementPermission.getPermittableEndpointGroupIdentifier(),
user1id));
}
try (final AutoUserContext ignored = loginUser(user2id, user2Password)) {
Assert.assertFalse(getTestSubject().getApplicationPermissionEnabledForUser(
appPlusSig.getApplicationIdentifier(),
identityManagementPermission.getPermittableEndpointGroupIdentifier(),
user2id));
}
try (final AutoUserContext ignored = loginUser(user1id, user1Password)) {
getTestSubject().setApplicationPermissionEnabledForUser(
appPlusSig.getApplicationIdentifier(),
identityManagementPermission.getPermittableEndpointGroupIdentifier(),
user1id,
false);
Assert.assertTrue(eventRecorder.wait(EventConstants.OPERATION_PUT_APPLICATION_PERMISSION_USER_ENABLED,
new ApplicationPermissionUserEvent(
appPlusSig.getApplicationIdentifier(),
identityManagementPermission.getPermittableEndpointGroupIdentifier(),
user1id)));
}
//Note that at this point, our imaginary application still cannot do anything in the name of any user,
//because neither of the users has the permission the user enabled for the application.
}