Example 1 with DelegationManager
use of com.sun.identity.delegation.DelegationManager in project OpenAM by OpenRock.
the class RemovePrivileges method handleRequest.
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
SSOToken adminSSOToken = getAdminSSOToken();
IOutput outputWriter = getOutputWriter();
String realm = getStringOptionValue(IArgument.REALM_NAME);
String idName = getStringOptionValue(ARGUMENT_ID_NAME);
String type = getStringOptionValue(ARGUMENT_ID_TYPE);
List privileges = (List) rc.getOption(IArgument.PRIVILEGES);
IdType idType = convert2IdType(type);
String[] params = { realm, type, idName };
try {
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_IDREPO_REMOVE_PRIVILEGES", params);
DelegationManager mgr = new DelegationManager(adminSSOToken, realm);
Set privilegeObjects = mgr.getPrivileges();
AMIdentity amid;
if (idType.equals(IdType.ROLE) && idName.equalsIgnoreCase(ALL_AUTHENTICATED_USERS)) {
//realm needs to be /, see DelegationPolicyImpl#privilegeToPolicy implementation
amid = new AMIdentity(adminSSOToken, idName, idType, "/", null);
//do not check the existense of all authenticated users role as it would fail
} else {
amid = new AMIdentity(adminSSOToken, idName, idType, realm, null);
}
String uid = amid.getUniversalId();
for (Iterator i = privileges.iterator(); i.hasNext(); ) {
String name = (String) i.next();
DelegationPrivilege dp = getDelegationPrivilege(name, privilegeObjects);
boolean removed = false;
if (dp != null) {
Set subjects = dp.getSubjects();
if (subjects.contains(uid)) {
subjects.remove(uid);
mgr.addPrivilege(dp);
removed = true;
}
}
if (!removed) {
String[] args = { idName, name };
String msg = MessageFormat.format(getResourceString("delegation-does-not-have-privilege"), (Object[]) args);
throw new CLIException(msg, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
outputWriter.printlnMessage(MessageFormat.format(getResourceString("idrepo-remove-privileges-succeed"), (Object[]) params));
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_IDREPO_REMOVE_PRIVILEGES", params);
} catch (DelegationException e) {
String[] args = { realm, type, idName, e.getMessage() };
debugError("RemovePrivileges.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_REMOVE_PRIVILEGES", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SSOException e) {
String[] args = { realm, type, idName, e.getMessage() };
debugError("RemovePrivileges.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_REMOVE_PRIVILEGES", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
Set(java.util.Set)
DelegationException(com.sun.identity.delegation.DelegationException)
SSOException(com.iplanet.sso.SSOException)
IdType(com.sun.identity.idm.IdType)
DelegationPrivilege(com.sun.identity.delegation.DelegationPrivilege)
IOutput(com.sun.identity.cli.IOutput)
DelegationManager(com.sun.identity.delegation.DelegationManager)
AMIdentity(com.sun.identity.idm.AMIdentity)
Iterator(java.util.Iterator)
CLIException(com.sun.identity.cli.CLIException)
List(java.util.List)
Example 2 with DelegationManager
use of com.sun.identity.delegation.DelegationManager in project OpenAM by OpenRock.
the class AddPrivileges method handleRequest.
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
SSOToken adminSSOToken = getAdminSSOToken();
IOutput outputWriter = getOutputWriter();
String realm = getStringOptionValue(IArgument.REALM_NAME);
String idName = getStringOptionValue(ARGUMENT_ID_NAME);
String type = getStringOptionValue(ARGUMENT_ID_TYPE);
List privileges = (List) rc.getOption(IArgument.PRIVILEGES);
IdType idType = convert2IdType(type);
String[] params = { realm, type, idName };
try {
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_IDREPO_ADD_PRIVILEGES", params);
DelegationManager mgr = new DelegationManager(adminSSOToken, realm);
Set privilegeObjects = mgr.getPrivileges();
AMIdentity amid;
if (idType.equals(IdType.ROLE) && idName.equalsIgnoreCase(ALL_AUTHENTICATED_USERS)) {
//realm needs to be /, see DelegationPolicyImpl#privilegeToPolicy implementation
amid = new AMIdentity(adminSSOToken, idName, idType, "/", null);
//do not check the existense of all authenticated users role as it would fail
} else {
amid = new AMIdentity(adminSSOToken, idName, idType, realm, null);
if (!amid.isExists()) {
Object[] p = { idName, type };
throw new CLIException(MessageFormat.format(getResourceString("idrepo-add-privileges-do-not-exist"), p), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
String uid = amid.getUniversalId();
DelegationPrivilege newDp = null;
for (Iterator i = privileges.iterator(); i.hasNext(); ) {
String name = (String) i.next();
DelegationPrivilege dp = getDelegationPrivilege(name, privilegeObjects);
if (dp != null) {
Set subjects = dp.getSubjects();
if (!subjects.contains(uid)) {
subjects.add(uid);
newDp = new DelegationPrivilege(name, subjects, realm);
mgr.addPrivilege(newDp);
} else {
String[] args = { idName, name };
String msg = MessageFormat.format(getResourceString("delegation-already-has-privilege"), (Object[]) args);
throw new CLIException(msg, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
} else {
Set subjects = new HashSet(2);
subjects.add(uid);
newDp = new DelegationPrivilege(name, subjects, realm);
mgr.addPrivilege(newDp);
}
}
outputWriter.printlnMessage(MessageFormat.format(getResourceString("idrepo-add-privileges-succeed"), (Object[]) params));
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_IDREPO_ADD_PRIVILEGES", params);
} catch (IdRepoException e) {
String[] args = { realm, type, idName, e.getMessage() };
debugError("AddPrivileges.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_ADD_PRIVILEGES", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (DelegationException e) {
String[] args = { realm, type, idName, e.getMessage() };
debugError("AddPrivileges.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_ADD_PRIVILEGES", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SSOException e) {
String[] args = { realm, type, idName, e.getMessage() };
debugError("AddPrivileges.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_ADD_PRIVILEGES", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
Set(java.util.Set)
HashSet(java.util.HashSet)
IdRepoException(com.sun.identity.idm.IdRepoException)
DelegationException(com.sun.identity.delegation.DelegationException)
SSOException(com.iplanet.sso.SSOException)
IdType(com.sun.identity.idm.IdType)
DelegationPrivilege(com.sun.identity.delegation.DelegationPrivilege)
IOutput(com.sun.identity.cli.IOutput)
DelegationManager(com.sun.identity.delegation.DelegationManager)
AMIdentity(com.sun.identity.idm.AMIdentity)
Iterator(java.util.Iterator)
CLIException(com.sun.identity.cli.CLIException)
List(java.util.List)
HashSet(java.util.HashSet)
Example 3 with DelegationManager
use of com.sun.identity.delegation.DelegationManager in project OpenAM by OpenRock.
the class GetPrivileges method handleRequest.
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
SSOToken adminSSOToken = getAdminSSOToken();
IOutput outputWriter = getOutputWriter();
String realm = getStringOptionValue(IArgument.REALM_NAME);
String idName = getStringOptionValue(ARGUMENT_ID_NAME);
String type = getStringOptionValue(ARGUMENT_ID_TYPE);
IdType idType = convert2IdType(type);
String[] params = { realm, type, idName };
try {
DelegationManager mgr = new DelegationManager(adminSSOToken, realm);
AMIdentityRepository amir = new AMIdentityRepository(adminSSOToken, realm);
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_IDREPO_GET_PRIVILEGES", params);
AMIdentity amid;
if (idType.equals(IdType.ROLE) && idName.equalsIgnoreCase(ALL_AUTHENTICATED_USERS)) {
//realm needs to be /, see DelegationPolicyImpl#privilegeToPolicy implementation
amid = new AMIdentity(adminSSOToken, idName, idType, "/", null);
//do not check the existense of all authenticated users role as it would fail
} else {
amid = new AMIdentity(adminSSOToken, idName, idType, realm, null);
if (!amid.isExists()) {
Object[] p = { idName, type };
throw new CLIException(MessageFormat.format(getResourceString("identity-does-not-exist"), p), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
Set results = mgr.getPrivileges(amid.getUniversalId());
if ((results != null) && !results.isEmpty()) {
String[] param = { "" };
String msg = getResourceString("privilege-result");
for (Iterator i = results.iterator(); i.hasNext(); ) {
DelegationPrivilege p = (DelegationPrivilege) i.next();
param[0] = p.getName();
outputWriter.printlnMessage(MessageFormat.format(msg, (Object[]) param));
}
} else {
outputWriter.printlnMessage(getResourceString("no-privileges"));
}
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_IDREPO_GET_PRIVILEGES", params);
} catch (DelegationException e) {
String[] args = { realm, type, idName, e.getMessage() };
debugError("GetPrivileges.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_GET_PRIVILEGES", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IdRepoException e) {
String[] args = { realm, type, idName, e.getMessage() };
debugError("GetPrivileges.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_GET_PRIVILEGES", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SSOException e) {
String[] args = { realm, type, idName, e.getMessage() };
debugError("GetPrivileges.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_GET_PRIVILEGES", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
Set(java.util.Set)
IdRepoException(com.sun.identity.idm.IdRepoException)
DelegationException(com.sun.identity.delegation.DelegationException)
SSOException(com.iplanet.sso.SSOException)
IdType(com.sun.identity.idm.IdType)
DelegationPrivilege(com.sun.identity.delegation.DelegationPrivilege)
IOutput(com.sun.identity.cli.IOutput)
DelegationManager(com.sun.identity.delegation.DelegationManager)
AMIdentity(com.sun.identity.idm.AMIdentity)
AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository)
Iterator(java.util.Iterator)
CLIException(com.sun.identity.cli.CLIException)
Example 4 with DelegationManager
use of com.sun.identity.delegation.DelegationManager in project OpenAM by OpenRock.
the class PrivilegeXMLBuilder method getXML.
public String getXML(String realm, AMModel model) {
StringBuilder xml = new StringBuilder(1000);
if (realm == null) {
realm = model.getStartDN();
}
try {
DelegationManager mgr = new DelegationManager(adminSSOToken, realm);
Set privileges = mgr.getConfiguredPrivilegeNames();
if ((privileges != null) && !privileges.isEmpty()) {
xml.append(PropertyXMLBuilderBase.getXMLDefinitionHeader()).append(START_TAG).append(PRIVILEGE_SECTION_TAG);
for (Iterator iter = privileges.iterator(); iter.hasNext(); ) {
String name = (String) iter.next();
String[] params = { name, name };
xml.append(MessageFormat.format(PRIVILEGE_PROPERTY_TAG, (Object[]) params));
}
xml.append(SECTION_END_TAG).append(END_TAG);
}
} catch (SSOException e) {
PropertyXMLBuilderBase.debug.error("PrivilegeXMLBuilder.getXML", e);
} catch (DelegationException e) {
PropertyXMLBuilderBase.debug.error("PrivilegeXMLBuilder.getXML", e);
}
return xml.toString();
}
Also used :
Set(java.util.Set)
DelegationManager(com.sun.identity.delegation.DelegationManager)
Iterator(java.util.Iterator)
SSOException(com.iplanet.sso.SSOException)
DelegationException(com.sun.identity.delegation.DelegationException)
Example 5 with DelegationManager
use of com.sun.identity.delegation.DelegationManager in project OpenAM by OpenRock.
the class DelegationModelImpl method setPrivileges.
/**
* Set privileges of an identity.
*
* @param realmName Name of realm.
* @param uid Universal ID of the identity.
* @param privileges Map of privilege name to privilege value.
* @throws AMConsoleException if privilege cannot be set.
*/
public void setPrivileges(String realmName, String uid, Map privileges) throws AMConsoleException {
String curPrivilegeName = null;
try {
DelegationManager mgr = new DelegationManager(getUserSSOToken(), realmName);
Set privilegeObjects = mgr.getPrivileges();
String[] params = new String[3];
params[0] = realmName;
params[1] = uid;
for (Iterator i = privileges.keySet().iterator(); i.hasNext(); ) {
String name = (String) i.next();
String strVal = (String) AMAdminUtils.getValue((Set) privileges.get(name));
boolean bVal = strVal.equals(Boolean.TRUE.toString());
params[2] = name;
curPrivilegeName = name;
DelegationPrivilege dp = getDelegationPrivilege(name, privilegeObjects);
if (dp != null) {
Set subjects = dp.getSubjects();
boolean modified = false;
if (bVal) {
if (!subjects.contains(uid)) {
subjects.add(uid);
modified = true;
}
} else {
if (subjects.contains(uid)) {
subjects.remove(uid);
modified = true;
}
}
if (modified) {
logEvent("ATTEMPT_MODIFY_DELEGATION_PRIVILEGE", params);
mgr.addPrivilege(dp);
logEvent("SUCCEED_MODIFY_DELEGATION_PRIVILEGE", params);
}
} else if (bVal) {
Set subjects = new HashSet(2);
subjects.add(uid);
logEvent("ATTEMPT_MODIFY_DELEGATION_PRIVILEGE", params);
DelegationPrivilege newDp = new DelegationPrivilege(name, subjects, realmName);
mgr.addPrivilege(newDp);
logEvent("SUCCEED_MODIFY_DELEGATION_PRIVILEGE", params);
}
}
} catch (SSOException e) {
String strError = getErrorString(e);
String[] paramsEx = { realmName, uid, curPrivilegeName, strError };
logEvent("SSO_EXCEPTION_MODIFY_DELEGATION_PRIVILEGE", paramsEx);
throw new AMConsoleException(strError);
} catch (DelegationException e) {
String strError = getErrorString(e);
String[] paramsEx = { realmName, uid, curPrivilegeName, strError };
logEvent("DELEGATION_EXCEPTION_MODIFY_DELEGATION_PRIVILEGE", paramsEx);
throw new AMConsoleException(strError);
}
}
Also used :
DelegationPrivilege(com.sun.identity.delegation.DelegationPrivilege)
Set(java.util.Set)
HashSet(java.util.HashSet)
DelegationManager(com.sun.identity.delegation.DelegationManager)
Iterator(java.util.Iterator)
SSOException(com.iplanet.sso.SSOException)
DelegationException(com.sun.identity.delegation.DelegationException)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
HashSet(java.util.HashSet)
Aggregations
DelegationManager (com.sun.identity.delegation.DelegationManager)11
DelegationException (com.sun.identity.delegation.DelegationException)10
Set (java.util.Set)10
SSOException (com.iplanet.sso.SSOException)9
DelegationPrivilege (com.sun.identity.delegation.DelegationPrivilege)7
Iterator (java.util.Iterator)7
HashSet (java.util.HashSet)6
SSOToken (com.iplanet.sso.SSOToken)4
AMIdentity (com.sun.identity.idm.AMIdentity)4
CLIException (com.sun.identity.cli.CLIException)3
IOutput (com.sun.identity.cli.IOutput)3
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)3
IdType (com.sun.identity.idm.IdType)3
IdRepoException (com.sun.identity.idm.IdRepoException)2
List (java.util.List)2
CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)1
DelegationPermission (com.sun.identity.delegation.DelegationPermission)1
AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)1
OrderedSet (com.sun.identity.shared.datastruct.OrderedSet)1
