Search in sources :

Example 1 with ApplicationPrivilege

use of com.sun.identity.entitlement.ApplicationPrivilege in project OpenAM by OpenRock.

the class UpdateApplicationPrivilege method handleRequest.

/**
     * Services a Commandline Request.
     *
     * @param rc Request Context.
     * @throws CLIException if the request cannot serviced.
     */
@Override
public void handleRequest(RequestContext rc) throws CLIException {
    super.handleRequest(rc);
    String realm = getStringOptionValue(IArgument.REALM_NAME);
    String name = getStringOptionValue(PARAM_NAME);
    String[] params = { realm, name };
    String description = getStringOptionValue(PARAM_DESCRIPTION);
    boolean hasDescription = (description != null) && description.trim().length() > 0;
    String actions = getStringOptionValue(PARAM_ACTIONS);
    ApplicationPrivilege.PossibleAction action = (actions != null) ? getActions() : null;
    if (!hasDescription && (action == null)) {
        throw new CLIException(getResourceString("update-application-privilege-invalid"), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }
    Subject userSubject = SubjectUtils.createSubject(getAdminSSOToken());
    ApplicationPrivilegeManager apm = ApplicationPrivilegeManager.getInstance(realm, userSubject);
    writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_UPDATE_APPLICATION_PRIVILEGE", params);
    try {
        ApplicationPrivilege appPrivilege = apm.getPrivilege(name);
        if (hasDescription) {
            appPrivilege.setDescription(description);
        }
        if (action != null) {
            appPrivilege.setActionValues(action);
        }
        apm.replacePrivilege(appPrivilege);
        Object[] msgParam = { name };
        getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("update-application-privilege-succeeded"), msgParam));
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEEDED_UPDATE_APPLICATION_PRIVILEGE", params);
    } catch (EntitlementException ex) {
        String[] paramExs = { realm, name, ex.getMessage() };
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_UPDATE_APPLICATION_PRIVILEGE", paramExs);
        throw new CLIException(ex, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) ApplicationPrivilege(com.sun.identity.entitlement.ApplicationPrivilege) CLIException(com.sun.identity.cli.CLIException) ApplicationPrivilegeManager(com.sun.identity.entitlement.ApplicationPrivilegeManager) Subject(javax.security.auth.Subject)

Example 2 with ApplicationPrivilege

use of com.sun.identity.entitlement.ApplicationPrivilege in project OpenAM by OpenRock.

the class RemoveApplicationPrivilegeSubjects method handleRequest.

/**
     * Services a Commandline Request.
     *
     * @param rc Request Context.
     * @throws CLIException if the request cannot serviced.
     */
@Override
public void handleRequest(RequestContext rc) throws CLIException {
    super.handleRequest(rc);
    String realm = getStringOptionValue(IArgument.REALM_NAME);
    String name = getStringOptionValue(PARAM_NAME);
    String[] params = { realm, name };
    Set<SubjectImplementation> newSubjects = getSubjects(rc);
    Subject userSubject = SubjectUtils.createSubject(getAdminSSOToken());
    ApplicationPrivilegeManager apm = ApplicationPrivilegeManager.getInstance(realm, userSubject);
    writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_UPDATE_APPLICATION_PRIVILEGE", params);
    try {
        ApplicationPrivilege appPrivilege = apm.getPrivilege(name);
        Set<SubjectImplementation> origSubjects = appPrivilege.getSubjects();
        origSubjects.removeAll(newSubjects);
        if (origSubjects.isEmpty()) {
            throw new CLIException(getResourceString("remove-application-privilege-subjects-emptied-subjects"), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
        appPrivilege.setSubject(origSubjects);
        apm.replacePrivilege(appPrivilege);
        Object[] msgParam = { name };
        getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("update-application-privilege-succeeded"), msgParam));
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEEDED_UPDATE_APPLICATION_PRIVILEGE", params);
    } catch (EntitlementException ex) {
        String[] paramExs = { realm, name, ex.getMessage() };
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_UPDATE_APPLICATION_PRIVILEGE", paramExs);
        throw new CLIException(ex, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) ApplicationPrivilege(com.sun.identity.entitlement.ApplicationPrivilege) CLIException(com.sun.identity.cli.CLIException) SubjectImplementation(com.sun.identity.entitlement.SubjectImplementation) ApplicationPrivilegeManager(com.sun.identity.entitlement.ApplicationPrivilegeManager) Subject(javax.security.auth.Subject)

Example 3 with ApplicationPrivilege

use of com.sun.identity.entitlement.ApplicationPrivilege in project OpenAM by OpenRock.

the class RemoveApplicationPrivilegeResources method handleRequest.

/**
     * Services a Commandline Request.
     *
     * @param rc Request Context.
     * @throws CLIException if the request cannot serviced.
     */
@Override
public void handleRequest(RequestContext rc) throws CLIException {
    super.handleRequest(rc);
    String realm = getStringOptionValue(IArgument.REALM_NAME);
    String name = getStringOptionValue(PARAM_NAME);
    String[] params = { realm, name };
    try {
        Map<String, Set<String>> mapAppToResources = getApplicationResourcesMap(rc, realm);
        Subject userSubject = SubjectUtils.createSubject(getAdminSSOToken());
        ApplicationPrivilegeManager apm = ApplicationPrivilegeManager.getInstance(realm, userSubject);
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_UPDATE_APPLICATION_PRIVILEGE", params);
        ApplicationPrivilege appPrivilege = apm.getPrivilege(name);
        Map<String, Set<String>> origAppToResources = getApplicationToResources(appPrivilege);
        removeFromMap(origAppToResources, mapAppToResources);
        if (origAppToResources.isEmpty()) {
            throw new CLIException(getResourceString("remove-application-privilege-resources-emptied-resources"), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
        appPrivilege.setApplicationResources(origAppToResources);
        apm.replacePrivilege(appPrivilege);
        Object[] msgParam = { name };
        getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("update-application-privilege-succeeded"), msgParam));
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEEDED_UPDATE_APPLICATION_PRIVILEGE", params);
    } catch (EntitlementException ex) {
        String[] paramExs = { realm, name, ex.getMessage() };
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_UPDATE_APPLICATION_PRIVILEGE", paramExs);
        throw new CLIException(ex, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) Set(java.util.Set) ApplicationPrivilege(com.sun.identity.entitlement.ApplicationPrivilege) CLIException(com.sun.identity.cli.CLIException) ApplicationPrivilegeManager(com.sun.identity.entitlement.ApplicationPrivilegeManager) Subject(javax.security.auth.Subject)

Example 4 with ApplicationPrivilege

use of com.sun.identity.entitlement.ApplicationPrivilege in project OpenAM by OpenRock.

the class CreateApplicationPrivilege method handleRequest.

/**
     * Services a Commandline Request.
     *
     * @param rc Request Context.
     * @throws CLIException if the request cannot serviced.
     */
@Override
public void handleRequest(RequestContext rc) throws CLIException {
    super.handleRequest(rc);
    String realm = getStringOptionValue(IArgument.REALM_NAME);
    String name = getStringOptionValue(PARAM_NAME);
    String[] params = { realm, name };
    writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_CREATE_APPLICATION_PRIVILEGE", params);
    String description = getStringOptionValue(PARAM_DESCRIPTION);
    ApplicationPrivilege.PossibleAction actions = getActions();
    Set<SubjectImplementation> subjects = getSubjects(rc);
    try {
        Map<String, Set<String>> mapAppToResources = getApplicationResourcesMap(rc, realm);
        Subject userSubject = SubjectUtils.createSubject(getAdminSSOToken());
        ApplicationPrivilegeManager apm = ApplicationPrivilegeManager.getInstance(realm, userSubject);
        ApplicationPrivilege appPrivilege = new ApplicationPrivilege(name);
        appPrivilege.setDescription(description);
        appPrivilege.setActionValues(actions);
        appPrivilege.setApplicationResources(mapAppToResources);
        appPrivilege.setSubject(subjects);
        apm.addPrivilege(appPrivilege);
        Object[] msgParam = { name };
        getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("create-application-privilege-succeeded"), msgParam));
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEEDED_CREATE_APPLICATION_PRIVILEGE", params);
    } catch (EntitlementException ex) {
        String[] paramExs = { realm, name, ex.getMessage() };
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_CREATE_APPLICATION_PRIVILEGE", paramExs);
        throw new CLIException(ex, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (CLIException ex) {
        String[] paramExs = { realm, name, ex.getMessage() };
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_CREATE_APPLICATION_PRIVILEGE", paramExs);
        throw ex;
    }
}
Also used : Set(java.util.Set) ApplicationPrivilegeManager(com.sun.identity.entitlement.ApplicationPrivilegeManager) Subject(javax.security.auth.Subject) EntitlementException(com.sun.identity.entitlement.EntitlementException) ApplicationPrivilege(com.sun.identity.entitlement.ApplicationPrivilege) CLIException(com.sun.identity.cli.CLIException) SubjectImplementation(com.sun.identity.entitlement.SubjectImplementation)

Example 5 with ApplicationPrivilege

use of com.sun.identity.entitlement.ApplicationPrivilege in project OpenAM by OpenRock.

the class ApplicationPrivilegeCLITest method setSubjects.

@Test(dependsOnMethods = "changeAction")
public void setSubjects() throws Exception {
    String[] args = new String[9];
    args[0] = "update-app-priv-subjects";
    args[1] = CLIConstants.PREFIX_ARGUMENT_LONG + IArgument.REALM_NAME;
    args[2] = "/";
    args[3] = CLIConstants.PREFIX_ARGUMENT_LONG + ApplicationPrivilegeBase.PARAM_NAME;
    args[4] = PRIVILEGE_NAME;
    args[5] = CLIConstants.PREFIX_ARGUMENT_LONG + ApplicationPrivilegeBase.PARAM_SUBJECT_TYPE;
    args[6] = ApplicationPrivilegeBase.PARAM_SUBJECT_USER;
    args[7] = CLIConstants.PREFIX_ARGUMENT_LONG + ApplicationPrivilegeBase.PARAM_SUBJECTS;
    args[8] = user2.getUniversalId();
    CLIRequest req = new CLIRequest(null, args, adminToken);
    cmdManager.addToRequestQueue(req);
    cmdManager.serviceRequestQueue();
    ApplicationPrivilegeManager apm = ApplicationPrivilegeManager.getInstance("/", adminSubject);
    ApplicationPrivilege ap = apm.getPrivilege(PRIVILEGE_NAME);
    Set<AMIdentity> users = new HashSet<AMIdentity>();
    users.add(user2);
    validateSubjects(ap, users, "setSubjects");
}
Also used : ApplicationPrivilege(com.sun.identity.entitlement.ApplicationPrivilege) AMIdentity(com.sun.identity.idm.AMIdentity) CLIRequest(com.sun.identity.cli.CLIRequest) ApplicationPrivilegeManager(com.sun.identity.entitlement.ApplicationPrivilegeManager) HashSet(java.util.HashSet) Test(org.testng.annotations.Test)

Aggregations

ApplicationPrivilege (com.sun.identity.entitlement.ApplicationPrivilege)21 ApplicationPrivilegeManager (com.sun.identity.entitlement.ApplicationPrivilegeManager)19 EntitlementException (com.sun.identity.entitlement.EntitlementException)12 HashSet (java.util.HashSet)10 CLIRequest (com.sun.identity.cli.CLIRequest)9 Test (org.testng.annotations.Test)9 CLIException (com.sun.identity.cli.CLIException)7 Subject (javax.security.auth.Subject)7 SubjectImplementation (com.sun.identity.entitlement.SubjectImplementation)6 Set (java.util.Set)5 AMIdentity (com.sun.identity.idm.AMIdentity)4 SSOException (com.iplanet.sso.SSOException)3 IPrivilege (com.sun.identity.entitlement.IPrivilege)3 Privilege (com.sun.identity.entitlement.Privilege)3 ReferralPrivilege (com.sun.identity.entitlement.ReferralPrivilege)3 IdRepoException (com.sun.identity.idm.IdRepoException)3 Entitlement (com.sun.identity.entitlement.Entitlement)2 EntitlementSubject (com.sun.identity.entitlement.EntitlementSubject)2 OrSubject (com.sun.identity.entitlement.OrSubject)2 PrivilegeManager (com.sun.identity.entitlement.PrivilegeManager)2