use of com.sun.identity.entitlement.ApplicationPrivilege in project OpenAM by OpenRock.
the class UpdateApplicationPrivilege method handleRequest.
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
@Override
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
String realm = getStringOptionValue(IArgument.REALM_NAME);
String name = getStringOptionValue(PARAM_NAME);
String[] params = { realm, name };
String description = getStringOptionValue(PARAM_DESCRIPTION);
boolean hasDescription = (description != null) && description.trim().length() > 0;
String actions = getStringOptionValue(PARAM_ACTIONS);
ApplicationPrivilege.PossibleAction action = (actions != null) ? getActions() : null;
if (!hasDescription && (action == null)) {
throw new CLIException(getResourceString("update-application-privilege-invalid"), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
Subject userSubject = SubjectUtils.createSubject(getAdminSSOToken());
ApplicationPrivilegeManager apm = ApplicationPrivilegeManager.getInstance(realm, userSubject);
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_UPDATE_APPLICATION_PRIVILEGE", params);
try {
ApplicationPrivilege appPrivilege = apm.getPrivilege(name);
if (hasDescription) {
appPrivilege.setDescription(description);
}
if (action != null) {
appPrivilege.setActionValues(action);
}
apm.replacePrivilege(appPrivilege);
Object[] msgParam = { name };
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("update-application-privilege-succeeded"), msgParam));
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEEDED_UPDATE_APPLICATION_PRIVILEGE", params);
} catch (EntitlementException ex) {
String[] paramExs = { realm, name, ex.getMessage() };
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_UPDATE_APPLICATION_PRIVILEGE", paramExs);
throw new CLIException(ex, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
use of com.sun.identity.entitlement.ApplicationPrivilege in project OpenAM by OpenRock.
the class RemoveApplicationPrivilegeSubjects method handleRequest.
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
@Override
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
String realm = getStringOptionValue(IArgument.REALM_NAME);
String name = getStringOptionValue(PARAM_NAME);
String[] params = { realm, name };
Set<SubjectImplementation> newSubjects = getSubjects(rc);
Subject userSubject = SubjectUtils.createSubject(getAdminSSOToken());
ApplicationPrivilegeManager apm = ApplicationPrivilegeManager.getInstance(realm, userSubject);
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_UPDATE_APPLICATION_PRIVILEGE", params);
try {
ApplicationPrivilege appPrivilege = apm.getPrivilege(name);
Set<SubjectImplementation> origSubjects = appPrivilege.getSubjects();
origSubjects.removeAll(newSubjects);
if (origSubjects.isEmpty()) {
throw new CLIException(getResourceString("remove-application-privilege-subjects-emptied-subjects"), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
appPrivilege.setSubject(origSubjects);
apm.replacePrivilege(appPrivilege);
Object[] msgParam = { name };
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("update-application-privilege-succeeded"), msgParam));
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEEDED_UPDATE_APPLICATION_PRIVILEGE", params);
} catch (EntitlementException ex) {
String[] paramExs = { realm, name, ex.getMessage() };
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_UPDATE_APPLICATION_PRIVILEGE", paramExs);
throw new CLIException(ex, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
use of com.sun.identity.entitlement.ApplicationPrivilege in project OpenAM by OpenRock.
the class RemoveApplicationPrivilegeResources method handleRequest.
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
@Override
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
String realm = getStringOptionValue(IArgument.REALM_NAME);
String name = getStringOptionValue(PARAM_NAME);
String[] params = { realm, name };
try {
Map<String, Set<String>> mapAppToResources = getApplicationResourcesMap(rc, realm);
Subject userSubject = SubjectUtils.createSubject(getAdminSSOToken());
ApplicationPrivilegeManager apm = ApplicationPrivilegeManager.getInstance(realm, userSubject);
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_UPDATE_APPLICATION_PRIVILEGE", params);
ApplicationPrivilege appPrivilege = apm.getPrivilege(name);
Map<String, Set<String>> origAppToResources = getApplicationToResources(appPrivilege);
removeFromMap(origAppToResources, mapAppToResources);
if (origAppToResources.isEmpty()) {
throw new CLIException(getResourceString("remove-application-privilege-resources-emptied-resources"), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
appPrivilege.setApplicationResources(origAppToResources);
apm.replacePrivilege(appPrivilege);
Object[] msgParam = { name };
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("update-application-privilege-succeeded"), msgParam));
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEEDED_UPDATE_APPLICATION_PRIVILEGE", params);
} catch (EntitlementException ex) {
String[] paramExs = { realm, name, ex.getMessage() };
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_UPDATE_APPLICATION_PRIVILEGE", paramExs);
throw new CLIException(ex, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
use of com.sun.identity.entitlement.ApplicationPrivilege in project OpenAM by OpenRock.
the class CreateApplicationPrivilege method handleRequest.
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
@Override
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
String realm = getStringOptionValue(IArgument.REALM_NAME);
String name = getStringOptionValue(PARAM_NAME);
String[] params = { realm, name };
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_CREATE_APPLICATION_PRIVILEGE", params);
String description = getStringOptionValue(PARAM_DESCRIPTION);
ApplicationPrivilege.PossibleAction actions = getActions();
Set<SubjectImplementation> subjects = getSubjects(rc);
try {
Map<String, Set<String>> mapAppToResources = getApplicationResourcesMap(rc, realm);
Subject userSubject = SubjectUtils.createSubject(getAdminSSOToken());
ApplicationPrivilegeManager apm = ApplicationPrivilegeManager.getInstance(realm, userSubject);
ApplicationPrivilege appPrivilege = new ApplicationPrivilege(name);
appPrivilege.setDescription(description);
appPrivilege.setActionValues(actions);
appPrivilege.setApplicationResources(mapAppToResources);
appPrivilege.setSubject(subjects);
apm.addPrivilege(appPrivilege);
Object[] msgParam = { name };
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("create-application-privilege-succeeded"), msgParam));
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEEDED_CREATE_APPLICATION_PRIVILEGE", params);
} catch (EntitlementException ex) {
String[] paramExs = { realm, name, ex.getMessage() };
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_CREATE_APPLICATION_PRIVILEGE", paramExs);
throw new CLIException(ex, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (CLIException ex) {
String[] paramExs = { realm, name, ex.getMessage() };
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_CREATE_APPLICATION_PRIVILEGE", paramExs);
throw ex;
}
}
use of com.sun.identity.entitlement.ApplicationPrivilege in project OpenAM by OpenRock.
the class ApplicationPrivilegeCLITest method setSubjects.
@Test(dependsOnMethods = "changeAction")
public void setSubjects() throws Exception {
String[] args = new String[9];
args[0] = "update-app-priv-subjects";
args[1] = CLIConstants.PREFIX_ARGUMENT_LONG + IArgument.REALM_NAME;
args[2] = "/";
args[3] = CLIConstants.PREFIX_ARGUMENT_LONG + ApplicationPrivilegeBase.PARAM_NAME;
args[4] = PRIVILEGE_NAME;
args[5] = CLIConstants.PREFIX_ARGUMENT_LONG + ApplicationPrivilegeBase.PARAM_SUBJECT_TYPE;
args[6] = ApplicationPrivilegeBase.PARAM_SUBJECT_USER;
args[7] = CLIConstants.PREFIX_ARGUMENT_LONG + ApplicationPrivilegeBase.PARAM_SUBJECTS;
args[8] = user2.getUniversalId();
CLIRequest req = new CLIRequest(null, args, adminToken);
cmdManager.addToRequestQueue(req);
cmdManager.serviceRequestQueue();
ApplicationPrivilegeManager apm = ApplicationPrivilegeManager.getInstance("/", adminSubject);
ApplicationPrivilege ap = apm.getPrivilege(PRIVILEGE_NAME);
Set<AMIdentity> users = new HashSet<AMIdentity>();
users.add(user2);
validateSubjects(ap, users, "setSubjects");
}
Aggregations