Search in sources :

Example 1 with PrivilegeValidator

use of com.sun.identity.entitlement.xacml3.validation.PrivilegeValidator in project OpenAM by OpenRock.

the class ListXACML method getPolicies.

/**
     * Uses the Realm and Search Filters to identify all Privileges in the Entitlement
     * framework to export.
     *
     * @throws CLIException If there was an unexpected error.
     */
private void getPolicies() throws CLIException {
    FileOutputStream fout = null;
    PrintWriter pwout = null;
    if (outfile != null) {
        try {
            fout = new FileOutputStream(outfile, true);
            pwout = new PrintWriter(fout, true);
        } catch (FileNotFoundException e) {
            debugError("ListXACML.handleXACMLPolicyRequest", e);
            try {
                if (fout != null) {
                    fout.close();
                }
            } catch (IOException ex) {
            //do nothing
            }
            throw new CLIException(e, ExitCodes.IO_EXCEPTION);
        } catch (SecurityException e) {
            debugError("ListXACML.handleXACMLPolicyRequest", e);
            try {
                if (fout != null) {
                    fout.close();
                }
            } catch (IOException ex) {
            //do nothing
            }
            throw new CLIException(e, ExitCodes.IO_EXCEPTION);
        }
    }
    PolicySet policySet = null;
    try {
        PrivilegeValidator privilegeValidator = new PrivilegeValidator(new RealmValidator(new OrganizationConfigManager(adminSSOToken, "/")));
        XACMLExportImport importExport = new XACMLExportImport(new XACMLExportImport.PrivilegeManagerFactory(), new XACMLReaderWriter(), privilegeValidator, new SearchFilterFactory(), PrivilegeManager.debug);
        policySet = importExport.exportXACML(realm, adminSubject, filters);
    } catch (EntitlementException e) {
        String[] args = { realm, e.getMessage() };
        debugError("ListXACML.handleRequest", e);
        writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_GET_POLICY_IN_REALM", args);
        throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (SMSException e) {
        String[] args = { realm, e.getMessage() };
        debugError("ListXACML.handleRequest", e);
        writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_GET_POLICY_IN_REALM", args);
        throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }
    if (policySet == null || policySet.getPolicySetOrPolicyOrPolicySetIdReference().isEmpty()) {
        String[] arg = { realm };
        outputWriter.printlnMessage(MessageFormat.format(getResourceString("get-policy-in-realm-no-policies"), (Object[]) arg));
    } else {
        try {
            if (pwout != null) {
                pwout.write(XACMLPrivilegeUtils.toXML(policySet));
            } else {
                outputWriter.printlnMessage(XACMLPrivilegeUtils.toXML(policySet));
            }
        } catch (EntitlementException e) {
            throw new CLIException(e, ExitCodes.IO_EXCEPTION);
        }
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_GET_POLICY_IN_REALM", new String[] { realm });
        String[] arg = { realm };
        outputWriter.printlnMessage(MessageFormat.format(getResourceString("get-policy-in-realm-succeed"), (Object[]) arg));
        if (pwout != null) {
            try {
                pwout.close();
                fout.close();
            } catch (IOException e) {
            //do nothing
            }
        }
    }
}
Also used : SearchFilterFactory(com.sun.identity.entitlement.xacml3.SearchFilterFactory) SMSException(com.sun.identity.sm.SMSException) FileNotFoundException(java.io.FileNotFoundException) XACMLExportImport(com.sun.identity.entitlement.xacml3.XACMLExportImport) IOException(java.io.IOException) PolicySet(com.sun.identity.entitlement.xacml3.core.PolicySet) PrivilegeValidator(com.sun.identity.entitlement.xacml3.validation.PrivilegeValidator) EntitlementException(com.sun.identity.entitlement.EntitlementException) FileOutputStream(java.io.FileOutputStream) OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager) CLIException(com.sun.identity.cli.CLIException) RealmValidator(com.sun.identity.entitlement.xacml3.validation.RealmValidator) XACMLReaderWriter(com.sun.identity.entitlement.xacml3.XACMLReaderWriter) PrintWriter(java.io.PrintWriter)

Example 2 with PrivilegeValidator

use of com.sun.identity.entitlement.xacml3.validation.PrivilegeValidator in project OpenAM by OpenRock.

the class CreateXACML method handleRequest.

/**
     * Services the command line request to import XACML.
     *
     * Required Arguments:
     * realm - Defines the realm the Policies will be imported into.
     * xmlfile - References the XACML file from which the Policies should be read.
     *
     * Optional Arguments:
     * dryrun - Optional flag indicates that, rather than carrying out the import,
     *          a report of anticipated affects should be generated.
     * outfile - Optional reference to a file for dryrun report to be written, if not provided
     *         the dryrun report is written directly to stdout.
     *
     * @param rc Request Context.
     * @throws CLIException if the request cannot serviced.
     */
public void handleRequest(RequestContext rc) throws CLIException {
    super.handleRequest(rc);
    ldapLogin();
    SSOToken adminSSOToken = getAdminSSOToken();
    Subject adminSubject = SubjectUtils.createSubject(adminSSOToken);
    String realm = getStringOptionValue(IArgument.REALM_NAME);
    ensureEntitlementServiceActive(adminSubject, realm);
    InputStream xacmlInputStream = getXacmlInputStream(realm);
    logStart(realm);
    if (!XACMLUtils.hasPermission(realm, adminSSOToken, "MODIFY")) {
        String errorMessage = MessageFormat.format(getResourceString("permission-denied"), "create-xacml", getAdminID());
        CLIException clie = new CLIException(errorMessage, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        logException(realm, clie);
        throw clie;
    }
    List<ImportStep> importSteps;
    try {
        PrivilegeValidator privilegeValidator = new PrivilegeValidator(new RealmValidator(new OrganizationConfigManager(adminSSOToken, realm)));
        XACMLExportImport xacmlExportImport = new XACMLExportImport(new XACMLExportImport.PrivilegeManagerFactory(), new XACMLReaderWriter(), privilegeValidator, new SearchFilterFactory(), PrivilegeManager.debug);
        importSteps = xacmlExportImport.importXacml(realm, xacmlInputStream, adminSubject, isDryRun());
    } catch (EntitlementException e) {
        debugError("CreateXACML.handleRequest", e);
        logException(realm, e);
        throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (SMSException e) {
        debugError("CreateXACML.handleRequest", e);
        logException(realm, e);
        throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }
    if (importSteps.isEmpty()) {
        String message = getResourceString("no-policies-provided");
        logNothingToImport(realm, message);
        getOutputWriter().printlnMessage(message);
    } else {
        logSuccess(realm);
        if (isDryRun()) {
            outputDryRunResults(importSteps);
        } else {
            getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("create-policy-in-realm-succeed"), realm));
        }
    }
}
Also used : SSOToken(com.iplanet.sso.SSOToken) SearchFilterFactory(com.sun.identity.entitlement.xacml3.SearchFilterFactory) SMSException(com.sun.identity.sm.SMSException) ByteArrayInputStream(java.io.ByteArrayInputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) XACMLExportImport(com.sun.identity.entitlement.xacml3.XACMLExportImport) Subject(javax.security.auth.Subject) ImportStep(com.sun.identity.entitlement.xacml3.XACMLExportImport.ImportStep) PrivilegeValidator(com.sun.identity.entitlement.xacml3.validation.PrivilegeValidator) EntitlementException(com.sun.identity.entitlement.EntitlementException) OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager) CLIException(com.sun.identity.cli.CLIException) RealmValidator(com.sun.identity.entitlement.xacml3.validation.RealmValidator) XACMLReaderWriter(com.sun.identity.entitlement.xacml3.XACMLReaderWriter)

Aggregations

CLIException (com.sun.identity.cli.CLIException)2 EntitlementException (com.sun.identity.entitlement.EntitlementException)2 SearchFilterFactory (com.sun.identity.entitlement.xacml3.SearchFilterFactory)2 XACMLExportImport (com.sun.identity.entitlement.xacml3.XACMLExportImport)2 XACMLReaderWriter (com.sun.identity.entitlement.xacml3.XACMLReaderWriter)2 PrivilegeValidator (com.sun.identity.entitlement.xacml3.validation.PrivilegeValidator)2 RealmValidator (com.sun.identity.entitlement.xacml3.validation.RealmValidator)2 OrganizationConfigManager (com.sun.identity.sm.OrganizationConfigManager)2 SMSException (com.sun.identity.sm.SMSException)2 SSOToken (com.iplanet.sso.SSOToken)1 ImportStep (com.sun.identity.entitlement.xacml3.XACMLExportImport.ImportStep)1 PolicySet (com.sun.identity.entitlement.xacml3.core.PolicySet)1 ByteArrayInputStream (java.io.ByteArrayInputStream)1 FileInputStream (java.io.FileInputStream)1 FileNotFoundException (java.io.FileNotFoundException)1 FileOutputStream (java.io.FileOutputStream)1 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1 PrintWriter (java.io.PrintWriter)1 Subject (javax.security.auth.Subject)1