Example 1 with RealmValidator
use of com.sun.identity.entitlement.xacml3.validation.RealmValidator in project OpenAM by OpenRock.
the class ListXACML method getPolicies.
/**
* Uses the Realm and Search Filters to identify all Privileges in the Entitlement
* framework to export.
*
* @throws CLIException If there was an unexpected error.
*/
private void getPolicies() throws CLIException {
FileOutputStream fout = null;
PrintWriter pwout = null;
if (outfile != null) {
try {
fout = new FileOutputStream(outfile, true);
pwout = new PrintWriter(fout, true);
} catch (FileNotFoundException e) {
debugError("ListXACML.handleXACMLPolicyRequest", e);
try {
if (fout != null) {
fout.close();
}
} catch (IOException ex) {
//do nothing
}
throw new CLIException(e, ExitCodes.IO_EXCEPTION);
} catch (SecurityException e) {
debugError("ListXACML.handleXACMLPolicyRequest", e);
try {
if (fout != null) {
fout.close();
}
} catch (IOException ex) {
//do nothing
}
throw new CLIException(e, ExitCodes.IO_EXCEPTION);
}
}
PolicySet policySet = null;
try {
PrivilegeValidator privilegeValidator = new PrivilegeValidator(new RealmValidator(new OrganizationConfigManager(adminSSOToken, "/")));
XACMLExportImport importExport = new XACMLExportImport(new XACMLExportImport.PrivilegeManagerFactory(), new XACMLReaderWriter(), privilegeValidator, new SearchFilterFactory(), PrivilegeManager.debug);
policySet = importExport.exportXACML(realm, adminSubject, filters);
} catch (EntitlementException e) {
String[] args = { realm, e.getMessage() };
debugError("ListXACML.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_GET_POLICY_IN_REALM", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SMSException e) {
String[] args = { realm, e.getMessage() };
debugError("ListXACML.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_GET_POLICY_IN_REALM", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
if (policySet == null || policySet.getPolicySetOrPolicyOrPolicySetIdReference().isEmpty()) {
String[] arg = { realm };
outputWriter.printlnMessage(MessageFormat.format(getResourceString("get-policy-in-realm-no-policies"), (Object[]) arg));
} else {
try {
if (pwout != null) {
pwout.write(XACMLPrivilegeUtils.toXML(policySet));
} else {
outputWriter.printlnMessage(XACMLPrivilegeUtils.toXML(policySet));
}
} catch (EntitlementException e) {
throw new CLIException(e, ExitCodes.IO_EXCEPTION);
}
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_GET_POLICY_IN_REALM", new String[] { realm });
String[] arg = { realm };
outputWriter.printlnMessage(MessageFormat.format(getResourceString("get-policy-in-realm-succeed"), (Object[]) arg));
if (pwout != null) {
try {
pwout.close();
fout.close();
} catch (IOException e) {
//do nothing
}
}
}
}
Also used :
SearchFilterFactory(com.sun.identity.entitlement.xacml3.SearchFilterFactory)
SMSException(com.sun.identity.sm.SMSException)
FileNotFoundException(java.io.FileNotFoundException)
XACMLExportImport(com.sun.identity.entitlement.xacml3.XACMLExportImport)
IOException(java.io.IOException)
PolicySet(com.sun.identity.entitlement.xacml3.core.PolicySet)
PrivilegeValidator(com.sun.identity.entitlement.xacml3.validation.PrivilegeValidator)
EntitlementException(com.sun.identity.entitlement.EntitlementException)
FileOutputStream(java.io.FileOutputStream)
OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager)
CLIException(com.sun.identity.cli.CLIException)
RealmValidator(com.sun.identity.entitlement.xacml3.validation.RealmValidator)
XACMLReaderWriter(com.sun.identity.entitlement.xacml3.XACMLReaderWriter)
PrintWriter(java.io.PrintWriter)
Example 2 with RealmValidator
use of com.sun.identity.entitlement.xacml3.validation.RealmValidator in project OpenAM by OpenRock.
the class CreateXACML method handleRequest.
/**
* Services the command line request to import XACML.
*
* Required Arguments:
* realm - Defines the realm the Policies will be imported into.
* xmlfile - References the XACML file from which the Policies should be read.
*
* Optional Arguments:
* dryrun - Optional flag indicates that, rather than carrying out the import,
* a report of anticipated affects should be generated.
* outfile - Optional reference to a file for dryrun report to be written, if not provided
* the dryrun report is written directly to stdout.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
ldapLogin();
SSOToken adminSSOToken = getAdminSSOToken();
Subject adminSubject = SubjectUtils.createSubject(adminSSOToken);
String realm = getStringOptionValue(IArgument.REALM_NAME);
ensureEntitlementServiceActive(adminSubject, realm);
InputStream xacmlInputStream = getXacmlInputStream(realm);
logStart(realm);
if (!XACMLUtils.hasPermission(realm, adminSSOToken, "MODIFY")) {
String errorMessage = MessageFormat.format(getResourceString("permission-denied"), "create-xacml", getAdminID());
CLIException clie = new CLIException(errorMessage, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
logException(realm, clie);
throw clie;
}
List<ImportStep> importSteps;
try {
PrivilegeValidator privilegeValidator = new PrivilegeValidator(new RealmValidator(new OrganizationConfigManager(adminSSOToken, realm)));
XACMLExportImport xacmlExportImport = new XACMLExportImport(new XACMLExportImport.PrivilegeManagerFactory(), new XACMLReaderWriter(), privilegeValidator, new SearchFilterFactory(), PrivilegeManager.debug);
importSteps = xacmlExportImport.importXacml(realm, xacmlInputStream, adminSubject, isDryRun());
} catch (EntitlementException e) {
debugError("CreateXACML.handleRequest", e);
logException(realm, e);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SMSException e) {
debugError("CreateXACML.handleRequest", e);
logException(realm, e);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
if (importSteps.isEmpty()) {
String message = getResourceString("no-policies-provided");
logNothingToImport(realm, message);
getOutputWriter().printlnMessage(message);
} else {
logSuccess(realm);
if (isDryRun()) {
outputDryRunResults(importSteps);
} else {
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("create-policy-in-realm-succeed"), realm));
}
}
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
SearchFilterFactory(com.sun.identity.entitlement.xacml3.SearchFilterFactory)
SMSException(com.sun.identity.sm.SMSException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
XACMLExportImport(com.sun.identity.entitlement.xacml3.XACMLExportImport)
Subject(javax.security.auth.Subject)
ImportStep(com.sun.identity.entitlement.xacml3.XACMLExportImport.ImportStep)
PrivilegeValidator(com.sun.identity.entitlement.xacml3.validation.PrivilegeValidator)
EntitlementException(com.sun.identity.entitlement.EntitlementException)
OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager)
CLIException(com.sun.identity.cli.CLIException)
RealmValidator(com.sun.identity.entitlement.xacml3.validation.RealmValidator)
XACMLReaderWriter(com.sun.identity.entitlement.xacml3.XACMLReaderWriter)
Aggregations
CLIException (com.sun.identity.cli.CLIException)2
EntitlementException (com.sun.identity.entitlement.EntitlementException)2
SearchFilterFactory (com.sun.identity.entitlement.xacml3.SearchFilterFactory)2
XACMLExportImport (com.sun.identity.entitlement.xacml3.XACMLExportImport)2
XACMLReaderWriter (com.sun.identity.entitlement.xacml3.XACMLReaderWriter)2
PrivilegeValidator (com.sun.identity.entitlement.xacml3.validation.PrivilegeValidator)2
RealmValidator (com.sun.identity.entitlement.xacml3.validation.RealmValidator)2
OrganizationConfigManager (com.sun.identity.sm.OrganizationConfigManager)2
SMSException (com.sun.identity.sm.SMSException)2
SSOToken (com.iplanet.sso.SSOToken)1
ImportStep (com.sun.identity.entitlement.xacml3.XACMLExportImport.ImportStep)1
PolicySet (com.sun.identity.entitlement.xacml3.core.PolicySet)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
FileInputStream (java.io.FileInputStream)1
FileNotFoundException (java.io.FileNotFoundException)1
FileOutputStream (java.io.FileOutputStream)1
IOException (java.io.IOException)1
InputStream (java.io.InputStream)1
PrintWriter (java.io.PrintWriter)1
Subject (javax.security.auth.Subject)1
