Examples with SSOToken com.iplanet.sso.SSOToken used on opensource projects

Example 56 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class ResourceTypeConfigurationImpl method getResourceTypes.

@Override
public Set<ResourceType> getResourceTypes(final QueryFilter<SmsAttribute> queryFilter, final Subject subject, final String realm) throws EntitlementException {
    final SSOToken token = SubjectUtils.getSSOToken(subject);
    final String dn = getResourceTypeBaseDN(realm);
    final Filter filter = queryFilter.accept(new SmsQueryFilterVisitor(), null);
    final Set<ResourceType> resourceTypes = new HashSet<ResourceType>();
    try {
        if (SMSEntry.checkIfEntryExists(dn, token)) {
            // Interaction with legacy service.
            @SuppressWarnings("unchecked") final Iterator<SMSDataEntry> iterator = (Iterator<SMSDataEntry>) SMSEntry.search(token, dn, filter.toString(), 0, 0, false, false, Collections.emptySet());
            while (iterator.hasNext()) {
                final SMSDataEntry entry = iterator.next();
                final String name = entry.getAttributeValue(CONFIG_NAME);
                // Extract the resource types UUID from the LDAP DN representation.
                final String uuid = LDAPUtils.getName(DN.valueOf(entry.getDN()));
                // Interaction with legacy service.
                @SuppressWarnings("unchecked") final Set<String> actionSet = entry.getAttributeValues(CONFIG_ACTIONS);
                final Map<String, Boolean> actions = getActions(actionSet);
                // Interaction with legacy service.
                @SuppressWarnings("unchecked") final Set<String> resources = entry.getAttributeValues(CONFIG_PATTERNS);
                final String description = entry.getAttributeValue(CONFIG_DESCRIPTION);
                final String createdBy = entry.getAttributeValue(CONFIG_CREATED_BY);
                final String creationDate = entry.getAttributeValue(CONFIG_CREATION_DATE);
                final String modifiedBy = entry.getAttributeValue(CONFIG_LAST_MODIFIED_BY);
                final String modifiedDate = entry.getAttributeValue(CONFIG_LAST_MODIFIED_DATE);
                final ResourceType resourceType = ResourceType.builder().setUUID(uuid).setName(name).setActions(actions).setPatterns(resources).setDescription(description).setCreatedBy(createdBy).setCreationDate(Long.parseLong(creationDate)).setLastModifiedBy(modifiedBy).setLastModifiedDate(Long.parseLong(modifiedDate)).build();
                resourceTypes.add(resourceType);
            }
        }
    } catch (SMSException smsE) {
        throw new EntitlementException(RESOURCE_TYPE_RETRIEVAL_ERROR, realm, smsE);
    }
    return resourceTypes;
}

Example 57 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class ResourceTypeConfigurationImpl method isResourceTypeUsed.

/**
     * Looks in the realm for applications and policies that may reference the resource type.
     *
     * @param uuid
     *         the resource type uuid
     *
     * @return whether the resource type is referenced in the policy model for the realm
     *
     * @throws EntitlementException
     *         should an error occur looking up resource type references
     */
private boolean isResourceTypeUsed(Subject subject, String realm, String uuid) throws EntitlementException {
    SSOToken token = SubjectUtils.getSSOToken(subject);
    try {
        String filter = MessageFormat.format(REFERENCE_FILTER, uuid);
        @SuppressWarnings("unchecked") Set<String> dnEntries = SMSEntry.search(token, dnHelper.orgNameToDN(realm), filter, 0, 0, false, false);
        for (String dnEntry : dnEntries) {
            if (dnEntry.contains(EntitlementUtils.INDEXES_NAME)) {
                // A DN containing the entitlement index service indicates reference by a policy.
                return true;
            }
            if (dnEntry.contains(EntitlementUtils.SERVICE_NAME)) {
                // A DN containing the general entitlement service indicates reference by an application.
                return true;
            }
        }
        return false;
    } catch (SMSException smsE) {
        throw new EntitlementException(EntitlementException.INTERNAL_ERROR, smsE);
    }
}

Example 58 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class ResourceTypeServiceConfig method getOrgConfig.

/**
     * Get the organization configuration for the sunEntitlementService service.
     * @param subject The subject used to retrieve the SSO token.
     * @param realm The realm from which to retrieve it.
     * @return The organization configuration, which is guaranteed to not be null.
     * @throws SMSException If the sub configuration could not be read.
     * @throws SSOException If the Admin token could not be found.
     */
ServiceConfig getOrgConfig(Subject subject, String realm) throws SMSException, SSOException {
    final SSOToken token = getSSOToken(subject);
    if (token == null) {
        throw new SSOException("Could not find Admin token.");
    }
    ServiceConfig orgConfig = new ServiceConfigManager(SERVICE_NAME, token).getOrganizationConfig(realm, null);
    if (orgConfig == null) {
        throw new SMSException("Configuration '" + SERVICE_NAME + "' in realm '" + realm + "' could not be retrieved.");
    }
    return orgConfig;
}

Example 59 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class DelegationIsAllowedSubResourceTest method test.

@Test
public void test() throws Exception {
    Set<String> actions = new HashSet<String>();
    actions.add("READ");
    SSOToken token = AuthUtils.authenticate("/", USER1, USER1);
    DelegationPermission dp = new DelegationPermission("/", "sunEntitlementService", "1.0", "application", "default/application/*", actions, null);
    DelegationEvaluator de = new DelegationEvaluatorImpl();
    if (!de.isAllowed(token, dp, Collections.EMPTY_MAP, true)) {
        throw new Exception("DelegationIsAllowedSubResourceTest.test: failed");
    }
}

Example 60 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class DelegationPrivilegeSubResourceTest method test.

@Test
public void test() throws Exception {
    SSOToken ssoToken = AuthUtils.authenticate("/", USER1, USER1);
    ApplicationPrivilegeManager apm = ApplicationPrivilegeManager.getInstance("/", SubjectUtils.createSubject(ssoToken));
    Set<String> applNames = apm.getApplications(ApplicationPrivilege.Action.READ);
    if ((applNames.size() != 1) || !applNames.contains(ApplicationTypeManager.URL_APPLICATION_TYPE_NAME)) {
        throw new Exception("DelegationPrivilegeSubResourceTest.test: " + "application names for READ action is inccorect");
    }
    applNames = apm.getApplications(ApplicationPrivilege.Action.DELEGATE);
    if ((applNames.size() != 1) || !applNames.contains(ApplicationTypeManager.URL_APPLICATION_TYPE_NAME)) {
        throw new Exception("DelegationPrivilegeSubResourceTest.test: " + "application names for DELEGATE action is inccorect");
    }
    applNames = apm.getApplications(ApplicationPrivilege.Action.MODIFY);
    if (!applNames.isEmpty()) {
        throw new Exception("DelegationPrivilegeSubResourceTest.test: " + "application names for MODIFY action is inccorect");
    }
    Set<String> resources = apm.getResources(ApplicationTypeManager.URL_APPLICATION_TYPE_NAME, ApplicationPrivilege.Action.READ);
    if ((resources.size() != 2) || !resources.contains(DELEGATED_RESOURCE_BASE) || !resources.contains(DELEGATED_RESOURCE)) {
        throw new Exception("DelegationPrivilegeSubResourceTest.test: " + "resource names for READ action is inccorect");
    }
    resources = apm.getResources(ApplicationTypeManager.URL_APPLICATION_TYPE_NAME, ApplicationPrivilege.Action.DELEGATE);
    if ((resources.size() != 2) || !resources.contains(DELEGATED_RESOURCE_BASE) || !resources.contains(DELEGATED_RESOURCE)) {
        throw new Exception("DelegationPrivilegeSubResourceTest.test: " + "resource names for DELEGATE action is inccorect");
    }
}