Search in sources :

Example 11 with DelegationEvaluatorImpl

use of com.sun.identity.delegation.DelegationEvaluatorImpl in project OpenAM by OpenRock.

the class UMUserPasswordResetOptionsModelImpl method isRealmAdmin.

/**
     * Returns <code>true</code> if current user is an realm administrator.
     *
     * @return <code>true</code> if current user is an realm administrator.
     */
public boolean isRealmAdmin() {
    SSOToken token = getUserSSOToken();
    try {
        Set actionNames = new HashSet();
        actionNames.add("MODIFY");
        DelegationEvaluator de = new DelegationEvaluatorImpl();
        DelegationPermission permission = new DelegationPermission(token.getProperty(Constants.ORGANIZATION), "sunAMRealmService", "1.0", "organization", "default", actionNames, null);
        return de.isAllowed(token, permission, null);
    } catch (SSOException e) {
        debug.warning("UserPasswordResetOptionsModelImpl.isRealmAdmin", e);
    } catch (DelegationException e) {
        debug.warning("UserPasswordResetOptionsModelImpl.isRealmAdmin", e);
    }
    return false;
}
Also used : DelegationEvaluatorImpl(com.sun.identity.delegation.DelegationEvaluatorImpl) SSOToken(com.iplanet.sso.SSOToken) HashSet(java.util.HashSet) Set(java.util.Set) DelegationEvaluator(com.sun.identity.delegation.DelegationEvaluator) SSOException(com.iplanet.sso.SSOException) DelegationException(com.sun.identity.delegation.DelegationException) DelegationPermission(com.sun.identity.delegation.DelegationPermission) HashSet(java.util.HashSet)

Example 12 with DelegationEvaluatorImpl

use of com.sun.identity.delegation.DelegationEvaluatorImpl in project OpenAM by OpenRock.

the class ISAuthorizer method isAuthorized.

/**
     * Returns <code>true</code> if a given log record should be published.
     *
     * @param logName Log name on which operation is to be performed.
     * @param operation The log operation to be performed.
     * @param credential The credential to be authorized.
     * @return <code>true</code> if the credential is authorized.
     */
public boolean isAuthorized(String logName, String operation, Object credential) {
    SSOToken ssoToken = null;
    if (credential instanceof SSOToken) {
        ssoToken = (SSOToken) credential;
    }
    if (ssoToken == null) {
        Debug.error("ISAuthorizer.isAuthorized(): SSO Token is null ");
        return false;
    }
    try {
        String tmpID = ssoToken.getPrincipal().getName();
        if (Debug.messageEnabled()) {
            Debug.message("ISAuthorizer.isAuthorized():logName = " + logName + ", op = " + operation + ", uid = " + tmpID);
        }
        String thisSubConfig = "LogWrite";
        if (operation.equalsIgnoreCase("READ")) {
            thisSubConfig = "LogRead";
        }
        SSOTokenManager ssoMgr = SSOTokenManager.getInstance();
        if (ssoMgr.isValidToken(ssoToken)) {
            Map tmap = new HashMap();
            Set actSet;
            actSet = Collections.singleton(operation);
            try {
                String amRealm = ssoToken.getProperty(Constants.ORGANIZATION);
                DelegationPermission dp = new // realm
                DelegationPermission(// realm
                amRealm, // service name
                "iPlanetAMLoggingService", // version
                "1.0", // config type
                "application", // subConfig name
                thisSubConfig, // actions
                actSet, // extensions
                tmap);
                DelegationEvaluator de = new DelegationEvaluatorImpl();
                if (de.isAllowed(ssoToken, dp, null)) {
                    return true;
                } else {
                    Debug.error(logName + ":ISAuthorizer.isAuthorized():log rqt to " + operation + " by " + tmpID + " denied.");
                }
            } catch (DelegationException dex) {
                String loggedByID = ssoToken.getPrincipal().getName();
                Debug.error("ISAuthorizer.isAuthorized():delegation error: " + "user: " + loggedByID + ", logName = " + logName + ", op = " + operation + ", msg = " + dex.getMessage());
            }
        } else {
            String loggedByID = ssoToken.getPrincipal().getName();
            Debug.error("ISAuthorizer.isAuthorized(): access denied " + "for user : " + loggedByID);
        }
    } catch (SSOException ssoe) {
        Debug.error("ISAuthorizer.isAuthorized(): SSOException: ", ssoe);
    }
    return false;
}
Also used : SSOTokenManager(com.iplanet.sso.SSOTokenManager) DelegationEvaluatorImpl(com.sun.identity.delegation.DelegationEvaluatorImpl) SSOToken(com.iplanet.sso.SSOToken) Set(java.util.Set) HashMap(java.util.HashMap) DelegationEvaluator(com.sun.identity.delegation.DelegationEvaluator) DelegationException(com.sun.identity.delegation.DelegationException) SSOException(com.iplanet.sso.SSOException) Map(java.util.Map) HashMap(java.util.HashMap) DelegationPermission(com.sun.identity.delegation.DelegationPermission)

Aggregations

DelegationEvaluator (com.sun.identity.delegation.DelegationEvaluator)12 DelegationEvaluatorImpl (com.sun.identity.delegation.DelegationEvaluatorImpl)12 DelegationPermission (com.sun.identity.delegation.DelegationPermission)12 SSOException (com.iplanet.sso.SSOException)9 DelegationException (com.sun.identity.delegation.DelegationException)9 HashSet (java.util.HashSet)8 Set (java.util.Set)8 SSOToken (com.iplanet.sso.SSOToken)5 Iterator (java.util.Iterator)3 IdRepoException (com.sun.identity.idm.IdRepoException)2 SMSException (com.sun.identity.sm.SMSException)2 HashMap (java.util.HashMap)2 Map (java.util.Map)2 AMHashMap (com.iplanet.am.sdk.AMHashMap)1 SSOTokenManager (com.iplanet.sso.SSOTokenManager)1 CaseInsensitiveHashMap (com.sun.identity.common.CaseInsensitiveHashMap)1 CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)1 ISubjectable (com.sun.identity.rest.ISubjectable)1 RestException (com.sun.identity.rest.RestException)1 OrderedSet (com.sun.identity.shared.datastruct.OrderedSet)1