Examples with DelegationPrivilege com.sun.identity.delegation.DelegationPrivilege used on opensource projects

Example 6 with DelegationPrivilege

use of com.sun.identity.delegation.DelegationPrivilege in project OpenAM by OpenRock.

the class GetPrivileges method handleRequest.

/**
     * Services a Commandline Request.
     *
     * @param rc Request Context.
     * @throws CLIException if the request cannot serviced.
     */
public void handleRequest(RequestContext rc) throws CLIException {
    super.handleRequest(rc);
    SSOToken adminSSOToken = getAdminSSOToken();
    IOutput outputWriter = getOutputWriter();
    String realm = getStringOptionValue(IArgument.REALM_NAME);
    String idName = getStringOptionValue(ARGUMENT_ID_NAME);
    String type = getStringOptionValue(ARGUMENT_ID_TYPE);
    IdType idType = convert2IdType(type);
    String[] params = { realm, type, idName };
    try {
        DelegationManager mgr = new DelegationManager(adminSSOToken, realm);
        AMIdentityRepository amir = new AMIdentityRepository(adminSSOToken, realm);
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_IDREPO_GET_PRIVILEGES", params);
        AMIdentity amid;
        if (idType.equals(IdType.ROLE) && idName.equalsIgnoreCase(ALL_AUTHENTICATED_USERS)) {
            //realm needs to be /, see DelegationPolicyImpl#privilegeToPolicy implementation
            amid = new AMIdentity(adminSSOToken, idName, idType, "/", null);
        //do not check the existense of all authenticated users role as it would fail
        } else {
            amid = new AMIdentity(adminSSOToken, idName, idType, realm, null);
            if (!amid.isExists()) {
                Object[] p = { idName, type };
                throw new CLIException(MessageFormat.format(getResourceString("identity-does-not-exist"), p), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
            }
        }
        Set results = mgr.getPrivileges(amid.getUniversalId());
        if ((results != null) && !results.isEmpty()) {
            String[] param = { "" };
            String msg = getResourceString("privilege-result");
            for (Iterator i = results.iterator(); i.hasNext(); ) {
                DelegationPrivilege p = (DelegationPrivilege) i.next();
                param[0] = p.getName();
                outputWriter.printlnMessage(MessageFormat.format(msg, (Object[]) param));
            }
        } else {
            outputWriter.printlnMessage(getResourceString("no-privileges"));
        }
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_IDREPO_GET_PRIVILEGES", params);
    } catch (DelegationException e) {
        String[] args = { realm, type, idName, e.getMessage() };
        debugError("GetPrivileges.handleRequest", e);
        writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_GET_PRIVILEGES", args);
        throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (IdRepoException e) {
        String[] args = { realm, type, idName, e.getMessage() };
        debugError("GetPrivileges.handleRequest", e);
        writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_GET_PRIVILEGES", args);
        throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (SSOException e) {
        String[] args = { realm, type, idName, e.getMessage() };
        debugError("GetPrivileges.handleRequest", e);
        writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_IDREPO_GET_PRIVILEGES", args);
        throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }
}

Example 7 with DelegationPrivilege

use of com.sun.identity.delegation.DelegationPrivilege in project OpenAM by OpenRock.

the class DelegationPropertiesViewBean method getPrivileges.

private Map getPrivileges(DelegationModel model) {
    Map map = null;
    String curRealm = (String) getPageSessionAttribute(AMAdminConstants.CURRENT_REALM);
    String uid = (String) getPageSessionAttribute(CURRENT_IDENTITY);
    try {
        Set privileges = model.getPrivileges(curRealm, uid);
        if ((privileges != null) && !privileges.isEmpty()) {
            map = new HashMap(privileges.size() * 2);
            for (Iterator iter = privileges.iterator(); iter.hasNext(); ) {
                DelegationPrivilege p = (DelegationPrivilege) iter.next();
                Set val = new HashSet(2);
                val.add(Boolean.TRUE.toString());
                map.put(p.getName(), val);
            }
        }
    } catch (AMConsoleException a) {
        setInlineAlertMessage(CCAlert.TYPE_WARNING, "message.warning", "nopermissions.message");
    }
    return (map == null) ? Collections.EMPTY_MAP : map;
}

Example 8 with DelegationPrivilege

use of com.sun.identity.delegation.DelegationPrivilege in project OpenAM by OpenRock.

the class RestPermissionTest method setPermission.

private void setPermission(String permissionName, boolean bAdd) throws Exception {
    DelegationManager mgr = new DelegationManager(adminToken, REALM);
    DelegationPrivilege dp = getDelegationPrivilege(permissionName, mgr.getPrivileges());
    if (dp == null) {
        dp = new DelegationPrivilege(permissionName, Collections.EMPTY_SET, REALM);
    }
    Set<String> subject = dp.getSubjects();
    if (bAdd) {
        subject.add(group.getUniversalId());
    } else {
        subject.remove(group.getUniversalId());
    }
    mgr.addPrivilege(dp);
}

Example 9 with DelegationPrivilege

use of com.sun.identity.delegation.DelegationPrivilege in project OpenAM by OpenRock.

the class SMSMigration70 method migrateDelegationPolicies.

/**
     * Migrate delegation policies to have correct policy name, resource name
     * and subjects
     */
protected static void migrateDelegationPolicies(SSOToken token, String orgName) throws SSOException {
    System.out.println("Migrating delegation policies for org: " + orgName);
    try {
        DelegationManager dm = new DelegationManager(token, orgName);
        Set privileges = dm.getPrivileges();
        Set newPrivileges = new HashSet();
        for (Iterator items = privileges.iterator(); items.hasNext(); ) {
            DelegationPrivilege dp = (DelegationPrivilege) items.next();
            String name = dp.getName();
            // remove the privilege
            dm.removePrivilege(name);
            Set permissions = dp.getPermissions();
            DelegationPermission perm = null;
            int index = -1;
            for (Iterator perms = permissions.iterator(); perms.hasNext(); ) {
                perm = (DelegationPermission) perms.next();
                // change the resource name
                String resource = perm.getOrganizationName();
                index = resource.toLowerCase().indexOf("," + SMSEntry.getRootSuffix());
                if (index != -1) {
                    resource = resource.substring(0, index) + "," + DNMapper.serviceDN + resource.substring(index + SMSEntry.getRootSuffix().length() + 1);
                    perm.setOrganizationName(resource);
                }
            }
            // change the subject name
            Set subjects = dp.getSubjects();
            Set newSubjects = new HashSet();
            for (Iterator ss = subjects.iterator(); ss.hasNext(); ) {
                String subject = (String) ss.next();
                index = subject.toLowerCase().indexOf("," + SMSEntry.getRootSuffix());
                if (index != -1) {
                    subject = subject.substring(0, index) + "," + DNMapper.serviceDN + subject.substring(index + SMSEntry.getRootSuffix().length() + 1);
                }
                newSubjects.add(subject);
            }
            dp.setSubjects(newSubjects);
            newPrivileges.add(dp);
        }
        // Normalized orgname to realm name
        int index = orgName.toLowerCase().indexOf("," + SMSEntry.getRootSuffix());
        if (index != -1) {
            orgName = orgName.substring(0, index) + "," + DNMapper.serviceDN + orgName.substring(index + 1 + SMSEntry.getRootSuffix().length());
        }
        dm = new DelegationManager(token, orgName);
        // Add the modified privileges
        for (Iterator items = newPrivileges.iterator(); items.hasNext(); ) {
            DelegationPrivilege dp = (DelegationPrivilege) items.next();
            dm.addPrivilege(dp);
        }
        System.out.println("Delegation Policies for org: " + orgName + "\n" + privileges);
    } catch (DelegationException de) {
        System.out.println("   " + de.getMessage());
    }
}

Example 10 with DelegationPrivilege

use of com.sun.identity.delegation.DelegationPrivilege in project OpenAM by OpenRock.

the class DelegationModelImpl method setPrivileges.

/**
     * Set privileges of an identity.
     *
     * @param realmName Name of realm.
     * @param uid Universal ID of the identity.
     * @param privileges Map of privilege name to privilege value.
     * @throws AMConsoleException if privilege cannot be set.
     */
public void setPrivileges(String realmName, String uid, Map privileges) throws AMConsoleException {
    String curPrivilegeName = null;
    try {
        DelegationManager mgr = new DelegationManager(getUserSSOToken(), realmName);
        Set privilegeObjects = mgr.getPrivileges();
        String[] params = new String[3];
        params[0] = realmName;
        params[1] = uid;
        for (Iterator i = privileges.keySet().iterator(); i.hasNext(); ) {
            String name = (String) i.next();
            String strVal = (String) AMAdminUtils.getValue((Set) privileges.get(name));
            boolean bVal = strVal.equals(Boolean.TRUE.toString());
            params[2] = name;
            curPrivilegeName = name;
            DelegationPrivilege dp = getDelegationPrivilege(name, privilegeObjects);
            if (dp != null) {
                Set subjects = dp.getSubjects();
                boolean modified = false;
                if (bVal) {
                    if (!subjects.contains(uid)) {
                        subjects.add(uid);
                        modified = true;
                    }
                } else {
                    if (subjects.contains(uid)) {
                        subjects.remove(uid);
                        modified = true;
                    }
                }
                if (modified) {
                    logEvent("ATTEMPT_MODIFY_DELEGATION_PRIVILEGE", params);
                    mgr.addPrivilege(dp);
                    logEvent("SUCCEED_MODIFY_DELEGATION_PRIVILEGE", params);
                }
            } else if (bVal) {
                Set subjects = new HashSet(2);
                subjects.add(uid);
                logEvent("ATTEMPT_MODIFY_DELEGATION_PRIVILEGE", params);
                DelegationPrivilege newDp = new DelegationPrivilege(name, subjects, realmName);
                mgr.addPrivilege(newDp);
                logEvent("SUCCEED_MODIFY_DELEGATION_PRIVILEGE", params);
            }
        }
    } catch (SSOException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realmName, uid, curPrivilegeName, strError };
        logEvent("SSO_EXCEPTION_MODIFY_DELEGATION_PRIVILEGE", paramsEx);
        throw new AMConsoleException(strError);
    } catch (DelegationException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realmName, uid, curPrivilegeName, strError };
        logEvent("DELEGATION_EXCEPTION_MODIFY_DELEGATION_PRIVILEGE", paramsEx);
        throw new AMConsoleException(strError);
    }
}