Search in sources :

Example 26 with Application

use of com.sun.identity.entitlement.Application in project OpenAM by OpenRock.

the class PolicyPrivilegeManager method notifyPrivilegeChanged.

@Override
protected void notifyPrivilegeChanged(String realm, Privilege previous, Privilege current) throws EntitlementException {
    Set<String> resourceNames = new HashSet<String>();
    if (previous != null) {
        Set<String> r = previous.getEntitlement().getResourceNames();
        if (r != null) {
            resourceNames.addAll(r);
        }
    }
    Set<String> r = current.getEntitlement().getResourceNames();
    if (r != null) {
        resourceNames.addAll(r);
    }
    String applicationName = current.getEntitlement().getApplicationName();
    if (PrivilegeManager.debug.messageEnabled()) {
        PrivilegeManager.debug.message("PolicyPrivilegeManager.notifyPrivilegeChanged():" + "applicationName=" + applicationName + ", resources=" + resourceNames);
    }
    PrivilegeChangeNotifier.getInstance().notify(getAdminSubject(), realm, applicationName, current.getName(), resourceNames);
    if (policyCache != null) {
        // Retrieve the underlying application type to map to the legacy service type model.
        final Application application = ApplicationManager.getApplication(PrivilegeManager.superAdminSubject, realm, applicationName);
        if (application == null) {
            throw new EntitlementException(EntitlementException.APP_RETRIEVAL_ERROR, new Object[] { realm });
        }
        final String serviceTypeName = application.getApplicationType().getName();
        policyCache.firePrivilegeChanged(serviceTypeName, resourceNames, PolicyEvent.POLICY_MODIFIED);
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) Application(com.sun.identity.entitlement.Application) HashSet(java.util.HashSet)

Example 27 with Application

use of com.sun.identity.entitlement.Application in project OpenAM by OpenRock.

the class UmaResourceSetRegistrationHook method resourceSetDeleted.

/**
     * Removes the ResourceType from the Resource Server's policy application, deletes all related policies,
     * then deletes the ResourceSet.
     *
     * @param realm {@inheritDoc}
     * @param resourceSet {@inheritDoc}
     */
@Override
public void resourceSetDeleted(String realm, ResourceSetDescription resourceSet) throws ServerException {
    Subject adminSubject = SubjectUtils.createSuperAdminSubject();
    String resourceTypeUUID = resourceSet.getId();
    try {
        Application application = applicationManager.getApplication(adminSubject, realm, resourceSet.getClientId().toLowerCase());
        application.removeResourceTypeUuid(resourceTypeUUID);
        applicationManager.saveApplication(adminSubject, realm, application);
    } catch (EntitlementException e) {
        logger.error("Failed to remove Resource Type, " + resourceTypeUUID + " from application, " + resourceSet.getClientId(), e);
        throw new ServerException(e);
    }
    policyService.deletePolicy(createAdminContext(realm, resourceSet.getResourceOwnerId()), resourceSet.getId());
    try {
        resourceTypeService.deleteResourceType(adminSubject, realm, resourceTypeUUID);
    } catch (EntitlementException e) {
        logger.error("Failed to delete Resource Type " + resourceTypeUUID, e);
        throw new ServerException(e);
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) ServerException(org.forgerock.oauth2.core.exceptions.ServerException) Application(com.sun.identity.entitlement.Application) Subject(javax.security.auth.Subject)

Example 28 with Application

use of com.sun.identity.entitlement.Application in project OpenAM by OpenRock.

the class OpenSSOIndexStore method getReferredResources.

/**
     * Returns a set of resources that are referred to this realm.
     *
     * @param applicationTypeName Application type name,
     * @return a set of resources that are referred to this realm.
     * @throws EntitlementException if resources cannot be returned.
     */
@Override
public Set<String> getReferredResources(String applicationTypeName) throws EntitlementException {
    String realm = getRealm();
    if (realm.equals("/")) {
        return Collections.EMPTY_SET;
    }
    if (LDAPUtils.isDN(realm)) {
        realm = DNMapper.orgNameToRealmName(realm);
    }
    SSOToken adminToken = SubjectUtils.getSSOToken(superAdminSubject);
    try {
        Set<String> results = new HashSet<String>();
        Set<String> realms = getPeerRealms(realm);
        realms.addAll(getParentRealms(realm));
        String filter = "(&(ou=" + DataStore.REFERRAL_APPLS + "=" + applicationTypeName + ")(ou=" + DataStore.REFERRAL_REALMS + "=" + realm + "))";
        Map<String, Set<ReferralPrivilege>> referrals = new HashMap<String, Set<ReferralPrivilege>>();
        for (String rlm : realms) {
            referrals.put(rlm, dataStore.searchReferrals(adminToken, rlm, filter));
        }
        for (String rlm : referrals.keySet()) {
            Set<ReferralPrivilege> rPrivileges = referrals.get(rlm);
            String realmName = LDAPUtils.isDN(rlm) ? DNMapper.orgNameToRealmName(rlm) : rlm;
            for (ReferralPrivilege r : rPrivileges) {
                Map<String, Set<String>> map = r.getOriginalMapApplNameToResources();
                for (String a : map.keySet()) {
                    Application appl = ApplicationManager.getApplication(PolicyConstants.SUPER_ADMIN_SUBJECT, realmName, a);
                    if (appl.getApplicationType().getName().equals(applicationTypeName)) {
                        results.addAll(map.get(a));
                    }
                }
            }
        }
        results.addAll(getOrgAliasMappingResources(realm, applicationTypeName));
        return results;
    } catch (SMSException ex) {
        PolicyConstants.DEBUG.error("OpenSSOIndexStore.getReferredResources", ex);
        Object[] param = { realm };
        throw new EntitlementException(275, param);
    }
}
Also used : SSOToken(com.iplanet.sso.SSOToken) HashSet(java.util.HashSet) Set(java.util.Set) HashMap(java.util.HashMap) CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap) SMSException(com.sun.identity.sm.SMSException) EntitlementException(com.sun.identity.entitlement.EntitlementException) ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege) Application(com.sun.identity.entitlement.Application) HashSet(java.util.HashSet)

Example 29 with Application

use of com.sun.identity.entitlement.Application in project OpenAM by OpenRock.

the class EntitlementService method addSubjectAttributeNames.

/**
     * Returns subject attribute names.
     *
     * @param applicationName  Application name.
     * @param names subject attribute names.
     * @throws EntitlementException if subject attribute names cannot be
     * returned.
     */
public void addSubjectAttributeNames(String applicationName, Set<String> names) throws EntitlementException {
    if ((names == null) || names.isEmpty()) {
        return;
    }
    try {
        SSOToken token = getSSOToken();
        if (token == null) {
            throw new EntitlementException(225);
        }
        Application appl = ApplicationManager.getApplication(PolicyConstants.SUPER_ADMIN_SUBJECT, realm, applicationName);
        if (appl != null) {
            appl.addAttributeNames(names);
        }
        ServiceConfig applConf = getApplicationSubConfig(token, realm, applicationName);
        String parentRealm = realm;
        while (applConf == null) {
            parentRealm = getParentRealm(parentRealm);
            if (parentRealm == null) {
                break;
            }
            applConf = getApplicationSubConfig(token, parentRealm, applicationName);
        }
        if (applConf != null) {
            Set<String> orig = (Set<String>) applConf.getAttributes().get(ATTR_NAME_SUBJECT_ATTR_NAMES);
            if ((orig == null) || orig.isEmpty()) {
                orig = new HashSet<String>();
            }
            orig.addAll(names);
            Map<String, Set<String>> map = new HashMap<String, Set<String>>();
            map.put(ATTR_NAME_SUBJECT_ATTR_NAMES, orig);
            applConf.setAttributes(map);
        }
    } catch (SMSException ex) {
        throw new EntitlementException(220, ex);
    } catch (SSOException ex) {
        throw new EntitlementException(220, ex);
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) SSOToken(com.iplanet.sso.SSOToken) HashSet(java.util.HashSet) Set(java.util.Set) ServiceConfig(com.sun.identity.sm.ServiceConfig) HashMap(java.util.HashMap) SMSException(com.sun.identity.sm.SMSException) SSOException(com.iplanet.sso.SSOException) Application(com.sun.identity.entitlement.Application)

Example 30 with Application

use of com.sun.identity.entitlement.Application in project OpenAM by OpenRock.

the class EntitlementService method getApplications.

/**
     * Returns a set of registered applications.
     *
     * @return a set of registered applications.
     */
public Set<Application> getApplications() {
    final Set<Application> results = new HashSet<Application>();
    try {
        SSOToken token = getSSOToken();
        final ServiceConfig appConfig = getApplicationConfiguration(token, realm);
        if (appConfig != null) {
            final Set<String> names = appConfig.getSubConfigNames();
            for (String name : names) {
                results.add(createApplication(appConfig, name));
            }
        }
    } catch (EntitlementException ex) {
        PolicyConstants.DEBUG.error("EntitlementService.getRawApplications", ex);
    } catch (ClassCastException ex) {
        PolicyConstants.DEBUG.error("EntitlementService.getRawApplications", ex);
    } catch (InstantiationException ex) {
        PolicyConstants.DEBUG.error("EntitlementService.getRawApplications", ex);
    } catch (IllegalAccessException ex) {
        PolicyConstants.DEBUG.error("EntitlementService.getRawApplications", ex);
    } catch (SMSException ex) {
        PolicyConstants.DEBUG.error("EntitlementService.getRawApplications", ex);
    } catch (SSOException ex) {
        PolicyConstants.DEBUG.error("EntitlementService.getRawApplications", ex);
    }
    return results;
}
Also used : SSOToken(com.iplanet.sso.SSOToken) SMSException(com.sun.identity.sm.SMSException) SSOException(com.iplanet.sso.SSOException) EntitlementException(com.sun.identity.entitlement.EntitlementException) ServiceConfig(com.sun.identity.sm.ServiceConfig) Application(com.sun.identity.entitlement.Application) HashSet(java.util.HashSet)

Aggregations

Application (com.sun.identity.entitlement.Application)65 EntitlementException (com.sun.identity.entitlement.EntitlementException)37 Subject (javax.security.auth.Subject)29 ResourceResponse (org.forgerock.json.resource.ResourceResponse)22 Test (org.testng.annotations.Test)22 HashSet (java.util.HashSet)20 JsonValue (org.forgerock.json.JsonValue)18 Set (java.util.Set)16 ResourceException (org.forgerock.json.resource.ResourceException)16 RealmContext (org.forgerock.openam.rest.RealmContext)16 SSOTokenContext (org.forgerock.openam.rest.resource.SSOTokenContext)16 HashMap (java.util.HashMap)15 ClientContext (org.forgerock.services.context.ClientContext)13 Context (org.forgerock.services.context.Context)13 Matchers.anyString (org.mockito.Matchers.anyString)13 UpgradeException (org.forgerock.openam.upgrade.UpgradeException)10 UpdateRequest (org.forgerock.json.resource.UpdateRequest)9 ApplicationWrapper (org.forgerock.openam.entitlement.rest.wrappers.ApplicationWrapper)9 Map (java.util.Map)8 BadRequestException (org.forgerock.json.resource.BadRequestException)7