Examples with ApplicationPrivilegeManager com.sun.identity.entitlement.ApplicationPrivilegeManager used on opensource projects

Search in sources :

Example 11 with ApplicationPrivilegeManager

use of com.sun.identity.entitlement.ApplicationPrivilegeManager in project OpenAM by OpenRock.

the class OpenSSOPolicyDataStore method addPolicy.

public void addPolicy(Subject subject, String realm, Privilege privilege) throws EntitlementException {
    // Delegation to applications is currently not configurable, passing super admin (see AME-4959)
    ApplicationPrivilegeManager applPrivilegeMgr = ApplicationPrivilegeManager.getInstance(realm, PrivilegeManager.superAdminSubject);
    if (!applPrivilegeMgr.hasPrivilege(privilege, ApplicationPrivilege.Action.MODIFY)) {
        throw new EntitlementException(326);
    }
    String name = "";
    try {
        Object policy = PrivilegeUtils.privilegeToPolicyObject(realm, privilege);
        name = PrivilegeUtils.getPolicyName(policy);
        if (policy instanceof Policy || policy instanceof com.sun.identity.entitlement.xacml3.core.Policy) {
            String dn = getPolicyDistinguishedName(realm, name);
            if (SMSEntry.checkIfEntryExists(dn, dsameUserToken)) {
                throw new EntitlementException(EntitlementException.POLICY_ALREADY_EXISTS);
            }
            createParentNode(dsameUserToken, realm);
            SMSEntry s = new SMSEntry(dsameUserToken, dn);
            Map<String, Set<String>> map = new HashMap<String, Set<String>>();
            Set<String> setServiceID = new HashSet<String>(2);
            map.put(SMSEntry.ATTR_SERVICE_ID, setServiceID);
            setServiceID.add("NamedPolicy");
            Set<String> setObjectClass = new HashSet<String>(4);
            map.put(SMSEntry.ATTR_OBJECTCLASS, setObjectClass);
            setObjectClass.add(SMSEntry.OC_TOP);
            setObjectClass.add(SMSEntry.OC_SERVICE_COMP);
            Set<String> setValue = new HashSet<String>(2);
            map.put(SMSEntry.ATTR_KEYVAL, setValue);
            setValue.add(POLICY_XML + "=" + PrivilegeUtils.policyToXML(policy));
            s.setAttributes(map);
            String[] logParams = { DNMapper.orgNameToRealmName(realm), name };
            OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "ATTEMPT_ADD_PRIVILEGE", logParams, subject);
            s.save();
            OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "SUCCEEDED_ADD_PRIVILEGE", logParams, subject);
            PrivilegeIndexStore pis = PrivilegeIndexStore.getInstance(dsameUserSubject, realm);
            Set<IPrivilege> privileges = new HashSet<IPrivilege>();
            privileges.add(privilege);
            pis.add(privileges);
        } else {
            PrivilegeManager.debug.error("OpenSSOPolicyDataStore.addPolicy: unknown class " + policy.getClass().getName());
        }
    } catch (PolicyException e) {
        String[] logParams = { DNMapper.orgNameToRealmName(realm), name, e.getMessage() };
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_ADD_PRIVILEGE", logParams, subject);
        Object[] params = { name };
        throw new EntitlementException(202, params, e);
    } catch (SSOException e) {
        String[] logParams = { DNMapper.orgNameToRealmName(realm), name, e.getMessage() };
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_ADD_PRIVILEGE", logParams, subject);
        Object[] params = { name };
        throw new EntitlementException(202, params, e);
    } catch (SMSException e) {
        String[] logParams = { DNMapper.orgNameToRealmName(realm), name, e.getMessage() };
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_ADD_PRIVILEGE", logParams, subject);
        Object[] params = { name };
        throw new EntitlementException(202, params, e);
    }
}
Also used : Policy(com.sun.identity.policy.Policy) HashSet(java.util.HashSet) Set(java.util.Set) PrivilegeIndexStore(com.sun.identity.entitlement.PrivilegeIndexStore) HashMap(java.util.HashMap) SMSException(com.sun.identity.sm.SMSException) SSOException(com.iplanet.sso.SSOException) ApplicationPrivilegeManager(com.sun.identity.entitlement.ApplicationPrivilegeManager) EntitlementException(com.sun.identity.entitlement.EntitlementException) PolicyException(com.sun.identity.policy.PolicyException) IPrivilege(com.sun.identity.entitlement.IPrivilege) SMSEntry(com.sun.identity.sm.SMSEntry) HashSet(java.util.HashSet)

Example 12 with ApplicationPrivilegeManager

use of com.sun.identity.entitlement.ApplicationPrivilegeManager in project OpenAM by OpenRock.

the class OpenSSOPolicyDataStore method addReferral.

public void addReferral(Subject subject, String realm, ReferralPrivilege referral) throws EntitlementException {
    String name = referral.getName();
    String dn = getPolicyDistinguishedName(realm, name);
    SSOToken adminToken = SubjectUtils.getSSOToken(subject);
    if (adminToken == null) {
        Object[] params = { name };
        throw new EntitlementException(260, params);
    }
    // Delegation to applications is currently not configurable, passing super admin (see AME-4959)
    ApplicationPrivilegeManager applPrivilegeMgr = ApplicationPrivilegeManager.getInstance(realm, PrivilegeManager.superAdminSubject);
    if (!applPrivilegeMgr.hasPrivilege(referral, ApplicationPrivilege.Action.MODIFY)) {
        throw new EntitlementException(326);
    }
    try {
        createParentNode(dsameUserToken, realm);
        SMSEntry s = new SMSEntry(dsameUserToken, dn);
        Map<String, Set<String>> map = new HashMap<String, Set<String>>();
        Set<String> setServiceID = new HashSet<String>(2);
        map.put(SMSEntry.ATTR_SERVICE_ID, setServiceID);
        setServiceID.add("NamedPolicy");
        Set<String> setObjectClass = new HashSet<String>(4);
        map.put(SMSEntry.ATTR_OBJECTCLASS, setObjectClass);
        setObjectClass.add(SMSEntry.OC_TOP);
        setObjectClass.add(SMSEntry.OC_SERVICE_COMP);
        Set<String> setValue = new HashSet<String>(2);
        map.put(SMSEntry.ATTR_KEYVAL, setValue);
        Policy p = PrivilegeUtils.referralPrivilegeToPolicy(realm, referral);
        setValue.add(POLICY_XML + "=" + p.toXML());
        s.setAttributes(map);
        String[] logParams = { DNMapper.orgNameToRealmName(realm), name };
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "ATTEMPT_ADD_REFERRAL", logParams, subject);
        s.save();
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "SUCCEEDED_ADD_REFERRAL", logParams, subject);
        PrivilegeIndexStore pis = PrivilegeIndexStore.getInstance(dsameUserSubject, realm);
        Set<IPrivilege> tmp = new HashSet<IPrivilege>();
        tmp.add(referral);
        pis.add(tmp);
    } catch (PolicyException e) {
        String[] logParams = { DNMapper.orgNameToRealmName(realm), name, e.getMessage() };
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_ADD_REFERRAL", logParams, subject);
        Object[] params = { name };
        throw new EntitlementException(261, params, e);
    } catch (SSOException e) {
        String[] logParams = { DNMapper.orgNameToRealmName(realm), name, e.getMessage() };
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_ADD_REFERRAL", logParams, subject);
        Object[] params = { name };
        throw new EntitlementException(261, params, e);
    } catch (SMSException e) {
        String[] logParams = { DNMapper.orgNameToRealmName(realm), name, e.getMessage() };
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_ADD_REFERRAL", logParams, subject);
        Object[] params = { name };
        throw new EntitlementException(261, params, e);
    }
}
Also used : Policy(com.sun.identity.policy.Policy) SSOToken(com.iplanet.sso.SSOToken) HashSet(java.util.HashSet) Set(java.util.Set) PrivilegeIndexStore(com.sun.identity.entitlement.PrivilegeIndexStore) HashMap(java.util.HashMap) SMSException(com.sun.identity.sm.SMSException) SSOException(com.iplanet.sso.SSOException) ApplicationPrivilegeManager(com.sun.identity.entitlement.ApplicationPrivilegeManager) EntitlementException(com.sun.identity.entitlement.EntitlementException) PolicyException(com.sun.identity.policy.PolicyException) IPrivilege(com.sun.identity.entitlement.IPrivilege) SMSEntry(com.sun.identity.sm.SMSEntry) HashSet(java.util.HashSet)

Example 13 with ApplicationPrivilegeManager

use of com.sun.identity.entitlement.ApplicationPrivilegeManager in project OpenAM by OpenRock.

the class DeleteApplicationPrivilege method handleRequest.

/**
     * Services a Commandline Request.
     *
     * @param rc Request Context.
     * @throws CLIException if the request cannot serviced.
     */
@Override
public void handleRequest(RequestContext rc) throws CLIException {
    super.handleRequest(rc);
    String realm = getStringOptionValue(IArgument.REALM_NAME);
    List<String> names = rc.getOption(PARAM_NAMES);
    String[] params = new String[2];
    params[0] = realm;
    Subject userSubject = SubjectUtils.createSubject(getAdminSSOToken());
    ApplicationPrivilegeManager apm = ApplicationPrivilegeManager.getInstance(realm, userSubject);
    String curAppName = null;
    try {
        for (String name : names) {
            curAppName = name;
            params[1] = name;
            writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_DELETE_APPLICATION_PRIVILEGE", params);
            apm.removePrivilege(name);
            writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEEDED_DELETE_APPLICATION_PRIVILEGE", params);
        }
        String msg = (names.size() > 1) ? getResourceString("delete-application-privileges-succeeded") : getResourceString("delete-application-privilege-succeeded");
        getOutputWriter().printlnMessage(msg);
    } catch (EntitlementException ex) {
        String[] paramExs = { realm, curAppName, ex.getMessage() };
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_DELETE_APPLICATION_PRIVILEGE", paramExs);
        throw new CLIException(ex, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) CLIException(com.sun.identity.cli.CLIException) ApplicationPrivilegeManager(com.sun.identity.entitlement.ApplicationPrivilegeManager) Subject(javax.security.auth.Subject)

Example 14 with ApplicationPrivilegeManager

use of com.sun.identity.entitlement.ApplicationPrivilegeManager in project OpenAM by OpenRock.

the class ListApplicationPrivileges method handleRequest.

/**
     * Services a Commandline Request.
     *
     * @param rc Request Context.
     * @throws CLIException if the request cannot serviced.
     */
@Override
public void handleRequest(RequestContext rc) throws CLIException {
    super.handleRequest(rc);
    String realm = getStringOptionValue(IArgument.REALM_NAME);
    String[] params = { realm };
    Subject userSubject = SubjectUtils.createSubject(getAdminSSOToken());
    ApplicationPrivilegeManager apm = ApplicationPrivilegeManager.getInstance(realm, userSubject);
    writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_SHOW_APPLICATION_PRIVILEGE", params);
    Set<String> names = apm.search(Collections.EMPTY_SET);
    writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEEDED_LIST_APPLICATION_PRIVILEGES", params);
    if (names.isEmpty()) {
        getOutputWriter().printlnMessage(getResourceString("list-application-privileges-no-privileges"));
    } else {
        IOutput outputWriter = getOutputWriter();
        for (String name : names) {
            outputWriter.printlnMessage(name);
        }
    }
}
Also used : IOutput(com.sun.identity.cli.IOutput) ApplicationPrivilegeManager(com.sun.identity.entitlement.ApplicationPrivilegeManager) Subject(javax.security.auth.Subject)

Example 15 with ApplicationPrivilegeManager

use of com.sun.identity.entitlement.ApplicationPrivilegeManager in project OpenAM by OpenRock.

the class SetApplicationPrivilegeSubjects method handleRequest.

/**
     * Services a Commandline Request.
     *
     * @param rc Request Context.
     * @throws CLIException if the request cannot serviced.
     */
@Override
public void handleRequest(RequestContext rc) throws CLIException {
    super.handleRequest(rc);
    String realm = getStringOptionValue(IArgument.REALM_NAME);
    String name = getStringOptionValue(PARAM_NAME);
    String[] params = { realm, name };
    Set<SubjectImplementation> newSubjects = getSubjects(rc);
    boolean bAdd = isOptionSet(PARAM_ADD);
    Subject userSubject = SubjectUtils.createSubject(getAdminSSOToken());
    ApplicationPrivilegeManager apm = ApplicationPrivilegeManager.getInstance(realm, userSubject);
    writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_UPDATE_APPLICATION_PRIVILEGE", params);
    try {
        ApplicationPrivilege appPrivilege = apm.getPrivilege(name);
        Set<SubjectImplementation> origSubjects = appPrivilege.getSubjects();
        Set<SubjectImplementation> subjects = (bAdd) ? mergeSubjects(origSubjects, newSubjects) : newSubjects;
        appPrivilege.setSubject(subjects);
        apm.replacePrivilege(appPrivilege);
        Object[] msgParam = { name };
        getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("update-application-privilege-succeeded"), msgParam));
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEEDED_UPDATE_APPLICATION_PRIVILEGE", params);
    } catch (EntitlementException ex) {
        String[] paramExs = { realm, name, ex.getMessage() };
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_UPDATE_APPLICATION_PRIVILEGE", paramExs);
        throw new CLIException(ex, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) ApplicationPrivilege(com.sun.identity.entitlement.ApplicationPrivilege) CLIException(com.sun.identity.cli.CLIException) SubjectImplementation(com.sun.identity.entitlement.SubjectImplementation) ApplicationPrivilegeManager(com.sun.identity.entitlement.ApplicationPrivilegeManager) Subject(javax.security.auth.Subject)

Aggregations

ApplicationPrivilegeManager (com.sun.identity.entitlement.ApplicationPrivilegeManager)26 ApplicationPrivilege (com.sun.identity.entitlement.ApplicationPrivilege)18 EntitlementException (com.sun.identity.entitlement.EntitlementException)18 Test (org.testng.annotations.Test)11 CLIRequest (com.sun.identity.cli.CLIRequest)10 HashSet (java.util.HashSet)10 Subject (javax.security.auth.Subject)9 SSOException (com.iplanet.sso.SSOException)8 CLIException (com.sun.identity.cli.CLIException)8 Set (java.util.Set)6 PrivilegeIndexStore (com.sun.identity.entitlement.PrivilegeIndexStore)5 SubjectImplementation (com.sun.identity.entitlement.SubjectImplementation)4 AMIdentity (com.sun.identity.idm.AMIdentity)4 SMSEntry (com.sun.identity.sm.SMSEntry)4 SMSException (com.sun.identity.sm.SMSException)4 SSOToken (com.iplanet.sso.SSOToken)3 IPrivilege (com.sun.identity.entitlement.IPrivilege)3 IdRepoException (com.sun.identity.idm.IdRepoException)3 Policy (com.sun.identity.policy.Policy)3 PolicyException (com.sun.identity.policy.PolicyException)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial