Examples with ApplicationPrivilegeManager com.sun.identity.entitlement.ApplicationPrivilegeManager used on opensource projects

Search in sources :

Example 16 with ApplicationPrivilegeManager

use of com.sun.identity.entitlement.ApplicationPrivilegeManager in project OpenAM by OpenRock.

the class ShowApplicationPrivilege method handleRequest.

/**
     * Services a Commandline Request.
     *
     * @param rc Request Context.
     * @throws CLIException if the request cannot serviced.
     */
@Override
public void handleRequest(RequestContext rc) throws CLIException {
    super.handleRequest(rc);
    String realm = getStringOptionValue(IArgument.REALM_NAME);
    String name = getStringOptionValue(PARAM_NAME);
    String[] params = { realm, name };
    Subject userSubject = SubjectUtils.createSubject(getAdminSSOToken());
    ApplicationPrivilegeManager apm = ApplicationPrivilegeManager.getInstance(realm, userSubject);
    writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_SHOW_APPLICATION_PRIVILEGE", params);
    try {
        ApplicationPrivilege appPrivilege = apm.getPrivilege(name);
        outputInfo("show-application-privilege-output-name", name);
        String description = appPrivilege.getDescription();
        if (description == null) {
            description = "";
        }
        outputInfo("show-application-privilege-output-description", description);
        outputInfo("show-application-privilege-output-actions", getDisplayAction(appPrivilege));
        outputInfo("show-application-privilege-output-subjects", getSubjects(appPrivilege));
        outputInfo("show-application-privilege-output-resources", getApplicationToResources(appPrivilege));
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEEDED_SHOW_APPLICATION_PRIVILEGE", params);
    } catch (EntitlementException ex) {
        String[] paramExs = { realm, name, ex.getMessage() };
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_SHOW_APPLICATION_PRIVILEGE", paramExs);
        throw new CLIException(ex, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) ApplicationPrivilege(com.sun.identity.entitlement.ApplicationPrivilege) CLIException(com.sun.identity.cli.CLIException) ApplicationPrivilegeManager(com.sun.identity.entitlement.ApplicationPrivilegeManager) Subject(javax.security.auth.Subject)

Example 17 with ApplicationPrivilegeManager

use of com.sun.identity.entitlement.ApplicationPrivilegeManager in project OpenAM by OpenRock.

the class SetApplicationPrivilegeResources method handleRequest.

/**
     * Services a Commandline Request.
     *
     * @param rc Request Context.
     * @throws CLIException if the request cannot serviced.
     */
@Override
public void handleRequest(RequestContext rc) throws CLIException {
    super.handleRequest(rc);
    String realm = getStringOptionValue(IArgument.REALM_NAME);
    String name = getStringOptionValue(PARAM_NAME);
    String[] params = { realm, name };
    try {
        Map<String, Set<String>> mapAppToResources = getApplicationResourcesMap(rc, realm);
        boolean bAdd = isOptionSet(PARAM_ADD);
        Subject userSubject = SubjectUtils.createSubject(getAdminSSOToken());
        ApplicationPrivilegeManager apm = ApplicationPrivilegeManager.getInstance(realm, userSubject);
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_UPDATE_APPLICATION_PRIVILEGE", params);
        ApplicationPrivilege appPrivilege = apm.getPrivilege(name);
        Map<String, Set<String>> origAppToResources = getApplicationToResources(appPrivilege);
        Map map = (bAdd) ? mergeMap(origAppToResources, mapAppToResources) : mapAppToResources;
        appPrivilege.setApplicationResources(map);
        apm.replacePrivilege(appPrivilege);
        Object[] msgParam = { name };
        getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("update-application-privilege-succeeded"), msgParam));
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEEDED_UPDATE_APPLICATION_PRIVILEGE", params);
    } catch (EntitlementException ex) {
        String[] paramExs = { realm, name, ex.getMessage() };
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_UPDATE_APPLICATION_PRIVILEGE", paramExs);
        throw new CLIException(ex, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }
}
Also used : Set(java.util.Set) ApplicationPrivilegeManager(com.sun.identity.entitlement.ApplicationPrivilegeManager) Subject(javax.security.auth.Subject) EntitlementException(com.sun.identity.entitlement.EntitlementException) ApplicationPrivilege(com.sun.identity.entitlement.ApplicationPrivilege) CLIException(com.sun.identity.cli.CLIException) Map(java.util.Map)

Example 18 with ApplicationPrivilegeManager

use of com.sun.identity.entitlement.ApplicationPrivilegeManager in project OpenAM by OpenRock.

the class OpenSSOPolicyDataStore method removePrivilege.

public void removePrivilege(Subject subject, String realm, Privilege privilege) throws EntitlementException {
    SSOToken adminToken = SubjectUtils.getSSOToken(subject);
    String name = privilege.getName();
    if (adminToken == null) {
        Object[] params = { name };
        throw new EntitlementException(211, params);
    }
    // Delegation to applications is currently not configurable, passing super admin (see AME-4959)
    ApplicationPrivilegeManager applPrivilegeMgr = ApplicationPrivilegeManager.getInstance(realm, PrivilegeManager.superAdminSubject);
    if (!applPrivilegeMgr.hasPrivilege(privilege, ApplicationPrivilege.Action.MODIFY)) {
        throw new EntitlementException(326);
    }
    try {
        String[] logParams = { DNMapper.orgNameToRealmName(realm), name };
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "ATTEMPT_REMOVE_PRIVILEGE", logParams, subject);
        // Remove from privilege index store first
        PrivilegeIndexStore pis = PrivilegeIndexStore.getInstance(dsameUserSubject, realm);
        pis.delete(name);
        // Only remove from legacy policy store if the policy still exists. This can happen if an old policy
        // had multiple rules (= multiple privileges in new store) and one of the new privileges for that policy
        // has been deleted, which deletes the entire legacy policy.
        String dn = findLegacyPolicyDn(dsameUserToken, realm, name);
        if (dn != null) {
            SMSEntry s = new SMSEntry(dsameUserToken, dn);
            s.delete();
        } else {
            debug("Unable to find legacy policy for privilege %s in realm %s", name, realm);
        }
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "SUCCEEDED_REMOVE_PRIVILEGE", logParams, subject);
    } catch (SSOException ex) {
        String[] logParams = { DNMapper.orgNameToRealmName(realm), name, ex.getMessage() };
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_REMOVE_PRIVILEGE", logParams, subject);
        Object[] params = { name };
        throw new EntitlementException(205, params, ex);
    } catch (SMSException ex) {
        String[] logParams = { DNMapper.orgNameToRealmName(realm), name, ex.getMessage() };
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_REMOVE_PRIVILEGE", logParams, subject);
        Object[] params = { name };
        throw new EntitlementException(205, params, ex);
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) SSOToken(com.iplanet.sso.SSOToken) PrivilegeIndexStore(com.sun.identity.entitlement.PrivilegeIndexStore) SMSException(com.sun.identity.sm.SMSException) SMSEntry(com.sun.identity.sm.SMSEntry) SSOException(com.iplanet.sso.SSOException) ApplicationPrivilegeManager(com.sun.identity.entitlement.ApplicationPrivilegeManager)

Example 19 with ApplicationPrivilegeManager

use of com.sun.identity.entitlement.ApplicationPrivilegeManager in project OpenAM by OpenRock.

the class OpenSSOPolicyDataStore method removeReferral.

public void removeReferral(Subject subject, String realm, ReferralPrivilege referral) throws EntitlementException {
    SSOToken adminToken = SubjectUtils.getSSOToken(subject);
    String name = referral.getName();
    if (adminToken == null) {
        Object[] params = { name };
        throw new EntitlementException(266, params);
    }
    // Delegation to applications is currently not configurable, passing super admin (see AME-4959)
    ApplicationPrivilegeManager applPrivilegeMgr = ApplicationPrivilegeManager.getInstance(realm, PrivilegeManager.superAdminSubject);
    if (!applPrivilegeMgr.hasPrivilege(referral, ApplicationPrivilege.Action.MODIFY)) {
        throw new EntitlementException(326);
    }
    String dn = getPolicyDistinguishedName(realm, name);
    if (!SMSEntry.checkIfEntryExists(dn, dsameUserToken)) {
        Object[] params = { name };
        throw new EntitlementException(263, params);
    }
    try {
        String[] logParams = { DNMapper.orgNameToRealmName(realm), name };
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "ATTEMPT_REMOVE_REFERRAL", logParams, subject);
        SMSEntry s = new SMSEntry(dsameUserToken, dn);
        s.delete();
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.MESSAGE, Level.INFO, "SUCCEEDED_REMOVE_REFERRAL", logParams, subject);
        PrivilegeIndexStore pis = PrivilegeIndexStore.getInstance(dsameUserSubject, realm);
        pis.deleteReferral(name);
    } catch (SSOException ex) {
        String[] logParams = { DNMapper.orgNameToRealmName(realm), name, ex.getMessage() };
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_REMOVE_REFERRAL", logParams, subject);
        Object[] params = { name };
        throw new EntitlementException(205, params, ex);
    } catch (SMSException ex) {
        String[] logParams = { DNMapper.orgNameToRealmName(realm), name, ex.getMessage() };
        OpenSSOLogger.log(OpenSSOLogger.LogLevel.ERROR, Level.INFO, "FAILED_REMOVE_REFERRAL", logParams, subject);
        Object[] params = { name };
        throw new EntitlementException(205, params, ex);
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) SSOToken(com.iplanet.sso.SSOToken) PrivilegeIndexStore(com.sun.identity.entitlement.PrivilegeIndexStore) SMSException(com.sun.identity.sm.SMSException) SMSEntry(com.sun.identity.sm.SMSEntry) SSOException(com.iplanet.sso.SSOException) ApplicationPrivilegeManager(com.sun.identity.entitlement.ApplicationPrivilegeManager)

Example 20 with ApplicationPrivilegeManager

use of com.sun.identity.entitlement.ApplicationPrivilegeManager in project OpenAM by OpenRock.

the class PolicyPrivilegeManager method findByName.

@Override
public Privilege findByName(String privilegeName, Subject adminSubject) throws EntitlementException {
    if (privilegeName == null) {
        throw new EntitlementException(12);
    }
    Privilege privilege = null;
    try {
        if (!migratedToEntitlementSvc) {
            Policy policy = pm.getPolicy(privilegeName);
            Set<IPrivilege> privileges = PrivilegeUtils.policyToPrivileges(policy);
            Iterator<IPrivilege> it = privileges.iterator();
            if (it.hasNext()) {
                IPrivilege searchResult = it.next();
                privilege = (Privilege) searchResult;
            }
        } else {
            PrivilegeIndexStore pis = PrivilegeIndexStore.getInstance(adminSubject, getRealm());
            privilege = (Privilege) pis.getPrivilege(privilegeName);
            if (privilege == null) {
                throw new EntitlementException(EntitlementException.NO_SUCH_POLICY, new Object[] { privilegeName });
            }
        }
        if (adminSubject != PrivilegeManager.superAdminSubject) {
            if (privilege != null) {
                // Delegation to applications is currently not configurable, passing super admin (see AME-4959)
                ApplicationPrivilegeManager applPrivilegeMgr = ApplicationPrivilegeManager.getInstance(realm, PrivilegeManager.superAdminSubject);
                if (applPrivilegeMgr == null) {
                    return null;
                }
                if (!applPrivilegeMgr.hasPrivilege(privilege, ApplicationPrivilege.Action.READ)) {
                    throw new EntitlementException(326);
                }
            }
        }
    } catch (PolicyException pe) {
        throw new EntitlementException(102, pe);
    } catch (SSOException ssoe) {
        throw new EntitlementException(102, ssoe);
    }
    return privilege;
}
Also used : Policy(com.sun.identity.policy.Policy) EntitlementException(com.sun.identity.entitlement.EntitlementException) PrivilegeIndexStore(com.sun.identity.entitlement.PrivilegeIndexStore) PolicyException(com.sun.identity.policy.PolicyException) IPrivilege(com.sun.identity.entitlement.IPrivilege) SSOException(com.iplanet.sso.SSOException) ApplicationPrivilegeManager(com.sun.identity.entitlement.ApplicationPrivilegeManager) ApplicationPrivilege(com.sun.identity.entitlement.ApplicationPrivilege) IPrivilege(com.sun.identity.entitlement.IPrivilege) Privilege(com.sun.identity.entitlement.Privilege)

Aggregations

ApplicationPrivilegeManager (com.sun.identity.entitlement.ApplicationPrivilegeManager)26 ApplicationPrivilege (com.sun.identity.entitlement.ApplicationPrivilege)18 EntitlementException (com.sun.identity.entitlement.EntitlementException)18 Test (org.testng.annotations.Test)11 CLIRequest (com.sun.identity.cli.CLIRequest)10 HashSet (java.util.HashSet)10 Subject (javax.security.auth.Subject)9 SSOException (com.iplanet.sso.SSOException)8 CLIException (com.sun.identity.cli.CLIException)8 Set (java.util.Set)6 PrivilegeIndexStore (com.sun.identity.entitlement.PrivilegeIndexStore)5 SubjectImplementation (com.sun.identity.entitlement.SubjectImplementation)4 AMIdentity (com.sun.identity.idm.AMIdentity)4 SMSEntry (com.sun.identity.sm.SMSEntry)4 SMSException (com.sun.identity.sm.SMSException)4 SSOToken (com.iplanet.sso.SSOToken)3 IPrivilege (com.sun.identity.entitlement.IPrivilege)3 IdRepoException (com.sun.identity.idm.IdRepoException)3 Policy (com.sun.identity.policy.Policy)3 PolicyException (com.sun.identity.policy.PolicyException)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial