Examples with EntitlementException com.sun.identity.entitlement.EntitlementException used on opensource projects

Example 66 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class PolicyEvaluator method isAllowedE.

private boolean isAllowedE(SSOToken token, String resourceName, String actionName, Map envParameters) throws SSOException, PolicyException {
    if ((envParameters == null) || envParameters.isEmpty()) {
        envParameters = new HashMap();
    }
    padEnvParameters(token, resourceName, actionName, envParameters);
    ActionSchema schema = serviceType.getActionSchema(actionName);
    if (!AttributeSchema.Syntax.BOOLEAN.equals(schema.getSyntax())) {
        String[] objs = { actionName };
        throw new PolicyException(ResBundleUtils.rbName, "action_does_not_have_boolean_syntax", objs, null);
    }
    HashSet actions = new HashSet(2);
    actions.add(actionName);
    SSOToken adminSSOToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
    try {
        Subject adminSubject = SubjectUtils.createSubject(token);
        Entitlement entitlement = new Entitlement(serviceTypeName, resourceName, actions);
        entitlement.canonicalizeResources(adminSubject, realm);
        Evaluator eval = new Evaluator(adminSubject, applicationName);
        return eval.hasEntitlement(realm, SubjectUtils.createSubject(token), entitlement, envParameters);
    } catch (EntitlementException e) {
        throw new PolicyException(e);
    }
}

Example 67 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class PolicyEvaluator method padEnvParameters.

private void padEnvParameters(SSOToken token, String resourceName, String actionName, Map envParameters) throws PolicyException, SSOException {
    if ((resourceName == null) || (resourceName.trim().length() == 0)) {
        resourceName = Rule.EMPTY_RESOURCE_NAME;
    }
    Set originalResourceNames = new HashSet(2);
    originalResourceNames.add(resourceName);
    String realmName = LDAPUtils.isDN(realm) ? DNMapper.orgNameToRealmName(realm) : realm;
    try {
        Application appl = ApplicationManager.getApplication(PolicyConstants.SUPER_ADMIN_SUBJECT, realmName, applicationName);
        resourceName = appl.getResourceComparator().canonicalize(resourceName);
    } catch (EntitlementException e) {
        throw new PolicyException(e);
    }
    //Add request resourceName and request actionNames to the envParameters
    //so that Condition(s)/ResponseProvider(s) can use them if necessary
    Set resourceNames = new HashSet(2);
    resourceNames.add(resourceName);
    Set actions = new HashSet();
    if (actionName != null) {
        actions.add(actionName);
    } else {
        Set actionNames = serviceType.getActionNames();
        if (actionNames != null) {
            actions.addAll(actionNames);
        }
    }
    envParameters.put(SUN_AM_REQUESTED_RESOURCE, resourceNames);
    envParameters.put(SUN_AM_ORIGINAL_REQUESTED_RESOURCE, originalResourceNames);
    envParameters.put(SUN_AM_REQUESTED_ACTIONS, actions);
    envParameters.put(REALM_DN, asSet(policyManager.getOrganizationDN()));
    // Fix for OPENAM-811
    String userid = null;
    Principal principal = token.getPrincipal();
    if (principal != null) {
        userid = principal.getName();
    }
    if ((userid != null) && (userid.length() != 0)) {
        HashSet<String> set = new HashSet<String>();
        set.add(userid);
        // Required by the AMIdentityMembershipCondition
        envParameters.put(Condition.INVOCATOR_PRINCIPAL_UUID, set);
    } else {
        if (DEBUG.messageEnabled()) {
            DEBUG.message("PolicyEvaluator.padEnvParameters() unable to get userid from token.");
        }
    }
}

Example 68 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class PolicyResourceEvaluationTest method shouldHandleEntitlementExceptions.

@Test
public void shouldHandleEntitlementExceptions() throws EntitlementException {
    // Given...
    given(request.getAction()).willReturn("evaluate");
    Context context = buildContextStructure("/abc");
    EntitlementException eE = new EntitlementException(EntitlementException.INVALID_VALUE);
    given(requestFactory.buildRequest(PolicyAction.EVALUATE, context, request)).willThrow(eE);
    given(request.getRequestType()).willReturn(RequestType.ACTION);
    // When...
    Promise<ActionResponse, ResourceException> promise = policyResource.actionCollection(context, request);
    // Then...
    verify(request).getAction();
    verify(requestFactory).buildRequest(PolicyAction.EVALUATE, context, request);
    verify(request).getRequestType();
    assertThat(promise).failedWithException().isInstanceOf(BadRequestException.class);
    verifyNoMoreInteractions(request, requestFactory, policyRequest, factory, evaluator, parser);
}

Example 69 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class PolicyResourceTest method shouldRejectNullPolicyIdInDelete.

@Test
public void shouldRejectNullPolicyIdInDelete() throws Exception {
    // Given
    String id = null;
    DeleteRequest request = mock(DeleteRequest.class);
    willThrow(new EntitlementException(EntitlementException.MISSING_PRIVILEGE_NAME)).given(mockStore).delete(id);
    // When
    Promise<ResourceResponse, ResourceException> promise = policyResource.deleteInstance(mockServerContext, id, request);
    // Then
    assertThat(promise).failedWithException().isInstanceOf(BadRequestException.class);
}

Example 70 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class PolicyResourceTest method shouldReportCreatePolicyStoreErrors.

@Test
public void shouldReportCreatePolicyStoreErrors() throws Exception {
    // Given
    String id = "uniqueId";
    JsonValue json = new JsonValue("");
    CreateRequest request = mockCreateRequest(id, json);
    Privilege policy = mockPrivilege(id, 123l);
    given(mockParser.parsePolicy(id, json)).willReturn(policy);
    willThrow(new EntitlementException(EntitlementException.INVALID_APPLICATION_CLASS)).given(mockStore).create(policy);
    // When
    Promise<ResourceResponse, ResourceException> promise = policyResource.createInstance(mockServerContext, request);
    // Then
    assertThat(promise).failedWithException().isInstanceOf(InternalServerErrorException.class);
}