Search in sources :

Example 76 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class PolicySubject method getPolicySubject.

/**
     * Constructs a legacy policy subject based on the information in this adapter.
     *
     * @return the legacy policy subject
     * @throws EntitlementException if an error occurs constructing the subject.
     */
@JsonIgnore
public Subject getPolicySubject() throws EntitlementException {
    try {
        Subject subject = Class.forName(className).asSubclass(Subject.class).newInstance();
        subject.setValues(values);
        return subject;
    } catch (Exception ex) {
        throw new EntitlementException(508, ex);
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject) Subject(com.sun.identity.policy.interfaces.Subject) JSONException(org.json.JSONException) EntitlementException(com.sun.identity.entitlement.EntitlementException) SSOException(com.iplanet.sso.SSOException) PolicyException(com.sun.identity.policy.PolicyException) JsonIgnore(com.fasterxml.jackson.annotation.JsonIgnore)

Example 77 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class PrivilegeUtils method entitlementToRule.

private static Set<Rule> entitlementToRule(String realm, Entitlement entitlement) throws PolicyException, SSOException, EntitlementException {
    Set<Rule> rules = new HashSet<Rule>();
    String appName = entitlement.getApplicationName();
    String realmName = LDAPUtils.isDN(realm) ? DNMapper.orgNameToRealmName(realm) : realm;
    Application application = ApplicationManager.getApplication(PolicyConstants.SUPER_ADMIN_SUBJECT, realmName, appName);
    if (application == null) {
        Object[] params = { appName, realm };
        throw new EntitlementException(105, params);
    }
    String serviceName = application.getApplicationType().getName();
    Set<String> resourceNames = entitlement.getResourceNames();
    Map<String, Boolean> actionValues = entitlement.getActionValues();
    Map av = pravToPav(actionValues, serviceName);
    if (resourceNames != null) {
        String entName = entitlement.getName();
        if (entName == null) {
            entName = "entitlement";
        }
        Rule rule = new Rule(entName, serviceName, null, av);
        rule.setResourceNames(resourceNames);
        rule.setApplicationName(appName);
        rules.add(rule);
    }
    return rules;
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) Rule(com.sun.identity.policy.Rule) Application(com.sun.identity.entitlement.Application) HashMap(java.util.HashMap) Map(java.util.Map) HashSet(java.util.HashSet)

Example 78 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class AuthSchemeCondition method getApplicationIdleTimesoutAt.

/**
     * Returns the time at which the application would idle time out.
     *
     * @param ssoToken The {@code SSOToken} of the user
     * @param expiredAuthSchemes A {@code Set} that would be filled with the authentication module instance names that
     *                           require re-authentication. This {@code Set} acts as a collector.
     * @param currentTimeMillis The current time in milli seconds.
     * @throws EntitlementException If the {@code SSOToken} is invalid.
     */
private long getApplicationIdleTimesoutAt(SSOToken ssoToken, Set<String> expiredAuthSchemes, long currentTimeMillis) throws EntitlementException {
    try {
        long idleTimesoutAtMillis = 0;
        String idleTimesoutAtString = ssoToken.getProperty(appIdleTimesoutAtSessionKey);
        if (idleTimesoutAtString != null) {
            try {
                idleTimesoutAtMillis = Long.parseLong(idleTimesoutAtString);
            } catch (NumberFormatException nfe) {
                //this should not happen
                if (debug.warningEnabled()) {
                    debug.warning("At AuthSchemeCondition.getApplicationIdleTimesoutAt():can not parse " + "idleTimeoutAtMillis, defaulting to 0");
                }
            }
            if (debug.messageEnabled()) {
                debug.message("At AuthSchemeCondition.getApplicationIdleTimesoutAt():,idleTimeoutAtMillis based on " + "last access=" + idleTimesoutAtMillis + ", currentTimeMillis=" + currentTimeMillis);
            }
        } else {
            //first visit to application
            if (debug.messageEnabled()) {
                debug.message("At AuthSchemeCondition.getApplicationIdleTimesoutAt():" + appIdleTimesoutAtSessionKey + " not set, first visit to application");
            }
        }
        if (idleTimesoutAtMillis <= currentTimeMillis) {
            for (String authScheme : this.authScheme) {
                long authInstant = AMAuthUtils.getAuthInstant(ssoToken, MODULE_INSTANCE, authScheme);
                idleTimesoutAtMillis = authInstant + getApplicationIdleTimeoutInMilliseconds();
                if (debug.messageEnabled()) {
                    debug.message("At AuthSchemeCondition.getApplicationIdleTimesoutAt():authScheme=" + authScheme + ",authInstant=" + authInstant + ",idleTimesoutAtMillis=" + idleTimesoutAtMillis + ",currentTimeMillis=" + currentTimeMillis);
                }
                if (idleTimesoutAtMillis <= currentTimeMillis) {
                    expiredAuthSchemes.add(authScheme);
                    if (debug.messageEnabled()) {
                        debug.message("At AuthSchemeCondition.getApplicationIdleTimesoutAt():expired authScheme=" + authScheme);
                    }
                    break;
                }
            }
        }
        return idleTimesoutAtMillis;
    } catch (SSOException e) {
        debug.error("AuthSchemeCondition: Condition evaluation failed", e);
        throw new EntitlementException(CONDITION_EVALUATION_FAILED, e);
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) SSOException(com.iplanet.sso.SSOException)

Example 79 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class ResourceEnvIPCondition method getAuthLevel.

/**
     * Extracts the integer auth level from  String realm qualified
     * ( realm:level) String.
     */
private int getAuthLevel(String qualifiedLevel) throws EntitlementException {
    if (debug.messageEnabled()) {
        localDebugName = debugName + ".getAuthLevel(): ";
    }
    int levelInt = 0;
    String levelString = AMAuthUtils.getDataFromRealmQualifiedData(qualifiedLevel);
    try {
        levelInt = Integer.parseInt(levelString);
    } catch (NumberFormatException nfe) {
        if (debug.warningEnabled()) {
            debug.warning(localDebugName + "got NumberFormatException: qualifiedLevel=" + qualifiedLevel + ", " + "levelString = " + levelString);
        }
        throw new EntitlementException(AUTH_LEVEL_NOT_INTEGER, new String[] { levelString }, nfe);
    }
    return levelInt;
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException)

Example 80 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class ResourceEnvIPCondition method parseConditions.

/**
     * Parse condition strings of the form {@code IF paramName=paramValue THEN adviceName=adviceValue} into condition
     * objects. The syntax of the paramValue and adviceValue parts may be further constrained during evaluation.
     *
     * @param conditionStrings the set of condition strings passed from the front end.
     * @return the parsed condition objects.
     * @throws EntitlementException if any of the conditions is in an invalid format.
     */
static List<EnvironmentCondition> parseConditions(final Set<String> conditionStrings) throws EntitlementException {
    final List<EnvironmentCondition> conditions = new ArrayList<EnvironmentCondition>(conditionStrings.size());
    for (final String conditionString : conditionStrings) {
        final Matcher matcher = CONDITION_PATTERN.matcher(conditionString);
        if (!matcher.matches()) {
            throw new EntitlementException(EntitlementException.INVALID_PROPERTY_VALUE, ENV_CONDITION_VALUE, conditionString);
        }
        conditions.add(new EnvironmentCondition(matcher.group(1), matcher.group(2), matcher.group(3), matcher.group(4)));
    }
    return conditions;
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) Matcher(java.util.regex.Matcher) ArrayList(java.util.ArrayList)

Aggregations

EntitlementException (com.sun.identity.entitlement.EntitlementException)221 Subject (javax.security.auth.Subject)68 HashSet (java.util.HashSet)58 SSOException (com.iplanet.sso.SSOException)51 Set (java.util.Set)50 SSOToken (com.iplanet.sso.SSOToken)47 SMSException (com.sun.identity.sm.SMSException)45 Application (com.sun.identity.entitlement.Application)37 Test (org.testng.annotations.Test)37 HashMap (java.util.HashMap)34 ResourceException (org.forgerock.json.resource.ResourceException)33 ResourceResponse (org.forgerock.json.resource.ResourceResponse)32 Privilege (com.sun.identity.entitlement.Privilege)22 JsonValue (org.forgerock.json.JsonValue)19 JSONException (org.json.JSONException)19 CLIException (com.sun.identity.cli.CLIException)18 ApplicationPrivilegeManager (com.sun.identity.entitlement.ApplicationPrivilegeManager)17 ServiceConfig (com.sun.identity.sm.ServiceConfig)17 ResourceType (org.forgerock.openam.entitlement.ResourceType)17 PolicyException (com.sun.identity.policy.PolicyException)16