Examples with EntitlementException com.sun.identity.entitlement.EntitlementException used on opensource projects

Example 16 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class PolicySubject method getPolicySubject.

/**
     * Constructs a legacy policy subject based on the information in this adapter.
     *
     * @return the legacy policy subject
     * @throws EntitlementException if an error occurs constructing the subject.
     */
@JsonIgnore
public Subject getPolicySubject() throws EntitlementException {
    try {
        Subject subject = Class.forName(className).asSubclass(Subject.class).newInstance();
        subject.setValues(values);
        return subject;
    } catch (Exception ex) {
        throw new EntitlementException(508, ex);
    }
}

Example 17 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class PrivilegeUtils method entitlementToRule.

private static Set<Rule> entitlementToRule(String realm, Entitlement entitlement) throws PolicyException, SSOException, EntitlementException {
    Set<Rule> rules = new HashSet<Rule>();
    String appName = entitlement.getApplicationName();
    String realmName = LDAPUtils.isDN(realm) ? DNMapper.orgNameToRealmName(realm) : realm;
    Application application = ApplicationManager.getApplication(PolicyConstants.SUPER_ADMIN_SUBJECT, realmName, appName);
    if (application == null) {
        Object[] params = { appName, realm };
        throw new EntitlementException(105, params);
    }
    String serviceName = application.getApplicationType().getName();
    Set<String> resourceNames = entitlement.getResourceNames();
    Map<String, Boolean> actionValues = entitlement.getActionValues();
    Map av = pravToPav(actionValues, serviceName);
    if (resourceNames != null) {
        String entName = entitlement.getName();
        if (entName == null) {
            entName = "entitlement";
        }
        Rule rule = new Rule(entName, serviceName, null, av);
        rule.setResourceNames(resourceNames);
        rule.setApplicationName(appName);
        rules.add(rule);
    }
    return rules;
}

Example 18 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class AuthSchemeCondition method getApplicationIdleTimesoutAt.

/**
     * Returns the time at which the application would idle time out.
     *
     * @param ssoToken The {@code SSOToken} of the user
     * @param expiredAuthSchemes A {@code Set} that would be filled with the authentication module instance names that
     *                           require re-authentication. This {@code Set} acts as a collector.
     * @param currentTimeMillis The current time in milli seconds.
     * @throws EntitlementException If the {@code SSOToken} is invalid.
     */
private long getApplicationIdleTimesoutAt(SSOToken ssoToken, Set<String> expiredAuthSchemes, long currentTimeMillis) throws EntitlementException {
    try {
        long idleTimesoutAtMillis = 0;
        String idleTimesoutAtString = ssoToken.getProperty(appIdleTimesoutAtSessionKey);
        if (idleTimesoutAtString != null) {
            try {
                idleTimesoutAtMillis = Long.parseLong(idleTimesoutAtString);
            } catch (NumberFormatException nfe) {
                //this should not happen
                if (debug.warningEnabled()) {
                    debug.warning("At AuthSchemeCondition.getApplicationIdleTimesoutAt():can not parse " + "idleTimeoutAtMillis, defaulting to 0");
                }
            }
            if (debug.messageEnabled()) {
                debug.message("At AuthSchemeCondition.getApplicationIdleTimesoutAt():,idleTimeoutAtMillis based on " + "last access=" + idleTimesoutAtMillis + ", currentTimeMillis=" + currentTimeMillis);
            }
        } else {
            //first visit to application
            if (debug.messageEnabled()) {
                debug.message("At AuthSchemeCondition.getApplicationIdleTimesoutAt():" + appIdleTimesoutAtSessionKey + " not set, first visit to application");
            }
        }
        if (idleTimesoutAtMillis <= currentTimeMillis) {
            for (String authScheme : this.authScheme) {
                long authInstant = AMAuthUtils.getAuthInstant(ssoToken, MODULE_INSTANCE, authScheme);
                idleTimesoutAtMillis = authInstant + getApplicationIdleTimeoutInMilliseconds();
                if (debug.messageEnabled()) {
                    debug.message("At AuthSchemeCondition.getApplicationIdleTimesoutAt():authScheme=" + authScheme + ",authInstant=" + authInstant + ",idleTimesoutAtMillis=" + idleTimesoutAtMillis + ",currentTimeMillis=" + currentTimeMillis);
                }
                if (idleTimesoutAtMillis <= currentTimeMillis) {
                    expiredAuthSchemes.add(authScheme);
                    if (debug.messageEnabled()) {
                        debug.message("At AuthSchemeCondition.getApplicationIdleTimesoutAt():expired authScheme=" + authScheme);
                    }
                    break;
                }
            }
        }
        return idleTimesoutAtMillis;
    } catch (SSOException e) {
        debug.error("AuthSchemeCondition: Condition evaluation failed", e);
        throw new EntitlementException(CONDITION_EVALUATION_FAILED, e);
    }
}

Example 19 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class ResourceEnvIPCondition method getAuthLevel.

/**
     * Extracts the integer auth level from  String realm qualified
     * ( realm:level) String.
     */
private int getAuthLevel(String qualifiedLevel) throws EntitlementException {
    if (debug.messageEnabled()) {
        localDebugName = debugName + ".getAuthLevel(): ";
    }
    int levelInt = 0;
    String levelString = AMAuthUtils.getDataFromRealmQualifiedData(qualifiedLevel);
    try {
        levelInt = Integer.parseInt(levelString);
    } catch (NumberFormatException nfe) {
        if (debug.warningEnabled()) {
            debug.warning(localDebugName + "got NumberFormatException: qualifiedLevel=" + qualifiedLevel + ", " + "levelString = " + levelString);
        }
        throw new EntitlementException(AUTH_LEVEL_NOT_INTEGER, new String[] { levelString }, nfe);
    }
    return levelInt;
}

Example 20 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class ResourceEnvIPCondition method parseConditions.

/**
     * Parse condition strings of the form {@code IF paramName=paramValue THEN adviceName=adviceValue} into condition
     * objects. The syntax of the paramValue and adviceValue parts may be further constrained during evaluation.
     *
     * @param conditionStrings the set of condition strings passed from the front end.
     * @return the parsed condition objects.
     * @throws EntitlementException if any of the conditions is in an invalid format.
     */
static List<EnvironmentCondition> parseConditions(final Set<String> conditionStrings) throws EntitlementException {
    final List<EnvironmentCondition> conditions = new ArrayList<EnvironmentCondition>(conditionStrings.size());
    for (final String conditionString : conditionStrings) {
        final Matcher matcher = CONDITION_PATTERN.matcher(conditionString);
        if (!matcher.matches()) {
            throw new EntitlementException(EntitlementException.INVALID_PROPERTY_VALUE, ENV_CONDITION_VALUE, conditionString);
        }
        conditions.add(new EnvironmentCondition(matcher.group(1), matcher.group(2), matcher.group(3), matcher.group(4)));
    }
    return conditions;
}