Examples with EntitlementException com.sun.identity.entitlement.EntitlementException used on opensource projects

Search in sources :

Example 21 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class ResourceEnvIPCondition method getAdviceMessagesforAuthScheme.

/**
     * Returns advice messages for Authentication Scheme condition.
     */
private Set<String> getAdviceMessagesforAuthScheme(String adviceValue, SSOToken token, Map<String, Set<String>> env) throws EntitlementException, SSOException {
    if (debug.messageEnabled()) {
        localDebugName = debugName + ".getAdviceMessagesforAuthScheme(): ";
    }
    Set<String> adviceMessages = new HashSet<String>();
    Set requestAuthSchemes = null;
    Set requestAuthSchemesIgnoreRealm = null;
    if ((env != null) && (env.get(REQUEST_AUTH_SCHEMES) != null)) {
        try {
            requestAuthSchemes = env.get(REQUEST_AUTH_SCHEMES);
            if (debug.messageEnabled()) {
                debug.message(localDebugName + "requestAuthSchemes from env=" + requestAuthSchemes);
            }
        } catch (ClassCastException e) {
            throw new EntitlementException(PROPERTY_VALUE_NOT_DEFINED, new String[] { REQUEST_AUTH_SCHEMES }, e);
        }
    } else {
        if (token != null) {
            requestAuthSchemes = AMAuthUtils.getRealmQualifiedAuthenticatedSchemes(token);
            requestAuthSchemesIgnoreRealm = AMAuthUtils.getAuthenticatedSchemes(token);
            if (debug.messageEnabled()) {
                debug.message(localDebugName + "requestAuthSchemes from ssoToken=" + requestAuthSchemes);
                debug.message(localDebugName + "requestAuthSchemesIgnoreRealm from ssoToken= " + requestAuthSchemesIgnoreRealm);
            }
        }
    }
    if (requestAuthSchemes == null) {
        requestAuthSchemes = Collections.EMPTY_SET;
    }
    if (requestAuthSchemesIgnoreRealm == null) {
        requestAuthSchemesIgnoreRealm = Collections.EMPTY_SET;
    }
    String authScheme = adviceValue;
    if (!requestAuthSchemes.contains(authScheme)) {
        String realm = AMAuthUtils.getRealmFromRealmQualifiedData(authScheme);
        if ((realm != null) && (realm.length() != 0)) {
            adviceMessages.add(authScheme);
            if (debug.messageEnabled()) {
                debug.message(localDebugName + "authScheme not satisfied = " + authScheme);
            }
        } else if ((realm == null) || (realm.length() == 0)) {
            if (!requestAuthSchemesIgnoreRealm.contains(authScheme)) {
                adviceMessages.add(authScheme);
                if (debug.messageEnabled()) {
                    debug.message(localDebugName + "authScheme not satisfied = " + authScheme);
                }
            }
        }
    }
    if (debug.messageEnabled()) {
        debug.message(localDebugName + "authScheme = " + authScheme + ", " + "requestAuthSchemes = " + requestAuthSchemes + ", " + " adviceMessages = " + adviceMessages);
    }
    return adviceMessages;
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) Set(java.util.Set) HashSet(java.util.HashSet) HashSet(java.util.HashSet)

Example 22 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class ResourceEnvIPCondition method getMaxRequestAuthLevel.

/**
     * Returns the maximum auth level specified for the REQUEST_AUTH_LEVEL
     * property in the environment Map.
     */
private int getMaxRequestAuthLevel(Map<String, Set<String>> env, String authRealm, String authLevel) throws EntitlementException {
    if (debug.messageEnabled()) {
        localDebugName = debugName + ".getMaxRequestAuthLevel(): ";
    }
    int maxAuthLevel = Integer.MIN_VALUE;
    int currentAuthLevel = Integer.MIN_VALUE;
    if (debug.messageEnabled()) {
        debug.message(localDebugName + "entering: envMap= " + env + ", authRealm= " + authRealm + ", " + "conditionAuthLevel= " + authLevel);
    }
    Object envAuthLevelObject = env.get(REQUEST_AUTH_LEVEL);
    if (envAuthLevelObject != null) {
        if (envAuthLevelObject instanceof Integer) {
            if ((authRealm == null) || (authRealm.length() == 0)) {
                maxAuthLevel = ((Integer) envAuthLevelObject).intValue();
                if (debug.messageEnabled()) {
                    debug.message(localDebugName + "Integer level in env= " + maxAuthLevel);
                }
            }
        } else if (envAuthLevelObject instanceof Set) {
            Set envAuthLevelSet = (Set) envAuthLevelObject;
            if (!envAuthLevelSet.isEmpty()) {
                Iterator iter = envAuthLevelSet.iterator();
                while (iter.hasNext()) {
                    Object envAuthLevelElement = iter.next();
                    if (!(envAuthLevelElement instanceof String)) {
                        if (debug.warningEnabled()) {
                            debug.warning(localDebugName + "requestAuthLevel Set element" + " not String");
                        }
                        throw new EntitlementException(AUTH_LEVEL_NOT_INT_OR_SET);
                    } else {
                        String qualifiedLevel = (String) envAuthLevelElement;
                        currentAuthLevel = getAuthLevel(qualifiedLevel);
                        if ((authRealm == null) || authRealm.length() == 0) {
                            if (currentAuthLevel > maxAuthLevel) {
                                maxAuthLevel = currentAuthLevel;
                            }
                        } else {
                            String realmString = AMAuthUtils.getRealmFromRealmQualifiedData(qualifiedLevel);
                            if (authRealm.equals(realmString) && (currentAuthLevel > maxAuthLevel)) {
                                maxAuthLevel = currentAuthLevel;
                            }
                        }
                    }
                }
            }
        } else {
            if (debug.warningEnabled()) {
                debug.warning(localDebugName + "requestAuthLevel in env neither Integer nor Set");
            }
            throw new EntitlementException(AUTH_LEVEL_NOT_INT_OR_SET);
        }
    }
    if (debug.messageEnabled()) {
        debug.message(localDebugName + "returning: maxAuthLevel=" + maxAuthLevel);
    }
    return maxAuthLevel;
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) Set(java.util.Set) HashSet(java.util.HashSet) Iterator(java.util.Iterator) JSONObject(org.json.JSONObject)

Example 23 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class LDAPFilterCondition method setLdapFilter.

// Set by JSON mapping
@SuppressWarnings("unused")
public void setLdapFilter(String ldapFilter) throws EntitlementException {
    final Map<String, Set<String>> properties = new HashMap<String, Set<String>>(condition.getProperties());
    properties.put(LDAP_FILTER, Collections.singleton(ldapFilter));
    try {
        condition.setProperties(properties);
    } catch (PolicyException e) {
        throw new EntitlementException(EntitlementException.INVALID_PROPERTY_VALUE, new Object[] { LDAP_FILTER, ldapFilter }, e);
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) Set(java.util.Set) HashMap(java.util.HashMap) PolicyException(com.sun.identity.policy.PolicyException) JSONObject(org.json.JSONObject)

Example 24 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class ResourceEnvIPCondition method getAdviceMessagesforRealm.

/**
     * Returns advice messages for Authentication Realm condition.
     */
private Set<String> getAdviceMessagesforRealm(String adviceValue, SSOToken token, Map<String, Set<String>> env) throws EntitlementException, SSOException {
    if (debug.messageEnabled()) {
        localDebugName = debugName + ".getAdviceMessagesforRealm(): ";
    }
    Set<String> adviceMessages = new HashSet<String>();
    Set<String> requestAuthnRealms = new HashSet<String>();
    if ((env != null) && (env.get(REQUEST_AUTHENTICATED_TO_REALMS) != null)) {
        try {
            requestAuthnRealms = env.get(REQUEST_AUTHENTICATED_TO_REALMS);
            if (debug.messageEnabled()) {
                debug.message(localDebugName + "requestAuthnRealms, from request / env = " + requestAuthnRealms);
            }
        } catch (ClassCastException e) {
            throw new EntitlementException(PROPERTY_IS_NOT_A_SET, new String[] { REQUEST_AUTHENTICATED_TO_REALMS }, e);
        }
    } else {
        if (token != null) {
            Set authenticatedRealms = AMAuthUtils.getAuthenticatedRealms(token);
            if (authenticatedRealms != null) {
                requestAuthnRealms.addAll(authenticatedRealms);
            }
            if (debug.messageEnabled()) {
                debug.message(localDebugName + "requestAuthnRealms, from ssoToken = " + requestAuthnRealms);
            }
        }
    }
    String authRealm = adviceValue;
    if (!requestAuthnRealms.contains(authRealm)) {
        adviceMessages.add(authRealm);
        if (debug.messageEnabled()) {
            debug.message(localDebugName + "authenticateToRealm not satisfied = " + authRealm);
        }
    }
    if (debug.messageEnabled()) {
        debug.message(localDebugName + "authRealm = " + authRealm + "," + " requestAuthnRealms = " + requestAuthnRealms + ", adviceMessages = " + adviceMessages);
    }
    return adviceMessages;
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) Set(java.util.Set) HashSet(java.util.HashSet) HashSet(java.util.HashSet)

Example 25 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class AuthLevelCondition method evaluate.

/**
     * {@inheritDoc}
     */
@Override
public ConditionDecision evaluate(String realm, Subject subject, String resourceName, Map<String, Set<String>> env) throws EntitlementException {
    if (subject == null) {
        return new ConditionDecision(false, Collections.<String, Set<String>>emptyMap());
    }
    if (authLevel == null) {
        throw new EntitlementException(PROPERTY_VALUE_NOT_DEFINED, new String[] { AUTH_LEVEL }, null);
    }
    boolean allowed = false;
    Map<String, Set<String>> advices = new HashMap<String, Set<String>>();
    if (debug.messageEnabled()) {
        debug.message(getConditionName() + ".getConditionDecision():entering");
    }
    try {
        int maxRequestAuthLevel = getMaxRequestAuthLevel(env);
        if (maxRequestAuthLevel == Integer.MIN_VALUE) {
            SSOToken token = (SSOToken) subject.getPrivateCredentials().iterator().next();
            maxRequestAuthLevel = getMaxRequestAuthLevel(token);
        }
        allowed = isAllowed(maxRequestAuthLevel, advices);
        if (debug.messageEnabled()) {
            debug.message("At " + getConditionName() + ".getConditionDecision():authLevel=" + authLevel + ",maxRequestAuthLevel=" + maxRequestAuthLevel + ",allowed = " + allowed);
        }
    } catch (SSOException e) {
        if (debug.messageEnabled()) {
            debug.message("Problem getting auth level from SSOToken: " + e.getMessage(), e);
        }
    }
    return new ConditionDecision(allowed, advices);
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) Set(java.util.Set) HashSet(java.util.HashSet) SSOToken(com.iplanet.sso.SSOToken) HashMap(java.util.HashMap) SSOException(com.iplanet.sso.SSOException) ConditionDecision(com.sun.identity.entitlement.ConditionDecision)

Aggregations

EntitlementException (com.sun.identity.entitlement.EntitlementException)221 Subject (javax.security.auth.Subject)68 HashSet (java.util.HashSet)58 SSOException (com.iplanet.sso.SSOException)51 Set (java.util.Set)50 SSOToken (com.iplanet.sso.SSOToken)47 SMSException (com.sun.identity.sm.SMSException)45 Application (com.sun.identity.entitlement.Application)37 Test (org.testng.annotations.Test)37 HashMap (java.util.HashMap)34 ResourceException (org.forgerock.json.resource.ResourceException)33 ResourceResponse (org.forgerock.json.resource.ResourceResponse)32 Privilege (com.sun.identity.entitlement.Privilege)22 JsonValue (org.forgerock.json.JsonValue)19 JSONException (org.json.JSONException)19 CLIException (com.sun.identity.cli.CLIException)18 ApplicationPrivilegeManager (com.sun.identity.entitlement.ApplicationPrivilegeManager)17 ServiceConfig (com.sun.identity.sm.ServiceConfig)17 ResourceType (org.forgerock.openam.entitlement.ResourceType)17 PolicyException (com.sun.identity.policy.PolicyException)16
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial