use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.
the class UpgradeResourceTypeStep method createResourceType.
/**
* Create the resource type for the given application if a suitable resource type does not already exist.
* @param state The state object that contains the various parameters for creating the resource type.
* @param realm The realm in which the application and resource type resides.
* @return The resource type if it could be created or {@code null} if it could not.
* @throws UpgradeException If the application types could not be read.
*/
private ResourceType createResourceType(ResourceTypeState state, String realm) throws UpgradeException {
final Set<QueryFilter<SmsAttribute>> actionFilters = transformSet(state.actions, new Function<String, QueryFilter<SmsAttribute>, NeverThrowsException>() {
@Override
public QueryFilter<SmsAttribute> apply(String value) {
return QueryFilter.equalTo(ResourceTypeSmsAttributes.ACTIONS, value);
}
});
final Set<QueryFilter<SmsAttribute>> patternFilters = transformSet(state.patterns, new Function<String, QueryFilter<SmsAttribute>, NeverThrowsException>() {
@Override
public QueryFilter<SmsAttribute> apply(String value) {
return QueryFilter.equalTo(ResourceTypeSmsAttributes.PATTERNS, value);
}
});
final Set<ResourceType> resourceTypes;
try {
resourceTypes = resourceTypeService.getResourceTypes(QueryFilter.and(QueryFilter.and(actionFilters), QueryFilter.and(patternFilters)), getAdminSubject(), realm);
} catch (EntitlementException e) {
throw new UpgradeException("Failed to retrieve resource type for " + state.appName, e);
}
if (!resourceTypes.isEmpty()) {
// Some matching resource types have been found, return the first one.
return resourceTypes.iterator().next();
}
ResourceType resourceType = ResourceType.builder().setName(state.appName + RESOURCES_TYPE_NAME_SUFFIX).addActions(getActions(state.actions)).addPatterns(state.patterns).setDescription(RESOURCE_TYPE_DESCRIPTION + state.appName).generateUUID().build();
saveResourceType(resourceType, realm);
state.resourceTypeName = resourceType.getName();
return resourceType;
}
use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.
the class UpgradeResourceTypeStep method upgradeApplication.
/**
* Add the resource type UUID to the application and persist it.
* @param ec The EntitlementConfiguration for the realm in which the application resides.
* @param appName Name of the application.
* @param resourceTypeUUID The resource type associated with the application.
* @throws UpgradeException If the application failed to persist.
*/
private void upgradeApplication(EntitlementConfiguration ec, String appName, String resourceTypeUUID) throws UpgradeException {
try {
UpgradeProgress.reportStart(AUDIT_MODIFIED_APP_UUID_START, appName);
final Application application = ec.getApplication(appName);
application.addAllResourceTypeUuids(Collections.singleton(resourceTypeUUID));
ec.storeApplication(application);
UpgradeProgress.reportEnd(AUDIT_UPGRADE_SUCCESS);
} catch (EntitlementException ee) {
UpgradeProgress.reportEnd(AUDIT_UPGRADE_FAIL);
throw new UpgradeException("Failed to add resource type uuid to application " + appName, ee);
}
}
use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.
the class IndexTreeServiceImpl method createAndPopulateTree.
/**
* Populates a new instance of a index rule tree with policy path indexes retrieved from the associated realm.
*
* @param realm
* The realm for which policy path indexes are to be read from.
* @return A newly created tree populated with rules configured against the realm.
* @throws EntitlementException
* When an error occurs reading policy data.
*/
private IndexRuleTree createAndPopulateTree(String realm) throws EntitlementException {
IndexRuleTree indexTree = null;
String baseDN = String.format(REALM_DN_TEMPLATE, dnMapper.orgNameToDN(realm));
SSOToken token = AccessController.doPrivileged(adminAction);
if (smDAO.checkIfEntryExists(baseDN, token)) {
indexTree = new SimpleReferenceTree();
try {
Set<String> excludes = Collections.emptySet();
// Carry out search.
Iterator<SMSDataEntry> i = smDAO.search(token, baseDN, SEARCH_FILTER, 0, 0, false, false, excludes);
while (i.hasNext()) {
SMSDataEntry e = i.next();
// Suppressed warning as unchecked assignment is valid.
@SuppressWarnings("unchecked") Set<String> policyPathIndexes = e.getAttributeValues(INDEX_PATH_ATT);
indexTree.addIndexRules(policyPathIndexes);
}
} catch (SMSException smsE) {
throw new EntitlementException(52, new Object[] { baseDN }, smsE);
}
if (DEBUG.messageEnabled()) {
DEBUG.message(String.format("Index rule tree created for '%s'.", realm));
}
}
return indexTree;
}
use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.
the class JsonPolicyParser method parsePrivilege.
private Privilege parsePrivilege(String providedName, JsonValue jsonValue) throws EntitlementException {
try {
// Note: this is a bit ugly as we re-serialise the JsonValue back into a JSON String to then parse it
// again using Jackson. Unfortunately, that appears to be the easiest way as JsonValue does not support
// data binding.
JsonPolicy policy = MAPPER.readValue(jsonValue.toString(), JsonPolicy.class);
Privilege privilege = policy.asPrivilege();
if (isBlank(privilege.getName())) {
privilege.setName(providedName);
}
if (isBlank(privilege.getName())) {
throw new EntitlementException(EntitlementException.MISSING_PRIVILEGE_NAME);
}
// Validate the condition if present
if (privilege.getCondition() != null) {
privilege.getCondition().validate();
}
return privilege;
} catch (UnrecognizedPropertyException ex) {
throw new EntitlementException(EntitlementException.INVALID_VALUE, new Object[] { ex.getUnrecognizedPropertyName() });
} catch (JsonMappingException ex) {
throw new EntitlementException(EntitlementException.INVALID_JSON, ex, ex.getMessage());
} catch (IOException e) {
throw new EntitlementException(EntitlementException.UNABLE_TO_CREATE_POLICY, e);
}
}
use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.
the class PolicyResource method actionCollection.
/**
* {@inheritDoc}
*/
@Override
public Promise<ActionResponse, ResourceException> actionCollection(Context context, ActionRequest actionRequest) {
final String actionString = actionRequest.getAction();
final PolicyAction action = PolicyAction.getAction(actionString);
if (!PolicyAction.isEvaluateAction(action)) {
final String errorMsg = "Action '" + actionString + "' not implemented for this resource";
final NotSupportedException nsE = new NotSupportedException(errorMsg);
DEBUG.error(errorMsg, nsE);
return nsE.asPromise();
}
try {
if (DEBUG.messageEnabled()) {
DEBUG.message("Rendering policy request for action " + actionString);
}
final PolicyRequest request = requestFactory.buildRequest(action, context, actionRequest);
final PolicyEvaluator evaluator = factory.getEvaluator(request.getRestSubject(), request.getApplication());
if (DEBUG.messageEnabled()) {
final StringBuilder builder = new StringBuilder();
builder.append("Evaluating policy request for action ");
builder.append(actionString);
builder.append(" under realm ");
builder.append(request.getRealm());
builder.append(" within the application context ");
builder.append(request.getApplication());
DEBUG.message(builder.toString());
}
final List<Entitlement> entitlements = evaluator.routePolicyRequest(request);
return newResultPromise(newActionResponse(policyParser.printEntitlements(entitlements)));
} catch (final EntitlementException eE) {
DEBUG.error("Error evaluating policy request", eE);
return resourceErrorHandler.handleError(context, actionRequest, eE).asPromise();
}
}
Aggregations