Search in sources :

Example 31 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class UpgradeResourceTypeStep method createResourceType.

/**
     * Create the resource type for the given application if a suitable resource type does not already exist.
     * @param state The state object that contains the various parameters for creating the resource type.
     * @param realm The realm in which the application and resource type resides.
     * @return The resource type if it could be created or {@code null} if it could not.
     * @throws UpgradeException If the application types could not be read.
     */
private ResourceType createResourceType(ResourceTypeState state, String realm) throws UpgradeException {
    final Set<QueryFilter<SmsAttribute>> actionFilters = transformSet(state.actions, new Function<String, QueryFilter<SmsAttribute>, NeverThrowsException>() {

        @Override
        public QueryFilter<SmsAttribute> apply(String value) {
            return QueryFilter.equalTo(ResourceTypeSmsAttributes.ACTIONS, value);
        }
    });
    final Set<QueryFilter<SmsAttribute>> patternFilters = transformSet(state.patterns, new Function<String, QueryFilter<SmsAttribute>, NeverThrowsException>() {

        @Override
        public QueryFilter<SmsAttribute> apply(String value) {
            return QueryFilter.equalTo(ResourceTypeSmsAttributes.PATTERNS, value);
        }
    });
    final Set<ResourceType> resourceTypes;
    try {
        resourceTypes = resourceTypeService.getResourceTypes(QueryFilter.and(QueryFilter.and(actionFilters), QueryFilter.and(patternFilters)), getAdminSubject(), realm);
    } catch (EntitlementException e) {
        throw new UpgradeException("Failed to retrieve resource type for " + state.appName, e);
    }
    if (!resourceTypes.isEmpty()) {
        // Some matching resource types have been found, return the first one.
        return resourceTypes.iterator().next();
    }
    ResourceType resourceType = ResourceType.builder().setName(state.appName + RESOURCES_TYPE_NAME_SUFFIX).addActions(getActions(state.actions)).addPatterns(state.patterns).setDescription(RESOURCE_TYPE_DESCRIPTION + state.appName).generateUUID().build();
    saveResourceType(resourceType, realm);
    state.resourceTypeName = resourceType.getName();
    return resourceType;
}
Also used : NeverThrowsException(org.forgerock.util.promise.NeverThrowsException) UpgradeException(org.forgerock.openam.upgrade.UpgradeException) EntitlementException(com.sun.identity.entitlement.EntitlementException) QueryFilter(org.forgerock.util.query.QueryFilter) ResourceType(org.forgerock.openam.entitlement.ResourceType)

Example 32 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class UpgradeResourceTypeStep method upgradeApplication.

/**
     * Add the resource type UUID to the application and persist it.
     * @param ec The EntitlementConfiguration for the realm in which the application resides.
     * @param appName Name of the application.
     * @param resourceTypeUUID The resource type associated with the application.
     * @throws UpgradeException If the application failed to persist.
     */
private void upgradeApplication(EntitlementConfiguration ec, String appName, String resourceTypeUUID) throws UpgradeException {
    try {
        UpgradeProgress.reportStart(AUDIT_MODIFIED_APP_UUID_START, appName);
        final Application application = ec.getApplication(appName);
        application.addAllResourceTypeUuids(Collections.singleton(resourceTypeUUID));
        ec.storeApplication(application);
        UpgradeProgress.reportEnd(AUDIT_UPGRADE_SUCCESS);
    } catch (EntitlementException ee) {
        UpgradeProgress.reportEnd(AUDIT_UPGRADE_FAIL);
        throw new UpgradeException("Failed to add resource type uuid to application " + appName, ee);
    }
}
Also used : UpgradeException(org.forgerock.openam.upgrade.UpgradeException) EntitlementException(com.sun.identity.entitlement.EntitlementException) Application(com.sun.identity.entitlement.Application)

Example 33 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class IndexTreeServiceImpl method createAndPopulateTree.

/**
     * Populates a new instance of a index rule tree with policy path indexes retrieved from the associated realm.
     *
     * @param realm
     *         The realm for which policy path indexes are to be read from.
     * @return A newly created tree populated with rules configured against the realm.
     * @throws EntitlementException
     *         When an error occurs reading policy data.
     */
private IndexRuleTree createAndPopulateTree(String realm) throws EntitlementException {
    IndexRuleTree indexTree = null;
    String baseDN = String.format(REALM_DN_TEMPLATE, dnMapper.orgNameToDN(realm));
    SSOToken token = AccessController.doPrivileged(adminAction);
    if (smDAO.checkIfEntryExists(baseDN, token)) {
        indexTree = new SimpleReferenceTree();
        try {
            Set<String> excludes = Collections.emptySet();
            // Carry out search.
            Iterator<SMSDataEntry> i = smDAO.search(token, baseDN, SEARCH_FILTER, 0, 0, false, false, excludes);
            while (i.hasNext()) {
                SMSDataEntry e = i.next();
                // Suppressed warning as unchecked assignment is valid.
                @SuppressWarnings("unchecked") Set<String> policyPathIndexes = e.getAttributeValues(INDEX_PATH_ATT);
                indexTree.addIndexRules(policyPathIndexes);
            }
        } catch (SMSException smsE) {
            throw new EntitlementException(52, new Object[] { baseDN }, smsE);
        }
        if (DEBUG.messageEnabled()) {
            DEBUG.message(String.format("Index rule tree created for '%s'.", realm));
        }
    }
    return indexTree;
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) SimpleReferenceTree(org.forgerock.openam.entitlement.utils.indextree.SimpleReferenceTree) SSOToken(com.iplanet.sso.SSOToken) SMSDataEntry(com.sun.identity.sm.SMSDataEntry) SMSException(com.sun.identity.sm.SMSException) IndexRuleTree(org.forgerock.openam.entitlement.utils.indextree.IndexRuleTree)

Example 34 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class JsonPolicyParser method parsePrivilege.

private Privilege parsePrivilege(String providedName, JsonValue jsonValue) throws EntitlementException {
    try {
        // Note: this is a bit ugly as we re-serialise the JsonValue back into a JSON String to then parse it
        // again using Jackson. Unfortunately, that appears to be the easiest way as JsonValue does not support
        // data binding.
        JsonPolicy policy = MAPPER.readValue(jsonValue.toString(), JsonPolicy.class);
        Privilege privilege = policy.asPrivilege();
        if (isBlank(privilege.getName())) {
            privilege.setName(providedName);
        }
        if (isBlank(privilege.getName())) {
            throw new EntitlementException(EntitlementException.MISSING_PRIVILEGE_NAME);
        }
        // Validate the condition if present
        if (privilege.getCondition() != null) {
            privilege.getCondition().validate();
        }
        return privilege;
    } catch (UnrecognizedPropertyException ex) {
        throw new EntitlementException(EntitlementException.INVALID_VALUE, new Object[] { ex.getUnrecognizedPropertyName() });
    } catch (JsonMappingException ex) {
        throw new EntitlementException(EntitlementException.INVALID_JSON, ex, ex.getMessage());
    } catch (IOException e) {
        throw new EntitlementException(EntitlementException.UNABLE_TO_CREATE_POLICY, e);
    }
}
Also used : JsonPolicy(org.forgerock.openam.entitlement.rest.model.json.JsonPolicy) EntitlementException(com.sun.identity.entitlement.EntitlementException) JsonMappingException(com.fasterxml.jackson.databind.JsonMappingException) UnrecognizedPropertyException(com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException) IOException(java.io.IOException) Privilege(com.sun.identity.entitlement.Privilege)

Example 35 with EntitlementException

use of com.sun.identity.entitlement.EntitlementException in project OpenAM by OpenRock.

the class PolicyResource method actionCollection.

/**
     * {@inheritDoc}
     */
@Override
public Promise<ActionResponse, ResourceException> actionCollection(Context context, ActionRequest actionRequest) {
    final String actionString = actionRequest.getAction();
    final PolicyAction action = PolicyAction.getAction(actionString);
    if (!PolicyAction.isEvaluateAction(action)) {
        final String errorMsg = "Action '" + actionString + "' not implemented for this resource";
        final NotSupportedException nsE = new NotSupportedException(errorMsg);
        DEBUG.error(errorMsg, nsE);
        return nsE.asPromise();
    }
    try {
        if (DEBUG.messageEnabled()) {
            DEBUG.message("Rendering policy request for action " + actionString);
        }
        final PolicyRequest request = requestFactory.buildRequest(action, context, actionRequest);
        final PolicyEvaluator evaluator = factory.getEvaluator(request.getRestSubject(), request.getApplication());
        if (DEBUG.messageEnabled()) {
            final StringBuilder builder = new StringBuilder();
            builder.append("Evaluating policy request for action ");
            builder.append(actionString);
            builder.append(" under realm ");
            builder.append(request.getRealm());
            builder.append(" within the application context ");
            builder.append(request.getApplication());
            DEBUG.message(builder.toString());
        }
        final List<Entitlement> entitlements = evaluator.routePolicyRequest(request);
        return newResultPromise(newActionResponse(policyParser.printEntitlements(entitlements)));
    } catch (final EntitlementException eE) {
        DEBUG.error("Error evaluating policy request", eE);
        return resourceErrorHandler.handleError(context, actionRequest, eE).asPromise();
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) NotSupportedException(org.forgerock.json.resource.NotSupportedException) Entitlement(com.sun.identity.entitlement.Entitlement) PolicyRequest(org.forgerock.openam.entitlement.rest.model.json.PolicyRequest)

Aggregations

EntitlementException (com.sun.identity.entitlement.EntitlementException)221 Subject (javax.security.auth.Subject)68 HashSet (java.util.HashSet)58 SSOException (com.iplanet.sso.SSOException)51 Set (java.util.Set)50 SSOToken (com.iplanet.sso.SSOToken)47 SMSException (com.sun.identity.sm.SMSException)45 Application (com.sun.identity.entitlement.Application)37 Test (org.testng.annotations.Test)37 HashMap (java.util.HashMap)34 ResourceException (org.forgerock.json.resource.ResourceException)33 ResourceResponse (org.forgerock.json.resource.ResourceResponse)32 Privilege (com.sun.identity.entitlement.Privilege)22 JsonValue (org.forgerock.json.JsonValue)19 JSONException (org.json.JSONException)19 CLIException (com.sun.identity.cli.CLIException)18 ApplicationPrivilegeManager (com.sun.identity.entitlement.ApplicationPrivilegeManager)17 ServiceConfig (com.sun.identity.sm.ServiceConfig)17 ResourceType (org.forgerock.openam.entitlement.ResourceType)17 PolicyException (com.sun.identity.policy.PolicyException)16