Examples with EntitlementSubject com.sun.identity.entitlement.EntitlementSubject used on opensource projects

Example 21 with EntitlementSubject

use of com.sun.identity.entitlement.EntitlementSubject in project OpenAM by OpenRock.

the class XACMLPrivilegeUtils method policyToPrivilege.

public static Privilege policyToPrivilege(Policy policy) throws EntitlementException {
    String policyId = policy.getPolicyId();
    String privilegeName = policyIdToPrivilegeName(policyId);
    String description = policy.getDescription();
    String createdBy = getVariableById(policy, XACMLConstants.PRIVILEGE_CREATED_BY);
    long createdAt = dateStringToLong(getVariableById(policy, XACMLConstants.PRIVILEGE_CREATION_DATE));
    String lastModifiedBy = getVariableById(policy, XACMLConstants.PRIVILEGE_LAST_MODIFIED_BY);
    long lastModifiedAt = dateStringToLong(getVariableById(policy, XACMLConstants.PRIVILEGE_LAST_MODIFIED_DATE));
    String entitlementName = getVariableById(policy, XACMLConstants.ENTITLEMENT_NAME);
    String applicationName = getVariableById(policy, XACMLConstants.APPLICATION_NAME);
    List<Match> policyMatches = getAllMatchesFromTarget(policy.getTarget());
    Set<String> resourceNames = getResourceNamesFromMatches(policyMatches);
    Map<String, Boolean> actionValues = getActionValuesFromPolicy(policy);
    EntitlementSubject es = getEntitlementSubjectFromPolicy(policy);
    EntitlementCondition ec = getEntitlementConditionFromPolicy(policy);
    /*
         * Construct entitlement from Rule target
         * Get resource names, excluded resource names, action names from Rule Match element
         * One Match for Action
         * One Rule per value
         */
    Entitlement entitlement = new Entitlement(applicationName, resourceNames, actionValues);
    if (entitlementName != null) {
        entitlement.setName(entitlementName);
    }
    // Process AdviceExpressions from Export into ResourceAttributes
    Set<ResourceAttribute> ras = schemaFactory.adviceExpressionsToResourceAttributes(policy.getAdviceExpressions());
    Privilege privilege = new XACMLOpenSSOPrivilege();
    privilege.setName(privilegeName);
    privilege.setDescription(description);
    privilege.setCreatedBy(createdBy);
    privilege.setCreationDate(createdAt);
    privilege.setLastModifiedBy(lastModifiedBy);
    privilege.setLastModifiedDate(lastModifiedAt);
    privilege.setEntitlement(entitlement);
    privilege.setSubject(es);
    privilege.setCondition(ec);
    privilege.setResourceAttributes(ras);
    return privilege;
}

Example 22 with EntitlementSubject

use of com.sun.identity.entitlement.EntitlementSubject in project OpenAM by OpenRock.

the class ListenerRestTest method setup.

@BeforeClass
public void setup() throws Exception {
    try {
        agent = IdRepoUtils.createAgent(REALM, AGENT_NAME);
        SSOToken ssoToken = AuthUtils.authenticate(REALM, AGENT_NAME, AGENT_NAME);
        String userTokenId = ssoToken.getTokenID().toString();
        hashedTokenId = Hash.hash(userTokenId);
        tokenIdHeader = RestServiceManager.SSOTOKEN_SUBJECT_PREFIX + RestServiceManager.SUBJECT_DELIMITER + userTokenId;
        String cookieValue = userTokenId;
        if (Boolean.parseBoolean(SystemProperties.get(Constants.AM_COOKIE_ENCODE, "false"))) {
            cookieValue = URLEncoder.encode(userTokenId, "UTF-8");
        }
        cookie = new Cookie(SystemProperties.get(Constants.AM_COOKIE_NAME), cookieValue);
        PrivilegeManager pm = PrivilegeManager.getInstance(REALM, adminSubject);
        Privilege privilege = Privilege.getNewInstance();
        privilege.setName(PRIVILEGE_NAME);
        Map<String, Boolean> actions = new HashMap<String, Boolean>();
        actions.put("GET", true);
        Entitlement entitlement = new Entitlement(RESOURCE_NAME + "/*", actions);
        privilege.setEntitlement(entitlement);
        EntitlementSubject sbj = new AuthenticatedUsers();
        privilege.setSubject(sbj);
        pm.add(privilege);
        listenerClient = Client.create().resource(SystemProperties.getServerInstanceName() + "/ws/1/entitlement/listener");
        ENC_NOTIFICATION_URL = ESAPI.encoder().encodeForURL(NOTIFICATION_URL);
    } catch (Exception e) {
        UnittestLog.logError("ListenerRestTest.setup() failed:", e);
        throw e;
    }
}

Example 23 with EntitlementSubject

use of com.sun.identity.entitlement.EntitlementSubject in project OpenAM by OpenRock.

the class PrivilegeUtilsTest method testPrivilegeToPolicy.

@Test
public void testPrivilegeToPolicy() throws Exception {
    String BASE_DN = Constants.DEFAULT_ROOT_SUFFIX;
    Map<String, Boolean> actionValues = new HashMap<String, Boolean>();
    actionValues.put("GET", Boolean.TRUE);
    actionValues.put("POST", Boolean.TRUE);
    String resourceName = "http://www.sun.com";
    Entitlement entitlement = new Entitlement("iPlanetAMWebAgentService", resourceName, actionValues);
    entitlement.setName("ent1");
    String user11 = "id=user11,ou=user," + BASE_DN;
    String user12 = "id=user12,ou=user," + BASE_DN;
    UserSubject us1 = new OpenSSOUserSubject();
    us1.setID(user11);
    UserSubject us2 = new OpenSSOUserSubject();
    us2.setID(user12);
    Set<EntitlementSubject> subjects = new HashSet<EntitlementSubject>();
    subjects.add(us1);
    subjects.add(us2);
    OrSubject os = new OrSubject(subjects);
    IPv4Condition ipc = new IPv4Condition();
    ipc.setStartIpAndEndIp("100.100.100.100", "200.200.200.200");
    Set<EntitlementCondition> setConditions = new HashSet<EntitlementCondition>();
    setConditions.add(ipc);
    AndCondition andCondition = new AndCondition();
    andCondition.setEConditions(setConditions);
    StaticAttributes sa1 = new StaticAttributes();
    Set<String> aValues = new HashSet<String>();
    aValues.add("a10");
    aValues.add("a20");
    sa1.setPropertyName("a");
    sa1.setPropertyValues(aValues);
    sa1.setPResponseProviderName("sa");
    StaticAttributes sa2 = new StaticAttributes();
    Set<String> bValues = new HashSet<String>();
    bValues.add("b10");
    bValues.add("b20");
    sa2.setPropertyName("b");
    sa2.setPropertyValues(bValues);
    sa2.setPResponseProviderName("sa");
    UserAttributes uat1 = new UserAttributes();
    uat1.setPropertyName("email");
    uat1.setPResponseProviderName("ua");
    UserAttributes uat2 = new UserAttributes();
    uat2.setPropertyName("uid");
    uat2.setPResponseProviderName("ua");
    Set<ResourceAttribute> ra = new HashSet<ResourceAttribute>();
    ra.add(sa1);
    ra.add(sa2);
    ra.add(uat1);
    ra.add(uat2);
    Privilege privilege = Privilege.getNewInstance();
    privilege.setName("PrivilegeUtilsTest");
    privilege.setEntitlement(entitlement);
    //orSubject
    privilege.setSubject(os);
    privilege.setCondition(andCondition);
    privilege.setResourceAttributes(ra);
    Policy policy = PrivilegeUtils.privilegeToPolicy("/", privilege);
    Set<IPrivilege> ps = PrivilegeUtils.policyToPrivileges(policy);
    if ((ps == null) || ps.isEmpty()) {
        throw new Exception("PrivilegeUtilsTest.testPrivilegeToPolicy failed.");
    }
}

Example 24 with EntitlementSubject

use of com.sun.identity.entitlement.EntitlementSubject in project OpenAM by OpenRock.

the class PrivilegeRestTest method setup.

@BeforeClass
public void setup() throws Exception {
    PrivilegeManager pm = PrivilegeManager.getInstance("/", adminSubject);
    Privilege privilege = Privilege.getNewInstance();
    privilege.setName(PRIVILEGE_NAME);
    privilege.setDescription("desciption");
    Map<String, Boolean> actions = new HashMap<String, Boolean>();
    actions.put("GET", true);
    Entitlement entitlement = new Entitlement(RESOURCE_NAME + "/*", actions);
    privilege.setEntitlement(entitlement);
    EntitlementSubject sbj = new AuthenticatedUsers();
    privilege.setSubject(sbj);
    pm.add(privilege);
    String tokenId = adminToken.getTokenID().toString();
    hashedTokenId = Hash.hash(tokenId);
    tokenIdHeader = RestServiceManager.SSOTOKEN_SUBJECT_PREFIX + RestServiceManager.SUBJECT_DELIMITER + tokenId;
    String cookieValue = tokenId;
    if (Boolean.parseBoolean(SystemProperties.get(Constants.AM_COOKIE_ENCODE, "false"))) {
        cookieValue = URLEncoder.encode(tokenId, "UTF-8");
    }
    cookie = new Cookie(SystemProperties.get(Constants.AM_COOKIE_NAME), cookieValue);
    webClient = Client.create().resource(SystemProperties.getServerInstanceName() + "/ws/1/entitlement/privilege");
}

Example 25 with EntitlementSubject

use of com.sun.identity.entitlement.EntitlementSubject in project OpenAM by OpenRock.

the class RestPermissionTest method createPrivilege.

private void createPrivilege() throws EntitlementException {
    PrivilegeManager pm = PrivilegeManager.getInstance("/", adminSubject);
    Privilege privilege = Privilege.getNewInstance();
    privilege.setName(PRIVILEGE_NAME);
    privilege.setDescription("desciption");
    Map<String, Boolean> actions = new HashMap<String, Boolean>();
    actions.put("GET", true);
    Entitlement entitlement = new Entitlement(RESOURCE_NAME + "/*", actions);
    privilege.setEntitlement(entitlement);
    EntitlementSubject sbj = new AuthenticatedUsers();
    privilege.setSubject(sbj);
    pm.add(privilege);
}