Examples with EntitlementSubject com.sun.identity.entitlement.EntitlementSubject used on opensource projects

Search in sources :

Example 26 with EntitlementSubject

use of com.sun.identity.entitlement.EntitlementSubject in project OpenAM by OpenRock.

the class OpenSSOApplicationPrivilegeManager method toApplicationPrivilege.

private ApplicationPrivilege toApplicationPrivilege(Privilege p) throws EntitlementException {
    ApplicationPrivilege ap = new ApplicationPrivilege(p.getName());
    ap.setDescription(p.getDescription());
    ap.setCreatedBy(p.getCreatedBy());
    ap.setCreationDate(p.getCreationDate());
    ap.setLastModifiedBy(p.getLastModifiedBy());
    ap.setLastModifiedDate(p.getLastModifiedDate());
    Entitlement ent = p.getEntitlement();
    Set<String> resourceNames = ent.getResourceNames();
    Map<String, Set<String>> mapAppToRes = getApplicationPrivilegeResourceNames(resourceNames);
    ap.setApplicationResources(mapAppToRes);
    ap.setActionValues(getActionValues(ent.getActionValues()));
    Set<SubjectImplementation> subjects = new HashSet<SubjectImplementation>();
    if (p.getSubject() instanceof OrSubject) {
        OrSubject orSubject = (OrSubject) p.getSubject();
        for (EntitlementSubject es : orSubject.getESubjects()) {
            if (es instanceof SubjectImplementation) {
                subjects.add((SubjectImplementation) es);
            }
        }
    } else if (p.getSubject() instanceof SubjectImplementation) {
        subjects.add((SubjectImplementation) p.getSubject());
    }
    ap.setSubject(subjects);
    EntitlementCondition cond = p.getCondition();
    if (cond instanceof SimpleTimeCondition) {
        ap.setCondition(cond);
    }
    return ap;
}
Also used : EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition) HashSet(java.util.HashSet) Set(java.util.Set) SimpleTimeCondition(org.forgerock.openam.entitlement.conditions.environment.SimpleTimeCondition) OrSubject(com.sun.identity.entitlement.OrSubject) EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject) ApplicationPrivilege(com.sun.identity.entitlement.ApplicationPrivilege) SubjectImplementation(com.sun.identity.entitlement.SubjectImplementation) Entitlement(com.sun.identity.entitlement.Entitlement) HashSet(java.util.HashSet)

Example 27 with EntitlementSubject

use of com.sun.identity.entitlement.EntitlementSubject in project OpenAM by OpenRock.

the class EntitlementRegistryTest method shouldNotReturnSuperTypeSubjectNames.

@Test
public void shouldNotReturnSuperTypeSubjectNames() {
    // Given
    EntitlementSubject testSubject = new JwtClaimSubject();
    // Only super-type registered
    testRegistry.registerSubjectType(EntitlementSubject.class);
    // When
    String result = testRegistry.getSubjectName(testSubject);
    // Then
    assertThat(result).isNull();
}
Also used : EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject) JwtClaimSubject(com.sun.identity.entitlement.JwtClaimSubject) Test(org.testng.annotations.Test)

Example 28 with EntitlementSubject

use of com.sun.identity.entitlement.EntitlementSubject in project OpenAM by OpenRock.

the class PrivilegeUtilsTest method testPrivilegeToXACMLPolicy.

@Test
public void testPrivilegeToXACMLPolicy() throws Exception {
    try {
        UnittestLog.logMessage("PrivilegeUtils.testPrivilegeToXACMLPolicy():" + " entered");
        Map<String, Boolean> actionValues = new HashMap<String, Boolean>();
        actionValues.put("GET", Boolean.TRUE);
        actionValues.put("POST", Boolean.FALSE);
        // The port is required for passing equals  test
        // opensso policy would add default port if port not specified
        String resourceName = "http://www.sun.com:80";
        Entitlement entitlement = new Entitlement(SERVICE_NAME, resourceName, actionValues);
        entitlement.setName("ent1");
        String user11 = "id=user11,ou=user," + ServiceManager.getBaseDN();
        String user12 = "id=user12,ou=user," + ServiceManager.getBaseDN();
        UserSubject ua1 = new OpenSSOUserSubject();
        ua1.setID(user11);
        UserSubject ua2 = new OpenSSOUserSubject();
        ua2.setID(user12);
        Set<EntitlementSubject> subjects = new HashSet<EntitlementSubject>();
        subjects.add(ua1);
        subjects.add(ua2);
        OrSubject os = new OrSubject(subjects);
        Set<EntitlementCondition> conditions = new HashSet<EntitlementCondition>();
        String startIp = "100.100.100.100";
        String endIp = "200.200.200.200";
        IPv4Condition ipc = new IPv4Condition();
        ipc.setStartIpAndEndIp(startIp, endIp);
        conditions.add(ipc);
        OrCondition oc = new OrCondition(conditions);
        AndCondition ac = new AndCondition(conditions);
        StaticAttributes sa1 = new StaticAttributes();
        Set<String> aValues = new HashSet<String>();
        aValues.add("a10");
        aValues.add("a20");
        sa1.setPropertyName("a");
        sa1.setPropertyValues(aValues);
        sa1.setPResponseProviderName("sa");
        StaticAttributes sa2 = new StaticAttributes();
        Set<String> bValues = new HashSet<String>();
        bValues.add("b10");
        bValues.add("b20");
        sa2.setPropertyName("b");
        sa2.setPropertyValues(bValues);
        sa2.setPResponseProviderName("sa");
        UserAttributes uat1 = new UserAttributes();
        uat1.setPropertyName("email");
        uat1.setPResponseProviderName("ua");
        UserAttributes uat2 = new UserAttributes();
        uat2.setPropertyName("uid");
        uat2.setPResponseProviderName("ua");
        Set<ResourceAttribute> ra = new HashSet<ResourceAttribute>();
        ra.add(sa1);
        ra.add(sa2);
        ra.add(uat1);
        ra.add(uat2);
        Privilege privilege = Privilege.getNewInstance();
        privilege.setName(PRIVILEGE_NAME);
        privilege.setEntitlement(entitlement);
        privilege.setSubject(ua1);
        privilege.setCondition(ipc);
        privilege.setResourceAttributes(ra);
        privilege.setCreatedBy("amadmin");
        privilege.setLastModifiedBy("amadmin");
        privilege.setCreationDate(System.currentTimeMillis());
        privilege.setLastModifiedDate(System.currentTimeMillis());
        UnittestLog.logMessage("PrivilegeUtils.testPrivilegeToXACMLPolicy():" + "Privilege=" + privilege.toString());
        UnittestLog.logMessage("PrivilegeUtils.testPrivilegeToXACMLPolicy():" + "converting to xacml policy");
        // TODO(jtb): not compiling
        String xacmlString = XACMLPrivilegeUtils.toXACML(privilege);
        UnittestLog.logMessage("xacml policy=" + xacmlString);
    } catch (Throwable t) {
        UnittestLog.logError("Throwable:", t);
        UnittestLog.logMessage("Throwable:" + t.getMessage());
        t.printStackTrace();
    }
}
Also used : EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition) HashMap(java.util.HashMap) IPv4Condition(org.forgerock.openam.entitlement.conditions.environment.IPv4Condition) OpenSSOUserSubject(com.sun.identity.entitlement.opensso.OpenSSOUserSubject) StaticAttributes(com.sun.identity.entitlement.StaticAttributes) OrSubject(com.sun.identity.entitlement.OrSubject) AndCondition(com.sun.identity.entitlement.AndCondition) UserAttributes(com.sun.identity.entitlement.UserAttributes) EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject) OpenSSOUserSubject(com.sun.identity.entitlement.opensso.OpenSSOUserSubject) UserSubject(com.sun.identity.entitlement.UserSubject) OrCondition(com.sun.identity.entitlement.OrCondition) Entitlement(com.sun.identity.entitlement.Entitlement) ResourceAttribute(com.sun.identity.entitlement.ResourceAttribute) Privilege(com.sun.identity.entitlement.Privilege) HashSet(java.util.HashSet) Test(org.testng.annotations.Test)

Example 29 with EntitlementSubject

use of com.sun.identity.entitlement.EntitlementSubject in project OpenAM by OpenRock.

the class PrivilegePolicyMapping method policyToPrivilege.

@Test
public void policyToPrivilege() throws Exception {
    Set<IPrivilege> privileges = PrivilegeUtils.policyToPrivileges(policy);
    if (privileges.isEmpty()) {
        throw new Exception("PrivilegePolicyMapping.policyToPrivilege: cannot get privilege");
    }
    privilege = (Privilege) privileges.iterator().next();
    EntitlementCondition cond = privilege.getCondition();
    if (!(cond instanceof OrCondition)) {
        throw new Exception("PrivilegePolicyMapping.policyToPrivilege: condition is not AND condition");
    }
    OrCondition pOrCond = (OrCondition) cond;
    for (EntitlementCondition ec : pOrCond.getEConditions()) {
        if (!(ec instanceof PolicyCondition)) {
            throw new Exception("PrivilegePolicyMapping.policyToPrivilege: condition is not policy condition");
        }
        PolicyCondition pCond = (PolicyCondition) ec;
        Map<String, Set<String>> pCondProp = pCond.getProperties();
        if (!pCondProp.equals(ipConditionEnvMap) && !pCondProp.equals(ipConditionEnvMap1)) {
            throw new Exception("PrivilegePolicyMapping.policyToPrivilege: condition values are not correct");
        }
    }
    EntitlementSubject sbj = privilege.getSubject();
    if (!(sbj instanceof PolicySubject)) {
        throw new Exception("PrivilegePolicyMapping.policyToPrivilege: subject is not privilege subject");
    }
    PolicySubject pSbj = (PolicySubject) sbj;
    Set pSbjValue = pSbj.getValues();
    if ((pSbjValue == null) || pSbjValue.isEmpty()) {
        throw new Exception("PrivilegePolicyMapping.policyToPrivilege: subject value is empty");
    }
    if (!pSbjValue.contains(testUser.getUniversalId())) {
        throw new Exception("PrivilegePolicyMapping.policyToPrivilege: subject value is incorrect");
    }
}
Also used : EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject) EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition) HashSet(java.util.HashSet) Set(java.util.Set) IPrivilege(com.sun.identity.entitlement.IPrivilege) OrCondition(com.sun.identity.entitlement.OrCondition) PolicyException(com.sun.identity.policy.PolicyException) Test(org.testng.annotations.Test)

Example 30 with EntitlementSubject

use of com.sun.identity.entitlement.EntitlementSubject in project OpenAM by OpenRock.

the class RestTest method setup.

@BeforeClass
public void setup() throws Exception {
    try {
        PrivilegeManager pm = PrivilegeManager.getInstance(REALM, adminSubject);
        Privilege privilege = Privilege.getNewInstance();
        privilege.setName(PRIVILEGE_NAME);
        Map<String, Boolean> actions = new HashMap<String, Boolean>();
        actions.put("GET", true);
        Entitlement entitlement = new Entitlement(RESOURCE_NAME + "/*", actions);
        privilege.setEntitlement(entitlement);
        EntitlementSubject sbj = new AuthenticatedUsers();
        privilege.setSubject(sbj);
        NumericAttributeCondition cond = new NumericAttributeCondition();
        cond.setAttributeName(ATTR_NAME);
        cond.setOperator(NumericAttributeCondition.Operator.EQUAL);
        cond.setValue(ATTR_VAL);
        privilege.setCondition(cond);
        pm.add(privilege);
        user = IdRepoUtils.createAgent(REALM, AGENT_NAME);
        SSOToken ssoToken = AuthUtils.authenticate(REALM, AGENT_NAME, AGENT_NAME);
        String userTokenId = ssoToken.getTokenID().toString();
        hashedUserTokenId = Hash.hash(userTokenId);
        userTokenIdHeader = RestServiceManager.SSOTOKEN_SUBJECT_PREFIX + RestServiceManager.SUBJECT_DELIMITER + userTokenId;
        String cookieValue = userTokenId;
        if (Boolean.parseBoolean(SystemProperties.get(Constants.AM_COOKIE_ENCODE, "false"))) {
            cookieValue = URLEncoder.encode(userTokenId, "UTF-8");
        }
        cookie = new Cookie(SystemProperties.get(Constants.AM_COOKIE_NAME), cookieValue);
        String serverURL = SystemProperties.getServerInstanceName();
        decisionClient = Client.create().resource(serverURL + "/ws/1/entitlement/decision");
        decisionsClient = Client.create().resource(serverURL + "/ws/1/entitlement/decisions");
        entitlementClient = Client.create().resource(serverURL + "/ws/1/entitlement/entitlement");
        entitlementsClient = Client.create().resource(serverURL + "/ws/1/entitlement/entitlements");
    } catch (Exception e) {
        UnittestLog.logError("RestTest.setup() failed:", e);
        throw e;
    }
}
Also used : Cookie(javax.ws.rs.core.Cookie) SSOToken(com.iplanet.sso.SSOToken) NumericAttributeCondition(com.sun.identity.entitlement.NumericAttributeCondition) HashMap(java.util.HashMap) AuthenticatedUsers(org.forgerock.openam.entitlement.conditions.subject.AuthenticatedUsers) PrivilegeManager(com.sun.identity.entitlement.PrivilegeManager) UniformInterfaceException(com.sun.jersey.api.client.UniformInterfaceException) EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject) Privilege(com.sun.identity.entitlement.Privilege) JSONEntitlement(com.sun.identity.entitlement.JSONEntitlement) Entitlement(com.sun.identity.entitlement.Entitlement) BeforeClass(org.testng.annotations.BeforeClass)

Aggregations

EntitlementSubject (com.sun.identity.entitlement.EntitlementSubject)30 Privilege (com.sun.identity.entitlement.Privilege)17 HashSet (java.util.HashSet)15 Entitlement (com.sun.identity.entitlement.Entitlement)13 Test (org.testng.annotations.Test)13 EntitlementCondition (com.sun.identity.entitlement.EntitlementCondition)11 OrSubject (com.sun.identity.entitlement.OrSubject)9 PolicySubject (com.sun.identity.entitlement.opensso.PolicySubject)9 HashMap (java.util.HashMap)6 PrivilegeManager (com.sun.identity.entitlement.PrivilegeManager)5 ResourceAttribute (com.sun.identity.entitlement.ResourceAttribute)5 Set (java.util.Set)5 AuthenticatedUsers (org.forgerock.openam.entitlement.conditions.subject.AuthenticatedUsers)4 AndCondition (com.sun.identity.entitlement.AndCondition)3 IPrivilege (com.sun.identity.entitlement.IPrivilege)3 OrCondition (com.sun.identity.entitlement.OrCondition)3 ReferralPrivilege (com.sun.identity.entitlement.ReferralPrivilege)3 Subject (com.sun.identity.policy.interfaces.Subject)3 PrivilegeSubject (com.sun.identity.policy.plugins.PrivilegeSubject)3 Cookie (javax.ws.rs.core.Cookie)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial