use of com.sun.identity.entitlement.IPrivilege in project OpenAM by OpenRock.
the class DataStore method searchPrivileges.
private Set<IPrivilege> searchPrivileges(String realm, BufferedIterator iterator, ResourceSearchIndexes indexes, Set<String> subjectIndexes, boolean bSubTree, Set<String> excludeDNs) throws EntitlementException {
Set<IPrivilege> results = new HashSet<IPrivilege>();
String filter = getFilter(indexes, subjectIndexes, bSubTree);
String baseDN = getSearchBaseDN(realm, null);
if (PolicyConstants.DEBUG.messageEnabled()) {
PolicyConstants.DEBUG.message("[PolicyEval] DataStore.searchPrivileges");
PolicyConstants.DEBUG.message("[PolicyEval] search filter: " + filter);
PolicyConstants.DEBUG.message("[PolicyEval] search DN: " + baseDN);
}
if (filter != null) {
SSOToken token = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
long start = DB_MONITOR_PRIVILEGE.start();
if (SMSEntry.checkIfEntryExists(baseDN, token)) {
try {
Iterator i = SMSEntry.search(token, baseDN, filter, NO_LIMIT, NO_LIMIT, NOT_SORTED, NOT_SORTED, excludeDNs);
while (i.hasNext()) {
SMSDataEntry e = (SMSDataEntry) i.next();
Privilege privilege = Privilege.getInstance(new JSONObject(e.getAttributeValue(SERIALIZABLE_INDEX_KEY)));
iterator.add(privilege);
results.add(privilege);
}
} catch (JSONException e) {
Object[] arg = { baseDN };
throw new EntitlementException(52, arg, e);
} catch (SMSException e) {
Object[] arg = { baseDN };
throw new EntitlementException(52, arg, e);
}
}
DB_MONITOR_PRIVILEGE.end(start);
}
return results;
}
use of com.sun.identity.entitlement.IPrivilege in project OpenAM by OpenRock.
the class PolicyIndexTest method storeAndRetrieve.
@Test
public void storeAndRetrieve() throws SSOException, PolicyException, EntitlementException, Exception {
SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
PolicyManager pm = new PolicyManager(adminToken, "/");
Set<String> hostIndexes = new HashSet<String>();
Set<String> pathIndexes = new HashSet<String>();
Set<String> parentPathIndexes = new HashSet<String>();
hostIndexes.add("http://www.sun.com");
pathIndexes.add("/private");
parentPathIndexes.add("/");
ResourceSearchIndexes indexes = new ResourceSearchIndexes(hostIndexes, pathIndexes, parentPathIndexes);
PrivilegeIndexStore pis = PrivilegeIndexStore.getInstance(SubjectUtils.createSubject(adminToken), "/");
for (Iterator<IPrivilege> i = pis.search("/", indexes, Collections.EMPTY_SET, false); i.hasNext(); ) {
IPrivilege eval = i.next();
if (!(eval instanceof Privilege)) {
throw new Exception("incorrect deserialized policy, wrong type");
}
Privilege p = (Privilege) eval;
if (!p.getEntitlement().getResourceName().equals(URL_RESOURCE)) {
throw new Exception("incorrect deserialized policy");
}
}
}
use of com.sun.identity.entitlement.IPrivilege in project OpenAM by OpenRock.
the class PrivilegeUtilsTest method testPrivilegeToPolicy.
@Test
public void testPrivilegeToPolicy() throws Exception {
String BASE_DN = Constants.DEFAULT_ROOT_SUFFIX;
Map<String, Boolean> actionValues = new HashMap<String, Boolean>();
actionValues.put("GET", Boolean.TRUE);
actionValues.put("POST", Boolean.TRUE);
String resourceName = "http://www.sun.com";
Entitlement entitlement = new Entitlement("iPlanetAMWebAgentService", resourceName, actionValues);
entitlement.setName("ent1");
String user11 = "id=user11,ou=user," + BASE_DN;
String user12 = "id=user12,ou=user," + BASE_DN;
UserSubject us1 = new OpenSSOUserSubject();
us1.setID(user11);
UserSubject us2 = new OpenSSOUserSubject();
us2.setID(user12);
Set<EntitlementSubject> subjects = new HashSet<EntitlementSubject>();
subjects.add(us1);
subjects.add(us2);
OrSubject os = new OrSubject(subjects);
IPv4Condition ipc = new IPv4Condition();
ipc.setStartIpAndEndIp("100.100.100.100", "200.200.200.200");
Set<EntitlementCondition> setConditions = new HashSet<EntitlementCondition>();
setConditions.add(ipc);
AndCondition andCondition = new AndCondition();
andCondition.setEConditions(setConditions);
StaticAttributes sa1 = new StaticAttributes();
Set<String> aValues = new HashSet<String>();
aValues.add("a10");
aValues.add("a20");
sa1.setPropertyName("a");
sa1.setPropertyValues(aValues);
sa1.setPResponseProviderName("sa");
StaticAttributes sa2 = new StaticAttributes();
Set<String> bValues = new HashSet<String>();
bValues.add("b10");
bValues.add("b20");
sa2.setPropertyName("b");
sa2.setPropertyValues(bValues);
sa2.setPResponseProviderName("sa");
UserAttributes uat1 = new UserAttributes();
uat1.setPropertyName("email");
uat1.setPResponseProviderName("ua");
UserAttributes uat2 = new UserAttributes();
uat2.setPropertyName("uid");
uat2.setPResponseProviderName("ua");
Set<ResourceAttribute> ra = new HashSet<ResourceAttribute>();
ra.add(sa1);
ra.add(sa2);
ra.add(uat1);
ra.add(uat2);
Privilege privilege = Privilege.getNewInstance();
privilege.setName("PrivilegeUtilsTest");
privilege.setEntitlement(entitlement);
//orSubject
privilege.setSubject(os);
privilege.setCondition(andCondition);
privilege.setResourceAttributes(ra);
Policy policy = PrivilegeUtils.privilegeToPolicy("/", privilege);
Set<IPrivilege> ps = PrivilegeUtils.policyToPrivileges(policy);
if ((ps == null) || ps.isEmpty()) {
throw new Exception("PrivilegeUtilsTest.testPrivilegeToPolicy failed.");
}
}
use of com.sun.identity.entitlement.IPrivilege in project OpenAM by OpenRock.
the class DataStore method getPrivilege.
/**
* Retrieves an individual privilege from the data store. The privilege is returned by the method and
* also added to the passed in iterator.
*
* @param realm Realm in which the privilege exists.
* @param privilegeIdentifier The identifier of the privilege to retrieve.
* @return the privilege.
* @throws EntitlementException if there were issues retrieving the privilege from the data store.
*/
public IPrivilege getPrivilege(String realm, String privilegeIdentifier) throws EntitlementException {
final String privilegeDN = getPrivilegeDistinguishedName(privilegeIdentifier, realm, null);
final long start = DB_MONITOR_PRIVILEGE.start();
final SSOToken token = AccessController.doPrivileged(AdminTokenAction.getInstance());
final Privilege privilege;
try {
final Iterator i = SMSEntry.search(token, privilegeDN, NO_FILTER, NO_LIMIT, NO_LIMIT, NOT_SORTED, NOT_SORTED, NO_EXCLUSIONS);
if (i.hasNext()) {
SMSDataEntry e = (SMSDataEntry) i.next();
privilege = Privilege.getInstance(new JSONObject(e.getAttributeValue(SERIALIZABLE_INDEX_KEY)));
} else {
privilege = null;
}
} catch (SMSException e) {
Object[] arg = { privilegeDN };
throw new EntitlementException(52, arg, e);
} catch (JSONException e) {
Object[] arg = { privilegeDN };
throw new EntitlementException(52, arg, e);
}
DB_MONITOR_PRIVILEGE.end(start);
return privilege;
}
use of com.sun.identity.entitlement.IPrivilege in project OpenAM by OpenRock.
the class OpenSSOIndexStore method delete.
/**
* Deletes a privilege from data store.
*
* @param privileges Privileges to be deleted.
* @throws EntitlementException if deletion
* failed.
*/
public void delete(Set<IPrivilege> privileges) throws EntitlementException {
Subject adminSubject = getAdminSubject();
String realm = getRealm();
for (IPrivilege p : privileges) {
String dn = null;
if (p instanceof Privilege) {
dn = delete(p.getName(), true);
} else {
dn = deleteReferral(p.getName(), true);
}
if (indexCacheSize > 0) {
ResourceSaveIndexes sIndex = p.getResourceSaveIndexes(adminSubject, DNMapper.orgNameToRealmName(realm));
if (sIndex != null) {
if (p instanceof Privilege) {
indexCache.clear(sIndex, dn);
} else {
referralIndexCache.clear(sIndex, dn);
}
}
}
}
}
Aggregations