Search in sources :

Example 6 with IPrivilege

use of com.sun.identity.entitlement.IPrivilege in project OpenAM by OpenRock.

the class DataStore method searchPrivileges.

private Set<IPrivilege> searchPrivileges(String realm, BufferedIterator iterator, ResourceSearchIndexes indexes, Set<String> subjectIndexes, boolean bSubTree, Set<String> excludeDNs) throws EntitlementException {
    Set<IPrivilege> results = new HashSet<IPrivilege>();
    String filter = getFilter(indexes, subjectIndexes, bSubTree);
    String baseDN = getSearchBaseDN(realm, null);
    if (PolicyConstants.DEBUG.messageEnabled()) {
        PolicyConstants.DEBUG.message("[PolicyEval] DataStore.searchPrivileges");
        PolicyConstants.DEBUG.message("[PolicyEval] search filter: " + filter);
        PolicyConstants.DEBUG.message("[PolicyEval] search DN: " + baseDN);
    }
    if (filter != null) {
        SSOToken token = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
        long start = DB_MONITOR_PRIVILEGE.start();
        if (SMSEntry.checkIfEntryExists(baseDN, token)) {
            try {
                Iterator i = SMSEntry.search(token, baseDN, filter, NO_LIMIT, NO_LIMIT, NOT_SORTED, NOT_SORTED, excludeDNs);
                while (i.hasNext()) {
                    SMSDataEntry e = (SMSDataEntry) i.next();
                    Privilege privilege = Privilege.getInstance(new JSONObject(e.getAttributeValue(SERIALIZABLE_INDEX_KEY)));
                    iterator.add(privilege);
                    results.add(privilege);
                }
            } catch (JSONException e) {
                Object[] arg = { baseDN };
                throw new EntitlementException(52, arg, e);
            } catch (SMSException e) {
                Object[] arg = { baseDN };
                throw new EntitlementException(52, arg, e);
            }
        }
        DB_MONITOR_PRIVILEGE.end(start);
    }
    return results;
}
Also used : SSOToken(com.iplanet.sso.SSOToken) SMSDataEntry(com.sun.identity.sm.SMSDataEntry) SMSException(com.sun.identity.sm.SMSException) JSONException(org.json.JSONException) EntitlementException(com.sun.identity.entitlement.EntitlementException) JSONObject(org.json.JSONObject) IPrivilege(com.sun.identity.entitlement.IPrivilege) BufferedIterator(com.sun.identity.shared.BufferedIterator) Iterator(java.util.Iterator) IPrivilege(com.sun.identity.entitlement.IPrivilege) Privilege(com.sun.identity.entitlement.Privilege) ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege) HashSet(java.util.HashSet)

Example 7 with IPrivilege

use of com.sun.identity.entitlement.IPrivilege in project OpenAM by OpenRock.

the class PolicyIndexTest method storeAndRetrieve.

@Test
public void storeAndRetrieve() throws SSOException, PolicyException, EntitlementException, Exception {
    SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
    PolicyManager pm = new PolicyManager(adminToken, "/");
    Set<String> hostIndexes = new HashSet<String>();
    Set<String> pathIndexes = new HashSet<String>();
    Set<String> parentPathIndexes = new HashSet<String>();
    hostIndexes.add("http://www.sun.com");
    pathIndexes.add("/private");
    parentPathIndexes.add("/");
    ResourceSearchIndexes indexes = new ResourceSearchIndexes(hostIndexes, pathIndexes, parentPathIndexes);
    PrivilegeIndexStore pis = PrivilegeIndexStore.getInstance(SubjectUtils.createSubject(adminToken), "/");
    for (Iterator<IPrivilege> i = pis.search("/", indexes, Collections.EMPTY_SET, false); i.hasNext(); ) {
        IPrivilege eval = i.next();
        if (!(eval instanceof Privilege)) {
            throw new Exception("incorrect deserialized policy, wrong type");
        }
        Privilege p = (Privilege) eval;
        if (!p.getEntitlement().getResourceName().equals(URL_RESOURCE)) {
            throw new Exception("incorrect deserialized policy");
        }
    }
}
Also used : SSOToken(com.iplanet.sso.SSOToken) PrivilegeIndexStore(com.sun.identity.entitlement.PrivilegeIndexStore) IPrivilege(com.sun.identity.entitlement.IPrivilege) ResourceSearchIndexes(com.sun.identity.entitlement.ResourceSearchIndexes) IPrivilege(com.sun.identity.entitlement.IPrivilege) Privilege(com.sun.identity.entitlement.Privilege) EntitlementException(com.sun.identity.entitlement.EntitlementException) SSOException(com.iplanet.sso.SSOException) HashSet(java.util.HashSet) Test(org.testng.annotations.Test)

Example 8 with IPrivilege

use of com.sun.identity.entitlement.IPrivilege in project OpenAM by OpenRock.

the class PrivilegeUtilsTest method testPrivilegeToPolicy.

@Test
public void testPrivilegeToPolicy() throws Exception {
    String BASE_DN = Constants.DEFAULT_ROOT_SUFFIX;
    Map<String, Boolean> actionValues = new HashMap<String, Boolean>();
    actionValues.put("GET", Boolean.TRUE);
    actionValues.put("POST", Boolean.TRUE);
    String resourceName = "http://www.sun.com";
    Entitlement entitlement = new Entitlement("iPlanetAMWebAgentService", resourceName, actionValues);
    entitlement.setName("ent1");
    String user11 = "id=user11,ou=user," + BASE_DN;
    String user12 = "id=user12,ou=user," + BASE_DN;
    UserSubject us1 = new OpenSSOUserSubject();
    us1.setID(user11);
    UserSubject us2 = new OpenSSOUserSubject();
    us2.setID(user12);
    Set<EntitlementSubject> subjects = new HashSet<EntitlementSubject>();
    subjects.add(us1);
    subjects.add(us2);
    OrSubject os = new OrSubject(subjects);
    IPv4Condition ipc = new IPv4Condition();
    ipc.setStartIpAndEndIp("100.100.100.100", "200.200.200.200");
    Set<EntitlementCondition> setConditions = new HashSet<EntitlementCondition>();
    setConditions.add(ipc);
    AndCondition andCondition = new AndCondition();
    andCondition.setEConditions(setConditions);
    StaticAttributes sa1 = new StaticAttributes();
    Set<String> aValues = new HashSet<String>();
    aValues.add("a10");
    aValues.add("a20");
    sa1.setPropertyName("a");
    sa1.setPropertyValues(aValues);
    sa1.setPResponseProviderName("sa");
    StaticAttributes sa2 = new StaticAttributes();
    Set<String> bValues = new HashSet<String>();
    bValues.add("b10");
    bValues.add("b20");
    sa2.setPropertyName("b");
    sa2.setPropertyValues(bValues);
    sa2.setPResponseProviderName("sa");
    UserAttributes uat1 = new UserAttributes();
    uat1.setPropertyName("email");
    uat1.setPResponseProviderName("ua");
    UserAttributes uat2 = new UserAttributes();
    uat2.setPropertyName("uid");
    uat2.setPResponseProviderName("ua");
    Set<ResourceAttribute> ra = new HashSet<ResourceAttribute>();
    ra.add(sa1);
    ra.add(sa2);
    ra.add(uat1);
    ra.add(uat2);
    Privilege privilege = Privilege.getNewInstance();
    privilege.setName("PrivilegeUtilsTest");
    privilege.setEntitlement(entitlement);
    //orSubject
    privilege.setSubject(os);
    privilege.setCondition(andCondition);
    privilege.setResourceAttributes(ra);
    Policy policy = PrivilegeUtils.privilegeToPolicy("/", privilege);
    Set<IPrivilege> ps = PrivilegeUtils.policyToPrivileges(policy);
    if ((ps == null) || ps.isEmpty()) {
        throw new Exception("PrivilegeUtilsTest.testPrivilegeToPolicy failed.");
    }
}
Also used : EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition) HashMap(java.util.HashMap) AndCondition(com.sun.identity.entitlement.AndCondition) UserAttributes(com.sun.identity.entitlement.UserAttributes) OpenSSOUserSubject(com.sun.identity.entitlement.opensso.OpenSSOUserSubject) UserSubject(com.sun.identity.entitlement.UserSubject) ResourceAttribute(com.sun.identity.entitlement.ResourceAttribute) HashSet(java.util.HashSet) IPv4Condition(org.forgerock.openam.entitlement.conditions.environment.IPv4Condition) OpenSSOUserSubject(com.sun.identity.entitlement.opensso.OpenSSOUserSubject) StaticAttributes(com.sun.identity.entitlement.StaticAttributes) OrSubject(com.sun.identity.entitlement.OrSubject) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException) EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject) IPrivilege(com.sun.identity.entitlement.IPrivilege) Entitlement(com.sun.identity.entitlement.Entitlement) IPrivilege(com.sun.identity.entitlement.IPrivilege) Privilege(com.sun.identity.entitlement.Privilege) Test(org.testng.annotations.Test)

Example 9 with IPrivilege

use of com.sun.identity.entitlement.IPrivilege in project OpenAM by OpenRock.

the class DataStore method getPrivilege.

/**
     * Retrieves an individual privilege from the data store. The privilege is returned by the method and
     * also added to the passed in iterator.
     *
     * @param realm Realm in which the privilege exists.
     * @param privilegeIdentifier The identifier of the privilege to retrieve.
     * @return the privilege.
     * @throws EntitlementException if there were issues retrieving the privilege from the data store.
     */
public IPrivilege getPrivilege(String realm, String privilegeIdentifier) throws EntitlementException {
    final String privilegeDN = getPrivilegeDistinguishedName(privilegeIdentifier, realm, null);
    final long start = DB_MONITOR_PRIVILEGE.start();
    final SSOToken token = AccessController.doPrivileged(AdminTokenAction.getInstance());
    final Privilege privilege;
    try {
        final Iterator i = SMSEntry.search(token, privilegeDN, NO_FILTER, NO_LIMIT, NO_LIMIT, NOT_SORTED, NOT_SORTED, NO_EXCLUSIONS);
        if (i.hasNext()) {
            SMSDataEntry e = (SMSDataEntry) i.next();
            privilege = Privilege.getInstance(new JSONObject(e.getAttributeValue(SERIALIZABLE_INDEX_KEY)));
        } else {
            privilege = null;
        }
    } catch (SMSException e) {
        Object[] arg = { privilegeDN };
        throw new EntitlementException(52, arg, e);
    } catch (JSONException e) {
        Object[] arg = { privilegeDN };
        throw new EntitlementException(52, arg, e);
    }
    DB_MONITOR_PRIVILEGE.end(start);
    return privilege;
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) SSOToken(com.iplanet.sso.SSOToken) JSONObject(org.json.JSONObject) SMSDataEntry(com.sun.identity.sm.SMSDataEntry) SMSException(com.sun.identity.sm.SMSException) BufferedIterator(com.sun.identity.shared.BufferedIterator) Iterator(java.util.Iterator) JSONException(org.json.JSONException) IPrivilege(com.sun.identity.entitlement.IPrivilege) Privilege(com.sun.identity.entitlement.Privilege) ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege)

Example 10 with IPrivilege

use of com.sun.identity.entitlement.IPrivilege in project OpenAM by OpenRock.

the class OpenSSOIndexStore method delete.

/**
     * Deletes a privilege from data store.
     *
     * @param privileges Privileges to be deleted.
     * @throws EntitlementException if deletion
     * failed.
     */
public void delete(Set<IPrivilege> privileges) throws EntitlementException {
    Subject adminSubject = getAdminSubject();
    String realm = getRealm();
    for (IPrivilege p : privileges) {
        String dn = null;
        if (p instanceof Privilege) {
            dn = delete(p.getName(), true);
        } else {
            dn = deleteReferral(p.getName(), true);
        }
        if (indexCacheSize > 0) {
            ResourceSaveIndexes sIndex = p.getResourceSaveIndexes(adminSubject, DNMapper.orgNameToRealmName(realm));
            if (sIndex != null) {
                if (p instanceof Privilege) {
                    indexCache.clear(sIndex, dn);
                } else {
                    referralIndexCache.clear(sIndex, dn);
                }
            }
        }
    }
}
Also used : ResourceSaveIndexes(com.sun.identity.entitlement.ResourceSaveIndexes) IPrivilege(com.sun.identity.entitlement.IPrivilege) IPrivilege(com.sun.identity.entitlement.IPrivilege) Privilege(com.sun.identity.entitlement.Privilege) ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege) Subject(javax.security.auth.Subject)

Aggregations

IPrivilege (com.sun.identity.entitlement.IPrivilege)16 HashSet (java.util.HashSet)10 EntitlementException (com.sun.identity.entitlement.EntitlementException)9 Privilege (com.sun.identity.entitlement.Privilege)9 SSOToken (com.iplanet.sso.SSOToken)7 ReferralPrivilege (com.sun.identity.entitlement.ReferralPrivilege)7 SSOException (com.iplanet.sso.SSOException)6 SMSException (com.sun.identity.sm.SMSException)6 PrivilegeIndexStore (com.sun.identity.entitlement.PrivilegeIndexStore)5 PolicyException (com.sun.identity.policy.PolicyException)5 Set (java.util.Set)5 ApplicationPrivilege (com.sun.identity.entitlement.ApplicationPrivilege)4 ApplicationPrivilegeManager (com.sun.identity.entitlement.ApplicationPrivilegeManager)4 HashMap (java.util.HashMap)4 EntitlementSubject (com.sun.identity.entitlement.EntitlementSubject)3 ResourceSearchIndexes (com.sun.identity.entitlement.ResourceSearchIndexes)3 Policy (com.sun.identity.policy.Policy)3 SMSEntry (com.sun.identity.sm.SMSEntry)3 Test (org.testng.annotations.Test)3 EntitlementCondition (com.sun.identity.entitlement.EntitlementCondition)2