Example 46 with Privilege
use of com.sun.identity.entitlement.Privilege in project OpenAM by OpenRock.
the class OpenSSOApplicationPrivilegeManager method replacePrivilege.
public void replacePrivilege(ApplicationPrivilege appPrivilege) throws EntitlementException {
if (delegatables.hasPrivilege(appPrivilege.getName())) {
validatePrivilege(appPrivilege);
Privilege[] privileges = toPrivilege(appPrivilege);
PrivilegeManager pm = PrivilegeManager.getInstance(getHiddenRealmDN(), dsameUserSubject);
pm.modify(privileges[0]);
cachePrivilege(privileges[0]);
pm.modify(privileges[1]);
cachePrivilege(privileges[1]);
} else {
throw new EntitlementException(326);
}
}
Also used :
EntitlementException(com.sun.identity.entitlement.EntitlementException)
ApplicationPrivilegeManager(com.sun.identity.entitlement.ApplicationPrivilegeManager)
PrivilegeManager(com.sun.identity.entitlement.PrivilegeManager)
ApplicationPrivilege(com.sun.identity.entitlement.ApplicationPrivilege)
IPrivilege(com.sun.identity.entitlement.IPrivilege)
Privilege(com.sun.identity.entitlement.Privilege)
ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege)
Example 47 with Privilege
use of com.sun.identity.entitlement.Privilege in project OpenAM by OpenRock.
the class OpenSSOApplicationPrivilegeManager method toPrivilege.
/**
* Creates two privileges here
*/
private Privilege[] toPrivilege(ApplicationPrivilege appPrivilege) throws EntitlementException {
Privilege[] results = new Privilege[2];
try {
Privilege actualP = Privilege.getNewInstance();
actualP.setName(appPrivilege.getName());
actualP.setDescription(appPrivilege.getDescription());
Set<String> res = createDelegationResources(appPrivilege);
Entitlement entitlement = new Entitlement(APPL_NAME, res, getActionValues(appPrivilege.getActionValues()));
actualP.setEntitlement(entitlement);
Privilege ghostP = Privilege.getNewInstance();
ghostP.setName(GHOST_PRIVILEGE_NAME_PREFIX + appPrivilege.getName());
Set<String> ghostRes = new HashSet<String>();
String currentOrgDN = DNMapper.orgNameToDN(realm);
Object[] param = { currentOrgDN };
ghostRes.add(MessageFormat.format(SUN_AM_REALM_RESOURCE, param));
ghostRes.add(MessageFormat.format(SUN_IDREPO_RESOURCE, param));
entitlement = new Entitlement(APPL_NAME, ghostRes, getActionValues(ApplicationPrivilege.PossibleAction.READ));
ghostP.setEntitlement(entitlement);
Set<SubjectImplementation> subjects = appPrivilege.getSubjects();
Set<EntitlementSubject> eSubjects = new HashSet<EntitlementSubject>();
for (SubjectImplementation i : subjects) {
eSubjects.add((EntitlementSubject) i);
}
OrSubject orSubject = new OrSubject(eSubjects);
actualP.setSubject(orSubject);
actualP.setCondition(appPrivilege.getCondition());
ghostP.setSubject(orSubject);
ghostP.setCondition(appPrivilege.getCondition());
Set<String> applIndexes = new HashSet<String>();
applIndexes.addAll(appPrivilege.getApplicationNames());
actualP.setApplicationIndexes(applIndexes);
results[0] = actualP;
results[1] = ghostP;
} catch (UnsupportedEncodingException ex) {
String[] params = {};
throw new EntitlementException(324, params);
}
return results;
}
Also used :
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
OrSubject(com.sun.identity.entitlement.OrSubject)
EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject)
EntitlementException(com.sun.identity.entitlement.EntitlementException)
SubjectImplementation(com.sun.identity.entitlement.SubjectImplementation)
ApplicationPrivilege(com.sun.identity.entitlement.ApplicationPrivilege)
IPrivilege(com.sun.identity.entitlement.IPrivilege)
Privilege(com.sun.identity.entitlement.Privilege)
ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege)
Entitlement(com.sun.identity.entitlement.Entitlement)
HashSet(java.util.HashSet)
Example 48 with Privilege
use of com.sun.identity.entitlement.Privilege in project OpenAM by OpenRock.
the class PrivilegeResource method modifyPrivilege.
@PUT
@Produces("application/json")
@Path("/{name}")
public String modifyPrivilege(@Context HttpHeaders headers, @Context HttpServletRequest request, @FormParam("realm") @DefaultValue("/") String realm, @FormParam("privilege.json") String jsonString, @PathParam("name") String name) {
try {
Subject caller = getCaller(request);
PrivilegeManager pm = PrivilegeManager.getInstance(realm, caller);
Privilege privilege = Privilege.getNewInstance(jsonString);
pm.modify(privilege);
return createResponseJSONString(200, headers, "OK");
} catch (JSONException e) {
PrivilegeManager.debug.error("PrivilegeResource.modify", e);
throw getWebApplicationException(e, MimeType.JSON);
} catch (RestException e) {
PrivilegeManager.debug.error("PrivilegeResource.modify", e);
throw getWebApplicationException(headers, e, MimeType.JSON);
} catch (EntitlementException e) {
PrivilegeManager.debug.error("PrivilegeResource.modify", e);
throw getWebApplicationException(headers, e, MimeType.JSON);
}
}
Also used :
EntitlementException(com.sun.identity.entitlement.EntitlementException)
PrivilegeManager(com.sun.identity.entitlement.PrivilegeManager)
RestException(com.sun.identity.rest.RestException)
JSONException(org.json.JSONException)
Privilege(com.sun.identity.entitlement.Privilege)
Subject(javax.security.auth.Subject)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
PUT(javax.ws.rs.PUT)
Example 49 with Privilege
use of com.sun.identity.entitlement.Privilege in project OpenAM by OpenRock.
the class XACMLExportImportTest method canImportPrivilegesIntoRealm.
@Test
public void canImportPrivilegesIntoRealm() throws Exception {
// Given
// shared test state
Privilege privilegeToUpdate = existing(valid(privilege("p1")));
Privilege privilegeToAdd = notExisting(valid(privilege("p2")));
PrivilegeSet privilegeSet = new PrivilegeSet(Collections.<ReferralPrivilege>emptyList(), asList(privilegeToUpdate, privilegeToAdd));
given(xacmlReaderWriter.read(eq(NULL_INPUT))).willReturn(privilegeSet);
// When
List<ImportStep> importSteps = xacmlExportImport.importXacml(ROOT_REALM, NULL_INPUT, NULL_SUBJECT, false);
// Then
assertThat(importSteps).hasSize(2);
assertImportStep(importSteps.get(0), DiffStatus.UPDATE, privilegeToUpdate);
assertImportStep(importSteps.get(1), DiffStatus.ADD, privilegeToAdd);
verify(validator).validatePrivilege(privilegeToAdd);
verify(validator).validatePrivilege(privilegeToUpdate);
verify(pm).add(privilegeToAdd);
verify(pm).modify(privilegeToUpdate);
}
Also used :
FactoryMethods.createArbitraryPrivilege(com.sun.identity.entitlement.xacml3.FactoryMethods.createArbitraryPrivilege)
IPrivilege(com.sun.identity.entitlement.IPrivilege)
Privilege(com.sun.identity.entitlement.Privilege)
ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege)
FactoryMethods.createArbitraryReferralPrivilege(com.sun.identity.entitlement.xacml3.FactoryMethods.createArbitraryReferralPrivilege)
ImportStep(com.sun.identity.entitlement.xacml3.XACMLExportImport.ImportStep)
Test(org.testng.annotations.Test)
Example 50 with Privilege
use of com.sun.identity.entitlement.Privilege in project OpenAM by OpenRock.
the class XACMLExportImportTest method canPerformAnImportDryRun.
@Test
public void canPerformAnImportDryRun() throws Exception {
// Given
// shared test state
Privilege privilegeToUpdate = existing(valid(privilege("p1")));
Privilege privilegeToAdd = notExisting(valid(privilege("p2")));
PrivilegeSet privilegeSet = new PrivilegeSet(Collections.<ReferralPrivilege>emptyList(), asList(privilegeToUpdate, privilegeToAdd));
given(xacmlReaderWriter.read(eq(NULL_INPUT))).willReturn(privilegeSet);
// When
List<ImportStep> importSteps = xacmlExportImport.importXacml(ROOT_REALM, NULL_INPUT, NULL_SUBJECT, true);
// Then
assertThat(importSteps).hasSize(2);
assertImportStep(importSteps.get(0), DiffStatus.UPDATE, privilegeToUpdate);
assertImportStep(importSteps.get(1), DiffStatus.ADD, privilegeToAdd);
verify(validator).validatePrivilege(privilegeToAdd);
verify(validator).validatePrivilege(privilegeToUpdate);
verify(pm, times(0)).add(any(Privilege.class));
verify(pm, times(0)).modify(any(Privilege.class));
}
Also used :
FactoryMethods.createArbitraryPrivilege(com.sun.identity.entitlement.xacml3.FactoryMethods.createArbitraryPrivilege)
IPrivilege(com.sun.identity.entitlement.IPrivilege)
Privilege(com.sun.identity.entitlement.Privilege)
ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege)
FactoryMethods.createArbitraryReferralPrivilege(com.sun.identity.entitlement.xacml3.FactoryMethods.createArbitraryReferralPrivilege)
ImportStep(com.sun.identity.entitlement.xacml3.XACMLExportImport.ImportStep)
Test(org.testng.annotations.Test)
Aggregations
Privilege (com.sun.identity.entitlement.Privilege)122
Test (org.testng.annotations.Test)76
JsonValue (org.forgerock.json.JsonValue)46
OpenSSOPrivilege (com.sun.identity.entitlement.opensso.OpenSSOPrivilege)39
HashSet (java.util.HashSet)30
ReferralPrivilege (com.sun.identity.entitlement.ReferralPrivilege)26
EntitlementException (com.sun.identity.entitlement.EntitlementException)23
IPrivilege (com.sun.identity.entitlement.IPrivilege)23
Entitlement (com.sun.identity.entitlement.Entitlement)19
EntitlementSubject (com.sun.identity.entitlement.EntitlementSubject)18
PrivilegeManager (com.sun.identity.entitlement.PrivilegeManager)17
HashMap (java.util.HashMap)15
EntitlementCondition (com.sun.identity.entitlement.EntitlementCondition)13
ApplicationPrivilege (com.sun.identity.entitlement.ApplicationPrivilege)11
PolicyCondition (com.sun.identity.entitlement.opensso.PolicyCondition)10
Set (java.util.Set)9
SSOToken (com.iplanet.sso.SSOToken)8
PolicySubject (com.sun.identity.entitlement.opensso.PolicySubject)8
Subject (javax.security.auth.Subject)8
ResourceResponse (org.forgerock.json.resource.ResourceResponse)8
