Examples with Privilege com.sun.identity.entitlement.Privilege used on opensource projects

Example 51 with Privilege

use of com.sun.identity.entitlement.Privilege in project OpenAM by OpenRock.

the class MultipleResourceRestTest method setup.

@BeforeClass
public void setup() throws Exception {
    PrivilegeManager pm = PrivilegeManager.getInstance(REALM, adminSubject);
    {
        Privilege privilege = Privilege.getNewInstance();
        privilege.setName(PRIVILEGE_NAME + "1");
        Map<String, Boolean> actions = new HashMap<String, Boolean>();
        actions.put("GET", true);
        Entitlement entitlement = new Entitlement(RESOURCE_NAME + "/*", actions);
        privilege.setEntitlement(entitlement);
        EntitlementSubject sbj = new AuthenticatedUsers();
        privilege.setSubject(sbj);
        pm.add(privilege);
    }
    {
        Privilege privilege = Privilege.getNewInstance();
        privilege.setName(PRIVILEGE_NAME + "2");
        Map<String, Boolean> actions = new HashMap<String, Boolean>();
        actions.put("GET", false);
        Entitlement entitlement = new Entitlement(RESOURCE_NAME + "/index.html", actions);
        privilege.setEntitlement(entitlement);
        EntitlementSubject sbj = new AuthenticatedUsers();
        privilege.setSubject(sbj);
        pm.add(privilege);
    }
    String tokenId = adminToken.getTokenID().toString();
    hashedTokenId = Hash.hash(tokenId);
    tokenIdHeader = RestServiceManager.SSOTOKEN_SUBJECT_PREFIX + RestServiceManager.SUBJECT_DELIMITER + tokenId;
    String cookieValue = tokenId;
    if (Boolean.parseBoolean(SystemProperties.get(Constants.AM_COOKIE_ENCODE, "false"))) {
        cookieValue = URLEncoder.encode(tokenId, "UTF-8");
    }
    cookie = new Cookie(SystemProperties.get(Constants.AM_COOKIE_NAME), cookieValue);
    user = IdRepoUtils.createUser(REALM, "MultipleResourceRestTestUser");
    decisionsClient = Client.create().resource(SystemProperties.getServerInstanceName() + "/ws/1/entitlement/decisions");
    entitlementsClient = Client.create().resource(SystemProperties.getServerInstanceName() + "/ws/1/entitlement/entitlements");
}

Example 52 with Privilege

use of com.sun.identity.entitlement.Privilege in project OpenAM by OpenRock.

the class ConfigureOAuth2 method execute.

public String execute(Locale locale, Map params) throws WorkflowException {
    final String type = getString(params, TYPE);
    final String realm = getString(params, REALM);
    final SSOToken token = AccessController.doPrivileged(AdminTokenAction.getInstance());
    if (StringUtils.isEmpty(type)) {
        throw new WorkflowException("type parameter is required");
    }
    //replace service attributes
    final Map<String, Set<String>> attrValues = getDefaultOAuth2ProviderAttributes(token);
    attrValues.putAll(PROFILE_SETTINGS.get(type));
    attrValues.put(SUPPORTED_SCOPES, translate(realm, SUPPORTED_SCOPE_KEYS.get(type)));
    attrValues.put(SUPPORTED_CLAIMS, translate(realm, SUPPORTED_CLAIM_KEYS.get(type)));
    attrValues.put(REFRESH_TOKEN_LIFETIME_NAME, singleton(getString(params, RTL)));
    attrValues.put(AUTHZ_CODE_LIFETIME_NAME, singleton(getString(params, ACL)));
    attrValues.put(ACCESS_TOKEN_LIFETIME_NAME, singleton(getString(params, ATL)));
    attrValues.put(ISSUE_REFRESH_TOKEN, singleton(getString(params, IRT)));
    attrValues.put(ISSUE_REFRESH_TOKEN_ON_REFRESHING_TOKEN, singleton(getString(params, IRTR)));
    attrValues.put(SCOPE_PLUGIN_CLASS, singleton(getString(params, SIC)));
    createProvider(OAUTH2_SERVICE_NAME, token, realm, attrValues);
    final boolean createUmaService = "uma".equals(type);
    if (createUmaService) {
        createProvider(UMA_SERVICE_NAME, token, realm, Collections.<String, Set<String>>emptyMap());
    }
    String policyURL = getRequestURL(params) + format(OAUTH2_AUTHORIZE_ENDPOINT, "/".equals(realm) ? "" : realm);
    //check if policy exists
    boolean createPolicy = false;
    try {
        Subject adminSubject = SubjectUtils.createSuperAdminSubject();
        PolicyStore policyStore = storeProvider.getPolicyStore(adminSubject, realm);
        try {
            if (policyStore.read(POLICY_NAME) == null) {
                createPolicy = true;
            }
        } catch (Exception e) {
            createPolicy = true;
        }
        if (createPolicy) {
            Privilege toStore = Privilege.getNewInstance();
            Map<String, Boolean> actions = new HashMap<>();
            actions.put("POST", true);
            actions.put("GET", true);
            Entitlement entitlement = new Entitlement();
            entitlement.setActionValues(actions);
            entitlement.setResourceName(policyURL);
            entitlement.setApplicationName(POLICY_APPLICATION_NAME);
            toStore.setResourceTypeUuid(getUrlResourceTypeId(adminSubject, realm));
            toStore.setSubject(new AuthenticatedUsers());
            toStore.setName(POLICY_NAME);
            toStore.setEntitlement(entitlement);
            policyStore.create(toStore);
        }
    } catch (EntitlementException e) {
        DEBUG.error("ConfigureOAuth2.execute() : Unable to create policy", e);
        throw new WorkflowException("oauth2.provider.policy.failed");
    }
    String messageTemplate = getMessage(MESSAGE, locale);
    return format(messageTemplate, createUmaService ? getMessage(UMA_SERVICE_CREATED, locale) : "", realm, format(getMessage(createPolicy ? POLICY_CREATED : POLICY_EXISTS, locale), POLICY_NAME));
}

Example 53 with Privilege

use of com.sun.identity.entitlement.Privilege in project OpenAM by OpenRock.

the class RemoveReferralsStep method enactRequiredPolicyModelChanges.

private void enactRequiredPolicyModelChanges(Application application, String sourceRealm, String destinationRealm) throws EntitlementException, UpgradeException {
    PrivilegeManager policyManager = policyServiceFactory.get(destinationRealm, getAdminSubject());
    List<Privilege> policies = policyManager.findAllPoliciesByApplication(application.getName());
    if (policies.isEmpty()) {
        // Only necessary to reinstate application if policies exist in the realm.
        return;
    }
    try {
        UpgradeProgress.reportStart(AUDIT_CLONING_APPLICATION_START, application.getName(), destinationRealm);
        String resourceTypeId = application.getResourceTypeUuids().iterator().next();
        String clonedResourceTypeId = instateAssociatedResourceType(resourceTypeId, sourceRealm, destinationRealm);
        Application clonedApplication = cloneApplication(application, clonedResourceTypeId);
        applicationService.saveApplication(getAdminSubject(), destinationRealm, clonedApplication);
        for (Privilege policy : policies) {
            policy.setResourceTypeUuid(clonedResourceTypeId);
            policyManager.modify(policy);
        }
        UpgradeProgress.reportEnd(AUDIT_UPGRADE_SUCCESS);
    } catch (EntitlementException | UpgradeException e) {
        UpgradeProgress.reportEnd(AUDIT_UPGRADE_FAIL);
        throw e;
    }
}

Example 54 with Privilege

use of com.sun.identity.entitlement.Privilege in project OpenAM by OpenRock.

the class UpgradeEntitlementsStep method processEntry.

private Set<String> processEntry(SearchResultEntry entry) throws Exception {
    Set<String> keyValues = entry.parseAttribute(SUN_KEY_VALUE).asSetOfString();
    Set<String> newPathIndexes = new HashSet<String>(1);
    ISaveIndex saveImpl = Class.forName(NEW_SAVE_IMPL).asSubclass(ISaveIndex.class).newInstance();
    for (String value : keyValues) {
        if (value.startsWith(SERIALIZABLE_PREFIX)) {
            String jsonData = value.substring(SERIALIZABLE_PREFIX.length());
            Privilege privilege = Privilege.getInstance(new JSONObject(jsonData));
            Set<String> pathIndexes = generatePathIndexes(saveImpl, privilege.getEntitlement().getResourceNames());
            for (String pathIndex : pathIndexes) {
                newPathIndexes.add(PATH_INDEX_PREFIX + pathIndex);
            }
        }
    }
    Set<String> values = entry.parseAttribute(SUN_XML_KEY_VALUE).asSetOfString();
    Iterator<String> it = values.iterator();
    while (it.hasNext()) {
        if (it.next().startsWith(PATH_INDEX_PREFIX)) {
            it.remove();
        }
    }
    values.addAll(newPathIndexes);
    return values;
}

Example 55 with Privilege

use of com.sun.identity.entitlement.Privilege in project OpenAM by OpenRock.

the class RemoveReferralsStepTest method simpleSuccessfulPassThrough.

@Test
public void simpleSuccessfulPassThrough() throws Exception {
    // Given
    given(connectionFactory.create()).willReturn(connection);
    given(connection.search(isA(SearchRequest.class))).willReturn(entryReader);
    given(entryReader.hasNext()).willReturn(true).willReturn(false);
    given(entryReader.readEntry()).willReturn(resultEntry);
    given(resultEntry.getName()).willReturn(DN.valueOf("ou=test,ou=forgerock,ou=org"));
    JsonValue jsonValue = json(object(field("name", "ref"), field("mapApplNameToResources", object(field("app1", array("*://*:*/*")))), field("realms", array("/a"))));
    Set<String> values = singleton("serializable=" + jsonValue.toString());
    Attribute attribute = new LinkedAttribute("ou", values);
    AttributeParser attributeParser = AttributeParser.parseAttribute(attribute);
    given(resultEntry.parseAttribute("sunKeyValue")).willReturn(attributeParser);
    Application app1 = new Application();
    app1.setName("app1");
    app1.addAllResourceTypeUuids(singleton("123"));
    given(applicationService.getApplication(isA(Subject.class), eq("/"), eq("app1"))).willReturn(app1);
    given(policyServiceFactory.get(eq("/a"), isA(Subject.class))).willReturn(policyService);
    Privilege policy1 = new OpenSSOPrivilege();
    policy1.setName("pol1");
    given(policyService.findAllPoliciesByApplication("app1")).willReturn(singletonList(policy1));
    ResourceType resourceType1 = ResourceType.builder().setName("resourceType1").setUUID("123").build();
    given(resourceTypeService.getResourceType(isA(Subject.class), eq("/"), eq("123"))).willReturn(resourceType1);
    // When
    testStep.initialize();
    boolean isApplicable = testStep.isApplicable();
    testStep.perform();
    String shortReport = testStep.getShortReport("");
    String longReport = testStep.getDetailedReport("");
    // Then
    assertThat(isApplicable).isTrue();
    assertThat(shortReport).containsSequence("applications to be cloned", "Referrals found");
    assertThat(longReport).containsSequence("app1", "ou=test,ou=forgerock,ou=org");
    verify(resourceTypeService).saveResourceType(isA(Subject.class), eq("/a"), resourceTypeCaptor.capture());
    verify(applicationService).saveApplication(isA(Subject.class), eq("/a"), applicationCaptor.capture());
    verify(policyService).modify(policyCaptor.capture());
    ResourceType clonedResourceType = resourceTypeCaptor.getValue();
    assertThat(clonedResourceType).isNotEqualTo(resourceType1);
    assertThat(clonedResourceType.getName()).isEqualTo("resourceType1");
    Application clonedApplication = applicationCaptor.getValue();
    assertThat(clonedApplication).isNotEqualTo(app1);
    assertThat(clonedApplication.getName()).isEqualTo("app1");
    assertThat(clonedApplication.getResourceTypeUuids()).containsExactly(clonedResourceType.getUUID());
    Privilege modifiedPolicy = policyCaptor.getValue();
    assertThat(modifiedPolicy).isEqualTo(modifiedPolicy);
    assertThat(modifiedPolicy.getResourceTypeUuid()).isEqualTo(clonedResourceType.getUUID());
    verify(connection).delete(deleteRequestCaptor.capture());
    DeleteRequest request = deleteRequestCaptor.getValue();
    assertThat(request.getName().toString()).isEqualTo("ou=test,ou=forgerock,ou=org");
}