Example 61 with Privilege
use of com.sun.identity.entitlement.Privilege in project OpenAM by OpenRock.
the class PolicyConditionUpgraderTest method shouldMigratePolicyWithAndSubjectCondition.
@SuppressWarnings("unchecked")
@Test
public void shouldMigratePolicyWithAndSubjectCondition() throws EntitlementException, UpgradeException {
//Given
Privilege policy = mock(Privilege.class);
AndSubject andSubject = mock(AndSubject.class);
Set<EntitlementSubject> andSubjects = new HashSet<EntitlementSubject>();
PolicySubject subject1 = mock(PolicySubject.class);
PolicySubject subject2 = mock(PolicySubject.class);
andSubjects.add(subject1);
andSubjects.add(subject2);
EntitlementSubject migratedSubject1 = mock(EntitlementSubject.class);
EntitlementSubject migratedSubject2 = mock(EntitlementSubject.class);
given(policy.getSubject()).willReturn(andSubject);
given(andSubject.getESubjects()).willReturn(andSubjects);
given(subject1.getClassName()).willReturn("SUBJECT1_CLASS_NAME");
given(subject2.getClassName()).willReturn("SUBJECT2_CLASS_NAME");
given(conditionUpgradeMap.migrateSubjectCondition(eq("SUBJECT1_CLASS_NAME"), eq(subject1), Matchers.<MigrationReport>anyObject())).willReturn(migratedSubject1);
given(conditionUpgradeMap.migrateSubjectCondition(eq("SUBJECT2_CLASS_NAME"), eq(subject2), Matchers.<MigrationReport>anyObject())).willReturn(migratedSubject2);
//When
conditionUpgrader.dryRunPolicyUpgrade(policy);
//Then
ArgumentCaptor<Set> subjectCaptor = ArgumentCaptor.forClass(Set.class);
verify(andSubject).setESubjects(subjectCaptor.capture());
assertThat(subjectCaptor.getValue()).hasSize(2).contains(migratedSubject1, migratedSubject2);
verify(policy, never()).setSubject(Matchers.<EntitlementSubject>anyObject());
verify(policy, never()).setCondition(Matchers.<EntitlementCondition>anyObject());
}
Also used :
AndSubject(com.sun.identity.entitlement.AndSubject)
EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject)
PolicySubject(com.sun.identity.entitlement.opensso.PolicySubject)
HashSet(java.util.HashSet)
Set(java.util.Set)
Privilege(com.sun.identity.entitlement.Privilege)
HashSet(java.util.HashSet)
Test(org.testng.annotations.Test)
Example 62 with Privilege
use of com.sun.identity.entitlement.Privilege in project OpenAM by OpenRock.
the class PolicyConditionUpgraderTest method shouldMigratePolicyWithNotSubjectCondition.
@Test
public void shouldMigratePolicyWithNotSubjectCondition() throws EntitlementException, UpgradeException {
//Given
Privilege policy = mock(Privilege.class);
NotSubject notSubject = mock(NotSubject.class);
Set<EntitlementSubject> notSubjects = new HashSet<EntitlementSubject>();
PolicySubject subject = mock(PolicySubject.class);
notSubjects.add(subject);
EntitlementSubject migratedSubject = mock(EntitlementSubject.class);
given(policy.getSubject()).willReturn(notSubject);
given(notSubject.getESubjects()).willReturn(notSubjects);
given(subject.getClassName()).willReturn("SUBJECT_CLASS_NAME");
given(conditionUpgradeMap.migrateSubjectCondition(eq("SUBJECT_CLASS_NAME"), eq(subject), Matchers.<MigrationReport>anyObject())).willReturn(migratedSubject);
//When
conditionUpgrader.dryRunPolicyUpgrade(policy);
//Then
ArgumentCaptor<Set> subjectCaptor = ArgumentCaptor.forClass(Set.class);
verify(notSubject).setESubjects(subjectCaptor.capture());
assertThat(subjectCaptor.getValue()).hasSize(1).contains(migratedSubject);
verify(policy, never()).setSubject(Matchers.<EntitlementSubject>anyObject());
verify(policy, never()).setCondition(Matchers.<EntitlementCondition>anyObject());
}
Also used :
EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject)
PolicySubject(com.sun.identity.entitlement.opensso.PolicySubject)
HashSet(java.util.HashSet)
Set(java.util.Set)
Privilege(com.sun.identity.entitlement.Privilege)
NotSubject(com.sun.identity.entitlement.NotSubject)
HashSet(java.util.HashSet)
Test(org.testng.annotations.Test)
Example 63 with Privilege
use of com.sun.identity.entitlement.Privilege in project OpenAM by OpenRock.
the class XACMLPrivilegeUtils method policyToPrivilege.
public static Privilege policyToPrivilege(Policy policy) throws EntitlementException {
String policyId = policy.getPolicyId();
String privilegeName = policyIdToPrivilegeName(policyId);
String description = policy.getDescription();
String createdBy = getVariableById(policy, XACMLConstants.PRIVILEGE_CREATED_BY);
long createdAt = dateStringToLong(getVariableById(policy, XACMLConstants.PRIVILEGE_CREATION_DATE));
String lastModifiedBy = getVariableById(policy, XACMLConstants.PRIVILEGE_LAST_MODIFIED_BY);
long lastModifiedAt = dateStringToLong(getVariableById(policy, XACMLConstants.PRIVILEGE_LAST_MODIFIED_DATE));
String entitlementName = getVariableById(policy, XACMLConstants.ENTITLEMENT_NAME);
String applicationName = getVariableById(policy, XACMLConstants.APPLICATION_NAME);
List<Match> policyMatches = getAllMatchesFromTarget(policy.getTarget());
Set<String> resourceNames = getResourceNamesFromMatches(policyMatches);
Map<String, Boolean> actionValues = getActionValuesFromPolicy(policy);
EntitlementSubject es = getEntitlementSubjectFromPolicy(policy);
EntitlementCondition ec = getEntitlementConditionFromPolicy(policy);
/*
* Construct entitlement from Rule target
* Get resource names, excluded resource names, action names from Rule Match element
* One Match for Action
* One Rule per value
*/
Entitlement entitlement = new Entitlement(applicationName, resourceNames, actionValues);
if (entitlementName != null) {
entitlement.setName(entitlementName);
}
// Process AdviceExpressions from Export into ResourceAttributes
Set<ResourceAttribute> ras = schemaFactory.adviceExpressionsToResourceAttributes(policy.getAdviceExpressions());
Privilege privilege = new XACMLOpenSSOPrivilege();
privilege.setName(privilegeName);
privilege.setDescription(description);
privilege.setCreatedBy(createdBy);
privilege.setCreationDate(createdAt);
privilege.setLastModifiedBy(lastModifiedBy);
privilege.setLastModifiedDate(lastModifiedAt);
privilege.setEntitlement(entitlement);
privilege.setSubject(es);
privilege.setCondition(ec);
privilege.setResourceAttributes(ras);
return privilege;
}
Also used :
EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition)
Match(com.sun.identity.entitlement.xacml3.core.Match)
EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject)
XACMLOpenSSOPrivilege(com.sun.identity.entitlement.opensso.XACMLOpenSSOPrivilege)
Entitlement(com.sun.identity.entitlement.Entitlement)
ResourceAttribute(com.sun.identity.entitlement.ResourceAttribute)
XACMLOpenSSOPrivilege(com.sun.identity.entitlement.opensso.XACMLOpenSSOPrivilege)
Privilege(com.sun.identity.entitlement.Privilege)
ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege)
Example 64 with Privilege
use of com.sun.identity.entitlement.Privilege in project OpenAM by OpenRock.
the class FactoryMethods method getArbitraryPrivilegeAsPolicy.
public static Policy getArbitraryPrivilegeAsPolicy(long now) throws EntitlementException {
Set<Privilege> privileges = createArbitraryPrivilegeSet(now);
PolicySet policySet = XACMLPrivilegeUtils.privilegesToPolicySet("/", privileges);
return (Policy) policySet.getPolicySetOrPolicyOrPolicySetIdReference().get(0).getValue();
}
Also used :
Policy(com.sun.identity.entitlement.xacml3.core.Policy)
ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege)
Privilege(com.sun.identity.entitlement.Privilege)
PolicySet(com.sun.identity.entitlement.xacml3.core.PolicySet)
Example 65 with Privilege
use of com.sun.identity.entitlement.Privilege in project OpenAM by OpenRock.
the class PolicyResource method updateInstance.
/**
* {@inheritDoc}
*/
@Override
public Promise<ResourceResponse, ResourceException> updateInstance(Context context, String resourceId, UpdateRequest request) {
try {
Privilege policy = policyParser.parsePolicy(resourceId, request.getContent());
ResourceResponse result = policyResource(policyStoreProvider.getPolicyStore(context).update(resourceId, policy));
return newResultPromise(result);
} catch (EntitlementException ex) {
DEBUG.error("PolicyResource :: UPDATE : Error updating policy, " + resourceId + ".", ex);
return resourceErrorHandler.handleError(context, request, ex).asPromise();
}
}
Also used :
EntitlementException(com.sun.identity.entitlement.EntitlementException)
ResourceResponse(org.forgerock.json.resource.ResourceResponse)
Privilege(com.sun.identity.entitlement.Privilege)
Aggregations
Privilege (com.sun.identity.entitlement.Privilege)122
Test (org.testng.annotations.Test)76
JsonValue (org.forgerock.json.JsonValue)46
OpenSSOPrivilege (com.sun.identity.entitlement.opensso.OpenSSOPrivilege)39
HashSet (java.util.HashSet)30
ReferralPrivilege (com.sun.identity.entitlement.ReferralPrivilege)26
EntitlementException (com.sun.identity.entitlement.EntitlementException)23
IPrivilege (com.sun.identity.entitlement.IPrivilege)23
Entitlement (com.sun.identity.entitlement.Entitlement)19
EntitlementSubject (com.sun.identity.entitlement.EntitlementSubject)18
PrivilegeManager (com.sun.identity.entitlement.PrivilegeManager)17
HashMap (java.util.HashMap)15
EntitlementCondition (com.sun.identity.entitlement.EntitlementCondition)13
ApplicationPrivilege (com.sun.identity.entitlement.ApplicationPrivilege)11
PolicyCondition (com.sun.identity.entitlement.opensso.PolicyCondition)10
Set (java.util.Set)9
SSOToken (com.iplanet.sso.SSOToken)8
PolicySubject (com.sun.identity.entitlement.opensso.PolicySubject)8
Subject (javax.security.auth.Subject)8
ResourceResponse (org.forgerock.json.resource.ResourceResponse)8
