Search in sources :

Example 11 with PrivilegeIndexStore

use of com.sun.identity.entitlement.PrivilegeIndexStore in project OpenAM by OpenRock.

the class PolicyPrivilegeManager method findByName.

@Override
public Privilege findByName(String privilegeName, Subject adminSubject) throws EntitlementException {
    if (privilegeName == null) {
        throw new EntitlementException(12);
    }
    Privilege privilege = null;
    try {
        if (!migratedToEntitlementSvc) {
            Policy policy = pm.getPolicy(privilegeName);
            Set<IPrivilege> privileges = PrivilegeUtils.policyToPrivileges(policy);
            Iterator<IPrivilege> it = privileges.iterator();
            if (it.hasNext()) {
                IPrivilege searchResult = it.next();
                privilege = (Privilege) searchResult;
            }
        } else {
            PrivilegeIndexStore pis = PrivilegeIndexStore.getInstance(adminSubject, getRealm());
            privilege = (Privilege) pis.getPrivilege(privilegeName);
            if (privilege == null) {
                throw new EntitlementException(EntitlementException.NO_SUCH_POLICY, new Object[] { privilegeName });
            }
        }
        if (adminSubject != PrivilegeManager.superAdminSubject) {
            if (privilege != null) {
                // Delegation to applications is currently not configurable, passing super admin (see AME-4959)
                ApplicationPrivilegeManager applPrivilegeMgr = ApplicationPrivilegeManager.getInstance(realm, PrivilegeManager.superAdminSubject);
                if (applPrivilegeMgr == null) {
                    return null;
                }
                if (!applPrivilegeMgr.hasPrivilege(privilege, ApplicationPrivilege.Action.READ)) {
                    throw new EntitlementException(326);
                }
            }
        }
    } catch (PolicyException pe) {
        throw new EntitlementException(102, pe);
    } catch (SSOException ssoe) {
        throw new EntitlementException(102, ssoe);
    }
    return privilege;
}
Also used : Policy(com.sun.identity.policy.Policy) EntitlementException(com.sun.identity.entitlement.EntitlementException) PrivilegeIndexStore(com.sun.identity.entitlement.PrivilegeIndexStore) PolicyException(com.sun.identity.policy.PolicyException) IPrivilege(com.sun.identity.entitlement.IPrivilege) SSOException(com.iplanet.sso.SSOException) ApplicationPrivilegeManager(com.sun.identity.entitlement.ApplicationPrivilegeManager) ApplicationPrivilege(com.sun.identity.entitlement.ApplicationPrivilege) IPrivilege(com.sun.identity.entitlement.IPrivilege) Privilege(com.sun.identity.entitlement.Privilege)

Aggregations

EntitlementException (com.sun.identity.entitlement.EntitlementException)11 PrivilegeIndexStore (com.sun.identity.entitlement.PrivilegeIndexStore)11 SMSException (com.sun.identity.sm.SMSException)7 SSOException (com.iplanet.sso.SSOException)6 ApplicationPrivilegeManager (com.sun.identity.entitlement.ApplicationPrivilegeManager)5 IPrivilege (com.sun.identity.entitlement.IPrivilege)5 HashSet (java.util.HashSet)5 SSOToken (com.iplanet.sso.SSOToken)4 SMSEntry (com.sun.identity.sm.SMSEntry)4 HashMap (java.util.HashMap)4 Set (java.util.Set)4 Policy (com.sun.identity.policy.Policy)3 PolicyException (com.sun.identity.policy.PolicyException)3 ServiceConfig (com.sun.identity.sm.ServiceConfig)3 Privilege (com.sun.identity.entitlement.Privilege)2 Date (java.util.Date)2 Map (java.util.Map)2 ApplicationPrivilege (com.sun.identity.entitlement.ApplicationPrivilege)1 ResourceSearchIndexes (com.sun.identity.entitlement.ResourceSearchIndexes)1 ServiceAlreadyExistsException (com.sun.identity.sm.ServiceAlreadyExistsException)1