use of com.sun.identity.entitlement.PrivilegeIndexStore in project OpenAM by OpenRock.
the class PolicyPrivilegeManager method findByName.
@Override
public Privilege findByName(String privilegeName, Subject adminSubject) throws EntitlementException {
if (privilegeName == null) {
throw new EntitlementException(12);
}
Privilege privilege = null;
try {
if (!migratedToEntitlementSvc) {
Policy policy = pm.getPolicy(privilegeName);
Set<IPrivilege> privileges = PrivilegeUtils.policyToPrivileges(policy);
Iterator<IPrivilege> it = privileges.iterator();
if (it.hasNext()) {
IPrivilege searchResult = it.next();
privilege = (Privilege) searchResult;
}
} else {
PrivilegeIndexStore pis = PrivilegeIndexStore.getInstance(adminSubject, getRealm());
privilege = (Privilege) pis.getPrivilege(privilegeName);
if (privilege == null) {
throw new EntitlementException(EntitlementException.NO_SUCH_POLICY, new Object[] { privilegeName });
}
}
if (adminSubject != PrivilegeManager.superAdminSubject) {
if (privilege != null) {
// Delegation to applications is currently not configurable, passing super admin (see AME-4959)
ApplicationPrivilegeManager applPrivilegeMgr = ApplicationPrivilegeManager.getInstance(realm, PrivilegeManager.superAdminSubject);
if (applPrivilegeMgr == null) {
return null;
}
if (!applPrivilegeMgr.hasPrivilege(privilege, ApplicationPrivilege.Action.READ)) {
throw new EntitlementException(326);
}
}
}
} catch (PolicyException pe) {
throw new EntitlementException(102, pe);
} catch (SSOException ssoe) {
throw new EntitlementException(102, ssoe);
}
return privilege;
}
Aggregations