Examples with PrivilegeManager com.sun.identity.entitlement.PrivilegeManager used on opensource projects

Example 1 with PrivilegeManager

use of com.sun.identity.entitlement.PrivilegeManager in project OpenAM by OpenRock.

the class OpenProvisioning method createPolicy.

private void createPolicy(SSOToken adminToken) throws EntitlementException {
    PrivilegeManager pMgr = new PolicyPrivilegeManager(applicationServiceFactory, resourceTypeService, constraintValidator);
    pMgr.initialize("/", SubjectUtils.createSubject(adminToken));
    Map<String, Boolean> actionValues = new HashMap<String, Boolean>();
    actionValues.put("CREATE", Boolean.TRUE);
    actionValues.put("READ", Boolean.TRUE);
    actionValues.put("UPDATE", Boolean.TRUE);
    actionValues.put("DELETE", Boolean.TRUE);
    Entitlement entitlement = new Entitlement(APPLICATION, "/OP/*", actionValues);
    entitlement.setName("openProvisioningPrivilege");
    UserSubject sbj = new OpenSSOUserSubject();
    sbj.setID(jSmith.getUniversalId());
    AttributeLookupCondition cond = new AttributeLookupCondition("$USER.postaladdress", "$RES.postaladdress");
    Privilege privilege = Privilege.getNewInstance();
    privilege.setName(PRIVILEGE_NAME);
    privilege.setEntitlement(entitlement);
    privilege.setSubject(sbj);
    privilege.setCondition(cond);
    pMgr.add(privilege);
}

Example 2 with PrivilegeManager

use of com.sun.identity.entitlement.PrivilegeManager in project OpenAM by OpenRock.

the class PrivilegeRestTest method cleanup.

@AfterClass
public void cleanup() throws Exception {
    PrivilegeManager pm = PrivilegeManager.getInstance("/", adminSubject);
    pm.remove(PRIVILEGE_NAME);
}

Example 3 with PrivilegeManager

use of com.sun.identity.entitlement.PrivilegeManager in project OpenAM by OpenRock.

the class MultipleResourceRestTest method setup.

@BeforeClass
public void setup() throws Exception {
    PrivilegeManager pm = PrivilegeManager.getInstance(REALM, adminSubject);
    {
        Privilege privilege = Privilege.getNewInstance();
        privilege.setName(PRIVILEGE_NAME + "1");
        Map<String, Boolean> actions = new HashMap<String, Boolean>();
        actions.put("GET", true);
        Entitlement entitlement = new Entitlement(RESOURCE_NAME + "/*", actions);
        privilege.setEntitlement(entitlement);
        EntitlementSubject sbj = new AuthenticatedUsers();
        privilege.setSubject(sbj);
        pm.add(privilege);
    }
    {
        Privilege privilege = Privilege.getNewInstance();
        privilege.setName(PRIVILEGE_NAME + "2");
        Map<String, Boolean> actions = new HashMap<String, Boolean>();
        actions.put("GET", false);
        Entitlement entitlement = new Entitlement(RESOURCE_NAME + "/index.html", actions);
        privilege.setEntitlement(entitlement);
        EntitlementSubject sbj = new AuthenticatedUsers();
        privilege.setSubject(sbj);
        pm.add(privilege);
    }
    String tokenId = adminToken.getTokenID().toString();
    hashedTokenId = Hash.hash(tokenId);
    tokenIdHeader = RestServiceManager.SSOTOKEN_SUBJECT_PREFIX + RestServiceManager.SUBJECT_DELIMITER + tokenId;
    String cookieValue = tokenId;
    if (Boolean.parseBoolean(SystemProperties.get(Constants.AM_COOKIE_ENCODE, "false"))) {
        cookieValue = URLEncoder.encode(tokenId, "UTF-8");
    }
    cookie = new Cookie(SystemProperties.get(Constants.AM_COOKIE_NAME), cookieValue);
    user = IdRepoUtils.createUser(REALM, "MultipleResourceRestTestUser");
    decisionsClient = Client.create().resource(SystemProperties.getServerInstanceName() + "/ws/1/entitlement/decisions");
    entitlementsClient = Client.create().resource(SystemProperties.getServerInstanceName() + "/ws/1/entitlement/entitlements");
}

Example 4 with PrivilegeManager

use of com.sun.identity.entitlement.PrivilegeManager in project OpenAM by OpenRock.

the class MultipleResourceRestTest method cleanup.

@AfterClass
public void cleanup() throws Exception {
    PrivilegeManager pm = PrivilegeManager.getInstance(REALM, adminSubject);
    pm.remove(PRIVILEGE_NAME + "1");
    pm.remove(PRIVILEGE_NAME + "2");
    IdRepoUtils.deleteIdentity(REALM, user);
}

Example 5 with PrivilegeManager

use of com.sun.identity.entitlement.PrivilegeManager in project OpenAM by OpenRock.

the class XACMLExportImport method exportXACML.

/**
     * Performs an export of all Policies found in the Privilege Manager that match the
     * provided filters.
     *
     * @param realm Non null realm.
     * @param admin Non null admin subject to authenticate as.
     * @param filters Non null, but maybe empty filters to select Privileges against.
     * @return A non null but possibly empty collection of Policies.
     * @throws EntitlementException If there was any problem with the generation of Policies.
     */
public PolicySet exportXACML(String realm, Subject admin, List<String> filters) throws EntitlementException {
    PrivilegeManager pm = privilegeManagerFactory.createReferralPrivilegeManager(realm, admin);
    Set<SearchFilter> filterSet = new HashSet<SearchFilter>();
    if (filters != null) {
        for (String filter : filters) {
            SearchFilter searchFilter = searchFilterFactory.getFilter(filter);
            message("Export: Search Filter: {0}", searchFilter);
            filterSet.add(searchFilter);
        }
    }
    Set<String> privilegeNames = pm.searchNames(filterSet);
    message("Export: Privilege Matches {0}", privilegeNames.size());
    PrivilegeSet privilegeSet = new PrivilegeSet();
    for (String name : privilegeNames) {
        Privilege privilege = pm.findByName(name, admin);
        message("Export: Privilege {0}", privilege.getName());
        privilegeSet.addPrivilege(privilege);
    }
    PolicySet policySet = xacmlReaderWriter.toXACML(realm, privilegeSet);
    message("Export: Complete");
    return policySet;
}