Examples with PrivilegeManager com.sun.identity.entitlement.PrivilegeManager used on opensource projects

Example 6 with PrivilegeManager

use of com.sun.identity.entitlement.PrivilegeManager in project OpenAM by OpenRock.

the class XACMLExportImport method generateImportSteps.

/**
     * Establishes the sequence of ImportSteps required to import the provided privileges into the specified realm.
     *
     * @param realm Non null Realm to populate with the Policies.
     * @param privilegeSet Non null, collection of Privileges and ReferralPrivileges to import.
     * @param admin Non null admin Subject.
     * @return The sequence steps that can be used to carry out the import.
     * @throws EntitlementException If there was any unexpected error.
     */
private List<ImportStep> generateImportSteps(String realm, PrivilegeSet privilegeSet, Subject admin) throws EntitlementException {
    List<ImportStep> importSteps = new ArrayList<ImportStep>();
    PrivilegeManager pm = privilegeManagerFactory.createReferralPrivilegeManager(realm, admin);
    for (Privilege privilege : privilegeSet.getPrivileges()) {
        // suit LDAP.
        if (containsUndesiredCharacters(privilege.getName())) {
            throw new EntitlementException(EntitlementException.INVALID_VALUE, new Object[] { "privilege name " + privilege.getName() });
        }
        privilegeValidator.validatePrivilege(privilege);
        if (pm.canFindByName(privilege.getName())) {
            importSteps.add(privilegeImportStep(pm, DiffStatus.UPDATE, privilege));
        } else {
            importSteps.add(privilegeImportStep(pm, DiffStatus.ADD, privilege));
        }
    }
    return importSteps;
}

Example 7 with PrivilegeManager

use of com.sun.identity.entitlement.PrivilegeManager in project OpenAM by OpenRock.

the class OpenSSOApplicationPrivilegeManager method removeAllPrivileges.

static void removeAllPrivileges(String realm) throws EntitlementException {
    SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
    Subject dsameUserSubject = SubjectUtils.createSubject(adminToken);
    for (Iterator<IPrivilege> i = getPrivileges(realm); i.hasNext(); ) {
        Privilege p = (Privilege) i.next();
        String name = p.getName();
        PrivilegeManager pm = PrivilegeManager.getInstance(getHiddenRealmDN(), dsameUserSubject);
        pm.remove(name);
        pm.remove(GHOST_PRIVILEGE_NAME_PREFIX + name);
    }
}

Example 8 with PrivilegeManager

use of com.sun.identity.entitlement.PrivilegeManager in project OpenAM by OpenRock.

the class OpenSSOApplicationPrivilegeManager method replacePrivilege.

public void replacePrivilege(ApplicationPrivilege appPrivilege) throws EntitlementException {
    if (delegatables.hasPrivilege(appPrivilege.getName())) {
        validatePrivilege(appPrivilege);
        Privilege[] privileges = toPrivilege(appPrivilege);
        PrivilegeManager pm = PrivilegeManager.getInstance(getHiddenRealmDN(), dsameUserSubject);
        pm.modify(privileges[0]);
        cachePrivilege(privileges[0]);
        pm.modify(privileges[1]);
        cachePrivilege(privileges[1]);
    } else {
        throw new EntitlementException(326);
    }
}

Example 9 with PrivilegeManager

use of com.sun.identity.entitlement.PrivilegeManager in project OpenAM by OpenRock.

the class PrivilegeResource method deletePrivilege.

@DELETE
@Produces("application/json")
@Path("/{name}")
public String deletePrivilege(@Context HttpHeaders headers, @Context HttpServletRequest request, @QueryParam("realm") @DefaultValue("/") String realm, @PathParam("name") String name) {
    try {
        Subject caller = getCaller(request);
        PrivilegeManager pm = PrivilegeManager.getInstance(realm, caller);
        pm.remove(name);
        return createResponseJSONString(200, headers, "OK");
    } catch (JSONException e) {
        PrivilegeManager.debug.error("PrivilegeResource.deletePrivilege", e);
        throw getWebApplicationException(e, MimeType.JSON);
    } catch (RestException e) {
        PrivilegeManager.debug.error("PrivilegeResource.deletePrivilege", e);
        throw getWebApplicationException(headers, e, MimeType.JSON);
    } catch (EntitlementException e) {
        PrivilegeManager.debug.error("PrivilegeResource.deletePrivilege", e);
        throw getWebApplicationException(headers, e, MimeType.JSON);
    }
}

Example 10 with PrivilegeManager

use of com.sun.identity.entitlement.PrivilegeManager in project OpenAM by OpenRock.

the class PrivilegeResource method modifyPrivilege.

@PUT
@Produces("application/json")
@Path("/{name}")
public String modifyPrivilege(@Context HttpHeaders headers, @Context HttpServletRequest request, @FormParam("realm") @DefaultValue("/") String realm, @FormParam("privilege.json") String jsonString, @PathParam("name") String name) {
    try {
        Subject caller = getCaller(request);
        PrivilegeManager pm = PrivilegeManager.getInstance(realm, caller);
        Privilege privilege = Privilege.getNewInstance(jsonString);
        pm.modify(privilege);
        return createResponseJSONString(200, headers, "OK");
    } catch (JSONException e) {
        PrivilegeManager.debug.error("PrivilegeResource.modify", e);
        throw getWebApplicationException(e, MimeType.JSON);
    } catch (RestException e) {
        PrivilegeManager.debug.error("PrivilegeResource.modify", e);
        throw getWebApplicationException(headers, e, MimeType.JSON);
    } catch (EntitlementException e) {
        PrivilegeManager.debug.error("PrivilegeResource.modify", e);
        throw getWebApplicationException(headers, e, MimeType.JSON);
    }
}