Example 26 with PrivilegeManager
use of com.sun.identity.entitlement.PrivilegeManager in project OpenAM by OpenRock.
the class PrivilegeRestTest method setup.
@BeforeClass
public void setup() throws Exception {
PrivilegeManager pm = PrivilegeManager.getInstance("/", adminSubject);
Privilege privilege = Privilege.getNewInstance();
privilege.setName(PRIVILEGE_NAME);
privilege.setDescription("desciption");
Map<String, Boolean> actions = new HashMap<String, Boolean>();
actions.put("GET", true);
Entitlement entitlement = new Entitlement(RESOURCE_NAME + "/*", actions);
privilege.setEntitlement(entitlement);
EntitlementSubject sbj = new AuthenticatedUsers();
privilege.setSubject(sbj);
pm.add(privilege);
String tokenId = adminToken.getTokenID().toString();
hashedTokenId = Hash.hash(tokenId);
tokenIdHeader = RestServiceManager.SSOTOKEN_SUBJECT_PREFIX + RestServiceManager.SUBJECT_DELIMITER + tokenId;
String cookieValue = tokenId;
if (Boolean.parseBoolean(SystemProperties.get(Constants.AM_COOKIE_ENCODE, "false"))) {
cookieValue = URLEncoder.encode(tokenId, "UTF-8");
}
cookie = new Cookie(SystemProperties.get(Constants.AM_COOKIE_NAME), cookieValue);
webClient = Client.create().resource(SystemProperties.getServerInstanceName() + "/ws/1/entitlement/privilege");
}
Also used :
EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject)
Cookie(javax.ws.rs.core.Cookie)
HashMap(java.util.HashMap)
AuthenticatedUsers(org.forgerock.openam.entitlement.conditions.subject.AuthenticatedUsers)
PrivilegeManager(com.sun.identity.entitlement.PrivilegeManager)
Privilege(com.sun.identity.entitlement.Privilege)
Entitlement(com.sun.identity.entitlement.Entitlement)
BeforeClass(org.testng.annotations.BeforeClass)
Example 27 with PrivilegeManager
use of com.sun.identity.entitlement.PrivilegeManager in project OpenAM by OpenRock.
the class RestPermissionTest method createPrivilege.
private void createPrivilege() throws EntitlementException {
PrivilegeManager pm = PrivilegeManager.getInstance("/", adminSubject);
Privilege privilege = Privilege.getNewInstance();
privilege.setName(PRIVILEGE_NAME);
privilege.setDescription("desciption");
Map<String, Boolean> actions = new HashMap<String, Boolean>();
actions.put("GET", true);
Entitlement entitlement = new Entitlement(RESOURCE_NAME + "/*", actions);
privilege.setEntitlement(entitlement);
EntitlementSubject sbj = new AuthenticatedUsers();
privilege.setSubject(sbj);
pm.add(privilege);
}
Also used :
EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject)
HashMap(java.util.HashMap)
AuthenticatedUsers(org.forgerock.openam.entitlement.conditions.subject.AuthenticatedUsers)
PrivilegeManager(com.sun.identity.entitlement.PrivilegeManager)
Privilege(com.sun.identity.entitlement.Privilege)
DelegationPrivilege(com.sun.identity.delegation.DelegationPrivilege)
Entitlement(com.sun.identity.entitlement.Entitlement)
Example 28 with PrivilegeManager
use of com.sun.identity.entitlement.PrivilegeManager in project OpenAM by OpenRock.
the class RemoveReferralsStep method enactRequiredPolicyModelChanges.
private void enactRequiredPolicyModelChanges(Application application, String sourceRealm, String destinationRealm) throws EntitlementException, UpgradeException {
PrivilegeManager policyManager = policyServiceFactory.get(destinationRealm, getAdminSubject());
List<Privilege> policies = policyManager.findAllPoliciesByApplication(application.getName());
if (policies.isEmpty()) {
// Only necessary to reinstate application if policies exist in the realm.
return;
}
try {
UpgradeProgress.reportStart(AUDIT_CLONING_APPLICATION_START, application.getName(), destinationRealm);
String resourceTypeId = application.getResourceTypeUuids().iterator().next();
String clonedResourceTypeId = instateAssociatedResourceType(resourceTypeId, sourceRealm, destinationRealm);
Application clonedApplication = cloneApplication(application, clonedResourceTypeId);
applicationService.saveApplication(getAdminSubject(), destinationRealm, clonedApplication);
for (Privilege policy : policies) {
policy.setResourceTypeUuid(clonedResourceTypeId);
policyManager.modify(policy);
}
UpgradeProgress.reportEnd(AUDIT_UPGRADE_SUCCESS);
} catch (EntitlementException | UpgradeException e) {
UpgradeProgress.reportEnd(AUDIT_UPGRADE_FAIL);
throw e;
}
}
Also used :
UpgradeException(org.forgerock.openam.upgrade.UpgradeException)
EntitlementException(com.sun.identity.entitlement.EntitlementException)
PrivilegeManager(com.sun.identity.entitlement.PrivilegeManager)
Privilege(com.sun.identity.entitlement.Privilege)
Application(com.sun.identity.entitlement.Application)
Example 29 with PrivilegeManager
use of com.sun.identity.entitlement.PrivilegeManager in project OpenAM by OpenRock.
the class UpgradeResourceTypeStep method perform.
/**
* {@inheritDoc}
*/
@Override
public void perform() throws UpgradeException {
for (Map.Entry<String, Set<ResourceTypeState>> entry : resourceTypeStatePerRealm.entrySet()) {
final String realm = entry.getKey();
final EntitlementConfiguration ec = EntitlementConfiguration.getInstance(getAdminSubject(), realm);
final PrivilegeManager pm = PrivilegeManager.getInstance(realm, getAdminSubject());
for (ResourceTypeState state : entry.getValue()) {
if (state.applicationNeedsResourceType) {
ResourceType resourceType = createResourceType(state, realm);
upgradeApplication(ec, state.appName, resourceType.getUUID());
// Application modified, clear cache.
ApplicationManager.clearCache(realm);
}
if (state.policiesNeedsResourceType) {
final Application application = ec.getApplication(state.appName);
final Set<String> uuids = application.getResourceTypeUuids();
if (!uuids.isEmpty()) {
// there should only be one resource type associated with the application at this stage
upgradePrivileges(pm, state.appName, uuids.iterator().next());
}
}
}
}
}
Also used :
Set(java.util.Set)
CollectionUtils.transformSet(org.forgerock.openam.utils.CollectionUtils.transformSet)
HashSet(java.util.HashSet)
PrivilegeManager(com.sun.identity.entitlement.PrivilegeManager)
EntitlementConfiguration(com.sun.identity.entitlement.EntitlementConfiguration)
ResourceType(org.forgerock.openam.entitlement.ResourceType)
Map(java.util.Map)
HashMap(java.util.HashMap)
Application(com.sun.identity.entitlement.Application)
Example 30 with PrivilegeManager
use of com.sun.identity.entitlement.PrivilegeManager in project OpenAM by OpenRock.
the class OldPolicyConditionMigrationUpgradeStep method perform.
/**
* Does the persisting of the upgraded policies.
*
* @throws UpgradeException If there is a problem saving the policies.
*/
@Override
public void perform() throws UpgradeException {
for (Map.Entry<String, Set<Privilege>> entry : privilegesToUpgrade.entrySet()) {
String realm = entry.getKey();
//ensure reading apps cleanly
ApplicationManager.clearCache(realm);
PrivilegeManager privilegeManager = getPrivilegeManager(realm);
for (Privilege privilege : entry.getValue()) {
privilege.getEntitlement().clearCache();
try {
addResourceType(privilege, realm);
privilegeManager.modify(privilege.getName(), privilege);
} catch (EntitlementException e) {
DEBUG.error("Failed to modify privilege!", e);
throw new UpgradeException("Failed to modify privilege!", e);
}
}
}
}
Also used :
UpgradeException(org.forgerock.openam.upgrade.UpgradeException)
EntitlementException(com.sun.identity.entitlement.EntitlementException)
Set(java.util.Set)
HashSet(java.util.HashSet)
PrivilegeManager(com.sun.identity.entitlement.PrivilegeManager)
Privilege(com.sun.identity.entitlement.Privilege)
HashMap(java.util.HashMap)
Map(java.util.Map)
Aggregations
PrivilegeManager (com.sun.identity.entitlement.PrivilegeManager)31
Privilege (com.sun.identity.entitlement.Privilege)17
EntitlementException (com.sun.identity.entitlement.EntitlementException)13
HashMap (java.util.HashMap)8
Subject (javax.security.auth.Subject)8
SSOToken (com.iplanet.sso.SSOToken)6
Entitlement (com.sun.identity.entitlement.Entitlement)6
EntitlementSubject (com.sun.identity.entitlement.EntitlementSubject)6
AfterClass (org.testng.annotations.AfterClass)6
IPrivilege (com.sun.identity.entitlement.IPrivilege)5
RestException (com.sun.identity.rest.RestException)5
Produces (javax.ws.rs.Produces)5
AuthenticatedUsers (org.forgerock.openam.entitlement.conditions.subject.AuthenticatedUsers)5
JSONException (org.json.JSONException)5
ApplicationPrivilegeManager (com.sun.identity.entitlement.ApplicationPrivilegeManager)4
HashSet (java.util.HashSet)4
Cookie (javax.ws.rs.core.Cookie)4
BeforeClass (org.testng.annotations.BeforeClass)4
ApplicationPrivilege (com.sun.identity.entitlement.ApplicationPrivilege)3
ReferralPrivilege (com.sun.identity.entitlement.ReferralPrivilege)3
