Example 1 with ReferralPrivilege
use of com.sun.identity.entitlement.ReferralPrivilege in project OpenAM by OpenRock.
the class XACMLPrivilegeUtils method policyToReferral.
public static ReferralPrivilege policyToReferral(Policy policy) throws EntitlementException, JSONException {
String policyId = policy.getPolicyId();
String privilegeName = policyIdToPrivilegeName(policyId);
String description = policy.getDescription();
String createdBy = getVariableById(policy, XACMLConstants.PRIVILEGE_CREATED_BY);
long createdAt = dateStringToLong(getVariableById(policy, XACMLConstants.PRIVILEGE_CREATION_DATE));
String lastModifiedBy = getVariableById(policy, XACMLConstants.PRIVILEGE_LAST_MODIFIED_BY);
long lastModifiedAt = dateStringToLong(getVariableById(policy, XACMLConstants.PRIVILEGE_LAST_MODIFIED_DATE));
List<Match> policyMatches = getAllMatchesFromTarget(policy.getTarget());
JSONObject jo = getRealmsAppsResources(policyMatches);
Set<String> realms = JSONUtils.getSet(jo, "realms");
Map<String, Set<String>> appsResources = JSONUtils.getMapStringSetString(jo, "appsResources");
ReferralPrivilege referral = new ReferralPrivilege(privilegeName, appsResources, realms);
referral.setDescription(description);
referral.setCreatedBy(createdBy);
referral.setCreationDate(createdAt);
referral.setLastModifiedBy(lastModifiedBy);
referral.setLastModifiedDate(lastModifiedAt);
return referral;
}
Also used :
Set(java.util.Set)
PolicySet(com.sun.identity.entitlement.xacml3.core.PolicySet)
HashSet(java.util.HashSet)
ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege)
JSONObject(org.json.JSONObject)
Match(com.sun.identity.entitlement.xacml3.core.Match)
Example 2 with ReferralPrivilege
use of com.sun.identity.entitlement.ReferralPrivilege in project OpenAM by OpenRock.
the class DataStore method searchReferral.
/**
* Returns a set of referral privilege that satifies the resource and
* subject indexes.
*
* @param adminToken Subject who has the rights to read datastore.
* @param realm Realm name
* @param iterator Buffered iterator to have the result fed to it.
* @param indexes Resource search indexes.
* @param bSubTree <code>true</code> to do sub tree search
* @param excludeDNs Set of DN to be excluded from the search results.
* @return a set of privilege that satifies the resource and subject
* indexes.
*/
public Set<ReferralPrivilege> searchReferral(SSOToken adminToken, String realm, BufferedIterator iterator, ResourceSearchIndexes indexes, boolean bSubTree, Set<String> excludeDNs) throws EntitlementException {
Set<ReferralPrivilege> results = new HashSet<ReferralPrivilege>();
String filter = getFilter(indexes, null, bSubTree);
String baseDN = getSearchBaseDN(realm, REFERRAL_STORE);
if (PolicyConstants.DEBUG.messageEnabled()) {
PolicyConstants.DEBUG.message("[PolicyEval] DataStore.searchReferral");
PolicyConstants.DEBUG.message("[PolicyEval] search filter: " + filter);
PolicyConstants.DEBUG.message("[PolicyEval] search DN: " + baseDN);
}
if (filter != null) {
SSOToken token = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
long start = DB_MONITOR_REFERRAL.start();
if (SMSEntry.checkIfEntryExists(baseDN, token)) {
try {
Iterator i = SMSEntry.search(token, baseDN, filter, NO_LIMIT, NO_LIMIT, NOT_SORTED, NOT_SORTED, excludeDNs);
while (i.hasNext()) {
SMSDataEntry e = (SMSDataEntry) i.next();
ReferralPrivilege referral = ReferralPrivilege.getInstance(new JSONObject(e.getAttributeValue(SERIALIZABLE_INDEX_KEY)));
iterator.add(referral);
results.add(referral);
}
iterator.isDone();
} catch (JSONException e) {
Object[] arg = { baseDN };
throw new EntitlementException(52, arg, e);
} catch (SMSException e) {
Object[] arg = { baseDN };
throw new EntitlementException(52, arg, e);
}
}
DB_MONITOR_REFERRAL.end(start);
}
return results;
}
Also used :
EntitlementException(com.sun.identity.entitlement.EntitlementException)
ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege)
SSOToken(com.iplanet.sso.SSOToken)
JSONObject(org.json.JSONObject)
SMSDataEntry(com.sun.identity.sm.SMSDataEntry)
SMSException(com.sun.identity.sm.SMSException)
BufferedIterator(com.sun.identity.shared.BufferedIterator)
Iterator(java.util.Iterator)
JSONException(org.json.JSONException)
HashSet(java.util.HashSet)
Example 3 with ReferralPrivilege
use of com.sun.identity.entitlement.ReferralPrivilege in project OpenAM by OpenRock.
the class OpenSSOPolicyDataStore method getReferral.
public ReferralPrivilege getReferral(Subject adminSubject, String realm, String name) throws EntitlementException {
SSOToken adminToken = (adminSubject == PrivilegeManager.superAdminSubject) ? dsameUserToken : SubjectUtils.getSSOToken(adminSubject);
if (adminToken == null) {
Object[] params = { name };
throw new EntitlementException(262, params);
}
String dn = getPolicyDistinguishedName(realm, name);
if (!SMSEntry.checkIfEntryExists(dn, adminToken)) {
Object[] params = { name };
throw new EntitlementException(263, params);
}
try {
SMSEntry s = new SMSEntry(adminToken, dn);
Map<String, Set<String>> map = s.getAttributes();
Set<String> set = map.get(SMSEntry.ATTR_KEYVAL);
String xml = set.iterator().next();
if (xml.startsWith(POLICY_XML)) {
xml = xml.substring(POLICY_XML.length() + 1);
}
Set<IPrivilege> privileges = PrivilegeUtils.policyToPrivileges(createPolicy(adminToken, realm, xml));
return (ReferralPrivilege) privileges.iterator().next();
} catch (SSOException ex) {
Object[] params = { name };
throw new EntitlementException(204, params, ex);
} catch (SMSException ex) {
Object[] params = { name };
throw new EntitlementException(204, params, ex);
} catch (Exception ex) {
Object[] params = { name };
throw new EntitlementException(204, params, ex);
}
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
HashSet(java.util.HashSet)
Set(java.util.Set)
SMSException(com.sun.identity.sm.SMSException)
SSOException(com.iplanet.sso.SSOException)
EntitlementException(com.sun.identity.entitlement.EntitlementException)
PolicyException(com.sun.identity.policy.PolicyException)
SMSException(com.sun.identity.sm.SMSException)
SSOException(com.iplanet.sso.SSOException)
EntitlementException(com.sun.identity.entitlement.EntitlementException)
ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege)
IPrivilege(com.sun.identity.entitlement.IPrivilege)
SMSEntry(com.sun.identity.sm.SMSEntry)
Example 4 with ReferralPrivilege
use of com.sun.identity.entitlement.ReferralPrivilege in project OpenAM by OpenRock.
the class XACMLExportImportTest method canImportPrivilegesIntoRealm.
@Test
public void canImportPrivilegesIntoRealm() throws Exception {
// Given
// shared test state
Privilege privilegeToUpdate = existing(valid(privilege("p1")));
Privilege privilegeToAdd = notExisting(valid(privilege("p2")));
PrivilegeSet privilegeSet = new PrivilegeSet(Collections.<ReferralPrivilege>emptyList(), asList(privilegeToUpdate, privilegeToAdd));
given(xacmlReaderWriter.read(eq(NULL_INPUT))).willReturn(privilegeSet);
// When
List<ImportStep> importSteps = xacmlExportImport.importXacml(ROOT_REALM, NULL_INPUT, NULL_SUBJECT, false);
// Then
assertThat(importSteps).hasSize(2);
assertImportStep(importSteps.get(0), DiffStatus.UPDATE, privilegeToUpdate);
assertImportStep(importSteps.get(1), DiffStatus.ADD, privilegeToAdd);
verify(validator).validatePrivilege(privilegeToAdd);
verify(validator).validatePrivilege(privilegeToUpdate);
verify(pm).add(privilegeToAdd);
verify(pm).modify(privilegeToUpdate);
}
Also used :
FactoryMethods.createArbitraryPrivilege(com.sun.identity.entitlement.xacml3.FactoryMethods.createArbitraryPrivilege)
IPrivilege(com.sun.identity.entitlement.IPrivilege)
Privilege(com.sun.identity.entitlement.Privilege)
ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege)
FactoryMethods.createArbitraryReferralPrivilege(com.sun.identity.entitlement.xacml3.FactoryMethods.createArbitraryReferralPrivilege)
ImportStep(com.sun.identity.entitlement.xacml3.XACMLExportImport.ImportStep)
Test(org.testng.annotations.Test)
Example 5 with ReferralPrivilege
use of com.sun.identity.entitlement.ReferralPrivilege in project OpenAM by OpenRock.
the class XACMLExportImportTest method canPerformAnImportDryRun.
@Test
public void canPerformAnImportDryRun() throws Exception {
// Given
// shared test state
Privilege privilegeToUpdate = existing(valid(privilege("p1")));
Privilege privilegeToAdd = notExisting(valid(privilege("p2")));
PrivilegeSet privilegeSet = new PrivilegeSet(Collections.<ReferralPrivilege>emptyList(), asList(privilegeToUpdate, privilegeToAdd));
given(xacmlReaderWriter.read(eq(NULL_INPUT))).willReturn(privilegeSet);
// When
List<ImportStep> importSteps = xacmlExportImport.importXacml(ROOT_REALM, NULL_INPUT, NULL_SUBJECT, true);
// Then
assertThat(importSteps).hasSize(2);
assertImportStep(importSteps.get(0), DiffStatus.UPDATE, privilegeToUpdate);
assertImportStep(importSteps.get(1), DiffStatus.ADD, privilegeToAdd);
verify(validator).validatePrivilege(privilegeToAdd);
verify(validator).validatePrivilege(privilegeToUpdate);
verify(pm, times(0)).add(any(Privilege.class));
verify(pm, times(0)).modify(any(Privilege.class));
}
Also used :
FactoryMethods.createArbitraryPrivilege(com.sun.identity.entitlement.xacml3.FactoryMethods.createArbitraryPrivilege)
IPrivilege(com.sun.identity.entitlement.IPrivilege)
Privilege(com.sun.identity.entitlement.Privilege)
ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege)
FactoryMethods.createArbitraryReferralPrivilege(com.sun.identity.entitlement.xacml3.FactoryMethods.createArbitraryReferralPrivilege)
ImportStep(com.sun.identity.entitlement.xacml3.XACMLExportImport.ImportStep)
Test(org.testng.annotations.Test)
Aggregations
ReferralPrivilege (com.sun.identity.entitlement.ReferralPrivilege)18
HashSet (java.util.HashSet)9
Set (java.util.Set)7
Test (org.testng.annotations.Test)6
EntitlementException (com.sun.identity.entitlement.EntitlementException)5
SMSException (com.sun.identity.sm.SMSException)5
SSOToken (com.iplanet.sso.SSOToken)4
Policy (com.sun.identity.entitlement.xacml3.core.Policy)4
PolicySet (com.sun.identity.entitlement.xacml3.core.PolicySet)4
IPrivilege (com.sun.identity.entitlement.IPrivilege)3
Privilege (com.sun.identity.entitlement.Privilege)3
BufferedIterator (com.sun.identity.shared.BufferedIterator)3
HashMap (java.util.HashMap)3
JSONException (org.json.JSONException)3
JSONObject (org.json.JSONObject)3
SSOException (com.iplanet.sso.SSOException)2
CaseInsensitiveHashMap (com.sun.identity.common.CaseInsensitiveHashMap)2
FactoryMethods.createArbitraryPrivilege (com.sun.identity.entitlement.xacml3.FactoryMethods.createArbitraryPrivilege)2
FactoryMethods.createArbitraryReferralPrivilege (com.sun.identity.entitlement.xacml3.FactoryMethods.createArbitraryReferralPrivilege)2
ImportStep (com.sun.identity.entitlement.xacml3.XACMLExportImport.ImportStep)2
