Example 11 with ReferralPrivilege
use of com.sun.identity.entitlement.ReferralPrivilege in project OpenAM by OpenRock.
the class OpenSSOIndexStore method search.
/**
* Search for policies.
*
* @param realm
* The realm of which the policy resides.
* @param indexes
* Policy indexes.
* @param subjectIndexes
* Subject indexes.
* @param bSubTree
* Whether in subtree mode.
* @param bReferral
* Whether there is a policy referral.
* @return An iterator of policies.
* @throws EntitlementException
* Should an error occur searching for policies.
*/
public Iterator<IPrivilege> search(String realm, ResourceSearchIndexes indexes, Set<String> subjectIndexes, boolean bSubTree, boolean bReferral) throws EntitlementException {
BufferedIterator iterator = (isMultiThreaded) ? new BufferedIterator() : new SimpleIterator();
// When not in subtree mode path indexes should be available.
if (!bSubTree && indexes.getPathIndexes().isEmpty()) {
return iterator;
}
// When in subtree mode parent path indexes should be available.
if (bSubTree && indexes.getParentPathIndexes().isEmpty()) {
return iterator;
}
Set setDNs = new HashSet();
if (indexCacheSize > 0) {
setDNs.addAll(searchPrivileges(indexes, subjectIndexes, bSubTree, iterator));
setDNs.addAll(searchReferrals(indexes, bSubTree, iterator));
}
if (bReferral) {
String tmp = LDAPUtils.isDN(realm) ? DNMapper.orgNameToRealmName(realm) : realm;
if (tmp.equals("/")) {
ReferralPrivilege ref = getOrgAliasReferral(indexes);
if (ref != null) {
iterator.add(ref);
}
}
}
if (indexCacheSize == 0 || isDSSearchNecessary()) {
threadPool.submit(new SearchTask(iterator, indexes, subjectIndexes, bSubTree, setDNs));
} else {
iterator.isDone();
}
return iterator;
}
Also used :
BufferedIterator(com.sun.identity.shared.BufferedIterator)
HashSet(java.util.HashSet)
Set(java.util.Set)
ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege)
SimpleIterator(com.sun.identity.entitlement.util.SimpleIterator)
HashSet(java.util.HashSet)
Example 12 with ReferralPrivilege
use of com.sun.identity.entitlement.ReferralPrivilege in project OpenAM by OpenRock.
the class OpenSSOIndexStore method searchReferrals.
private Set<String> searchReferrals(ResourceSearchIndexes indexes, boolean bSubTree, BufferedIterator iterator) {
Set<String> setDNs = referralIndexCache.getMatchingEntries(indexes, null, bSubTree);
for (Iterator<String> i = setDNs.iterator(); i.hasNext(); ) {
String dn = (String) i.next();
ReferralPrivilege r = referralCache.getReferral(dn);
if (r != null) {
iterator.add(r);
} else {
i.remove();
}
}
return setDNs;
}
Also used :
ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege)
Example 13 with ReferralPrivilege
use of com.sun.identity.entitlement.ReferralPrivilege in project OpenAM by OpenRock.
the class OpenSSOIndexStore method add.
private void add(ReferralPrivilege referral) throws EntitlementException {
Subject adminSubject = getAdminSubject();
String realm = getRealm();
// clone so that canonicalized resource name will be localized.
ReferralPrivilege clone = (ReferralPrivilege) referral.clone();
clone.canonicalizeResources(adminSubject, DNMapper.orgNameToRealmName(realm));
dataStore.addReferral(adminSubject, realm, clone);
}
Also used :
ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege)
Subject(javax.security.auth.Subject)
Example 14 with ReferralPrivilege
use of com.sun.identity.entitlement.ReferralPrivilege in project OpenAM by OpenRock.
the class DataStore method searchReferrals.
public Set<ReferralPrivilege> searchReferrals(SSOToken adminToken, String realm, String filter) throws EntitlementException {
Set<ReferralPrivilege> results = new HashSet<ReferralPrivilege>();
String baseDN = getSearchBaseDN(realm, REFERRAL_STORE);
if (SMSEntry.checkIfEntryExists(baseDN, adminToken)) {
try {
Iterator i = SMSEntry.search(adminToken, baseDN, filter, NO_LIMIT, NO_LIMIT, NOT_SORTED, NOT_SORTED, NO_EXCLUSIONS);
while (i.hasNext()) {
SMSDataEntry e = (SMSDataEntry) i.next();
ReferralPrivilege referral = ReferralPrivilege.getInstance(new JSONObject(e.getAttributeValue(SERIALIZABLE_INDEX_KEY)));
results.add(referral);
}
} catch (JSONException e) {
Object[] arg = { baseDN };
throw new EntitlementException(52, arg, e);
} catch (SMSException e) {
Object[] arg = { baseDN };
throw new EntitlementException(52, arg, e);
}
}
return results;
}
Also used :
EntitlementException(com.sun.identity.entitlement.EntitlementException)
ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege)
JSONObject(org.json.JSONObject)
SMSDataEntry(com.sun.identity.sm.SMSDataEntry)
SMSException(com.sun.identity.sm.SMSException)
BufferedIterator(com.sun.identity.shared.BufferedIterator)
Iterator(java.util.Iterator)
JSONException(org.json.JSONException)
HashSet(java.util.HashSet)
Example 15 with ReferralPrivilege
use of com.sun.identity.entitlement.ReferralPrivilege in project OpenAM by OpenRock.
the class PrivilegeUtils method policyToPrivileges.
public static void policyToPrivileges(Policy policy, Set<IPrivilege> privileges) throws SSOException, PolicyException, EntitlementException {
String policyName = policy.getName();
if (policy.isReferralPolicy()) {
Map<String, Set<String>> resources = getResources(policy);
Set<String> referredRealms = getReferrals(policy);
ReferralPrivilege rp = new ReferralPrivilege(policyName, resources, referredRealms);
rp.setDescription(policy.getDescription());
rp.setCreationDate(policy.getCreationDate());
rp.setCreatedBy(policy.getCreatedBy());
rp.setLastModifiedBy(policy.getLastModifiedBy());
rp.setLastModifiedDate(policy.getLastModifiedDate());
rp.setActive(policy.isActive());
privileges.add(rp);
} else {
Set<Entitlement> entitlements = rulesToEntitlement(policy);
EntitlementSubject eSubject = toEntitlementSubject(policy);
EntitlementCondition eCondition = toEntitlementCondition(policy);
Set<ResourceAttribute> resourceAttributesSet = toResourceAttributes(policy);
if (entitlements.size() == 1) {
privileges.add(createPrivilege(policyName, policyName, entitlements.iterator().next(), eSubject, eCondition, resourceAttributesSet, policy));
} else {
for (Entitlement e : entitlements) {
String pName = policyName + "_" + e.getName();
privileges.add(createPrivilege(pName, policyName, e, eSubject, eCondition, resourceAttributesSet, policy));
}
}
}
}
Also used :
EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject)
EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition)
HashSet(java.util.HashSet)
Set(java.util.Set)
ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege)
Entitlement(com.sun.identity.entitlement.Entitlement)
ResourceAttribute(com.sun.identity.entitlement.ResourceAttribute)
Aggregations
ReferralPrivilege (com.sun.identity.entitlement.ReferralPrivilege)18
HashSet (java.util.HashSet)9
Set (java.util.Set)7
Test (org.testng.annotations.Test)6
EntitlementException (com.sun.identity.entitlement.EntitlementException)5
SMSException (com.sun.identity.sm.SMSException)5
SSOToken (com.iplanet.sso.SSOToken)4
Policy (com.sun.identity.entitlement.xacml3.core.Policy)4
PolicySet (com.sun.identity.entitlement.xacml3.core.PolicySet)4
IPrivilege (com.sun.identity.entitlement.IPrivilege)3
Privilege (com.sun.identity.entitlement.Privilege)3
BufferedIterator (com.sun.identity.shared.BufferedIterator)3
HashMap (java.util.HashMap)3
JSONException (org.json.JSONException)3
JSONObject (org.json.JSONObject)3
SSOException (com.iplanet.sso.SSOException)2
CaseInsensitiveHashMap (com.sun.identity.common.CaseInsensitiveHashMap)2
FactoryMethods.createArbitraryPrivilege (com.sun.identity.entitlement.xacml3.FactoryMethods.createArbitraryPrivilege)2
FactoryMethods.createArbitraryReferralPrivilege (com.sun.identity.entitlement.xacml3.FactoryMethods.createArbitraryReferralPrivilege)2
ImportStep (com.sun.identity.entitlement.xacml3.XACMLExportImport.ImportStep)2
