Search in sources :

Example 11 with ReferralPrivilege

use of com.sun.identity.entitlement.ReferralPrivilege in project OpenAM by OpenRock.

the class OpenSSOIndexStore method search.

/**
     * Search for policies.
     *
     * @param realm
     *         The realm of which the policy resides.
     * @param indexes
     *         Policy indexes.
     * @param subjectIndexes
     *         Subject indexes.
     * @param bSubTree
     *         Whether in subtree mode.
     * @param bReferral
     *         Whether there is a policy referral.
     * @return An iterator of policies.
     * @throws EntitlementException
     *         Should an error occur searching for policies.
     */
public Iterator<IPrivilege> search(String realm, ResourceSearchIndexes indexes, Set<String> subjectIndexes, boolean bSubTree, boolean bReferral) throws EntitlementException {
    BufferedIterator iterator = (isMultiThreaded) ? new BufferedIterator() : new SimpleIterator();
    // When not in subtree mode path indexes should be available.
    if (!bSubTree && indexes.getPathIndexes().isEmpty()) {
        return iterator;
    }
    // When in subtree mode parent path indexes should be available.
    if (bSubTree && indexes.getParentPathIndexes().isEmpty()) {
        return iterator;
    }
    Set setDNs = new HashSet();
    if (indexCacheSize > 0) {
        setDNs.addAll(searchPrivileges(indexes, subjectIndexes, bSubTree, iterator));
        setDNs.addAll(searchReferrals(indexes, bSubTree, iterator));
    }
    if (bReferral) {
        String tmp = LDAPUtils.isDN(realm) ? DNMapper.orgNameToRealmName(realm) : realm;
        if (tmp.equals("/")) {
            ReferralPrivilege ref = getOrgAliasReferral(indexes);
            if (ref != null) {
                iterator.add(ref);
            }
        }
    }
    if (indexCacheSize == 0 || isDSSearchNecessary()) {
        threadPool.submit(new SearchTask(iterator, indexes, subjectIndexes, bSubTree, setDNs));
    } else {
        iterator.isDone();
    }
    return iterator;
}
Also used : BufferedIterator(com.sun.identity.shared.BufferedIterator) HashSet(java.util.HashSet) Set(java.util.Set) ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege) SimpleIterator(com.sun.identity.entitlement.util.SimpleIterator) HashSet(java.util.HashSet)

Example 12 with ReferralPrivilege

use of com.sun.identity.entitlement.ReferralPrivilege in project OpenAM by OpenRock.

the class OpenSSOIndexStore method searchReferrals.

private Set<String> searchReferrals(ResourceSearchIndexes indexes, boolean bSubTree, BufferedIterator iterator) {
    Set<String> setDNs = referralIndexCache.getMatchingEntries(indexes, null, bSubTree);
    for (Iterator<String> i = setDNs.iterator(); i.hasNext(); ) {
        String dn = (String) i.next();
        ReferralPrivilege r = referralCache.getReferral(dn);
        if (r != null) {
            iterator.add(r);
        } else {
            i.remove();
        }
    }
    return setDNs;
}
Also used : ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege)

Example 13 with ReferralPrivilege

use of com.sun.identity.entitlement.ReferralPrivilege in project OpenAM by OpenRock.

the class OpenSSOIndexStore method add.

private void add(ReferralPrivilege referral) throws EntitlementException {
    Subject adminSubject = getAdminSubject();
    String realm = getRealm();
    // clone so that canonicalized resource name will be localized.
    ReferralPrivilege clone = (ReferralPrivilege) referral.clone();
    clone.canonicalizeResources(adminSubject, DNMapper.orgNameToRealmName(realm));
    dataStore.addReferral(adminSubject, realm, clone);
}
Also used : ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege) Subject(javax.security.auth.Subject)

Example 14 with ReferralPrivilege

use of com.sun.identity.entitlement.ReferralPrivilege in project OpenAM by OpenRock.

the class DataStore method searchReferrals.

public Set<ReferralPrivilege> searchReferrals(SSOToken adminToken, String realm, String filter) throws EntitlementException {
    Set<ReferralPrivilege> results = new HashSet<ReferralPrivilege>();
    String baseDN = getSearchBaseDN(realm, REFERRAL_STORE);
    if (SMSEntry.checkIfEntryExists(baseDN, adminToken)) {
        try {
            Iterator i = SMSEntry.search(adminToken, baseDN, filter, NO_LIMIT, NO_LIMIT, NOT_SORTED, NOT_SORTED, NO_EXCLUSIONS);
            while (i.hasNext()) {
                SMSDataEntry e = (SMSDataEntry) i.next();
                ReferralPrivilege referral = ReferralPrivilege.getInstance(new JSONObject(e.getAttributeValue(SERIALIZABLE_INDEX_KEY)));
                results.add(referral);
            }
        } catch (JSONException e) {
            Object[] arg = { baseDN };
            throw new EntitlementException(52, arg, e);
        } catch (SMSException e) {
            Object[] arg = { baseDN };
            throw new EntitlementException(52, arg, e);
        }
    }
    return results;
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege) JSONObject(org.json.JSONObject) SMSDataEntry(com.sun.identity.sm.SMSDataEntry) SMSException(com.sun.identity.sm.SMSException) BufferedIterator(com.sun.identity.shared.BufferedIterator) Iterator(java.util.Iterator) JSONException(org.json.JSONException) HashSet(java.util.HashSet)

Example 15 with ReferralPrivilege

use of com.sun.identity.entitlement.ReferralPrivilege in project OpenAM by OpenRock.

the class PrivilegeUtils method policyToPrivileges.

public static void policyToPrivileges(Policy policy, Set<IPrivilege> privileges) throws SSOException, PolicyException, EntitlementException {
    String policyName = policy.getName();
    if (policy.isReferralPolicy()) {
        Map<String, Set<String>> resources = getResources(policy);
        Set<String> referredRealms = getReferrals(policy);
        ReferralPrivilege rp = new ReferralPrivilege(policyName, resources, referredRealms);
        rp.setDescription(policy.getDescription());
        rp.setCreationDate(policy.getCreationDate());
        rp.setCreatedBy(policy.getCreatedBy());
        rp.setLastModifiedBy(policy.getLastModifiedBy());
        rp.setLastModifiedDate(policy.getLastModifiedDate());
        rp.setActive(policy.isActive());
        privileges.add(rp);
    } else {
        Set<Entitlement> entitlements = rulesToEntitlement(policy);
        EntitlementSubject eSubject = toEntitlementSubject(policy);
        EntitlementCondition eCondition = toEntitlementCondition(policy);
        Set<ResourceAttribute> resourceAttributesSet = toResourceAttributes(policy);
        if (entitlements.size() == 1) {
            privileges.add(createPrivilege(policyName, policyName, entitlements.iterator().next(), eSubject, eCondition, resourceAttributesSet, policy));
        } else {
            for (Entitlement e : entitlements) {
                String pName = policyName + "_" + e.getName();
                privileges.add(createPrivilege(pName, policyName, e, eSubject, eCondition, resourceAttributesSet, policy));
            }
        }
    }
}
Also used : EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject) EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition) HashSet(java.util.HashSet) Set(java.util.Set) ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege) Entitlement(com.sun.identity.entitlement.Entitlement) ResourceAttribute(com.sun.identity.entitlement.ResourceAttribute)

Aggregations

ReferralPrivilege (com.sun.identity.entitlement.ReferralPrivilege)18 HashSet (java.util.HashSet)9 Set (java.util.Set)7 Test (org.testng.annotations.Test)6 EntitlementException (com.sun.identity.entitlement.EntitlementException)5 SMSException (com.sun.identity.sm.SMSException)5 SSOToken (com.iplanet.sso.SSOToken)4 Policy (com.sun.identity.entitlement.xacml3.core.Policy)4 PolicySet (com.sun.identity.entitlement.xacml3.core.PolicySet)4 IPrivilege (com.sun.identity.entitlement.IPrivilege)3 Privilege (com.sun.identity.entitlement.Privilege)3 BufferedIterator (com.sun.identity.shared.BufferedIterator)3 HashMap (java.util.HashMap)3 JSONException (org.json.JSONException)3 JSONObject (org.json.JSONObject)3 SSOException (com.iplanet.sso.SSOException)2 CaseInsensitiveHashMap (com.sun.identity.common.CaseInsensitiveHashMap)2 FactoryMethods.createArbitraryPrivilege (com.sun.identity.entitlement.xacml3.FactoryMethods.createArbitraryPrivilege)2 FactoryMethods.createArbitraryReferralPrivilege (com.sun.identity.entitlement.xacml3.FactoryMethods.createArbitraryReferralPrivilege)2 ImportStep (com.sun.identity.entitlement.xacml3.XACMLExportImport.ImportStep)2