Example 1 with SubjectAttributesManager
use of com.sun.identity.entitlement.SubjectAttributesManager in project OpenAM by OpenRock.
the class OpenSSOGroupSubject method getSearchIndexAttributes.
/**
* Returns search index attributes.
*
* @return search index attributes.
*/
@Override
public Map<String, Set<String>> getSearchIndexAttributes() {
SubjectAttributesManager sam = getSubjectAttributesManager();
if (sam != null) {
Map<String, Set<String>> map = new HashMap<String, Set<String>>(4);
if (sam.isGroupMembershipSearchIndexEnabled()) {
Set<String> set = new HashSet<String>();
String uuid = getID();
SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
try {
AMIdentity amid = IdUtils.getIdentity(adminToken, uuid);
set.add(OpenSSOSubjectAttributesCollector.getIDWithoutOrgName(amid));
} catch (IdRepoException ex) {
if (PrivilegeManager.debug.messageEnabled()) {
PrivilegeManager.debug.message("OpenSSOGroupSubject.getSearchIndexAttributes", ex);
}
set.add(uuid);
}
map.put(SubjectAttributesCollector.NAMESPACE_MEMBERSHIP + IdType.GROUP.getName(), set);
} else {
Set<String> set = new HashSet<String>();
set.add(SubjectAttributesCollector.ATTR_NAME_ALL_ENTITIES);
map.put(SubjectAttributesCollector.NAMESPACE_IDENTITY, set);
}
return map;
} else {
return super.getSearchIndexAttributes();
}
}
Also used :
SubjectAttributesManager(com.sun.identity.entitlement.SubjectAttributesManager)
Set(java.util.Set)
HashSet(java.util.HashSet)
SSOToken(com.iplanet.sso.SSOToken)
HashMap(java.util.HashMap)
AMIdentity(com.sun.identity.idm.AMIdentity)
IdRepoException(com.sun.identity.idm.IdRepoException)
HashSet(java.util.HashSet)
Example 2 with SubjectAttributesManager
use of com.sun.identity.entitlement.SubjectAttributesManager in project OpenAM by OpenRock.
the class SubjectAttributesResourceV1 method queryCollection.
@Override
public Promise<QueryResponse, ResourceException> queryCollection(Context context, QueryRequest request, QueryResourceHandler handler) {
final Subject mySubject = getContextSubject(context);
if (mySubject == null) {
debug.error("SubjectAttributesResource :: QUERY : Unknown Subject");
return new BadRequestException().asPromise();
}
final String principalName = PrincipalRestUtils.getPrincipalNameFromSubject(mySubject);
final SubjectAttributesManager manager = getSubjectAttributesManager(mySubject, getRealm(context));
final Set<String> attributes;
try {
attributes = manager.getAvailableSubjectAttributeNames();
} catch (EntitlementException e) {
debug.error("SubjectAttributesResource :: QUERY by " + principalName + " : Unable to query available " + "subject attribute names.");
return new InternalServerErrorException().asPromise();
}
for (String attr : attributes) {
handler.handleResource(newResourceResponse(attr, Long.toString(System.currentTimeMillis()), JsonValue.json(attr)));
}
return newResultPromise(newQueryResponse(null, CountPolicy.EXACT, 0));
}
Also used :
EntitlementException(com.sun.identity.entitlement.EntitlementException)
SubjectAttributesManager(com.sun.identity.entitlement.SubjectAttributesManager)
BadRequestException(org.forgerock.json.resource.BadRequestException)
InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException)
Subject(javax.security.auth.Subject)
Example 3 with SubjectAttributesManager
use of com.sun.identity.entitlement.SubjectAttributesManager in project OpenAM by OpenRock.
the class OpenSSOGroupSubject method getRequiredAttributeNames.
/**
* Returns required attribute names.
*
* @return required attribute names.
*/
@Override
public Set<String> getRequiredAttributeNames() {
SubjectAttributesManager sam = getSubjectAttributesManager();
if (sam != null) {
if (sam.isGroupMembershipSearchIndexEnabled()) {
Set<String> set = new HashSet<String>(2);
set.add(SubjectAttributesCollector.NAMESPACE_MEMBERSHIP + IdType.GROUP.getName());
return set;
} else {
return (Collections.EMPTY_SET);
}
} else {
return super.getRequiredAttributeNames();
}
}
Also used :
SubjectAttributesManager(com.sun.identity.entitlement.SubjectAttributesManager)
HashSet(java.util.HashSet)
Example 4 with SubjectAttributesManager
use of com.sun.identity.entitlement.SubjectAttributesManager in project OpenAM by OpenRock.
the class OpenSSOApplicationPrivilegeManager method getPrivileges.
private void getPrivileges() throws EntitlementException {
Set<String> hostIndex = new HashSet<String>();
hostIndex.add("://" + DNMapper.orgNameToDN(realm));
Set<String> pathParentIndex = new HashSet<String>();
pathParentIndex.add(RESOURCE_PREFIX);
ResourceSearchIndexes rIndex = new ResourceSearchIndexes(hostIndex, null, pathParentIndex);
SubjectAttributesManager sam = SubjectAttributesManager.getInstance(dsameUserSubject);
Set<String> subjectIndex = (bPolicyAdmin) ? Collections.EMPTY_SET : sam.getSubjectSearchFilter(caller, APPL_NAME);
OpenSSOIndexStore db = new OpenSSOIndexStore(dsameUserSubject, getHiddenRealmDN());
Iterator<IPrivilege> results = db.search("/", rIndex, subjectIndex, true, false);
while (results.hasNext()) {
Privilege p = (Privilege) results.next();
if (bPolicyAdmin || doesSubjectMatch(p, resourcePrefix)) {
delegatables.evaluate(p);
modifiables.evaluate(p);
readables.evaluate(p);
}
}
}
Also used :
SubjectAttributesManager(com.sun.identity.entitlement.SubjectAttributesManager)
IPrivilege(com.sun.identity.entitlement.IPrivilege)
ResourceSearchIndexes(com.sun.identity.entitlement.ResourceSearchIndexes)
ApplicationPrivilege(com.sun.identity.entitlement.ApplicationPrivilege)
IPrivilege(com.sun.identity.entitlement.IPrivilege)
Privilege(com.sun.identity.entitlement.Privilege)
ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege)
HashSet(java.util.HashSet)
Example 5 with SubjectAttributesManager
use of com.sun.identity.entitlement.SubjectAttributesManager in project OpenAM by OpenRock.
the class OpenSSOApplicationPrivilegeManager method doesSubjectMatch.
private boolean doesSubjectMatch(Privilege privilege, String resourceName) throws EntitlementException {
SubjectAttributesManager mgr = SubjectAttributesManager.getInstance(dsameUserSubject, realm);
SubjectDecision sDecision = privilege.getSubject().evaluate(realm, mgr, caller, resourceName, Collections.EMPTY_MAP);
return sDecision.isSatisfied();
}
Also used :
SubjectAttributesManager(com.sun.identity.entitlement.SubjectAttributesManager)
SubjectDecision(com.sun.identity.entitlement.SubjectDecision)
Aggregations
SubjectAttributesManager (com.sun.identity.entitlement.SubjectAttributesManager)5
HashSet (java.util.HashSet)3
SSOToken (com.iplanet.sso.SSOToken)1
ApplicationPrivilege (com.sun.identity.entitlement.ApplicationPrivilege)1
EntitlementException (com.sun.identity.entitlement.EntitlementException)1
IPrivilege (com.sun.identity.entitlement.IPrivilege)1
Privilege (com.sun.identity.entitlement.Privilege)1
ReferralPrivilege (com.sun.identity.entitlement.ReferralPrivilege)1
ResourceSearchIndexes (com.sun.identity.entitlement.ResourceSearchIndexes)1
SubjectDecision (com.sun.identity.entitlement.SubjectDecision)1
AMIdentity (com.sun.identity.idm.AMIdentity)1
IdRepoException (com.sun.identity.idm.IdRepoException)1
HashMap (java.util.HashMap)1
Set (java.util.Set)1
Subject (javax.security.auth.Subject)1
BadRequestException (org.forgerock.json.resource.BadRequestException)1
InternalServerErrorException (org.forgerock.json.resource.InternalServerErrorException)1
