Examples with SubjectImplementation com.sun.identity.entitlement.SubjectImplementation used on opensource projects

Example 1 with SubjectImplementation

use of com.sun.identity.entitlement.SubjectImplementation in project OpenAM by OpenRock.

the class RemoveApplicationPrivilegeSubjects method handleRequest.

/**
     * Services a Commandline Request.
     *
     * @param rc Request Context.
     * @throws CLIException if the request cannot serviced.
     */
@Override
public void handleRequest(RequestContext rc) throws CLIException {
    super.handleRequest(rc);
    String realm = getStringOptionValue(IArgument.REALM_NAME);
    String name = getStringOptionValue(PARAM_NAME);
    String[] params = { realm, name };
    Set<SubjectImplementation> newSubjects = getSubjects(rc);
    Subject userSubject = SubjectUtils.createSubject(getAdminSSOToken());
    ApplicationPrivilegeManager apm = ApplicationPrivilegeManager.getInstance(realm, userSubject);
    writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_UPDATE_APPLICATION_PRIVILEGE", params);
    try {
        ApplicationPrivilege appPrivilege = apm.getPrivilege(name);
        Set<SubjectImplementation> origSubjects = appPrivilege.getSubjects();
        origSubjects.removeAll(newSubjects);
        if (origSubjects.isEmpty()) {
            throw new CLIException(getResourceString("remove-application-privilege-subjects-emptied-subjects"), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
        appPrivilege.setSubject(origSubjects);
        apm.replacePrivilege(appPrivilege);
        Object[] msgParam = { name };
        getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("update-application-privilege-succeeded"), msgParam));
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEEDED_UPDATE_APPLICATION_PRIVILEGE", params);
    } catch (EntitlementException ex) {
        String[] paramExs = { realm, name, ex.getMessage() };
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_UPDATE_APPLICATION_PRIVILEGE", paramExs);
        throw new CLIException(ex, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }
}

Example 2 with SubjectImplementation

use of com.sun.identity.entitlement.SubjectImplementation in project OpenAM by OpenRock.

the class CreateApplicationPrivilege method handleRequest.

/**
     * Services a Commandline Request.
     *
     * @param rc Request Context.
     * @throws CLIException if the request cannot serviced.
     */
@Override
public void handleRequest(RequestContext rc) throws CLIException {
    super.handleRequest(rc);
    String realm = getStringOptionValue(IArgument.REALM_NAME);
    String name = getStringOptionValue(PARAM_NAME);
    String[] params = { realm, name };
    writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_CREATE_APPLICATION_PRIVILEGE", params);
    String description = getStringOptionValue(PARAM_DESCRIPTION);
    ApplicationPrivilege.PossibleAction actions = getActions();
    Set<SubjectImplementation> subjects = getSubjects(rc);
    try {
        Map<String, Set<String>> mapAppToResources = getApplicationResourcesMap(rc, realm);
        Subject userSubject = SubjectUtils.createSubject(getAdminSSOToken());
        ApplicationPrivilegeManager apm = ApplicationPrivilegeManager.getInstance(realm, userSubject);
        ApplicationPrivilege appPrivilege = new ApplicationPrivilege(name);
        appPrivilege.setDescription(description);
        appPrivilege.setActionValues(actions);
        appPrivilege.setApplicationResources(mapAppToResources);
        appPrivilege.setSubject(subjects);
        apm.addPrivilege(appPrivilege);
        Object[] msgParam = { name };
        getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("create-application-privilege-succeeded"), msgParam));
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEEDED_CREATE_APPLICATION_PRIVILEGE", params);
    } catch (EntitlementException ex) {
        String[] paramExs = { realm, name, ex.getMessage() };
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_CREATE_APPLICATION_PRIVILEGE", paramExs);
        throw new CLIException(ex, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (CLIException ex) {
        String[] paramExs = { realm, name, ex.getMessage() };
        writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_CREATE_APPLICATION_PRIVILEGE", paramExs);
        throw ex;
    }
}

Example 3 with SubjectImplementation

use of com.sun.identity.entitlement.SubjectImplementation in project OpenAM by OpenRock.

the class ApplicationPrivilegeBase method getSubjects.

protected Map<String, Set<String>> getSubjects(ApplicationPrivilege appPrivilege) {
    Map<String, Set<String>> results = new HashMap<String, Set<String>>();
    Set<SubjectImplementation> subjects = appPrivilege.getSubjects();
    for (SubjectImplementation subject : subjects) {
        String type = null;
        String uuid = null;
        if (subject instanceof OpenSSOUserSubject) {
            type = PARAM_SUBJECT_USER;
            uuid = ((OpenSSOUserSubject) subject).getID();
        } else if (subject instanceof OpenSSOGroupSubject) {
            type = PARAM_SUBJECT_GROUP;
            uuid = ((OpenSSOGroupSubject) subject).getID();
        }
        if (type != null) {
            Set<String> set = results.get(type);
            if (set == null) {
                set = new HashSet<String>();
                results.put(type, set);
            }
            set.add(uuid);
        }
    }
    return results;
}

Example 4 with SubjectImplementation

use of com.sun.identity.entitlement.SubjectImplementation in project OpenAM by OpenRock.

the class OpenSSOApplicationPrivilegeManager method toPrivilege.

/**
     * Creates two privileges here
     */
private Privilege[] toPrivilege(ApplicationPrivilege appPrivilege) throws EntitlementException {
    Privilege[] results = new Privilege[2];
    try {
        Privilege actualP = Privilege.getNewInstance();
        actualP.setName(appPrivilege.getName());
        actualP.setDescription(appPrivilege.getDescription());
        Set<String> res = createDelegationResources(appPrivilege);
        Entitlement entitlement = new Entitlement(APPL_NAME, res, getActionValues(appPrivilege.getActionValues()));
        actualP.setEntitlement(entitlement);
        Privilege ghostP = Privilege.getNewInstance();
        ghostP.setName(GHOST_PRIVILEGE_NAME_PREFIX + appPrivilege.getName());
        Set<String> ghostRes = new HashSet<String>();
        String currentOrgDN = DNMapper.orgNameToDN(realm);
        Object[] param = { currentOrgDN };
        ghostRes.add(MessageFormat.format(SUN_AM_REALM_RESOURCE, param));
        ghostRes.add(MessageFormat.format(SUN_IDREPO_RESOURCE, param));
        entitlement = new Entitlement(APPL_NAME, ghostRes, getActionValues(ApplicationPrivilege.PossibleAction.READ));
        ghostP.setEntitlement(entitlement);
        Set<SubjectImplementation> subjects = appPrivilege.getSubjects();
        Set<EntitlementSubject> eSubjects = new HashSet<EntitlementSubject>();
        for (SubjectImplementation i : subjects) {
            eSubjects.add((EntitlementSubject) i);
        }
        OrSubject orSubject = new OrSubject(eSubjects);
        actualP.setSubject(orSubject);
        actualP.setCondition(appPrivilege.getCondition());
        ghostP.setSubject(orSubject);
        ghostP.setCondition(appPrivilege.getCondition());
        Set<String> applIndexes = new HashSet<String>();
        applIndexes.addAll(appPrivilege.getApplicationNames());
        actualP.setApplicationIndexes(applIndexes);
        results[0] = actualP;
        results[1] = ghostP;
    } catch (UnsupportedEncodingException ex) {
        String[] params = {};
        throw new EntitlementException(324, params);
    }
    return results;
}

Example 5 with SubjectImplementation

use of com.sun.identity.entitlement.SubjectImplementation in project OpenAM by OpenRock.

the class ApplicationPrivilegeBase method getSubjects.

protected Set<SubjectImplementation> getSubjects(RequestContext rc) throws CLIException {
    Set<SubjectImplementation> eSubjects = new HashSet<SubjectImplementation>();
    boolean bUser = isUserSubject();
    IdType idType = (bUser) ? IdType.USER : IdType.GROUP;
    String realm = getStringOptionValue(IArgument.REALM_NAME);
    List<String> subjects = rc.getOption(PARAM_SUBJECTS);
    for (String s : subjects) {
        // create AMIdentity just to get the uuid.
        AMIdentity amid = new AMIdentity(null, s, idType, realm, null);
        String universalId = amid.getUniversalId();
        SubjectImplementation sbj = (bUser) ? new OpenSSOUserSubject(universalId) : new OpenSSOGroupSubject(universalId);
        eSubjects.add(sbj);
    }
    return eSubjects;
}