Example 6 with SubjectImplementation
use of com.sun.identity.entitlement.SubjectImplementation in project OpenAM by OpenRock.
the class SetApplicationPrivilegeSubjects method handleRequest.
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
@Override
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
String realm = getStringOptionValue(IArgument.REALM_NAME);
String name = getStringOptionValue(PARAM_NAME);
String[] params = { realm, name };
Set<SubjectImplementation> newSubjects = getSubjects(rc);
boolean bAdd = isOptionSet(PARAM_ADD);
Subject userSubject = SubjectUtils.createSubject(getAdminSSOToken());
ApplicationPrivilegeManager apm = ApplicationPrivilegeManager.getInstance(realm, userSubject);
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_UPDATE_APPLICATION_PRIVILEGE", params);
try {
ApplicationPrivilege appPrivilege = apm.getPrivilege(name);
Set<SubjectImplementation> origSubjects = appPrivilege.getSubjects();
Set<SubjectImplementation> subjects = (bAdd) ? mergeSubjects(origSubjects, newSubjects) : newSubjects;
appPrivilege.setSubject(subjects);
apm.replacePrivilege(appPrivilege);
Object[] msgParam = { name };
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("update-application-privilege-succeeded"), msgParam));
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEEDED_UPDATE_APPLICATION_PRIVILEGE", params);
} catch (EntitlementException ex) {
String[] paramExs = { realm, name, ex.getMessage() };
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_UPDATE_APPLICATION_PRIVILEGE", paramExs);
throw new CLIException(ex, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
Also used :
EntitlementException(com.sun.identity.entitlement.EntitlementException)
ApplicationPrivilege(com.sun.identity.entitlement.ApplicationPrivilege)
CLIException(com.sun.identity.cli.CLIException)
SubjectImplementation(com.sun.identity.entitlement.SubjectImplementation)
ApplicationPrivilegeManager(com.sun.identity.entitlement.ApplicationPrivilegeManager)
Subject(javax.security.auth.Subject)
Example 7 with SubjectImplementation
use of com.sun.identity.entitlement.SubjectImplementation in project OpenAM by OpenRock.
the class OpenSSOApplicationPrivilegeManager method toApplicationPrivilege.
private ApplicationPrivilege toApplicationPrivilege(Privilege p) throws EntitlementException {
ApplicationPrivilege ap = new ApplicationPrivilege(p.getName());
ap.setDescription(p.getDescription());
ap.setCreatedBy(p.getCreatedBy());
ap.setCreationDate(p.getCreationDate());
ap.setLastModifiedBy(p.getLastModifiedBy());
ap.setLastModifiedDate(p.getLastModifiedDate());
Entitlement ent = p.getEntitlement();
Set<String> resourceNames = ent.getResourceNames();
Map<String, Set<String>> mapAppToRes = getApplicationPrivilegeResourceNames(resourceNames);
ap.setApplicationResources(mapAppToRes);
ap.setActionValues(getActionValues(ent.getActionValues()));
Set<SubjectImplementation> subjects = new HashSet<SubjectImplementation>();
if (p.getSubject() instanceof OrSubject) {
OrSubject orSubject = (OrSubject) p.getSubject();
for (EntitlementSubject es : orSubject.getESubjects()) {
if (es instanceof SubjectImplementation) {
subjects.add((SubjectImplementation) es);
}
}
} else if (p.getSubject() instanceof SubjectImplementation) {
subjects.add((SubjectImplementation) p.getSubject());
}
ap.setSubject(subjects);
EntitlementCondition cond = p.getCondition();
if (cond instanceof SimpleTimeCondition) {
ap.setCondition(cond);
}
return ap;
}
Also used :
EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition)
HashSet(java.util.HashSet)
Set(java.util.Set)
SimpleTimeCondition(org.forgerock.openam.entitlement.conditions.environment.SimpleTimeCondition)
OrSubject(com.sun.identity.entitlement.OrSubject)
EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject)
ApplicationPrivilege(com.sun.identity.entitlement.ApplicationPrivilege)
SubjectImplementation(com.sun.identity.entitlement.SubjectImplementation)
Entitlement(com.sun.identity.entitlement.Entitlement)
HashSet(java.util.HashSet)
Example 8 with SubjectImplementation
use of com.sun.identity.entitlement.SubjectImplementation in project OpenAM by OpenRock.
the class RealmRemovedTest method createApplicationPrivilege.
private void createApplicationPrivilege() throws EntitlementException {
ApplicationPrivilegeManager mgr = ApplicationPrivilegeManager.getInstance(SUB_REALM1, SubjectUtils.createSubject(adminToken));
ApplicationPrivilege ap = new ApplicationPrivilege(APP_PRIVILEGE_NAME);
OpenSSOUserSubject sbj = new OpenSSOUserSubject();
sbj.setID("ou=dummy,ou=user,dc=openam,dc=forgerock,dc=org");
Set<SubjectImplementation> subjects = new HashSet<SubjectImplementation>();
subjects.add(sbj);
ap.setSubject(subjects);
Map<String, Set<String>> appRes = new HashMap<String, Set<String>>();
Set<String> res = new HashSet<String>();
appRes.put(ApplicationTypeManager.URL_APPLICATION_TYPE_NAME, res);
res.add("http://www.RealmRemovedTest.com/*");
ap.setApplicationResources(appRes);
ap.setActionValues(ApplicationPrivilege.PossibleAction.READ_MODIFY_DELEGATE);
mgr.addPrivilege(ap);
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
HashMap(java.util.HashMap)
ApplicationPrivilege(com.sun.identity.entitlement.ApplicationPrivilege)
ApplicationPrivilegeManager(com.sun.identity.entitlement.ApplicationPrivilegeManager)
SubjectImplementation(com.sun.identity.entitlement.SubjectImplementation)
HashSet(java.util.HashSet)
Example 9 with SubjectImplementation
use of com.sun.identity.entitlement.SubjectImplementation in project OpenAM by OpenRock.
the class ApplicationPrivilegeCLITest method validateSubjects.
private void validateSubjects(ApplicationPrivilege ap, Set<AMIdentity> users, String methodName) throws Exception {
Set<SubjectImplementation> subjects = ap.getSubjects();
if ((subjects == null) || (subjects.size() != users.size())) {
throw new Exception("ApplicationPrivilegeCLITest." + methodName + ": " + "subjects is empty.");
}
for (SubjectImplementation subject : subjects) {
if (!(subject instanceof OpenSSOUserSubject)) {
throw new Exception("ApplicationPrivilegeCLITest." + methodName + ": " + "subject is incorrect.");
}
String uuid = ((OpenSSOUserSubject) subject).getID();
boolean found = false;
for (AMIdentity user : users) {
if (uuid.equals(user.getUniversalId())) {
found = true;
break;
}
}
if (!found) {
throw new Exception("ApplicationPrivilegeCLITest." + methodName + ": " + "uuid is incorrect.");
}
}
}
Also used :
AMIdentity(com.sun.identity.idm.AMIdentity)
OpenSSOUserSubject(com.sun.identity.entitlement.opensso.OpenSSOUserSubject)
SubjectImplementation(com.sun.identity.entitlement.SubjectImplementation)
IdRepoException(com.sun.identity.idm.IdRepoException)
EntitlementException(com.sun.identity.entitlement.EntitlementException)
SSOException(com.iplanet.sso.SSOException)
Aggregations
SubjectImplementation (com.sun.identity.entitlement.SubjectImplementation)9
ApplicationPrivilege (com.sun.identity.entitlement.ApplicationPrivilege)6
EntitlementException (com.sun.identity.entitlement.EntitlementException)5
HashSet (java.util.HashSet)5
ApplicationPrivilegeManager (com.sun.identity.entitlement.ApplicationPrivilegeManager)4
Set (java.util.Set)4
CLIException (com.sun.identity.cli.CLIException)3
OpenSSOUserSubject (com.sun.identity.entitlement.opensso.OpenSSOUserSubject)3
Subject (javax.security.auth.Subject)3
Entitlement (com.sun.identity.entitlement.Entitlement)2
EntitlementSubject (com.sun.identity.entitlement.EntitlementSubject)2
OrSubject (com.sun.identity.entitlement.OrSubject)2
OpenSSOGroupSubject (com.sun.identity.entitlement.opensso.OpenSSOGroupSubject)2
AMIdentity (com.sun.identity.idm.AMIdentity)2
HashMap (java.util.HashMap)2
SSOException (com.iplanet.sso.SSOException)1
EntitlementCondition (com.sun.identity.entitlement.EntitlementCondition)1
IPrivilege (com.sun.identity.entitlement.IPrivilege)1
Privilege (com.sun.identity.entitlement.Privilege)1
ReferralPrivilege (com.sun.identity.entitlement.ReferralPrivilege)1
