Examples with UserSubject com.sun.identity.entitlement.UserSubject used on opensource projects

Search in sources :

Example 1 with UserSubject

use of com.sun.identity.entitlement.UserSubject in project OpenAM by OpenRock.

the class OpenProvisioning method createPolicy.

private void createPolicy(SSOToken adminToken) throws EntitlementException {
    PrivilegeManager pMgr = new PolicyPrivilegeManager(applicationServiceFactory, resourceTypeService, constraintValidator);
    pMgr.initialize("/", SubjectUtils.createSubject(adminToken));
    Map<String, Boolean> actionValues = new HashMap<String, Boolean>();
    actionValues.put("CREATE", Boolean.TRUE);
    actionValues.put("READ", Boolean.TRUE);
    actionValues.put("UPDATE", Boolean.TRUE);
    actionValues.put("DELETE", Boolean.TRUE);
    Entitlement entitlement = new Entitlement(APPLICATION, "/OP/*", actionValues);
    entitlement.setName("openProvisioningPrivilege");
    UserSubject sbj = new OpenSSOUserSubject();
    sbj.setID(jSmith.getUniversalId());
    AttributeLookupCondition cond = new AttributeLookupCondition("$USER.postaladdress", "$RES.postaladdress");
    Privilege privilege = Privilege.getNewInstance();
    privilege.setName(PRIVILEGE_NAME);
    privilege.setEntitlement(entitlement);
    privilege.setSubject(sbj);
    privilege.setCondition(cond);
    pMgr.add(privilege);
}
Also used : OpenSSOUserSubject(com.sun.identity.entitlement.opensso.OpenSSOUserSubject) UserSubject(com.sun.identity.entitlement.UserSubject) AttributeLookupCondition(com.sun.identity.entitlement.AttributeLookupCondition) HashMap(java.util.HashMap) PolicyPrivilegeManager(com.sun.identity.entitlement.opensso.PolicyPrivilegeManager) PrivilegeManager(com.sun.identity.entitlement.PrivilegeManager) OpenSSOUserSubject(com.sun.identity.entitlement.opensso.OpenSSOUserSubject) Entitlement(com.sun.identity.entitlement.Entitlement) Privilege(com.sun.identity.entitlement.Privilege) PolicyPrivilegeManager(com.sun.identity.entitlement.opensso.PolicyPrivilegeManager)

Example 2 with UserSubject

use of com.sun.identity.entitlement.UserSubject in project OpenAM by OpenRock.

the class PrivilegeUtilsTest method testPrivilegeToXACMLPolicy.

@Test
public void testPrivilegeToXACMLPolicy() throws Exception {
    try {
        UnittestLog.logMessage("PrivilegeUtils.testPrivilegeToXACMLPolicy():" + " entered");
        Map<String, Boolean> actionValues = new HashMap<String, Boolean>();
        actionValues.put("GET", Boolean.TRUE);
        actionValues.put("POST", Boolean.FALSE);
        // The port is required for passing equals  test
        // opensso policy would add default port if port not specified
        String resourceName = "http://www.sun.com:80";
        Entitlement entitlement = new Entitlement(SERVICE_NAME, resourceName, actionValues);
        entitlement.setName("ent1");
        String user11 = "id=user11,ou=user," + ServiceManager.getBaseDN();
        String user12 = "id=user12,ou=user," + ServiceManager.getBaseDN();
        UserSubject ua1 = new OpenSSOUserSubject();
        ua1.setID(user11);
        UserSubject ua2 = new OpenSSOUserSubject();
        ua2.setID(user12);
        Set<EntitlementSubject> subjects = new HashSet<EntitlementSubject>();
        subjects.add(ua1);
        subjects.add(ua2);
        OrSubject os = new OrSubject(subjects);
        Set<EntitlementCondition> conditions = new HashSet<EntitlementCondition>();
        String startIp = "100.100.100.100";
        String endIp = "200.200.200.200";
        IPv4Condition ipc = new IPv4Condition();
        ipc.setStartIpAndEndIp(startIp, endIp);
        conditions.add(ipc);
        OrCondition oc = new OrCondition(conditions);
        AndCondition ac = new AndCondition(conditions);
        StaticAttributes sa1 = new StaticAttributes();
        Set<String> aValues = new HashSet<String>();
        aValues.add("a10");
        aValues.add("a20");
        sa1.setPropertyName("a");
        sa1.setPropertyValues(aValues);
        sa1.setPResponseProviderName("sa");
        StaticAttributes sa2 = new StaticAttributes();
        Set<String> bValues = new HashSet<String>();
        bValues.add("b10");
        bValues.add("b20");
        sa2.setPropertyName("b");
        sa2.setPropertyValues(bValues);
        sa2.setPResponseProviderName("sa");
        UserAttributes uat1 = new UserAttributes();
        uat1.setPropertyName("email");
        uat1.setPResponseProviderName("ua");
        UserAttributes uat2 = new UserAttributes();
        uat2.setPropertyName("uid");
        uat2.setPResponseProviderName("ua");
        Set<ResourceAttribute> ra = new HashSet<ResourceAttribute>();
        ra.add(sa1);
        ra.add(sa2);
        ra.add(uat1);
        ra.add(uat2);
        Privilege privilege = Privilege.getNewInstance();
        privilege.setName(PRIVILEGE_NAME);
        privilege.setEntitlement(entitlement);
        privilege.setSubject(ua1);
        privilege.setCondition(ipc);
        privilege.setResourceAttributes(ra);
        privilege.setCreatedBy("amadmin");
        privilege.setLastModifiedBy("amadmin");
        privilege.setCreationDate(System.currentTimeMillis());
        privilege.setLastModifiedDate(System.currentTimeMillis());
        UnittestLog.logMessage("PrivilegeUtils.testPrivilegeToXACMLPolicy():" + "Privilege=" + privilege.toString());
        UnittestLog.logMessage("PrivilegeUtils.testPrivilegeToXACMLPolicy():" + "converting to xacml policy");
        // TODO(jtb): not compiling
        String xacmlString = XACMLPrivilegeUtils.toXACML(privilege);
        UnittestLog.logMessage("xacml policy=" + xacmlString);
    } catch (Throwable t) {
        UnittestLog.logError("Throwable:", t);
        UnittestLog.logMessage("Throwable:" + t.getMessage());
        t.printStackTrace();
    }
}
Also used : EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition) HashMap(java.util.HashMap) IPv4Condition(org.forgerock.openam.entitlement.conditions.environment.IPv4Condition) OpenSSOUserSubject(com.sun.identity.entitlement.opensso.OpenSSOUserSubject) StaticAttributes(com.sun.identity.entitlement.StaticAttributes) OrSubject(com.sun.identity.entitlement.OrSubject) AndCondition(com.sun.identity.entitlement.AndCondition) UserAttributes(com.sun.identity.entitlement.UserAttributes) EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject) OpenSSOUserSubject(com.sun.identity.entitlement.opensso.OpenSSOUserSubject) UserSubject(com.sun.identity.entitlement.UserSubject) OrCondition(com.sun.identity.entitlement.OrCondition) Entitlement(com.sun.identity.entitlement.Entitlement) ResourceAttribute(com.sun.identity.entitlement.ResourceAttribute) Privilege(com.sun.identity.entitlement.Privilege) HashSet(java.util.HashSet) Test(org.testng.annotations.Test)

Example 3 with UserSubject

use of com.sun.identity.entitlement.UserSubject in project OpenAM by OpenRock.

the class XACMLPrivilegeUtils method entitlementSubjectToAnyOfList.

// TODO: not used now, use, test, fix and verify
public static List<AnyOf> entitlementSubjectToAnyOfList(EntitlementSubject es) {
    if (es == null) {
        return null;
    }
    List<AnyOf> anyOfList = new ArrayList<AnyOf>();
    AnyOf anyOf = new AnyOf();
    anyOfList.add(anyOf);
    List<AllOf> allOfList = anyOf.getAllOf();
    AllOf allOf = new AllOf();
    allOfList.add(allOf);
    List<Match> matchList = allOf.getMatch();
    if (es instanceof UserSubject) {
        UserSubject us = (UserSubject) es;
        String userId = us.getID();
        Match match = new Match();
        matchList.add(match);
        match.setMatchId("user-subject-match");
        AttributeValue attributeValue = new AttributeValue();
        String dataType = "datatype";
        attributeValue.setDataType(dataType);
        attributeValue.getContent().add(userId);
        AttributeDesignator attributeDesignator = new AttributeDesignator();
        String category = "subject-category";
        attributeDesignator.setCategory(category);
        String attributeId = "user-subject:user-id";
        attributeDesignator.setAttributeId(attributeId);
        String dt = "xs;string";
        attributeDesignator.setDataType(dt);
        String issuer = "subject:issuer";
        // attributeDesignator.setIssuer(issuer); TODO: verify and fix
        boolean mustBePresent = true;
        attributeDesignator.setMustBePresent(mustBePresent);
        match.setAttributeValue(attributeValue);
        match.setAttributeDesignator(attributeDesignator);
    }
    return anyOfList;
}
Also used : AttributeValue(com.sun.identity.entitlement.xacml3.core.AttributeValue) AttributeDesignator(com.sun.identity.entitlement.xacml3.core.AttributeDesignator) AnyOf(com.sun.identity.entitlement.xacml3.core.AnyOf) UserSubject(com.sun.identity.entitlement.UserSubject) ArrayList(java.util.ArrayList) AllOf(com.sun.identity.entitlement.xacml3.core.AllOf) Match(com.sun.identity.entitlement.xacml3.core.Match)

Example 4 with UserSubject

use of com.sun.identity.entitlement.UserSubject in project OpenAM by OpenRock.

the class PrivilegeUtilsTest method testPrivilegeToPolicy.

@Test
public void testPrivilegeToPolicy() throws Exception {
    String BASE_DN = Constants.DEFAULT_ROOT_SUFFIX;
    Map<String, Boolean> actionValues = new HashMap<String, Boolean>();
    actionValues.put("GET", Boolean.TRUE);
    actionValues.put("POST", Boolean.TRUE);
    String resourceName = "http://www.sun.com";
    Entitlement entitlement = new Entitlement("iPlanetAMWebAgentService", resourceName, actionValues);
    entitlement.setName("ent1");
    String user11 = "id=user11,ou=user," + BASE_DN;
    String user12 = "id=user12,ou=user," + BASE_DN;
    UserSubject us1 = new OpenSSOUserSubject();
    us1.setID(user11);
    UserSubject us2 = new OpenSSOUserSubject();
    us2.setID(user12);
    Set<EntitlementSubject> subjects = new HashSet<EntitlementSubject>();
    subjects.add(us1);
    subjects.add(us2);
    OrSubject os = new OrSubject(subjects);
    IPv4Condition ipc = new IPv4Condition();
    ipc.setStartIpAndEndIp("100.100.100.100", "200.200.200.200");
    Set<EntitlementCondition> setConditions = new HashSet<EntitlementCondition>();
    setConditions.add(ipc);
    AndCondition andCondition = new AndCondition();
    andCondition.setEConditions(setConditions);
    StaticAttributes sa1 = new StaticAttributes();
    Set<String> aValues = new HashSet<String>();
    aValues.add("a10");
    aValues.add("a20");
    sa1.setPropertyName("a");
    sa1.setPropertyValues(aValues);
    sa1.setPResponseProviderName("sa");
    StaticAttributes sa2 = new StaticAttributes();
    Set<String> bValues = new HashSet<String>();
    bValues.add("b10");
    bValues.add("b20");
    sa2.setPropertyName("b");
    sa2.setPropertyValues(bValues);
    sa2.setPResponseProviderName("sa");
    UserAttributes uat1 = new UserAttributes();
    uat1.setPropertyName("email");
    uat1.setPResponseProviderName("ua");
    UserAttributes uat2 = new UserAttributes();
    uat2.setPropertyName("uid");
    uat2.setPResponseProviderName("ua");
    Set<ResourceAttribute> ra = new HashSet<ResourceAttribute>();
    ra.add(sa1);
    ra.add(sa2);
    ra.add(uat1);
    ra.add(uat2);
    Privilege privilege = Privilege.getNewInstance();
    privilege.setName("PrivilegeUtilsTest");
    privilege.setEntitlement(entitlement);
    //orSubject
    privilege.setSubject(os);
    privilege.setCondition(andCondition);
    privilege.setResourceAttributes(ra);
    Policy policy = PrivilegeUtils.privilegeToPolicy("/", privilege);
    Set<IPrivilege> ps = PrivilegeUtils.policyToPrivileges(policy);
    if ((ps == null) || ps.isEmpty()) {
        throw new Exception("PrivilegeUtilsTest.testPrivilegeToPolicy failed.");
    }
}
Also used : EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition) HashMap(java.util.HashMap) AndCondition(com.sun.identity.entitlement.AndCondition) UserAttributes(com.sun.identity.entitlement.UserAttributes) OpenSSOUserSubject(com.sun.identity.entitlement.opensso.OpenSSOUserSubject) UserSubject(com.sun.identity.entitlement.UserSubject) ResourceAttribute(com.sun.identity.entitlement.ResourceAttribute) HashSet(java.util.HashSet) IPv4Condition(org.forgerock.openam.entitlement.conditions.environment.IPv4Condition) OpenSSOUserSubject(com.sun.identity.entitlement.opensso.OpenSSOUserSubject) StaticAttributes(com.sun.identity.entitlement.StaticAttributes) OrSubject(com.sun.identity.entitlement.OrSubject) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException) EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject) IPrivilege(com.sun.identity.entitlement.IPrivilege) Entitlement(com.sun.identity.entitlement.Entitlement) IPrivilege(com.sun.identity.entitlement.IPrivilege) Privilege(com.sun.identity.entitlement.Privilege) Test(org.testng.annotations.Test)

Example 5 with UserSubject

use of com.sun.identity.entitlement.UserSubject in project OpenAM by OpenRock.

the class OpenProvisioning method testEval.

@Test
public void testEval() throws Exception {
    SSOToken adminSSOToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
    Subject adminSubject = SubjectUtils.createSubject(adminSSOToken);
    Set<Principal> userPrincipals = new HashSet<Principal>(2);
    userPrincipals.add(new AuthSPrincipal(jSmith.getUniversalId()));
    Subject userSubject = new Subject(false, userPrincipals, new HashSet(), new HashSet());
    Map<String, Set<String>> envParameters = new HashMap<String, Set<String>>();
    Evaluator eval = new Evaluator(adminSubject, APPLICATION);
    List entitlements = eval.evaluate("/", userSubject, RESOURCE, envParameters, false);
    Entitlement e1 = (Entitlement) entitlements.iterator().next();
    if (!e1.getActionValues().isEmpty()) {
        throw new Exception("OpenProvisioning.test fails because action values is not empty");
    }
    Map<String, Set<String>> mapAdvices = e1.getAdvices();
    Set<String> setAdvices = mapAdvices.get(AttributeLookupCondition.class.getName());
    if (!setAdvices.contains("$USER.postaladdress=$RES.postaladdress")) {
        throw new Exception("OpenProvisioning.test fails because missing advices");
    }
    Set publicCreds = userSubject.getPublicCredentials();
    publicCreds.add("postaladdress=CA");
    Set<String> setLocation = new HashSet<String>();
    setLocation.add("CA");
    envParameters.put("/OP/cropLdap/person/johndoe.postaladdress", setLocation);
    eval = new Evaluator(adminSubject, APPLICATION);
    entitlements = eval.evaluate("/", userSubject, RESOURCE1, envParameters, false);
    e1 = (Entitlement) entitlements.iterator().next();
    if (e1.getActionValues().isEmpty()) {
        throw new Exception("OpenProvisioning.test fails.");
    }
}
Also used : SSOToken(com.iplanet.sso.SSOToken) HashSet(java.util.HashSet) Set(java.util.Set) AttributeLookupCondition(com.sun.identity.entitlement.AttributeLookupCondition) HashMap(java.util.HashMap) Evaluator(com.sun.identity.entitlement.Evaluator) OpenSSOUserSubject(com.sun.identity.entitlement.opensso.OpenSSOUserSubject) Subject(javax.security.auth.Subject) UserSubject(com.sun.identity.entitlement.UserSubject) IdRepoException(com.sun.identity.idm.IdRepoException) EntitlementException(com.sun.identity.entitlement.EntitlementException) SSOException(com.iplanet.sso.SSOException) AuthSPrincipal(com.sun.identity.authentication.internal.server.AuthSPrincipal) List(java.util.List) Entitlement(com.sun.identity.entitlement.Entitlement) Principal(java.security.Principal) AuthSPrincipal(com.sun.identity.authentication.internal.server.AuthSPrincipal) HashSet(java.util.HashSet) Test(org.testng.annotations.Test)

Aggregations

UserSubject (com.sun.identity.entitlement.UserSubject)5 Entitlement (com.sun.identity.entitlement.Entitlement)4 OpenSSOUserSubject (com.sun.identity.entitlement.opensso.OpenSSOUserSubject)4 HashMap (java.util.HashMap)4 Privilege (com.sun.identity.entitlement.Privilege)3 HashSet (java.util.HashSet)3 Test (org.testng.annotations.Test)3 SSOException (com.iplanet.sso.SSOException)2 AndCondition (com.sun.identity.entitlement.AndCondition)2 AttributeLookupCondition (com.sun.identity.entitlement.AttributeLookupCondition)2 EntitlementCondition (com.sun.identity.entitlement.EntitlementCondition)2 EntitlementSubject (com.sun.identity.entitlement.EntitlementSubject)2 OrSubject (com.sun.identity.entitlement.OrSubject)2 ResourceAttribute (com.sun.identity.entitlement.ResourceAttribute)2 StaticAttributes (com.sun.identity.entitlement.StaticAttributes)2 UserAttributes (com.sun.identity.entitlement.UserAttributes)2 IdRepoException (com.sun.identity.idm.IdRepoException)2 IPv4Condition (org.forgerock.openam.entitlement.conditions.environment.IPv4Condition)2 SSOToken (com.iplanet.sso.SSOToken)1 AuthSPrincipal (com.sun.identity.authentication.internal.server.AuthSPrincipal)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial