Example 1 with ResourceName
use of com.sun.identity.entitlement.interfaces.ResourceName in project OpenAM by OpenRock.
the class ApplicationImpl method getResourceComparator.
private Class getResourceComparator(Map<String, Set<String>> attributeValues) throws CLIException {
String comp = getString(ATTR_RESOURCE_COMPARATOR, attributeValues);
if ((comp == null) || (comp.trim().length() == 0)) {
return null;
}
try {
Class clazz = Class.forName(comp);
Object obj = clazz.newInstance();
if (obj instanceof ResourceName) {
return clazz;
}
Object[] params = { comp };
throw new CLIException(MessageFormat.format("resource-comparator-does-not-extend-interface", params), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (InstantiationException ex) {
throw new CLIException(ex, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IllegalAccessException ex) {
throw new CLIException(ex, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (ClassNotFoundException ex) {
Object[] params = { comp };
throw new CLIException(MessageFormat.format("resource-comparator-class-not-found", params), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
Also used :
ResourceName(com.sun.identity.entitlement.interfaces.ResourceName)
CLIException(com.sun.identity.cli.CLIException)
Example 2 with ResourceName
use of com.sun.identity.entitlement.interfaces.ResourceName in project OpenAM by OpenRock.
the class ReferralPrivilege method canonicalizeResources.
/**
* Canonicalizes resource name before persistence.
*
* @param adminSubject Admin Subject.
* @param realm Realm Name
*/
public void canonicalizeResources(Subject adminSubject, String realm) throws EntitlementException {
origMapApplNameToResources = deepCopyMap(mapApplNameToResources);
for (String appName : mapApplNameToResources.keySet()) {
ResourceName resComp = getResourceComparator(adminSubject, realm, appName);
Set<String> resources = mapApplNameToResources.get(appName);
Set<String> temp = new HashSet<String>();
for (String r : resources) {
temp.add(resComp.canonicalize(r));
}
mapApplNameToResources.put(appName, temp);
}
}
Also used :
ResourceName(com.sun.identity.entitlement.interfaces.ResourceName)
HashSet(java.util.HashSet)
Example 3 with ResourceName
use of com.sun.identity.entitlement.interfaces.ResourceName in project OpenAM by OpenRock.
the class PrivilegeChangeNotifier method toSendNotification.
private boolean toSendNotification(Subject adminSubject, String realm, EntitlementListener l, String applicationName, Set<String> resources) throws EntitlementException {
Map<String, Set<String>> map = l.getMapAppToRes();
for (String appName : map.keySet()) {
if (appName.equals(applicationName)) {
Set<String> res = map.get(appName);
if ((res == null) || res.isEmpty()) {
return true;
}
Application app = ApplicationManager.getApplication(PolicyConstants.SUPER_ADMIN_SUBJECT, realm, appName);
ResourceName resourceComp = app.getResourceComparator();
for (String r : res) {
if (doesResourceMatch(resourceComp, r, resources)) {
return true;
}
}
}
}
return false;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
ResourceName(com.sun.identity.entitlement.interfaces.ResourceName)
Example 4 with ResourceName
use of com.sun.identity.entitlement.interfaces.ResourceName in project OpenAM by OpenRock.
the class Entitlement method canonicalizeResources.
/**
* Canonicalizes resource name before persistence.
*
* @param adminSubject Admin Subject.
* @param realm Realm Name
*/
public void canonicalizeResources(Subject adminSubject, String realm) throws EntitlementException {
ResourceName resComp = getResourceComparator(adminSubject, realm);
if ((resourceNames != null) && !resourceNames.isEmpty()) {
Set<String> temp = new HashSet<String>();
for (String r : resourceNames) {
temp.add(resComp.canonicalize(r));
}
resourceNames = temp;
}
}
Also used :
ResourceName(com.sun.identity.entitlement.interfaces.ResourceName)
HashSet(java.util.HashSet)
Example 5 with ResourceName
use of com.sun.identity.entitlement.interfaces.ResourceName in project OpenAM by OpenRock.
the class ReferralPrivilege method evaluate.
public List<Entitlement> evaluate(Subject adminSubject, String realm, Subject subject, String applicationName, String normalisedResourceName, String requestedResourceName, Set<String> actionNames, Map<String, Set<String>> environment, boolean recursive, Object context) throws EntitlementException {
List<Entitlement> results = null;
if (!active) {
return Collections.EMPTY_LIST;
}
Application application = ApplicationManager.getApplication(PolicyConstants.SUPER_ADMIN_SUBJECT, realm, applicationName);
EntitlementCombiner entitlementCombiner = application.getEntitlementCombiner();
entitlementCombiner.init("/", applicationName, normalisedResourceName, requestedResourceName, actionNames, recursive);
for (String rlm : realms) {
EntitlementConfiguration ec = EntitlementConfiguration.getInstance(PolicyConstants.SUPER_ADMIN_SUBJECT, rlm);
if (ec.doesRealmExist()) {
for (String app : mapApplNameToResources.keySet()) {
if (app.equals(applicationName)) {
Set<String> resourceNames = mapApplNameToResources.get(app);
ResourceName comp = getResourceComparator(adminSubject, rlm, app);
Set<String> resources = tagswapResourceNames(subject, resourceNames);
boolean applicable = false;
for (String r : resources) {
ResourceMatch match = comp.compare(normalisedResourceName, comp.canonicalize(r), true);
if (!recursive) {
applicable = match.equals(ResourceMatch.EXACT_MATCH) || match.equals(ResourceMatch.WILDCARD_MATCH) || match.equals(ResourceMatch.SUB_RESOURCE_MATCH) || match.equals(ResourceMatch.SUPER_RESOURCE_MATCH);
} else {
applicable = !match.equals(ResourceMatch.NO_MATCH);
}
if (applicable) {
break;
}
}
if (applicable) {
PrivilegeEvaluator evaluator = new PrivilegeEvaluator();
// create subject for sub realm by copying subject for
// this realm and clear the public credentials.
// this needs to be revisited later if public
// credentials contains realm-independent credentials
Subject subjectSubRealm = new Subject(false, subject.getPrincipals(), new HashSet(), subject.getPrivateCredentials());
// Fix for OPENAM-790
// Ensure that the Entitlement environment contains the correct
// Policy Configuration for the realm being evaluated.
Set<String> savedRealmDn = ec.updateEnvironmentRealmDn(environment, rlm);
List<Entitlement> entitlements = evaluator.evaluate(rlm, adminSubject, subjectSubRealm, applicationName, normalisedResourceName, requestedResourceName, environment, recursive);
if (savedRealmDn != null) {
ec.restoreEnvironmentRealmDn(environment, savedRealmDn);
}
if (entitlements != null) {
entitlementCombiner.add(entitlements);
results = entitlementCombiner.getResults();
}
}
}
}
}
}
if (results == null) {
results = new ArrayList<Entitlement>(0);
}
return results;
}
Also used :
ResourceName(com.sun.identity.entitlement.interfaces.ResourceName)
Subject(javax.security.auth.Subject)
HashSet(java.util.HashSet)
Aggregations
ResourceName (com.sun.identity.entitlement.interfaces.ResourceName)11
HashSet (java.util.HashSet)7
Set (java.util.Set)3
ISaveIndex (com.sun.identity.entitlement.interfaces.ISaveIndex)2
ISearchIndex (com.sun.identity.entitlement.interfaces.ISearchIndex)2
HashMap (java.util.HashMap)2
BeforeTest (org.testng.annotations.BeforeTest)2
Test (org.testng.annotations.Test)2
CLIException (com.sun.identity.cli.CLIException)1
RegExResourceName (com.sun.identity.entitlement.RegExResourceName)1
ResourceMatch (com.sun.identity.entitlement.ResourceMatch)1
Subject (javax.security.auth.Subject)1
