Search in sources :

Example 1 with PolicyPrivilegeManager

use of com.sun.identity.entitlement.opensso.PolicyPrivilegeManager in project OpenAM by OpenRock.

the class OpenProvisioning method createPolicy.

private void createPolicy(SSOToken adminToken) throws EntitlementException {
    PrivilegeManager pMgr = new PolicyPrivilegeManager(applicationServiceFactory, resourceTypeService, constraintValidator);
    pMgr.initialize("/", SubjectUtils.createSubject(adminToken));
    Map<String, Boolean> actionValues = new HashMap<String, Boolean>();
    actionValues.put("CREATE", Boolean.TRUE);
    actionValues.put("READ", Boolean.TRUE);
    actionValues.put("UPDATE", Boolean.TRUE);
    actionValues.put("DELETE", Boolean.TRUE);
    Entitlement entitlement = new Entitlement(APPLICATION, "/OP/*", actionValues);
    entitlement.setName("openProvisioningPrivilege");
    UserSubject sbj = new OpenSSOUserSubject();
    sbj.setID(jSmith.getUniversalId());
    AttributeLookupCondition cond = new AttributeLookupCondition("$USER.postaladdress", "$RES.postaladdress");
    Privilege privilege = Privilege.getNewInstance();
    privilege.setName(PRIVILEGE_NAME);
    privilege.setEntitlement(entitlement);
    privilege.setSubject(sbj);
    privilege.setCondition(cond);
    pMgr.add(privilege);
}
Also used : OpenSSOUserSubject(com.sun.identity.entitlement.opensso.OpenSSOUserSubject) UserSubject(com.sun.identity.entitlement.UserSubject) AttributeLookupCondition(com.sun.identity.entitlement.AttributeLookupCondition) HashMap(java.util.HashMap) PolicyPrivilegeManager(com.sun.identity.entitlement.opensso.PolicyPrivilegeManager) PrivilegeManager(com.sun.identity.entitlement.PrivilegeManager) OpenSSOUserSubject(com.sun.identity.entitlement.opensso.OpenSSOUserSubject) Entitlement(com.sun.identity.entitlement.Entitlement) Privilege(com.sun.identity.entitlement.Privilege) PolicyPrivilegeManager(com.sun.identity.entitlement.opensso.PolicyPrivilegeManager)

Example 2 with PolicyPrivilegeManager

use of com.sun.identity.entitlement.opensso.PolicyPrivilegeManager in project OpenAM by OpenRock.

the class TestAttributeEvaluator method cleanup.

@AfterClass
public void cleanup() throws Exception {
    if (!migrated) {
        return;
    }
    PrivilegeManager pm = new PolicyPrivilegeManager(applicationServiceFactory, resourceTypeService, constraintValidator);
    pm.initialize("/", SubjectUtils.createSubject(adminToken));
    pm.remove(PRIVILEGE1_NAME);
    IdRepoUtils.deleteIdentity("/", user1);
    ApplicationManager.deleteApplication(adminSubject, "/", APPL_NAME);
}
Also used : PolicyPrivilegeManager(com.sun.identity.entitlement.opensso.PolicyPrivilegeManager) PolicyPrivilegeManager(com.sun.identity.entitlement.opensso.PolicyPrivilegeManager) AfterClass(org.testng.annotations.AfterClass)

Example 3 with PolicyPrivilegeManager

use of com.sun.identity.entitlement.opensso.PolicyPrivilegeManager in project OpenAM by OpenRock.

the class TestGroupEvaluator method cleanup.

@AfterClass
public void cleanup() throws Exception {
    if (!migrated) {
        return;
    }
    PrivilegeManager pm = new PolicyPrivilegeManager(applicationServiceFactory, resourceTypeService, constraintValidator);
    pm.initialize("/", SubjectUtils.createSubject(adminToken));
    pm.remove(PRIVILEGE1_NAME);
    Set<AMIdentity> identities = new HashSet<AMIdentity>();
    identities.add(user1);
    identities.add(group1);
    IdRepoUtils.deleteIdentities("/", identities);
    ApplicationManager.deleteApplication(adminSubject, "/", APPL_NAME);
}
Also used : PolicyPrivilegeManager(com.sun.identity.entitlement.opensso.PolicyPrivilegeManager) AMIdentity(com.sun.identity.idm.AMIdentity) PolicyPrivilegeManager(com.sun.identity.entitlement.opensso.PolicyPrivilegeManager) HashSet(java.util.HashSet) AfterClass(org.testng.annotations.AfterClass)

Example 4 with PolicyPrivilegeManager

use of com.sun.identity.entitlement.opensso.PolicyPrivilegeManager in project OpenAM by OpenRock.

the class TestAttributeEvaluator method setup.

@BeforeClass
public void setup() throws Exception {
    if (!migrated) {
        return;
    }
    resourceTypeService = Mockito.mock(ResourceTypeService.class);
    constraintValidator = Mockito.mock(ConstraintValidator.class);
    applicationServiceFactory = Mockito.mock(ApplicationServiceFactory.class);
    Application appl = new Application(APPL_NAME, ApplicationTypeManager.getAppplicationType(adminSubject, ApplicationTypeManager.URL_APPLICATION_TYPE_NAME));
    // Test disabled, unable to fix model change
    // Set<String> avaliableResources = new HashSet<String>();
    // avaliableResources.add("http://www.testevaluator.com:80/*");
    // appl.addResources(avaliableResources);
    appl.setEntitlementCombiner(DenyOverride.class);
    ApplicationManager.saveApplication(adminSubject, "/", appl);
    PrivilegeManager pm = new PolicyPrivilegeManager(applicationServiceFactory, resourceTypeService, constraintValidator);
    pm.initialize("/", adminSubject);
    Map<String, Boolean> actions = new HashMap<String, Boolean>();
    actions.put("GET", Boolean.TRUE);
    Entitlement ent = new Entitlement(APPL_NAME, URL1, actions);
    Map<String, Set<String>> attrValues = new HashMap<String, Set<String>>();
    Set<String> set = new HashSet<String>();
    set.add(attrValue);
    attrValues.put(attrName, set);
    user1 = IdRepoUtils.createUser("/", USER1_NAME, attrValues);
    AttributeSubject as = new AttributeSubject(attrName, attrValue);
    EntitlementSubject es1 = as;
    Privilege privilege = Privilege.getNewInstance();
    privilege.setName(PRIVILEGE1_NAME);
    privilege.setEntitlement(ent);
    privilege.setSubject(es1);
    pm.add(privilege);
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) HashMap(java.util.HashMap) PolicyPrivilegeManager(com.sun.identity.entitlement.opensso.PolicyPrivilegeManager) ApplicationServiceFactory(org.forgerock.openam.entitlement.service.ApplicationServiceFactory) ResourceTypeService(org.forgerock.openam.entitlement.service.ResourceTypeService) ConstraintValidator(org.forgerock.openam.entitlement.constraints.ConstraintValidator) PolicyPrivilegeManager(com.sun.identity.entitlement.opensso.PolicyPrivilegeManager) HashSet(java.util.HashSet) BeforeClass(org.testng.annotations.BeforeClass)

Example 5 with PolicyPrivilegeManager

use of com.sun.identity.entitlement.opensso.PolicyPrivilegeManager in project OpenAM by OpenRock.

the class TestGroupEvaluator method setup.

@BeforeClass
public void setup() throws Exception {
    if (!migrated) {
        return;
    }
    resourceTypeService = Mockito.mock(ResourceTypeService.class);
    constraintValidator = Mockito.mock(ConstraintValidator.class);
    applicationServiceFactory = Mockito.mock(ApplicationServiceFactory.class);
    Application appl = new Application(APPL_NAME, ApplicationTypeManager.getAppplicationType(adminSubject, ApplicationTypeManager.URL_APPLICATION_TYPE_NAME));
    // Test disabled, unable to fix model change
    // Set<String> avaliableResources = new HashSet<String>();
    // avaliableResources.add("http://www.testevaluator.com:80/*");
    // appl.addResources(avaliableResources);
    appl.setEntitlementCombiner(DenyOverride.class);
    ApplicationManager.saveApplication(adminSubject, "/", appl);
    PrivilegeManager pm = new PolicyPrivilegeManager(applicationServiceFactory, resourceTypeService, constraintValidator);
    pm.initialize("/", adminSubject);
    Map<String, Boolean> actions = new HashMap<String, Boolean>();
    actions.put("GET", Boolean.TRUE);
    Entitlement ent = new Entitlement(APPL_NAME, URL1, actions);
    user1 = IdRepoUtils.createUser("/", USER1_NAME);
    group1 = IdRepoUtils.createGroup("/", GROUP1_NAME);
    group1.addMember(user1);
    EntitlementSubject es1 = new OpenSSOGroupSubject(group1.getUniversalId());
    Privilege privilege = Privilege.getNewInstance();
    privilege.setName(PRIVILEGE1_NAME);
    privilege.setEntitlement(ent);
    privilege.setSubject(es1);
    pm.add(privilege);
}
Also used : HashMap(java.util.HashMap) PolicyPrivilegeManager(com.sun.identity.entitlement.opensso.PolicyPrivilegeManager) OpenSSOGroupSubject(com.sun.identity.entitlement.opensso.OpenSSOGroupSubject) ApplicationServiceFactory(org.forgerock.openam.entitlement.service.ApplicationServiceFactory) ResourceTypeService(org.forgerock.openam.entitlement.service.ResourceTypeService) ConstraintValidator(org.forgerock.openam.entitlement.constraints.ConstraintValidator) PolicyPrivilegeManager(com.sun.identity.entitlement.opensso.PolicyPrivilegeManager) BeforeClass(org.testng.annotations.BeforeClass)

Aggregations

PolicyPrivilegeManager (com.sun.identity.entitlement.opensso.PolicyPrivilegeManager)6 HashMap (java.util.HashMap)3 HashSet (java.util.HashSet)3 AfterClass (org.testng.annotations.AfterClass)3 PrivilegeManager (com.sun.identity.entitlement.PrivilegeManager)2 AMIdentity (com.sun.identity.idm.AMIdentity)2 ConstraintValidator (org.forgerock.openam.entitlement.constraints.ConstraintValidator)2 ApplicationServiceFactory (org.forgerock.openam.entitlement.service.ApplicationServiceFactory)2 ResourceTypeService (org.forgerock.openam.entitlement.service.ResourceTypeService)2 BeforeClass (org.testng.annotations.BeforeClass)2 SSOToken (com.iplanet.sso.SSOToken)1 AttributeLookupCondition (com.sun.identity.entitlement.AttributeLookupCondition)1 Entitlement (com.sun.identity.entitlement.Entitlement)1 Privilege (com.sun.identity.entitlement.Privilege)1 UserSubject (com.sun.identity.entitlement.UserSubject)1 OpenSSOGroupSubject (com.sun.identity.entitlement.opensso.OpenSSOGroupSubject)1 OpenSSOUserSubject (com.sun.identity.entitlement.opensso.OpenSSOUserSubject)1 AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)1 Set (java.util.Set)1