use of com.sun.identity.entitlement.opensso.PolicyPrivilegeManager in project OpenAM by OpenRock.
the class OpenProvisioning method createPolicy.
private void createPolicy(SSOToken adminToken) throws EntitlementException {
PrivilegeManager pMgr = new PolicyPrivilegeManager(applicationServiceFactory, resourceTypeService, constraintValidator);
pMgr.initialize("/", SubjectUtils.createSubject(adminToken));
Map<String, Boolean> actionValues = new HashMap<String, Boolean>();
actionValues.put("CREATE", Boolean.TRUE);
actionValues.put("READ", Boolean.TRUE);
actionValues.put("UPDATE", Boolean.TRUE);
actionValues.put("DELETE", Boolean.TRUE);
Entitlement entitlement = new Entitlement(APPLICATION, "/OP/*", actionValues);
entitlement.setName("openProvisioningPrivilege");
UserSubject sbj = new OpenSSOUserSubject();
sbj.setID(jSmith.getUniversalId());
AttributeLookupCondition cond = new AttributeLookupCondition("$USER.postaladdress", "$RES.postaladdress");
Privilege privilege = Privilege.getNewInstance();
privilege.setName(PRIVILEGE_NAME);
privilege.setEntitlement(entitlement);
privilege.setSubject(sbj);
privilege.setCondition(cond);
pMgr.add(privilege);
}
use of com.sun.identity.entitlement.opensso.PolicyPrivilegeManager in project OpenAM by OpenRock.
the class TestAttributeEvaluator method cleanup.
@AfterClass
public void cleanup() throws Exception {
if (!migrated) {
return;
}
PrivilegeManager pm = new PolicyPrivilegeManager(applicationServiceFactory, resourceTypeService, constraintValidator);
pm.initialize("/", SubjectUtils.createSubject(adminToken));
pm.remove(PRIVILEGE1_NAME);
IdRepoUtils.deleteIdentity("/", user1);
ApplicationManager.deleteApplication(adminSubject, "/", APPL_NAME);
}
use of com.sun.identity.entitlement.opensso.PolicyPrivilegeManager in project OpenAM by OpenRock.
the class TestGroupEvaluator method cleanup.
@AfterClass
public void cleanup() throws Exception {
if (!migrated) {
return;
}
PrivilegeManager pm = new PolicyPrivilegeManager(applicationServiceFactory, resourceTypeService, constraintValidator);
pm.initialize("/", SubjectUtils.createSubject(adminToken));
pm.remove(PRIVILEGE1_NAME);
Set<AMIdentity> identities = new HashSet<AMIdentity>();
identities.add(user1);
identities.add(group1);
IdRepoUtils.deleteIdentities("/", identities);
ApplicationManager.deleteApplication(adminSubject, "/", APPL_NAME);
}
use of com.sun.identity.entitlement.opensso.PolicyPrivilegeManager in project OpenAM by OpenRock.
the class TestAttributeEvaluator method setup.
@BeforeClass
public void setup() throws Exception {
if (!migrated) {
return;
}
resourceTypeService = Mockito.mock(ResourceTypeService.class);
constraintValidator = Mockito.mock(ConstraintValidator.class);
applicationServiceFactory = Mockito.mock(ApplicationServiceFactory.class);
Application appl = new Application(APPL_NAME, ApplicationTypeManager.getAppplicationType(adminSubject, ApplicationTypeManager.URL_APPLICATION_TYPE_NAME));
// Test disabled, unable to fix model change
// Set<String> avaliableResources = new HashSet<String>();
// avaliableResources.add("http://www.testevaluator.com:80/*");
// appl.addResources(avaliableResources);
appl.setEntitlementCombiner(DenyOverride.class);
ApplicationManager.saveApplication(adminSubject, "/", appl);
PrivilegeManager pm = new PolicyPrivilegeManager(applicationServiceFactory, resourceTypeService, constraintValidator);
pm.initialize("/", adminSubject);
Map<String, Boolean> actions = new HashMap<String, Boolean>();
actions.put("GET", Boolean.TRUE);
Entitlement ent = new Entitlement(APPL_NAME, URL1, actions);
Map<String, Set<String>> attrValues = new HashMap<String, Set<String>>();
Set<String> set = new HashSet<String>();
set.add(attrValue);
attrValues.put(attrName, set);
user1 = IdRepoUtils.createUser("/", USER1_NAME, attrValues);
AttributeSubject as = new AttributeSubject(attrName, attrValue);
EntitlementSubject es1 = as;
Privilege privilege = Privilege.getNewInstance();
privilege.setName(PRIVILEGE1_NAME);
privilege.setEntitlement(ent);
privilege.setSubject(es1);
pm.add(privilege);
}
use of com.sun.identity.entitlement.opensso.PolicyPrivilegeManager in project OpenAM by OpenRock.
the class TestGroupEvaluator method setup.
@BeforeClass
public void setup() throws Exception {
if (!migrated) {
return;
}
resourceTypeService = Mockito.mock(ResourceTypeService.class);
constraintValidator = Mockito.mock(ConstraintValidator.class);
applicationServiceFactory = Mockito.mock(ApplicationServiceFactory.class);
Application appl = new Application(APPL_NAME, ApplicationTypeManager.getAppplicationType(adminSubject, ApplicationTypeManager.URL_APPLICATION_TYPE_NAME));
// Test disabled, unable to fix model change
// Set<String> avaliableResources = new HashSet<String>();
// avaliableResources.add("http://www.testevaluator.com:80/*");
// appl.addResources(avaliableResources);
appl.setEntitlementCombiner(DenyOverride.class);
ApplicationManager.saveApplication(adminSubject, "/", appl);
PrivilegeManager pm = new PolicyPrivilegeManager(applicationServiceFactory, resourceTypeService, constraintValidator);
pm.initialize("/", adminSubject);
Map<String, Boolean> actions = new HashMap<String, Boolean>();
actions.put("GET", Boolean.TRUE);
Entitlement ent = new Entitlement(APPL_NAME, URL1, actions);
user1 = IdRepoUtils.createUser("/", USER1_NAME);
group1 = IdRepoUtils.createGroup("/", GROUP1_NAME);
group1.addMember(user1);
EntitlementSubject es1 = new OpenSSOGroupSubject(group1.getUniversalId());
Privilege privilege = Privilege.getNewInstance();
privilege.setName(PRIVILEGE1_NAME);
privilege.setEntitlement(ent);
privilege.setSubject(es1);
pm.add(privilege);
}
Aggregations