Example 1 with PolicyPrivilegeManager
use of com.sun.identity.entitlement.opensso.PolicyPrivilegeManager in project OpenAM by OpenRock.
the class OpenProvisioning method createPolicy.
private void createPolicy(SSOToken adminToken) throws EntitlementException {
PrivilegeManager pMgr = new PolicyPrivilegeManager(applicationServiceFactory, resourceTypeService, constraintValidator);
pMgr.initialize("/", SubjectUtils.createSubject(adminToken));
Map<String, Boolean> actionValues = new HashMap<String, Boolean>();
actionValues.put("CREATE", Boolean.TRUE);
actionValues.put("READ", Boolean.TRUE);
actionValues.put("UPDATE", Boolean.TRUE);
actionValues.put("DELETE", Boolean.TRUE);
Entitlement entitlement = new Entitlement(APPLICATION, "/OP/*", actionValues);
entitlement.setName("openProvisioningPrivilege");
UserSubject sbj = new OpenSSOUserSubject();
sbj.setID(jSmith.getUniversalId());
AttributeLookupCondition cond = new AttributeLookupCondition("$USER.postaladdress", "$RES.postaladdress");
Privilege privilege = Privilege.getNewInstance();
privilege.setName(PRIVILEGE_NAME);
privilege.setEntitlement(entitlement);
privilege.setSubject(sbj);
privilege.setCondition(cond);
pMgr.add(privilege);
}
Also used :
OpenSSOUserSubject(com.sun.identity.entitlement.opensso.OpenSSOUserSubject)
UserSubject(com.sun.identity.entitlement.UserSubject)
AttributeLookupCondition(com.sun.identity.entitlement.AttributeLookupCondition)
HashMap(java.util.HashMap)
PolicyPrivilegeManager(com.sun.identity.entitlement.opensso.PolicyPrivilegeManager)
PrivilegeManager(com.sun.identity.entitlement.PrivilegeManager)
OpenSSOUserSubject(com.sun.identity.entitlement.opensso.OpenSSOUserSubject)
Entitlement(com.sun.identity.entitlement.Entitlement)
Privilege(com.sun.identity.entitlement.Privilege)
PolicyPrivilegeManager(com.sun.identity.entitlement.opensso.PolicyPrivilegeManager)
Example 2 with PolicyPrivilegeManager
use of com.sun.identity.entitlement.opensso.PolicyPrivilegeManager in project OpenAM by OpenRock.
the class TestAttributeEvaluator method cleanup.
@AfterClass
public void cleanup() throws Exception {
if (!migrated) {
return;
}
PrivilegeManager pm = new PolicyPrivilegeManager(applicationServiceFactory, resourceTypeService, constraintValidator);
pm.initialize("/", SubjectUtils.createSubject(adminToken));
pm.remove(PRIVILEGE1_NAME);
IdRepoUtils.deleteIdentity("/", user1);
ApplicationManager.deleteApplication(adminSubject, "/", APPL_NAME);
}
Also used :
PolicyPrivilegeManager(com.sun.identity.entitlement.opensso.PolicyPrivilegeManager)
PolicyPrivilegeManager(com.sun.identity.entitlement.opensso.PolicyPrivilegeManager)
AfterClass(org.testng.annotations.AfterClass)
Example 3 with PolicyPrivilegeManager
use of com.sun.identity.entitlement.opensso.PolicyPrivilegeManager in project OpenAM by OpenRock.
the class TestGroupEvaluator method cleanup.
@AfterClass
public void cleanup() throws Exception {
if (!migrated) {
return;
}
PrivilegeManager pm = new PolicyPrivilegeManager(applicationServiceFactory, resourceTypeService, constraintValidator);
pm.initialize("/", SubjectUtils.createSubject(adminToken));
pm.remove(PRIVILEGE1_NAME);
Set<AMIdentity> identities = new HashSet<AMIdentity>();
identities.add(user1);
identities.add(group1);
IdRepoUtils.deleteIdentities("/", identities);
ApplicationManager.deleteApplication(adminSubject, "/", APPL_NAME);
}
Also used :
PolicyPrivilegeManager(com.sun.identity.entitlement.opensso.PolicyPrivilegeManager)
AMIdentity(com.sun.identity.idm.AMIdentity)
PolicyPrivilegeManager(com.sun.identity.entitlement.opensso.PolicyPrivilegeManager)
HashSet(java.util.HashSet)
AfterClass(org.testng.annotations.AfterClass)
Example 4 with PolicyPrivilegeManager
use of com.sun.identity.entitlement.opensso.PolicyPrivilegeManager in project OpenAM by OpenRock.
the class TestAttributeEvaluator method setup.
@BeforeClass
public void setup() throws Exception {
if (!migrated) {
return;
}
resourceTypeService = Mockito.mock(ResourceTypeService.class);
constraintValidator = Mockito.mock(ConstraintValidator.class);
applicationServiceFactory = Mockito.mock(ApplicationServiceFactory.class);
Application appl = new Application(APPL_NAME, ApplicationTypeManager.getAppplicationType(adminSubject, ApplicationTypeManager.URL_APPLICATION_TYPE_NAME));
// Test disabled, unable to fix model change
// Set<String> avaliableResources = new HashSet<String>();
// avaliableResources.add("http://www.testevaluator.com:80/*");
// appl.addResources(avaliableResources);
appl.setEntitlementCombiner(DenyOverride.class);
ApplicationManager.saveApplication(adminSubject, "/", appl);
PrivilegeManager pm = new PolicyPrivilegeManager(applicationServiceFactory, resourceTypeService, constraintValidator);
pm.initialize("/", adminSubject);
Map<String, Boolean> actions = new HashMap<String, Boolean>();
actions.put("GET", Boolean.TRUE);
Entitlement ent = new Entitlement(APPL_NAME, URL1, actions);
Map<String, Set<String>> attrValues = new HashMap<String, Set<String>>();
Set<String> set = new HashSet<String>();
set.add(attrValue);
attrValues.put(attrName, set);
user1 = IdRepoUtils.createUser("/", USER1_NAME, attrValues);
AttributeSubject as = new AttributeSubject(attrName, attrValue);
EntitlementSubject es1 = as;
Privilege privilege = Privilege.getNewInstance();
privilege.setName(PRIVILEGE1_NAME);
privilege.setEntitlement(ent);
privilege.setSubject(es1);
pm.add(privilege);
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
HashMap(java.util.HashMap)
PolicyPrivilegeManager(com.sun.identity.entitlement.opensso.PolicyPrivilegeManager)
ApplicationServiceFactory(org.forgerock.openam.entitlement.service.ApplicationServiceFactory)
ResourceTypeService(org.forgerock.openam.entitlement.service.ResourceTypeService)
ConstraintValidator(org.forgerock.openam.entitlement.constraints.ConstraintValidator)
PolicyPrivilegeManager(com.sun.identity.entitlement.opensso.PolicyPrivilegeManager)
HashSet(java.util.HashSet)
BeforeClass(org.testng.annotations.BeforeClass)
Example 5 with PolicyPrivilegeManager
use of com.sun.identity.entitlement.opensso.PolicyPrivilegeManager in project OpenAM by OpenRock.
the class TestGroupEvaluator method setup.
@BeforeClass
public void setup() throws Exception {
if (!migrated) {
return;
}
resourceTypeService = Mockito.mock(ResourceTypeService.class);
constraintValidator = Mockito.mock(ConstraintValidator.class);
applicationServiceFactory = Mockito.mock(ApplicationServiceFactory.class);
Application appl = new Application(APPL_NAME, ApplicationTypeManager.getAppplicationType(adminSubject, ApplicationTypeManager.URL_APPLICATION_TYPE_NAME));
// Test disabled, unable to fix model change
// Set<String> avaliableResources = new HashSet<String>();
// avaliableResources.add("http://www.testevaluator.com:80/*");
// appl.addResources(avaliableResources);
appl.setEntitlementCombiner(DenyOverride.class);
ApplicationManager.saveApplication(adminSubject, "/", appl);
PrivilegeManager pm = new PolicyPrivilegeManager(applicationServiceFactory, resourceTypeService, constraintValidator);
pm.initialize("/", adminSubject);
Map<String, Boolean> actions = new HashMap<String, Boolean>();
actions.put("GET", Boolean.TRUE);
Entitlement ent = new Entitlement(APPL_NAME, URL1, actions);
user1 = IdRepoUtils.createUser("/", USER1_NAME);
group1 = IdRepoUtils.createGroup("/", GROUP1_NAME);
group1.addMember(user1);
EntitlementSubject es1 = new OpenSSOGroupSubject(group1.getUniversalId());
Privilege privilege = Privilege.getNewInstance();
privilege.setName(PRIVILEGE1_NAME);
privilege.setEntitlement(ent);
privilege.setSubject(es1);
pm.add(privilege);
}
Also used :
HashMap(java.util.HashMap)
PolicyPrivilegeManager(com.sun.identity.entitlement.opensso.PolicyPrivilegeManager)
OpenSSOGroupSubject(com.sun.identity.entitlement.opensso.OpenSSOGroupSubject)
ApplicationServiceFactory(org.forgerock.openam.entitlement.service.ApplicationServiceFactory)
ResourceTypeService(org.forgerock.openam.entitlement.service.ResourceTypeService)
ConstraintValidator(org.forgerock.openam.entitlement.constraints.ConstraintValidator)
PolicyPrivilegeManager(com.sun.identity.entitlement.opensso.PolicyPrivilegeManager)
BeforeClass(org.testng.annotations.BeforeClass)
Aggregations
PolicyPrivilegeManager (com.sun.identity.entitlement.opensso.PolicyPrivilegeManager)6
HashMap (java.util.HashMap)3
HashSet (java.util.HashSet)3
AfterClass (org.testng.annotations.AfterClass)3
PrivilegeManager (com.sun.identity.entitlement.PrivilegeManager)2
AMIdentity (com.sun.identity.idm.AMIdentity)2
ConstraintValidator (org.forgerock.openam.entitlement.constraints.ConstraintValidator)2
ApplicationServiceFactory (org.forgerock.openam.entitlement.service.ApplicationServiceFactory)2
ResourceTypeService (org.forgerock.openam.entitlement.service.ResourceTypeService)2
BeforeClass (org.testng.annotations.BeforeClass)2
SSOToken (com.iplanet.sso.SSOToken)1
AttributeLookupCondition (com.sun.identity.entitlement.AttributeLookupCondition)1
Entitlement (com.sun.identity.entitlement.Entitlement)1
Privilege (com.sun.identity.entitlement.Privilege)1
UserSubject (com.sun.identity.entitlement.UserSubject)1
OpenSSOGroupSubject (com.sun.identity.entitlement.opensso.OpenSSOGroupSubject)1
OpenSSOUserSubject (com.sun.identity.entitlement.opensso.OpenSSOUserSubject)1
AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)1
Set (java.util.Set)1
