use of com.sun.identity.entitlement.xacml3.XACMLExportImport in project OpenAM by OpenRock.
the class ListXACML method getPolicies.
/**
* Uses the Realm and Search Filters to identify all Privileges in the Entitlement
* framework to export.
*
* @throws CLIException If there was an unexpected error.
*/
private void getPolicies() throws CLIException {
FileOutputStream fout = null;
PrintWriter pwout = null;
if (outfile != null) {
try {
fout = new FileOutputStream(outfile, true);
pwout = new PrintWriter(fout, true);
} catch (FileNotFoundException e) {
debugError("ListXACML.handleXACMLPolicyRequest", e);
try {
if (fout != null) {
fout.close();
}
} catch (IOException ex) {
//do nothing
}
throw new CLIException(e, ExitCodes.IO_EXCEPTION);
} catch (SecurityException e) {
debugError("ListXACML.handleXACMLPolicyRequest", e);
try {
if (fout != null) {
fout.close();
}
} catch (IOException ex) {
//do nothing
}
throw new CLIException(e, ExitCodes.IO_EXCEPTION);
}
}
PolicySet policySet = null;
try {
PrivilegeValidator privilegeValidator = new PrivilegeValidator(new RealmValidator(new OrganizationConfigManager(adminSSOToken, "/")));
XACMLExportImport importExport = new XACMLExportImport(new XACMLExportImport.PrivilegeManagerFactory(), new XACMLReaderWriter(), privilegeValidator, new SearchFilterFactory(), PrivilegeManager.debug);
policySet = importExport.exportXACML(realm, adminSubject, filters);
} catch (EntitlementException e) {
String[] args = { realm, e.getMessage() };
debugError("ListXACML.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_GET_POLICY_IN_REALM", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SMSException e) {
String[] args = { realm, e.getMessage() };
debugError("ListXACML.handleRequest", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_GET_POLICY_IN_REALM", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
if (policySet == null || policySet.getPolicySetOrPolicyOrPolicySetIdReference().isEmpty()) {
String[] arg = { realm };
outputWriter.printlnMessage(MessageFormat.format(getResourceString("get-policy-in-realm-no-policies"), (Object[]) arg));
} else {
try {
if (pwout != null) {
pwout.write(XACMLPrivilegeUtils.toXML(policySet));
} else {
outputWriter.printlnMessage(XACMLPrivilegeUtils.toXML(policySet));
}
} catch (EntitlementException e) {
throw new CLIException(e, ExitCodes.IO_EXCEPTION);
}
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_GET_POLICY_IN_REALM", new String[] { realm });
String[] arg = { realm };
outputWriter.printlnMessage(MessageFormat.format(getResourceString("get-policy-in-realm-succeed"), (Object[]) arg));
if (pwout != null) {
try {
pwout.close();
fout.close();
} catch (IOException e) {
//do nothing
}
}
}
}
use of com.sun.identity.entitlement.xacml3.XACMLExportImport in project OpenAM by OpenRock.
the class CreateXACML method handleRequest.
/**
* Services the command line request to import XACML.
*
* Required Arguments:
* realm - Defines the realm the Policies will be imported into.
* xmlfile - References the XACML file from which the Policies should be read.
*
* Optional Arguments:
* dryrun - Optional flag indicates that, rather than carrying out the import,
* a report of anticipated affects should be generated.
* outfile - Optional reference to a file for dryrun report to be written, if not provided
* the dryrun report is written directly to stdout.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
ldapLogin();
SSOToken adminSSOToken = getAdminSSOToken();
Subject adminSubject = SubjectUtils.createSubject(adminSSOToken);
String realm = getStringOptionValue(IArgument.REALM_NAME);
ensureEntitlementServiceActive(adminSubject, realm);
InputStream xacmlInputStream = getXacmlInputStream(realm);
logStart(realm);
if (!XACMLUtils.hasPermission(realm, adminSSOToken, "MODIFY")) {
String errorMessage = MessageFormat.format(getResourceString("permission-denied"), "create-xacml", getAdminID());
CLIException clie = new CLIException(errorMessage, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
logException(realm, clie);
throw clie;
}
List<ImportStep> importSteps;
try {
PrivilegeValidator privilegeValidator = new PrivilegeValidator(new RealmValidator(new OrganizationConfigManager(adminSSOToken, realm)));
XACMLExportImport xacmlExportImport = new XACMLExportImport(new XACMLExportImport.PrivilegeManagerFactory(), new XACMLReaderWriter(), privilegeValidator, new SearchFilterFactory(), PrivilegeManager.debug);
importSteps = xacmlExportImport.importXacml(realm, xacmlInputStream, adminSubject, isDryRun());
} catch (EntitlementException e) {
debugError("CreateXACML.handleRequest", e);
logException(realm, e);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SMSException e) {
debugError("CreateXACML.handleRequest", e);
logException(realm, e);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
if (importSteps.isEmpty()) {
String message = getResourceString("no-policies-provided");
logNothingToImport(realm, message);
getOutputWriter().printlnMessage(message);
} else {
logSuccess(realm);
if (isDryRun()) {
outputDryRunResults(importSteps);
} else {
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("create-policy-in-realm-succeed"), realm));
}
}
}
Aggregations