use of com.sun.identity.entitlement.xacml3.core.Match in project OpenAM by OpenRock.
the class XACMLPrivilegeUtils method resourceNameToMatch.
public static Match resourceNameToMatch(String resourceName, String applicationName) {
if (resourceName == null || resourceName.length() == 0) {
return null;
}
Match match = new Match();
String matchId = XACMLConstants.ENTITLEMENT_RESOURCE_MATCH + ":" + applicationName;
match.setMatchId(matchId);
AttributeValue attributeValue = new AttributeValue();
String dataType = XACMLConstants.XS_STRING;
attributeValue.setDataType(dataType);
attributeValue.getContent().add(resourceName);
AttributeDesignator attributeDesignator = new AttributeDesignator();
String category = XACMLConstants.XACML_RESOURCE_CATEGORY;
attributeDesignator.setCategory(category);
String attributeId = XACMLConstants.XACML_RESOURCE_ID;
attributeDesignator.setAttributeId(attributeId);
String dt = XACMLConstants.XS_STRING;
attributeDesignator.setDataType(dt);
// TOOD: not a constant?
String issuer = XACMLConstants.RESOURCE_ISSUER;
// attributeDesignator.setIssuer(issuer); TODO: verify and fix
boolean mustBePresent = true;
attributeDesignator.setMustBePresent(mustBePresent);
match.setAttributeValue(attributeValue);
match.setAttributeDesignator(attributeDesignator);
return match;
}
use of com.sun.identity.entitlement.xacml3.core.Match in project OpenAM by OpenRock.
the class XACMLPrivilegeUtils method policyToReferral.
public static ReferralPrivilege policyToReferral(Policy policy) throws EntitlementException, JSONException {
String policyId = policy.getPolicyId();
String privilegeName = policyIdToPrivilegeName(policyId);
String description = policy.getDescription();
String createdBy = getVariableById(policy, XACMLConstants.PRIVILEGE_CREATED_BY);
long createdAt = dateStringToLong(getVariableById(policy, XACMLConstants.PRIVILEGE_CREATION_DATE));
String lastModifiedBy = getVariableById(policy, XACMLConstants.PRIVILEGE_LAST_MODIFIED_BY);
long lastModifiedAt = dateStringToLong(getVariableById(policy, XACMLConstants.PRIVILEGE_LAST_MODIFIED_DATE));
List<Match> policyMatches = getAllMatchesFromTarget(policy.getTarget());
JSONObject jo = getRealmsAppsResources(policyMatches);
Set<String> realms = JSONUtils.getSet(jo, "realms");
Map<String, Set<String>> appsResources = JSONUtils.getMapStringSetString(jo, "appsResources");
ReferralPrivilege referral = new ReferralPrivilege(privilegeName, appsResources, realms);
referral.setDescription(description);
referral.setCreatedBy(createdBy);
referral.setCreationDate(createdAt);
referral.setLastModifiedBy(lastModifiedBy);
referral.setLastModifiedDate(lastModifiedAt);
return referral;
}
use of com.sun.identity.entitlement.xacml3.core.Match in project OpenAM by OpenRock.
the class XACMLPrivilegeUtils method getRealmsAppsResources.
static JSONObject getRealmsAppsResources(List<Match> matches) throws JSONException {
if (matches == null) {
return null;
}
JSONObject jo = null;
String jsonString = null;
for (Match match : matches) {
String matchId = match.getMatchId();
if ((matchId != null) && matchId.equals(XACMLConstants.JSON_REALMS_APPS_RESOURCES_MATCH)) {
AttributeValue attributeValue = match.getAttributeValue();
if (attributeValue != null) {
List<Object> contentList = attributeValue.getContent();
if ((contentList != null) && !contentList.isEmpty()) {
Object obj = contentList.get(0);
jsonString = obj.toString();
break;
}
}
}
}
if (jsonString != null) {
jo = new JSONObject(jsonString);
}
return jo;
}
use of com.sun.identity.entitlement.xacml3.core.Match in project OpenAM by OpenRock.
the class XACMLExportImport method exportXACML.
/**
* Performs an export of all Policies found in the Privilege Manager that match the
* provided filters.
*
* @param realm Non null realm.
* @param admin Non null admin subject to authenticate as.
* @param filters Non null, but maybe empty filters to select Privileges against.
* @return A non null but possibly empty collection of Policies.
* @throws EntitlementException If there was any problem with the generation of Policies.
*/
public PolicySet exportXACML(String realm, Subject admin, List<String> filters) throws EntitlementException {
PrivilegeManager pm = privilegeManagerFactory.createReferralPrivilegeManager(realm, admin);
Set<SearchFilter> filterSet = new HashSet<SearchFilter>();
if (filters != null) {
for (String filter : filters) {
SearchFilter searchFilter = searchFilterFactory.getFilter(filter);
message("Export: Search Filter: {0}", searchFilter);
filterSet.add(searchFilter);
}
}
Set<String> privilegeNames = pm.searchNames(filterSet);
message("Export: Privilege Matches {0}", privilegeNames.size());
PrivilegeSet privilegeSet = new PrivilegeSet();
for (String name : privilegeNames) {
Privilege privilege = pm.findByName(name, admin);
message("Export: Privilege {0}", privilege.getName());
privilegeSet.addPrivilege(privilege);
}
PolicySet policySet = xacmlReaderWriter.toXACML(realm, privilegeSet);
message("Export: Complete");
return policySet;
}
use of com.sun.identity.entitlement.xacml3.core.Match in project OpenAM by OpenRock.
the class XACMLPrivilegeUtils method realmsAppsResourcesToAnyOf.
public static AnyOf realmsAppsResourcesToAnyOf(Set<String> realms, Map<String, Set<String>> appsResources) throws JSONException {
AnyOf anyOf = new AnyOf();
List<AllOf> allOfList = anyOf.getAllOf();
AllOf allOf = new AllOf();
allOfList.add(allOf);
List<Match> matchList = allOf.getMatch();
Match match = new Match();
matchList.add(match);
//FIXME
match.setMatchId(XACMLConstants.JSON_REALMS_APPS_RESOURCES_MATCH);
AttributeValue attributeValue = new AttributeValue();
//FIXME
String dataType = XACMLConstants.JSON_REALMS_APPS_RESOURCES_DATATYPE;
attributeValue.setDataType(dataType);
JSONObject jo = new JSONObject();
jo.put("realms", realms);
jo.put("appsResources", appsResources);
attributeValue.getContent().add(jo.toString());
AttributeDesignator attributeDesignator = new AttributeDesignator();
String category = XACMLConstants.REALMS_APPS_RESOURCES_CATEGORY;
attributeDesignator.setCategory(category);
String attributeId = XACMLConstants.JSON_REALMS_APPS_RESOURCES_ID;
attributeDesignator.setAttributeId(attributeId);
attributeDesignator.setDataType(dataType);
boolean mustBePresent = false;
attributeDesignator.setMustBePresent(mustBePresent);
match.setAttributeValue(attributeValue);
match.setAttributeDesignator(attributeDesignator);
return anyOf;
}
Aggregations