Examples with Policy - com.sun.identity.entitlement.xacml3.core.Policy

Example 16 with Policy

use of com.sun.identity.entitlement.xacml3.core.Policy in project OpenAM by OpenRock.

the class CreateXACML method handleRequest.

/**
     * Services the command line request to import XACML.
     *
     * Required Arguments:
     * realm - Defines the realm the Policies will be imported into.
     * xmlfile - References the XACML file from which the Policies should be read.
     *
     * Optional Arguments:
     * dryrun - Optional flag indicates that, rather than carrying out the import,
     *          a report of anticipated affects should be generated.
     * outfile - Optional reference to a file for dryrun report to be written, if not provided
     *         the dryrun report is written directly to stdout.
     *
     * @param rc Request Context.
     * @throws CLIException if the request cannot serviced.
     */
public void handleRequest(RequestContext rc) throws CLIException {
    super.handleRequest(rc);
    ldapLogin();
    SSOToken adminSSOToken = getAdminSSOToken();
    Subject adminSubject = SubjectUtils.createSubject(adminSSOToken);
    String realm = getStringOptionValue(IArgument.REALM_NAME);
    ensureEntitlementServiceActive(adminSubject, realm);
    InputStream xacmlInputStream = getXacmlInputStream(realm);
    logStart(realm);
    if (!XACMLUtils.hasPermission(realm, adminSSOToken, "MODIFY")) {
        String errorMessage = MessageFormat.format(getResourceString("permission-denied"), "create-xacml", getAdminID());
        CLIException clie = new CLIException(errorMessage, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        logException(realm, clie);
        throw clie;
    }
    List<ImportStep> importSteps;
    try {
        PrivilegeValidator privilegeValidator = new PrivilegeValidator(new RealmValidator(new OrganizationConfigManager(adminSSOToken, realm)));
        XACMLExportImport xacmlExportImport = new XACMLExportImport(new XACMLExportImport.PrivilegeManagerFactory(), new XACMLReaderWriter(), privilegeValidator, new SearchFilterFactory(), PrivilegeManager.debug);
        importSteps = xacmlExportImport.importXacml(realm, xacmlInputStream, adminSubject, isDryRun());
    } catch (EntitlementException e) {
        debugError("CreateXACML.handleRequest", e);
        logException(realm, e);
        throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (SMSException e) {
        debugError("CreateXACML.handleRequest", e);
        logException(realm, e);
        throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }
    if (importSteps.isEmpty()) {
        String message = getResourceString("no-policies-provided");
        logNothingToImport(realm, message);
        getOutputWriter().printlnMessage(message);
    } else {
        logSuccess(realm);
        if (isDryRun()) {
            outputDryRunResults(importSteps);
        } else {
            getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("create-policy-in-realm-succeed"), realm));
        }
    }
}

Also used : SSOToken(com.iplanet.sso.SSOToken) SearchFilterFactory(com.sun.identity.entitlement.xacml3.SearchFilterFactory) SMSException(com.sun.identity.sm.SMSException) ByteArrayInputStream(java.io.ByteArrayInputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) XACMLExportImport(com.sun.identity.entitlement.xacml3.XACMLExportImport) Subject(javax.security.auth.Subject) ImportStep(com.sun.identity.entitlement.xacml3.XACMLExportImport.ImportStep) PrivilegeValidator(com.sun.identity.entitlement.xacml3.validation.PrivilegeValidator) EntitlementException(com.sun.identity.entitlement.EntitlementException) OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager) CLIException(com.sun.identity.cli.CLIException) RealmValidator(com.sun.identity.entitlement.xacml3.validation.RealmValidator) XACMLReaderWriter(com.sun.identity.entitlement.xacml3.XACMLReaderWriter)

Example 17 with Policy

use of com.sun.identity.entitlement.xacml3.core.Policy in project OpenAM by OpenRock.

the class XACMLPrivilegeUtils method policiesToPolicySetInternal.

private static PolicySet policiesToPolicySetInternal(String realm, Set<Policy> policies) throws JAXBException {
    PolicySet policySet = new PolicySet();
    SimpleDateFormat sdf = new SimpleDateFormat("yyyy.MM.dd.HH.mm.ss.SSS");
    sdf.setTimeZone(TimeZone.getTimeZone("GMT"));
    String currentTime = sdf.format(System.currentTimeMillis());
    String policySetId = realm + ":" + currentTime;
    policySet.setPolicySetId(policySetId);
    Version version = new Version();
    version.setValue(sdf.format(System.currentTimeMillis()));
    policySet.setVersion(version);
    // FIXME: is there a better choice?
    // policySet could contain policies for different applications
    policySet.setPolicyCombiningAlgId(XACMLConstants.XACML_RULE_DENY_OVERRIDES);
    Target target = new Target();
    policySet.setVersion(version);
    policySet.setTarget(target);
    JAXBContext jaxbContext = JAXBContext.newInstance(XACMLConstants.XACML3_CORE_PKG);
    List<JAXBElement<?>> pList = policySet.getPolicySetOrPolicyOrPolicySetIdReference();
    if (policies != null) {
        for (Policy policy : policies) {
            JAXBElement<Policy> policyElement = objectFactory.createPolicy(policy);
            pList.add(policyElement);
        }
    }
    return policySet;
}

Also used : Policy(com.sun.identity.entitlement.xacml3.core.Policy) Target(com.sun.identity.entitlement.xacml3.core.Target) Version(com.sun.identity.entitlement.xacml3.core.Version) JAXBContext(javax.xml.bind.JAXBContext) JAXBElement(javax.xml.bind.JAXBElement) SimpleDateFormat(java.text.SimpleDateFormat) PolicySet(com.sun.identity.entitlement.xacml3.core.PolicySet)

Example 18 with Policy

use of com.sun.identity.entitlement.xacml3.core.Policy in project OpenAM by OpenRock.

the class XACMLPrivilegeUtils method getEntitlementConditionFromPolicy.

static EntitlementCondition getEntitlementConditionFromPolicy(Policy policy) throws EntitlementException {
    if (policy == null) {
        return null;
    }
    List<Rule> rules = getRules(policy);
    if (rules == null) {
        return null;
    }
    EntitlementCondition ec = null;
    for (Rule rule : rules) {
        Condition condition = rule.getCondition();
        JAXBElement jaxbElement = condition.getExpression();
        if (jaxbElement.getDeclaredType().equals(Apply.class)) {
            Apply apply = (Apply) jaxbElement.getValue();
            String functionId = apply.getFunctionId();
            if (XACMLConstants.JSON_SUBJECT_AND_CONDITION_SATISFIED.equals(functionId)) {
                List<JAXBElement<?>> expressionList = apply.getExpression();
                for (JAXBElement jaxe : expressionList) {
                    if (jaxe.getDeclaredType().equals(AttributeValue.class)) {
                        AttributeValue av = (AttributeValue) jaxe.getValue();
                        String dataType = av.getDataType();
                        if (dataType.startsWith(XACMLConstants.JSON_CONDITION_DATATYPE)) {
                            List<Object> valueList = av.getContent();
                            String value = null;
                            if (valueList != null) {
                                for (Object ob : valueList) {
                                    if (ob instanceof String) {
                                        value = (String) ob;
                                        break;
                                    }
                                }
                            }
                            if (value != null) {
                                ec = createEntitlementCondition(dataType, value);
                            }
                        }
                    }
                }
            }
            if (ec != null) {
                break;
            }
        }
    }
    return ec;
}

Also used : EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition) Condition(com.sun.identity.entitlement.xacml3.core.Condition) EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition) AttributeValue(com.sun.identity.entitlement.xacml3.core.AttributeValue) Apply(com.sun.identity.entitlement.xacml3.core.Apply) JSONObject(org.json.JSONObject) Rule(com.sun.identity.entitlement.xacml3.core.Rule) JAXBElement(javax.xml.bind.JAXBElement)

Example 19 with Policy

use of com.sun.identity.entitlement.xacml3.core.Policy in project OpenAM by OpenRock.

the class XACMLPrivilegeUtils method toXML.

public static String toXML(Policy policy) {
    if (policy == null) {
        return "";
    }
    StringWriter stringWriter = new StringWriter();
    try {
        JAXBContext jaxbContext = JAXBContext.newInstance(XACMLConstants.XACML3_CORE_PKG);
        JAXBElement<Policy> policyElement = objectFactory.createPolicy(policy);
        Marshaller marshaller = jaxbContext.createMarshaller();
        marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
        marshaller.marshal(policyElement, stringWriter);
    } catch (JAXBException je) {
        //TOODO: handle, propogate exception
        PrivilegeManager.debug.error("JAXBException while mapping privilege to policy:", je);
    }
    return stringWriter.toString();
}

Also used : Policy(com.sun.identity.entitlement.xacml3.core.Policy) Marshaller(javax.xml.bind.Marshaller) StringWriter(java.io.StringWriter) JAXBException(javax.xml.bind.JAXBException) JAXBContext(javax.xml.bind.JAXBContext)

Example 20 with Policy

use of com.sun.identity.entitlement.xacml3.core.Policy in project OpenAM by OpenRock.

the class XACMLPrivilegeUtils method toXML.

public static String toXML(PolicySet policySet) throws EntitlementException {
    if (policySet == null) {
        return "";
    }
    StringWriter stringWriter = new StringWriter();
    try {
        JAXBContext jaxbContext = JAXBContext.newInstance(XACMLConstants.XACML3_CORE_PKG);
        JAXBElement<PolicySet> policySetElement = objectFactory.createPolicySet(policySet);
        Marshaller marshaller = jaxbContext.createMarshaller();
        marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
        marshaller.marshal(policySetElement, stringWriter);
    } catch (JAXBException je) {
        PrivilegeManager.debug.error("JAXBException while mapping privilege to policy:", je);
        throw new EntitlementException(EntitlementException.UNABLE_TO_SERIALIZE_OBJECT, je);
    }
    return stringWriter.toString();
}

Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) Marshaller(javax.xml.bind.Marshaller) StringWriter(java.io.StringWriter) JAXBException(javax.xml.bind.JAXBException) JAXBContext(javax.xml.bind.JAXBContext) PolicySet(com.sun.identity.entitlement.xacml3.core.PolicySet)

Aggregations

Policy (com.sun.identity.entitlement.xacml3.core.Policy)20 PolicySet (com.sun.identity.entitlement.xacml3.core.PolicySet)12 ReferralPrivilege (com.sun.identity.entitlement.ReferralPrivilege)11 Test (org.testng.annotations.Test)8 JAXBContext (javax.xml.bind.JAXBContext)7 JAXBElement (javax.xml.bind.JAXBElement)7 JSONObject (org.json.JSONObject)7 Privilege (com.sun.identity.entitlement.Privilege)6 AttributeValue (com.sun.identity.entitlement.xacml3.core.AttributeValue)6 Rule (com.sun.identity.entitlement.xacml3.core.Rule)6 EntitlementException (com.sun.identity.entitlement.EntitlementException)5 HashSet (java.util.HashSet)5 EntitlementCondition (com.sun.identity.entitlement.EntitlementCondition)4 Target (com.sun.identity.entitlement.xacml3.core.Target)4 EntitlementSubject (com.sun.identity.entitlement.EntitlementSubject)3 XACMLOpenSSOPrivilege (com.sun.identity.entitlement.opensso.XACMLOpenSSOPrivilege)3 Condition (com.sun.identity.entitlement.xacml3.core.Condition)3 Match (com.sun.identity.entitlement.xacml3.core.Match)3 VariableDefinition (com.sun.identity.entitlement.xacml3.core.VariableDefinition)3 Version (com.sun.identity.entitlement.xacml3.core.Version)3