use of com.sun.identity.entitlement.xacml3.core.Policy in project OpenAM by OpenRock.
the class CreateXACML method handleRequest.
/**
* Services the command line request to import XACML.
*
* Required Arguments:
* realm - Defines the realm the Policies will be imported into.
* xmlfile - References the XACML file from which the Policies should be read.
*
* Optional Arguments:
* dryrun - Optional flag indicates that, rather than carrying out the import,
* a report of anticipated affects should be generated.
* outfile - Optional reference to a file for dryrun report to be written, if not provided
* the dryrun report is written directly to stdout.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
ldapLogin();
SSOToken adminSSOToken = getAdminSSOToken();
Subject adminSubject = SubjectUtils.createSubject(adminSSOToken);
String realm = getStringOptionValue(IArgument.REALM_NAME);
ensureEntitlementServiceActive(adminSubject, realm);
InputStream xacmlInputStream = getXacmlInputStream(realm);
logStart(realm);
if (!XACMLUtils.hasPermission(realm, adminSSOToken, "MODIFY")) {
String errorMessage = MessageFormat.format(getResourceString("permission-denied"), "create-xacml", getAdminID());
CLIException clie = new CLIException(errorMessage, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
logException(realm, clie);
throw clie;
}
List<ImportStep> importSteps;
try {
PrivilegeValidator privilegeValidator = new PrivilegeValidator(new RealmValidator(new OrganizationConfigManager(adminSSOToken, realm)));
XACMLExportImport xacmlExportImport = new XACMLExportImport(new XACMLExportImport.PrivilegeManagerFactory(), new XACMLReaderWriter(), privilegeValidator, new SearchFilterFactory(), PrivilegeManager.debug);
importSteps = xacmlExportImport.importXacml(realm, xacmlInputStream, adminSubject, isDryRun());
} catch (EntitlementException e) {
debugError("CreateXACML.handleRequest", e);
logException(realm, e);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SMSException e) {
debugError("CreateXACML.handleRequest", e);
logException(realm, e);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
if (importSteps.isEmpty()) {
String message = getResourceString("no-policies-provided");
logNothingToImport(realm, message);
getOutputWriter().printlnMessage(message);
} else {
logSuccess(realm);
if (isDryRun()) {
outputDryRunResults(importSteps);
} else {
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("create-policy-in-realm-succeed"), realm));
}
}
}
use of com.sun.identity.entitlement.xacml3.core.Policy in project OpenAM by OpenRock.
the class XACMLPrivilegeUtils method policiesToPolicySetInternal.
private static PolicySet policiesToPolicySetInternal(String realm, Set<Policy> policies) throws JAXBException {
PolicySet policySet = new PolicySet();
SimpleDateFormat sdf = new SimpleDateFormat("yyyy.MM.dd.HH.mm.ss.SSS");
sdf.setTimeZone(TimeZone.getTimeZone("GMT"));
String currentTime = sdf.format(System.currentTimeMillis());
String policySetId = realm + ":" + currentTime;
policySet.setPolicySetId(policySetId);
Version version = new Version();
version.setValue(sdf.format(System.currentTimeMillis()));
policySet.setVersion(version);
// FIXME: is there a better choice?
// policySet could contain policies for different applications
policySet.setPolicyCombiningAlgId(XACMLConstants.XACML_RULE_DENY_OVERRIDES);
Target target = new Target();
policySet.setVersion(version);
policySet.setTarget(target);
JAXBContext jaxbContext = JAXBContext.newInstance(XACMLConstants.XACML3_CORE_PKG);
List<JAXBElement<?>> pList = policySet.getPolicySetOrPolicyOrPolicySetIdReference();
if (policies != null) {
for (Policy policy : policies) {
JAXBElement<Policy> policyElement = objectFactory.createPolicy(policy);
pList.add(policyElement);
}
}
return policySet;
}
use of com.sun.identity.entitlement.xacml3.core.Policy in project OpenAM by OpenRock.
the class XACMLPrivilegeUtils method getEntitlementConditionFromPolicy.
static EntitlementCondition getEntitlementConditionFromPolicy(Policy policy) throws EntitlementException {
if (policy == null) {
return null;
}
List<Rule> rules = getRules(policy);
if (rules == null) {
return null;
}
EntitlementCondition ec = null;
for (Rule rule : rules) {
Condition condition = rule.getCondition();
JAXBElement jaxbElement = condition.getExpression();
if (jaxbElement.getDeclaredType().equals(Apply.class)) {
Apply apply = (Apply) jaxbElement.getValue();
String functionId = apply.getFunctionId();
if (XACMLConstants.JSON_SUBJECT_AND_CONDITION_SATISFIED.equals(functionId)) {
List<JAXBElement<?>> expressionList = apply.getExpression();
for (JAXBElement jaxe : expressionList) {
if (jaxe.getDeclaredType().equals(AttributeValue.class)) {
AttributeValue av = (AttributeValue) jaxe.getValue();
String dataType = av.getDataType();
if (dataType.startsWith(XACMLConstants.JSON_CONDITION_DATATYPE)) {
List<Object> valueList = av.getContent();
String value = null;
if (valueList != null) {
for (Object ob : valueList) {
if (ob instanceof String) {
value = (String) ob;
break;
}
}
}
if (value != null) {
ec = createEntitlementCondition(dataType, value);
}
}
}
}
}
if (ec != null) {
break;
}
}
}
return ec;
}
use of com.sun.identity.entitlement.xacml3.core.Policy in project OpenAM by OpenRock.
the class XACMLPrivilegeUtils method toXML.
public static String toXML(Policy policy) {
if (policy == null) {
return "";
}
StringWriter stringWriter = new StringWriter();
try {
JAXBContext jaxbContext = JAXBContext.newInstance(XACMLConstants.XACML3_CORE_PKG);
JAXBElement<Policy> policyElement = objectFactory.createPolicy(policy);
Marshaller marshaller = jaxbContext.createMarshaller();
marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
marshaller.marshal(policyElement, stringWriter);
} catch (JAXBException je) {
//TOODO: handle, propogate exception
PrivilegeManager.debug.error("JAXBException while mapping privilege to policy:", je);
}
return stringWriter.toString();
}
use of com.sun.identity.entitlement.xacml3.core.Policy in project OpenAM by OpenRock.
the class XACMLPrivilegeUtils method toXML.
public static String toXML(PolicySet policySet) throws EntitlementException {
if (policySet == null) {
return "";
}
StringWriter stringWriter = new StringWriter();
try {
JAXBContext jaxbContext = JAXBContext.newInstance(XACMLConstants.XACML3_CORE_PKG);
JAXBElement<PolicySet> policySetElement = objectFactory.createPolicySet(policySet);
Marshaller marshaller = jaxbContext.createMarshaller();
marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
marshaller.marshal(policySetElement, stringWriter);
} catch (JAXBException je) {
PrivilegeManager.debug.error("JAXBException while mapping privilege to policy:", je);
throw new EntitlementException(EntitlementException.UNABLE_TO_SERIALIZE_OBJECT, je);
}
return stringWriter.toString();
}
Aggregations