Example 6 with Rule
use of com.sun.identity.entitlement.xacml3.core.Rule in project OpenAM by OpenRock.
the class XACMLPrivilegeUtils method policyToPrivilege.
public static Privilege policyToPrivilege(Policy policy) throws EntitlementException {
String policyId = policy.getPolicyId();
String privilegeName = policyIdToPrivilegeName(policyId);
String description = policy.getDescription();
String createdBy = getVariableById(policy, XACMLConstants.PRIVILEGE_CREATED_BY);
long createdAt = dateStringToLong(getVariableById(policy, XACMLConstants.PRIVILEGE_CREATION_DATE));
String lastModifiedBy = getVariableById(policy, XACMLConstants.PRIVILEGE_LAST_MODIFIED_BY);
long lastModifiedAt = dateStringToLong(getVariableById(policy, XACMLConstants.PRIVILEGE_LAST_MODIFIED_DATE));
String entitlementName = getVariableById(policy, XACMLConstants.ENTITLEMENT_NAME);
String applicationName = getVariableById(policy, XACMLConstants.APPLICATION_NAME);
List<Match> policyMatches = getAllMatchesFromTarget(policy.getTarget());
Set<String> resourceNames = getResourceNamesFromMatches(policyMatches);
Map<String, Boolean> actionValues = getActionValuesFromPolicy(policy);
EntitlementSubject es = getEntitlementSubjectFromPolicy(policy);
EntitlementCondition ec = getEntitlementConditionFromPolicy(policy);
/*
* Construct entitlement from Rule target
* Get resource names, excluded resource names, action names from Rule Match element
* One Match for Action
* One Rule per value
*/
Entitlement entitlement = new Entitlement(applicationName, resourceNames, actionValues);
if (entitlementName != null) {
entitlement.setName(entitlementName);
}
// Process AdviceExpressions from Export into ResourceAttributes
Set<ResourceAttribute> ras = schemaFactory.adviceExpressionsToResourceAttributes(policy.getAdviceExpressions());
Privilege privilege = new XACMLOpenSSOPrivilege();
privilege.setName(privilegeName);
privilege.setDescription(description);
privilege.setCreatedBy(createdBy);
privilege.setCreationDate(createdAt);
privilege.setLastModifiedBy(lastModifiedBy);
privilege.setLastModifiedDate(lastModifiedAt);
privilege.setEntitlement(entitlement);
privilege.setSubject(es);
privilege.setCondition(ec);
privilege.setResourceAttributes(ras);
return privilege;
}
Also used :
EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition)
Match(com.sun.identity.entitlement.xacml3.core.Match)
EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject)
XACMLOpenSSOPrivilege(com.sun.identity.entitlement.opensso.XACMLOpenSSOPrivilege)
Entitlement(com.sun.identity.entitlement.Entitlement)
ResourceAttribute(com.sun.identity.entitlement.ResourceAttribute)
XACMLOpenSSOPrivilege(com.sun.identity.entitlement.opensso.XACMLOpenSSOPrivilege)
Privilege(com.sun.identity.entitlement.Privilege)
ReferralPrivilege(com.sun.identity.entitlement.ReferralPrivilege)
Example 7 with Rule
use of com.sun.identity.entitlement.xacml3.core.Rule in project OpenAM by OpenRock.
the class XACMLPrivilegeUtils method getEntitlementConditionFromPolicy.
static EntitlementCondition getEntitlementConditionFromPolicy(Policy policy) throws EntitlementException {
if (policy == null) {
return null;
}
List<Rule> rules = getRules(policy);
if (rules == null) {
return null;
}
EntitlementCondition ec = null;
for (Rule rule : rules) {
Condition condition = rule.getCondition();
JAXBElement jaxbElement = condition.getExpression();
if (jaxbElement.getDeclaredType().equals(Apply.class)) {
Apply apply = (Apply) jaxbElement.getValue();
String functionId = apply.getFunctionId();
if (XACMLConstants.JSON_SUBJECT_AND_CONDITION_SATISFIED.equals(functionId)) {
List<JAXBElement<?>> expressionList = apply.getExpression();
for (JAXBElement jaxe : expressionList) {
if (jaxe.getDeclaredType().equals(AttributeValue.class)) {
AttributeValue av = (AttributeValue) jaxe.getValue();
String dataType = av.getDataType();
if (dataType.startsWith(XACMLConstants.JSON_CONDITION_DATATYPE)) {
List<Object> valueList = av.getContent();
String value = null;
if (valueList != null) {
for (Object ob : valueList) {
if (ob instanceof String) {
value = (String) ob;
break;
}
}
}
if (value != null) {
ec = createEntitlementCondition(dataType, value);
}
}
}
}
}
if (ec != null) {
break;
}
}
}
return ec;
}
Also used :
EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition)
Condition(com.sun.identity.entitlement.xacml3.core.Condition)
EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition)
AttributeValue(com.sun.identity.entitlement.xacml3.core.AttributeValue)
Apply(com.sun.identity.entitlement.xacml3.core.Apply)
JSONObject(org.json.JSONObject)
Rule(com.sun.identity.entitlement.xacml3.core.Rule)
JAXBElement(javax.xml.bind.JAXBElement)
Aggregations
Rule (com.sun.identity.entitlement.xacml3.core.Rule)6
JSONObject (org.json.JSONObject)5
EntitlementCondition (com.sun.identity.entitlement.EntitlementCondition)4
AttributeValue (com.sun.identity.entitlement.xacml3.core.AttributeValue)4
EntitlementSubject (com.sun.identity.entitlement.EntitlementSubject)3
Condition (com.sun.identity.entitlement.xacml3.core.Condition)3
Target (com.sun.identity.entitlement.xacml3.core.Target)3
Entitlement (com.sun.identity.entitlement.Entitlement)2
ResourceAttribute (com.sun.identity.entitlement.ResourceAttribute)2
AnyOf (com.sun.identity.entitlement.xacml3.core.AnyOf)2
Apply (com.sun.identity.entitlement.xacml3.core.Apply)2
Match (com.sun.identity.entitlement.xacml3.core.Match)2
Policy (com.sun.identity.entitlement.xacml3.core.Policy)2
VariableDefinition (com.sun.identity.entitlement.xacml3.core.VariableDefinition)2
Version (com.sun.identity.entitlement.xacml3.core.Version)2
SimpleDateFormat (java.text.SimpleDateFormat)2
HashSet (java.util.HashSet)2
JAXBContext (javax.xml.bind.JAXBContext)2
JAXBElement (javax.xml.bind.JAXBElement)2
Privilege (com.sun.identity.entitlement.Privilege)1
