use of com.sun.identity.entitlement.xacml3.core.Target in project OpenAM by OpenRock.
the class XACMLPrivilegeUtils method newPolicySet.
public static PolicySet newPolicySet(String realm) throws JAXBException {
PolicySet policySet = new PolicySet();
SimpleDateFormat sdf = new SimpleDateFormat("yyyy.MM.dd.HH.mm.ss.SSS");
sdf.setTimeZone(TimeZone.getTimeZone("GMT"));
String currentTime = sdf.format(System.currentTimeMillis());
String policySetId = realm + ":" + currentTime;
policySet.setPolicySetId(policySetId);
Version version = new Version();
version.setValue(sdf.format(System.currentTimeMillis()));
policySet.setVersion(version);
// FIXME: is there a better choice?
// policySet could contain policies for different applications
policySet.setPolicyCombiningAlgId(XACMLConstants.XACML_RULE_DENY_OVERRIDES);
Target target = new Target();
policySet.setVersion(version);
policySet.setTarget(target);
return policySet;
}
use of com.sun.identity.entitlement.xacml3.core.Target in project OpenAM by OpenRock.
the class XACMLPrivilegeUtils method policyToPrivilege.
public static Privilege policyToPrivilege(Policy policy) throws EntitlementException {
String policyId = policy.getPolicyId();
String privilegeName = policyIdToPrivilegeName(policyId);
String description = policy.getDescription();
String createdBy = getVariableById(policy, XACMLConstants.PRIVILEGE_CREATED_BY);
long createdAt = dateStringToLong(getVariableById(policy, XACMLConstants.PRIVILEGE_CREATION_DATE));
String lastModifiedBy = getVariableById(policy, XACMLConstants.PRIVILEGE_LAST_MODIFIED_BY);
long lastModifiedAt = dateStringToLong(getVariableById(policy, XACMLConstants.PRIVILEGE_LAST_MODIFIED_DATE));
String entitlementName = getVariableById(policy, XACMLConstants.ENTITLEMENT_NAME);
String applicationName = getVariableById(policy, XACMLConstants.APPLICATION_NAME);
List<Match> policyMatches = getAllMatchesFromTarget(policy.getTarget());
Set<String> resourceNames = getResourceNamesFromMatches(policyMatches);
Map<String, Boolean> actionValues = getActionValuesFromPolicy(policy);
EntitlementSubject es = getEntitlementSubjectFromPolicy(policy);
EntitlementCondition ec = getEntitlementConditionFromPolicy(policy);
/*
* Construct entitlement from Rule target
* Get resource names, excluded resource names, action names from Rule Match element
* One Match for Action
* One Rule per value
*/
Entitlement entitlement = new Entitlement(applicationName, resourceNames, actionValues);
if (entitlementName != null) {
entitlement.setName(entitlementName);
}
// Process AdviceExpressions from Export into ResourceAttributes
Set<ResourceAttribute> ras = schemaFactory.adviceExpressionsToResourceAttributes(policy.getAdviceExpressions());
Privilege privilege = new XACMLOpenSSOPrivilege();
privilege.setName(privilegeName);
privilege.setDescription(description);
privilege.setCreatedBy(createdBy);
privilege.setCreationDate(createdAt);
privilege.setLastModifiedBy(lastModifiedBy);
privilege.setLastModifiedDate(lastModifiedAt);
privilege.setEntitlement(entitlement);
privilege.setSubject(es);
privilege.setCondition(ec);
privilege.setResourceAttributes(ras);
return privilege;
}
Aggregations