Example 6 with ActionDecision
use of com.sun.identity.policy.ActionDecision in project OpenAM by OpenRock.
the class Gateway method getActionDecision.
private ActionDecision getActionDecision(String url) {
ActionDecision ad = null;
if (pe != null) {
PolicyDecision pd = null;
try {
HashMap envParameters = new HashMap();
pd = pe.getPolicyDecisionIgnoreSubjects(url, actionNames, envParameters);
} catch (Exception e) {
debug.error("GatewayServlet: Error in getting policy decision.", e);
return (null);
}
Map actionDecisions = pd.getActionDecisions();
if (actionDecisions != null) {
if ((ad = (ActionDecision) actionDecisions.get(GET)) == null) {
ad = (ActionDecision) actionDecisions.get(POST);
}
}
}
return ad;
}
Also used :
PolicyDecision(com.sun.identity.policy.PolicyDecision)
HashMap(java.util.HashMap)
ActionDecision(com.sun.identity.policy.ActionDecision)
HashMap(java.util.HashMap)
Map(java.util.Map)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
Example 7 with ActionDecision
use of com.sun.identity.policy.ActionDecision in project OpenAM by OpenRock.
the class PolicyDecisionUtils method getActionDecision.
private static ActionDecision getActionDecision(String url, Map envParameters) throws PolicyException {
ActionDecision ad = null;
if (pe != null) {
PolicyDecision pd = null;
try {
pd = pe.getPolicyDecisionIgnoreSubjects(url, actionNames, envParameters);
} catch (PolicyException e) {
debug.error("PolicyDecisionUtils.getActionDecision()", e);
return null;
} catch (SSOException ssoe) {
debug.error("PolicyDecisionUtils.getActionDecision()", ssoe);
return null;
}
Map actionDecisions = pd.getActionDecisions();
if (actionDecisions != null) {
if ((ad = (ActionDecision) actionDecisions.get(GET)) == null) {
ad = (ActionDecision) actionDecisions.get(POST);
}
}
} else {
throw new PolicyException(errorMsg);
}
return ad;
}
Also used :
PolicyDecision(com.sun.identity.policy.PolicyDecision)
PolicyException(com.sun.identity.policy.PolicyException)
ActionDecision(com.sun.identity.policy.ActionDecision)
SSOException(com.iplanet.sso.SSOException)
Map(java.util.Map)
Example 8 with ActionDecision
use of com.sun.identity.policy.ActionDecision in project OpenAM by OpenRock.
the class IDPPTest method evaluate.
private boolean evaluate(String res) throws Exception {
AuthContext lc = new AuthContext(orgName);
lc.login();
while (lc.hasMoreRequirements()) {
Callback[] callbacks = lc.getRequirements();
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
NameCallback nc = (NameCallback) callbacks[i];
nc.setName(USER1_NAME);
} else if (callbacks[i] instanceof PasswordCallback) {
PasswordCallback pc = (PasswordCallback) callbacks[i];
pc.setPassword(USER1_NAME.toCharArray());
} else {
throw new Exception("No callback");
}
}
lc.submitRequirements(callbacks);
}
if (lc.getStatus() != AuthContext.Status.SUCCESS) {
return false;
}
SSOToken ssoToken = lc.getSSOToken();
PolicyEvaluator evaluator = new PolicyEvaluator(serviceType);
String resource = URL1;
String action = "MODIFY";
Set actions = new HashSet();
actions.add(action);
PolicyDecision policyDecision = evaluator.getPolicyDecision(ssoToken, resource, actions, null);
if (policyDecision == null) {
return false;
}
Map actionDecisions = policyDecision.getActionDecisions();
ActionDecision actionDecision = (ActionDecision) actionDecisions.get(action);
if (actionDecision == null) {
return false;
}
Set values = (Set) actionDecision.getValues();
if ((values == null) || (values.size() != 1)) {
return false;
}
String actionValue = (String) (values.iterator().next());
return (actionValue.equals("deny"));
}
Also used :
PolicyDecision(com.sun.identity.policy.PolicyDecision)
SSOToken(com.iplanet.sso.SSOToken)
HashSet(java.util.HashSet)
Set(java.util.Set)
ActionDecision(com.sun.identity.policy.ActionDecision)
AuthContext(com.sun.identity.authentication.AuthContext)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
PolicyEvaluator(com.sun.identity.policy.PolicyEvaluator)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
HashMap(java.util.HashMap)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 9 with ActionDecision
use of com.sun.identity.policy.ActionDecision in project OpenAM by OpenRock.
the class Util method isGetPostAllowed.
/**
* Checks the user/url combination against existing Policy rules.
* @param userToken The user to use in the policy check.
* @param url The URL to use in the policy check.
* @param scope The scope of the policy check.
* @return True if the policy check was OK for the given user/url combination.
* @throws SSOException If there was a problem with the users token.
* @throws PolicyException if there was a problem checking the url.
* @throws NameNotFoundException If there was a problem looking up the policy service.
*/
public static boolean isGetPostAllowed(SSOToken userToken, String url, String scope) throws SSOException, PolicyException, NameNotFoundException {
PolicyEvaluator pe = new PolicyEvaluator(IPLANETAMWEBAGENTSERVICE);
Set<ResourceResult> resResults = pe.getResourceResults(userToken, url, scope, Collections.EMPTY_MAP);
ResourceResult resResult = resResults.iterator().next();
PolicyDecision pd = resResult.getPolicyDecision();
Map<String, ActionDecision> decisions = pd.getActionDecisions();
ActionDecision get = decisions.get(GET_ACTION);
ActionDecision post = decisions.get(POST_ACTION);
return (get != null && get.getValues().contains(ALLOW_DECISION)) && (post != null && post.getValues().contains(ALLOW_DECISION));
}
Also used :
PolicyDecision(com.sun.identity.policy.PolicyDecision)
ResourceResult(com.sun.identity.policy.ResourceResult)
PolicyEvaluator(com.sun.identity.policy.PolicyEvaluator)
ActionDecision(com.sun.identity.policy.ActionDecision)
Example 10 with ActionDecision
use of com.sun.identity.policy.ActionDecision in project OpenAM by OpenRock.
the class ResourceResultCache method resetPolicyDecision.
/**
* Merges two policy decisions
* @param pd1 policy decision to be merged
* @param pd2 policy decision to be merged into. Action decisions
* present in the policy decision are cleared before merging
* @param serviceName service name
* @return merged policy decision
*/
private PolicyDecision resetPolicyDecision(PolicyDecision pd1, PolicyDecision pd2, String serviceName) {
//pd2 is collector
Map actionDecisions1 = pd1.getActionDecisions();
Map actionDecisions2 = pd2.getActionDecisions();
actionDecisions2.clear();
Set actions = new HashSet();
actions.addAll(actionDecisions1.keySet());
Iterator iter = actions.iterator();
while (iter.hasNext()) {
String action = (String) iter.next();
ActionDecision ad1 = (ActionDecision) actionDecisions1.get(action);
pd2.addActionDecision(ad1, policyProperties.getTrueValue(serviceName, action), policyProperties.getFalseValue(serviceName, action));
}
Map mergedReponseAttrsMap = new HashMap();
PolicyUtils.appendMapToMap(pd1.getResponseAttributes(), mergedReponseAttrsMap);
PolicyUtils.appendMapToMap(pd2.getResponseAttributes(), mergedReponseAttrsMap);
pd2.setResponseAttributes(mergedReponseAttrsMap);
return pd2;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
RequestSet(com.iplanet.services.comm.share.RequestSet)
HashMap(java.util.HashMap)
Iterator(java.util.Iterator)
ActionDecision(com.sun.identity.policy.ActionDecision)
Map(java.util.Map)
HashMap(java.util.HashMap)
HashSet(java.util.HashSet)
Aggregations
ActionDecision (com.sun.identity.policy.ActionDecision)11
PolicyDecision (com.sun.identity.policy.PolicyDecision)8
Map (java.util.Map)8
HashMap (java.util.HashMap)7
HashSet (java.util.HashSet)6
Set (java.util.Set)6
Iterator (java.util.Iterator)4
RequestSet (com.iplanet.services.comm.share.RequestSet)3
PolicyEvaluator (com.sun.identity.policy.PolicyEvaluator)2
PolicyException (com.sun.identity.policy.PolicyException)2
ResourceResult (com.sun.identity.policy.ResourceResult)2
ServletException (javax.servlet.ServletException)2
SSOException (com.iplanet.sso.SSOException)1
SSOToken (com.iplanet.sso.SSOToken)1
SSOTokenID (com.iplanet.sso.SSOTokenID)1
AuthContext (com.sun.identity.authentication.AuthContext)1
ISLocaleContext (com.sun.identity.common.ISLocaleContext)1
DelegationException (com.sun.identity.delegation.DelegationException)1
PolicyEvaluationException (com.sun.identity.policy.remote.PolicyEvaluationException)1
L10NMessageImpl (com.sun.identity.shared.locale.L10NMessageImpl)1
