use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.
the class PolicyModelImpl method cachePolicy.
/**
* Caches an existing policy. Returns the cache ID of the policy object.
*
* @param realmName Name of realm.
* @param policyName Name of policy.
* @return cache ID of the policy object.
* @throws AMConsoleException if policy cannot be cached.
*/
public String cachePolicy(String realmName, String policyName) throws AMConsoleException {
try {
PolicyManager policyManager = getPolicyManager(realmName);
Policy policy = policyManager.getPolicy(policyName);
PolicyCache cache = PolicyCache.getInstance();
return cache.cachePolicy(getUserSSOToken(), new CachedPolicy(policy));
} catch (InvalidFormatException e) {
throw new AMConsoleException(getErrorString(e));
} catch (InvalidNameException e) {
throw new AMConsoleException(getErrorString(e));
} catch (NoPermissionException e) {
throw new AMConsoleException(getErrorString(e));
} catch (NameNotFoundException e) {
throw new AMConsoleException(getErrorString(e));
} catch (PolicyException e) {
throw new AMConsoleException(getErrorString(e));
} catch (SSOException e) {
throw new AMConsoleException(getErrorString(e));
}
}
use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.
the class OpenSSOPolicyDataStore method createPolicy.
private Object createPolicy(SSOToken adminToken, String realm, String xml) throws Exception, SSOException, PolicyException {
Object policy = null;
if (xml.startsWith("xmlpolicy=")) {
xml = xml.substring(10);
}
Document doc = XMLUtils.getXMLDocument(new ByteArrayInputStream(xml.getBytes("UTF8")));
if (EntitlementConfiguration.getInstance(SubjectUtils.createSubject(adminToken), "/").xacmlPrivilegeEnabled()) {
//TODO: create xacml policy from xml document
} else {
PolicyManager pm = new PolicyManager(adminToken, realm);
Node rootNode = XMLUtils.getRootNode(doc, PolicyManager.POLICY_ROOT_NODE);
policy = new Policy(pm, rootNode);
}
return policy;
}
use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.
the class PolicyPrivilegeManager method findByName.
@Override
public Privilege findByName(String privilegeName, Subject adminSubject) throws EntitlementException {
if (privilegeName == null) {
throw new EntitlementException(12);
}
Privilege privilege = null;
try {
if (!migratedToEntitlementSvc) {
Policy policy = pm.getPolicy(privilegeName);
Set<IPrivilege> privileges = PrivilegeUtils.policyToPrivileges(policy);
Iterator<IPrivilege> it = privileges.iterator();
if (it.hasNext()) {
IPrivilege searchResult = it.next();
privilege = (Privilege) searchResult;
}
} else {
PrivilegeIndexStore pis = PrivilegeIndexStore.getInstance(adminSubject, getRealm());
privilege = (Privilege) pis.getPrivilege(privilegeName);
if (privilege == null) {
throw new EntitlementException(EntitlementException.NO_SUCH_POLICY, new Object[] { privilegeName });
}
}
if (adminSubject != PrivilegeManager.superAdminSubject) {
if (privilege != null) {
// Delegation to applications is currently not configurable, passing super admin (see AME-4959)
ApplicationPrivilegeManager applPrivilegeMgr = ApplicationPrivilegeManager.getInstance(realm, PrivilegeManager.superAdminSubject);
if (applPrivilegeMgr == null) {
return null;
}
if (!applPrivilegeMgr.hasPrivilege(privilege, ApplicationPrivilege.Action.READ)) {
throw new EntitlementException(326);
}
}
}
} catch (PolicyException pe) {
throw new EntitlementException(102, pe);
} catch (SSOException ssoe) {
throw new EntitlementException(102, ssoe);
}
return privilege;
}
use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.
the class PrivilegePolicyMapping method privilegeToPolicy.
@Test(dependsOnMethods = { "policyToPrivilege" })
public void privilegeToPolicy() throws Exception {
Policy p = PrivilegeUtils.privilegeToPolicy("/", privilege);
Set<String> ruleNames = p.getRuleNames();
for (String ruleName : ruleNames) {
Rule r = p.getRule(ruleName);
if (!RES_NAME.equals(r.getResourceName())) {
throw new Exception("PrivilegePolicyMapping.privilegeToPolicy: resource is incorrect");
}
if (!actionValues.equals(r.getActionValues())) {
throw new Exception("PrivilegePolicyMapping.privilegeToPolicy: action value is incorrect");
}
}
Set<String> subjectNames = p.getSubjectNames();
for (String subjectName : subjectNames) {
Subject sbj = p.getSubject(subjectName);
if (!(sbj instanceof PrivilegeSubject)) {
throw new Exception("PrivilegePolicyMapping.privilegeToPolicy: not instance of privilege subject");
}
}
Set<String> conditionNames = p.getConditionNames();
if (conditionNames.size() != 1) {
throw new Exception("PrivilegePolicyMapping.privilegeToPolicy: number of condition is incorrect");
}
for (String conditionName : conditionNames) {
Condition cond = p.getCondition(conditionName);
if (!(cond instanceof PrivilegeCondition)) {
throw new Exception("PrivilegePolicyMapping.privilegeToPolicy: not instance of privilege condition");
}
}
}
use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.
the class PrivilegePolicyMapping method setup.
@BeforeClass
public void setup() throws Exception {
try {
UnittestLog.logMessage("PrivilegePolicyMapping.setUp():" + "entered");
ipConditionEnvMap = new HashMap<String, Set<String>>();
Set<String> set = new HashSet<String>();
set.add("whatever.whatever");
ipConditionEnvMap.put(Condition.DNS_NAME, set);
ipConditionEnvMap1 = new HashMap<String, Set<String>>();
set = new HashSet<String>();
set.add("whatever1.whatever1");
ipConditionEnvMap1.put(Condition.DNS_NAME, set);
SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
testUser = IdRepoUtils.createUser("/", TEST_USER_NAME);
PolicyManager pm = new PolicyManager(adminToken, "/");
policy = new Policy(POLICY_NAME, "", false, true);
policy.addRule(createRule());
policy.addSubject("subjectName", createSubject(pm));
policy.addCondition("conditionName", createIPCondition(pm));
policy.addCondition("conditionName1", createIPCondition1(pm));
pm.addPolicy(policy);
} catch (Exception e) {
UnittestLog.logError("PrivilegePolicyMapping.setUp();" + "Exception STACKTRACE:" + e.getMessage());
StackTraceElement[] elems = e.getStackTrace();
for (StackTraceElement elem : elems) {
UnittestLog.logMessage(elem.toString());
}
UnittestLog.logMessage("END STACKTRACE");
throw e;
}
}
Aggregations