Examples with Policy com.sun.identity.policy.Policy used on opensource projects

Example 46 with Policy

use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.

the class PolicyModelImpl method cachePolicy.

/**
     * Caches an existing policy. Returns the cache ID of the policy object.
     *
     * @param realmName Name of realm.
     * @param policyName Name of policy.
     * @return cache ID of the policy object.
     * @throws AMConsoleException if policy cannot be cached.
     */
public String cachePolicy(String realmName, String policyName) throws AMConsoleException {
    try {
        PolicyManager policyManager = getPolicyManager(realmName);
        Policy policy = policyManager.getPolicy(policyName);
        PolicyCache cache = PolicyCache.getInstance();
        return cache.cachePolicy(getUserSSOToken(), new CachedPolicy(policy));
    } catch (InvalidFormatException e) {
        throw new AMConsoleException(getErrorString(e));
    } catch (InvalidNameException e) {
        throw new AMConsoleException(getErrorString(e));
    } catch (NoPermissionException e) {
        throw new AMConsoleException(getErrorString(e));
    } catch (NameNotFoundException e) {
        throw new AMConsoleException(getErrorString(e));
    } catch (PolicyException e) {
        throw new AMConsoleException(getErrorString(e));
    } catch (SSOException e) {
        throw new AMConsoleException(getErrorString(e));
    }
}

Example 47 with Policy

use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.

the class OpenSSOPolicyDataStore method createPolicy.

private Object createPolicy(SSOToken adminToken, String realm, String xml) throws Exception, SSOException, PolicyException {
    Object policy = null;
    if (xml.startsWith("xmlpolicy=")) {
        xml = xml.substring(10);
    }
    Document doc = XMLUtils.getXMLDocument(new ByteArrayInputStream(xml.getBytes("UTF8")));
    if (EntitlementConfiguration.getInstance(SubjectUtils.createSubject(adminToken), "/").xacmlPrivilegeEnabled()) {
    //TODO: create xacml policy from xml document
    } else {
        PolicyManager pm = new PolicyManager(adminToken, realm);
        Node rootNode = XMLUtils.getRootNode(doc, PolicyManager.POLICY_ROOT_NODE);
        policy = new Policy(pm, rootNode);
    }
    return policy;
}

Example 48 with Policy

use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.

the class PolicyPrivilegeManager method findByName.

@Override
public Privilege findByName(String privilegeName, Subject adminSubject) throws EntitlementException {
    if (privilegeName == null) {
        throw new EntitlementException(12);
    }
    Privilege privilege = null;
    try {
        if (!migratedToEntitlementSvc) {
            Policy policy = pm.getPolicy(privilegeName);
            Set<IPrivilege> privileges = PrivilegeUtils.policyToPrivileges(policy);
            Iterator<IPrivilege> it = privileges.iterator();
            if (it.hasNext()) {
                IPrivilege searchResult = it.next();
                privilege = (Privilege) searchResult;
            }
        } else {
            PrivilegeIndexStore pis = PrivilegeIndexStore.getInstance(adminSubject, getRealm());
            privilege = (Privilege) pis.getPrivilege(privilegeName);
            if (privilege == null) {
                throw new EntitlementException(EntitlementException.NO_SUCH_POLICY, new Object[] { privilegeName });
            }
        }
        if (adminSubject != PrivilegeManager.superAdminSubject) {
            if (privilege != null) {
                // Delegation to applications is currently not configurable, passing super admin (see AME-4959)
                ApplicationPrivilegeManager applPrivilegeMgr = ApplicationPrivilegeManager.getInstance(realm, PrivilegeManager.superAdminSubject);
                if (applPrivilegeMgr == null) {
                    return null;
                }
                if (!applPrivilegeMgr.hasPrivilege(privilege, ApplicationPrivilege.Action.READ)) {
                    throw new EntitlementException(326);
                }
            }
        }
    } catch (PolicyException pe) {
        throw new EntitlementException(102, pe);
    } catch (SSOException ssoe) {
        throw new EntitlementException(102, ssoe);
    }
    return privilege;
}

Example 49 with Policy

use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.

the class PrivilegePolicyMapping method privilegeToPolicy.

@Test(dependsOnMethods = { "policyToPrivilege" })
public void privilegeToPolicy() throws Exception {
    Policy p = PrivilegeUtils.privilegeToPolicy("/", privilege);
    Set<String> ruleNames = p.getRuleNames();
    for (String ruleName : ruleNames) {
        Rule r = p.getRule(ruleName);
        if (!RES_NAME.equals(r.getResourceName())) {
            throw new Exception("PrivilegePolicyMapping.privilegeToPolicy: resource is incorrect");
        }
        if (!actionValues.equals(r.getActionValues())) {
            throw new Exception("PrivilegePolicyMapping.privilegeToPolicy: action value is incorrect");
        }
    }
    Set<String> subjectNames = p.getSubjectNames();
    for (String subjectName : subjectNames) {
        Subject sbj = p.getSubject(subjectName);
        if (!(sbj instanceof PrivilegeSubject)) {
            throw new Exception("PrivilegePolicyMapping.privilegeToPolicy: not instance of privilege subject");
        }
    }
    Set<String> conditionNames = p.getConditionNames();
    if (conditionNames.size() != 1) {
        throw new Exception("PrivilegePolicyMapping.privilegeToPolicy: number of condition is incorrect");
    }
    for (String conditionName : conditionNames) {
        Condition cond = p.getCondition(conditionName);
        if (!(cond instanceof PrivilegeCondition)) {
            throw new Exception("PrivilegePolicyMapping.privilegeToPolicy: not instance of privilege condition");
        }
    }
}

Example 50 with Policy

use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.

the class PrivilegePolicyMapping method setup.

@BeforeClass
public void setup() throws Exception {
    try {
        UnittestLog.logMessage("PrivilegePolicyMapping.setUp():" + "entered");
        ipConditionEnvMap = new HashMap<String, Set<String>>();
        Set<String> set = new HashSet<String>();
        set.add("whatever.whatever");
        ipConditionEnvMap.put(Condition.DNS_NAME, set);
        ipConditionEnvMap1 = new HashMap<String, Set<String>>();
        set = new HashSet<String>();
        set.add("whatever1.whatever1");
        ipConditionEnvMap1.put(Condition.DNS_NAME, set);
        SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
        testUser = IdRepoUtils.createUser("/", TEST_USER_NAME);
        PolicyManager pm = new PolicyManager(adminToken, "/");
        policy = new Policy(POLICY_NAME, "", false, true);
        policy.addRule(createRule());
        policy.addSubject("subjectName", createSubject(pm));
        policy.addCondition("conditionName", createIPCondition(pm));
        policy.addCondition("conditionName1", createIPCondition1(pm));
        pm.addPolicy(policy);
    } catch (Exception e) {
        UnittestLog.logError("PrivilegePolicyMapping.setUp();" + "Exception STACKTRACE:" + e.getMessage());
        StackTraceElement[] elems = e.getStackTrace();
        for (StackTraceElement elem : elems) {
            UnittestLog.logMessage(elem.toString());
        }
        UnittestLog.logMessage("END STACKTRACE");
        throw e;
    }
}