use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.
the class PrivilegePolicyMapping method setup.
@BeforeClass
public void setup() throws Exception {
try {
UnittestLog.logMessage("PrivilegePolicyMapping.setUp():" + "entered");
ipConditionEnvMap = new HashMap<String, Set<String>>();
Set<String> set = new HashSet<String>();
set.add("whatever.whatever");
ipConditionEnvMap.put(Condition.DNS_NAME, set);
ipConditionEnvMap1 = new HashMap<String, Set<String>>();
set = new HashSet<String>();
set.add("whatever1.whatever1");
ipConditionEnvMap1.put(Condition.DNS_NAME, set);
SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
testUser = IdRepoUtils.createUser("/", TEST_USER_NAME);
PolicyManager pm = new PolicyManager(adminToken, "/");
policy = new Policy(POLICY_NAME, "", false, true);
policy.addRule(createRule());
policy.addSubject("subjectName", createSubject(pm));
policy.addCondition("conditionName", createIPCondition(pm));
policy.addCondition("conditionName1", createIPCondition1(pm));
pm.addPolicy(policy);
} catch (Exception e) {
UnittestLog.logError("PrivilegePolicyMapping.setUp();" + "Exception STACKTRACE:" + e.getMessage());
StackTraceElement[] elems = e.getStackTrace();
for (StackTraceElement elem : elems) {
UnittestLog.logMessage(elem.toString());
}
UnittestLog.logMessage("END STACKTRACE");
throw e;
}
}
use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.
the class RealmTest method deletePolicy.
@Test(groups = { "cli-realm", "delete-policies" }, dependsOnMethods = { "getPolicy" })
public void deletePolicy() throws CLIException, PolicyException, SSOException {
entering("deletePolicy", null);
String[] args = { "delete-policies", CLIConstants.PREFIX_ARGUMENT_LONG + IArgument.REALM_NAME, "/", CLIConstants.PREFIX_ARGUMENT_LONG + RealmDeletePolicy.ARGUMENT_POLICY_NAMES, "clipolicy" };
SSOToken adminSSOToken = getAdminSSOToken();
CLIRequest req = new CLIRequest(null, args, adminSSOToken);
cmdManager.addToRequestQueue(req);
cmdManager.serviceRequestQueue();
PolicyManager pm = new PolicyManager(adminSSOToken, "/");
try {
Policy p = pm.getPolicy("clipolicy");
assert (p == null);
} catch (NameNotFoundException e) {
// do nothing
}
exiting("deletePolicy");
}
use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.
the class UpgradeUtils method createPolicyAdminPolicy.
/**
* Creates Policy Admin Policy.
*
* @param policyManager the policy manager object.
* @param orgDN the organization dn.
* @param orgID the organization identifier.
*/
private static void createPolicyAdminPolicy(PolicyManager policyManager, String orgDN, String orgID) {
String classMethod = "UpgradeUtils:createRealmReadOnlyPolicy";
try {
String policyName = orgID + "^^PolicyAdmin";
Policy realmPolicy = new Policy(policyName, null, false, true);
// create Rule
String resourceName = "sms://*" + orgDN + "/" + POLICY_SERVICE;
Rule rule = getRule(DELEGATION_SERVICE, resourceName);
if (rule != null) {
realmPolicy.addRule(rule);
}
// add subjects
String policyAdminRoleUniversalID = getUniversalID(orgDN, ORG_POLICY_ADMIN_ROLE);
Subject subject = getSubject(policyManager, policyAdminRoleUniversalID);
if (subject != null) {
realmPolicy.addSubject(DELEGATION_SUBJECT, subject, false);
}
policyManager.addPolicy(realmPolicy);
} catch (Exception e) {
debug.error(classMethod + "Error creating policy admin policy", e);
}
}
use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.
the class UpgradeUtils method removeDelegationCondition.
/**
* Removes Condition Properties.
*
* @param policyName Name of Policy.
* @param attributeName the name of the attribute whose default values
* needs to be updated.
* @param conditionNameMap Map of condition name to map of property name to
* set of attribute values to be removed.
*/
public static void removeDelegationCondition(String policyName, String attributeName, Map conditionNameMap) {
try {
PolicyManager pm = new PolicyManager(ssoToken, HIDDEN_REALM);
Policy policy = pm.getPolicy(policyName);
for (Iterator i = conditionNameMap.keySet().iterator(); i.hasNext(); ) {
String condName = (String) i.next();
Condition cond = policy.getCondition(condName);
if (cond != null) {
Set removeSet = (HashSet) conditionNameMap.get(condName);
Map orig = cond.getProperties();
for (Iterator j = removeSet.iterator(); j.hasNext(); ) {
String defaultValue = (String) j.next();
Set origValues = (Set) orig.get(attributeName);
if (origValues != null) {
origValues.removeAll(removeSet);
}
}
cond.setProperties(orig);
policy.replaceCondition(condName, cond);
}
}
pm.replacePolicy(policy);
} catch (PolicyException e) {
debug.error("UpgradeUtils.removeDelegationCondition", e);
} catch (SSOException e) {
debug.error("UpgradeUtils.removeDelegationCondition", e);
}
}
use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.
the class UpgradeEntitlementsStep method upgradeReferrals.
private void upgradeReferrals(PolicyManager pm, Set<String> referrals) throws Exception {
for (String referralName : referrals) {
if (DEBUG.messageEnabled()) {
DEBUG.message("Upgrading referral: " + referralName);
}
Policy referral = pm.getPolicy(referralName);
Set<String> resourceNames = getResourceNames(referral);
Set<String> currentRuleNames = new HashSet<String>(referral.getRuleNames());
for (String ruleName : currentRuleNames) {
Rule rule = referral.getRule(ruleName);
for (String definedResourceName : rule.getResourceNames()) {
if (definedResourceName.endsWith("*?*")) {
//This is a special case we don't want to handle for referrals
} else if (definedResourceName.endsWith("*")) {
//define a new *?* resource within this referral
addSimilarPolicyRule(referral, rule, resourceNames, definedResourceName + "?*");
} else {
//no wildcard at the end of the resource name, we should create both * and *?*
addSimilarPolicyRule(referral, rule, resourceNames, definedResourceName + "*");
addSimilarPolicyRule(referral, rule, resourceNames, definedResourceName + "*?*");
}
}
}
UpgradeProgress.reportStart("upgrade.entitlement.referral", referral.getName());
//in either case we need to replace this referral to ensure the indexes are updated
pm.replacePolicy(referral);
UpgradeProgress.reportEnd("upgrade.success");
}
}
Aggregations