use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.
the class UpgradeEntitlementsStep method initialize.
@Override
public void initialize() throws UpgradeException {
try {
DEBUG.message("Initializing UpgradeEntitlementsStep");
ServiceConfig appType = getDefaultApplicationType();
Map<String, Set<String>> attrs = appType.getAttributes();
String searchImpl = CollectionHelper.getMapAttr(attrs, SEARCH_INDEX_IMPL);
String saveImpl = CollectionHelper.getMapAttr(attrs, SAVE_INDEX_IMPL);
if (NEW_SEARCH_IMPL.equals(searchImpl) && NEW_SAVE_IMPL.equals(saveImpl)) {
DEBUG.message("The entitlements framework is already using the new TreeSearchIndex/TreeSaveIndex" + " implementations");
} else {
// There might not be any policies to upgrade but always update the search and save index
// implementation values if they are not already updated.
upgradeIndexImpls = true;
for (String realm : getRealmNames()) {
Map<PolicyType, Set<String>> map = new EnumMap<PolicyType, Set<String>>(PolicyType.class);
PolicyManager pm = new PolicyManager(getAdminToken(), realm);
Set<String> policyNames = pm.getPolicyNames();
for (String policyName : policyNames) {
Policy policy = pm.getPolicy(policyName);
PolicyType type;
if (policy.isReferralPolicy()) {
type = PolicyType.REFERRAL;
} else {
//There is a small edgecase here in case a rule contains multiple resourcenames, but that
//isn't quite a supported case anyways
policyRuleCount += policy.getRuleNames().size();
type = PolicyType.POLICY;
}
Set<String> values = map.get(type);
if (values == null) {
values = new HashSet<String>();
}
values.add(policyName);
map.put(type, values);
upgradableConfigs.put(realm, map);
}
}
if (DEBUG.messageEnabled()) {
DEBUG.message("Discovered following policies/referrals:\n" + upgradableConfigs);
}
}
} catch (Exception ex) {
DEBUG.error("Error while trying to detect changes in entitlements", ex);
throw new UpgradeException(ex);
}
}
use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.
the class ResavePoliciesStep method perform.
public void perform() throws UpgradeException {
try {
for (Map.Entry<String, Set<String>> entry : policyMap.entrySet()) {
String realm = entry.getKey();
Set<String> policyNames = entry.getValue();
PolicyManager pm = new PolicyManager(getAdminToken(), realm);
for (String policyName : policyNames) {
if (DEBUG.messageEnabled()) {
DEBUG.message("Resaving the following policy: " + policyName);
}
UpgradeProgress.reportStart("upgrade.policy.start", policyName);
Policy policy = pm.getPolicy(policyName);
pm.replacePolicy(policy);
UpgradeProgress.reportEnd("upgrade.success");
}
}
} catch (Exception ex) {
UpgradeProgress.reportEnd("upgrade.failed");
DEBUG.error("An error occurred while trying to resave policies", ex);
throw new UpgradeException(ex);
}
}
use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.
the class UpgradeUtils method createRealmReadOnlyPolicy.
/**
* Creates Realm Read Only Policy
*
* @param policyManager the policy manager object.
* @param orgDN the organization dn.
* @param orgID the organization identifier.
*/
private static void createRealmReadOnlyPolicy(PolicyManager policyManager, String orgDN, String orgID) {
String classMethod = "UpgradeUtils:createRealmReadOnlyPolicy";
try {
String policyName = orgID + "^^" + REALM_READ_ONLY;
Policy realmPolicy = new Policy(policyName, null, false, true);
// create Rule
String serviceName = DELEGATION_SERVICE;
String resourceName = "sms://*" + orgDN + "/" + REALM_SERVICE;
Rule rule = getRule(serviceName, resourceName);
if (rule != null) {
realmPolicy.addRule(rule);
}
// add subjects
String policyAdminRoleUniversalID = getUniversalID(orgDN, ORG_POLICY_ADMIN_ROLE);
Subject subject = getSubject(policyManager, policyAdminRoleUniversalID);
if (subject != null) {
realmPolicy.addSubject(DELEGATION_SUBJECT, subject, false);
}
policyManager.addPolicy(realmPolicy);
} catch (Exception e) {
debug.error(classMethod + "Error creating realm read only policy", e);
}
}
Aggregations