use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.
the class PolicyModelImpl method isPolicyActive.
public boolean isPolicyActive(String realmName, String policyName) throws AMConsoleException {
String policyID = cachePolicy(realmName, policyName);
CachedPolicy cachedPolicy = getCachedPolicy(policyID);
Policy policy = cachedPolicy.getPolicy();
return policy.isActive();
}
use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.
the class SubjectAddViewBean method handleButton2Request.
/**
* Handles create policy's subject request.
*
* @param event Request invocation event
*/
public void handleButton2Request(RequestInvocationEvent event) throws ModelControlException {
boolean forwarded = false;
submitCycle = true;
bFilter = true;
try {
Subject subject = createSubject();
if (subject != null) {
CachedPolicy cachedPolicy = getCachedPolicy();
Policy policy = cachedPolicy.getPolicy();
String name = (String) propertySheetModel.getValue(SUBJECT_NAME);
policy.addSubject(name, subject, isExclusive());
backTrail();
forwardToPolicyViewBean();
forwarded = true;
}
} catch (NameAlreadyExistsException e) {
setInlineAlertMessage(CCAlert.TYPE_ERROR, "message.error", getModel().getErrorString(e));
} catch (InvalidNameException e) {
setInlineAlertMessage(CCAlert.TYPE_ERROR, "message.error", getModel().getErrorString(e));
} catch (AMConsoleException e) {
setInlineAlertMessage(CCAlert.TYPE_ERROR, "message.error", e.getMessage());
} finally {
if (!forwarded) {
forwardTo();
}
}
}
use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.
the class SubjectEditViewBean method isSubjectExclusive.
protected boolean isSubjectExclusive() {
boolean isExclusive = false;
try {
CachedPolicy cachedPolicy = getCachedPolicy();
Policy policy = cachedPolicy.getPolicy();
String subjectName = (String) getPageSessionAttribute(SubjectOpViewBeanBase.PG_SESSION_SUBJECT_NAME);
isExclusive = policy.isSubjectExclusive(subjectName);
} catch (NameNotFoundException e) {
debug.warning("SubjectEditViewBean.isSubjectExclusive", e);
} catch (AMConsoleException e) {
debug.warning("SubjectEditViewBean.isSubjectExclusive", e);
}
return isExclusive;
}
use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.
the class DelegationPolicyImpl method addPrivilege.
/**
* Adds a delegation privilege to a specific realm. The permission will be
* added to the existing privilege in the event that this method is trying
* to add to an existing privilege.
*
* @param token The <code>SSOToken</code> of the requesting user
* @param orgName The name of the realm to which the delegation privilege
* is to be added.
* @param privilege The delegation privilege to be added.
*
* @throws SSOException invalid or expired single-sign-on token
* @throws DelegationException if any abnormal condition occurred.
*/
public void addPrivilege(SSOToken token, String orgName, DelegationPrivilege privilege) throws SSOException, DelegationException {
if (privilege != null) {
try {
// Need to check if user has "delegate" permissions for org
if (hasDelegationPermissionsForRealm(token, orgName)) {
// Replace token with AdminToken
token = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
}
PolicyManager pm = new PolicyManager(token, POLICY_REPOSITORY_REALM);
Policy p = privilegeToPolicy(pm, privilege, orgName);
if (p != null) {
Set existingPolicies = pm.getPolicyNames();
if (existingPolicies.contains(p.getName())) {
Set<String> subjectNames = p.getSubjectNames();
if ((subjectNames == null) || subjectNames.isEmpty()) {
pm.removePolicy(p.getName());
} else {
pm.replacePolicy(p);
}
} else {
Set<String> subjectNames = p.getSubjectNames();
if ((subjectNames != null) && !subjectNames.isEmpty()) {
pm.addPolicy(p);
}
}
} else {
throw new DelegationException(ResBundleUtils.rbName, "invalid_delegation_privilege", null, null);
}
} catch (Exception e) {
throw new DelegationException(e);
}
}
}
use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.
the class DelegationPolicyImpl method privilegeToPolicy.
/**
* Converts a delegation privilege to a policy.
* @param pm PolicyManager object to be used to create the <code>Policy
* </code> object.
* @param priv <code>DelegationPrivilege</code> which needs to be
converted.
* @return policy object.
*/
private Policy privilegeToPolicy(PolicyManager pm, DelegationPrivilege priv, String orgName) throws DelegationException {
try {
/* the name of the policy is in the form of
* orgName^^privilegeName, the privilegeName is the
* name of the delegation privilege that the policy
* is corresponding to. In case the orgName is in a
* DN format, the special char ',' is replaced to
* avoid saving problem.
*/
String prefix = null;
if (orgName != null) {
prefix = orgName.toLowerCase() + NAME_DELIMITER;
prefix = prefix.replace(',', REPLACEMENT_FOR_COMMA);
} else {
prefix = NAME_DELIMITER;
}
String name = prefix + priv.getName();
Policy policy = new Policy(name);
Set permissions = priv.getPermissions();
if ((permissions != null) && (!permissions.isEmpty())) {
Iterator pmit = permissions.iterator();
int seqNum = 0;
while (pmit.hasNext()) {
DelegationPermission perm = (DelegationPermission) pmit.next();
String resourceName = getResourceName(perm);
Map actions = new HashMap();
Set permActions = perm.getActions();
if (permActions != null) {
Set values = new HashSet();
values.add(ACTION_ALLOW);
Iterator it = permActions.iterator();
while (it.hasNext()) {
String actionName = (String) it.next();
actions.put(actionName, values);
}
}
String ruleName = DELEGATION_RULE;
if (seqNum != 0) {
ruleName += seqNum;
}
Rule rule = new Rule(ruleName, DelegationManager.DELEGATION_SERVICE, resourceName, actions);
policy.addRule(rule);
seqNum++;
}
}
Set sv = new HashSet(priv.getSubjects());
if ((sv != null) && (sv.contains(AUTHN_USERS_ID))) {
Subject allauthNUsers = pm.getSubjectTypeManager().getSubject(AUTHENTICATED_USERS_SUBJECT);
policy.addSubject(DELEGATION_AUTHN_USERS, allauthNUsers);
sv.remove(AUTHN_USERS_ID);
}
if ((sv != null) && (!sv.isEmpty())) {
Subject subject = pm.getSubjectTypeManager().getSubject(POLICY_SUBJECT);
subject.setValues(sv);
policy.addSubject(DELEGATION_SUBJECT, subject);
}
return policy;
} catch (Exception e) {
DelegationManager.debug.error("unable to convert a privilege to a policy", e);
throw new DelegationException(e);
}
}
Aggregations