Examples with Policy com.sun.identity.policy.Policy used on opensource projects

Example 36 with Policy

use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.

the class PrivilegeUtils method referralPrivilegeToPolicy.

public static Policy referralPrivilegeToPolicy(String realm, ReferralPrivilege referralPrivilege) throws PolicyException, SSOException, EntitlementException {
    Policy policy = new Policy(referralPrivilege.getName(), referralPrivilege.getDescription(), true);
    SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
    javax.security.auth.Subject adminSubject = SubjectUtils.createSubject(adminToken);
    PolicyManager pm = new PolicyManager(adminToken, realm);
    ReferralTypeManager rm = pm.getReferralTypeManager();
    policy.setCreatedBy(referralPrivilege.getCreatedBy());
    policy.setCreationDate(referralPrivilege.getCreationDate());
    policy.setLastModifiedBy(referralPrivilege.getLastModifiedBy());
    policy.setLastModifiedDate(referralPrivilege.getLastModifiedDate());
    int count = 1;
    for (String r : referralPrivilege.getRealms()) {
        Referral referral = rm.getReferral("SubOrgReferral");
        Set<String> tmp = new HashSet<String>();
        tmp.add(r);
        referral.setValues(tmp);
        policy.addReferral("referral" + count++, referral);
    }
    Map<String, Set<String>> map = referralPrivilege.getOriginalMapApplNameToResources();
    count = 1;
    String realmName = LDAPUtils.isDN(realm) ? DNMapper.orgNameToRealmName(realm) : realm;
    for (String appName : map.keySet()) {
        Set<String> res = map.get(appName);
        Application application = ApplicationManager.getApplication(PolicyConstants.SUPER_ADMIN_SUBJECT, realmName, appName);
        if (application == null) {
            Object[] params = { appName, realm };
            throw new EntitlementException(105, params);
        }
        String serviceName = application.getApplicationType().getName();
        for (String r : res) {
            Rule rule = new Rule("rule" + count++, serviceName, r, Collections.EMPTY_MAP);
            rule.setApplicationName(appName);
            policy.addRule(rule);
        }
    }
    return policy;
}

Example 37 with Policy

use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.

the class RealmTest method deletePolicy.

@Test(groups = { "cli-realm", "delete-policies" }, dependsOnMethods = { "getPolicy" })
public void deletePolicy() throws CLIException, PolicyException, SSOException {
    entering("deletePolicy", null);
    String[] args = { "delete-policies", CLIConstants.PREFIX_ARGUMENT_LONG + IArgument.REALM_NAME, "/", CLIConstants.PREFIX_ARGUMENT_LONG + RealmDeletePolicy.ARGUMENT_POLICY_NAMES, "clipolicy" };
    SSOToken adminSSOToken = getAdminSSOToken();
    CLIRequest req = new CLIRequest(null, args, adminSSOToken);
    cmdManager.addToRequestQueue(req);
    cmdManager.serviceRequestQueue();
    PolicyManager pm = new PolicyManager(adminSSOToken, "/");
    try {
        Policy p = pm.getPolicy("clipolicy");
        assert (p == null);
    } catch (NameNotFoundException e) {
    // do nothing
    }
    exiting("deletePolicy");
}

Example 38 with Policy

use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.

the class UpgradeUtils method createPolicyAdminPolicy.

/**
     * Creates Policy Admin Policy.
     *
     * @param policyManager the policy manager object.
     * @param orgDN the organization dn.
     * @param orgID the organization identifier.
     */
private static void createPolicyAdminPolicy(PolicyManager policyManager, String orgDN, String orgID) {
    String classMethod = "UpgradeUtils:createRealmReadOnlyPolicy";
    try {
        String policyName = orgID + "^^PolicyAdmin";
        Policy realmPolicy = new Policy(policyName, null, false, true);
        // create Rule
        String resourceName = "sms://*" + orgDN + "/" + POLICY_SERVICE;
        Rule rule = getRule(DELEGATION_SERVICE, resourceName);
        if (rule != null) {
            realmPolicy.addRule(rule);
        }
        // add subjects
        String policyAdminRoleUniversalID = getUniversalID(orgDN, ORG_POLICY_ADMIN_ROLE);
        Subject subject = getSubject(policyManager, policyAdminRoleUniversalID);
        if (subject != null) {
            realmPolicy.addSubject(DELEGATION_SUBJECT, subject, false);
        }
        policyManager.addPolicy(realmPolicy);
    } catch (Exception e) {
        debug.error(classMethod + "Error creating policy admin policy", e);
    }
}

Example 39 with Policy

use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.

the class UpgradeUtils method removeDelegationCondition.

/**
      * Removes Condition Properties.
      *
      * @param policyName Name of Policy.
      * @param attributeName the name of the attribute whose default values
      *        needs to be updated.
      * @param conditionNameMap Map of condition name to map of property name to
      *        set of attribute values to be removed.
      */
public static void removeDelegationCondition(String policyName, String attributeName, Map conditionNameMap) {
    try {
        PolicyManager pm = new PolicyManager(ssoToken, HIDDEN_REALM);
        Policy policy = pm.getPolicy(policyName);
        for (Iterator i = conditionNameMap.keySet().iterator(); i.hasNext(); ) {
            String condName = (String) i.next();
            Condition cond = policy.getCondition(condName);
            if (cond != null) {
                Set removeSet = (HashSet) conditionNameMap.get(condName);
                Map orig = cond.getProperties();
                for (Iterator j = removeSet.iterator(); j.hasNext(); ) {
                    String defaultValue = (String) j.next();
                    Set origValues = (Set) orig.get(attributeName);
                    if (origValues != null) {
                        origValues.removeAll(removeSet);
                    }
                }
                cond.setProperties(orig);
                policy.replaceCondition(condName, cond);
            }
        }
        pm.replacePolicy(policy);
    } catch (PolicyException e) {
        debug.error("UpgradeUtils.removeDelegationCondition", e);
    } catch (SSOException e) {
        debug.error("UpgradeUtils.removeDelegationCondition", e);
    }
}

Example 40 with Policy

use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.

the class UpgradeEntitlementsStep method upgradeReferrals.

private void upgradeReferrals(PolicyManager pm, Set<String> referrals) throws Exception {
    for (String referralName : referrals) {
        if (DEBUG.messageEnabled()) {
            DEBUG.message("Upgrading referral: " + referralName);
        }
        Policy referral = pm.getPolicy(referralName);
        Set<String> resourceNames = getResourceNames(referral);
        Set<String> currentRuleNames = new HashSet<String>(referral.getRuleNames());
        for (String ruleName : currentRuleNames) {
            Rule rule = referral.getRule(ruleName);
            for (String definedResourceName : rule.getResourceNames()) {
                if (definedResourceName.endsWith("*?*")) {
                //This is a special case we don't want to handle for referrals
                } else if (definedResourceName.endsWith("*")) {
                    //define a new *?* resource within this referral
                    addSimilarPolicyRule(referral, rule, resourceNames, definedResourceName + "?*");
                } else {
                    //no wildcard at the end of the resource name, we should create both * and *?*
                    addSimilarPolicyRule(referral, rule, resourceNames, definedResourceName + "*");
                    addSimilarPolicyRule(referral, rule, resourceNames, definedResourceName + "*?*");
                }
            }
        }
        UpgradeProgress.reportStart("upgrade.entitlement.referral", referral.getName());
        //in either case we need to replace this referral to ensure the indexes are updated
        pm.replacePolicy(referral);
        UpgradeProgress.reportEnd("upgrade.success");
    }
}