use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.
the class PrivilegeUtils method referralPrivilegeToPolicy.
public static Policy referralPrivilegeToPolicy(String realm, ReferralPrivilege referralPrivilege) throws PolicyException, SSOException, EntitlementException {
Policy policy = new Policy(referralPrivilege.getName(), referralPrivilege.getDescription(), true);
SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
javax.security.auth.Subject adminSubject = SubjectUtils.createSubject(adminToken);
PolicyManager pm = new PolicyManager(adminToken, realm);
ReferralTypeManager rm = pm.getReferralTypeManager();
policy.setCreatedBy(referralPrivilege.getCreatedBy());
policy.setCreationDate(referralPrivilege.getCreationDate());
policy.setLastModifiedBy(referralPrivilege.getLastModifiedBy());
policy.setLastModifiedDate(referralPrivilege.getLastModifiedDate());
int count = 1;
for (String r : referralPrivilege.getRealms()) {
Referral referral = rm.getReferral("SubOrgReferral");
Set<String> tmp = new HashSet<String>();
tmp.add(r);
referral.setValues(tmp);
policy.addReferral("referral" + count++, referral);
}
Map<String, Set<String>> map = referralPrivilege.getOriginalMapApplNameToResources();
count = 1;
String realmName = LDAPUtils.isDN(realm) ? DNMapper.orgNameToRealmName(realm) : realm;
for (String appName : map.keySet()) {
Set<String> res = map.get(appName);
Application application = ApplicationManager.getApplication(PolicyConstants.SUPER_ADMIN_SUBJECT, realmName, appName);
if (application == null) {
Object[] params = { appName, realm };
throw new EntitlementException(105, params);
}
String serviceName = application.getApplicationType().getName();
for (String r : res) {
Rule rule = new Rule("rule" + count++, serviceName, r, Collections.EMPTY_MAP);
rule.setApplicationName(appName);
policy.addRule(rule);
}
}
return policy;
}
use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.
the class RealmTest method deletePolicy.
@Test(groups = { "cli-realm", "delete-policies" }, dependsOnMethods = { "getPolicy" })
public void deletePolicy() throws CLIException, PolicyException, SSOException {
entering("deletePolicy", null);
String[] args = { "delete-policies", CLIConstants.PREFIX_ARGUMENT_LONG + IArgument.REALM_NAME, "/", CLIConstants.PREFIX_ARGUMENT_LONG + RealmDeletePolicy.ARGUMENT_POLICY_NAMES, "clipolicy" };
SSOToken adminSSOToken = getAdminSSOToken();
CLIRequest req = new CLIRequest(null, args, adminSSOToken);
cmdManager.addToRequestQueue(req);
cmdManager.serviceRequestQueue();
PolicyManager pm = new PolicyManager(adminSSOToken, "/");
try {
Policy p = pm.getPolicy("clipolicy");
assert (p == null);
} catch (NameNotFoundException e) {
// do nothing
}
exiting("deletePolicy");
}
use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.
the class UpgradeUtils method createPolicyAdminPolicy.
/**
* Creates Policy Admin Policy.
*
* @param policyManager the policy manager object.
* @param orgDN the organization dn.
* @param orgID the organization identifier.
*/
private static void createPolicyAdminPolicy(PolicyManager policyManager, String orgDN, String orgID) {
String classMethod = "UpgradeUtils:createRealmReadOnlyPolicy";
try {
String policyName = orgID + "^^PolicyAdmin";
Policy realmPolicy = new Policy(policyName, null, false, true);
// create Rule
String resourceName = "sms://*" + orgDN + "/" + POLICY_SERVICE;
Rule rule = getRule(DELEGATION_SERVICE, resourceName);
if (rule != null) {
realmPolicy.addRule(rule);
}
// add subjects
String policyAdminRoleUniversalID = getUniversalID(orgDN, ORG_POLICY_ADMIN_ROLE);
Subject subject = getSubject(policyManager, policyAdminRoleUniversalID);
if (subject != null) {
realmPolicy.addSubject(DELEGATION_SUBJECT, subject, false);
}
policyManager.addPolicy(realmPolicy);
} catch (Exception e) {
debug.error(classMethod + "Error creating policy admin policy", e);
}
}
use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.
the class UpgradeUtils method removeDelegationCondition.
/**
* Removes Condition Properties.
*
* @param policyName Name of Policy.
* @param attributeName the name of the attribute whose default values
* needs to be updated.
* @param conditionNameMap Map of condition name to map of property name to
* set of attribute values to be removed.
*/
public static void removeDelegationCondition(String policyName, String attributeName, Map conditionNameMap) {
try {
PolicyManager pm = new PolicyManager(ssoToken, HIDDEN_REALM);
Policy policy = pm.getPolicy(policyName);
for (Iterator i = conditionNameMap.keySet().iterator(); i.hasNext(); ) {
String condName = (String) i.next();
Condition cond = policy.getCondition(condName);
if (cond != null) {
Set removeSet = (HashSet) conditionNameMap.get(condName);
Map orig = cond.getProperties();
for (Iterator j = removeSet.iterator(); j.hasNext(); ) {
String defaultValue = (String) j.next();
Set origValues = (Set) orig.get(attributeName);
if (origValues != null) {
origValues.removeAll(removeSet);
}
}
cond.setProperties(orig);
policy.replaceCondition(condName, cond);
}
}
pm.replacePolicy(policy);
} catch (PolicyException e) {
debug.error("UpgradeUtils.removeDelegationCondition", e);
} catch (SSOException e) {
debug.error("UpgradeUtils.removeDelegationCondition", e);
}
}
use of com.sun.identity.policy.Policy in project OpenAM by OpenRock.
the class UpgradeEntitlementsStep method upgradeReferrals.
private void upgradeReferrals(PolicyManager pm, Set<String> referrals) throws Exception {
for (String referralName : referrals) {
if (DEBUG.messageEnabled()) {
DEBUG.message("Upgrading referral: " + referralName);
}
Policy referral = pm.getPolicy(referralName);
Set<String> resourceNames = getResourceNames(referral);
Set<String> currentRuleNames = new HashSet<String>(referral.getRuleNames());
for (String ruleName : currentRuleNames) {
Rule rule = referral.getRule(ruleName);
for (String definedResourceName : rule.getResourceNames()) {
if (definedResourceName.endsWith("*?*")) {
//This is a special case we don't want to handle for referrals
} else if (definedResourceName.endsWith("*")) {
//define a new *?* resource within this referral
addSimilarPolicyRule(referral, rule, resourceNames, definedResourceName + "?*");
} else {
//no wildcard at the end of the resource name, we should create both * and *?*
addSimilarPolicyRule(referral, rule, resourceNames, definedResourceName + "*");
addSimilarPolicyRule(referral, rule, resourceNames, definedResourceName + "*?*");
}
}
}
UpgradeProgress.reportStart("upgrade.entitlement.referral", referral.getName());
//in either case we need to replace this referral to ensure the indexes are updated
pm.replacePolicy(referral);
UpgradeProgress.reportEnd("upgrade.success");
}
}
Aggregations