Examples with PolicyException com.sun.identity.policy.PolicyException used on opensource projects

Example 51 with PolicyException

use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.

the class PolicyResponseProvider method evaluate.

/**
     * Called by the entitlements framework to fetch its resource attributes;
     * cascades the call through to the configured response provider implementation
     * 
     * @param adminSubject The admin user executing the policy eval
     * @param realm The realm of the policy eval
     * @param subject The user who is subject to the policy eval
     * @param resourceName The resource name of the policy eval
     * @param environment environment map from the policy eval client
     * @return The attributes (only one since resource attributes are singled)
     * @throws EntitlementException 
     */
public Map<String, Set<String>> evaluate(Subject adminSubject, String realm, Subject subject, String resourceName, Map<String, Set<String>> environment) throws EntitlementException {
    try {
        ResponseProvider rp = getResponseProvider();
        SSOToken token = (subject != null) ? getSSOToken(subject) : null;
        Map<String, Set<String>> result = rp.getResponseDecision(token, environment);
        return result;
    } catch (SSOException ex) {
        throw new EntitlementException(510, ex);
    } catch (PolicyException ex) {
        throw new EntitlementException(510, ex);
    }
}

Example 52 with PolicyException

use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.

the class EntitlementService method updateEnvironmentRealmDn.

/**
     * For the passed in Entitlement environment, update the value associated with the key "am.policy.realmDN".
     *
     * @param environment The Entitlement environment to update with new realm DN value.
     * @param subRealm The Sub Realm whose DN value should be stored in the environment map.
     * @return The existing realm DN value stored in the environment map to enable it to be restored, may be
     *         null if the Policy Configuration for the Sub Realm could not be loaded.
     * @see #restoreEnvironmentRealmDn
     */
public Set<String> updateEnvironmentRealmDn(Map<String, Set<String>> environment, String subRealm) {
    String orgDN = DNMapper.orgNameToDN(subRealm);
    Map orgConfig = null;
    Set<String> savedRealmDn = null;
    try {
        orgConfig = PolicyConfig.getPolicyConfig(orgDN);
    } catch (PolicyException ex) {
        PolicyConstants.DEBUG.error("EntitlementService.updateEnvironmentRealmDn: " + "can not get policy config for sub-realm : " + subRealm + " org : " + orgDN, ex);
    }
    if (orgConfig != null) {
        /**
             * Save the realm name for the current policy config before passing control down to sub-realm
             */
        savedRealmDn = environment.get(PolicyEvaluator.REALM_DN);
        // Update env to point to the realm policy config data.
        environment.put(PolicyEvaluator.REALM_DN, CollectionUtils.asSet(orgDN));
    }
    return savedRealmDn;
}

Example 53 with PolicyException

use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.

the class WebServicesClients method getValidValues.

/**
     * Returns certificate subject DNs in the KeyStore as possible values. 
     *
     * @param token the <code>SSOToken</code>
     * @param pattern the pattern to match with valid values.
     *
     * @return <code>ValidValues</code> object wiht certificate subject DNs.
     *
     * @exception SSOException if SSO token is not valid
     * @exception PolicyException if unable to get the list of valid names.
     */
public ValidValues getValidValues(SSOToken token, String pattern) throws SSOException, PolicyException {
    // TODO: ignoring the pattern for now. Do we need to take care of it?
    // probably we can ignore for this subject.
    Set subjects = new HashSet();
    try {
        KeyProvider kp = null;
        try {
            kp = (KeyProvider) Class.forName(SystemConfigurationUtil.getProperty(SAMLConstants.KEY_PROVIDER_IMPL_CLASS, SAMLConstants.JKS_KEY_PROVIDER)).newInstance();
        } catch (ClassNotFoundException cnfe) {
            debug.error("WebServicesClients.getValidValues(): " + " Couldn't find the class.", cnfe);
            kp = null;
        } catch (InstantiationException ie) {
            debug.error("WebServicesClients.getValidValues(): " + " Couldn't instantiate the key provider instance.", ie);
            kp = null;
        } catch (IllegalAccessException iae) {
            debug.error("WebServicesClients.getValidValues(): " + " Couldn't access the default constructor.", iae);
            kp = null;
        }
        if (kp != null) {
            KeyStore ks = kp.getKeyStore();
            if (ks != null) {
                Enumeration aliases = ks.aliases();
                while (aliases.hasMoreElements()) {
                    String alias = (String) aliases.nextElement();
                    if (debug.messageEnabled()) {
                        debug.message("WSClient.getValidValues: alias=" + alias);
                    }
                    // TODO: need to take care of certificate chaining
                    if (ks.isCertificateEntry(alias)) {
                        debug.message("WSClient.getValidValues: " + "alias is trusted.");
                        X509Certificate cert = (X509Certificate) ks.getCertificate(alias);
                        if (cert != null) {
                            debug.message("WSClient.getValidValues:cert " + "not null");
                            String name = CertUtils.getSubjectName(cert);
                            if (name != null && name.length() != 0) {
                                subjects.add(name);
                            }
                        } else {
                            debug.message("WSClient.getValidValues: " + "cert is null");
                        }
                    } else {
                        debug.message("WSClient.getValidValues:alias " + "not trusted.");
                    }
                }
            }
        }
    } catch (KeyStoreException kse) {
        if (debug.warningEnabled()) {
            debug.warning("WebServicesClients: couldn't get subjects", kse);
        }
        String[] objs = { kse.getMessage() };
        throw (new PolicyException(ResBundleUtils.rbName, "can_not_get_subject_values", objs, kse));
    }
    return (new ValidValues(ValidValues.SUCCESS, subjects));
}

Example 54 with PolicyException

use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.

the class PolicyModelImpl method getDisplayNameForSubjectValues.

/**
     * Returns a map of values to localized label.
     *
     * @param realmName Name of realm.
     * @param subjectTypeName Name of Subject Type.
     * @param values Valid values.
     * @return a map of values to localized label.
     */
public Map getDisplayNameForSubjectValues(String realmName, String subjectTypeName, Set values) {
    Map map = null;
    if ((values != null) && !values.isEmpty()) {
        map = new HashMap(values.size() * 2);
        Locale locale = getUserLocale();
        try {
            PolicyManager policyMgr = getPolicyManager(realmName);
            if (policyMgr != null) {
                SubjectTypeManager subjectTypeMgr = policyMgr.getSubjectTypeManager();
                Subject subject = subjectTypeMgr.getSubject(subjectTypeName);
                for (Iterator i = values.iterator(); i.hasNext(); ) {
                    String v = (String) i.next();
                    map.put(v, subject.getDisplayNameForValue(v, locale));
                }
            }
        } catch (AMConsoleException e) {
            debug.warning("PolicyModelImpl.getDisplayNameForSubjectValues", e);
        } catch (NameNotFoundException e) {
            debug.warning("PolicyModelImpl.getDisplayNameForSubjectValues", e);
        } catch (PolicyException e) {
            debug.warning("PolicyModelImpl.getDisplayNameForSubjectValues", e);
        }
    }
    return (map == null) ? Collections.EMPTY_MAP : map;
}

Example 55 with PolicyException

use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.

the class PolicyModelImpl method getResponseProviderViewBeanURL.

/**
     * Returns properties view bean URL of a response provider.
     *
     * @param realmName Name of realm.
     * @param typeName Name of response provider Type.
     * @return properties view bean URL of a response provider.
     */
public String getResponseProviderViewBeanURL(String realmName, String typeName) {
    String url = null;
    try {
        PolicyManager policyMgr = getPolicyManager(realmName);
        if (policyMgr != null) {
            ResponseProviderTypeManager mgr = policyMgr.getResponseProviderTypeManager();
            ResponseProvider provider = mgr.getResponseProvider(typeName);
            url = mgr.getViewBeanURL(provider);
        }
    } catch (AMConsoleException e) {
        debug.warning("PolicyModelImpl.getResponseProviderViewBeanURL", e);
    } catch (NameNotFoundException e) {
        debug.warning("PolicyModelImpl.getResponseProviderViewBeanURL", e);
    } catch (PolicyException e) {
        debug.warning("PolicyModelImpl.getResponseProviderViewBeanURL", e);
    }
    return url;
}