Examples with PolicyException com.sun.identity.policy.PolicyException used on opensource projects

Example 71 with PolicyException

use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.

the class DSAMERole method initialize.

/**
     * This method initializes the DSAME Role plugin with the organization 
     * DN, search configuration, ldap server name,  in which this plugin 
     * is specified for a <code>Policy</code>.
     *
     * @param configParams configuration parameters as a map.
     * The values in the map is <code>java.util.Set</code>,
     * which contains one or more configuration paramaters.
     *
     * @exception PolicyException if an error occured during
     * initialization of <code>Subject</code> instance
     */
public void initialize(Map configParams) throws PolicyException {
    String configuredLdapServer = (String) configParams.get(PolicyConfig.LDAP_SERVER);
    if (configuredLdapServer == null) {
        debug.error("DSAMERole.initialize(): failed to get LDAP " + "server name. If you enter more than one server name " + "in the policy config service's Primary LDAP Server " + "field, please make sure the ldap server name is preceded " + "with the local server name.");
        throw (new PolicyException(ResBundleUtils.rbName, "invalid_ldap_server_host", null, null));
    }
    ldapServer = configuredLdapServer.toLowerCase();
    organizationDN = (String) configParams.get(PolicyConfig.IS_ROLES_BASE_DN);
    String scope = (String) configParams.get(PolicyConfig.IS_ROLES_SEARCH_SCOPE);
    if (scope.equalsIgnoreCase(LDAP_SCOPE_BASE)) {
        roleSearchScope = AMConstants.SCOPE_BASE;
    } else if (scope.equalsIgnoreCase(LDAP_SCOPE_ONE)) {
        roleSearchScope = AMConstants.SCOPE_ONE;
    } else {
        roleSearchScope = AMConstants.SCOPE_SUB;
    }
    try {
        timeLimit = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_SEARCH_TIME_OUT));
        maxResults = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_SEARCH_LIMIT));
    } catch (NumberFormatException nfe) {
        debug.error("Can not parse search parameters in DSAMERole", nfe);
        timeLimit = 5;
        maxResults = 100;
    }
    initialized = true;
}

Example 72 with PolicyException

use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.

the class IDRepoResponseProvider method validateStaticAttribute.

/**
     * This method validates the STATIC_ATTRIBUTE data
     * for format and caches parsed static attributes map
     * Needs to be in "attr=val" format. 
     * Else, throws PolicyException
     */
private void validateStaticAttribute(Set staticSet) throws PolicyException {
    if (DEBUG.messageEnabled()) {
        DEBUG.message("IDRepoResponseProvider.validateStaticAttribute():" + "entering with staticSet=" + staticSet);
    }
    if (!staticSet.isEmpty()) {
        staticResponse = new HashMap();
        for (Iterator it = staticSet.iterator(); it.hasNext(); ) {
            String attrValueString = (String) it.next();
            if (attrValueString.indexOf(ATTR_DELIMITER) == -1) {
                clearProperties();
                DEBUG.error("IDRepoResponseProvider" + ".validateStaticAttribute():" + " Invalid format in defining StaticAttribute, needs" + " to be attr=value format");
                String[] args = { attrValueString };
                throw new PolicyException(ResBundleUtils.rbName, "invalid_format_static_property", args, null);
            } else {
                int index = attrValueString.indexOf(ATTR_DELIMITER);
                String attrName = attrValueString.substring(0, index).trim();
                String attrValue = attrValueString.substring(index + 1);
                Set values = PolicyUtils.delimStringToSet(attrValue, VAL_DELIMITER);
                PolicyUtils.appendElementToMap(attrName, values, staticResponse);
                if (DEBUG.messageEnabled()) {
                    DEBUG.message("IDRepoResponseProvider." + "validateStaticAttribute():" + "attrName=" + attrName + ",values=" + values);
                    DEBUG.message("IDRepoResponseProvider." + "validateStaticAttribute():" + "caching staticResponse:" + staticResponse);
                }
            }
        }
    }
    if (DEBUG.messageEnabled()) {
        DEBUG.message("IDRepoResponseProvider.validateStaticAttribute():" + "returning");
    }
}

Example 73 with PolicyException

use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.

the class AuthLevelCondition method getMaxRequestAuthLevel.

/**
     * gets the maximum auth level specified for the REQUEST_AUTH_LEVEL
     * property in the environment Map.
     * @see #REQUEST_AUTH_LEVEL
     */
private int getMaxRequestAuthLevel(Map env) throws PolicyException {
    int maxAuthLevel = Integer.MIN_VALUE;
    int currentAuthLevel = Integer.MIN_VALUE;
    if (DEBUG.messageEnabled()) {
        DEBUG.message("AuthLevelCondition.getMaxRequestAuthLevel(" + "envMap,realm): entering: envMap= " + env + ", authRealm= " + authRealm + ", conditionAuthLevel= " + authLevel);
    }
    Object envAuthLevelObject = env.get(REQUEST_AUTH_LEVEL);
    if (envAuthLevelObject != null) {
        if (envAuthLevelObject instanceof Integer) {
            if ((authRealm == null) || (authRealm.length() == 0)) {
                maxAuthLevel = ((Integer) envAuthLevelObject).intValue();
                if (DEBUG.messageEnabled()) {
                    DEBUG.message("AuthLevelCondition." + "getMaxRequestAuthLevel():Integer level in env= " + maxAuthLevel);
                }
            }
        } else if (envAuthLevelObject instanceof Set) {
            Set envAuthLevelSet = (Set) envAuthLevelObject;
            if (!envAuthLevelSet.isEmpty()) {
                Iterator iter = envAuthLevelSet.iterator();
                while (iter.hasNext()) {
                    Object envAuthLevelElement = iter.next();
                    if (!(envAuthLevelElement instanceof String)) {
                        if (DEBUG.warningEnabled()) {
                            DEBUG.warning("AuthLevelCondition." + "getMaxRequestAuthLevel():" + "requestAuthLevel Set element" + " not String");
                        }
                        throw new PolicyException(ResBundleUtils.rbName, "request_authlevel_in_env_set_element_not_string", null, null);
                    } else {
                        String qualifiedLevel = (String) envAuthLevelElement;
                        currentAuthLevel = getAuthLevel(qualifiedLevel);
                        if ((authRealm == null) || authRealm.length() == 0) {
                            if (currentAuthLevel > maxAuthLevel) {
                                maxAuthLevel = currentAuthLevel;
                            }
                        } else {
                            String realmString = AMAuthUtils.getRealmFromRealmQualifiedData(qualifiedLevel);
                            if (authRealm.equals(realmString) && (currentAuthLevel > maxAuthLevel)) {
                                maxAuthLevel = currentAuthLevel;
                            }
                        }
                    }
                }
            }
        } else {
            if (DEBUG.warningEnabled()) {
                DEBUG.warning("AuthLevelCondition.getMaxRequestAuthLevel():" + "requestAuthLevel in env neither" + " Integer nor Set");
            }
            throw new PolicyException(ResBundleUtils.rbName, "request_authlevel_in_env_not_Integer_or_set", null, null);
        }
    }
    if (DEBUG.messageEnabled()) {
        DEBUG.message("AuthLevelCondition.getMaxRequestAuthLevel(" + "): returning: maxAuthLevel=" + maxAuthLevel);
    }
    return maxAuthLevel;
}

Example 74 with PolicyException

use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.

the class PolicyResponseProvider method evaluate.

/**
     * Called by the entitlements framework to fetch its resource attributes;
     * cascades the call through to the configured response provider implementation
     * 
     * @param adminSubject The admin user executing the policy eval
     * @param realm The realm of the policy eval
     * @param subject The user who is subject to the policy eval
     * @param resourceName The resource name of the policy eval
     * @param environment environment map from the policy eval client
     * @return The attributes (only one since resource attributes are singled)
     * @throws EntitlementException 
     */
public Map<String, Set<String>> evaluate(Subject adminSubject, String realm, Subject subject, String resourceName, Map<String, Set<String>> environment) throws EntitlementException {
    try {
        ResponseProvider rp = getResponseProvider();
        SSOToken token = (subject != null) ? getSSOToken(subject) : null;
        Map<String, Set<String>> result = rp.getResponseDecision(token, environment);
        return result;
    } catch (SSOException ex) {
        throw new EntitlementException(510, ex);
    } catch (PolicyException ex) {
        throw new EntitlementException(510, ex);
    }
}

Example 75 with PolicyException

use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.

the class EntitlementService method updateEnvironmentRealmDn.

/**
     * For the passed in Entitlement environment, update the value associated with the key "am.policy.realmDN".
     *
     * @param environment The Entitlement environment to update with new realm DN value.
     * @param subRealm The Sub Realm whose DN value should be stored in the environment map.
     * @return The existing realm DN value stored in the environment map to enable it to be restored, may be
     *         null if the Policy Configuration for the Sub Realm could not be loaded.
     * @see #restoreEnvironmentRealmDn
     */
public Set<String> updateEnvironmentRealmDn(Map<String, Set<String>> environment, String subRealm) {
    String orgDN = DNMapper.orgNameToDN(subRealm);
    Map orgConfig = null;
    Set<String> savedRealmDn = null;
    try {
        orgConfig = PolicyConfig.getPolicyConfig(orgDN);
    } catch (PolicyException ex) {
        PolicyConstants.DEBUG.error("EntitlementService.updateEnvironmentRealmDn: " + "can not get policy config for sub-realm : " + subRealm + " org : " + orgDN, ex);
    }
    if (orgConfig != null) {
        /**
             * Save the realm name for the current policy config before passing control down to sub-realm
             */
        savedRealmDn = environment.get(PolicyEvaluator.REALM_DN);
        // Update env to point to the realm policy config data.
        environment.put(PolicyEvaluator.REALM_DN, CollectionUtils.asSet(orgDN));
    }
    return savedRealmDn;
}