Examples with PolicyManager com.sun.identity.policy.PolicyManager used on opensource projects

Example 16 with PolicyManager

use of com.sun.identity.policy.PolicyManager in project OpenAM by OpenRock.

the class UpgradeUtils method removeDelegationPolicyAttribute.

/**
      * Removes attribute from a condition.
      *
      * @param policyName Name of Policy.
      * @param attributeName the name of the attribute to be removed.
      * @param conditionName name of the condition
      */
public static void removeDelegationPolicyAttribute(String policyName, String attributeName, String conditionName) {
    String classMethod = "UpgradeUtils:removeDelegationPolicyAttribute";
    try {
        PolicyManager pm = new PolicyManager(ssoToken, HIDDEN_REALM);
        Policy policy = pm.getPolicy(policyName);
        Condition cond = policy.getCondition(conditionName);
        HashMap newMap = new HashMap();
        if (cond != null) {
            Map orig = cond.getProperties();
            Iterator i = (orig.keySet()).iterator();
            while (i.hasNext()) {
                String key = (String) i.next();
                if (!key.equals(attributeName)) {
                    HashSet values = (HashSet) orig.get(key);
                    newMap.put(key, values);
                }
            }
            if (debug.messageEnabled()) {
                debug.message(classMethod + "attributes :" + newMap);
            }
            cond.setProperties(newMap);
            policy.replaceCondition(conditionName, cond);
        }
        pm.replacePolicy(policy);
    } catch (PolicyException e) {
        debug.error(classMethod, e);
    } catch (SSOException e) {
        debug.error(classMethod, e);
    }
}

Example 17 with PolicyManager

use of com.sun.identity.policy.PolicyManager in project OpenAM by OpenRock.

the class IDPPTest method setup.

@BeforeClass
public void setup() throws Exception {
    if (!migrated) {
        return;
    }
    user1 = IdRepoUtils.createUser(orgName, USER1_NAME);
    group1 = IdRepoUtils.createGroup(orgName, GROUP1_NAME);
    group1.addMember(user1);
    PolicyManager policyMgr = new PolicyManager(adminToken, orgName);
    Policy policy = new Policy("IDPPTestPolicy1");
    Set values = new HashSet();
    values.add("deny");
    Map actionValues = new HashMap();
    actionValues.put("MODIFY", values);
    actionValues.put("QUERY", values);
    String resourceName = "*";
    String ruleName = "rule1";
    Rule rule = new Rule(ruleName, serviceType, resourceName, actionValues);
    policy.addRule(rule);
    SubjectTypeManager subjectTypeMgr = policyMgr.getSubjectTypeManager();
    com.sun.identity.policy.interfaces.Subject subject = subjectTypeMgr.getSubject("AMIdentitySubject");
    values = new HashSet();
    values.add(group1.getUniversalId());
    subject.setValues(values);
    policy.addSubject("subject1", subject, false);
    policyMgr.addPolicy(policy);
}

Example 18 with PolicyManager

use of com.sun.identity.policy.PolicyManager in project OpenAM by OpenRock.

the class IdentityGroupToEntitlementGroupTest method test.

@Test
public void test() throws Exception {
    SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
    PolicyManager pm = new PolicyManager(adminToken, "/");
    Policy policy = new Policy("IdentityGroupToEntitlementGroupTest", "desc", false);
    policy.addRule(createRule());
    policy.addSubject("subject", createSubject(pm));
    Set<IPrivilege> privileges = PrivilegeUtils.policyObjectToPrivileges(policy);
    if ((privileges == null) || privileges.isEmpty()) {
        throw new Exception("IdentityGroupToEntitlementGroupTest, set is empty");
    }
    Privilege p = (Privilege) privileges.iterator().next();
//uncomment after the groupsubject mapping is done
/*        EntitlementSubject subject = p.getSubject();
        if (!(subject instanceof OrSubject)) {
            throw new Exception(
                "IdentityGroupToEntitlementGroupTest, orSubject not found");
        }

        OrSubject orSubject = (OrSubject)subject;
        Set<EntitlementSubject> subjects = orSubject.getESubjects();
        if ((subjects == null) || (subjects.size() != 2)) {
            throw new Exception(
                "IdentityGroupToEntitlementGroupTest, subjects collection is incorrect");
        }

        for (EntitlementSubject s : subjects) {
            if (!(s instanceof GroupSubject)) {
                throw new Exception(
                    "IdentityGroupToEntitlementGroupTest, no group subject");
            }
        }*/
}

Example 19 with PolicyManager

use of com.sun.identity.policy.PolicyManager in project OpenAM by OpenRock.

the class OrgAliasReferralTestOldAPI method createPrivilege.

private void createPrivilege() throws Exception {
    Policy policy = new Policy("OrgAliasReferralTestOldAPI", "", false);
    PolicyManager pm = new PolicyManager(adminToken, SUB_REALM1);
    SubjectTypeManager sm = pm.getSubjectTypeManager();
    policy.addSubject("s", sm.getSubject("AuthenticatedUsers"));
    policy.addRule(createRule1());
    pm.addPolicy(policy);
}

Example 20 with PolicyManager

use of com.sun.identity.policy.PolicyManager in project OpenAM by OpenRock.

the class MigrateValidGotoSetting method initialize.

@Override
public void initialize() throws UpgradeException {
    try {
        final PolicyManager pm = new PolicyManager(getAdminToken(), HIDDEN_REALM);
        if (pm.getPolicyNames(DELEGATION_POLICY_NAME).isEmpty()) {
            if (DEBUG.messageEnabled()) {
                DEBUG.message("Unable to find the delegation policy in the hidden realm, looking for existing goto" + " domain values.");
            }
            //The delegation policy is not defined yet in the configuration, we need to migrate the goto domains.
            final ServiceConfigManager scm = new ServiceConfigManager(ISAuthConstants.AUTH_SERVICE_NAME, getAdminToken());
            for (final String realm : getRealmNames()) {
                if (DEBUG.messageEnabled()) {
                    DEBUG.message("Looking for valid goto URLs in realm " + realm);
                }
                final ServiceConfig organizationConfig = scm.getOrganizationConfig(realm, null);
                final Map<String, Set<String>> attrs = organizationConfig.getAttributesWithoutDefaults();
                final Set<String> validDomains = attrs.get(LEGACY_GOTO_DOMAINS_SETTING);
                if (validDomains != null && !validDomains.isEmpty()) {
                    changes.put(realm, validDomains);
                }
            }
            if (DEBUG.messageEnabled()) {
                DEBUG.message("Found the following existing goto URL domains in realms: " + changes);
            }
        } else {
            delegationPolicyFound = true;
        }
    } catch (final NameNotFoundException nnfe) {
        throw new UpgradeException("Unable to find hidden realm", nnfe);
    } catch (final PolicyException pe) {
        throw new UpgradeException("Unexpected error occurred while retrieving policies from the hidden realm", pe);
    } catch (final SMSException smse) {
        throw new UpgradeException("An error occurred while checking for old valid goto domains", smse);
    } catch (final SSOException ssoe) {
        throw new UpgradeException("An error occurred while checking for old valid goto domains", ssoe);
    }
}