Example 26 with PolicyManager
use of com.sun.identity.policy.PolicyManager in project OpenAM by OpenRock.
the class AddAMSDKIdRepoPlugin method loadDelegrationPolicies.
private void loadDelegrationPolicies(String xmlData) {
SSOToken adminSSOToken = getAdminSSOToken();
IOutput outputWriter = getOutputWriter();
// Load delegation policies for Top-level Admin Role and others
try {
xmlData = getResourceContent("defaultDelegationPoliciesForAmSDK.xml");
// Tag swap: @SM_CONFIG_ROOT_SUFFIX@ & @SM_ROOT_SUFFIX_HAT@
String smsRootSuffix = ServiceManager.getBaseDN();
xmlData = xmlData.replaceAll("@SM_CONFIG_ROOT_SUFFIX@", smsRootSuffix);
String smsRootHat = smsRootSuffix.replaceAll(",", "^");
xmlData = xmlData.replaceAll("@SM_ROOT_SUFFIX_HAT@", smsRootHat);
// Tag swap: @ROOT_SUFFIX@
xmlData = xmlData.replaceAll("@ROOT_SUFFIX@", DNUtils.normalizeDN(basedn));
InputStream xmlInputStream = (InputStream) new ByteArrayInputStream(xmlData.getBytes());
PolicyManager pm = new PolicyManager(adminSSOToken, "/sunamhiddenrealmdelegationservicepermissions");
PolicyUtils.createPolicies(pm, xmlInputStream);
} catch (Exception e) {
outputWriter.printlnMessage(params[0] + ": " + getResourceString("datastore-add-amsdk-idrepo-plugin-policies-failed") + ": " + e.getMessage());
}
}
Also used :
PolicyManager(com.sun.identity.policy.PolicyManager)
SSOToken(com.iplanet.sso.SSOToken)
ByteArrayInputStream(java.io.ByteArrayInputStream)
IOutput(com.sun.identity.cli.IOutput)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DataInputStream(java.io.DataInputStream)
InputStream(java.io.InputStream)
CLIException(com.sun.identity.cli.CLIException)
SSOException(com.iplanet.sso.SSOException)
SMSException(com.sun.identity.sm.SMSException)
IOException(java.io.IOException)
Example 27 with PolicyManager
use of com.sun.identity.policy.PolicyManager in project OpenAM by OpenRock.
the class PolicyModelImpl method getReferralSyntax.
/**
* Returns syntax for a referral.
*
* @param realmName Name of Realm.
* @param referralType Name of referral type.
* @return syntax for a referral.
*/
public Syntax getReferralSyntax(String realmName, String referralType) {
Syntax syntax = Syntax.NONE;
try {
PolicyManager policyMgr = getPolicyManager(realmName);
if (policyMgr != null) {
ReferralTypeManager referralTypeMgr = policyMgr.getReferralTypeManager();
Referral referral = referralTypeMgr.getReferral(referralType);
syntax = referral.getValueSyntax(getUserSSOToken());
}
} catch (SSOException e) {
debug.warning("PolicyModelImpl.getActiveReferralTypes", e);
} catch (NameNotFoundException e) {
debug.warning("PolicyModelImpl.getActiveReferralTypes", e);
} catch (PolicyException e) {
debug.warning("PolicyModelImpl.getActiveReferralTypes", e);
} catch (AMConsoleException e) {
debug.warning("PolicyModelImpl.getReferralActionSchema", e);
}
return syntax;
}
Also used :
ReferralTypeManager(com.sun.identity.policy.ReferralTypeManager)
PolicyManager(com.sun.identity.policy.PolicyManager)
Referral(com.sun.identity.policy.interfaces.Referral)
NameNotFoundException(com.sun.identity.policy.NameNotFoundException)
PolicyException(com.sun.identity.policy.PolicyException)
SSOException(com.iplanet.sso.SSOException)
Syntax(com.sun.identity.policy.Syntax)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
Example 28 with PolicyManager
use of com.sun.identity.policy.PolicyManager in project OpenAM by OpenRock.
the class DelegationPolicyImpl method removePrivilege.
/**
* Removes a delegation privilege from a specific realm.
*
* @param token The <code>SSOToken</code> of the requesting user
* @param orgName The name of the realm from which the delegation
* privilege is to be removed.
* @param privilegeName The name of the delegation privilege to be removed.
*
* @throws SSOException invalid or expired single-sign-on token
* @throws DelegationException for any abnormal condition
*/
public void removePrivilege(SSOToken token, String orgName, String privilegeName) throws SSOException, DelegationException {
try {
// Need to check if user has "delegate" permissions for org
if (hasDelegationPermissionsForRealm(token, orgName)) {
// Replace token with AdminToken
token = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
}
PolicyManager pm = new PolicyManager(token, POLICY_REPOSITORY_REALM);
String prefix = null;
if (orgName != null) {
/* the name of the policy is in the form of
* orgName^^privilegeName, the privilegeName is the
* name of the delegation privilege that the policy
* is corresponding to. In case the orgName is in a
* DN format, the special char ',' is replaced to
* avoid saving problem.
*/
prefix = orgName.toLowerCase() + NAME_DELIMITER;
prefix = prefix.replace(',', REPLACEMENT_FOR_COMMA);
} else {
prefix = NAME_DELIMITER;
}
pm.removePolicy(prefix + privilegeName);
} catch (Exception e) {
throw new DelegationException(e);
}
}
Also used :
PolicyManager(com.sun.identity.policy.PolicyManager)
DelegationException(com.sun.identity.delegation.DelegationException)
DelegationException(com.sun.identity.delegation.DelegationException)
PolicyException(com.sun.identity.policy.PolicyException)
SSOException(com.iplanet.sso.SSOException)
IdRepoException(com.sun.identity.idm.IdRepoException)
Example 29 with PolicyManager
use of com.sun.identity.policy.PolicyManager in project OpenAM by OpenRock.
the class DelegationPolicyImpl method addPrivilege.
/**
* Adds a delegation privilege to a specific realm. The permission will be
* added to the existing privilege in the event that this method is trying
* to add to an existing privilege.
*
* @param token The <code>SSOToken</code> of the requesting user
* @param orgName The name of the realm to which the delegation privilege
* is to be added.
* @param privilege The delegation privilege to be added.
*
* @throws SSOException invalid or expired single-sign-on token
* @throws DelegationException if any abnormal condition occurred.
*/
public void addPrivilege(SSOToken token, String orgName, DelegationPrivilege privilege) throws SSOException, DelegationException {
if (privilege != null) {
try {
// Need to check if user has "delegate" permissions for org
if (hasDelegationPermissionsForRealm(token, orgName)) {
// Replace token with AdminToken
token = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
}
PolicyManager pm = new PolicyManager(token, POLICY_REPOSITORY_REALM);
Policy p = privilegeToPolicy(pm, privilege, orgName);
if (p != null) {
Set existingPolicies = pm.getPolicyNames();
if (existingPolicies.contains(p.getName())) {
Set<String> subjectNames = p.getSubjectNames();
if ((subjectNames == null) || subjectNames.isEmpty()) {
pm.removePolicy(p.getName());
} else {
pm.replacePolicy(p);
}
} else {
Set<String> subjectNames = p.getSubjectNames();
if ((subjectNames != null) && !subjectNames.isEmpty()) {
pm.addPolicy(p);
}
}
} else {
throw new DelegationException(ResBundleUtils.rbName, "invalid_delegation_privilege", null, null);
}
} catch (Exception e) {
throw new DelegationException(e);
}
}
}
Also used :
Policy(com.sun.identity.policy.Policy)
PolicyManager(com.sun.identity.policy.PolicyManager)
Set(java.util.Set)
HashSet(java.util.HashSet)
DelegationException(com.sun.identity.delegation.DelegationException)
DelegationException(com.sun.identity.delegation.DelegationException)
PolicyException(com.sun.identity.policy.PolicyException)
SSOException(com.iplanet.sso.SSOException)
IdRepoException(com.sun.identity.idm.IdRepoException)
Example 30 with PolicyManager
use of com.sun.identity.policy.PolicyManager in project OpenAM by OpenRock.
the class PrivilegeUtils method referralPrivilegeToPolicy.
public static Policy referralPrivilegeToPolicy(String realm, ReferralPrivilege referralPrivilege) throws PolicyException, SSOException, EntitlementException {
Policy policy = new Policy(referralPrivilege.getName(), referralPrivilege.getDescription(), true);
SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
javax.security.auth.Subject adminSubject = SubjectUtils.createSubject(adminToken);
PolicyManager pm = new PolicyManager(adminToken, realm);
ReferralTypeManager rm = pm.getReferralTypeManager();
policy.setCreatedBy(referralPrivilege.getCreatedBy());
policy.setCreationDate(referralPrivilege.getCreationDate());
policy.setLastModifiedBy(referralPrivilege.getLastModifiedBy());
policy.setLastModifiedDate(referralPrivilege.getLastModifiedDate());
int count = 1;
for (String r : referralPrivilege.getRealms()) {
Referral referral = rm.getReferral("SubOrgReferral");
Set<String> tmp = new HashSet<String>();
tmp.add(r);
referral.setValues(tmp);
policy.addReferral("referral" + count++, referral);
}
Map<String, Set<String>> map = referralPrivilege.getOriginalMapApplNameToResources();
count = 1;
String realmName = LDAPUtils.isDN(realm) ? DNMapper.orgNameToRealmName(realm) : realm;
for (String appName : map.keySet()) {
Set<String> res = map.get(appName);
Application application = ApplicationManager.getApplication(PolicyConstants.SUPER_ADMIN_SUBJECT, realmName, appName);
if (application == null) {
Object[] params = { appName, realm };
throw new EntitlementException(105, params);
}
String serviceName = application.getApplicationType().getName();
for (String r : res) {
Rule rule = new Rule("rule" + count++, serviceName, r, Collections.EMPTY_MAP);
rule.setApplicationName(appName);
policy.addRule(rule);
}
}
return policy;
}
Also used :
Policy(com.sun.identity.policy.Policy)
ReferralTypeManager(com.sun.identity.policy.ReferralTypeManager)
PolicyManager(com.sun.identity.policy.PolicyManager)
SSOToken(com.iplanet.sso.SSOToken)
HashSet(java.util.HashSet)
Set(java.util.Set)
EntitlementException(com.sun.identity.entitlement.EntitlementException)
Referral(com.sun.identity.policy.interfaces.Referral)
Rule(com.sun.identity.policy.Rule)
Application(com.sun.identity.entitlement.Application)
HashSet(java.util.HashSet)
Aggregations
PolicyManager (com.sun.identity.policy.PolicyManager)61
PolicyException (com.sun.identity.policy.PolicyException)40
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)33
SSOException (com.iplanet.sso.SSOException)28
NameNotFoundException (com.sun.identity.policy.NameNotFoundException)23
HashSet (java.util.HashSet)18
Set (java.util.Set)18
Policy (com.sun.identity.policy.Policy)16
Map (java.util.Map)13
HashMap (java.util.HashMap)12
Iterator (java.util.Iterator)11
SubjectTypeManager (com.sun.identity.policy.SubjectTypeManager)10
SSOToken (com.iplanet.sso.SSOToken)8
Subject (com.sun.identity.policy.interfaces.Subject)8
UpgradeException (org.forgerock.openam.upgrade.UpgradeException)8
ReferralTypeManager (com.sun.identity.policy.ReferralTypeManager)7
Referral (com.sun.identity.policy.interfaces.Referral)7
ConditionTypeManager (com.sun.identity.policy.ConditionTypeManager)6
ResponseProviderTypeManager (com.sun.identity.policy.ResponseProviderTypeManager)6
Condition (com.sun.identity.policy.interfaces.Condition)5
