Examples with PolicyManager com.sun.identity.policy.PolicyManager used on opensource projects

Example 31 with PolicyManager

use of com.sun.identity.policy.PolicyManager in project OpenAM by OpenRock.

the class PolicySubject method evaluate.

/**
     * Returns subject decision.
     *
     * @param realm Realm name.
     * @param mgr Subject attribute manager
     * @param subject Subject to be evaluated.
     * @param resourceName Resource name to be evaluated.
     * @param environment Environment map.
     * @return subject decision.
     * @throws com.sun.identity.entitlement.EntitlementException if error
     *         occurs.
     */
public SubjectDecision evaluate(String realm, SubjectAttributesManager mgr, javax.security.auth.Subject subject, String resourceName, Map<String, Set<String>> environment) throws EntitlementException {
    SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
    try {
        PolicyManager pm = new PolicyManager(adminToken, realm);
        Subject sbj = getPolicySubject();
        sbj.initialize(pm.getPolicyConfig());
        SSOToken token = getSSOToken(subject);
        boolean result = (token == null) ? true : sbj.isMember(token) ^ exclusive;
        return new SubjectDecision(result, Collections.EMPTY_MAP);
    } catch (SSOException ex) {
        throw new EntitlementException(508, ex);
    } catch (PolicyException ex) {
        throw new EntitlementException(508, ex);
    }
}

Example 32 with PolicyManager

use of com.sun.identity.policy.PolicyManager in project OpenAM by OpenRock.

the class RealmTest method deletePolicy.

@Test(groups = { "cli-realm", "delete-policies" }, dependsOnMethods = { "getPolicy" })
public void deletePolicy() throws CLIException, PolicyException, SSOException {
    entering("deletePolicy", null);
    String[] args = { "delete-policies", CLIConstants.PREFIX_ARGUMENT_LONG + IArgument.REALM_NAME, "/", CLIConstants.PREFIX_ARGUMENT_LONG + RealmDeletePolicy.ARGUMENT_POLICY_NAMES, "clipolicy" };
    SSOToken adminSSOToken = getAdminSSOToken();
    CLIRequest req = new CLIRequest(null, args, adminSSOToken);
    cmdManager.addToRequestQueue(req);
    cmdManager.serviceRequestQueue();
    PolicyManager pm = new PolicyManager(adminSSOToken, "/");
    try {
        Policy p = pm.getPolicy("clipolicy");
        assert (p == null);
    } catch (NameNotFoundException e) {
    // do nothing
    }
    exiting("deletePolicy");
}

Example 33 with PolicyManager

use of com.sun.identity.policy.PolicyManager in project OpenAM by OpenRock.

the class UpgradeUtils method removeDelegationCondition.

/**
      * Removes Condition Properties.
      *
      * @param policyName Name of Policy.
      * @param attributeName the name of the attribute whose default values
      *        needs to be updated.
      * @param conditionNameMap Map of condition name to map of property name to
      *        set of attribute values to be removed.
      */
public static void removeDelegationCondition(String policyName, String attributeName, Map conditionNameMap) {
    try {
        PolicyManager pm = new PolicyManager(ssoToken, HIDDEN_REALM);
        Policy policy = pm.getPolicy(policyName);
        for (Iterator i = conditionNameMap.keySet().iterator(); i.hasNext(); ) {
            String condName = (String) i.next();
            Condition cond = policy.getCondition(condName);
            if (cond != null) {
                Set removeSet = (HashSet) conditionNameMap.get(condName);
                Map orig = cond.getProperties();
                for (Iterator j = removeSet.iterator(); j.hasNext(); ) {
                    String defaultValue = (String) j.next();
                    Set origValues = (Set) orig.get(attributeName);
                    if (origValues != null) {
                        origValues.removeAll(removeSet);
                    }
                }
                cond.setProperties(orig);
                policy.replaceCondition(condName, cond);
            }
        }
        pm.replacePolicy(policy);
    } catch (PolicyException e) {
        debug.error("UpgradeUtils.removeDelegationCondition", e);
    } catch (SSOException e) {
        debug.error("UpgradeUtils.removeDelegationCondition", e);
    }
}

Example 34 with PolicyManager

use of com.sun.identity.policy.PolicyManager in project OpenAM by OpenRock.

the class UpgradeEntitlementsStep method initialize.

@Override
public void initialize() throws UpgradeException {
    try {
        DEBUG.message("Initializing UpgradeEntitlementsStep");
        ServiceConfig appType = getDefaultApplicationType();
        Map<String, Set<String>> attrs = appType.getAttributes();
        String searchImpl = CollectionHelper.getMapAttr(attrs, SEARCH_INDEX_IMPL);
        String saveImpl = CollectionHelper.getMapAttr(attrs, SAVE_INDEX_IMPL);
        if (NEW_SEARCH_IMPL.equals(searchImpl) && NEW_SAVE_IMPL.equals(saveImpl)) {
            DEBUG.message("The entitlements framework is already using the new TreeSearchIndex/TreeSaveIndex" + " implementations");
        } else {
            // There might not be any policies to upgrade but always update the search and save index
            // implementation values if they are not already updated.
            upgradeIndexImpls = true;
            for (String realm : getRealmNames()) {
                Map<PolicyType, Set<String>> map = new EnumMap<PolicyType, Set<String>>(PolicyType.class);
                PolicyManager pm = new PolicyManager(getAdminToken(), realm);
                Set<String> policyNames = pm.getPolicyNames();
                for (String policyName : policyNames) {
                    Policy policy = pm.getPolicy(policyName);
                    PolicyType type;
                    if (policy.isReferralPolicy()) {
                        type = PolicyType.REFERRAL;
                    } else {
                        //There is a small edgecase here in case a rule contains multiple resourcenames, but that
                        //isn't quite a supported case anyways
                        policyRuleCount += policy.getRuleNames().size();
                        type = PolicyType.POLICY;
                    }
                    Set<String> values = map.get(type);
                    if (values == null) {
                        values = new HashSet<String>();
                    }
                    values.add(policyName);
                    map.put(type, values);
                    upgradableConfigs.put(realm, map);
                }
            }
            if (DEBUG.messageEnabled()) {
                DEBUG.message("Discovered following policies/referrals:\n" + upgradableConfigs);
            }
        }
    } catch (Exception ex) {
        DEBUG.error("Error while trying to detect changes in entitlements", ex);
        throw new UpgradeException(ex);
    }
}

Example 35 with PolicyManager

use of com.sun.identity.policy.PolicyManager in project OpenAM by OpenRock.

the class AllowEvaluateForAgentsUpgradeStep method initialize.

@Override
public void initialize() throws UpgradeException {
    try {
        // Does the policy already exist...
        manager = new PolicyManager(getAdminToken(), HIDDEN_REALM);
        applicable = manager.getPolicyNames(EVALUATE_POLICY).isEmpty();
    } catch (SSOException ssoE) {
        throw new UpgradeException("Failed to identify existing privileges", ssoE);
    } catch (PolicyException pE) {
        throw new UpgradeException("Failed to identify existing privileges", pE);
    }
}