Example 36 with PolicyManager
use of com.sun.identity.policy.PolicyManager in project OpenAM by OpenRock.
the class ResavePoliciesStep method perform.
public void perform() throws UpgradeException {
try {
for (Map.Entry<String, Set<String>> entry : policyMap.entrySet()) {
String realm = entry.getKey();
Set<String> policyNames = entry.getValue();
PolicyManager pm = new PolicyManager(getAdminToken(), realm);
for (String policyName : policyNames) {
if (DEBUG.messageEnabled()) {
DEBUG.message("Resaving the following policy: " + policyName);
}
UpgradeProgress.reportStart("upgrade.policy.start", policyName);
Policy policy = pm.getPolicy(policyName);
pm.replacePolicy(policy);
UpgradeProgress.reportEnd("upgrade.success");
}
}
} catch (Exception ex) {
UpgradeProgress.reportEnd("upgrade.failed");
DEBUG.error("An error occurred while trying to resave policies", ex);
throw new UpgradeException(ex);
}
}
Also used :
Policy(com.sun.identity.policy.Policy)
UpgradeException(org.forgerock.openam.upgrade.UpgradeException)
PolicyManager(com.sun.identity.policy.PolicyManager)
Set(java.util.Set)
HashSet(java.util.HashSet)
HashMap(java.util.HashMap)
Map(java.util.Map)
UpgradeException(org.forgerock.openam.upgrade.UpgradeException)
Example 37 with PolicyManager
use of com.sun.identity.policy.PolicyManager in project OpenAM by OpenRock.
the class ResavePoliciesStep method initialize.
public void initialize() throws UpgradeException {
DEBUG.message("Initializing ResavePoliciesStep");
if (VersionUtils.isCurrentVersionEqualTo(UpgradeUtils.ELEVEN_VERSION_NUMBER)) {
try {
for (String realm : getRealmNames()) {
PolicyManager pm = new PolicyManager(getAdminToken(), realm);
Set<String> policyNames = pm.getPolicyNames();
if (policyNames != null && !policyNames.isEmpty()) {
policyMap.put(realm, new HashSet<String>(policyNames));
}
}
if (DEBUG.messageEnabled()) {
DEBUG.message("Discovered following policies:\n" + policyMap);
}
} catch (Exception ex) {
DEBUG.error("Error while trying to retrieve policy names", ex);
throw new UpgradeException(ex);
}
}
}
Also used :
UpgradeException(org.forgerock.openam.upgrade.UpgradeException)
PolicyManager(com.sun.identity.policy.PolicyManager)
UpgradeException(org.forgerock.openam.upgrade.UpgradeException)
Example 38 with PolicyManager
use of com.sun.identity.policy.PolicyManager in project OpenAM by OpenRock.
the class SubjectReferentialIntegrityPlugin method postProcessDelete.
/**
* This implementation would visit all the subjects in policies
* across all orgs/sub-orgs and remove the subject values
* corresponding to the deleted entry DN. After removing an entry from a
* subject, checks if that entry is the only one in the subject to
* remove the subject as well.
*/
public void postProcessDelete(SSOToken token, String entryDN, Map attributes, boolean softDeleteEnabled, int objectType) throws AMPostCallBackException {
try {
if (debug.messageEnabled()) {
debug.message("ReferentialIntegrityPlugin.postProcessDelete()");
}
// check the subject types
Set objectTypes = new HashSet();
objectTypes.add(new Integer(AMObject.USER));
objectTypes.add(new Integer(AMObject.ROLE));
objectTypes.add(new Integer(AMObject.ORGANIZATION));
objectTypes.add(new Integer(AMObject.GROUP));
objectTypes.add(new Integer(AMObject.ASSIGNABLE_DYNAMIC_GROUP));
objectTypes.add(new Integer(AMObject.DYNAMIC_GROUP));
objectTypes.add(new Integer(AMObject.FILTERED_ROLE));
if (objectTypes.contains(new Integer(objectType))) {
String subOrg, policyName, subjectName;
Policy policy;
Subject subject;
Iterator policyIter, subjectIter;
// create a DN for the entry to be deleted
DN entryDName = DN.valueOf(entryDN);
//a connection to the Identity Server data store.
AMStoreConnection dpStore = new AMStoreConnection(token);
DN rootDN = DN.valueOf(SMSEntry.getRootSuffix());
if (debug.messageEnabled()) {
debug.message("Searching for all policies from root DN: " + rootDN.toString());
}
PolicyManager pm = new PolicyManager(token, rootDN.toString());
String org = pm.getOrganizationName();
/**
* find out from org policy config that is the directory
* specified is the local directory
*/
Map configParams = PolicyConfig.getPolicyConfig(org);
String ldapServer = ((String) configParams.get(PolicyConfig.LDAP_SERVER)).toLowerCase();
boolean localDS = PolicyUtils.isLocalDS(ldapServer);
/**
* process IdentityServer Role irrespective of local or
* non-local DS
*/
if (objectType == AMObject.ROLE) {
localDS = true;
}
if (localDS) {
AMOrganization rootOrg = (AMOrganization) dpStore.getOrganization(org);
Set subOrgs = null;
//all orgs/sub-orgs
subOrgs = rootOrg.searchSubOrganizations("*", AMConstants.SCOPE_SUB);
Iterator orgIter = subOrgs.iterator();
while (orgIter.hasNext()) {
subOrg = (String) orgIter.next();
if (debug.messageEnabled()) {
debug.message("Visiting suborg: " + subOrg);
}
PolicyManager pmSubOrg = new PolicyManager(token, subOrg);
// all policies
Set policies = pmSubOrg.getPolicyNames();
policyIter = policies.iterator();
while (policyIter.hasNext()) {
policyName = (String) policyIter.next();
if (debug.messageEnabled()) {
debug.message("policyName: " + policyName);
}
policy = pmSubOrg.getPolicy(policyName);
// referral policies don't have subjects defined
if (!policy.isReferralPolicy()) {
// all subjects
boolean replacePolicy = false;
Set subjectsInPolicy = policy.getSubjectNames();
Set subjects = new HashSet();
subjects.addAll(subjectsInPolicy);
subjectIter = subjects.iterator();
while (subjectIter.hasNext()) {
subjectName = (String) subjectIter.next();
if (debug.messageEnabled()) {
debug.message("subjectName: " + subjectName);
}
subject = policy.getSubject(subjectName);
Set set = subject.getValues();
Iterator ite = set.iterator();
String str = null;
DN strDN = null;
while (ite.hasNext()) {
str = (String) ite.next();
strDN = DN.valueOf(str);
if (entryDName.equals(strDN)) {
replacePolicy = true;
if (debug.messageEnabled()) {
debug.message("DNs match, str:" + str + "entryDN:" + entryDN);
}
set.remove(str);
if (set.isEmpty()) {
policy.removeSubject(subjectName);
if (debug.messageEnabled()) {
debug.message("subjectDeleted:" + subjectName);
}
} else {
subject.setValues(set);
}
break;
}
// match DNs
}
// all subject values in the subject
}
// all subjects in the policy
if (replacePolicy) {
pmSubOrg.replacePolicy(policy);
}
}
// for referral policies
}
// all policies
}
// all orgs
}
// localDS check
}
// objectType check
} catch (PolicyException pe) {
debug.error("ReferentialIntegrityPlugin.postProcessDelete():", pe);
} catch (SSOException sse) {
debug.error("ReferentialIntegrityPlugin.postProcessDelete():", sse);
} catch (Exception e) {
debug.error("ReferentialIntegrityPlugin.postProcessDelete():", e);
}
}
Also used :
Policy(com.sun.identity.policy.Policy)
PolicyManager(com.sun.identity.policy.PolicyManager)
Set(java.util.Set)
HashSet(java.util.HashSet)
DN(org.forgerock.opendj.ldap.DN)
SSOException(com.iplanet.sso.SSOException)
Subject(com.sun.identity.policy.interfaces.Subject)
AMPostCallBackException(com.iplanet.am.sdk.AMPostCallBackException)
SSOException(com.iplanet.sso.SSOException)
PolicyException(com.sun.identity.policy.PolicyException)
AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection)
PolicyException(com.sun.identity.policy.PolicyException)
AMOrganization(com.iplanet.am.sdk.AMOrganization)
Iterator(java.util.Iterator)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 39 with PolicyManager
use of com.sun.identity.policy.PolicyManager in project OpenAM by OpenRock.
the class PolicyModelImpl method getActiveResponseProviderTypes.
/**
* Returns a map of active response provider types for a realm to its
* display name.
*
* @param realmName Name of Realm.
* @return a map of active response provider types for a realm to its
* display name.
*/
public Map getActiveResponseProviderTypes(String realmName) {
Map providerTypes = null;
try {
PolicyManager policyMgr = getPolicyManager(realmName);
if (policyMgr != null) {
ResponseProviderTypeManager providerTypeMgr = policyMgr.getResponseProviderTypeManager();
if (providerTypeMgr != null) {
Set types = providerTypeMgr.getSelectedResponseProviderTypeNames();
providerTypes = new HashMap(types.size() * 2);
for (Iterator iter = types.iterator(); iter.hasNext(); ) {
String rName = (String) iter.next();
providerTypes.put(rName, providerTypeMgr.getDisplayName(rName));
}
}
}
} catch (AMConsoleException e) {
debug.warning("PolicyModelImpl.getActiveResponseProviderTypes", e);
} catch (SSOException e) {
debug.warning("PolicyModelImpl.getActiveResponseProviderTypes", e);
} catch (NameNotFoundException e) {
debug.warning("PolicyModelImpl.getActiveResponseProviderTypes", e);
} catch (PolicyException e) {
debug.warning("PolicyModelImpl.getActiveResponseProviderTypes", e);
}
return (providerTypes == null) ? Collections.EMPTY_MAP : providerTypes;
}
Also used :
PolicyManager(com.sun.identity.policy.PolicyManager)
Set(java.util.Set)
HashSet(java.util.HashSet)
HashMap(java.util.HashMap)
NameNotFoundException(com.sun.identity.policy.NameNotFoundException)
PolicyException(com.sun.identity.policy.PolicyException)
Iterator(java.util.Iterator)
SSOException(com.iplanet.sso.SSOException)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
Map(java.util.Map)
HashMap(java.util.HashMap)
ResponseProviderTypeManager(com.sun.identity.policy.ResponseProviderTypeManager)
Example 40 with PolicyManager
use of com.sun.identity.policy.PolicyManager in project OpenAM by OpenRock.
the class PolicyModelImpl method getSubjectPossibleValues.
/**
* Returns a set of possible values for a subject type.
*
* @param realmName Name of Realm.
* @param subjectType Name of Subject Type.
* @param filter wildcards for filtering the results.
* @return a set of possible values for a subject type.
* @throws AMConsoleException if values cannot be obtained.
*/
public ValidValues getSubjectPossibleValues(String realmName, String subjectType, String filter) throws AMConsoleException {
debug.error("PolicyModelImpl.getSubjectPossibleValues()");
ValidValues values = null;
if ((filter == null) || (filter.trim().length() == 0)) {
filter = "*";
}
try {
PolicyManager policyMgr = getPolicyManager(realmName);
if (policyMgr != null) {
SubjectTypeManager subjectTypeMgr = policyMgr.getSubjectTypeManager();
Subject subject = subjectTypeMgr.getSubject(subjectType);
values = subject.getValidValues(getUserSSOToken(), filter);
}
} catch (AMConsoleException e) {
debug.warning("PolicyModelImpl.getSubjectPossibleValues", e);
} catch (NameNotFoundException e) {
debug.warning("PolicyModelImpl.getSubjectPossibleValues", e);
throw new AMConsoleException(getErrorString(e));
} catch (SSOException e) {
debug.warning("PolicyModelImpl.getSubjectPossibleValues", e);
throw new AMConsoleException(getErrorString(e));
} catch (PolicyException e) {
debug.warning("PolicyModelImpl.getSubjectPossibleValues", e);
throw new AMConsoleException(getErrorString(e));
}
return values;
}
Also used :
PolicyManager(com.sun.identity.policy.PolicyManager)
SubjectTypeManager(com.sun.identity.policy.SubjectTypeManager)
ValidValues(com.sun.identity.policy.ValidValues)
NameNotFoundException(com.sun.identity.policy.NameNotFoundException)
PolicyException(com.sun.identity.policy.PolicyException)
SSOException(com.iplanet.sso.SSOException)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
Subject(com.sun.identity.policy.interfaces.Subject)
Aggregations
PolicyManager (com.sun.identity.policy.PolicyManager)61
PolicyException (com.sun.identity.policy.PolicyException)40
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)33
SSOException (com.iplanet.sso.SSOException)28
NameNotFoundException (com.sun.identity.policy.NameNotFoundException)23
HashSet (java.util.HashSet)18
Set (java.util.Set)18
Policy (com.sun.identity.policy.Policy)16
Map (java.util.Map)13
HashMap (java.util.HashMap)12
Iterator (java.util.Iterator)11
SubjectTypeManager (com.sun.identity.policy.SubjectTypeManager)10
SSOToken (com.iplanet.sso.SSOToken)8
Subject (com.sun.identity.policy.interfaces.Subject)8
UpgradeException (org.forgerock.openam.upgrade.UpgradeException)8
ReferralTypeManager (com.sun.identity.policy.ReferralTypeManager)7
Referral (com.sun.identity.policy.interfaces.Referral)7
ConditionTypeManager (com.sun.identity.policy.ConditionTypeManager)6
ResponseProviderTypeManager (com.sun.identity.policy.ResponseProviderTypeManager)6
Condition (com.sun.identity.policy.interfaces.Condition)5
