use of com.sun.identity.policy.Rule in project OpenAM by OpenRock.
the class PrivilegeUtils method privilegeToPolicy.
public static Policy privilegeToPolicy(String realm, Privilege privilege) throws PolicyException, SSOException, EntitlementException {
Policy policy = new Policy(privilege.getName());
policy.setDescription(privilege.getDescription());
if (privilege.getEntitlement() != null) {
Entitlement entitlement = privilege.getEntitlement();
Set<Rule> rules = entitlementToRule(realm, entitlement);
for (Rule rule : rules) {
policy.addRule(rule);
}
}
EntitlementSubject es = privilege.getSubject();
if ((es != null) && (es != Privilege.NOT_SUBJECT)) {
Subject sbj = eSubjectToEPSubject(es);
policy.addSubject(getSubjectName(es), sbj, false);
}
EntitlementCondition ec = privilege.getCondition();
if (ec != null) {
Condition cond = eConditionToEPCondition(ec);
policy.addCondition(getConditionName(ec), cond);
}
if (privilege.getResourceAttributes() != null) {
Map<String, ResponseProvider> nrps = resourceAttributesToResponseProviders(privilege.getResourceAttributes());
for (String rpName : nrps.keySet()) {
ResponseProvider responseProvider = nrps.get(rpName);
policy.addResponseProvider(rpName, responseProvider);
}
}
policy.setCreatedBy(privilege.getCreatedBy());
policy.setCreationDate(privilege.getCreationDate());
policy.setLastModifiedBy(privilege.getLastModifiedBy());
policy.setLastModifiedDate(privilege.getLastModifiedDate());
return policy;
}
use of com.sun.identity.policy.Rule in project OpenAM by OpenRock.
the class PrivilegeUtils method entitlementToRule.
private static Set<Rule> entitlementToRule(String realm, Entitlement entitlement) throws PolicyException, SSOException, EntitlementException {
Set<Rule> rules = new HashSet<Rule>();
String appName = entitlement.getApplicationName();
String realmName = LDAPUtils.isDN(realm) ? DNMapper.orgNameToRealmName(realm) : realm;
Application application = ApplicationManager.getApplication(PolicyConstants.SUPER_ADMIN_SUBJECT, realmName, appName);
if (application == null) {
Object[] params = { appName, realm };
throw new EntitlementException(105, params);
}
String serviceName = application.getApplicationType().getName();
Set<String> resourceNames = entitlement.getResourceNames();
Map<String, Boolean> actionValues = entitlement.getActionValues();
Map av = pravToPav(actionValues, serviceName);
if (resourceNames != null) {
String entName = entitlement.getName();
if (entName == null) {
entName = "entitlement";
}
Rule rule = new Rule(entName, serviceName, null, av);
rule.setResourceNames(resourceNames);
rule.setApplicationName(appName);
rules.add(rule);
}
return rules;
}
use of com.sun.identity.policy.Rule in project OpenAM by OpenRock.
the class IDPPTest method setup.
@BeforeClass
public void setup() throws Exception {
if (!migrated) {
return;
}
user1 = IdRepoUtils.createUser(orgName, USER1_NAME);
group1 = IdRepoUtils.createGroup(orgName, GROUP1_NAME);
group1.addMember(user1);
PolicyManager policyMgr = new PolicyManager(adminToken, orgName);
Policy policy = new Policy("IDPPTestPolicy1");
Set values = new HashSet();
values.add("deny");
Map actionValues = new HashMap();
actionValues.put("MODIFY", values);
actionValues.put("QUERY", values);
String resourceName = "*";
String ruleName = "rule1";
Rule rule = new Rule(ruleName, serviceType, resourceName, actionValues);
policy.addRule(rule);
SubjectTypeManager subjectTypeMgr = policyMgr.getSubjectTypeManager();
com.sun.identity.policy.interfaces.Subject subject = subjectTypeMgr.getSubject("AMIdentitySubject");
values = new HashSet();
values.add(group1.getUniversalId());
subject.setValues(values);
policy.addSubject("subject1", subject, false);
policyMgr.addPolicy(policy);
}
use of com.sun.identity.policy.Rule in project OpenAM by OpenRock.
the class PrivilegeUtils method rulesToEntitlement.
private static Set<Entitlement> rulesToEntitlement(Policy policy) throws PolicyException, SSOException, EntitlementException {
Set<Rule> rules = getRules(policy);
Set<Entitlement> entitlements = new HashSet<Entitlement>();
for (Rule rule : rules) {
String serviceName = rule.getServiceTypeName();
Map<String, Boolean> actionMap = pavToPrav(rule.getActionValues(), serviceName);
String entitlementName = rule.getName();
Set<String> resourceNames = new HashSet<String>();
Set<String> ruleResources = rule.getResourceNames();
if (ruleResources != null) {
resourceNames.addAll(ruleResources);
}
Entitlement entitlement = new Entitlement(rule.getApplicationName(), resourceNames, actionMap);
entitlement.setName(entitlementName);
entitlements.add(entitlement);
}
return entitlements;
}
use of com.sun.identity.policy.Rule in project OpenAM by OpenRock.
the class DelegationPolicyImpl method policyToPrivilege.
/**
* Converts a policy to a delegation privilege.
* @param policy policy to be converted
* @return priv <code>DelegationPrivilege</code> represting policy.
*/
private DelegationPrivilege policyToPrivilege(Policy policy) throws DelegationException {
String pname = null;
Set permissions = new HashSet();
Set svalues = new HashSet();
if (policy == null) {
return null;
}
try {
// get policy name, which is the privilege name as well
pname = policy.getName();
// get privilege subjects
Set snames = policy.getSubjectNames();
if ((snames != null) && (!snames.isEmpty())) {
if (snames.contains(DELEGATION_AUTHN_USERS)) {
svalues.add(AUTHN_USERS_ID);
}
if (snames.contains(DELEGATION_SUBJECT)) {
Subject subject = policy.getSubject(DELEGATION_SUBJECT);
Set values = subject.getValues();
if (values != null) {
svalues.addAll(values);
}
}
}
if (DelegationManager.debug.messageEnabled()) {
DelegationManager.debug.message("SubjectValues=" + svalues);
}
String realmName = null;
String serviceName = null;
String version = null;
String configType = null;
String subconfigName = null;
String resource = null;
Set actions = null;
Set ruleNames = policy.getRuleNames();
if ((ruleNames != null) && (!ruleNames.isEmpty())) {
Iterator rit = ruleNames.iterator();
while (rit.hasNext()) {
String ruleName = (String) rit.next();
// now try to get resource and action names
Rule rule = policy.getRule(ruleName);
String service = rule.getServiceTypeName();
if (service.equalsIgnoreCase(DelegationManager.DELEGATION_SERVICE)) {
resource = rule.getResourceName();
actions = rule.getActionNames();
// required to construct a delegation permission
if (resource.startsWith(PREFIX)) {
String suffix = resource.substring(PREFIX.length());
if (suffix != null) {
StringTokenizer st = new StringTokenizer(suffix, DELIMITER);
realmName = st.nextToken();
if (st.hasMoreTokens()) {
serviceName = st.nextToken();
if (st.hasMoreTokens()) {
version = st.nextToken();
if (st.hasMoreTokens()) {
configType = st.nextToken();
if (st.hasMoreTokens()) {
subconfigName = st.nextToken();
while (st.hasMoreTokens()) {
subconfigName += DELIMITER + st.nextToken();
}
}
}
}
}
}
}
if (DelegationManager.debug.messageEnabled()) {
DelegationManager.debug.message("DelegationPolicyImpl.policyToPrivilege(): " + "create DelegationPermission object with: " + "realm=" + realmName + "; service=" + serviceName + "; version=" + version + "; configType=" + configType + "; subconfig=" + subconfigName + "; actions=" + actions);
}
DelegationPermission dp = new DelegationPermission(realmName, serviceName, version, configType, subconfigName, actions, null);
permissions.add(dp);
}
}
}
return new DelegationPrivilege(pname, permissions, svalues);
} catch (Exception e) {
throw new DelegationException(e);
}
}
Aggregations