use of com.sun.identity.policy.Rule in project OpenAM by OpenRock.
the class UpgradeUtils method createPolicyAdminPolicy.
/**
* Creates Policy Admin Policy.
*
* @param policyManager the policy manager object.
* @param orgDN the organization dn.
* @param orgID the organization identifier.
*/
private static void createPolicyAdminPolicy(PolicyManager policyManager, String orgDN, String orgID) {
String classMethod = "UpgradeUtils:createRealmReadOnlyPolicy";
try {
String policyName = orgID + "^^PolicyAdmin";
Policy realmPolicy = new Policy(policyName, null, false, true);
// create Rule
String resourceName = "sms://*" + orgDN + "/" + POLICY_SERVICE;
Rule rule = getRule(DELEGATION_SERVICE, resourceName);
if (rule != null) {
realmPolicy.addRule(rule);
}
// add subjects
String policyAdminRoleUniversalID = getUniversalID(orgDN, ORG_POLICY_ADMIN_ROLE);
Subject subject = getSubject(policyManager, policyAdminRoleUniversalID);
if (subject != null) {
realmPolicy.addSubject(DELEGATION_SUBJECT, subject, false);
}
policyManager.addPolicy(realmPolicy);
} catch (Exception e) {
debug.error(classMethod + "Error creating policy admin policy", e);
}
}
use of com.sun.identity.policy.Rule in project OpenAM by OpenRock.
the class UpgradeUtils method getRule.
/**
* Returns the policy <code>Rule</code> object.
*
* @param serviceName name of the service.
* @param resourceName name of the resource
* @param actionsMap map of allowed actions on the resource.
* the key is the actions (MODIFY,DELEGATE,READ)
* and the values is a set indicating whether
* action is allowed or denied.
* @return <code>Rule</code> object.
*/
private static Rule getRule(String ruleName, String serviceName, String resourceName, Map actionsMap) {
String classMethod = "UpgradeUtils:getRule : ";
Rule rule = null;
try {
rule = new Rule(ruleName, serviceName, resourceName, actionsMap);
} catch (Exception e) {
debug.error(classMethod + "Error creating rule ", e);
}
return rule;
}
use of com.sun.identity.policy.Rule in project OpenAM by OpenRock.
the class UpgradeEntitlementsStep method upgradeReferrals.
private void upgradeReferrals(PolicyManager pm, Set<String> referrals) throws Exception {
for (String referralName : referrals) {
if (DEBUG.messageEnabled()) {
DEBUG.message("Upgrading referral: " + referralName);
}
Policy referral = pm.getPolicy(referralName);
Set<String> resourceNames = getResourceNames(referral);
Set<String> currentRuleNames = new HashSet<String>(referral.getRuleNames());
for (String ruleName : currentRuleNames) {
Rule rule = referral.getRule(ruleName);
for (String definedResourceName : rule.getResourceNames()) {
if (definedResourceName.endsWith("*?*")) {
//This is a special case we don't want to handle for referrals
} else if (definedResourceName.endsWith("*")) {
//define a new *?* resource within this referral
addSimilarPolicyRule(referral, rule, resourceNames, definedResourceName + "?*");
} else {
//no wildcard at the end of the resource name, we should create both * and *?*
addSimilarPolicyRule(referral, rule, resourceNames, definedResourceName + "*");
addSimilarPolicyRule(referral, rule, resourceNames, definedResourceName + "*?*");
}
}
}
UpgradeProgress.reportStart("upgrade.entitlement.referral", referral.getName());
//in either case we need to replace this referral to ensure the indexes are updated
pm.replacePolicy(referral);
UpgradeProgress.reportEnd("upgrade.success");
}
}
use of com.sun.identity.policy.Rule in project OpenAM by OpenRock.
the class UpgradeEntitlementsStep method addSimilarPolicyRule.
/**
* Creates a new rule in the policy that will be similar to the template rule provided. The main difference will be
* that the new rule with have a different rulename, than the original, and will include the new resourcename only.
*
* @param policy The policy that needs to be modified.
* @param template A rule that can be used as a template when creating the new policy rule.
* @param existingResourceNames The names of resources that are already defined in the policy.
* @param newResourceName The name of the new resource that needs to be added to the policy.
* @throws Exception If there was an error while adding the new rule to the policy.
*/
private void addSimilarPolicyRule(Policy policy, Rule template, Set<String> existingResourceNames, String newResourceName) throws Exception {
if (!existingResourceNames.contains(newResourceName)) {
Rule newRule = (Rule) template.clone();
newRule.setResourceNames(asSet(newResourceName));
int i = 1;
String oldName = newRule.getName();
String newName = oldName;
while (policy.getRuleNames().contains(newName)) {
newName = oldName + "_" + i++;
}
newRule.setName(newName);
policy.addRule(newRule);
}
}
use of com.sun.identity.policy.Rule in project OpenAM by OpenRock.
the class UpgradeUtils method createRealmReadOnlyPolicy.
/**
* Creates Realm Read Only Policy
*
* @param policyManager the policy manager object.
* @param orgDN the organization dn.
* @param orgID the organization identifier.
*/
private static void createRealmReadOnlyPolicy(PolicyManager policyManager, String orgDN, String orgID) {
String classMethod = "UpgradeUtils:createRealmReadOnlyPolicy";
try {
String policyName = orgID + "^^" + REALM_READ_ONLY;
Policy realmPolicy = new Policy(policyName, null, false, true);
// create Rule
String serviceName = DELEGATION_SERVICE;
String resourceName = "sms://*" + orgDN + "/" + REALM_SERVICE;
Rule rule = getRule(serviceName, resourceName);
if (rule != null) {
realmPolicy.addRule(rule);
}
// add subjects
String policyAdminRoleUniversalID = getUniversalID(orgDN, ORG_POLICY_ADMIN_ROLE);
Subject subject = getSubject(policyManager, policyAdminRoleUniversalID);
if (subject != null) {
realmPolicy.addSubject(DELEGATION_SUBJECT, subject, false);
}
policyManager.addPolicy(realmPolicy);
} catch (Exception e) {
debug.error(classMethod + "Error creating realm read only policy", e);
}
}
Aggregations