Examples with Rule com.sun.identity.policy.Rule used on opensource projects

Example 16 with Rule

use of com.sun.identity.policy.Rule in project OpenAM by OpenRock.

the class UpgradeUtils method createPolicyAdminPolicy.

/**
     * Creates Policy Admin Policy.
     *
     * @param policyManager the policy manager object.
     * @param orgDN the organization dn.
     * @param orgID the organization identifier.
     */
private static void createPolicyAdminPolicy(PolicyManager policyManager, String orgDN, String orgID) {
    String classMethod = "UpgradeUtils:createRealmReadOnlyPolicy";
    try {
        String policyName = orgID + "^^PolicyAdmin";
        Policy realmPolicy = new Policy(policyName, null, false, true);
        // create Rule
        String resourceName = "sms://*" + orgDN + "/" + POLICY_SERVICE;
        Rule rule = getRule(DELEGATION_SERVICE, resourceName);
        if (rule != null) {
            realmPolicy.addRule(rule);
        }
        // add subjects
        String policyAdminRoleUniversalID = getUniversalID(orgDN, ORG_POLICY_ADMIN_ROLE);
        Subject subject = getSubject(policyManager, policyAdminRoleUniversalID);
        if (subject != null) {
            realmPolicy.addSubject(DELEGATION_SUBJECT, subject, false);
        }
        policyManager.addPolicy(realmPolicy);
    } catch (Exception e) {
        debug.error(classMethod + "Error creating policy admin policy", e);
    }
}

Example 17 with Rule

use of com.sun.identity.policy.Rule in project OpenAM by OpenRock.

the class UpgradeUtils method getRule.

/**
     * Returns the policy <code>Rule</code> object.
     *
     * @param serviceName name of the service.
     * @param resourceName name of the resource
     * @param actionsMap map of allowed actions on the resource.
     *        the key is the actions (MODIFY,DELEGATE,READ)
     *        and the values is a set indicating whether
     *        action is allowed or denied.
     * @return <code>Rule</code> object.
     */
private static Rule getRule(String ruleName, String serviceName, String resourceName, Map actionsMap) {
    String classMethod = "UpgradeUtils:getRule : ";
    Rule rule = null;
    try {
        rule = new Rule(ruleName, serviceName, resourceName, actionsMap);
    } catch (Exception e) {
        debug.error(classMethod + "Error creating rule ", e);
    }
    return rule;
}

Example 18 with Rule

use of com.sun.identity.policy.Rule in project OpenAM by OpenRock.

the class UpgradeEntitlementsStep method upgradeReferrals.

private void upgradeReferrals(PolicyManager pm, Set<String> referrals) throws Exception {
    for (String referralName : referrals) {
        if (DEBUG.messageEnabled()) {
            DEBUG.message("Upgrading referral: " + referralName);
        }
        Policy referral = pm.getPolicy(referralName);
        Set<String> resourceNames = getResourceNames(referral);
        Set<String> currentRuleNames = new HashSet<String>(referral.getRuleNames());
        for (String ruleName : currentRuleNames) {
            Rule rule = referral.getRule(ruleName);
            for (String definedResourceName : rule.getResourceNames()) {
                if (definedResourceName.endsWith("*?*")) {
                //This is a special case we don't want to handle for referrals
                } else if (definedResourceName.endsWith("*")) {
                    //define a new *?* resource within this referral
                    addSimilarPolicyRule(referral, rule, resourceNames, definedResourceName + "?*");
                } else {
                    //no wildcard at the end of the resource name, we should create both * and *?*
                    addSimilarPolicyRule(referral, rule, resourceNames, definedResourceName + "*");
                    addSimilarPolicyRule(referral, rule, resourceNames, definedResourceName + "*?*");
                }
            }
        }
        UpgradeProgress.reportStart("upgrade.entitlement.referral", referral.getName());
        //in either case we need to replace this referral to ensure the indexes are updated
        pm.replacePolicy(referral);
        UpgradeProgress.reportEnd("upgrade.success");
    }
}

Example 19 with Rule

use of com.sun.identity.policy.Rule in project OpenAM by OpenRock.

the class UpgradeEntitlementsStep method addSimilarPolicyRule.

/**
     * Creates a new rule in the policy that will be similar to the template rule provided. The main difference will be
     * that the new rule with have a different rulename, than the original, and will include the new resourcename only.
     *
     * @param policy The policy that needs to be modified.
     * @param template A rule that can be used as a template when creating the new policy rule.
     * @param existingResourceNames The names of resources that are already defined in the policy.
     * @param newResourceName The name of the new resource that needs to be added to the policy.
     * @throws Exception If there was an error while adding the new rule to the policy.
     */
private void addSimilarPolicyRule(Policy policy, Rule template, Set<String> existingResourceNames, String newResourceName) throws Exception {
    if (!existingResourceNames.contains(newResourceName)) {
        Rule newRule = (Rule) template.clone();
        newRule.setResourceNames(asSet(newResourceName));
        int i = 1;
        String oldName = newRule.getName();
        String newName = oldName;
        while (policy.getRuleNames().contains(newName)) {
            newName = oldName + "_" + i++;
        }
        newRule.setName(newName);
        policy.addRule(newRule);
    }
}

Example 20 with Rule

use of com.sun.identity.policy.Rule in project OpenAM by OpenRock.

the class UpgradeUtils method createRealmReadOnlyPolicy.

/**
     * Creates Realm Read Only Policy
     *
     * @param policyManager the policy manager object.
     * @param orgDN the organization dn.
     * @param orgID the organization identifier.
     */
private static void createRealmReadOnlyPolicy(PolicyManager policyManager, String orgDN, String orgID) {
    String classMethod = "UpgradeUtils:createRealmReadOnlyPolicy";
    try {
        String policyName = orgID + "^^" + REALM_READ_ONLY;
        Policy realmPolicy = new Policy(policyName, null, false, true);
        // create Rule
        String serviceName = DELEGATION_SERVICE;
        String resourceName = "sms://*" + orgDN + "/" + REALM_SERVICE;
        Rule rule = getRule(serviceName, resourceName);
        if (rule != null) {
            realmPolicy.addRule(rule);
        }
        // add subjects
        String policyAdminRoleUniversalID = getUniversalID(orgDN, ORG_POLICY_ADMIN_ROLE);
        Subject subject = getSubject(policyManager, policyAdminRoleUniversalID);
        if (subject != null) {
            realmPolicy.addSubject(DELEGATION_SUBJECT, subject, false);
        }
        policyManager.addPolicy(realmPolicy);
    } catch (Exception e) {
        debug.error(classMethod + "Error creating realm read only policy", e);
    }
}