Example 11 with Subject
use of com.sun.identity.policy.interfaces.Subject in project OpenAM by OpenRock.
the class UpgradeUtils method createDatastoresReadOnlyPolicy.
/**
* Creates DataStores Read Only Policy
*
* @param policyManager the policy manager object.
* @param orgDN the organization dn.
* @param orgID the organization identifier.
*/
private static void createDatastoresReadOnlyPolicy(PolicyManager policyManager, String orgDN, String orgID) {
String classMethod = "UpgradeUtils:createDatastoresReadOnlyPolicy";
try {
String policyName = orgID + "^^" + DATA_STORE_READ_ONLY;
Policy realmPolicy = new Policy(policyName, null, false, true);
// create Rule
String serviceName = DELEGATION_SERVICE;
String resourceName = "sms://*" + orgDN + "/" + IDREPO_SERVICE;
Rule rule = getRule(serviceName, resourceName);
if (rule != null) {
realmPolicy.addRule(rule);
}
// add subjects
String policyAdminRoleUniversalID = getUniversalID(orgDN, ORG_POLICY_ADMIN_ROLE);
Subject subject = getSubject(policyManager, policyAdminRoleUniversalID);
if (subject != null) {
realmPolicy.addSubject(DELEGATION_SUBJECT, subject, false);
}
policyManager.addPolicy(realmPolicy);
} catch (Exception e) {
debug.error(classMethod + "Error creating datastores readonly policy", e);
}
}
Also used :
Policy(com.sun.identity.policy.Policy)
ByteString(org.forgerock.opendj.ldap.ByteString)
Rule(com.sun.identity.policy.Rule)
Subject(com.sun.identity.policy.interfaces.Subject)
LoginException(javax.security.auth.login.LoginException)
InvalidAuthContextException(com.sun.identity.authentication.internal.InvalidAuthContextException)
UnknownPropertyNameException(com.sun.identity.common.configuration.UnknownPropertyNameException)
PolicyException(com.sun.identity.policy.PolicyException)
FileNotFoundException(java.io.FileNotFoundException)
SSOException(com.iplanet.sso.SSOException)
LdapException(org.forgerock.opendj.ldap.LdapException)
SMSException(com.sun.identity.sm.SMSException)
IOException(java.io.IOException)
AMException(com.iplanet.am.sdk.AMException)
ConfigurationException(com.sun.identity.common.configuration.ConfigurationException)
Example 12 with Subject
use of com.sun.identity.policy.interfaces.Subject in project OpenAM by OpenRock.
the class PolicySubject method getPolicySubject.
/**
* Constructs a legacy policy subject based on the information in this adapter.
*
* @return the legacy policy subject
* @throws EntitlementException if an error occurs constructing the subject.
*/
@JsonIgnore
public Subject getPolicySubject() throws EntitlementException {
try {
Subject subject = Class.forName(className).asSubclass(Subject.class).newInstance();
subject.setValues(values);
return subject;
} catch (Exception ex) {
throw new EntitlementException(508, ex);
}
}
Also used :
EntitlementException(com.sun.identity.entitlement.EntitlementException)
EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject)
Subject(com.sun.identity.policy.interfaces.Subject)
JSONException(org.json.JSONException)
EntitlementException(com.sun.identity.entitlement.EntitlementException)
SSOException(com.iplanet.sso.SSOException)
PolicyException(com.sun.identity.policy.PolicyException)
JsonIgnore(com.fasterxml.jackson.annotation.JsonIgnore)
Example 13 with Subject
use of com.sun.identity.policy.interfaces.Subject in project OpenAM by OpenRock.
the class PrivilegeUtils method privilegeToPolicy.
public static Policy privilegeToPolicy(String realm, Privilege privilege) throws PolicyException, SSOException, EntitlementException {
Policy policy = new Policy(privilege.getName());
policy.setDescription(privilege.getDescription());
if (privilege.getEntitlement() != null) {
Entitlement entitlement = privilege.getEntitlement();
Set<Rule> rules = entitlementToRule(realm, entitlement);
for (Rule rule : rules) {
policy.addRule(rule);
}
}
EntitlementSubject es = privilege.getSubject();
if ((es != null) && (es != Privilege.NOT_SUBJECT)) {
Subject sbj = eSubjectToEPSubject(es);
policy.addSubject(getSubjectName(es), sbj, false);
}
EntitlementCondition ec = privilege.getCondition();
if (ec != null) {
Condition cond = eConditionToEPCondition(ec);
policy.addCondition(getConditionName(ec), cond);
}
if (privilege.getResourceAttributes() != null) {
Map<String, ResponseProvider> nrps = resourceAttributesToResponseProviders(privilege.getResourceAttributes());
for (String rpName : nrps.keySet()) {
ResponseProvider responseProvider = nrps.get(rpName);
policy.addResponseProvider(rpName, responseProvider);
}
}
policy.setCreatedBy(privilege.getCreatedBy());
policy.setCreationDate(privilege.getCreationDate());
policy.setLastModifiedBy(privilege.getLastModifiedBy());
policy.setLastModifiedDate(privilege.getLastModifiedDate());
return policy;
}
Also used :
Policy(com.sun.identity.policy.Policy)
EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject)
OrCondition(com.sun.identity.entitlement.OrCondition)
AndCondition(com.sun.identity.entitlement.AndCondition)
PrivilegeCondition(com.sun.identity.policy.plugins.PrivilegeCondition)
Condition(com.sun.identity.policy.interfaces.Condition)
EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition)
EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition)
IDRepoResponseProvider(com.sun.identity.policy.plugins.IDRepoResponseProvider)
ResponseProvider(com.sun.identity.policy.interfaces.ResponseProvider)
Rule(com.sun.identity.policy.Rule)
Entitlement(com.sun.identity.entitlement.Entitlement)
EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject)
PrivilegeSubject(com.sun.identity.policy.plugins.PrivilegeSubject)
Subject(com.sun.identity.policy.interfaces.Subject)
OrSubject(com.sun.identity.entitlement.OrSubject)
Example 14 with Subject
use of com.sun.identity.policy.interfaces.Subject in project OpenAM by OpenRock.
the class PrivilegeUtils method mapGenericSubject.
private static EntitlementSubject mapGenericSubject(String subjectName, Subject objSubject, boolean exclusive) {
try {
if (objSubject instanceof com.sun.identity.policy.plugins.PrivilegeSubject) {
com.sun.identity.policy.plugins.PrivilegeSubject pips = (com.sun.identity.policy.plugins.PrivilegeSubject) objSubject;
Set<String> values = pips.getValues();
String val = values.iterator().next();
int idx = val.indexOf("=");
String className = val.substring(0, idx);
String state = val.substring(idx + 1);
EntitlementSubject es = (EntitlementSubject) Class.forName(className).newInstance();
es.setState(state);
return es;
} else {
Subject sbj = (Subject) objSubject;
Set<String> val = sbj.getValues();
String className = sbj.getClass().getName();
return new PolicySubject(subjectName, className, val, exclusive);
}
} catch (ClassNotFoundException e) {
PolicyConstants.DEBUG.error("PrivilegeUtils.mapGenericSubject", e);
} catch (InstantiationException e) {
PolicyConstants.DEBUG.error("PrivilegeUtils.mapGenericSubject", e);
} catch (IllegalAccessException e) {
PolicyConstants.DEBUG.error("PrivilegeUtils.mapGenericSubject", e);
}
return null;
}
Also used :
PrivilegeSubject(com.sun.identity.policy.plugins.PrivilegeSubject)
EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject)
PrivilegeSubject(com.sun.identity.policy.plugins.PrivilegeSubject)
Subject(com.sun.identity.policy.interfaces.Subject)
OrSubject(com.sun.identity.entitlement.OrSubject)
EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject)
PrivilegeSubject(com.sun.identity.policy.plugins.PrivilegeSubject)
Example 15 with Subject
use of com.sun.identity.policy.interfaces.Subject in project OpenAM by OpenRock.
the class Util method createAMIdentitySubject.
/**
* Returns a Subject for the given AMIdentity.
* @param pm The PolicyManager to use.
* @param user The user to convert into a Subject
* @return a Subject for the given AMIdentity.
* @throws PolicyException if there was a problem creating the Subject.
*/
public static Subject createAMIdentitySubject(PolicyManager pm, AMIdentity user) throws PolicyException {
SubjectTypeManager mgr = pm.getSubjectTypeManager();
Subject subject = mgr.getSubject("AMIdentitySubject");
Set<String> set = new HashSet<String>();
set.add(user.getUniversalId());
subject.setValues(set);
return subject;
}
Also used :
SubjectTypeManager(com.sun.identity.policy.SubjectTypeManager)
Subject(com.sun.identity.policy.interfaces.Subject)
HashSet(java.util.HashSet)
Aggregations
Subject (com.sun.identity.policy.interfaces.Subject)47
HashSet (java.util.HashSet)18
PolicyException (com.sun.identity.policy.PolicyException)17
SSOException (com.iplanet.sso.SSOException)14
Policy (com.sun.identity.policy.Policy)14
Set (java.util.Set)12
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)11
NameNotFoundException (com.sun.identity.policy.NameNotFoundException)11
SubjectTypeManager (com.sun.identity.policy.SubjectTypeManager)11
EntitlementSubject (com.sun.identity.entitlement.EntitlementSubject)8
Rule (com.sun.identity.policy.Rule)8
Iterator (java.util.Iterator)8
PolicyManager (com.sun.identity.policy.PolicyManager)7
CachedPolicy (com.sun.identity.console.policy.model.CachedPolicy)6
AMException (com.iplanet.am.sdk.AMException)5
InvalidAuthContextException (com.sun.identity.authentication.internal.InvalidAuthContextException)5
ConfigurationException (com.sun.identity.common.configuration.ConfigurationException)5
UnknownPropertyNameException (com.sun.identity.common.configuration.UnknownPropertyNameException)5
SMSException (com.sun.identity.sm.SMSException)5
FileNotFoundException (java.io.FileNotFoundException)5
