Examples with Subject com.sun.identity.policy.interfaces.Subject used on opensource projects

Example 21 with Subject

use of com.sun.identity.policy.interfaces.Subject in project OpenAM by OpenRock.

the class SubjectEditViewBean method getDefaultValues.

protected Set getDefaultValues() {
    Set values = null;
    try {
        CachedPolicy cachedPolicy = getCachedPolicy();
        Policy policy = cachedPolicy.getPolicy();
        String subjectName = (String) getPageSessionAttribute(SubjectOpViewBeanBase.PG_SESSION_SUBJECT_NAME);
        Subject subject = policy.getSubject(subjectName);
        values = subject.getValues();
    } catch (NameNotFoundException e) {
        debug.warning("SubjectEditViewBean.getDefaultValues", e);
    } catch (AMConsoleException e) {
        debug.warning("SubjectEditViewBean.getDefaultValues", e);
    }
    return values;
}

Example 22 with Subject

use of com.sun.identity.policy.interfaces.Subject in project OpenAM by OpenRock.

the class SubjectAddViewBean method handleButton2Request.

/**
     * Handles create policy's subject request.
     *
     * @param event Request invocation event
     */
public void handleButton2Request(RequestInvocationEvent event) throws ModelControlException {
    boolean forwarded = false;
    submitCycle = true;
    bFilter = true;
    try {
        Subject subject = createSubject();
        if (subject != null) {
            CachedPolicy cachedPolicy = getCachedPolicy();
            Policy policy = cachedPolicy.getPolicy();
            String name = (String) propertySheetModel.getValue(SUBJECT_NAME);
            policy.addSubject(name, subject, isExclusive());
            backTrail();
            forwardToPolicyViewBean();
            forwarded = true;
        }
    } catch (NameAlreadyExistsException e) {
        setInlineAlertMessage(CCAlert.TYPE_ERROR, "message.error", getModel().getErrorString(e));
    } catch (InvalidNameException e) {
        setInlineAlertMessage(CCAlert.TYPE_ERROR, "message.error", getModel().getErrorString(e));
    } catch (AMConsoleException e) {
        setInlineAlertMessage(CCAlert.TYPE_ERROR, "message.error", e.getMessage());
    } finally {
        if (!forwarded) {
            forwardTo();
        }
    }
}

Example 23 with Subject

use of com.sun.identity.policy.interfaces.Subject in project OpenAM by OpenRock.

the class DelegationPolicyImpl method privilegeToPolicy.

/** 
     * Converts a delegation privilege to a policy.
     * @param pm PolicyManager object to be used to create the <code>Policy
     *         </code> object.
     * @param priv <code>DelegationPrivilege</code> which needs to be
               converted.
     * @return policy object.
     */
private Policy privilegeToPolicy(PolicyManager pm, DelegationPrivilege priv, String orgName) throws DelegationException {
    try {
        /* the name of the policy is in the form of 
             * orgName^^privilegeName, the privilegeName is the
             * name of the delegation privilege that the policy 
             * is corresponding to. In case the orgName is in a 
             * DN format, the special char ',' is replaced to 
             * avoid saving problem.
             */
        String prefix = null;
        if (orgName != null) {
            prefix = orgName.toLowerCase() + NAME_DELIMITER;
            prefix = prefix.replace(',', REPLACEMENT_FOR_COMMA);
        } else {
            prefix = NAME_DELIMITER;
        }
        String name = prefix + priv.getName();
        Policy policy = new Policy(name);
        Set permissions = priv.getPermissions();
        if ((permissions != null) && (!permissions.isEmpty())) {
            Iterator pmit = permissions.iterator();
            int seqNum = 0;
            while (pmit.hasNext()) {
                DelegationPermission perm = (DelegationPermission) pmit.next();
                String resourceName = getResourceName(perm);
                Map actions = new HashMap();
                Set permActions = perm.getActions();
                if (permActions != null) {
                    Set values = new HashSet();
                    values.add(ACTION_ALLOW);
                    Iterator it = permActions.iterator();
                    while (it.hasNext()) {
                        String actionName = (String) it.next();
                        actions.put(actionName, values);
                    }
                }
                String ruleName = DELEGATION_RULE;
                if (seqNum != 0) {
                    ruleName += seqNum;
                }
                Rule rule = new Rule(ruleName, DelegationManager.DELEGATION_SERVICE, resourceName, actions);
                policy.addRule(rule);
                seqNum++;
            }
        }
        Set sv = new HashSet(priv.getSubjects());
        if ((sv != null) && (sv.contains(AUTHN_USERS_ID))) {
            Subject allauthNUsers = pm.getSubjectTypeManager().getSubject(AUTHENTICATED_USERS_SUBJECT);
            policy.addSubject(DELEGATION_AUTHN_USERS, allauthNUsers);
            sv.remove(AUTHN_USERS_ID);
        }
        if ((sv != null) && (!sv.isEmpty())) {
            Subject subject = pm.getSubjectTypeManager().getSubject(POLICY_SUBJECT);
            subject.setValues(sv);
            policy.addSubject(DELEGATION_SUBJECT, subject);
        }
        return policy;
    } catch (Exception e) {
        DelegationManager.debug.error("unable to convert a privilege to a policy", e);
        throw new DelegationException(e);
    }
}

Example 24 with Subject

use of com.sun.identity.policy.interfaces.Subject in project OpenAM by OpenRock.

the class PolicySubject method evaluate.

/**
     * Returns subject decision.
     *
     * @param realm Realm name.
     * @param mgr Subject attribute manager
     * @param subject Subject to be evaluated.
     * @param resourceName Resource name to be evaluated.
     * @param environment Environment map.
     * @return subject decision.
     * @throws com.sun.identity.entitlement.EntitlementException if error
     *         occurs.
     */
public SubjectDecision evaluate(String realm, SubjectAttributesManager mgr, javax.security.auth.Subject subject, String resourceName, Map<String, Set<String>> environment) throws EntitlementException {
    SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
    try {
        PolicyManager pm = new PolicyManager(adminToken, realm);
        Subject sbj = getPolicySubject();
        sbj.initialize(pm.getPolicyConfig());
        SSOToken token = getSSOToken(subject);
        boolean result = (token == null) ? true : sbj.isMember(token) ^ exclusive;
        return new SubjectDecision(result, Collections.EMPTY_MAP);
    } catch (SSOException ex) {
        throw new EntitlementException(508, ex);
    } catch (PolicyException ex) {
        throw new EntitlementException(508, ex);
    }
}

Example 25 with Subject

use of com.sun.identity.policy.interfaces.Subject in project OpenAM by OpenRock.

the class UpgradeUtils method createPolicyAdminPolicy.

/**
     * Creates Policy Admin Policy.
     *
     * @param policyManager the policy manager object.
     * @param orgDN the organization dn.
     * @param orgID the organization identifier.
     */
private static void createPolicyAdminPolicy(PolicyManager policyManager, String orgDN, String orgID) {
    String classMethod = "UpgradeUtils:createRealmReadOnlyPolicy";
    try {
        String policyName = orgID + "^^PolicyAdmin";
        Policy realmPolicy = new Policy(policyName, null, false, true);
        // create Rule
        String resourceName = "sms://*" + orgDN + "/" + POLICY_SERVICE;
        Rule rule = getRule(DELEGATION_SERVICE, resourceName);
        if (rule != null) {
            realmPolicy.addRule(rule);
        }
        // add subjects
        String policyAdminRoleUniversalID = getUniversalID(orgDN, ORG_POLICY_ADMIN_ROLE);
        Subject subject = getSubject(policyManager, policyAdminRoleUniversalID);
        if (subject != null) {
            realmPolicy.addSubject(DELEGATION_SUBJECT, subject, false);
        }
        policyManager.addPolicy(realmPolicy);
    } catch (Exception e) {
        debug.error(classMethod + "Error creating policy admin policy", e);
    }
}