Search in sources :

Example 31 with Subject

use of com.sun.identity.policy.interfaces.Subject in project OpenAM by OpenRock.

the class PolicyIndexTest method createSubject.

private Subject createSubject(PolicyManager pm) throws PolicyException {
    SubjectTypeManager mgr = pm.getSubjectTypeManager();
    Subject subject = mgr.getSubject("AMIdentitySubject");
    Set<String> set = new HashSet<String>();
    set.add("testgroup");
    subject.setValues(set);
    return subject;
}
Also used : Subject(com.sun.identity.policy.interfaces.Subject) HashSet(java.util.HashSet)

Example 32 with Subject

use of com.sun.identity.policy.interfaces.Subject in project OpenAM by OpenRock.

the class PolicyEvaluatorTest method createGroupSubject.

private Subject createGroupSubject(PolicyManager pm) throws PolicyException {
    SubjectTypeManager mgr = pm.getSubjectTypeManager();
    Subject subject = mgr.getSubject("AMIdentitySubject");
    Set<String> set = new HashSet<String>();
    set.add(testGroup.getUniversalId());
    subject.setValues(set);
    return subject;
}
Also used : Subject(com.sun.identity.policy.interfaces.Subject) HashSet(java.util.HashSet)

Example 33 with Subject

use of com.sun.identity.policy.interfaces.Subject in project OpenAM by OpenRock.

the class PolicyManager method getPoliciesUsingRealmSubject.

/**
     * Gets the set of policies that use the realm subject
     * @param subjectName name of the realm subject to check for
     * @return a <code>Set</code> of <code>Policy</code> objects 
     *        that use the  realm subject
     */
public Set getPoliciesUsingRealmSubject(String subjectName) throws PolicyException, SSOException {
    Set policies = new HashSet();
    Set policyNames = getPolicyNames();
    for (Iterator policyIter = policyNames.iterator(); policyIter.hasNext(); ) {
        String policyName = (String) policyIter.next();
        Policy policy = getPolicy(policyName);
        Set subjectNames = policy.getSubjectNames();
        if (subjectNames.contains(subjectName)) {
            Subject subject = policy.getSubject(subjectName);
            if (subject instanceof SharedSubject) {
                policies.add(policy);
            }
        }
    }
    return policies;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) Iterator(java.util.Iterator) Subject(com.sun.identity.policy.interfaces.Subject) HashSet(java.util.HashSet)

Example 34 with Subject

use of com.sun.identity.policy.interfaces.Subject in project OpenAM by OpenRock.

the class SubjectReferentialIntegrityPlugin method postProcessDelete.

/**
     * This implementation would visit all the subjects in policies
     * across all orgs/sub-orgs and remove the subject values
     * corresponding to the deleted entry DN. After removing an entry from a
     * subject, checks if that entry is the only one in the subject to
     * remove the subject as well.
     */
public void postProcessDelete(SSOToken token, String entryDN, Map attributes, boolean softDeleteEnabled, int objectType) throws AMPostCallBackException {
    try {
        if (debug.messageEnabled()) {
            debug.message("ReferentialIntegrityPlugin.postProcessDelete()");
        }
        // check the subject types
        Set objectTypes = new HashSet();
        objectTypes.add(new Integer(AMObject.USER));
        objectTypes.add(new Integer(AMObject.ROLE));
        objectTypes.add(new Integer(AMObject.ORGANIZATION));
        objectTypes.add(new Integer(AMObject.GROUP));
        objectTypes.add(new Integer(AMObject.ASSIGNABLE_DYNAMIC_GROUP));
        objectTypes.add(new Integer(AMObject.DYNAMIC_GROUP));
        objectTypes.add(new Integer(AMObject.FILTERED_ROLE));
        if (objectTypes.contains(new Integer(objectType))) {
            String subOrg, policyName, subjectName;
            Policy policy;
            Subject subject;
            Iterator policyIter, subjectIter;
            // create a DN for the entry to be deleted
            DN entryDName = DN.valueOf(entryDN);
            //a connection to the Identity Server data store.
            AMStoreConnection dpStore = new AMStoreConnection(token);
            DN rootDN = DN.valueOf(SMSEntry.getRootSuffix());
            if (debug.messageEnabled()) {
                debug.message("Searching for all policies from root DN: " + rootDN.toString());
            }
            PolicyManager pm = new PolicyManager(token, rootDN.toString());
            String org = pm.getOrganizationName();
            /**
                 *  find out from org policy config that is the directory
                 *  specified is the local directory
                 */
            Map configParams = PolicyConfig.getPolicyConfig(org);
            String ldapServer = ((String) configParams.get(PolicyConfig.LDAP_SERVER)).toLowerCase();
            boolean localDS = PolicyUtils.isLocalDS(ldapServer);
            /** 
                 * process IdentityServer Role irrespective of local or 
                 * non-local DS
                 */
            if (objectType == AMObject.ROLE) {
                localDS = true;
            }
            if (localDS) {
                AMOrganization rootOrg = (AMOrganization) dpStore.getOrganization(org);
                Set subOrgs = null;
                //all orgs/sub-orgs
                subOrgs = rootOrg.searchSubOrganizations("*", AMConstants.SCOPE_SUB);
                Iterator orgIter = subOrgs.iterator();
                while (orgIter.hasNext()) {
                    subOrg = (String) orgIter.next();
                    if (debug.messageEnabled()) {
                        debug.message("Visiting suborg: " + subOrg);
                    }
                    PolicyManager pmSubOrg = new PolicyManager(token, subOrg);
                    // all policies
                    Set policies = pmSubOrg.getPolicyNames();
                    policyIter = policies.iterator();
                    while (policyIter.hasNext()) {
                        policyName = (String) policyIter.next();
                        if (debug.messageEnabled()) {
                            debug.message("policyName: " + policyName);
                        }
                        policy = pmSubOrg.getPolicy(policyName);
                        // referral policies don't have subjects defined
                        if (!policy.isReferralPolicy()) {
                            // all subjects
                            boolean replacePolicy = false;
                            Set subjectsInPolicy = policy.getSubjectNames();
                            Set subjects = new HashSet();
                            subjects.addAll(subjectsInPolicy);
                            subjectIter = subjects.iterator();
                            while (subjectIter.hasNext()) {
                                subjectName = (String) subjectIter.next();
                                if (debug.messageEnabled()) {
                                    debug.message("subjectName: " + subjectName);
                                }
                                subject = policy.getSubject(subjectName);
                                Set set = subject.getValues();
                                Iterator ite = set.iterator();
                                String str = null;
                                DN strDN = null;
                                while (ite.hasNext()) {
                                    str = (String) ite.next();
                                    strDN = DN.valueOf(str);
                                    if (entryDName.equals(strDN)) {
                                        replacePolicy = true;
                                        if (debug.messageEnabled()) {
                                            debug.message("DNs match, str:" + str + "entryDN:" + entryDN);
                                        }
                                        set.remove(str);
                                        if (set.isEmpty()) {
                                            policy.removeSubject(subjectName);
                                            if (debug.messageEnabled()) {
                                                debug.message("subjectDeleted:" + subjectName);
                                            }
                                        } else {
                                            subject.setValues(set);
                                        }
                                        break;
                                    }
                                // match DNs
                                }
                            // all subject values in the subject
                            }
                            // all subjects in the policy
                            if (replacePolicy) {
                                pmSubOrg.replacePolicy(policy);
                            }
                        }
                    // for referral policies
                    }
                // all policies
                }
            // all orgs
            }
        // localDS check
        }
    // objectType check
    } catch (PolicyException pe) {
        debug.error("ReferentialIntegrityPlugin.postProcessDelete():", pe);
    } catch (SSOException sse) {
        debug.error("ReferentialIntegrityPlugin.postProcessDelete():", sse);
    } catch (Exception e) {
        debug.error("ReferentialIntegrityPlugin.postProcessDelete():", e);
    }
}
Also used : Policy(com.sun.identity.policy.Policy) PolicyManager(com.sun.identity.policy.PolicyManager) Set(java.util.Set) HashSet(java.util.HashSet) DN(org.forgerock.opendj.ldap.DN) SSOException(com.iplanet.sso.SSOException) Subject(com.sun.identity.policy.interfaces.Subject) AMPostCallBackException(com.iplanet.am.sdk.AMPostCallBackException) SSOException(com.iplanet.sso.SSOException) PolicyException(com.sun.identity.policy.PolicyException) AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection) PolicyException(com.sun.identity.policy.PolicyException) AMOrganization(com.iplanet.am.sdk.AMOrganization) Iterator(java.util.Iterator) Map(java.util.Map) HashSet(java.util.HashSet)

Example 35 with Subject

use of com.sun.identity.policy.interfaces.Subject in project OpenAM by OpenRock.

the class PolicyModelImpl method getSubjectPossibleValues.

/**
     * Returns a set of possible values for a subject type.
     *
     * @param realmName Name of Realm.
     * @param subjectType Name of Subject Type.
     * @param filter wildcards for filtering the results.
     * @return a set of possible values for a subject type.
     * @throws AMConsoleException if values cannot be obtained.
     */
public ValidValues getSubjectPossibleValues(String realmName, String subjectType, String filter) throws AMConsoleException {
    debug.error("PolicyModelImpl.getSubjectPossibleValues()");
    ValidValues values = null;
    if ((filter == null) || (filter.trim().length() == 0)) {
        filter = "*";
    }
    try {
        PolicyManager policyMgr = getPolicyManager(realmName);
        if (policyMgr != null) {
            SubjectTypeManager subjectTypeMgr = policyMgr.getSubjectTypeManager();
            Subject subject = subjectTypeMgr.getSubject(subjectType);
            values = subject.getValidValues(getUserSSOToken(), filter);
        }
    } catch (AMConsoleException e) {
        debug.warning("PolicyModelImpl.getSubjectPossibleValues", e);
    } catch (NameNotFoundException e) {
        debug.warning("PolicyModelImpl.getSubjectPossibleValues", e);
        throw new AMConsoleException(getErrorString(e));
    } catch (SSOException e) {
        debug.warning("PolicyModelImpl.getSubjectPossibleValues", e);
        throw new AMConsoleException(getErrorString(e));
    } catch (PolicyException e) {
        debug.warning("PolicyModelImpl.getSubjectPossibleValues", e);
        throw new AMConsoleException(getErrorString(e));
    }
    return values;
}
Also used : PolicyManager(com.sun.identity.policy.PolicyManager) SubjectTypeManager(com.sun.identity.policy.SubjectTypeManager) ValidValues(com.sun.identity.policy.ValidValues) NameNotFoundException(com.sun.identity.policy.NameNotFoundException) PolicyException(com.sun.identity.policy.PolicyException) SSOException(com.iplanet.sso.SSOException) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) Subject(com.sun.identity.policy.interfaces.Subject)

Aggregations

Subject (com.sun.identity.policy.interfaces.Subject)47 HashSet (java.util.HashSet)18 PolicyException (com.sun.identity.policy.PolicyException)17 SSOException (com.iplanet.sso.SSOException)14 Policy (com.sun.identity.policy.Policy)14 Set (java.util.Set)12 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)11 NameNotFoundException (com.sun.identity.policy.NameNotFoundException)11 SubjectTypeManager (com.sun.identity.policy.SubjectTypeManager)11 EntitlementSubject (com.sun.identity.entitlement.EntitlementSubject)8 Rule (com.sun.identity.policy.Rule)8 Iterator (java.util.Iterator)8 PolicyManager (com.sun.identity.policy.PolicyManager)7 CachedPolicy (com.sun.identity.console.policy.model.CachedPolicy)6 AMException (com.iplanet.am.sdk.AMException)5 InvalidAuthContextException (com.sun.identity.authentication.internal.InvalidAuthContextException)5 ConfigurationException (com.sun.identity.common.configuration.ConfigurationException)5 UnknownPropertyNameException (com.sun.identity.common.configuration.UnknownPropertyNameException)5 SMSException (com.sun.identity.sm.SMSException)5 FileNotFoundException (java.io.FileNotFoundException)5