use of com.sun.identity.policy.interfaces.Subject in project OpenAM by OpenRock.
the class PolicyIndexTest method createSubject.
private Subject createSubject(PolicyManager pm) throws PolicyException {
SubjectTypeManager mgr = pm.getSubjectTypeManager();
Subject subject = mgr.getSubject("AMIdentitySubject");
Set<String> set = new HashSet<String>();
set.add("testgroup");
subject.setValues(set);
return subject;
}
use of com.sun.identity.policy.interfaces.Subject in project OpenAM by OpenRock.
the class PolicyEvaluatorTest method createGroupSubject.
private Subject createGroupSubject(PolicyManager pm) throws PolicyException {
SubjectTypeManager mgr = pm.getSubjectTypeManager();
Subject subject = mgr.getSubject("AMIdentitySubject");
Set<String> set = new HashSet<String>();
set.add(testGroup.getUniversalId());
subject.setValues(set);
return subject;
}
use of com.sun.identity.policy.interfaces.Subject in project OpenAM by OpenRock.
the class PolicyManager method getPoliciesUsingRealmSubject.
/**
* Gets the set of policies that use the realm subject
* @param subjectName name of the realm subject to check for
* @return a <code>Set</code> of <code>Policy</code> objects
* that use the realm subject
*/
public Set getPoliciesUsingRealmSubject(String subjectName) throws PolicyException, SSOException {
Set policies = new HashSet();
Set policyNames = getPolicyNames();
for (Iterator policyIter = policyNames.iterator(); policyIter.hasNext(); ) {
String policyName = (String) policyIter.next();
Policy policy = getPolicy(policyName);
Set subjectNames = policy.getSubjectNames();
if (subjectNames.contains(subjectName)) {
Subject subject = policy.getSubject(subjectName);
if (subject instanceof SharedSubject) {
policies.add(policy);
}
}
}
return policies;
}
use of com.sun.identity.policy.interfaces.Subject in project OpenAM by OpenRock.
the class SubjectReferentialIntegrityPlugin method postProcessDelete.
/**
* This implementation would visit all the subjects in policies
* across all orgs/sub-orgs and remove the subject values
* corresponding to the deleted entry DN. After removing an entry from a
* subject, checks if that entry is the only one in the subject to
* remove the subject as well.
*/
public void postProcessDelete(SSOToken token, String entryDN, Map attributes, boolean softDeleteEnabled, int objectType) throws AMPostCallBackException {
try {
if (debug.messageEnabled()) {
debug.message("ReferentialIntegrityPlugin.postProcessDelete()");
}
// check the subject types
Set objectTypes = new HashSet();
objectTypes.add(new Integer(AMObject.USER));
objectTypes.add(new Integer(AMObject.ROLE));
objectTypes.add(new Integer(AMObject.ORGANIZATION));
objectTypes.add(new Integer(AMObject.GROUP));
objectTypes.add(new Integer(AMObject.ASSIGNABLE_DYNAMIC_GROUP));
objectTypes.add(new Integer(AMObject.DYNAMIC_GROUP));
objectTypes.add(new Integer(AMObject.FILTERED_ROLE));
if (objectTypes.contains(new Integer(objectType))) {
String subOrg, policyName, subjectName;
Policy policy;
Subject subject;
Iterator policyIter, subjectIter;
// create a DN for the entry to be deleted
DN entryDName = DN.valueOf(entryDN);
//a connection to the Identity Server data store.
AMStoreConnection dpStore = new AMStoreConnection(token);
DN rootDN = DN.valueOf(SMSEntry.getRootSuffix());
if (debug.messageEnabled()) {
debug.message("Searching for all policies from root DN: " + rootDN.toString());
}
PolicyManager pm = new PolicyManager(token, rootDN.toString());
String org = pm.getOrganizationName();
/**
* find out from org policy config that is the directory
* specified is the local directory
*/
Map configParams = PolicyConfig.getPolicyConfig(org);
String ldapServer = ((String) configParams.get(PolicyConfig.LDAP_SERVER)).toLowerCase();
boolean localDS = PolicyUtils.isLocalDS(ldapServer);
/**
* process IdentityServer Role irrespective of local or
* non-local DS
*/
if (objectType == AMObject.ROLE) {
localDS = true;
}
if (localDS) {
AMOrganization rootOrg = (AMOrganization) dpStore.getOrganization(org);
Set subOrgs = null;
//all orgs/sub-orgs
subOrgs = rootOrg.searchSubOrganizations("*", AMConstants.SCOPE_SUB);
Iterator orgIter = subOrgs.iterator();
while (orgIter.hasNext()) {
subOrg = (String) orgIter.next();
if (debug.messageEnabled()) {
debug.message("Visiting suborg: " + subOrg);
}
PolicyManager pmSubOrg = new PolicyManager(token, subOrg);
// all policies
Set policies = pmSubOrg.getPolicyNames();
policyIter = policies.iterator();
while (policyIter.hasNext()) {
policyName = (String) policyIter.next();
if (debug.messageEnabled()) {
debug.message("policyName: " + policyName);
}
policy = pmSubOrg.getPolicy(policyName);
// referral policies don't have subjects defined
if (!policy.isReferralPolicy()) {
// all subjects
boolean replacePolicy = false;
Set subjectsInPolicy = policy.getSubjectNames();
Set subjects = new HashSet();
subjects.addAll(subjectsInPolicy);
subjectIter = subjects.iterator();
while (subjectIter.hasNext()) {
subjectName = (String) subjectIter.next();
if (debug.messageEnabled()) {
debug.message("subjectName: " + subjectName);
}
subject = policy.getSubject(subjectName);
Set set = subject.getValues();
Iterator ite = set.iterator();
String str = null;
DN strDN = null;
while (ite.hasNext()) {
str = (String) ite.next();
strDN = DN.valueOf(str);
if (entryDName.equals(strDN)) {
replacePolicy = true;
if (debug.messageEnabled()) {
debug.message("DNs match, str:" + str + "entryDN:" + entryDN);
}
set.remove(str);
if (set.isEmpty()) {
policy.removeSubject(subjectName);
if (debug.messageEnabled()) {
debug.message("subjectDeleted:" + subjectName);
}
} else {
subject.setValues(set);
}
break;
}
// match DNs
}
// all subject values in the subject
}
// all subjects in the policy
if (replacePolicy) {
pmSubOrg.replacePolicy(policy);
}
}
// for referral policies
}
// all policies
}
// all orgs
}
// localDS check
}
// objectType check
} catch (PolicyException pe) {
debug.error("ReferentialIntegrityPlugin.postProcessDelete():", pe);
} catch (SSOException sse) {
debug.error("ReferentialIntegrityPlugin.postProcessDelete():", sse);
} catch (Exception e) {
debug.error("ReferentialIntegrityPlugin.postProcessDelete():", e);
}
}
use of com.sun.identity.policy.interfaces.Subject in project OpenAM by OpenRock.
the class PolicyModelImpl method getSubjectPossibleValues.
/**
* Returns a set of possible values for a subject type.
*
* @param realmName Name of Realm.
* @param subjectType Name of Subject Type.
* @param filter wildcards for filtering the results.
* @return a set of possible values for a subject type.
* @throws AMConsoleException if values cannot be obtained.
*/
public ValidValues getSubjectPossibleValues(String realmName, String subjectType, String filter) throws AMConsoleException {
debug.error("PolicyModelImpl.getSubjectPossibleValues()");
ValidValues values = null;
if ((filter == null) || (filter.trim().length() == 0)) {
filter = "*";
}
try {
PolicyManager policyMgr = getPolicyManager(realmName);
if (policyMgr != null) {
SubjectTypeManager subjectTypeMgr = policyMgr.getSubjectTypeManager();
Subject subject = subjectTypeMgr.getSubject(subjectType);
values = subject.getValidValues(getUserSSOToken(), filter);
}
} catch (AMConsoleException e) {
debug.warning("PolicyModelImpl.getSubjectPossibleValues", e);
} catch (NameNotFoundException e) {
debug.warning("PolicyModelImpl.getSubjectPossibleValues", e);
throw new AMConsoleException(getErrorString(e));
} catch (SSOException e) {
debug.warning("PolicyModelImpl.getSubjectPossibleValues", e);
throw new AMConsoleException(getErrorString(e));
} catch (PolicyException e) {
debug.warning("PolicyModelImpl.getSubjectPossibleValues", e);
throw new AMConsoleException(getErrorString(e));
}
return values;
}
Aggregations