Examples with PolicyStore org.forgerock.openam.entitlement.rest.PolicyStore used on opensource projects

Search in sources :

Example 1 with PolicyStore

use of org.forgerock.openam.entitlement.rest.PolicyStore in project OpenAM by OpenRock.

the class ConfigureOAuth2 method execute.

public String execute(Locale locale, Map params) throws WorkflowException {
    final String type = getString(params, TYPE);
    final String realm = getString(params, REALM);
    final SSOToken token = AccessController.doPrivileged(AdminTokenAction.getInstance());
    if (StringUtils.isEmpty(type)) {
        throw new WorkflowException("type parameter is required");
    }
    //replace service attributes
    final Map<String, Set<String>> attrValues = getDefaultOAuth2ProviderAttributes(token);
    attrValues.putAll(PROFILE_SETTINGS.get(type));
    attrValues.put(SUPPORTED_SCOPES, translate(realm, SUPPORTED_SCOPE_KEYS.get(type)));
    attrValues.put(SUPPORTED_CLAIMS, translate(realm, SUPPORTED_CLAIM_KEYS.get(type)));
    attrValues.put(REFRESH_TOKEN_LIFETIME_NAME, singleton(getString(params, RTL)));
    attrValues.put(AUTHZ_CODE_LIFETIME_NAME, singleton(getString(params, ACL)));
    attrValues.put(ACCESS_TOKEN_LIFETIME_NAME, singleton(getString(params, ATL)));
    attrValues.put(ISSUE_REFRESH_TOKEN, singleton(getString(params, IRT)));
    attrValues.put(ISSUE_REFRESH_TOKEN_ON_REFRESHING_TOKEN, singleton(getString(params, IRTR)));
    attrValues.put(SCOPE_PLUGIN_CLASS, singleton(getString(params, SIC)));
    createProvider(OAUTH2_SERVICE_NAME, token, realm, attrValues);
    final boolean createUmaService = "uma".equals(type);
    if (createUmaService) {
        createProvider(UMA_SERVICE_NAME, token, realm, Collections.<String, Set<String>>emptyMap());
    }
    String policyURL = getRequestURL(params) + format(OAUTH2_AUTHORIZE_ENDPOINT, "/".equals(realm) ? "" : realm);
    //check if policy exists
    boolean createPolicy = false;
    try {
        Subject adminSubject = SubjectUtils.createSuperAdminSubject();
        PolicyStore policyStore = storeProvider.getPolicyStore(adminSubject, realm);
        try {
            if (policyStore.read(POLICY_NAME) == null) {
                createPolicy = true;
            }
        } catch (Exception e) {
            createPolicy = true;
        }
        if (createPolicy) {
            Privilege toStore = Privilege.getNewInstance();
            Map<String, Boolean> actions = new HashMap<>();
            actions.put("POST", true);
            actions.put("GET", true);
            Entitlement entitlement = new Entitlement();
            entitlement.setActionValues(actions);
            entitlement.setResourceName(policyURL);
            entitlement.setApplicationName(POLICY_APPLICATION_NAME);
            toStore.setResourceTypeUuid(getUrlResourceTypeId(adminSubject, realm));
            toStore.setSubject(new AuthenticatedUsers());
            toStore.setName(POLICY_NAME);
            toStore.setEntitlement(entitlement);
            policyStore.create(toStore);
        }
    } catch (EntitlementException e) {
        DEBUG.error("ConfigureOAuth2.execute() : Unable to create policy", e);
        throw new WorkflowException("oauth2.provider.policy.failed");
    }
    String messageTemplate = getMessage(MESSAGE, locale);
    return format(messageTemplate, createUmaService ? getMessage(UMA_SERVICE_CREATED, locale) : "", realm, format(getMessage(createPolicy ? POLICY_CREATED : POLICY_EXISTS, locale), POLICY_NAME));
}
Also used : SSOToken(com.iplanet.sso.SSOToken) Set(java.util.Set) HashSet(java.util.HashSet) ImmutableSet(org.forgerock.guava.common.collect.ImmutableSet) CollectionUtils.asSet(org.forgerock.openam.utils.CollectionUtils.asSet) HashMap(java.util.HashMap) AuthenticatedUsers(org.forgerock.openam.entitlement.conditions.subject.AuthenticatedUsers) Subject(javax.security.auth.Subject) SSOException(com.iplanet.sso.SSOException) EntitlementException(com.sun.identity.entitlement.EntitlementException) SMSException(com.sun.identity.sm.SMSException) EntitlementException(com.sun.identity.entitlement.EntitlementException) PolicyStore(org.forgerock.openam.entitlement.rest.PolicyStore) Privilege(com.sun.identity.entitlement.Privilege) Entitlement(com.sun.identity.entitlement.Entitlement)

Aggregations

SSOException (com.iplanet.sso.SSOException)1 SSOToken (com.iplanet.sso.SSOToken)1 Entitlement (com.sun.identity.entitlement.Entitlement)1 EntitlementException (com.sun.identity.entitlement.EntitlementException)1 Privilege (com.sun.identity.entitlement.Privilege)1 SMSException (com.sun.identity.sm.SMSException)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 Set (java.util.Set)1 Subject (javax.security.auth.Subject)1 ImmutableSet (org.forgerock.guava.common.collect.ImmutableSet)1 AuthenticatedUsers (org.forgerock.openam.entitlement.conditions.subject.AuthenticatedUsers)1 PolicyStore (org.forgerock.openam.entitlement.rest.PolicyStore)1 CollectionUtils.asSet (org.forgerock.openam.utils.CollectionUtils.asSet)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial