Example 1 with ResourceTypeService
use of org.forgerock.openam.entitlement.service.ResourceTypeService in project OpenAM by OpenRock.
the class ApplicationManager method saveApplication.
/**
* Saves application data.
*
* @param adminSubject Admin Subject who has the rights to access
* configuration datastore.
* @param realm Realm Name.
* @param application Application object.
*/
public static void saveApplication(Subject adminSubject, String realm, Application application) throws EntitlementException {
boolean allow = (adminSubject == PolicyConstants.SUPER_ADMIN_SUBJECT);
if (!allow) {
ApplicationPrivilegeManager apm = ApplicationPrivilegeManager.getInstance(realm, adminSubject);
if (isNewApplication(realm, application)) {
allow = apm.canCreateApplication(realm);
} else {
allow = hasAccessToApplication(apm, application, ApplicationPrivilege.Action.MODIFY);
}
}
if (!allow) {
throw new EntitlementException(326);
}
if (CollectionUtils.isNotEmpty(application.getResourceTypeUuids())) {
Set<String> resourceTypeIds = application.getResourceTypeUuids();
// When this class is refactored (AME-6287) this dependency should be injected.
ResourceTypeService resourceTypeService = InjectorHolder.getInstance(ResourceTypeService.class);
for (String resourceTypeId : resourceTypeIds) {
if (!resourceTypeService.contains(adminSubject, realm, resourceTypeId)) {
throw new EntitlementException(EntitlementException.INVALID_RESOURCE_TYPE, resourceTypeId);
}
}
}
Date date = new Date();
Set<Principal> principals = adminSubject.getPrincipals();
String principalName = ((principals != null) && !principals.isEmpty()) ? principals.iterator().next().getName() : null;
if (application.getCreationDate() == -1) {
long creationDate = getApplicationCreationDate(realm, application.getName());
if (creationDate == -1) {
application.setCreationDate(date.getTime());
if (principalName != null) {
application.setCreatedBy(principalName);
}
} else {
application.setCreationDate(creationDate);
String createdBy = application.getCreatedBy();
if ((createdBy == null) || (createdBy.trim().length() == 0)) {
createdBy = getApplicationCreatedBy(realm, application.getName());
if ((createdBy == null) || (createdBy.trim().length() == 0)) {
application.setCreatedBy(principalName);
} else {
application.setCreatedBy(createdBy);
}
}
}
}
application.setLastModifiedDate(date.getTime());
if (principalName != null) {
application.setLastModifiedBy(principalName);
}
EntitlementConfiguration ec = EntitlementConfiguration.getInstance(adminSubject, realm);
ec.storeApplication(application);
clearCache(realm);
}
Also used :
ResourceTypeService(org.forgerock.openam.entitlement.service.ResourceTypeService)
Date(java.util.Date)
Principal(java.security.Principal)
Example 2 with ResourceTypeService
use of org.forgerock.openam.entitlement.service.ResourceTypeService in project OpenAM by OpenRock.
the class ApplicationPrivilegeManager method getInstance.
/**
* Returns an instance of application privilege manager.
*
* @param realm
* Realm name.
* @param caller
* Administrator subject.
*
* @return an instance of application privilege manager.
*/
public static ApplicationPrivilegeManager getInstance(String realm, Subject caller) {
try {
final Class[] parameterTypes = { String.class, Subject.class, ResourceTypeService.class };
final Constructor<? extends ApplicationPrivilegeManager> constructor = DEFAULT_IMPL.getConstructor(parameterTypes);
final ResourceTypeService resourceTypeService = InjectorHolder.getInstance(ResourceTypeService.class);
return constructor.newInstance(realm, caller, resourceTypeService);
} catch (InstantiationException ex) {
PolicyConstants.DEBUG.error("ApplicationPrivilegeManager.getInstance", ex);
} catch (IllegalAccessException ex) {
PolicyConstants.DEBUG.error("ApplicationPrivilegeManager.getInstance", ex);
} catch (IllegalArgumentException ex) {
PolicyConstants.DEBUG.error("ApplicationPrivilegeManager.getInstance", ex);
} catch (InvocationTargetException ex) {
PolicyConstants.DEBUG.error("ApplicationPrivilegeManager.getInstance", ex);
} catch (NoSuchMethodException ex) {
PolicyConstants.DEBUG.error("ApplicationPrivilegeManager.getInstance", ex);
} catch (SecurityException ex) {
PolicyConstants.DEBUG.error("ApplicationPrivilegeManager.getInstance", ex);
}
return null;
}
Also used :
ResourceTypeService(org.forgerock.openam.entitlement.service.ResourceTypeService)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
Example 3 with ResourceTypeService
use of org.forgerock.openam.entitlement.service.ResourceTypeService in project OpenAM by OpenRock.
the class ConfigureOAuth2 method getUrlResourceTypeId.
private String getUrlResourceTypeId(Subject adminSubject, String realm) throws EntitlementException, WorkflowException {
Application application = ApplicationManager.getApplication(adminSubject, realm, POLICY_APPLICATION_NAME);
if (application == null) {
ApplicationType applicationType = ApplicationTypeManager.getAppplicationType(adminSubject, ApplicationTypeManager.URL_APPLICATION_TYPE_NAME);
application = ApplicationManager.newApplication(POLICY_APPLICATION_NAME, applicationType);
}
Set<String> resourceTypeIds = application.getResourceTypeUuids();
ResourceTypeService resourceTypeService = InjectorHolder.getInstance(ResourceTypeService.class);
for (String id : resourceTypeIds) {
ResourceType resourceType = resourceTypeService.getResourceType(adminSubject, realm, id);
if (POLICY_RESOURCE_TYPE_NAME.equalsIgnoreCase(resourceType.getName())) {
return id;
}
}
QueryFilter<SmsAttribute> name = equalTo(SmsAttribute.newSearchableInstance("name"), POLICY_RESOURCE_TYPE_NAME);
Set<ResourceType> types = resourceTypeService.getResourceTypes(name, adminSubject, realm);
ResourceType resourceType;
if (types == null || types.isEmpty()) {
resourceType = ResourceType.builder().addPatterns(asSet("*://*:*/*/authorize?*")).addActions(new ImmutableMap.Builder<String, Boolean>().put("GET", true).put("POST", true).build()).setName(POLICY_RESOURCE_TYPE_NAME).setUUID(UUID.randomUUID().toString()).build();
resourceType = resourceTypeService.saveResourceType(adminSubject, realm, resourceType);
} else {
resourceType = types.iterator().next();
}
application.addAllResourceTypeUuids(asSet(resourceType.getUUID()));
application.setEntitlementCombiner(DenyOverride.class);
ApplicationManager.saveApplication(adminSubject, realm, application);
return resourceType.getUUID();
}
Also used :
ApplicationType(com.sun.identity.entitlement.ApplicationType)
SmsAttribute(org.forgerock.openam.entitlement.configuration.SmsAttribute)
ResourceType(org.forgerock.openam.entitlement.ResourceType)
ResourceTypeService(org.forgerock.openam.entitlement.service.ResourceTypeService)
Application(com.sun.identity.entitlement.Application)
Example 4 with ResourceTypeService
use of org.forgerock.openam.entitlement.service.ResourceTypeService in project OpenAM by OpenRock.
the class UpgradeResourceTypeStepTest method setUp.
@BeforeMethod
public void setUp() throws Exception {
privilegedAction = mock(PrivilegedAction.class);
resourceTypeService = mock(ResourceTypeService.class);
connectionFactory = mock(ConnectionFactory.class);
configManager = mock(ServiceConfigManager.class);
upgradeResourceTypeStep = new UpgradeResourceTypeStep(configManager, resourceTypeService, privilegedAction, connectionFactory, Collections.<String>emptySet()) {
@Override
protected Document getEntitlementXML() throws UpgradeException {
return document;
}
@Override
protected Set<String> getRealmNamesFromParent() throws UpgradeException {
return realms;
}
@Override
protected Set<String> policiesEligibleForUpgrade(String appName, String realm) throws UpgradeException {
return policies;
}
};
when(document.getElementsByTagName(anyString())).thenReturn(new NodeList() {
@Override
public Node item(int i) {
return null;
}
@Override
public int getLength() {
return 0;
}
});
// Mock global and application type service configuration
ServiceConfig globalConfig = mock(ServiceConfig.class);
when(configManager.getGlobalConfig(anyString())).thenReturn(globalConfig);
ServiceConfig appTypesConfig = mock(ServiceConfig.class);
when(globalConfig.getSubConfig(anyString())).thenReturn(appTypesConfig);
// Mock organisation and application service configuration
ServiceConfig orgConfig = mock(ServiceConfig.class);
when(configManager.getOrganizationConfig(anyString(), anyString())).thenReturn(orgConfig);
ServiceConfig appsConfig = mock(ServiceConfig.class);
when(orgConfig.getSubConfig(anyString())).thenReturn(appsConfig);
// Mock application names
when(appsConfig.getSubConfigNames()).thenReturn(Collections.singleton("MyApplication"));
// Mock application data
ServiceConfig appConfig = mock(ServiceConfig.class);
when(appsConfig.getSubConfig("MyApplication")).thenReturn(appConfig);
when(appConfig.getAttributes()).thenReturn(appData);
// Mock application type on application and application type data
ServiceConfig appTypeConfig = mock(ServiceConfig.class);
when(appTypesConfig.getSubConfig("MyApplicationType")).thenReturn(appTypeConfig);
when(appTypeConfig.getAttributes()).thenReturn(appTypeData);
setupDataStructures();
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
NodeList(org.w3c.dom.NodeList)
Node(org.w3c.dom.Node)
ResourceTypeService(org.forgerock.openam.entitlement.service.ResourceTypeService)
Document(org.w3c.dom.Document)
UpgradeException(org.forgerock.openam.upgrade.UpgradeException)
ConnectionFactory(org.forgerock.openam.sm.datalayer.api.ConnectionFactory)
PrivilegedAction(java.security.PrivilegedAction)
ServiceConfig(com.sun.identity.sm.ServiceConfig)
ServiceConfigManager(com.sun.identity.sm.ServiceConfigManager)
BeforeMethod(org.testng.annotations.BeforeMethod)
Example 5 with ResourceTypeService
use of org.forgerock.openam.entitlement.service.ResourceTypeService in project OpenAM by OpenRock.
the class OpenProvisioning method setup.
@BeforeClass
public void setup() throws SSOException, IdRepoException, EntitlementException {
resourceTypeService = Mockito.mock(ResourceTypeService.class);
constraintValidator = Mockito.mock(ConstraintValidator.class);
applicationServiceFactory = Mockito.mock(ApplicationServiceFactory.class);
SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
AMIdentityRepository amir = new AMIdentityRepository(adminToken, "/");
branchMgr = amir.createIdentity(IdType.GROUP, "openProvisionBranchMgr", Collections.EMPTY_MAP);
johnDoe = createUser(amir, "openProvisionJohnDoe");
jSmith = createUser(amir, "openProvisionJSmith");
branchMgr.addMember(jSmith);
createPolicy(adminToken);
}
Also used :
ConstraintValidator(org.forgerock.openam.entitlement.constraints.ConstraintValidator)
SSOToken(com.iplanet.sso.SSOToken)
AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository)
ApplicationServiceFactory(org.forgerock.openam.entitlement.service.ApplicationServiceFactory)
ResourceTypeService(org.forgerock.openam.entitlement.service.ResourceTypeService)
BeforeClass(org.testng.annotations.BeforeClass)
Aggregations
ResourceTypeService (org.forgerock.openam.entitlement.service.ResourceTypeService)7
ConstraintValidator (org.forgerock.openam.entitlement.constraints.ConstraintValidator)3
ApplicationServiceFactory (org.forgerock.openam.entitlement.service.ApplicationServiceFactory)3
BeforeClass (org.testng.annotations.BeforeClass)3
PolicyPrivilegeManager (com.sun.identity.entitlement.opensso.PolicyPrivilegeManager)2
HashMap (java.util.HashMap)2
HashSet (java.util.HashSet)2
Set (java.util.Set)2
SSOToken (com.iplanet.sso.SSOToken)1
Application (com.sun.identity.entitlement.Application)1
ApplicationType (com.sun.identity.entitlement.ApplicationType)1
OpenSSOGroupSubject (com.sun.identity.entitlement.opensso.OpenSSOGroupSubject)1
AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)1
ServiceConfig (com.sun.identity.sm.ServiceConfig)1
ServiceConfigManager (com.sun.identity.sm.ServiceConfigManager)1
InvocationTargetException (java.lang.reflect.InvocationTargetException)1
Principal (java.security.Principal)1
PrivilegedAction (java.security.PrivilegedAction)1
Date (java.util.Date)1
ResourceType (org.forgerock.openam.entitlement.ResourceType)1
