Example 1 with SSOTokenPrincipal
use of com.sun.identity.authentication.service.SSOTokenPrincipal in project OpenAM by OpenRock.
the class ISPermission method implies.
/**
* Checks if the specified permission's actions are "implied by"
* this object's actions.
* <P>
* The <code>implies</code> method is used by the
* <code>AccessController</code> to determine whether or not a requested
* permission is implied by another permission that is known to be valid
* in the current execution context.
*
* @param perm the permission to check against.
*
* @return true if the specified permission is implied by this object,
* false if not. The check is made against the OpenAM's
* policy service to determine this evaluation.
*/
public boolean implies(Permission perm) {
debug.message("ISPermission: implies called");
boolean allowed = false;
if (perm instanceof ISPermission) {
debug.message("ISPermission:passed perm is of type ISPermission");
if (protectionDomain != null) {
debug.message("ISPermission:implies:protectionDomain not null");
if (debug.messageEnabled()) {
debug.message("ISPermission::implies: protectionDomain:" + protectionDomain.toString());
}
final String serviceName = ((ISPermission) perm).getServiceName();
final String resourceName = ((ISPermission) perm).getResourceName();
final String actions = ((ISPermission) perm).getActions();
final Map envParams = ((ISPermission) perm).getEnvParams();
if (debug.messageEnabled()) {
debug.message("ISPermission: resourceName=" + resourceName);
debug.message("ISPermission: serviceName=" + serviceName);
debug.message("ISPermission: actions=" + actions);
}
SSOTokenPrincipal tokenPrincipal = null;
try {
Principal[] principals = protectionDomain.getPrincipals();
// principals should have only one entry
Principal principal = (Principal) principals[0];
if (principal.getName().equals("com.sun.identity." + "authentication.service.SSOTokenPrincipal")) {
if (debug.messageEnabled()) {
debug.message("ISPermission::implies:principals:" + principal.toString());
}
tokenPrincipal = (SSOTokenPrincipal) principal;
}
if (tokenPrincipal == null) {
if (debug.messageEnabled()) {
debug.error("ISPermission::implies:" + " Principal is null");
}
} else {
SSOTokenManager ssomgr = SSOTokenManager.getInstance();
final SSOToken token = ssomgr.createSSOToken(tokenPrincipal.getName());
/* TODO currently ISPermission uses remote policy
client API so if this class gets used from server side
, will always make remote call, need to make changes
in this code to to make a local/remote call accordingly.
*/
if (policyEvalFactory == null) {
policyEvalFactory = PolicyEvaluatorFactory.getInstance();
}
PolicyEvaluator policyEvaluator = policyEvalFactory.getPolicyEvaluator(serviceName);
if (debug.messageEnabled()) {
debug.message("ISPermission::implies::created " + "PolicyEvaluator for " + serviceName);
}
if (actions != null) {
StringTokenizer st = new StringTokenizer(actions, ",");
while (st.hasMoreTokens()) {
String action = (String) st.nextToken();
allowed = policyEvaluator.isAllowed(token, resourceName, action, envParams);
if (!allowed) {
// the final result is not allowwed
break;
}
if (debug.messageEnabled()) {
debug.message("ISPermission::result for " + action + " is :" + allowed);
}
}
if (debug.messageEnabled()) {
debug.message("ISPermission::result for " + actions + " is :" + allowed);
}
} else {
if (debug.messageEnabled()) {
debug.message("ISPermission:: actions is null");
}
}
}
} catch (SSOException ssoe) {
if (debug.messageEnabled()) {
debug.error("ISPermission::SSOException:" + ssoe.getMessage());
ssoe.printStackTrace();
}
} catch (Exception e) {
if (debug.messageEnabled()) {
debug.error("ISPermission::Exception:" + e.getMessage());
e.printStackTrace();
}
}
} else {
debug.message("ISPermission:: subject was null");
}
}
if (debug.messageEnabled()) {
debug.message("ISPermission: allowed::" + allowed);
}
return allowed;
}
Also used :
SSOTokenManager(com.iplanet.sso.SSOTokenManager)
SSOToken(com.iplanet.sso.SSOToken)
SSOTokenPrincipal(com.sun.identity.authentication.service.SSOTokenPrincipal)
SSOException(com.iplanet.sso.SSOException)
SSOException(com.iplanet.sso.SSOException)
StringTokenizer(java.util.StringTokenizer)
PolicyEvaluator(com.sun.identity.policy.client.PolicyEvaluator)
Map(java.util.Map)
Principal(java.security.Principal)
SSOTokenPrincipal(com.sun.identity.authentication.service.SSOTokenPrincipal)
Aggregations
SSOException (com.iplanet.sso.SSOException)1
SSOToken (com.iplanet.sso.SSOToken)1
SSOTokenManager (com.iplanet.sso.SSOTokenManager)1
SSOTokenPrincipal (com.sun.identity.authentication.service.SSOTokenPrincipal)1
PolicyEvaluator (com.sun.identity.policy.client.PolicyEvaluator)1
Principal (java.security.Principal)1
Map (java.util.Map)1
StringTokenizer (java.util.StringTokenizer)1
