Example 1 with ConditionDecision
use of com.sun.identity.policy.ConditionDecision in project OpenAM by OpenRock.
the class AuthenticatedSharedAgentsCondition method getConditionDecision.
/**
* Gets the decision computed by this condition object.
*
* @param token single sign on token of the user
*
* @param env request specific environment map of key/value pairs.
*
* @return the condition decision. The condition decision
* encapsulates whether a policy applies for the request.
*
* Policy framework continues evaluating a policy only if it
* applies to the request as indicated by the CondtionDecision.
* Otherwise, further evaluation of the policy is skipped.
*
* @throws SSOException if the token is invalid
*/
public ConditionDecision getConditionDecision(SSOToken token, Map env) throws PolicyException, SSOException {
boolean allowed = false;
if (debug.messageEnabled()) {
debug.message("AuthenticatedSharedAgentsCondition." + "getConditionDecision: " + "called with Token: " + token.getPrincipal().getName() + ", requestedResourcename: " + env.get(PolicyEvaluator.SUN_AM_ORIGINAL_REQUESTED_RESOURCE));
}
String realmName = null;
String sharedAgentName = null;
String sharedAgentUnivId = null;
try {
AMIdentity id = IdUtils.getIdentity(token);
realmName = id.getRealm();
sharedAgentName = id.getName();
sharedAgentUnivId = id.getUniversalId();
} catch (SSOException ssoe) {
// Debug it and throe error message.
if (debug.messageEnabled()) {
debug.message("AuthenticatedSharedAgentsCondition." + "getConditionDecision: invalid sso token: " + ssoe.getMessage());
}
throw ssoe;
} catch (IdRepoException ide) {
// Debug it and throw converted policy exception.
if (debug.messageEnabled()) {
debug.message("AuthenticatedSharedAgentsCondition." + "getConditionDecision IdRepo exception: ", ide);
}
throw new PolicyException(ide);
}
// Get the resource name from the env
Object o = env.get(PolicyEvaluator.SUN_AM_ORIGINAL_REQUESTED_RESOURCE);
if (debug.messageEnabled()) {
debug.message("AuthenticatedSharedAgentsCondition." + "getConditionDecision:" + " name: " + sharedAgentName + " resource: " + o);
}
if (o != null) {
String resourceName = null;
if (o instanceof String) {
resourceName = (String) o;
} else if (o instanceof Set) {
if (!((Set) o).isEmpty()) {
resourceName = (String) ((Set) o).iterator().next();
}
} else if (debug.warningEnabled()) {
resourceName = "";
debug.warning("AuthenticatedSharedAgentsCondition." + "getConditionDecision: Unable to get resource name");
}
try {
Set agentsFromEnv = new HashSet();
String agentTypeName = IdType.AGENT.getName();
String agentOnlyTypeName = IdType.AGENTONLY.getName();
SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
ServiceConfig orgConfig = getOrgConfig(adminToken, realmName);
String[] retVal = split(resourceName);
if ((retVal[0].equalsIgnoreCase(agentTypeName) && retVal[1].equalsIgnoreCase(agentTypeName)) || (retVal[0].equalsIgnoreCase(agentOnlyTypeName) && retVal[1].equalsIgnoreCase(agentOnlyTypeName))) {
agentsFromEnv.add(retVal[0]);
}
if ((!retVal[0].equalsIgnoreCase(agentTypeName)) && (!retVal[0].equalsIgnoreCase(agentOnlyTypeName))) {
retVal[0] = getAgentNameFromEnv(resourceName);
if (retVal[0] == null) {
return new ConditionDecision(false);
}
if (retVal[0].equalsIgnoreCase(sharedAgentName)) {
Map envMap = getAttributes(orgConfig, retVal[0]);
agentsFromEnv = (Set) envMap.get(attributeToRead);
} else {
agentsFromEnv.add(retVal[0]);
}
if (debug.messageEnabled()) {
debug.message("AuthenticatedSharedAgentsCondition." + "getConditionDecision: agentsFromEnv: " + agentsFromEnv + "retVal[0] " + retVal[0]);
}
}
// Check in cache
if ((sharedAgentsCache != null) && (sharedAgentsCache.containsKey(sharedAgentUnivId))) {
Set agentsfromCache = (Set) sharedAgentsCache.get(sharedAgentUnivId);
if (agentsfromCache != null && !agentsfromCache.isEmpty()) {
allowed = getPermission(agentsFromEnv, agentsfromCache);
}
return new ConditionDecision(allowed);
}
// If not in cache.
// Return the attributes for the given agent under
// default group.
Map agentsAttrMap = getAttributes(orgConfig, sharedAgentName);
Set agentsToRead = (Set) agentsAttrMap.get(attributeToRead);
if (debug.messageEnabled()) {
debug.message("AuthenticatedSharedAgentsCondition." + "getConditionDecision: agentsToRead: " + agentsToRead);
}
if (agentsToRead != null && !agentsToRead.isEmpty()) {
allowed = getPermission(agentsFromEnv, agentsToRead);
}
// Update the cache.
updateCache(sharedAgentUnivId, agentsToRead);
} catch (IdRepoException idpe) {
debug.error("AuthenticatedSharedAgentsCondition." + "getConditionDecision(): Unable to read agent" + " attributes for " + sharedAgentName, idpe);
throw new PolicyException(idpe);
}
}
return new ConditionDecision(allowed);
}
Also used :
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
Set(java.util.Set)
SSOToken(com.iplanet.sso.SSOToken)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
ConditionDecision(com.sun.identity.policy.ConditionDecision)
PolicyException(com.sun.identity.policy.PolicyException)
ServiceConfig(com.sun.identity.sm.ServiceConfig)
AMIdentity(com.sun.identity.idm.AMIdentity)
HashMap(java.util.HashMap)
Map(java.util.Map)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
Example 2 with ConditionDecision
use of com.sun.identity.policy.ConditionDecision in project OpenAM by OpenRock.
the class AuthenticateToRealmCondition method getConditionDecision.
/**
* Returns the decision computed by this condition object, based on the
* map of environment parameters
*
* @param token single sign on token of the user
*
* @param env request specific environment map of key/value pairs
* <code>AuthenticateToRealmCondition</code> looks for value of key
* <code>REQUEST_AUTHENTICATED_TO_REALMS</code> in the map.
* The value should be a <code>Set</code> with <code>String</code>
* elements.
* If the <code>env</code> parameter is <code>null</code> or does not
* define the value for
* <code>REQUEST_AUTHENTICATED_TO_REALMS</code>, value for
* <code>REQUEST_AUTHENTICATED_TO_REALMS</code> is computed
* from sso token.
*
* @return the condition decision. The condition decision encapsulates
* whether a policy applies for the request and advice messages
* generated by the condition.
*
* Policy framework continues evaluating a policy only if it applies
* to the request as indicated by the <code>ConditionDecision</code>.
* Otherwise, further evaluation of the policy is skipped.
* However, the advice messages encapsulated in the
* <code>ConditionDecision</code> are aggregated and passed up, encapsulated
* in the policy decision.
*
* @throws PolicyException if the condition has not been initialized with a
* successful call to <code>setProperties(Map)</code> and/or the
* value of <code>REQUEST_AUTHENTICATED_TO_REALMS</code> could not be
* determined.
* @throws SSOException if the token is invalid
*
* @see #setProperties(Map)
* @see #AUTHENTICATE_TO_REALM
* @see #REQUEST_AUTHENTICATED_TO_REALMS
* @see com.sun.identity.policy.ConditionDecision
*/
public ConditionDecision getConditionDecision(SSOToken token, Map env) throws PolicyException, SSOException {
// We don't care about case of the realm when doing the comparison so use a CaseInsensitiveHashSet
Set requestAuthnRealms = new CaseInsensitiveHashSet();
if ((env != null) && (env.get(REQUEST_AUTHENTICATED_TO_REALMS) != null)) {
try {
requestAuthnRealms.addAll((Set) env.get(REQUEST_AUTHENTICATED_TO_REALMS));
if (debugMessageEnabled) {
DEBUG.message("At AuthenticateToRealmCondition." + "getConditionDecision(): " + "requestAuthnRealms, from request = " + requestAuthnRealms);
}
} catch (ClassCastException e) {
String[] args = { REQUEST_AUTHENTICATED_TO_REALMS };
throw new PolicyException(ResBundleUtils.rbName, "property_is_not_a_Set", args, e);
}
} else {
if (token != null) {
Set authenticatedRealms = AMAuthUtils.getAuthenticatedRealms(token);
if (authenticatedRealms != null) {
requestAuthnRealms.addAll(authenticatedRealms);
}
if (debugMessageEnabled) {
DEBUG.message("At AuthenticateToRealmCondition." + "getConditionDecision(): " + "requestAuthnRealms, from ssoToken = " + requestAuthnRealms);
}
}
}
boolean allowed = true;
Set adviceMessages = new HashSet(1);
if (!requestAuthnRealms.contains(authenticateToRealm)) {
allowed = false;
adviceMessages.add(authenticateToRealm);
if (debugMessageEnabled) {
DEBUG.message("At AuthenticateToRealmCondition." + "getConditionDecision():" + "authenticateToRealm not satisfied = " + authenticateToRealm);
}
}
if (debugMessageEnabled) {
DEBUG.message("At AuthenticateToRealmCondition." + "getConditionDecision():authenticateToRealm = " + authenticateToRealm + "," + "requestAuthnRealms = " + requestAuthnRealms + ", " + " allowed = " + allowed);
}
Map advices = new HashMap();
if (!allowed) {
advices.put(AUTHENTICATE_TO_REALM_CONDITION_ADVICE, adviceMessages);
}
return new ConditionDecision(allowed, advices);
}
Also used :
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
Set(java.util.Set)
HashSet(java.util.HashSet)
PolicyException(com.sun.identity.policy.PolicyException)
HashMap(java.util.HashMap)
HashMap(java.util.HashMap)
Map(java.util.Map)
ConditionDecision(com.sun.identity.policy.ConditionDecision)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
HashSet(java.util.HashSet)
Example 3 with ConditionDecision
use of com.sun.identity.policy.ConditionDecision in project OpenAM by OpenRock.
the class AuthSchemeCondition method getConditionDecision.
/**
* Gets the decision computed by this condition object, based on the
* map of environment parameters
*
* @param token single sign on token of the user
*
* @param env request specific environment map of key/value pairs
* <code>AuthSchemeCondition</code> looks for value of key
* <code>REQUEST_AUTH_SCHEHMES</code> in the map. The value should
* be a String. If the <code>env</code> parameter is null or does not
* define the value for <code.REQUEST_AUTH_SCHEMES</code>, value for
* <code>REQUEST_AUTH_SCHEMES</code> is computed using
* <code>AuthMethod</code> obtained from single sign on token of
* the user.
*
* @return the condition decision. The condition decision encapsulates
* whether a policy applies for the request and advice messages
* generated by the condition.
* Policy framework continues evaluating a policy only if it applies
* to the request as indicated by the <code>ConditionDecision</code>.
* Otherwise, further evaluation of the policy is skipped.
* However, the advice messages encapsulated in the
* <code>ConditionDecision</code> are aggregated and passed up, encapsulated
* in the policy decision.
*
* @throws PolicyException if the condition has not been initialized with a
* successful call to <code>setProperties(Map)</code> and/or the
* value of <code>REQUEST_AUTH_SCHEMES</code> could not be
* determined.
* @throws SSOException if the token is invalid
*
* @see #setProperties(Map)
* @see #AUTH_SCHEME
* @see #REQUEST_AUTH_SCHEMES
* @see com.sun.identity.policy.ConditionDecision
*/
public ConditionDecision getConditionDecision(SSOToken token, Map env) throws PolicyException, SSOException {
if (DEBUG.messageEnabled()) {
DEBUG.message("At AuthSchemeCondition." + "getConditionDecision():entering:" + "authSchemes=" + authSchemes + ", appName=" + appName + ", appIdleTimeout=" + appIdleTimeout);
}
boolean allowed = false;
Set requestAuthSchemes = null;
Set requestAuthSchemesIgnoreRealm = null;
if ((env != null) && (env.get(REQUEST_AUTH_SCHEMES) != null)) {
try {
requestAuthSchemes = (Set) env.get(REQUEST_AUTH_SCHEMES);
if (DEBUG.messageEnabled()) {
DEBUG.message("At AuthSchemeCondition." + "getConditionDecision(): " + "requestAuthSchemes from env= " + requestAuthSchemes);
}
} catch (ClassCastException e) {
String[] args = { REQUEST_AUTH_SCHEMES };
throw new PolicyException(ResBundleUtils.rbName, "property_is_not_a_Set", args, e);
}
} else {
if (token != null) {
requestAuthSchemes = AMAuthUtils.getRealmQualifiedAuthenticatedSchemes(token);
requestAuthSchemesIgnoreRealm = AMAuthUtils.getAuthenticatedSchemes(token);
if (DEBUG.messageEnabled()) {
DEBUG.message("At AuthSchemeCondition." + "getConditionDecision(): " + "requestAuthSchemes from ssoToken= " + requestAuthSchemes);
DEBUG.message("At AuthSchemeCondition." + "getConditionDecision(): " + "requestAuthSchemesIgnoreRealm from ssoToken= " + requestAuthSchemesIgnoreRealm);
}
}
}
if (requestAuthSchemes == null) {
requestAuthSchemes = Collections.EMPTY_SET;
}
if (requestAuthSchemesIgnoreRealm == null) {
requestAuthSchemesIgnoreRealm = Collections.EMPTY_SET;
}
Iterator authSchemesIter = authSchemes.iterator();
String authScheme = null;
allowed = true;
Set adviceMessages = new HashSet(authSchemes.size());
while (authSchemesIter.hasNext()) {
authScheme = (String) authSchemesIter.next();
if (!requestAuthSchemes.contains(authScheme)) {
String realm = AMAuthUtils.getRealmFromRealmQualifiedData(authScheme);
if ((realm != null) && (realm.length() != 0)) {
allowed = false;
adviceMessages.add(authScheme);
if (DEBUG.messageEnabled()) {
DEBUG.message("At AuthSchemeCondition." + "getConditionDecision():" + "authScheme not satisfied = " + authScheme);
}
break;
} else if ((realm == null) || (realm.length() == 0)) {
if (!requestAuthSchemesIgnoreRealm.contains(authScheme)) {
allowed = false;
adviceMessages.add(authScheme);
if (DEBUG.messageEnabled()) {
DEBUG.message("At AuthSchemeCondition." + "getConditionDecision():" + "authScheme not satisfied = " + authScheme);
}
break;
}
}
}
}
if (DEBUG.messageEnabled()) {
DEBUG.message("At AuthSchemeCondition.getConditionDecision():" + "authSchemes = " + authSchemes + "," + " requestAuthSchemes = " + requestAuthSchemes + ", " + " allowed before appIdleTimeout check = " + allowed);
}
Map advices = new HashMap();
if (!allowed) {
advices.put(AUTH_SCHEME_CONDITION_ADVICE, adviceMessages);
}
long timeToLive = Long.MAX_VALUE;
//following additions are to support application idle timeout
long currentTimeMillis = System.currentTimeMillis();
//a collector
Set expiredAuthSchemes = new HashSet();
if (appIdleTimeoutEnabled) {
if (allowed) {
//condition satisfied pending idletimeout check
//do idletimeout check
long idleTimesOutAtMillis = getApplicationIdleTimesoutAt(token, expiredAuthSchemes, currentTimeMillis);
if (idleTimesOutAtMillis <= currentTimeMillis) {
allowed = false;
}
if (DEBUG.messageEnabled()) {
DEBUG.message("At AuthSchemeCondition." + "getConditionDecision():" + "currentTimeMillis = " + currentTimeMillis + ", idleTimesOutAtMillis = " + idleTimesOutAtMillis + ", expiredAuthSchemes = " + expiredAuthSchemes + ", allowed after appIdleTimeout check = " + allowed);
}
}
if (allowed) {
//condition satisfied
long appIdleTimesoutAt = currentTimeMillis + appIdleTimeout;
token.setProperty(appIdleTimesoutAtSessionKey, Long.toString(appIdleTimesoutAt));
timeToLive = appIdleTimesoutAt;
if (DEBUG.messageEnabled()) {
DEBUG.message("At AuthSchemeCondition." + "getConditionDecision():" + "app access allowed, revised appIdleTimesOutAt=" + appIdleTimesoutAt + ", currentTimeMillis=" + currentTimeMillis);
}
} else {
//condiiton not satisifed
adviceMessages.addAll(expiredAuthSchemes);
advices.put(AUTH_SCHEME_CONDITION_ADVICE, adviceMessages);
Set forceAuthAdvices = new HashSet();
forceAuthAdvices.add(TRUE);
advices.put(FORCE_AUTH_ADVICE, forceAuthAdvices);
}
}
if (DEBUG.messageEnabled()) {
DEBUG.message("At AuthSchemeCondition.getConditionDecision():" + "just before return:" + "allowed = " + allowed + ", timeToLive = " + timeToLive + ", advices = " + advices);
}
return new ConditionDecision(allowed, timeToLive, advices);
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
PolicyException(com.sun.identity.policy.PolicyException)
HashMap(java.util.HashMap)
Iterator(java.util.Iterator)
HashMap(java.util.HashMap)
Map(java.util.Map)
ConditionDecision(com.sun.identity.policy.ConditionDecision)
HashSet(java.util.HashSet)
Example 4 with ConditionDecision
use of com.sun.identity.policy.ConditionDecision in project OpenAM by OpenRock.
the class AuthLevelCondition method getConditionDecision.
/**
* Gets the decision computed by this condition object, based on the
* map of environment parameters
*
* @param token single-sign-on token of the user
*
* @param env request specific environment map of key/value pairs
* <code>AuthLevelCondition</code> looks for value of key
* <code>REQUEST_AUTH_LEVEL</code> in the map. The value should be
* an Integer or a set of <code>String</code>s.
* If it is a <code>Set</code> of <code>String</code>s, each element
* of the set has to be parseable as integer or should be a realm
* qualified integer. If the <code>env</code> parameter is null or
* does not define value for <code>REQUEST_AUTH_LEVEL</code>,
* the value for <code>REQUEST_AUTH_LEVEL</code> is obtained from
* the single sign on token of the user.
*
* @return the condition decision. The condition decision encapsulates
* whether a policy applies for the request and advice messages
* generated by the condition.
*
* The decision would imply policy is
* applicable if <code>AUTH_LEVEL</code> is greater than or equal to
* <code>REQUES_AUTH_LEVEL</code>. If <code>AUTH_LEVEL</code> is
* qualified with a realm name, <code>REQUEST_AUTH_LEVEL</code>
* values only with the matching realm name are compared. If the
* policy is not applicable as determined by the
* <code>Condition</code>, an <code>Advice</code> would be
* included in the <code>ConditionDecision</code> with key
* <code>AUTH_LEVEL_ADVICE</code> and value corresponding to
* <code>AUTH_LEVEL</code>
*
* Policy framework continues evaluating a policy only if it applies
* to the request as indicated by the <code>ConditionDecision</code>.
* Otherwise, further evaluation of the policy is skipped.
* However, the <code>Advice</code>s encapsulated in the
* <code>ConditionDecision</code> are aggregated and passed up, encapsulated
* in the <code>PolicyDecision</code>.
*
* @throws PolicyException if the condition has not been initialized
* with a successful call to <code>setProperties(Map)</code>
* and/or the value of <code>REQUEST_AUTH_LEVEL</code> could not
* be determined.
* @throws SSOException if the token is invalid
*
* @see #setProperties(Map)
* @see #AUTH_LEVEL
* @see #REQUEST_AUTH_LEVEL
* @see com.sun.identity.policy.ConditionDecision
* @see com.sun.identity.authentication.util.AMAuthUtils
* #getAuthenticatedLevels(SSOToken)
* @see com.sun.identity.authentication.util.AMAuthUtils
* #getRealmQualifiedAuthenticatedLevels(SSOToken)
*/
public ConditionDecision getConditionDecision(SSOToken token, Map env) throws PolicyException, SSOException {
boolean allowed = false;
int maxRequestAuthLevel = Integer.MIN_VALUE;
if (DEBUG.messageEnabled()) {
DEBUG.message("AuthLevelCondition.getConditionDecision():" + "entering");
}
maxRequestAuthLevel = getMaxRequestAuthLevel(env);
if ((maxRequestAuthLevel == Integer.MIN_VALUE) && (token != null)) {
maxRequestAuthLevel = getMaxRequestAuthLevel(token);
}
if (maxRequestAuthLevel >= authLevelInt) {
allowed = true;
}
Map advices = new HashMap();
if (!allowed) {
Set adviceMessages = new HashSet(1);
adviceMessages.add(authLevel);
advices.put(AUTH_LEVEL_CONDITION_ADVICE, adviceMessages);
}
if (DEBUG.messageEnabled()) {
DEBUG.message("At AuthLevelCondition.getConditionDecision():" + "authLevel=" + authLevel + ",maxRequestAuthLevel=" + maxRequestAuthLevel + ",allowed = " + allowed + ",advices=" + advices);
}
return new ConditionDecision(allowed, advices);
}Example 5 with ConditionDecision
use of com.sun.identity.policy.ConditionDecision in project OpenAM by OpenRock.
the class SessionCondition method getConditionDecision.
/**
* Gets the decision computed by this condition object, based on the
* map of environment parameters or the user token. If the value of
* <code>TERMINATE_SESSION</code> is true and the condition
* evaluation is false, it terminates the user session.
*
* @param token single-sign-on token of the user
* @param env request specific environment map of key/value pair. This
* condition looks for value of key
* <code>REQUEST_SESSION_CREATION_TIME</code> in the map. And the
* value should be a <code>Long</code>. If the <code>env</code> is
* null of does not define value for
* <code>REQUEST_SESSION_CREATION_TIME</code>, the
* value will be obtained from SSO token of the user
* @return The condition decision. The condition decision encapsulates
* whether a policy applies for the request and advice messages
* generated by the condition.
* Policy framework continues evaluating a policy only if it
* applies to the request as indicated by the condition decision.
* Otherwise, further evaluation of the policy is skipped.
* However, the advice messages encapsulated in the
* condition decision are aggregated and passed up, encapsulated in
* the policy decision
*
* @throws PolicyException if the condition has not been initialized
* @throws SSOException if the SSO token is invalid or there is error when
trying to destroy the SSO token
*
* @see com.sun.identity.policy.ConditionDecision
*/
public ConditionDecision getConditionDecision(SSOToken token, Map env) throws PolicyException, SSOException {
boolean allowed = false;
Long requestSessionCreationTime = null;
if (token == null) {
return new ConditionDecision(true, Long.MAX_VALUE);
}
if (env != null) {
try {
requestSessionCreationTime = (Long) env.get(REQUEST_SESSION_CREATION_TIME);
} catch (ClassCastException e) {
String[] args = { REQUEST_SESSION_CREATION_TIME };
throw new PolicyException(ResBundleUtils.rbName, "property_is_not_a_Long", args, null);
}
}
long tokenCreationTime;
if (requestSessionCreationTime != null) {
tokenCreationTime = requestSessionCreationTime.longValue();
} else {
try {
tokenCreationTime = (DateUtils.stringToDate(token.getProperty(SSOTOKEN_PROPERTY_AUTHINSTANT))).getTime();
} catch (ParseException e) {
throw new PolicyException(ResBundleUtils.rbName, "unable_to_parse_ssotoken_authinstant", null, e);
}
}
long currentTime = System.currentTimeMillis();
long timeToLive = Long.MAX_VALUE;
long expiredTime = tokenCreationTime + maxSessionTime;
if (debug.messageEnabled()) {
debug.message(new StringBuffer("SessionCondition.getConditionDecision():").append("\n currentTime: ").append(currentTime).append("\n expiredTime: ").append(expiredTime).toString());
}
ConditionDecision conditionDecision = null;
if (currentTime < expiredTime) {
allowed = true;
timeToLive = expiredTime;
conditionDecision = new ConditionDecision(allowed, timeToLive);
} else {
Map advices = new HashMap(1);
Set adviceMessages = null;
if (terminateSession) {
// set advice message
adviceMessages = new HashSet(2);
adviceMessages.add(ADVICE_DENY);
adviceMessages.add(ADVICE_TERMINATE_SESSION);
// terminate token session
try {
SSOTokenManager.getInstance().destroyToken(token);
if (debug.messageEnabled()) {
debug.message("SessionCondition.getConditionDecision(): " + "successfully terminated user session!");
}
} catch (SSOException ssoEx) {
if (debug.warningEnabled()) {
debug.warning("SessionCondition.getConditionDecision(): " + "failed to terminate user session!", ssoEx);
}
}
} else {
// set advice message
adviceMessages = new HashSet(1);
adviceMessages.add(ADVICE_DENY);
}
advices.put(SESSION_CONDITION_ADVICE, adviceMessages);
conditionDecision = new ConditionDecision(allowed, timeToLive, advices);
}
return conditionDecision;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
HashMap(java.util.HashMap)
SSOException(com.iplanet.sso.SSOException)
ConditionDecision(com.sun.identity.policy.ConditionDecision)
PolicyException(com.sun.identity.policy.PolicyException)
ParseException(java.text.ParseException)
HashMap(java.util.HashMap)
Map(java.util.Map)
HashSet(java.util.HashSet)
Aggregations
ConditionDecision (com.sun.identity.policy.ConditionDecision)14
HashSet (java.util.HashSet)12
Set (java.util.Set)12
HashMap (java.util.HashMap)11
PolicyException (com.sun.identity.policy.PolicyException)8
Map (java.util.Map)7
Test (org.testng.annotations.Test)4
SSOException (com.iplanet.sso.SSOException)3
CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)3
Iterator (java.util.Iterator)3
AMIdentity (com.sun.identity.idm.AMIdentity)2
IdRepoException (com.sun.identity.idm.IdRepoException)2
SSOToken (com.iplanet.sso.SSOToken)1
OrderedSet (com.sun.identity.shared.datastruct.OrderedSet)1
ServiceConfig (com.sun.identity.sm.ServiceConfig)1
ParseException (java.text.ParseException)1
