Example 11 with PolicyDecision
use of com.sun.identity.policy.PolicyDecision in project OpenAM by OpenRock.
the class Gateway method getActionDecision.
private ActionDecision getActionDecision(String url) {
ActionDecision ad = null;
if (pe != null) {
PolicyDecision pd = null;
try {
HashMap envParameters = new HashMap();
pd = pe.getPolicyDecisionIgnoreSubjects(url, actionNames, envParameters);
} catch (Exception e) {
debug.error("GatewayServlet: Error in getting policy decision.", e);
return (null);
}
Map actionDecisions = pd.getActionDecisions();
if (actionDecisions != null) {
if ((ad = (ActionDecision) actionDecisions.get(GET)) == null) {
ad = (ActionDecision) actionDecisions.get(POST);
}
}
}
return ad;
}
Also used :
PolicyDecision(com.sun.identity.policy.PolicyDecision)
HashMap(java.util.HashMap)
ActionDecision(com.sun.identity.policy.ActionDecision)
HashMap(java.util.HashMap)
Map(java.util.Map)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
Example 12 with PolicyDecision
use of com.sun.identity.policy.PolicyDecision in project OpenAM by OpenRock.
the class PolicyDecisionUtils method getActionDecision.
private static ActionDecision getActionDecision(String url, Map envParameters) throws PolicyException {
ActionDecision ad = null;
if (pe != null) {
PolicyDecision pd = null;
try {
pd = pe.getPolicyDecisionIgnoreSubjects(url, actionNames, envParameters);
} catch (PolicyException e) {
debug.error("PolicyDecisionUtils.getActionDecision()", e);
return null;
} catch (SSOException ssoe) {
debug.error("PolicyDecisionUtils.getActionDecision()", ssoe);
return null;
}
Map actionDecisions = pd.getActionDecisions();
if (actionDecisions != null) {
if ((ad = (ActionDecision) actionDecisions.get(GET)) == null) {
ad = (ActionDecision) actionDecisions.get(POST);
}
}
} else {
throw new PolicyException(errorMsg);
}
return ad;
}
Also used :
PolicyDecision(com.sun.identity.policy.PolicyDecision)
PolicyException(com.sun.identity.policy.PolicyException)
ActionDecision(com.sun.identity.policy.ActionDecision)
SSOException(com.iplanet.sso.SSOException)
Map(java.util.Map)
Example 13 with PolicyDecision
use of com.sun.identity.policy.PolicyDecision in project OpenAM by OpenRock.
the class PolicyEvaluator method getPolicyDecision.
/**
* Evaluates privileges of the user to perform the specified actions
* on the specified resource. The evaluation also depends on user's
* run time environment parameters.
*
* @param token single sign on token of the user evaluating policies.
* @param resourceName name of the resource the user is trying to access
* @param actionNames Set of action names the user is trying to perform on
* the resource.
* @param envParameters run-time environment parameters
* @return policy decision
* @throws PolicyException if result could not be computed for any
* reason other than single sign on token problem.
* @throws SSOException if single sign on token is invalid or expired.
*
* @supported.api
*/
public PolicyDecision getPolicyDecision(SSOToken token, String resourceName, Set actionNames, Map envParameters) throws PolicyException, SSOException {
//validate the token
ssoTokenManager.validateToken(token);
if (debug.messageEnabled()) {
debug.message("PolicyEvaluator:getPolicyDecision():" + "token=" + token.getPrincipal().getName() + ":resourceName=" + resourceName + ":actionName=" + actionNames + ":entering");
}
//We need to normalize the resourcename before sending off the policy request to ensure the policy is evaluated
//for the correct resource.
ResourceName resourceComparator = policyProperties.getResourceComparator(serviceName);
resourceName = resourceComparator.canonicalize(resourceName);
PolicyDecision pd = null;
try {
pd = resourceResultCache.getPolicyDecision(appSSOToken, serviceName, token, resourceName, actionNames, envParameters, RETRY_COUNT);
} catch (InvalidAppSSOTokenException e) {
if (debug.warningEnabled()) {
debug.warning("PolicyEvaluator.getPolicyDecision():" + "InvalidAppSSOTokenException occured:" + "getting new appssotoken");
}
appSSOToken = getNewAppSSOToken();
if (policyProperties.notificationEnabled()) {
if (debug.warningEnabled()) {
debug.warning("PolicyEvaluator.getPolicyDecision():" + "InvalidAppSSOTokenException occured:" + "reRegistering remote policy listener");
}
reRegisterRemotePolicyListener(appSSOToken);
}
pd = resourceResultCache.getPolicyDecision(appSSOToken, serviceName, token, resourceName, actionNames, envParameters, RETRY_COUNT);
}
if (debug.messageEnabled()) {
debug.message("PolicyEvaluator:getPolicyDecision():" + "token=" + token.getPrincipal().getName() + ":resourceName=" + resourceName + ":actionNames=" + actionNames + ":returning policyDecision:" + pd.toXML());
}
Object[] objs = { resourceName, actionNames, pd.toXML() };
if (PolicyProperties.DECISION.equals(logActions)) {
logAccessMessage(Level.INFO, ResBundleUtils.getString("policy_eval_decision", objs), token);
}
return pd;
}
Also used :
PolicyDecision(com.sun.identity.policy.PolicyDecision)
ResourceName(com.sun.identity.policy.interfaces.ResourceName)
Example 14 with PolicyDecision
use of com.sun.identity.policy.PolicyDecision in project OpenAM by OpenRock.
the class ResourceResultCache method jsonResourceContentToResourceResults.
Set<ResourceResult> jsonResourceContentToResourceResults(String jsonResourceContent, String serviceName) throws JSONException, PolicyException {
Set<ResourceResult> resourceResults = null;
JSONObject jsonObject = null;
try {
jsonObject = new JSONObject(jsonResourceContent);
} catch (JSONException e) {
debug.error("ResourceResultCache.jsonResourceContentToResourceResults():" + "json parsing error of response: " + jsonResourceContent);
throw new PolicyEvaluationException(ResBundleUtils.rbName, "error_rest_reponse", null, null);
}
int statusCode = jsonObject.optInt("statusCode");
if (statusCode != 200) {
debug.error("ResourceResultCache.jsonResourceContentToResourceResults():" + "statusCode=" + statusCode + ", error response");
throw new PolicyEvaluationException(ResBundleUtils.rbName, "error_rest_reponse", null, null);
}
jsonObject = jsonObject.optJSONObject("body");
if (jsonObject == null) {
debug.error("ResourceResultCache.jsonResourceContentToResourceResults():" + "does not have decisions object");
throw new PolicyEvaluationException(ResBundleUtils.rbName, "error_rest_reponse", null, null);
}
JSONArray jsonArray = jsonObject.optJSONArray("results");
if (jsonArray != null) {
ResourceName resourceComparator = (ResourceName) policyProperties.getResourceComparator(serviceName);
ResourceResult virtualResourceResult = new ResourceResult(ResourceResult.VIRTUAL_ROOT, new PolicyDecision());
int arrayLen = jsonArray.length();
for (int i = 0; i < arrayLen; i++) {
JSONObject jo = jsonArray.optJSONObject(i);
if (jo != null) {
ResourceResult rr = jsonEntitlementToResourceResult(jo, serviceName);
virtualResourceResult.addResourceResult(rr, resourceComparator);
}
}
resourceResults = virtualResourceResult.getResourceResults();
} else {
String resourceName = jsonObject.optString("resourceName");
if (resourceName != null) {
ResourceResult resourceResult = jsonEntitlementToResourceResult(jsonObject, serviceName);
resourceResults = new HashSet<ResourceResult>();
resourceResults.add(resourceResult);
} else {
debug.error("ResourceResultCache.jsonResourceContentToResourceResults():" + "does not have results or resourceName object");
throw new PolicyEvaluationException(ResBundleUtils.rbName, "error_rest_reponse", null, null);
}
}
return resourceResults;
}
Also used :
PolicyDecision(com.sun.identity.policy.PolicyDecision)
ResourceResult(com.sun.identity.policy.ResourceResult)
JSONObject(org.json.JSONObject)
ResourceName(com.sun.identity.policy.interfaces.ResourceName)
JSONArray(org.json.JSONArray)
JSONException(org.json.JSONException)
PolicyEvaluationException(com.sun.identity.policy.remote.PolicyEvaluationException)
Example 15 with PolicyDecision
use of com.sun.identity.policy.PolicyDecision in project OpenAM by OpenRock.
the class ResourceResultCache method getPolicyDecisionFromResourceResults.
/**
* Returns policy decision computed from a set of
* <code>ResourceResult</code> objects
*
* @param resourceResults resource results used to compute policy decision
* @param resourceName resource name for which to get policy decision
* @param resourceComparator <code>ResourceName</code>, resource
* comparison algorithm used to compare resources
*
* @return computed policy decision
*
* @throws PolicyException if can not get policy decision
*/
private PolicyDecision getPolicyDecisionFromResourceResults(Set resourceResults, String resourceName, ResourceName resourceComparator, String serviceName) throws PolicyException {
PolicyDecision pd = new PolicyDecision();
Iterator resultsIter = resourceResults.iterator();
boolean processed = false;
while (!processed && resultsIter.hasNext()) {
ResourceResult resourceResult = (ResourceResult) resultsIter.next();
processed = mergePolicyDecisions(pd, resourceResult, resourceName, resourceComparator, serviceName);
}
return pd;
}
Also used :
PolicyDecision(com.sun.identity.policy.PolicyDecision)
ResourceResult(com.sun.identity.policy.ResourceResult)
Iterator(java.util.Iterator)
Aggregations
PolicyDecision (com.sun.identity.policy.PolicyDecision)22
HashSet (java.util.HashSet)14
Set (java.util.Set)13
Map (java.util.Map)12
HashMap (java.util.HashMap)11
SSOToken (com.iplanet.sso.SSOToken)8
ActionDecision (com.sun.identity.policy.ActionDecision)8
ResourceResult (com.sun.identity.policy.ResourceResult)6
PolicyEvaluator (com.sun.identity.policy.client.PolicyEvaluator)6
PolicyEvaluator (com.sun.identity.policy.PolicyEvaluator)5
Test (org.testng.annotations.Test)5
Parameters (org.testng.annotations.Parameters)4
PolicyException (com.sun.identity.policy.PolicyException)3
ResourceName (com.sun.identity.policy.interfaces.ResourceName)3
IOException (java.io.IOException)3
Iterator (java.util.Iterator)3
ServletException (javax.servlet.ServletException)3
RequestSet (com.iplanet.services.comm.share.RequestSet)2
SSOException (com.iplanet.sso.SSOException)2
AuthContext (com.sun.identity.authentication.AuthContext)2
