Example 91 with PolicyException
use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.
the class PolicyRequestHandler method removePolicyListener.
/*
* Remove a policy change listener from the policy framework.
*/
private boolean removePolicyListener(SSOToken appToken, RemoveListenerRequest removeListenerReq, Map<String, Set<String>> appAttributes) {
if (removeListenerReq == null) {
debug.error("PolicyRequestHandler.removePolicyListener: " + "invalid remove policy listener request received");
return false;
}
String serviceTypeName = removeListenerReq.getServiceName();
String notiURL = removeListenerReq.getNotificationURL();
if (!listenerRegistry.containsKey(notiURL)) {
if (debug.messageEnabled()) {
debug.message("PolicyRequestHandler.removePolicyListener: " + "policy listener to be removed for service " + serviceTypeName + " has not been registered yet; the notification URL is " + notiURL);
}
return true;
}
PolicyListener policyListener = (PolicyListener) listenerRegistry.get(notiURL);
if (policyListener == null) {
listenerRegistry.remove(notiURL);
return true;
}
PolicyEvaluator policyEvaluator = null;
try {
// Get an instance of the policy evaluator
policyEvaluator = getPolicyEvaluator(appToken, serviceTypeName, appAttributes);
if (policyEvaluator != null) {
// remove the policy listener from the policy framework
policyEvaluator.removePolicyListener(policyListener);
listenerRegistry.remove(notiURL);
if (debug.messageEnabled()) {
debug.message("PolicyRequestHandler.removePolicyListener: " + "policy listener for service " + serviceTypeName + " removed");
}
}
} catch (PolicyException e) {
debug.error("PolicyRequestHandler.removePolicyListener: " + "failed to remove policy change listener", e);
return false;
}
return true;
}
Also used :
PolicyListener(com.sun.identity.policy.interfaces.PolicyListener)
PolicyEvaluator(com.sun.identity.policy.PolicyEvaluator)
PolicyException(com.sun.identity.policy.PolicyException)
Example 92 with PolicyException
use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.
the class PolicyDecisionUtils method getActionDecision.
private static ActionDecision getActionDecision(String url, Map envParameters) throws PolicyException {
ActionDecision ad = null;
if (pe != null) {
PolicyDecision pd = null;
try {
pd = pe.getPolicyDecisionIgnoreSubjects(url, actionNames, envParameters);
} catch (PolicyException e) {
debug.error("PolicyDecisionUtils.getActionDecision()", e);
return null;
} catch (SSOException ssoe) {
debug.error("PolicyDecisionUtils.getActionDecision()", ssoe);
return null;
}
Map actionDecisions = pd.getActionDecisions();
if (actionDecisions != null) {
if ((ad = (ActionDecision) actionDecisions.get(GET)) == null) {
ad = (ActionDecision) actionDecisions.get(POST);
}
}
} else {
throw new PolicyException(errorMsg);
}
return ad;
}
Also used :
PolicyDecision(com.sun.identity.policy.PolicyDecision)
PolicyException(com.sun.identity.policy.PolicyException)
ActionDecision(com.sun.identity.policy.ActionDecision)
SSOException(com.iplanet.sso.SSOException)
Map(java.util.Map)
Example 93 with PolicyException
use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.
the class UserSelfCheckCondition method getConditionDecision.
/**
* Gets the decision computed by this condition object.
*
* @param token single sign on token of the user
*
* @param env request specific environment map of key/value pairs.
*
* @return the condition decision. The condition decision
* encapsulates whether a policy applies for the request.
*
* Policy framework continues evaluating a policy only if it
* applies to the request as indicated by the CondtionDecision.
* Otherwise, further evaluation of the policy is skipped.
*
* @throws SSOException if the token is invalid
*/
public ConditionDecision getConditionDecision(SSOToken token, Map env) throws PolicyException, SSOException {
boolean allowed = false;
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition.getConditionDecision: " + "called with Token: " + token.getPrincipal().getName() + ", requestedResourcename: " + env.get(PolicyEvaluator.SUN_AM_REQUESTED_RESOURCE));
}
// Check if attributes in envMap are a subset of "attributes"
boolean attributeCheckOk = allowAllAttributes;
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition.getConditionDecision: " + "attributeCheckOk:" + attributeCheckOk);
}
Set attrSet = null;
if (!attributeCheckOk) {
Object o = env.get(ATTRIBUTES);
if (o != null && o instanceof Set) {
Set s = (Set) o;
if (!s.isEmpty()) {
attrSet = new CaseInsensitiveHashSet();
attrSet.addAll((Set) o);
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition." + "getConditionDecision: Is attributes " + attrSet + " subset of config attrs: " + attributes);
}
if (attributes.containsAll(attrSet)) {
attributeCheckOk = true;
}
}
} else if (debug.warningEnabled()) {
debug.warning("UserSelfCheckCondition.getConditionDecision " + "Invalid attribute set in env params");
}
}
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition.getConditionDecision: " + "attributes check:" + attributeCheckOk);
}
if (!attributeCheckOk && (notAttributes != null) && !(notAttributes.isEmpty())) {
if ((attrSet != null) && !(attrSet.isEmpty())) {
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition." + "getConditionDecision: Is attributes " + attrSet + " subset of notattrs:" + notAttributes);
}
Iterator it = attrSet.iterator();
for (int i = 0; it.hasNext(); i++) {
String attr = (String) it.next();
if ((notAttributes.contains(attr))) {
attributeCheckOk = false;
break;
}
// If notAttributes schema is defined and if
// none of the attributes are in NotAttributes set,
// then return true.
attributeCheckOk = true;
}
}
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition.getConditionDecision:" + " attributeCheckOk " + attributeCheckOk + " for notAttributes " + notAttributes);
}
}
if (attributeCheckOk) {
// Construct the users' resource string
StringBuffer name = new StringBuffer(100);
name.append(RESOURCE_PREFIX);
try {
AMIdentity id = IdUtils.getIdentity(token);
name.append(id.getRealm());
name.append(RESOURCE_NAME);
name.append(id.getType().getName()).append("/");
name.append(id.getName());
} catch (SSOException ssoe) {
// Debug it
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition." + "getConditionDecision: invalid sso token: " + ssoe.getMessage());
}
throw ssoe;
} catch (IdRepoException ide) {
// Debug it
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition." + "getConditionDecision IdRepo exception: ", ide);
}
throw new PolicyException(ide);
}
// Get the resource name from the env
Object o = env.get(PolicyEvaluator.SUN_AM_REQUESTED_RESOURCE);
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition.getConditionDecision:" + " name: " + name + " resource: " + o);
}
if (o != null) {
String resource = null;
if (o instanceof String) {
resource = (String) o;
} else if (o instanceof Set) {
resource = (String) ((Set) o).iterator().next();
} else if (debug.warningEnabled()) {
resource = "";
debug.warning("UserSelfCheckCondition." + "getConditionDecision: Unable to get resource name");
}
// compare the resource and the name
if (resource.equalsIgnoreCase(name.toString())) {
allowed = true;
if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition." + "getConditionDecision: " + "returning true");
}
} else if (debug.messageEnabled()) {
debug.message("UserSelfCheckCondition." + "getConditionDecision:Resource names donot match: " + resource + " " + name);
}
}
}
return new ConditionDecision(allowed);
}
Also used :
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
ConditionDecision(com.sun.identity.policy.ConditionDecision)
CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet)
PolicyException(com.sun.identity.policy.PolicyException)
AMIdentity(com.sun.identity.idm.AMIdentity)
Example 94 with PolicyException
use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.
the class SessionCondition method validateProperties.
/**
* This method validates the properties set using the <code>setProperties
* </code> method. It checks for the presence of the required key
* <code>MAX_SESSION_TIME</code>, validates it and also makes sure no other
* invalid key is being set. It also looks for optional key
* TERMINATE_SESSION and ensures its value is valid.
* @see #MAX_SESSION_TIME
* @see #TERMINATE_SESSION
*/
private boolean validateProperties() throws PolicyException {
if ((properties == null) || (properties.keySet() == null)) {
throw new PolicyException(ResBundleUtils.rbName, "properties_can_not_be_null_or_empty", null, null);
}
if (debug.messageEnabled()) {
debug.message("SessionCondition.validateProperties(): " + "properties: " + properties);
}
// validate and get max session time
String value = getPropertyStringValue(MAX_SESSION_TIME, true);
try {
int i = Integer.parseInt(value);
if (i > 0) {
maxSessionTime = i * 60000;
} else {
String[] args = { MAX_SESSION_TIME, value };
throw new PolicyException(ResBundleUtils.rbName, "invalid_property_value", args, null);
}
} catch (NumberFormatException e) {
String[] args = { MAX_SESSION_TIME };
throw new PolicyException(ResBundleUtils.rbName, "property_is_not_an_Integer", args, null);
}
// get value for terminate session
value = getPropertyStringValue(TERMINATE_SESSION, false);
if (value != null && value.equals(SESSION_CONDITION_TRUE_VALUE)) {
terminateSession = true;
}
return true;
}
Also used :
PolicyException(com.sun.identity.policy.PolicyException)
Example 95 with PolicyException
use of com.sun.identity.policy.PolicyException in project OpenAM by OpenRock.
the class ResourceResultRequest method parseXML.
/**
* Returns <code>ResourceResultRequest</code> object constructed from a
* XML.
*
* @param pNode the XML DOM node for the <code>ResourceResultRequest</code>
* object
* @return constructed <code>ResourceResultRequest</code> object.
*/
public static ResourceResultRequest parseXML(Node pNode) throws PolicyEvaluationException {
ResourceResultRequest resResultReq = new ResourceResultRequest();
String attr = null;
attr = XMLUtils.getNodeAttributeValue(pNode, USER_SSOTOKEN);
if ((attr == null) || (attr.trim().equals(PolicyUtils.EMPTY_STRING))) {
if (debug.messageEnabled()) {
debug.error("ResourceResultRequest: user sso toekn is null");
}
attr = PolicyUtils.EMPTY_STRING;
}
resResultReq.setUserSSOToken(attr);
attr = XMLUtils.getNodeAttributeValue(pNode, SERVICE_NAME);
if (attr == null) {
debug.error("ResourceResultRequest: missing attribute " + SERVICE_NAME);
String[] objs = { SERVICE_NAME };
throw new PolicyEvaluationException(ResBundleUtils.rbName, "missing_attribute", objs, null);
}
resResultReq.setServiceName(attr);
attr = XMLUtils.getNodeAttributeValue(pNode, RESOURCE_NAME);
if (attr == null) {
debug.error("ResourceResultRequest: missing attribute " + RESOURCE_NAME);
String[] objs = { RESOURCE_NAME };
throw new PolicyEvaluationException(ResBundleUtils.rbName, "missing_attribute", objs, null);
}
resResultReq.setResourceName(attr);
attr = XMLUtils.getNodeAttributeValue(pNode, RESOURCE_SCOPE);
if (attr == null) {
/* if the resource scope is not specified in the request,
* we take the default value RESOURCE_SCOPE_STRICT_SUBTREE
*/
resResultReq.setResourceScope(RESOURCE_SCOPE_STRICT_SUBTREE);
} else {
if (attr.equals(RESOURCE_SCOPE_SUBTREE) || attr.equals(RESOURCE_SCOPE_STRICT_SUBTREE) || attr.equals(RESOURCE_SCOPE_SELF) || attr.equals(RESPONSE_ATTRIBUTES_ONLY)) {
resResultReq.setResourceScope(attr);
} else {
debug.error("ResourceResultRequest: invalid value " + attr + " set for attribute " + RESOURCE_SCOPE);
String[] objs = { attr, RESOURCE_SCOPE };
throw new PolicyEvaluationException(ResBundleUtils.rbName, "invalid_value_for_attribute", objs, null);
}
}
Node node = XMLUtils.getChildNode(pNode, ENV_PARAMETERS);
if (node != null) {
try {
resResultReq.setEnvParms(PolicyUtils.parseEnvParameters(node));
} catch (PolicyException pe) {
throw new PolicyEvaluationException(pe);
}
}
node = XMLUtils.getChildNode(pNode, GET_RESPONSE_DECISIONS);
if (node != null) {
try {
resResultReq.setResponseAttributes(PolicyUtils.parseResponseAttributes(node));
} catch (PolicyException pe) {
throw new PolicyEvaluationException(pe);
}
}
return resResultReq;
}
Also used :
PolicyException(com.sun.identity.policy.PolicyException)
Node(org.w3c.dom.Node)
Aggregations
PolicyException (com.sun.identity.policy.PolicyException)151
SSOException (com.iplanet.sso.SSOException)64
HashSet (java.util.HashSet)63
Set (java.util.Set)57
Iterator (java.util.Iterator)50
PolicyManager (com.sun.identity.policy.PolicyManager)35
NameNotFoundException (com.sun.identity.policy.NameNotFoundException)32
HashMap (java.util.HashMap)28
Map (java.util.Map)27
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)26
ByteString (org.forgerock.opendj.ldap.ByteString)16
EntitlementException (com.sun.identity.entitlement.EntitlementException)14
LdapException (org.forgerock.opendj.ldap.LdapException)13
ResultCode (org.forgerock.opendj.ldap.ResultCode)13
Connection (org.forgerock.opendj.ldap.Connection)12
SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)12
InvalidNameException (com.sun.identity.policy.InvalidNameException)11
ValidValues (com.sun.identity.policy.ValidValues)11
IOException (java.io.IOException)11
ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)11
