Example 21 with Condition
use of com.sun.identity.policy.interfaces.Condition in project OpenAM by OpenRock.
the class Conditions method toXML.
/**
* Returns XML string representation of the condition
* (conditions collection) object.
*
* @return xml string representation of this object
*/
protected String toXML() {
StringBuilder sb = new StringBuilder(100);
sb.append("\n").append(CONDITIONS_ELEMENT_BEGIN).append(XMLUtils.escapeSpecialCharacters(name)).append(CONDITIONS_DESCRIPTION).append(XMLUtils.escapeSpecialCharacters(description)).append("\">");
Iterator items = conditions.keySet().iterator();
while (items.hasNext()) {
String conditionName = (String) items.next();
Condition condition = (Condition) conditions.get(conditionName);
sb.append("\n").append(CONDITION_ELEMENT).append(XMLUtils.escapeSpecialCharacters(conditionName)).append(CONDITION_TYPE).append(XMLUtils.escapeSpecialCharacters(ConditionTypeManager.conditionTypeName(condition))).append("\">");
// Add attribute values pairs
Map properties = condition.getProperties();
if (properties != null) {
Set keySet = properties.keySet();
Iterator keys = keySet.iterator();
while (keys.hasNext()) {
sb.append("\n").append(ATTR_VALUE_PAIR_BEGIN);
String key = (String) keys.next();
sb.append(ATTR_NAME_BEGIN);
sb.append(quote(XMLUtils.escapeSpecialCharacters(key)));
sb.append(ATTR_NAME_END);
Set valueSet = (Set) properties.get(key);
if ((valueSet != null) && (!valueSet.isEmpty())) {
Iterator values = valueSet.iterator();
while (values.hasNext()) {
String value = (String) values.next();
sb.append(VALUE_BEGIN);
sb.append(XMLUtils.escapeSpecialCharacters(value));
sb.append(VALUE_END);
}
}
sb.append("\n").append(ATTR_VALUE_PAIR_END);
}
}
sb.append("\n").append(CONDITION_ELEMENT_END);
}
sb.append("\n").append(CONDITIONS_ELEMENT_END);
return (sb.toString());
}
Also used :
Condition(com.sun.identity.policy.interfaces.Condition)
Example 22 with Condition
use of com.sun.identity.policy.interfaces.Condition in project OpenAM by OpenRock.
the class Conditions method getConditionDecision.
/**
* Gets result of evalutating the conditions.
* The effective result is an allow only if each condition type of this
* contraint collection evaluates to allow, for the environment parameters
* passed in env. When there are multiple condition elements in the
* conditions collection, the condition evaluation logic does a
* logical or for the condition elements of the same type and does a
* logical and between sets of condition elements of different condition
* types
*
* @param token single sign on token of the user
* @param env a map of key/value pairs containing any information
* that could be used by each contraint to evaluate
* the allow/deny result
* @return <code>result of evaluating the conditions</code>
*
* @throws PolicyException if an error occured
* @throws SSOException if the token is invalid
*/
ConditionDecision getConditionDecision(SSOToken token, Map env) throws PolicyException, SSOException {
boolean allowed = false;
HashMap allowMap = new HashMap();
HashMap advicesMap = new HashMap();
long timeToLive = Long.MAX_VALUE;
Iterator items = conditions.entrySet().iterator();
while (items.hasNext()) {
Condition condition = (Condition) ((Map.Entry) items.next()).getValue();
String conditionType = ConditionTypeManager.conditionTypeName(condition);
boolean previousAllowed = false;
Boolean previousValue = (Boolean) allowMap.get(conditionType);
if (previousValue != null) {
previousAllowed = previousValue.booleanValue();
}
ConditionDecision cd = condition.getConditionDecision(token, env);
boolean currentAllowed = cd.isAllowed();
currentAllowed = currentAllowed || previousAllowed;
allowMap.put(conditionType, Boolean.valueOf(currentAllowed));
Map cdAdvices = cd.getAdvices();
if ((cdAdvices != null) && (!cdAdvices.isEmpty())) {
Map advices = (Map) advicesMap.get(conditionType);
if (advices == null) {
advices = new HashMap();
advicesMap.put(conditionType, advices);
}
PolicyUtils.appendMapToMap(cdAdvices, (Map) advicesMap.get(conditionType));
}
long ttl = cd.getTimeToLive();
if (ttl < timeToLive) {
timeToLive = ttl;
}
}
Map effectiveAdvices = new HashMap();
if (!allowMap.containsValue(Boolean.FALSE)) {
allowed = true;
} else {
Iterator conditionTypes = advicesMap.keySet().iterator();
while (conditionTypes.hasNext()) {
String conditionType = (String) conditionTypes.next();
Boolean result = (Boolean) allowMap.get(conditionType);
if (result.equals(Boolean.FALSE)) {
PolicyUtils.appendMapToMap((Map) advicesMap.get(conditionType), effectiveAdvices);
}
}
}
if (DEBUG.messageEnabled()) {
DEBUG.message("At Conditions.getConditionDecision():allowed," + "timeToLive, " + " advices=" + allowed + "," + timeToLive + "," + effectiveAdvices);
}
return new ConditionDecision(allowed, timeToLive, effectiveAdvices);
}
Also used :
Condition(com.sun.identity.policy.interfaces.Condition)
Example 23 with Condition
use of com.sun.identity.policy.interfaces.Condition in project OpenAM by OpenRock.
the class PrivilegePolicyMapping method privilegeToPolicy.
@Test(dependsOnMethods = { "policyToPrivilege" })
public void privilegeToPolicy() throws Exception {
Policy p = PrivilegeUtils.privilegeToPolicy("/", privilege);
Set<String> ruleNames = p.getRuleNames();
for (String ruleName : ruleNames) {
Rule r = p.getRule(ruleName);
if (!RES_NAME.equals(r.getResourceName())) {
throw new Exception("PrivilegePolicyMapping.privilegeToPolicy: resource is incorrect");
}
if (!actionValues.equals(r.getActionValues())) {
throw new Exception("PrivilegePolicyMapping.privilegeToPolicy: action value is incorrect");
}
}
Set<String> subjectNames = p.getSubjectNames();
for (String subjectName : subjectNames) {
Subject sbj = p.getSubject(subjectName);
if (!(sbj instanceof PrivilegeSubject)) {
throw new Exception("PrivilegePolicyMapping.privilegeToPolicy: not instance of privilege subject");
}
}
Set<String> conditionNames = p.getConditionNames();
if (conditionNames.size() != 1) {
throw new Exception("PrivilegePolicyMapping.privilegeToPolicy: number of condition is incorrect");
}
for (String conditionName : conditionNames) {
Condition cond = p.getCondition(conditionName);
if (!(cond instanceof PrivilegeCondition)) {
throw new Exception("PrivilegePolicyMapping.privilegeToPolicy: not instance of privilege condition");
}
}
}
Also used :
Policy(com.sun.identity.policy.Policy)
PrivilegeSubject(com.sun.identity.policy.plugins.PrivilegeSubject)
OrCondition(com.sun.identity.entitlement.OrCondition)
PrivilegeCondition(com.sun.identity.policy.plugins.PrivilegeCondition)
Condition(com.sun.identity.policy.interfaces.Condition)
EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition)
PrivilegeCondition(com.sun.identity.policy.plugins.PrivilegeCondition)
Rule(com.sun.identity.policy.Rule)
PolicyException(com.sun.identity.policy.PolicyException)
EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject)
PrivilegeSubject(com.sun.identity.policy.plugins.PrivilegeSubject)
Subject(com.sun.identity.policy.interfaces.Subject)
Test(org.testng.annotations.Test)
Example 24 with Condition
use of com.sun.identity.policy.interfaces.Condition in project OpenAM by OpenRock.
the class PolicyOpViewBeanBase method handleTblConditionsEditLinkRequest.
public void handleTblConditionsEditLinkRequest(RequestInvocationEvent event) throws ModelControlException {
PolicyModel model = (PolicyModel) getModel();
String name = hexToString((String) getDisplayFieldValue(TBL_CONDITIONS_ACTION_HREF));
setPageSessionAttribute(ConditionEditViewBean.CALLING_VIEW_BEAN, getClass().getName());
setPageSessionAttribute(ConditionEditViewBean.EDIT_CONDITION_NAME, name);
try {
CachedPolicy cachedPolicy = getCachedPolicy();
Policy policy = cachedPolicy.getPolicy();
Condition condition = policy.getCondition(name);
String realmName = (String) getPageSessionAttribute(AMAdminConstants.CURRENT_REALM);
String conditionType = model.getConditionTypeName(realmName, condition);
String viewBeanURL = model.getConditionViewBeanURL(realmName, conditionType);
unlockPageTrail();
if ((viewBeanURL != null) && (viewBeanURL.trim().length() > 0)) {
forwardToConditionURL(viewBeanURL, name, conditionType, realmName, "edit");
} else {
forwardToConditionEditViewBean(model, realmName, name, conditionType);
}
} catch (NameNotFoundException e) {
setInlineAlertMessage(CCAlert.TYPE_ERROR, "message.error", model.getErrorString(e));
forwardTo();
} catch (AMConsoleException e) {
debug.warning("PolicyOpViewBeanBase.handleTblConditionsButtonDeleteRequest", e);
redirectToStartURL();
}
}
Also used :
Policy(com.sun.identity.policy.Policy)
CachedPolicy(com.sun.identity.console.policy.model.CachedPolicy)
Condition(com.sun.identity.policy.interfaces.Condition)
NameNotFoundException(com.sun.identity.policy.NameNotFoundException)
CachedPolicy(com.sun.identity.console.policy.model.CachedPolicy)
PolicyModel(com.sun.identity.console.policy.model.PolicyModel)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
Example 25 with Condition
use of com.sun.identity.policy.interfaces.Condition in project OpenAM by OpenRock.
the class PolicyOpViewBeanBase method populateConditionsTable.
protected void populateConditionsTable() throws AMConsoleException {
tblConditionsModel.clearAll();
CachedPolicy cachedPolicy = getCachedPolicy();
Policy policy = cachedPolicy.getPolicy();
Set conditionNames = policy.getConditionNames();
if ((conditionNames != null) && !conditionNames.isEmpty()) {
PolicyModel model = (PolicyModel) getModel();
String realmName = (String) getPageSessionAttribute(AMAdminConstants.CURRENT_REALM);
Map localizedCndTypeNames = model.getActiveConditionTypes(realmName);
boolean firstEntry = true;
for (Iterator iter = conditionNames.iterator(); iter.hasNext(); ) {
if (firstEntry) {
firstEntry = false;
} else {
tblConditionsModel.appendRow();
}
try {
String name = (String) iter.next();
Condition condition = policy.getCondition(name);
tblConditionsModel.setValue(TBL_CONDITIONS_DATA_NAME, name);
String cndTypeName = model.getConditionTypeName(realmName, condition);
String displayName = (String) localizedCndTypeNames.get(cndTypeName);
if (displayName == null) {
displayName = cndTypeName;
}
tblConditionsModel.setValue(TBL_CONDITIONS_DATA_TYPE, displayName);
tblConditionsModel.setValue(TBL_CONDITIONS_ACTION_HREF, stringToHex(name));
} catch (NameNotFoundException e) {
debug.warning("PolicyOpViewBeanBase.populateConditionsTable", e);
}
}
}
}
Also used :
Policy(com.sun.identity.policy.Policy)
CachedPolicy(com.sun.identity.console.policy.model.CachedPolicy)
Condition(com.sun.identity.policy.interfaces.Condition)
Set(java.util.Set)
NameNotFoundException(com.sun.identity.policy.NameNotFoundException)
CachedPolicy(com.sun.identity.console.policy.model.CachedPolicy)
Iterator(java.util.Iterator)
PolicyModel(com.sun.identity.console.policy.model.PolicyModel)
HashMap(java.util.HashMap)
Map(java.util.Map)
Aggregations
Condition (com.sun.identity.policy.interfaces.Condition)27
Policy (com.sun.identity.policy.Policy)10
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)8
NameNotFoundException (com.sun.identity.policy.NameNotFoundException)8
PolicyException (com.sun.identity.policy.PolicyException)8
HashMap (java.util.HashMap)8
Set (java.util.Set)8
HashSet (java.util.HashSet)7
Map (java.util.Map)7
CachedPolicy (com.sun.identity.console.policy.model.CachedPolicy)6
EntitlementCondition (com.sun.identity.entitlement.EntitlementCondition)6
OrCondition (com.sun.identity.entitlement.OrCondition)6
PrivilegeCondition (com.sun.identity.policy.plugins.PrivilegeCondition)6
ConditionTypeManager (com.sun.identity.policy.ConditionTypeManager)5
PolicyManager (com.sun.identity.policy.PolicyManager)5
SSOException (com.iplanet.sso.SSOException)4
Iterator (java.util.Iterator)4
AndCondition (com.sun.identity.entitlement.AndCondition)3
PolicyModel (com.sun.identity.console.policy.model.PolicyModel)2
EntitlementException (com.sun.identity.entitlement.EntitlementException)2
