use of com.sun.identity.policy.interfaces.ResourceName in project OpenAM by OpenRock.
the class PolicyProperties method setResourceComparator.
/**
* Sets the <code>ResourceName</code> to be used by policy client API
*
* @param str <code>ResourceName</code> to be used by different services
* with control parameters formatted in a proprietary <code>String</code>
* format
*
*/
void setResourceComparator(String str) throws PolicyException {
if (debug.messageEnabled()) {
debug.message("PolicyProperties.setResourceComparator():" + "entering with str value=" + str);
}
ResourceName resourceComparator = null;
String[] tokens = new String[5];
String serviceName = null;
String className = null;
String delimiter = null;
String wildCard = null;
String oneLevelWildCard = null;
String caseSensitive = null;
int count = 0;
Map configMap = new HashMap(4);
StringTokenizer st = new StringTokenizer(str, PIPE);
while (st.hasMoreTokens()) {
tokens[count++] = st.nextToken();
if (count > 4) {
// accept only first five tokens
break;
}
}
for (int i = 0; i < count; i++) {
int equal = tokens[i].indexOf("=");
String name = tokens[i].substring(0, equal);
String value = tokens[i].substring(equal + 1);
if (name == null) {
debug.error("PolicyProperties.setResourceComparator():" + "Resource comapartaor: name is null");
continue;
}
if (value == null) {
debug.error("PolicyProperties.setResourceComparator():" + "Resource comapartaor: value is null");
continue;
}
if (debug.messageEnabled()) {
debug.message("PolicyProperties.setResourceComparator():" + "Attr Name= " + name + ":Attr Value=" + value);
}
if (name.equalsIgnoreCase(PolicyConfig.RESOURCE_COMPARATOR_TYPE)) {
serviceName = value;
} else if (name.equalsIgnoreCase(PolicyConfig.RESOURCE_COMPARATOR_CLASS)) {
configMap.put(PolicyConfig.RESOURCE_COMPARATOR_CLASS, className);
className = value;
} else if (name.equalsIgnoreCase(PolicyConfig.RESOURCE_COMPARATOR_DELIMITER)) {
delimiter = value;
configMap.put(PolicyConfig.RESOURCE_COMPARATOR_DELIMITER, delimiter);
} else if (name.equalsIgnoreCase(PolicyConfig.RESOURCE_COMPARATOR_WILDCARD)) {
wildCard = value;
configMap.put(PolicyConfig.RESOURCE_COMPARATOR_WILDCARD, wildCard);
} else if (name.equalsIgnoreCase(PolicyConfig.RESOURCE_COMPARATOR_ONE_LEVEL_WILDCARD)) {
oneLevelWildCard = value;
configMap.put(PolicyConfig.RESOURCE_COMPARATOR_ONE_LEVEL_WILDCARD, oneLevelWildCard);
} else if (name.equalsIgnoreCase(PolicyConfig.RESOURCE_COMPARATOR_CASE_SENSITIVE)) {
caseSensitive = value;
configMap.put(PolicyConfig.RESOURCE_COMPARATOR_CASE_SENSITIVE, caseSensitive);
}
}
if (serviceName == null) {
debug.error("PolicyProperties().setResourceComparator():" + "ResourceComparator definition" + " not well formed" + str);
Object[] args = { str };
throw new PolicyException(ResBundleUtils.rbName, "invalid_resource_comparator", args, null);
} else {
try {
if (className != null) {
Class resourceClass = Class.forName(className);
resourceComparator = (ResourceName) resourceClass.newInstance();
resourceComparator.initialize(configMap);
}
} catch (ClassNotFoundException e) {
debug.error("PolicyProperties.setResourceComparator():" + "Illegal exception ", e);
} catch (IllegalAccessException e) {
debug.error("PolicyProperties.setResourceComparator():" + "Illegal exception ", e);
} catch (InstantiationException e) {
debug.error("PolicyProperties.setResourceComparator():" + "InstantiationException " + " exception ", e);
} finally {
if (resourceComparator == null) {
debug.error("PolicyProperties.setResourceCompartor():" + "invalid configuration:" + str + ":defaulting to PrefixResourceName");
resourceComparator = new PrefixResourceName();
}
}
resourceComparators.put(serviceName, resourceComparator);
}
}
use of com.sun.identity.policy.interfaces.ResourceName in project OpenAM by OpenRock.
the class ResourceResultCache method getRootResourceName.
/**
* Returns root resource name
* @param resource resource name from which to compute root resource name
* @param serviceName service name
* @return root resource name computed from resource name
*/
private String getRootResourceName(String resource, String serviceName) {
ResourceName resourceComparator = policyProperties.getResourceComparator(serviceName);
String rootResource = "";
if ((resource != null) && (resource.length() != 0)) {
String[] resources = resourceComparator.split(resource);
rootResource = resources[0];
int index = resource.indexOf(rootResource);
if (index > 0) {
rootResource = resource.substring(0, index) + rootResource;
}
}
return rootResource;
}
use of com.sun.identity.policy.interfaces.ResourceName in project OpenAM by OpenRock.
the class ResourceResultCache method clearCacheForResourceNames.
/**
* Clears cached decisions for a set of resources
* @param serviceName service name
* @param affectedResourceNames affected resource names
*/
private static void clearCacheForResourceNames(String serviceName, Set affectedResourceNames) {
if ((affectedResourceNames == null) || affectedResourceNames.isEmpty()) {
return;
}
Map resourceTokenIDsMap = (Map) (resourceResultCache.resultCache).get(serviceName);
if ((resourceTokenIDsMap == null) || resourceTokenIDsMap.isEmpty()) {
return;
}
ResourceName resourceComparator = resourceResultCache.policyProperties.getResourceComparator(serviceName);
Iterator arIter = affectedResourceNames.iterator();
while (arIter.hasNext()) {
String affectedRN = (String) arIter.next();
if (debug.messageEnabled()) {
debug.message("ResourceResultCache." + "clearCacheForResourceNames():" + "affectedResourceName=" + affectedRN);
}
synchronized (resourceTokenIDsMap) {
Set cachedResourceNames = resourceTokenIDsMap.keySet();
Iterator crIter = cachedResourceNames.iterator();
while (crIter.hasNext()) {
String cachedRN = (String) crIter.next();
if (debug.messageEnabled()) {
debug.message("ResourceResultCache." + "clearCacheForResourceNames():" + "affectedResourceName=" + affectedRN + ":cachedResourceName=" + cachedRN);
}
if (affectedRN.equals(cachedRN)) {
crIter.remove();
if (debug.messageEnabled()) {
debug.message("ResourceResultCache." + "clearCacheForResourceNames():" + "cleared cached results for " + "resourceName=" + cachedRN + ":affectedResourceName=" + affectedRN + ":match=SAME RESOURCE NAME");
}
} else {
ResourceMatch rm = resourceComparator.compare(cachedRN, affectedRN, //wildcard compare
true);
if (rm.equals(ResourceMatch.EXACT_MATCH)) {
crIter.remove();
if (debug.messageEnabled()) {
debug.message("ResourceResultCache." + "clearCacheForResourceNames():" + "cleared cached results for " + "resourceName=" + cachedRN + ":affectedResourceName=" + affectedRN + ":match=EXACT_MATCH");
}
} else if (rm.equals(ResourceMatch.WILDCARD_MATCH)) {
crIter.remove();
if (debug.messageEnabled()) {
debug.message("ResourceResultCache." + "clearCacheForResourceNames():" + "cleared cached results for " + "resourceName=" + cachedRN + ":affectedResourceName=" + affectedRN + ":match=WILD_CARD_MATCH");
}
} else if (rm.equals(ResourceMatch.SUB_RESOURCE_MATCH)) {
crIter.remove();
if (debug.messageEnabled()) {
debug.message("ResourceResultCache." + "clearCacheForResourceNames():" + "cleared cached results for " + "resourceName=" + cachedRN + ":affectedResourceName=" + affectedRN + ":match=SUB_RESOURCE_MACTH");
}
}
}
}
}
}
}
use of com.sun.identity.policy.interfaces.ResourceName in project OpenAM by OpenRock.
the class PolicyEvaluator method getPolicyDecision.
/**
* Evaluates privileges of the user to perform the specified actions
* on the specified resource. The evaluation also depends on user's
* run time environment parameters.
*
* @param token single sign on token of the user evaluating policies.
* @param resourceName name of the resource the user is trying to access
* @param actionNames Set of action names the user is trying to perform on
* the resource.
* @param envParameters run-time environment parameters
* @return policy decision
* @throws PolicyException if result could not be computed for any
* reason other than single sign on token problem.
* @throws SSOException if single sign on token is invalid or expired.
*
* @supported.api
*/
public PolicyDecision getPolicyDecision(SSOToken token, String resourceName, Set actionNames, Map envParameters) throws PolicyException, SSOException {
//validate the token
ssoTokenManager.validateToken(token);
if (debug.messageEnabled()) {
debug.message("PolicyEvaluator:getPolicyDecision():" + "token=" + token.getPrincipal().getName() + ":resourceName=" + resourceName + ":actionName=" + actionNames + ":entering");
}
//We need to normalize the resourcename before sending off the policy request to ensure the policy is evaluated
//for the correct resource.
ResourceName resourceComparator = policyProperties.getResourceComparator(serviceName);
resourceName = resourceComparator.canonicalize(resourceName);
PolicyDecision pd = null;
try {
pd = resourceResultCache.getPolicyDecision(appSSOToken, serviceName, token, resourceName, actionNames, envParameters, RETRY_COUNT);
} catch (InvalidAppSSOTokenException e) {
if (debug.warningEnabled()) {
debug.warning("PolicyEvaluator.getPolicyDecision():" + "InvalidAppSSOTokenException occured:" + "getting new appssotoken");
}
appSSOToken = getNewAppSSOToken();
if (policyProperties.notificationEnabled()) {
if (debug.warningEnabled()) {
debug.warning("PolicyEvaluator.getPolicyDecision():" + "InvalidAppSSOTokenException occured:" + "reRegistering remote policy listener");
}
reRegisterRemotePolicyListener(appSSOToken);
}
pd = resourceResultCache.getPolicyDecision(appSSOToken, serviceName, token, resourceName, actionNames, envParameters, RETRY_COUNT);
}
if (debug.messageEnabled()) {
debug.message("PolicyEvaluator:getPolicyDecision():" + "token=" + token.getPrincipal().getName() + ":resourceName=" + resourceName + ":actionNames=" + actionNames + ":returning policyDecision:" + pd.toXML());
}
Object[] objs = { resourceName, actionNames, pd.toXML() };
if (PolicyProperties.DECISION.equals(logActions)) {
logAccessMessage(Level.INFO, ResBundleUtils.getString("policy_eval_decision", objs), token);
}
return pd;
}
use of com.sun.identity.policy.interfaces.ResourceName in project OpenAM by OpenRock.
the class ResourceResultCache method jsonResourceContentToResourceResults.
Set<ResourceResult> jsonResourceContentToResourceResults(String jsonResourceContent, String serviceName) throws JSONException, PolicyException {
Set<ResourceResult> resourceResults = null;
JSONObject jsonObject = null;
try {
jsonObject = new JSONObject(jsonResourceContent);
} catch (JSONException e) {
debug.error("ResourceResultCache.jsonResourceContentToResourceResults():" + "json parsing error of response: " + jsonResourceContent);
throw new PolicyEvaluationException(ResBundleUtils.rbName, "error_rest_reponse", null, null);
}
int statusCode = jsonObject.optInt("statusCode");
if (statusCode != 200) {
debug.error("ResourceResultCache.jsonResourceContentToResourceResults():" + "statusCode=" + statusCode + ", error response");
throw new PolicyEvaluationException(ResBundleUtils.rbName, "error_rest_reponse", null, null);
}
jsonObject = jsonObject.optJSONObject("body");
if (jsonObject == null) {
debug.error("ResourceResultCache.jsonResourceContentToResourceResults():" + "does not have decisions object");
throw new PolicyEvaluationException(ResBundleUtils.rbName, "error_rest_reponse", null, null);
}
JSONArray jsonArray = jsonObject.optJSONArray("results");
if (jsonArray != null) {
ResourceName resourceComparator = (ResourceName) policyProperties.getResourceComparator(serviceName);
ResourceResult virtualResourceResult = new ResourceResult(ResourceResult.VIRTUAL_ROOT, new PolicyDecision());
int arrayLen = jsonArray.length();
for (int i = 0; i < arrayLen; i++) {
JSONObject jo = jsonArray.optJSONObject(i);
if (jo != null) {
ResourceResult rr = jsonEntitlementToResourceResult(jo, serviceName);
virtualResourceResult.addResourceResult(rr, resourceComparator);
}
}
resourceResults = virtualResourceResult.getResourceResults();
} else {
String resourceName = jsonObject.optString("resourceName");
if (resourceName != null) {
ResourceResult resourceResult = jsonEntitlementToResourceResult(jsonObject, serviceName);
resourceResults = new HashSet<ResourceResult>();
resourceResults.add(resourceResult);
} else {
debug.error("ResourceResultCache.jsonResourceContentToResourceResults():" + "does not have results or resourceName object");
throw new PolicyEvaluationException(ResBundleUtils.rbName, "error_rest_reponse", null, null);
}
}
return resourceResults;
}
Aggregations