Search in sources :

Example 1 with ResourceName

use of com.sun.identity.policy.interfaces.ResourceName in project OpenAM by OpenRock.

the class PolicyProperties method setResourceComparator.

/**
     * Sets the <code>ResourceName</code> to be used by policy client API
     *
     * @param str <code>ResourceName</code> to be used by different services
     * with control parameters formatted in a proprietary <code>String</code>
     * format
     *
     */
void setResourceComparator(String str) throws PolicyException {
    if (debug.messageEnabled()) {
        debug.message("PolicyProperties.setResourceComparator():" + "entering with str value=" + str);
    }
    ResourceName resourceComparator = null;
    String[] tokens = new String[5];
    String serviceName = null;
    String className = null;
    String delimiter = null;
    String wildCard = null;
    String oneLevelWildCard = null;
    String caseSensitive = null;
    int count = 0;
    Map configMap = new HashMap(4);
    StringTokenizer st = new StringTokenizer(str, PIPE);
    while (st.hasMoreTokens()) {
        tokens[count++] = st.nextToken();
        if (count > 4) {
            // accept only first five tokens
            break;
        }
    }
    for (int i = 0; i < count; i++) {
        int equal = tokens[i].indexOf("=");
        String name = tokens[i].substring(0, equal);
        String value = tokens[i].substring(equal + 1);
        if (name == null) {
            debug.error("PolicyProperties.setResourceComparator():" + "Resource comapartaor: name is null");
            continue;
        }
        if (value == null) {
            debug.error("PolicyProperties.setResourceComparator():" + "Resource comapartaor: value is null");
            continue;
        }
        if (debug.messageEnabled()) {
            debug.message("PolicyProperties.setResourceComparator():" + "Attr Name= " + name + ":Attr Value=" + value);
        }
        if (name.equalsIgnoreCase(PolicyConfig.RESOURCE_COMPARATOR_TYPE)) {
            serviceName = value;
        } else if (name.equalsIgnoreCase(PolicyConfig.RESOURCE_COMPARATOR_CLASS)) {
            configMap.put(PolicyConfig.RESOURCE_COMPARATOR_CLASS, className);
            className = value;
        } else if (name.equalsIgnoreCase(PolicyConfig.RESOURCE_COMPARATOR_DELIMITER)) {
            delimiter = value;
            configMap.put(PolicyConfig.RESOURCE_COMPARATOR_DELIMITER, delimiter);
        } else if (name.equalsIgnoreCase(PolicyConfig.RESOURCE_COMPARATOR_WILDCARD)) {
            wildCard = value;
            configMap.put(PolicyConfig.RESOURCE_COMPARATOR_WILDCARD, wildCard);
        } else if (name.equalsIgnoreCase(PolicyConfig.RESOURCE_COMPARATOR_ONE_LEVEL_WILDCARD)) {
            oneLevelWildCard = value;
            configMap.put(PolicyConfig.RESOURCE_COMPARATOR_ONE_LEVEL_WILDCARD, oneLevelWildCard);
        } else if (name.equalsIgnoreCase(PolicyConfig.RESOURCE_COMPARATOR_CASE_SENSITIVE)) {
            caseSensitive = value;
            configMap.put(PolicyConfig.RESOURCE_COMPARATOR_CASE_SENSITIVE, caseSensitive);
        }
    }
    if (serviceName == null) {
        debug.error("PolicyProperties().setResourceComparator():" + "ResourceComparator definition" + " not well formed" + str);
        Object[] args = { str };
        throw new PolicyException(ResBundleUtils.rbName, "invalid_resource_comparator", args, null);
    } else {
        try {
            if (className != null) {
                Class resourceClass = Class.forName(className);
                resourceComparator = (ResourceName) resourceClass.newInstance();
                resourceComparator.initialize(configMap);
            }
        } catch (ClassNotFoundException e) {
            debug.error("PolicyProperties.setResourceComparator():" + "Illegal exception ", e);
        } catch (IllegalAccessException e) {
            debug.error("PolicyProperties.setResourceComparator():" + "Illegal exception ", e);
        } catch (InstantiationException e) {
            debug.error("PolicyProperties.setResourceComparator():" + "InstantiationException " + " exception ", e);
        } finally {
            if (resourceComparator == null) {
                debug.error("PolicyProperties.setResourceCompartor():" + "invalid configuration:" + str + ":defaulting to PrefixResourceName");
                resourceComparator = new PrefixResourceName();
            }
        }
        resourceComparators.put(serviceName, resourceComparator);
    }
}
Also used : HashMap(java.util.HashMap) PrefixResourceName(com.sun.identity.policy.plugins.PrefixResourceName) ResourceName(com.sun.identity.policy.interfaces.ResourceName) StringTokenizer(java.util.StringTokenizer) PolicyException(com.sun.identity.policy.PolicyException) HashMap(java.util.HashMap) Map(java.util.Map) PrefixResourceName(com.sun.identity.policy.plugins.PrefixResourceName)

Example 2 with ResourceName

use of com.sun.identity.policy.interfaces.ResourceName in project OpenAM by OpenRock.

the class ResourceResultCache method getRootResourceName.

/**
     * Returns root resource name
     * @param resource resource name from which to compute root resource name
     * @param serviceName service name
     * @return root resource name computed from resource name
     */
private String getRootResourceName(String resource, String serviceName) {
    ResourceName resourceComparator = policyProperties.getResourceComparator(serviceName);
    String rootResource = "";
    if ((resource != null) && (resource.length() != 0)) {
        String[] resources = resourceComparator.split(resource);
        rootResource = resources[0];
        int index = resource.indexOf(rootResource);
        if (index > 0) {
            rootResource = resource.substring(0, index) + rootResource;
        }
    }
    return rootResource;
}
Also used : ResourceName(com.sun.identity.policy.interfaces.ResourceName)

Example 3 with ResourceName

use of com.sun.identity.policy.interfaces.ResourceName in project OpenAM by OpenRock.

the class ResourceResultCache method clearCacheForResourceNames.

/**
     * Clears cached decisions for a set of resources
     * @param serviceName service name
     * @param affectedResourceNames affected resource names
     */
private static void clearCacheForResourceNames(String serviceName, Set affectedResourceNames) {
    if ((affectedResourceNames == null) || affectedResourceNames.isEmpty()) {
        return;
    }
    Map resourceTokenIDsMap = (Map) (resourceResultCache.resultCache).get(serviceName);
    if ((resourceTokenIDsMap == null) || resourceTokenIDsMap.isEmpty()) {
        return;
    }
    ResourceName resourceComparator = resourceResultCache.policyProperties.getResourceComparator(serviceName);
    Iterator arIter = affectedResourceNames.iterator();
    while (arIter.hasNext()) {
        String affectedRN = (String) arIter.next();
        if (debug.messageEnabled()) {
            debug.message("ResourceResultCache." + "clearCacheForResourceNames():" + "affectedResourceName=" + affectedRN);
        }
        synchronized (resourceTokenIDsMap) {
            Set cachedResourceNames = resourceTokenIDsMap.keySet();
            Iterator crIter = cachedResourceNames.iterator();
            while (crIter.hasNext()) {
                String cachedRN = (String) crIter.next();
                if (debug.messageEnabled()) {
                    debug.message("ResourceResultCache." + "clearCacheForResourceNames():" + "affectedResourceName=" + affectedRN + ":cachedResourceName=" + cachedRN);
                }
                if (affectedRN.equals(cachedRN)) {
                    crIter.remove();
                    if (debug.messageEnabled()) {
                        debug.message("ResourceResultCache." + "clearCacheForResourceNames():" + "cleared cached results for " + "resourceName=" + cachedRN + ":affectedResourceName=" + affectedRN + ":match=SAME RESOURCE NAME");
                    }
                } else {
                    ResourceMatch rm = resourceComparator.compare(cachedRN, affectedRN, //wildcard compare
                    true);
                    if (rm.equals(ResourceMatch.EXACT_MATCH)) {
                        crIter.remove();
                        if (debug.messageEnabled()) {
                            debug.message("ResourceResultCache." + "clearCacheForResourceNames():" + "cleared cached results for " + "resourceName=" + cachedRN + ":affectedResourceName=" + affectedRN + ":match=EXACT_MATCH");
                        }
                    } else if (rm.equals(ResourceMatch.WILDCARD_MATCH)) {
                        crIter.remove();
                        if (debug.messageEnabled()) {
                            debug.message("ResourceResultCache." + "clearCacheForResourceNames():" + "cleared cached results for " + "resourceName=" + cachedRN + ":affectedResourceName=" + affectedRN + ":match=WILD_CARD_MATCH");
                        }
                    } else if (rm.equals(ResourceMatch.SUB_RESOURCE_MATCH)) {
                        crIter.remove();
                        if (debug.messageEnabled()) {
                            debug.message("ResourceResultCache." + "clearCacheForResourceNames():" + "cleared cached results for " + "resourceName=" + cachedRN + ":affectedResourceName=" + affectedRN + ":match=SUB_RESOURCE_MACTH");
                        }
                    }
                }
            }
        }
    }
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) RequestSet(com.iplanet.services.comm.share.RequestSet) ResourceName(com.sun.identity.policy.interfaces.ResourceName) Iterator(java.util.Iterator) ResourceMatch(com.sun.identity.policy.ResourceMatch) Map(java.util.Map) HashMap(java.util.HashMap)

Example 4 with ResourceName

use of com.sun.identity.policy.interfaces.ResourceName in project OpenAM by OpenRock.

the class PolicyEvaluator method getPolicyDecision.

/**
     * Evaluates privileges of the user to perform the specified actions
     * on the specified resource. The evaluation also depends on user's
     * run time environment parameters.
     *
     * @param token single sign on token of the user evaluating policies.
     * @param resourceName name of the resource the user is trying to access
     * @param actionNames Set of action names the user is trying to perform on
     *        the resource.
     * @param envParameters run-time environment parameters
     * @return policy decision
     * @throws PolicyException if result could not be computed for any
     *         reason other than single sign on token problem.
     * @throws SSOException if single sign on token is invalid or expired.
     *
     * @supported.api
     */
public PolicyDecision getPolicyDecision(SSOToken token, String resourceName, Set actionNames, Map envParameters) throws PolicyException, SSOException {
    //validate the token 
    ssoTokenManager.validateToken(token);
    if (debug.messageEnabled()) {
        debug.message("PolicyEvaluator:getPolicyDecision():" + "token=" + token.getPrincipal().getName() + ":resourceName=" + resourceName + ":actionName=" + actionNames + ":entering");
    }
    //We need to normalize the resourcename before sending off the policy request to ensure the policy is evaluated
    //for the correct resource.
    ResourceName resourceComparator = policyProperties.getResourceComparator(serviceName);
    resourceName = resourceComparator.canonicalize(resourceName);
    PolicyDecision pd = null;
    try {
        pd = resourceResultCache.getPolicyDecision(appSSOToken, serviceName, token, resourceName, actionNames, envParameters, RETRY_COUNT);
    } catch (InvalidAppSSOTokenException e) {
        if (debug.warningEnabled()) {
            debug.warning("PolicyEvaluator.getPolicyDecision():" + "InvalidAppSSOTokenException occured:" + "getting new appssotoken");
        }
        appSSOToken = getNewAppSSOToken();
        if (policyProperties.notificationEnabled()) {
            if (debug.warningEnabled()) {
                debug.warning("PolicyEvaluator.getPolicyDecision():" + "InvalidAppSSOTokenException occured:" + "reRegistering remote policy listener");
            }
            reRegisterRemotePolicyListener(appSSOToken);
        }
        pd = resourceResultCache.getPolicyDecision(appSSOToken, serviceName, token, resourceName, actionNames, envParameters, RETRY_COUNT);
    }
    if (debug.messageEnabled()) {
        debug.message("PolicyEvaluator:getPolicyDecision():" + "token=" + token.getPrincipal().getName() + ":resourceName=" + resourceName + ":actionNames=" + actionNames + ":returning policyDecision:" + pd.toXML());
    }
    Object[] objs = { resourceName, actionNames, pd.toXML() };
    if (PolicyProperties.DECISION.equals(logActions)) {
        logAccessMessage(Level.INFO, ResBundleUtils.getString("policy_eval_decision", objs), token);
    }
    return pd;
}
Also used : PolicyDecision(com.sun.identity.policy.PolicyDecision) ResourceName(com.sun.identity.policy.interfaces.ResourceName)

Example 5 with ResourceName

use of com.sun.identity.policy.interfaces.ResourceName in project OpenAM by OpenRock.

the class ResourceResultCache method jsonResourceContentToResourceResults.

Set<ResourceResult> jsonResourceContentToResourceResults(String jsonResourceContent, String serviceName) throws JSONException, PolicyException {
    Set<ResourceResult> resourceResults = null;
    JSONObject jsonObject = null;
    try {
        jsonObject = new JSONObject(jsonResourceContent);
    } catch (JSONException e) {
        debug.error("ResourceResultCache.jsonResourceContentToResourceResults():" + "json parsing error of response: " + jsonResourceContent);
        throw new PolicyEvaluationException(ResBundleUtils.rbName, "error_rest_reponse", null, null);
    }
    int statusCode = jsonObject.optInt("statusCode");
    if (statusCode != 200) {
        debug.error("ResourceResultCache.jsonResourceContentToResourceResults():" + "statusCode=" + statusCode + ", error response");
        throw new PolicyEvaluationException(ResBundleUtils.rbName, "error_rest_reponse", null, null);
    }
    jsonObject = jsonObject.optJSONObject("body");
    if (jsonObject == null) {
        debug.error("ResourceResultCache.jsonResourceContentToResourceResults():" + "does not have decisions object");
        throw new PolicyEvaluationException(ResBundleUtils.rbName, "error_rest_reponse", null, null);
    }
    JSONArray jsonArray = jsonObject.optJSONArray("results");
    if (jsonArray != null) {
        ResourceName resourceComparator = (ResourceName) policyProperties.getResourceComparator(serviceName);
        ResourceResult virtualResourceResult = new ResourceResult(ResourceResult.VIRTUAL_ROOT, new PolicyDecision());
        int arrayLen = jsonArray.length();
        for (int i = 0; i < arrayLen; i++) {
            JSONObject jo = jsonArray.optJSONObject(i);
            if (jo != null) {
                ResourceResult rr = jsonEntitlementToResourceResult(jo, serviceName);
                virtualResourceResult.addResourceResult(rr, resourceComparator);
            }
        }
        resourceResults = virtualResourceResult.getResourceResults();
    } else {
        String resourceName = jsonObject.optString("resourceName");
        if (resourceName != null) {
            ResourceResult resourceResult = jsonEntitlementToResourceResult(jsonObject, serviceName);
            resourceResults = new HashSet<ResourceResult>();
            resourceResults.add(resourceResult);
        } else {
            debug.error("ResourceResultCache.jsonResourceContentToResourceResults():" + "does not have results or resourceName object");
            throw new PolicyEvaluationException(ResBundleUtils.rbName, "error_rest_reponse", null, null);
        }
    }
    return resourceResults;
}
Also used : PolicyDecision(com.sun.identity.policy.PolicyDecision) ResourceResult(com.sun.identity.policy.ResourceResult) JSONObject(org.json.JSONObject) ResourceName(com.sun.identity.policy.interfaces.ResourceName) JSONArray(org.json.JSONArray) JSONException(org.json.JSONException) PolicyEvaluationException(com.sun.identity.policy.remote.PolicyEvaluationException)

Aggregations

ResourceName (com.sun.identity.policy.interfaces.ResourceName)6 PolicyDecision (com.sun.identity.policy.PolicyDecision)3 RequestSet (com.iplanet.services.comm.share.RequestSet)2 HashMap (java.util.HashMap)2 HashSet (java.util.HashSet)2 Map (java.util.Map)2 Set (java.util.Set)2 PolicyException (com.sun.identity.policy.PolicyException)1 ResourceMatch (com.sun.identity.policy.ResourceMatch)1 ResourceResult (com.sun.identity.policy.ResourceResult)1 PrefixResourceName (com.sun.identity.policy.plugins.PrefixResourceName)1 PolicyEvaluationException (com.sun.identity.policy.remote.PolicyEvaluationException)1 Iterator (java.util.Iterator)1 StringTokenizer (java.util.StringTokenizer)1 JSONArray (org.json.JSONArray)1 JSONException (org.json.JSONException)1 JSONObject (org.json.JSONObject)1