Search in sources :

Example 1 with PolicyEvaluationException

use of com.sun.identity.policy.remote.PolicyEvaluationException in project OpenAM by OpenRock.

the class ResourceResultCache method getPolicyDecision.

/**
     * Returns policy decision
     * @param appToken application sso token to identify the client to policy
     * service
     * @param serviceName name of service for which to get policy decision
     * @param token session token of user for whom to get policy decision
     * @param resourceName resource name for which to get policy decision
     * @param actionNames action names for which to get policy decision
     * @param env environment map to use to get policy decision
     * @param retryCount try this many times before giving up if received policy
     * decision is found to have expired
     * @return policy decision
     * @throws PolicyException if can not get policy decision
     * @throws SSOException if user session token is not valid
     * @throws InvalidAppSSOTokenException if application session token 
     * is not valid
     */
PolicyDecision getPolicyDecision(SSOToken appToken, String serviceName, SSOToken token, String resourceName, Set actionNames, Map env, int retryCount) throws InvalidAppSSOTokenException, PolicyException, SSOException {
    int count = 0;
    boolean validTtl = false;
    PolicyDecision pd = getPolicyDecision(appToken, serviceName, token, resourceName, actionNames, env, //use cache
    true);
    if (pd.getTimeToLive() > System.currentTimeMillis()) {
        validTtl = true;
    }
    while (!validTtl && (count < retryCount)) {
        count++;
        if (debug.messageEnabled()) {
            debug.message("ResourceResultCache.getPolicyDecision():" + "Received expired decision, " + "Getting decision again, repeat attempt=" + count);
        }
        pd = getPolicyDecision(appToken, serviceName, token, resourceName, actionNames, env, //do not use cache
        false);
        if (pd.getTimeToLive() > System.currentTimeMillis()) {
            validTtl = true;
            break;
        }
    }
    if (!validTtl) {
        if (debug.warningEnabled()) {
            debug.warning("ResourceResultCache.getPolicyDecision():" + "Received expired decision from server");
        }
        Object[] args = { resourceName };
        throw new PolicyEvaluationException(ResBundleUtils.rbName, "received_expired_decision", args, null);
    }
    if (actionNames != null) {
        PolicyDecision pd1 = new PolicyDecision();
        Iterator nameIter = actionNames.iterator();
        while (nameIter.hasNext()) {
            String actionName = (String) nameIter.next();
            Map actionDecisions = pd.getActionDecisions();
            ActionDecision ad = (ActionDecision) actionDecisions.get(actionName);
            if (ad != null) {
                pd1.addActionDecision(ad);
            }
        }
        Map mergedReponseAttrsMap = new HashMap();
        PolicyUtils.appendMapToMap(pd.getResponseAttributes(), mergedReponseAttrsMap);
        pd1.setResponseAttributes(mergedReponseAttrsMap);
        pd = pd1;
    } else {
        pd = (PolicyDecision) pd.clone();
    }
    return pd;
}
Also used : PolicyDecision(com.sun.identity.policy.PolicyDecision) HashMap(java.util.HashMap) Iterator(java.util.Iterator) ActionDecision(com.sun.identity.policy.ActionDecision) PolicyEvaluationException(com.sun.identity.policy.remote.PolicyEvaluationException) JSONObject(org.json.JSONObject) Map(java.util.Map) HashMap(java.util.HashMap)

Example 2 with PolicyEvaluationException

use of com.sun.identity.policy.remote.PolicyEvaluationException in project OpenAM by OpenRock.

the class ResourceResultCache method getResultsFromServer.

/**
     * Returns a set of <code>ResourceResult</code> objects from server.
     * Fresh resource results 
     * are fetched from policy server and returned.
     * @param appToken application sso token to identify the client to policy
     * service
     *
     * @param serviceName name of service for which to get resource results
     * @param token session token of user for whom to get resource results
     * @param resourceName resource name for which to get resource results
     * @param scope the scope to be used while getting resource results
     * @param actionNames action names for which to get resource results
     * @param env environment map to use to get resource results
     *
     * @return a set of <code>ResourceResult</code> objects
     *
     * @throws PolicyException if can not get resource results
     * @throws SSOException if session token is not valid
     * @throws InvalidAppSSOTokenException if application session token 
     * is not valid
     */
private Set getResultsFromServer(SSOToken appToken, String serviceName, SSOToken token, String resourceName, String scope, Set actionNames, Map env) throws InvalidAppSSOTokenException, SSOException, PolicyException {
    Set resourceResults = null;
    Response response = null;
    try {
        URL policyServiceUrl = getPolicyServiceURL(token);
        if (debug.messageEnabled()) {
            debug.message("ResourceResultCache.getResultsFromServer():" + ":serviceName=" + serviceName + ":token=" + token.getPrincipal().getName() + ":resourceName=" + resourceName + ":scope=" + scope + ":actionNames=" + actionNames + ":env" + ":policyServiceURL=" + policyServiceUrl + ":entering");
        }
        ResourceResultRequest rrRequest = new ResourceResultRequest();
        rrRequest.setServiceName(serviceName);
        rrRequest.setResourceName(resourceName);
        rrRequest.setResourceScope(scope);
        rrRequest.setUserSSOToken(token.getTokenID().toString());
        Set responseAttributes = null;
        if (env != null) {
            rrRequest.setEnvParms(env);
            responseAttributes = getResponseAttributes(env);
            if (debug.messageEnabled()) {
                debug.message("ResourceResultCache.getResultsFromServer():" + "responseAttributes to get=" + responseAttributes);
            }
            if (responseAttributes != null) {
                rrRequest.setResponseAttributes(responseAttributes);
            }
        }
        PolicyRequest policyRequest = new PolicyRequest();
        policyRequest.setAppSSOToken(appToken.getTokenID().toString());
        policyRequest.setMethodID(PolicyRequest.POLICY_REQUEST_GET_RESOURCE_RESULTS);
        policyRequest.setRequestId(newRequestID());
        policyRequest.setResourceResultRequest(rrRequest);
        PolicyService ps = sendPLLRequest(policyServiceUrl, policyRequest);
        if (ps != null) {
            PolicyResponse pr = ps.getPolicyResponse();
            String exceptionMessage = pr.getExceptionMsg();
            if (exceptionMessage != null) {
                if (exceptionMessage.indexOf(PolicyResponse.APP_SSO_TOKEN_INVALID) >= 0) {
                    if (debug.warningEnabled()) {
                        debug.warning("ResourceResultCache." + "getResultsFromServer():" + " response exception " + exceptionMessage);
                        debug.warning("ResourceResultCache." + "getResultsFromServer():" + " appSSOToken is invalid");
                        debug.warning("ResourceResultCache." + "throwing InvalidAppSSOTokenException");
                    }
                    String[] args = { exceptionMessage };
                    throw new InvalidAppSSOTokenException(ResBundleUtils.rbName, "server_reported_invalid_app_sso_token", args, null);
                } else {
                    debug.warning("ResourceResultCache." + "getResultsFromServer():" + "response exception message=" + exceptionMessage);
                    String[] args = { exceptionMessage };
                    throw new PolicyEvaluationException(ResBundleUtils.rbName, "server_reported_exception", args, null);
                }
            } else {
                resourceResults = pr.getResourceResults();
            }
        }
    } catch (SendRequestException sre) {
        String[] args = { sre.getMessage() };
        throw new PolicyEvaluationException(ResBundleUtils.rbName, "pll_send_request_exception", args, sre);
    }
    if (debug.messageEnabled()) {
        debug.message("ResourceResultCache.getResultsFromServer():" + "returning");
    }
    return resourceResults;
}
Also used : AdvicesHandleableByAMResponse(com.sun.identity.policy.remote.AdvicesHandleableByAMResponse) PolicyResponse(com.sun.identity.policy.remote.PolicyResponse) Response(com.iplanet.services.comm.share.Response) SendRequestException(com.iplanet.services.comm.client.SendRequestException) Set(java.util.Set) HashSet(java.util.HashSet) RequestSet(com.iplanet.services.comm.share.RequestSet) PolicyService(com.sun.identity.policy.remote.PolicyService) PolicyEvaluationException(com.sun.identity.policy.remote.PolicyEvaluationException) ResourceResultRequest(com.sun.identity.policy.remote.ResourceResultRequest) PolicyRequest(com.sun.identity.policy.remote.PolicyRequest) PolicyResponse(com.sun.identity.policy.remote.PolicyResponse) URL(java.net.URL)

Example 3 with PolicyEvaluationException

use of com.sun.identity.policy.remote.PolicyEvaluationException in project OpenAM by OpenRock.

the class ResourceResultCache method getRESTResultsFromServer.

private Set getRESTResultsFromServer(SSOToken appToken, String serviceName, SSOToken token, String resourceName, String scope, Set actionNames, Map env) throws InvalidAppSSOTokenException, SSOException, PolicyException {
    Set<ResourceResult> resourceResults = null;
    try {
        AMIdentity userIdentity = IdUtils.getIdentity(token);
        String restUrl = getRESTPolicyServiceURL(token, scope);
        String queryString = buildEntitlementRequestQueryString("/", serviceName, token, resourceName, actionNames, env);
        restUrl = restUrl + "?" + queryString;
        if (debug.messageEnabled()) {
            debug.message("ResourceResultCache.getRESTResultsFromServer():" + ":serviceName=" + serviceName + ":token=" + token.getPrincipal().getName() + ":resourceName=" + resourceName + ":scope=" + scope + ":actionNames=" + actionNames + ":env" + ":restUrl=" + restUrl + ":entering");
        }
        String jsonString = getResourceContent(appToken, token, restUrl);
        if (debug.messageEnabled()) {
            debug.message("ResourceResultCache.getRESTResultsFromServer():" + ":server response jsonString=" + jsonString);
        }
        resourceResults = jsonResourceContentToResourceResults(jsonString, serviceName);
    } catch (InvalidAppSSOTokenException e) {
        throw e;
    } catch (Exception e) {
        String[] args = { e.getMessage() };
        throw new PolicyEvaluationException(ResBundleUtils.rbName, "rest_policy_request_exception", args, e);
    }
    if (debug.messageEnabled()) {
        debug.message("ResourceResultCache.getRESTResultsFromServer():" + "returning");
    }
    return resourceResults;
}
Also used : ResourceResult(com.sun.identity.policy.ResourceResult) AMIdentity(com.sun.identity.idm.AMIdentity) PolicyEvaluationException(com.sun.identity.policy.remote.PolicyEvaluationException) JSONException(org.json.JSONException) PolicyException(com.sun.identity.policy.PolicyException) SendRequestException(com.iplanet.services.comm.client.SendRequestException) PolicyEvaluationException(com.sun.identity.policy.remote.PolicyEvaluationException) URLNotFoundException(com.iplanet.services.naming.URLNotFoundException) SSOException(com.iplanet.sso.SSOException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) AlreadyRegisteredException(com.iplanet.services.comm.client.AlreadyRegisteredException) IOException(java.io.IOException) SessionException(com.iplanet.dpro.session.SessionException)

Example 4 with PolicyEvaluationException

use of com.sun.identity.policy.remote.PolicyEvaluationException in project OpenAM by OpenRock.

the class ResourceResultCache method processRESTPolicyNotification.

/**
     * Processes REST policy notifications forwarded from listener end 
     * point of policy client
     * @param pn REST policy notification
     */
static //pn has to be JSON string
void processRESTPolicyNotification(//pn has to be JSON string
String pn) throws PolicyEvaluationException {
    // samplePn = "{realm: "/", privilgeName: "p1", resources: ["r1", "r2"]}";
    if (pn != null) {
        if (debug.messageEnabled()) {
            debug.message("ResourceResultCache:processRESTPolicyNotification(), jsonString:" + pn);
        }
        ResourceResultCache cache = ResourceResultCache.getInstance();
        // FIXME after servre side is fixed to provide serviceName in notification
        String serviceName = "iPlanetAMWebAgentService";
        Set<String> affectedResourceNames = null;
        try {
            JSONObject jo = new JSONObject(pn);
            JSONArray jsonArray = jo.optJSONArray("resources");
            if (jsonArray != null) {
                int arrayLen = jsonArray.length();
                for (int i = 0; i < arrayLen; i++) {
                    String resName = jsonArray.optString(i);
                    if (affectedResourceNames == null) {
                        affectedResourceNames = new HashSet<String>();
                    }
                    affectedResourceNames.add(resName);
                }
            }
        } catch (JSONException je) {
            debug.error("ResourceResultCache.processRESTPolicyNotification():" + "pn=" + pn);
            throw new PolicyEvaluationException("notification_not_valid_json");
        }
        if (serviceName != null && affectedResourceNames != null) {
            if (cache.remotePolicyListeners.contains(serviceName)) {
                if (debug.messageEnabled()) {
                    debug.message("ResourceResultCache:" + "processRESTPolicyNotification():" + "serviceName=" + serviceName + ":affectedResourceNames=" + affectedResourceNames + ":clearing cache for affected " + "resource names");
                }
                clearCacheForResourceNames(serviceName, affectedResourceNames);
            } else {
                if (debug.messageEnabled()) {
                    debug.message("ResourceResultCache:" + "processRESTPolicyNotification():" + "serviceName not registered" + ":no resource names cleared from cache");
                }
            }
        } else {
            if (debug.messageEnabled()) {
                debug.message("ResourceResultCache:" + "processRESTPolicyNotification():" + "serviceName or affectedResourceNames is null" + ":no resource names cleared from cache");
            }
        }
    } else {
        debug.error("ResourceResultCache.processRESTPolicyNotification()" + "PolicyNotification is null");
    }
}
Also used : JSONObject(org.json.JSONObject) JSONArray(org.json.JSONArray) JSONException(org.json.JSONException) PolicyEvaluationException(com.sun.identity.policy.remote.PolicyEvaluationException)

Example 5 with PolicyEvaluationException

use of com.sun.identity.policy.remote.PolicyEvaluationException in project OpenAM by OpenRock.

the class ResultsCacheUtil method extractPolicyNotification.

/**
     * Returns the notification XML node
     *
     * @param xml XML node
     *
     * @return XML Notification node
     *
     * @throws PolicyEvaluationException 
     *
     */
private static PolicyNotification extractPolicyNotification(String xml) throws PolicyEvaluationException {
    PolicyNotification policyNotification = null;
    try {
        String notificationDataBlock = getNotificationDataBlock(xml);
        if (notificationDataBlock != null) {
            Document doc = XMLUtils.getXMLDocument(new ByteArrayInputStream(notificationDataBlock.getBytes()));
            Node rootNode = XMLUtils.getRootNode(doc, NODE_POLICY_SERVICE);
            if (rootNode != null) {
                Node notificationNode = XMLUtils.getChildNode(rootNode, NODE_POLICY_NOTIFICATION);
                if (notificationNode != null) {
                    policyNotification = PolicyNotification.parseXML(notificationNode);
                } else {
                    debug.error("ResultsCacheUtil." + "extractPolicyNotification():" + "cannot find notification node");
                    throw new PolicyEvaluationException(ResBundleUtils.rbName, "invalid_root_element", null, null);
                }
            } else {
                debug.error("ResultsCacheUtil." + "extractPolicyNotification():");
            }
        } else {
            //null notification data block
            debug.error("ResultsCacheUtil:" + "extractPolicyNotification():" + "notification data block is null");
        }
    } catch (Exception xe) {
        debug.error("ResultsCacheUtil.extractPolicyNotification():", xe);
        throw new PolicyEvaluationException(ResBundleUtils.rbName, "xml_parsing_error", null, xe);
    }
    return policyNotification;
}
Also used : PolicyNotification(com.sun.identity.policy.remote.PolicyNotification) ByteArrayInputStream(java.io.ByteArrayInputStream) Node(org.w3c.dom.Node) PolicyEvaluationException(com.sun.identity.policy.remote.PolicyEvaluationException) Document(org.w3c.dom.Document) PolicyEvaluationException(com.sun.identity.policy.remote.PolicyEvaluationException)

Aggregations

PolicyEvaluationException (com.sun.identity.policy.remote.PolicyEvaluationException)8 SendRequestException (com.iplanet.services.comm.client.SendRequestException)3 URL (java.net.URL)3 JSONException (org.json.JSONException)3 JSONObject (org.json.JSONObject)3 SessionException (com.iplanet.dpro.session.SessionException)2 URLNotFoundException (com.iplanet.services.naming.URLNotFoundException)2 PolicyDecision (com.sun.identity.policy.PolicyDecision)2 PolicyException (com.sun.identity.policy.PolicyException)2 ResourceResult (com.sun.identity.policy.ResourceResult)2 AdvicesHandleableByAMResponse (com.sun.identity.policy.remote.AdvicesHandleableByAMResponse)2 PolicyRequest (com.sun.identity.policy.remote.PolicyRequest)2 PolicyResponse (com.sun.identity.policy.remote.PolicyResponse)2 PolicyService (com.sun.identity.policy.remote.PolicyService)2 JSONArray (org.json.JSONArray)2 Session (com.iplanet.dpro.session.Session)1 SessionID (com.iplanet.dpro.session.SessionID)1 AlreadyRegisteredException (com.iplanet.services.comm.client.AlreadyRegisteredException)1 RequestSet (com.iplanet.services.comm.share.RequestSet)1 Response (com.iplanet.services.comm.share.Response)1