use of com.sun.identity.policy.remote.PolicyEvaluationException in project OpenAM by OpenRock.
the class ResourceResultCache method getAdvicesHandleableByAM.
/**
* Returns names of policy advices that could be handled by OpenAM
* Enterprise if PEP redirects user agent to OpenAM.
*
* @param appToken application sso token that would be used while
* communicating to OpenAM
* @param refetchFromServer indicates whether to get the values fresh
* from OpenAM or return the values from local cache.
* If the server reports app sso token is invalid, a new app sso
* token is created and one more call is made to the server.
* @return names of policy advices that could be handled by OpenAM
* @throws InvalidAppSSOTokenException if the server reported that the
* app sso token provided was invalid
* @throws PolicyEvaluationException if the server reported any other error
* @throws PolicyException if there are problems in getting the advice
* names
* @throws SSOException if the appToken is detected to be invalid
* at the client
*/
Set getAdvicesHandleableByAM(SSOToken appToken, boolean refetchFromServer) throws InvalidAppSSOTokenException, PolicyException, SSOException {
if (debug.messageEnabled()) {
debug.message("ResourceResultCache.getAdvicesHandleableByAM():" + ":entering");
}
if ((advicesHandleableByAM != null) && !refetchFromServer) {
if (debug.messageEnabled()) {
debug.message("ResourceResultCache.getAdvicesHandleableByAM():" + ":returning cached advices" + advicesHandleableByAM);
}
return advicesHandleableByAM;
}
URL policyServiceURL = null;
if (appToken != null) {
try {
policyServiceURL = getPolicyServiceURL(appToken);
} catch (PolicyException pe) {
debug.error("ResourceResultCache.getAdvicesHandleableByAM():", pe);
throw pe;
}
}
if ((appToken != null) && (policyServiceURL != null)) {
PolicyRequest policyReq = new PolicyRequest();
policyReq.setAppSSOToken(appToken.getTokenID().toString());
policyReq.setAdvicesHandleableByAMRequest(new AdvicesHandleableByAMRequest());
policyReq.setMethodID(PolicyRequest.POLICY_REQUEST_ADVICES_HANDLEABLE_BY_AM_REQUEST);
try {
PolicyService ps = sendPLLRequest(policyServiceURL, policyReq);
if (ps != null) {
if (debug.messageEnabled()) {
debug.message("ResourceResultCache." + "getAdvicesHandleableByAM():" + "result=" + ps.toXMLString());
}
PolicyResponse psres = ps.getPolicyResponse();
String exceptionMessage = psres.getExceptionMsg();
if (exceptionMessage != null) {
if (exceptionMessage.indexOf(ResBundleUtils.getString("app_sso_token_invalid")) >= 0) {
if (debug.warningEnabled()) {
debug.warning("ResourceResultCache." + "getAdvicesHandleableByAM():" + " response exception " + exceptionMessage);
debug.warning("ResourceResultCache." + "AdvicesHandleableByAM():" + " appSSOToken is invalid");
debug.warning("ResourceResultCache." + "throwing InvalidAppSSOTokenException");
}
String[] args = { exceptionMessage };
throw new InvalidAppSSOTokenException(ResBundleUtils.rbName, "server_reported_invalid_app_sso_token", args, null);
} else {
if (debug.warningEnabled()) {
debug.warning("ResourceResultCache." + "AdvicesHandleableByAM():" + "response exception message=" + exceptionMessage);
}
String[] args = { exceptionMessage };
throw new PolicyEvaluationException(ResBundleUtils.rbName, "server_reported_exception", args, null);
}
}
if (psres.getMethodID() == PolicyResponse.POLICY_ADVICES_HANDLEABLE_BY_AM_RESPONSE) {
AdvicesHandleableByAMResponse advicesHandleableByAMResponse = psres.getAdvicesHandleableByAMResponse();
if (debug.messageEnabled()) {
debug.message("ResourceResultCache." + "getAdvicesHandleableByAM():" + advicesHandleableByAMResponse);
}
if (advicesHandleableByAMResponse != null) {
advicesHandleableByAM = advicesHandleableByAMResponse.getAdvicesHandleableByAM();
}
}
} else {
debug.error("ResourceResultCache.getAdvicesHandleableByAM()" + ":no result");
}
} catch (SendRequestException e) {
debug.error("ResourceResultCache.getAdvicesHandleableByAM():", e);
throw new PolicyException(e);
}
}
if (advicesHandleableByAM == null) {
advicesHandleableByAM = Collections.EMPTY_SET;
}
if (debug.messageEnabled()) {
debug.message("ResourceResultCache.getAdvicesHandleableByAM():" + ":returning advicesHandleableByAM" + advicesHandleableByAM);
}
return advicesHandleableByAM;
}
use of com.sun.identity.policy.remote.PolicyEvaluationException in project OpenAM by OpenRock.
the class ResourceResultCache method jsonResourceContentToResourceResults.
Set<ResourceResult> jsonResourceContentToResourceResults(String jsonResourceContent, String serviceName) throws JSONException, PolicyException {
Set<ResourceResult> resourceResults = null;
JSONObject jsonObject = null;
try {
jsonObject = new JSONObject(jsonResourceContent);
} catch (JSONException e) {
debug.error("ResourceResultCache.jsonResourceContentToResourceResults():" + "json parsing error of response: " + jsonResourceContent);
throw new PolicyEvaluationException(ResBundleUtils.rbName, "error_rest_reponse", null, null);
}
int statusCode = jsonObject.optInt("statusCode");
if (statusCode != 200) {
debug.error("ResourceResultCache.jsonResourceContentToResourceResults():" + "statusCode=" + statusCode + ", error response");
throw new PolicyEvaluationException(ResBundleUtils.rbName, "error_rest_reponse", null, null);
}
jsonObject = jsonObject.optJSONObject("body");
if (jsonObject == null) {
debug.error("ResourceResultCache.jsonResourceContentToResourceResults():" + "does not have decisions object");
throw new PolicyEvaluationException(ResBundleUtils.rbName, "error_rest_reponse", null, null);
}
JSONArray jsonArray = jsonObject.optJSONArray("results");
if (jsonArray != null) {
ResourceName resourceComparator = (ResourceName) policyProperties.getResourceComparator(serviceName);
ResourceResult virtualResourceResult = new ResourceResult(ResourceResult.VIRTUAL_ROOT, new PolicyDecision());
int arrayLen = jsonArray.length();
for (int i = 0; i < arrayLen; i++) {
JSONObject jo = jsonArray.optJSONObject(i);
if (jo != null) {
ResourceResult rr = jsonEntitlementToResourceResult(jo, serviceName);
virtualResourceResult.addResourceResult(rr, resourceComparator);
}
}
resourceResults = virtualResourceResult.getResourceResults();
} else {
String resourceName = jsonObject.optString("resourceName");
if (resourceName != null) {
ResourceResult resourceResult = jsonEntitlementToResourceResult(jsonObject, serviceName);
resourceResults = new HashSet<ResourceResult>();
resourceResults.add(resourceResult);
} else {
debug.error("ResourceResultCache.jsonResourceContentToResourceResults():" + "does not have results or resourceName object");
throw new PolicyEvaluationException(ResBundleUtils.rbName, "error_rest_reponse", null, null);
}
}
return resourceResults;
}
use of com.sun.identity.policy.remote.PolicyEvaluationException in project OpenAM by OpenRock.
the class ResourceResultCache method getPolicyServiceURL.
/**
* Returns policy service URL based on session token
* @param token session token of user
* @return policy service URL based on session token
* @throws PolicyException if can not get policy service URL
*/
static URL getPolicyServiceURL(SSOToken token) throws PolicyException {
URL policyServiceURL = null;
try {
String ssoTokenID = token.getTokenID().toString();
SessionID sid = new SessionID(ssoTokenID);
Session session = sessionCache.getSession(sid);
URL sessionServiceURL = session.getSessionServiceURL();
String protocol = sessionServiceURL.getProtocol();
String host = sessionServiceURL.getHost();
int port = sessionServiceURL.getPort();
String uri = sessionServiceURL.getPath();
String portString = null;
if (port == -1) {
portString = "";
} else {
portString = Integer.toString(port);
}
policyServiceURL = WebtopNaming.getServiceURL(POLICY_SERVICE_ID_FOR_NAMING, protocol, host, portString, uri);
} catch (SessionException se) {
debug.error("ResourceResultCache.getPolicyServiceURL():" + "Can not find policy service URL", se);
throw new PolicyEvaluationException(ResBundleUtils.rbName, "policy_service_url_not_found", null, se);
} catch (URLNotFoundException ue) {
debug.error("ResourceResultCache.getPolicyServiceURL():" + "Can not find policy service URL", ue);
throw new PolicyEvaluationException(ResBundleUtils.rbName, "policy_service_url_not_found", null, ue);
}
return policyServiceURL;
}
Aggregations