Search in sources :

Example 6 with PolicyEvaluationException

use of com.sun.identity.policy.remote.PolicyEvaluationException in project OpenAM by OpenRock.

the class ResourceResultCache method getAdvicesHandleableByAM.

/** 
     * Returns names of policy advices that could be handled by OpenAM
     * Enterprise if PEP redirects user agent to OpenAM.
     *
     * @param appToken application sso token that would be used while
     *        communicating to OpenAM
     * @param refetchFromServer indicates whether to get the values fresh 
     *      from OpenAM or return the values from local cache.
     *      If the server reports app sso token is invalid, a new app sso
     *      token is created and one more call is made to the server.
     * @return names of policy advices that could be handled by OpenAM
     * @throws InvalidAppSSOTokenException if the server reported that the
     *         app sso token provided was invalid
     * @throws PolicyEvaluationException if the server reported any other error
     * @throws PolicyException if there are problems in getting the advice 
     *          names
     * @throws SSOException if the appToken is detected to be invalid
     *         at the client
     */
Set getAdvicesHandleableByAM(SSOToken appToken, boolean refetchFromServer) throws InvalidAppSSOTokenException, PolicyException, SSOException {
    if (debug.messageEnabled()) {
        debug.message("ResourceResultCache.getAdvicesHandleableByAM():" + ":entering");
    }
    if ((advicesHandleableByAM != null) && !refetchFromServer) {
        if (debug.messageEnabled()) {
            debug.message("ResourceResultCache.getAdvicesHandleableByAM():" + ":returning cached advices" + advicesHandleableByAM);
        }
        return advicesHandleableByAM;
    }
    URL policyServiceURL = null;
    if (appToken != null) {
        try {
            policyServiceURL = getPolicyServiceURL(appToken);
        } catch (PolicyException pe) {
            debug.error("ResourceResultCache.getAdvicesHandleableByAM():", pe);
            throw pe;
        }
    }
    if ((appToken != null) && (policyServiceURL != null)) {
        PolicyRequest policyReq = new PolicyRequest();
        policyReq.setAppSSOToken(appToken.getTokenID().toString());
        policyReq.setAdvicesHandleableByAMRequest(new AdvicesHandleableByAMRequest());
        policyReq.setMethodID(PolicyRequest.POLICY_REQUEST_ADVICES_HANDLEABLE_BY_AM_REQUEST);
        try {
            PolicyService ps = sendPLLRequest(policyServiceURL, policyReq);
            if (ps != null) {
                if (debug.messageEnabled()) {
                    debug.message("ResourceResultCache." + "getAdvicesHandleableByAM():" + "result=" + ps.toXMLString());
                }
                PolicyResponse psres = ps.getPolicyResponse();
                String exceptionMessage = psres.getExceptionMsg();
                if (exceptionMessage != null) {
                    if (exceptionMessage.indexOf(ResBundleUtils.getString("app_sso_token_invalid")) >= 0) {
                        if (debug.warningEnabled()) {
                            debug.warning("ResourceResultCache." + "getAdvicesHandleableByAM():" + " response exception " + exceptionMessage);
                            debug.warning("ResourceResultCache." + "AdvicesHandleableByAM():" + " appSSOToken is invalid");
                            debug.warning("ResourceResultCache." + "throwing InvalidAppSSOTokenException");
                        }
                        String[] args = { exceptionMessage };
                        throw new InvalidAppSSOTokenException(ResBundleUtils.rbName, "server_reported_invalid_app_sso_token", args, null);
                    } else {
                        if (debug.warningEnabled()) {
                            debug.warning("ResourceResultCache." + "AdvicesHandleableByAM():" + "response exception message=" + exceptionMessage);
                        }
                        String[] args = { exceptionMessage };
                        throw new PolicyEvaluationException(ResBundleUtils.rbName, "server_reported_exception", args, null);
                    }
                }
                if (psres.getMethodID() == PolicyResponse.POLICY_ADVICES_HANDLEABLE_BY_AM_RESPONSE) {
                    AdvicesHandleableByAMResponse advicesHandleableByAMResponse = psres.getAdvicesHandleableByAMResponse();
                    if (debug.messageEnabled()) {
                        debug.message("ResourceResultCache." + "getAdvicesHandleableByAM():" + advicesHandleableByAMResponse);
                    }
                    if (advicesHandleableByAMResponse != null) {
                        advicesHandleableByAM = advicesHandleableByAMResponse.getAdvicesHandleableByAM();
                    }
                }
            } else {
                debug.error("ResourceResultCache.getAdvicesHandleableByAM()" + ":no result");
            }
        } catch (SendRequestException e) {
            debug.error("ResourceResultCache.getAdvicesHandleableByAM():", e);
            throw new PolicyException(e);
        }
    }
    if (advicesHandleableByAM == null) {
        advicesHandleableByAM = Collections.EMPTY_SET;
    }
    if (debug.messageEnabled()) {
        debug.message("ResourceResultCache.getAdvicesHandleableByAM():" + ":returning advicesHandleableByAM" + advicesHandleableByAM);
    }
    return advicesHandleableByAM;
}
Also used : SendRequestException(com.iplanet.services.comm.client.SendRequestException) AdvicesHandleableByAMRequest(com.sun.identity.policy.remote.AdvicesHandleableByAMRequest) AdvicesHandleableByAMResponse(com.sun.identity.policy.remote.AdvicesHandleableByAMResponse) PolicyException(com.sun.identity.policy.PolicyException) PolicyService(com.sun.identity.policy.remote.PolicyService) PolicyEvaluationException(com.sun.identity.policy.remote.PolicyEvaluationException) PolicyRequest(com.sun.identity.policy.remote.PolicyRequest) PolicyResponse(com.sun.identity.policy.remote.PolicyResponse) URL(java.net.URL)

Example 7 with PolicyEvaluationException

use of com.sun.identity.policy.remote.PolicyEvaluationException in project OpenAM by OpenRock.

the class ResourceResultCache method jsonResourceContentToResourceResults.

Set<ResourceResult> jsonResourceContentToResourceResults(String jsonResourceContent, String serviceName) throws JSONException, PolicyException {
    Set<ResourceResult> resourceResults = null;
    JSONObject jsonObject = null;
    try {
        jsonObject = new JSONObject(jsonResourceContent);
    } catch (JSONException e) {
        debug.error("ResourceResultCache.jsonResourceContentToResourceResults():" + "json parsing error of response: " + jsonResourceContent);
        throw new PolicyEvaluationException(ResBundleUtils.rbName, "error_rest_reponse", null, null);
    }
    int statusCode = jsonObject.optInt("statusCode");
    if (statusCode != 200) {
        debug.error("ResourceResultCache.jsonResourceContentToResourceResults():" + "statusCode=" + statusCode + ", error response");
        throw new PolicyEvaluationException(ResBundleUtils.rbName, "error_rest_reponse", null, null);
    }
    jsonObject = jsonObject.optJSONObject("body");
    if (jsonObject == null) {
        debug.error("ResourceResultCache.jsonResourceContentToResourceResults():" + "does not have decisions object");
        throw new PolicyEvaluationException(ResBundleUtils.rbName, "error_rest_reponse", null, null);
    }
    JSONArray jsonArray = jsonObject.optJSONArray("results");
    if (jsonArray != null) {
        ResourceName resourceComparator = (ResourceName) policyProperties.getResourceComparator(serviceName);
        ResourceResult virtualResourceResult = new ResourceResult(ResourceResult.VIRTUAL_ROOT, new PolicyDecision());
        int arrayLen = jsonArray.length();
        for (int i = 0; i < arrayLen; i++) {
            JSONObject jo = jsonArray.optJSONObject(i);
            if (jo != null) {
                ResourceResult rr = jsonEntitlementToResourceResult(jo, serviceName);
                virtualResourceResult.addResourceResult(rr, resourceComparator);
            }
        }
        resourceResults = virtualResourceResult.getResourceResults();
    } else {
        String resourceName = jsonObject.optString("resourceName");
        if (resourceName != null) {
            ResourceResult resourceResult = jsonEntitlementToResourceResult(jsonObject, serviceName);
            resourceResults = new HashSet<ResourceResult>();
            resourceResults.add(resourceResult);
        } else {
            debug.error("ResourceResultCache.jsonResourceContentToResourceResults():" + "does not have results or resourceName object");
            throw new PolicyEvaluationException(ResBundleUtils.rbName, "error_rest_reponse", null, null);
        }
    }
    return resourceResults;
}
Also used : PolicyDecision(com.sun.identity.policy.PolicyDecision) ResourceResult(com.sun.identity.policy.ResourceResult) JSONObject(org.json.JSONObject) ResourceName(com.sun.identity.policy.interfaces.ResourceName) JSONArray(org.json.JSONArray) JSONException(org.json.JSONException) PolicyEvaluationException(com.sun.identity.policy.remote.PolicyEvaluationException)

Example 8 with PolicyEvaluationException

use of com.sun.identity.policy.remote.PolicyEvaluationException in project OpenAM by OpenRock.

the class ResourceResultCache method getPolicyServiceURL.

/**
    * Returns policy service URL based on session token
    * @param token session token of user
    * @return policy service URL based on session token
    * @throws PolicyException if can not get policy service URL
    */
static URL getPolicyServiceURL(SSOToken token) throws PolicyException {
    URL policyServiceURL = null;
    try {
        String ssoTokenID = token.getTokenID().toString();
        SessionID sid = new SessionID(ssoTokenID);
        Session session = sessionCache.getSession(sid);
        URL sessionServiceURL = session.getSessionServiceURL();
        String protocol = sessionServiceURL.getProtocol();
        String host = sessionServiceURL.getHost();
        int port = sessionServiceURL.getPort();
        String uri = sessionServiceURL.getPath();
        String portString = null;
        if (port == -1) {
            portString = "";
        } else {
            portString = Integer.toString(port);
        }
        policyServiceURL = WebtopNaming.getServiceURL(POLICY_SERVICE_ID_FOR_NAMING, protocol, host, portString, uri);
    } catch (SessionException se) {
        debug.error("ResourceResultCache.getPolicyServiceURL():" + "Can not find policy service URL", se);
        throw new PolicyEvaluationException(ResBundleUtils.rbName, "policy_service_url_not_found", null, se);
    } catch (URLNotFoundException ue) {
        debug.error("ResourceResultCache.getPolicyServiceURL():" + "Can not find policy service URL", ue);
        throw new PolicyEvaluationException(ResBundleUtils.rbName, "policy_service_url_not_found", null, ue);
    }
    return policyServiceURL;
}
Also used : SessionException(com.iplanet.dpro.session.SessionException) PolicyEvaluationException(com.sun.identity.policy.remote.PolicyEvaluationException) URLNotFoundException(com.iplanet.services.naming.URLNotFoundException) SessionID(com.iplanet.dpro.session.SessionID) URL(java.net.URL) Session(com.iplanet.dpro.session.Session)

Aggregations

PolicyEvaluationException (com.sun.identity.policy.remote.PolicyEvaluationException)8 SendRequestException (com.iplanet.services.comm.client.SendRequestException)3 URL (java.net.URL)3 JSONException (org.json.JSONException)3 JSONObject (org.json.JSONObject)3 SessionException (com.iplanet.dpro.session.SessionException)2 URLNotFoundException (com.iplanet.services.naming.URLNotFoundException)2 PolicyDecision (com.sun.identity.policy.PolicyDecision)2 PolicyException (com.sun.identity.policy.PolicyException)2 ResourceResult (com.sun.identity.policy.ResourceResult)2 AdvicesHandleableByAMResponse (com.sun.identity.policy.remote.AdvicesHandleableByAMResponse)2 PolicyRequest (com.sun.identity.policy.remote.PolicyRequest)2 PolicyResponse (com.sun.identity.policy.remote.PolicyResponse)2 PolicyService (com.sun.identity.policy.remote.PolicyService)2 JSONArray (org.json.JSONArray)2 Session (com.iplanet.dpro.session.Session)1 SessionID (com.iplanet.dpro.session.SessionID)1 AlreadyRegisteredException (com.iplanet.services.comm.client.AlreadyRegisteredException)1 RequestSet (com.iplanet.services.comm.share.RequestSet)1 Response (com.iplanet.services.comm.share.Response)1