Search in sources :

Example 1 with PolicyRequest

use of com.sun.identity.policy.remote.PolicyRequest in project OpenAM by OpenRock.

the class ResourceResultCache method sendPLLRequest.

/**
     * Return a PolicyService object based on the XML document received
     * from remote Policy Server. This is in response to a request that we
     * send to the Policy server.
     * @param policyServiceUrl The URL of the Policy Service
     * @param preq The SessionRequest XML document
     * @return PolicyService 
     * @exception SendRequestException is thrown if there was an error in
     * sending the XML document or PolicyException if there are any parsing
     * errors.     
     */
public static PolicyService sendPLLRequest(URL policyServiceUrl, PolicyRequest preq) throws SendRequestException, PolicyException {
    String lbcookie = null;
    try {
        lbcookie = getLBCookie(preq);
    } catch (Exception e) {
        throw new SendRequestException(e);
    }
    PolicyService policyService = new PolicyService();
    policyService.setMethodID(PolicyService.POLICY_REQUEST_ID);
    policyService.setPolicyRequest(preq);
    String xmlString = policyService.toXMLString();
    Request request = new Request(xmlString);
    RequestSet requestSet = new RequestSet(PolicyService.POLICY_SERVICE);
    requestSet.addRequest(request);
    if (debug.messageEnabled()) {
        debug.message("ResourceResultCache.sendPLLRequest:" + "sending PLL request to URL=" + policyServiceUrl + ":\nPLL message=" + xmlString);
    }
    Vector responses = PLLClient.send(policyServiceUrl, lbcookie, requestSet);
    Response response = (Response) responses.elementAt(0);
    PolicyService ps = PolicyService.parseXML(response.getContent());
    if (debug.messageEnabled()) {
        debug.message("ResourceResultCache.sendPLLRequest:" + "result=" + ps.toXMLString());
    }
    return ps;
}
Also used : SendRequestException(com.iplanet.services.comm.client.SendRequestException) AdvicesHandleableByAMResponse(com.sun.identity.policy.remote.AdvicesHandleableByAMResponse) PolicyResponse(com.sun.identity.policy.remote.PolicyResponse) Response(com.iplanet.services.comm.share.Response) RequestSet(com.iplanet.services.comm.share.RequestSet) PolicyService(com.sun.identity.policy.remote.PolicyService) PolicyListenerRequest(com.sun.identity.policy.remote.PolicyListenerRequest) Request(com.iplanet.services.comm.share.Request) ResourceResultRequest(com.sun.identity.policy.remote.ResourceResultRequest) RemoveListenerRequest(com.sun.identity.policy.remote.RemoveListenerRequest) AdvicesHandleableByAMRequest(com.sun.identity.policy.remote.AdvicesHandleableByAMRequest) PolicyRequest(com.sun.identity.policy.remote.PolicyRequest) Vector(java.util.Vector) JSONException(org.json.JSONException) PolicyException(com.sun.identity.policy.PolicyException) SendRequestException(com.iplanet.services.comm.client.SendRequestException) PolicyEvaluationException(com.sun.identity.policy.remote.PolicyEvaluationException) URLNotFoundException(com.iplanet.services.naming.URLNotFoundException) SSOException(com.iplanet.sso.SSOException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) AlreadyRegisteredException(com.iplanet.services.comm.client.AlreadyRegisteredException) IOException(java.io.IOException) SessionException(com.iplanet.dpro.session.SessionException)

Example 2 with PolicyRequest

use of com.sun.identity.policy.remote.PolicyRequest in project OpenAM by OpenRock.

the class ResourceResultCache method getResultsFromServer.

/**
     * Returns a set of <code>ResourceResult</code> objects from server.
     * Fresh resource results 
     * are fetched from policy server and returned.
     * @param appToken application sso token to identify the client to policy
     * service
     *
     * @param serviceName name of service for which to get resource results
     * @param token session token of user for whom to get resource results
     * @param resourceName resource name for which to get resource results
     * @param scope the scope to be used while getting resource results
     * @param actionNames action names for which to get resource results
     * @param env environment map to use to get resource results
     *
     * @return a set of <code>ResourceResult</code> objects
     *
     * @throws PolicyException if can not get resource results
     * @throws SSOException if session token is not valid
     * @throws InvalidAppSSOTokenException if application session token 
     * is not valid
     */
private Set getResultsFromServer(SSOToken appToken, String serviceName, SSOToken token, String resourceName, String scope, Set actionNames, Map env) throws InvalidAppSSOTokenException, SSOException, PolicyException {
    Set resourceResults = null;
    Response response = null;
    try {
        URL policyServiceUrl = getPolicyServiceURL(token);
        if (debug.messageEnabled()) {
            debug.message("ResourceResultCache.getResultsFromServer():" + ":serviceName=" + serviceName + ":token=" + token.getPrincipal().getName() + ":resourceName=" + resourceName + ":scope=" + scope + ":actionNames=" + actionNames + ":env" + ":policyServiceURL=" + policyServiceUrl + ":entering");
        }
        ResourceResultRequest rrRequest = new ResourceResultRequest();
        rrRequest.setServiceName(serviceName);
        rrRequest.setResourceName(resourceName);
        rrRequest.setResourceScope(scope);
        rrRequest.setUserSSOToken(token.getTokenID().toString());
        Set responseAttributes = null;
        if (env != null) {
            rrRequest.setEnvParms(env);
            responseAttributes = getResponseAttributes(env);
            if (debug.messageEnabled()) {
                debug.message("ResourceResultCache.getResultsFromServer():" + "responseAttributes to get=" + responseAttributes);
            }
            if (responseAttributes != null) {
                rrRequest.setResponseAttributes(responseAttributes);
            }
        }
        PolicyRequest policyRequest = new PolicyRequest();
        policyRequest.setAppSSOToken(appToken.getTokenID().toString());
        policyRequest.setMethodID(PolicyRequest.POLICY_REQUEST_GET_RESOURCE_RESULTS);
        policyRequest.setRequestId(newRequestID());
        policyRequest.setResourceResultRequest(rrRequest);
        PolicyService ps = sendPLLRequest(policyServiceUrl, policyRequest);
        if (ps != null) {
            PolicyResponse pr = ps.getPolicyResponse();
            String exceptionMessage = pr.getExceptionMsg();
            if (exceptionMessage != null) {
                if (exceptionMessage.indexOf(PolicyResponse.APP_SSO_TOKEN_INVALID) >= 0) {
                    if (debug.warningEnabled()) {
                        debug.warning("ResourceResultCache." + "getResultsFromServer():" + " response exception " + exceptionMessage);
                        debug.warning("ResourceResultCache." + "getResultsFromServer():" + " appSSOToken is invalid");
                        debug.warning("ResourceResultCache." + "throwing InvalidAppSSOTokenException");
                    }
                    String[] args = { exceptionMessage };
                    throw new InvalidAppSSOTokenException(ResBundleUtils.rbName, "server_reported_invalid_app_sso_token", args, null);
                } else {
                    debug.warning("ResourceResultCache." + "getResultsFromServer():" + "response exception message=" + exceptionMessage);
                    String[] args = { exceptionMessage };
                    throw new PolicyEvaluationException(ResBundleUtils.rbName, "server_reported_exception", args, null);
                }
            } else {
                resourceResults = pr.getResourceResults();
            }
        }
    } catch (SendRequestException sre) {
        String[] args = { sre.getMessage() };
        throw new PolicyEvaluationException(ResBundleUtils.rbName, "pll_send_request_exception", args, sre);
    }
    if (debug.messageEnabled()) {
        debug.message("ResourceResultCache.getResultsFromServer():" + "returning");
    }
    return resourceResults;
}
Also used : AdvicesHandleableByAMResponse(com.sun.identity.policy.remote.AdvicesHandleableByAMResponse) PolicyResponse(com.sun.identity.policy.remote.PolicyResponse) Response(com.iplanet.services.comm.share.Response) SendRequestException(com.iplanet.services.comm.client.SendRequestException) Set(java.util.Set) HashSet(java.util.HashSet) RequestSet(com.iplanet.services.comm.share.RequestSet) PolicyService(com.sun.identity.policy.remote.PolicyService) PolicyEvaluationException(com.sun.identity.policy.remote.PolicyEvaluationException) ResourceResultRequest(com.sun.identity.policy.remote.ResourceResultRequest) PolicyRequest(com.sun.identity.policy.remote.PolicyRequest) PolicyResponse(com.sun.identity.policy.remote.PolicyResponse) URL(java.net.URL)

Example 3 with PolicyRequest

use of com.sun.identity.policy.remote.PolicyRequest in project OpenAM by OpenRock.

the class ResourceResultCache method getAdvicesHandleableByAM.

/** 
     * Returns names of policy advices that could be handled by OpenAM
     * Enterprise if PEP redirects user agent to OpenAM.
     *
     * @param appToken application sso token that would be used while
     *        communicating to OpenAM
     * @param refetchFromServer indicates whether to get the values fresh 
     *      from OpenAM or return the values from local cache.
     *      If the server reports app sso token is invalid, a new app sso
     *      token is created and one more call is made to the server.
     * @return names of policy advices that could be handled by OpenAM
     * @throws InvalidAppSSOTokenException if the server reported that the
     *         app sso token provided was invalid
     * @throws PolicyEvaluationException if the server reported any other error
     * @throws PolicyException if there are problems in getting the advice 
     *          names
     * @throws SSOException if the appToken is detected to be invalid
     *         at the client
     */
Set getAdvicesHandleableByAM(SSOToken appToken, boolean refetchFromServer) throws InvalidAppSSOTokenException, PolicyException, SSOException {
    if (debug.messageEnabled()) {
        debug.message("ResourceResultCache.getAdvicesHandleableByAM():" + ":entering");
    }
    if ((advicesHandleableByAM != null) && !refetchFromServer) {
        if (debug.messageEnabled()) {
            debug.message("ResourceResultCache.getAdvicesHandleableByAM():" + ":returning cached advices" + advicesHandleableByAM);
        }
        return advicesHandleableByAM;
    }
    URL policyServiceURL = null;
    if (appToken != null) {
        try {
            policyServiceURL = getPolicyServiceURL(appToken);
        } catch (PolicyException pe) {
            debug.error("ResourceResultCache.getAdvicesHandleableByAM():", pe);
            throw pe;
        }
    }
    if ((appToken != null) && (policyServiceURL != null)) {
        PolicyRequest policyReq = new PolicyRequest();
        policyReq.setAppSSOToken(appToken.getTokenID().toString());
        policyReq.setAdvicesHandleableByAMRequest(new AdvicesHandleableByAMRequest());
        policyReq.setMethodID(PolicyRequest.POLICY_REQUEST_ADVICES_HANDLEABLE_BY_AM_REQUEST);
        try {
            PolicyService ps = sendPLLRequest(policyServiceURL, policyReq);
            if (ps != null) {
                if (debug.messageEnabled()) {
                    debug.message("ResourceResultCache." + "getAdvicesHandleableByAM():" + "result=" + ps.toXMLString());
                }
                PolicyResponse psres = ps.getPolicyResponse();
                String exceptionMessage = psres.getExceptionMsg();
                if (exceptionMessage != null) {
                    if (exceptionMessage.indexOf(ResBundleUtils.getString("app_sso_token_invalid")) >= 0) {
                        if (debug.warningEnabled()) {
                            debug.warning("ResourceResultCache." + "getAdvicesHandleableByAM():" + " response exception " + exceptionMessage);
                            debug.warning("ResourceResultCache." + "AdvicesHandleableByAM():" + " appSSOToken is invalid");
                            debug.warning("ResourceResultCache." + "throwing InvalidAppSSOTokenException");
                        }
                        String[] args = { exceptionMessage };
                        throw new InvalidAppSSOTokenException(ResBundleUtils.rbName, "server_reported_invalid_app_sso_token", args, null);
                    } else {
                        if (debug.warningEnabled()) {
                            debug.warning("ResourceResultCache." + "AdvicesHandleableByAM():" + "response exception message=" + exceptionMessage);
                        }
                        String[] args = { exceptionMessage };
                        throw new PolicyEvaluationException(ResBundleUtils.rbName, "server_reported_exception", args, null);
                    }
                }
                if (psres.getMethodID() == PolicyResponse.POLICY_ADVICES_HANDLEABLE_BY_AM_RESPONSE) {
                    AdvicesHandleableByAMResponse advicesHandleableByAMResponse = psres.getAdvicesHandleableByAMResponse();
                    if (debug.messageEnabled()) {
                        debug.message("ResourceResultCache." + "getAdvicesHandleableByAM():" + advicesHandleableByAMResponse);
                    }
                    if (advicesHandleableByAMResponse != null) {
                        advicesHandleableByAM = advicesHandleableByAMResponse.getAdvicesHandleableByAM();
                    }
                }
            } else {
                debug.error("ResourceResultCache.getAdvicesHandleableByAM()" + ":no result");
            }
        } catch (SendRequestException e) {
            debug.error("ResourceResultCache.getAdvicesHandleableByAM():", e);
            throw new PolicyException(e);
        }
    }
    if (advicesHandleableByAM == null) {
        advicesHandleableByAM = Collections.EMPTY_SET;
    }
    if (debug.messageEnabled()) {
        debug.message("ResourceResultCache.getAdvicesHandleableByAM():" + ":returning advicesHandleableByAM" + advicesHandleableByAM);
    }
    return advicesHandleableByAM;
}
Also used : SendRequestException(com.iplanet.services.comm.client.SendRequestException) AdvicesHandleableByAMRequest(com.sun.identity.policy.remote.AdvicesHandleableByAMRequest) AdvicesHandleableByAMResponse(com.sun.identity.policy.remote.AdvicesHandleableByAMResponse) PolicyException(com.sun.identity.policy.PolicyException) PolicyService(com.sun.identity.policy.remote.PolicyService) PolicyEvaluationException(com.sun.identity.policy.remote.PolicyEvaluationException) PolicyRequest(com.sun.identity.policy.remote.PolicyRequest) PolicyResponse(com.sun.identity.policy.remote.PolicyResponse) URL(java.net.URL)

Example 4 with PolicyRequest

use of com.sun.identity.policy.remote.PolicyRequest in project OpenAM by OpenRock.

the class ResourceResultCache method addRemotePolicyListener.

/**
     * Registers a listener with policy service to recieve
     * notifications on policy changes
     * @param appToken session token identifying the client
     * @param serviceName service name
     * @param notificationURL end point on the client that listens for
     * notifications
     *
     * @param reRegister flag indicating whether to register listener
     *  even if it was already registered. <code>true</code> indicates
     * to register listener again even if it was previously registered
     */
boolean addRemotePolicyListener(SSOToken appToken, String serviceName, String notificationURL, boolean reRegister) {
    boolean status = false;
    if (debug.messageEnabled()) {
        debug.message("ResourceResultCache.addRemotePolicyListener():" + "serviceName=" + serviceName + ":notificationURL=" + notificationURL);
    }
    if (remotePolicyListeners.contains(serviceName) && !reRegister) {
        if (debug.messageEnabled()) {
            debug.message("ResourceResultCache.addRemotePolicyListener():" + "serviceName=" + serviceName + ":notificationURL=" + notificationURL + ":is already registered");
        }
        return status;
    }
    //else do the following
    URL policyServiceURL = null;
    if (appToken != null) {
        try {
            policyServiceURL = getPolicyServiceURL(appToken);
        } catch (PolicyException pe) {
            debug.error("ResourceResultCache.addRemotePolicyListener():" + "Can not add policy listner", pe);
        }
    }
    if ((appToken != null) && (policyServiceURL != null)) {
        PolicyListenerRequest listenerReq = new PolicyListenerRequest();
        listenerReq.setServiceName(serviceName);
        listenerReq.setNotificationURL(notificationURL);
        PolicyRequest policyReq = new PolicyRequest();
        policyReq.setAppSSOToken(appToken.getTokenID().toString());
        policyReq.setMethodID(PolicyRequest.POLICY_REQUEST_ADD_POLICY_LISTENER);
        policyReq.setPolicyListenerRequest(listenerReq);
        try {
            PolicyService ps = sendPLLRequest(policyServiceURL, policyReq);
            if (ps != null) {
                if (debug.messageEnabled()) {
                    debug.message("ResourceResultCache." + "addRemotePolicyListener():" + "result=" + ps.toXMLString());
                }
                PolicyResponse psres = ps.getPolicyResponse();
                if (psres.getMethodID() == PolicyResponse.POLICY_ADD_LISTENER_RESPONSE) {
                    status = true;
                    remotePolicyListeners.add(serviceName);
                    if (debug.messageEnabled()) {
                        debug.message("ResourceResultCache." + "addRemotePolicyListener():" + "serviceName=" + serviceName + ":notificationURL=" + notificationURL + ":policyServiceURL=" + policyServiceURL + ":add succeeded");
                    }
                }
            } else {
                debug.error("ResourceResultCache.addRemotePolicyListener():" + " no result");
            }
        } catch (Exception e) {
            debug.error("ResourceResultCache.addRemotePolicyListener():", e);
        }
    }
    return status;
}
Also used : PolicyException(com.sun.identity.policy.PolicyException) PolicyService(com.sun.identity.policy.remote.PolicyService) PolicyListenerRequest(com.sun.identity.policy.remote.PolicyListenerRequest) PolicyRequest(com.sun.identity.policy.remote.PolicyRequest) PolicyResponse(com.sun.identity.policy.remote.PolicyResponse) URL(java.net.URL) JSONException(org.json.JSONException) PolicyException(com.sun.identity.policy.PolicyException) SendRequestException(com.iplanet.services.comm.client.SendRequestException) PolicyEvaluationException(com.sun.identity.policy.remote.PolicyEvaluationException) URLNotFoundException(com.iplanet.services.naming.URLNotFoundException) SSOException(com.iplanet.sso.SSOException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) AlreadyRegisteredException(com.iplanet.services.comm.client.AlreadyRegisteredException) IOException(java.io.IOException) SessionException(com.iplanet.dpro.session.SessionException)

Example 5 with PolicyRequest

use of com.sun.identity.policy.remote.PolicyRequest in project OpenAM by OpenRock.

the class ResourceResultCache method removeRemotePolicyListener.

/**
     * Removes a listener registered with policy service to recieve
     * notifications on policy changes
     * @param appToken session token identifying the client
     * @param serviceName service name
     * @param notificationURL end point on the client that listens for
     * notifications
     */
public boolean removeRemotePolicyListener(SSOToken appToken, String serviceName, String notificationURL) {
    boolean status = false;
    URL policyServiceURL = null;
    remotePolicyListeners.remove(notificationURL);
    if (appToken != null) {
        try {
            policyServiceURL = getPolicyServiceURL(appToken);
        } catch (PolicyException pe) {
            debug.error("ResourceResultCache.removeRemotePolicyListener():" + "Can not remove policy listner:", pe);
        }
    }
    if ((appToken != null) && (policyServiceURL != null)) {
        RemoveListenerRequest rmReq = new RemoveListenerRequest();
        rmReq.setServiceName(serviceName);
        rmReq.setNotificationURL(notificationURL);
        PolicyRequest policyReq = new PolicyRequest();
        policyReq.setAppSSOToken(appToken.getTokenID().toString());
        policyReq.setMethodID(PolicyRequest.POLICY_REQUEST_REMOVE_POLICY_LISTENER);
        policyReq.setRemoveListenerRequest(rmReq);
        try {
            PolicyService ps = sendPLLRequest(policyServiceURL, policyReq);
            if (ps != null) {
                if (debug.messageEnabled()) {
                    debug.message("ResourceResultCache." + "removeRemotePolicyListener():" + "result=" + ps.toXMLString());
                }
                PolicyResponse psres = ps.getPolicyResponse();
                if (psres.getMethodID() == PolicyResponse.POLICY_REMOVE_LISTENER_RESPONSE) {
                    status = true;
                }
            } else {
                debug.message("ResourceResultCache." + "removeRemotePolicyListener():" + "no result");
            }
        } catch (Exception e) {
            debug.error("ResourceResultCache.removeRemotePolicyListener():", e);
        }
    }
    return status;
}
Also used : PolicyException(com.sun.identity.policy.PolicyException) PolicyService(com.sun.identity.policy.remote.PolicyService) RemoveListenerRequest(com.sun.identity.policy.remote.RemoveListenerRequest) PolicyRequest(com.sun.identity.policy.remote.PolicyRequest) PolicyResponse(com.sun.identity.policy.remote.PolicyResponse) URL(java.net.URL) JSONException(org.json.JSONException) PolicyException(com.sun.identity.policy.PolicyException) SendRequestException(com.iplanet.services.comm.client.SendRequestException) PolicyEvaluationException(com.sun.identity.policy.remote.PolicyEvaluationException) URLNotFoundException(com.iplanet.services.naming.URLNotFoundException) SSOException(com.iplanet.sso.SSOException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) AlreadyRegisteredException(com.iplanet.services.comm.client.AlreadyRegisteredException) IOException(java.io.IOException) SessionException(com.iplanet.dpro.session.SessionException)

Aggregations

SendRequestException (com.iplanet.services.comm.client.SendRequestException)5 PolicyEvaluationException (com.sun.identity.policy.remote.PolicyEvaluationException)5 PolicyRequest (com.sun.identity.policy.remote.PolicyRequest)5 PolicyResponse (com.sun.identity.policy.remote.PolicyResponse)5 PolicyService (com.sun.identity.policy.remote.PolicyService)5 PolicyException (com.sun.identity.policy.PolicyException)4 URL (java.net.URL)4 SessionException (com.iplanet.dpro.session.SessionException)3 AlreadyRegisteredException (com.iplanet.services.comm.client.AlreadyRegisteredException)3 URLNotFoundException (com.iplanet.services.naming.URLNotFoundException)3 SSOException (com.iplanet.sso.SSOException)3 AdvicesHandleableByAMResponse (com.sun.identity.policy.remote.AdvicesHandleableByAMResponse)3 IOException (java.io.IOException)3 UnsupportedEncodingException (java.io.UnsupportedEncodingException)3 JSONException (org.json.JSONException)3 RequestSet (com.iplanet.services.comm.share.RequestSet)2 Response (com.iplanet.services.comm.share.Response)2 AdvicesHandleableByAMRequest (com.sun.identity.policy.remote.AdvicesHandleableByAMRequest)2 PolicyListenerRequest (com.sun.identity.policy.remote.PolicyListenerRequest)2 RemoveListenerRequest (com.sun.identity.policy.remote.RemoveListenerRequest)2