Examples with SMSDataEntry com.sun.identity.sm.SMSDataEntry used on opensource projects

Example 6 with SMSDataEntry

use of com.sun.identity.sm.SMSDataEntry in project OpenAM by OpenRock.

the class DataStore method findPolicies.

private List<Privilege> findPolicies(String realm, String ldapFilter) throws EntitlementException {
    List<Privilege> results = new ArrayList<>();
    String baseDN = getSearchBaseDN(realm, null);
    SSOToken token = AccessController.doPrivileged(AdminTokenAction.getInstance());
    if (SMSEntry.checkIfEntryExists(baseDN, token)) {
        try {
            @SuppressWarnings("unchecked") Iterator<SMSDataEntry> iterator = SMSEntry.search(token, baseDN, ldapFilter, NO_LIMIT, NO_LIMIT, NOT_SORTED, NOT_SORTED, emptySet());
            while (iterator.hasNext()) {
                SMSDataEntry entry = iterator.next();
                String policyJson = entry.getAttributeValue(SERIALIZABLE_INDEX_KEY);
                results.add(Privilege.getInstance(new JSONObject(policyJson)));
            }
        } catch (JSONException | SMSException e) {
            throw new EntitlementException(EntitlementException.UNABLE_SEARCH_PRIVILEGES, e);
        }
    }
    return results;
}

Example 7 with SMSDataEntry

use of com.sun.identity.sm.SMSDataEntry in project OpenAM by OpenRock.

the class DataStore method searchReferral.

/**
     * Returns a set of referral privilege that satifies the resource and
     * subject indexes.
     *
     * @param adminToken Subject who has the rights to read datastore.
     * @param realm Realm name
     * @param iterator Buffered iterator to have the result fed to it.
     * @param indexes Resource search indexes.
     * @param bSubTree <code>true</code> to do sub tree search
     * @param excludeDNs Set of DN to be excluded from the search results.
     * @return a set of privilege that satifies the resource and subject
     * indexes.
     */
public Set<ReferralPrivilege> searchReferral(SSOToken adminToken, String realm, BufferedIterator iterator, ResourceSearchIndexes indexes, boolean bSubTree, Set<String> excludeDNs) throws EntitlementException {
    Set<ReferralPrivilege> results = new HashSet<ReferralPrivilege>();
    String filter = getFilter(indexes, null, bSubTree);
    String baseDN = getSearchBaseDN(realm, REFERRAL_STORE);
    if (PolicyConstants.DEBUG.messageEnabled()) {
        PolicyConstants.DEBUG.message("[PolicyEval] DataStore.searchReferral");
        PolicyConstants.DEBUG.message("[PolicyEval] search filter: " + filter);
        PolicyConstants.DEBUG.message("[PolicyEval] search DN: " + baseDN);
    }
    if (filter != null) {
        SSOToken token = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
        long start = DB_MONITOR_REFERRAL.start();
        if (SMSEntry.checkIfEntryExists(baseDN, token)) {
            try {
                Iterator i = SMSEntry.search(token, baseDN, filter, NO_LIMIT, NO_LIMIT, NOT_SORTED, NOT_SORTED, excludeDNs);
                while (i.hasNext()) {
                    SMSDataEntry e = (SMSDataEntry) i.next();
                    ReferralPrivilege referral = ReferralPrivilege.getInstance(new JSONObject(e.getAttributeValue(SERIALIZABLE_INDEX_KEY)));
                    iterator.add(referral);
                    results.add(referral);
                }
                iterator.isDone();
            } catch (JSONException e) {
                Object[] arg = { baseDN };
                throw new EntitlementException(52, arg, e);
            } catch (SMSException e) {
                Object[] arg = { baseDN };
                throw new EntitlementException(52, arg, e);
            }
        }
        DB_MONITOR_REFERRAL.end(start);
    }
    return results;
}

Example 8 with SMSDataEntry

use of com.sun.identity.sm.SMSDataEntry in project OpenAM by OpenRock.

the class IndexTreeServiceImplTest method treeSearchMultipleRealms.

/**
     * First carries out a two searches for test-realm. This demonstrates the use of the cached tree after the initial
     * search. Secondly carries out two further searches for some-other-test-realm. This demonstrates that a new search
     * is carried out for the new realm and that a separate cached tree is created.
     */
@Test
public void treeSearchMultipleRealms() throws Exception {
    // Path indexes to return from the DAO search for realm test-realm.
    List<SMSDataEntry> pathIndexes = new ArrayList<SMSDataEntry>();
    pathIndexes.add(new SMSDataEntry("{dn:somedn,attributeValues:{pathindex:[\"http://*.test.com\"]}}"));
    pathIndexes.add(new SMSDataEntry("{dn:somedn,attributeValues:{pathindex:[\"*\"]}}"));
    // Set up mock objects for search against test-realm.
    when(dnMapper.orgNameToDN(REALM)).thenReturn(REALM_DN);
    when(privilegedAction.run()).thenReturn(ssoToken);
    when(serviceManagementDAO.checkIfEntryExists(SERVICE_DN, ssoToken)).thenReturn(true);
    when(serviceManagementDAO.search(ssoToken, SERVICE_DN, FILTER, 0, 0, false, false, excludes)).thenReturn(pathIndexes.iterator());
    // Execute the actual search for www.test.com url.
    Set<String> results = treeService.searchTree("http://www.test.com", REALM);
    // Verify the results.
    verify(dnMapper).orgNameToDN(REALM);
    verify(privilegedAction).run();
    verify(serviceManagementDAO).checkIfEntryExists(SERVICE_DN, ssoToken);
    verify(serviceManagementDAO).search(ssoToken, SERVICE_DN, FILTER, 0, 0, false, false, excludes);
    Set<String> expectedResults = new HashSet<String>();
    expectedResults.add("http://*.test.com");
    expectedResults.add("*");
    assertEquals(expectedResults, results);
    // Execute the actual search for www.example.com url.
    results = treeService.searchTree("http://www.test.com", REALM);
    // Verify the results - cached tree is now used as opposed to carrying out another search.
    verifyNoMoreInteractions(dnMapper, privilegedAction, serviceManagementDAO);
    assertEquals(expectedResults, results);
    // Now for a second realm.
    // Path indexes to return from the DAO search for some-other-test-realm.
    pathIndexes = new ArrayList<SMSDataEntry>();
    pathIndexes.add(new SMSDataEntry("{dn:somedn,attributeValues:{pathindex:[\"http://www.example.com/*\"]}}"));
    // Set up mock objects for a search against some-other-test-realm.
    when(dnMapper.orgNameToDN(REALM2)).thenReturn(REALM_DN2);
    when(privilegedAction.run()).thenReturn(ssoToken);
    when(serviceManagementDAO.checkIfEntryExists(SERVICE_DN2, ssoToken)).thenReturn(true);
    when(serviceManagementDAO.search(ssoToken, SERVICE_DN2, FILTER, 0, 0, false, false, excludes)).thenReturn(pathIndexes.iterator());
    // Execute the actual search for www.test.com url.
    results = treeService.searchTree("http://www.example.com/home", REALM2);
    // Verify the results - additional search carried out for new realm.
    verify(dnMapper).orgNameToDN(REALM2);
    verify(privilegedAction, times(2)).run();
    verify(serviceManagementDAO).checkIfEntryExists(SERVICE_DN2, ssoToken);
    verify(serviceManagementDAO).search(ssoToken, SERVICE_DN2, FILTER, 0, 0, false, false, excludes);
    expectedResults = new HashSet<String>();
    expectedResults.add("http://www.example.com/*");
    assertEquals(expectedResults, results);
    // Execute the actual search for www.example.com url.
    results = treeService.searchTree("http://www.example.com/home", REALM2);
    // Verify the results - cached tree is now used as opposed to carrying out another search.
    verifyNoMoreInteractions(dnMapper, privilegedAction, serviceManagementDAO);
    assertEquals(expectedResults, results);
}

Example 9 with SMSDataEntry

use of com.sun.identity.sm.SMSDataEntry in project OpenAM by OpenRock.

the class IndexTreeServiceImplTest method treeSearchSingleRealm.

/**
     * Carries out two searches for the same realm. Demonstrates that DAO search is only
     * invoked once, after which the results are cached within the tree structure.
     */
@Test
public void treeSearchSingleRealm() throws Exception {
    // Path indexes to return from the DAO search.
    List<SMSDataEntry> pathIndexes = new ArrayList<SMSDataEntry>();
    pathIndexes.add(new SMSDataEntry("{dn:somedn,attributeValues:{pathindex:[\"http://www.test.com\"]}}"));
    pathIndexes.add(new SMSDataEntry("{dn:somedn,attributeValues:{pathindex:[\"http://*.test.com\"]}}"));
    pathIndexes.add(new SMSDataEntry("{dn:somedn,attributeValues:{pathindex:[\"http://www.example.com/*\"]}}"));
    pathIndexes.add(new SMSDataEntry("{dn:somedn,attributeValues:{pathindex:[\"*\"]}}"));
    // Set up mock objects for a single search.
    when(dnMapper.orgNameToDN(REALM)).thenReturn(REALM_DN);
    when(privilegedAction.run()).thenReturn(ssoToken);
    when(serviceManagementDAO.checkIfEntryExists(SERVICE_DN, ssoToken)).thenReturn(true);
    when(serviceManagementDAO.search(ssoToken, SERVICE_DN, FILTER, 0, 0, false, false, excludes)).thenReturn(pathIndexes.iterator());
    // Execute the actual search for www.test.com url.
    Set<String> results = treeService.searchTree("http://www.test.com", REALM);
    // Verify the results.
    verify(dnMapper).orgNameToDN(REALM);
    verify(privilegedAction).run();
    verify(serviceManagementDAO).checkIfEntryExists(SERVICE_DN, ssoToken);
    verify(serviceManagementDAO).search(ssoToken, SERVICE_DN, FILTER, 0, 0, false, false, excludes);
    Set<String> expectedResults = new HashSet<String>();
    expectedResults.add("http://www.test.com");
    expectedResults.add("http://*.test.com");
    expectedResults.add("*");
    assertEquals(expectedResults, results);
    // Execute the actual search for www.example.com url.
    results = treeService.searchTree("http://www.example.com/home", REALM);
    // Verify the results.
    verifyNoMoreInteractions(dnMapper, privilegedAction, serviceManagementDAO);
    expectedResults = new HashSet<String>();
    expectedResults.add("http://www.example.com/*");
    expectedResults.add("*");
    assertEquals(expectedResults, results);
}

Example 10 with SMSDataEntry

use of com.sun.identity.sm.SMSDataEntry in project OpenAM by OpenRock.

the class SMSJAXRPCObjectImpl method search3.

/**
     * Searches the data store for objects that match the filter with an exclude set
     */
public Set search3(String tokenID, String startDN, String filter, int numOfEntries, int timeLimit, boolean sortResults, boolean ascendingOrder, Set excludes) throws SMSException, SSOException, RemoteException {
    initialize();
    if (debug.messageEnabled()) {
        debug.message("SMSJAXRPCObjectImpl::search dn: " + startDN + " filter: " + filter + " excludes: " + excludes);
    }
    Iterator i = SMSEntry.search(getToken(tokenID), startDN, filter, numOfEntries, timeLimit, sortResults, ascendingOrder, excludes);
    Set<String> result = new HashSet<String>();
    while (i.hasNext()) {
        SMSDataEntry e = (SMSDataEntry) i.next();
        try {
            result.add(e.toJSONString());
        } catch (JSONException ex) {
            debug.error("SMSJAXRPCObjectImpl::problem performing search dn: " + startDN + " filter: " + filter + " excludes: " + excludes, ex);
        }
    }
    return result;
}