Search in sources :

Example 1 with EntitlementException

use of org.wso2.carbon.identity.entitlement.EntitlementException in project carbon-identity-framework by wso2.

the class CarbonResourceFinder method findChildResources.

@Override
public ResourceFinderResult findChildResources(AttributeValue parentResourceId, EvaluationCtx context) {
    ResourceFinderResult resourceFinderResult = null;
    Set<AttributeValue> resources = null;
    String dataType = parentResourceId.getType().toString();
    for (PIPResourceFinder finder : resourceFinders) {
        try {
            Set<String> resourceNames = null;
            if (isResourceCachingEnabled && !finder.overrideDefaultCache()) {
                IdentityCacheKey cacheKey = null;
                String key = PDPConstants.RESOURCE_CHILDREN + parentResourceId.encode() + domToString(context.getRequestRoot());
                cacheKey = new IdentityCacheKey(tenantId, key);
                IdentityCacheEntry cacheEntry = (IdentityCacheEntry) resourceCache.getValueFromCache(cacheKey);
                if (cacheEntry != null) {
                    String cacheEntryString = cacheEntry.getCacheEntry();
                    String[] attributes = cacheEntryString.split(PDPConstants.ATTRIBUTE_SEPARATOR);
                    if (attributes != null && attributes.length > 0) {
                        List<String> list = Arrays.asList(attributes);
                        resourceNames = new HashSet<String>(list);
                    }
                    if (log.isDebugEnabled()) {
                        log.debug("Carbon Resource Cache Hit");
                    }
                } else {
                    resourceNames = finder.findChildResources(parentResourceId.encode(), context);
                    if (log.isDebugEnabled()) {
                        log.debug("Carbon Resource Cache Miss");
                    }
                    String cacheEntryString = "";
                    if (resourceNames != null && resourceNames.size() > 0) {
                        for (String attribute : resourceNames) {
                            if (cacheEntryString.equals("")) {
                                cacheEntryString = attribute;
                            } else {
                                cacheEntryString = cacheEntryString + PDPConstants.ATTRIBUTE_SEPARATOR + attribute;
                            }
                        }
                    }
                    cacheEntry = new IdentityCacheEntry(cacheEntryString);
                    resourceCache.addToCache(cacheKey, cacheEntry);
                }
            } else {
                resourceNames = finder.findChildResources(parentResourceId.encode(), context);
            }
            if (resourceNames != null && !resourceNames.isEmpty()) {
                resources = new HashSet<AttributeValue>();
                for (String resourceName : resourceNames) {
                    resources.add(EntitlementUtil.getAttributeValue(resourceName, dataType));
                }
            }
        } catch (EntitlementException e) {
            log.error("Error while finding child resources", e);
        } catch (TransformerException e) {
            log.error("Error while finding child resources", e);
        } catch (Exception e) {
            log.error("Error while finding child resources", e);
        }
    }
    if (resources != null) {
        resourceFinderResult = new ResourceFinderResult(resources);
    } else {
        resourceFinderResult = new ResourceFinderResult();
    }
    return resourceFinderResult;
}
Also used : AttributeValue(org.wso2.balana.attr.AttributeValue) TransformerException(javax.xml.transform.TransformerException) EntitlementException(org.wso2.carbon.identity.entitlement.EntitlementException) IdentityCacheKey(org.wso2.carbon.identity.entitlement.cache.IdentityCacheKey) EntitlementException(org.wso2.carbon.identity.entitlement.EntitlementException) IdentityCacheEntry(org.wso2.carbon.identity.entitlement.cache.IdentityCacheEntry) ResourceFinderResult(org.wso2.balana.finder.ResourceFinderResult) TransformerException(javax.xml.transform.TransformerException)

Example 2 with EntitlementException

use of org.wso2.carbon.identity.entitlement.EntitlementException in project carbon-identity-framework by wso2.

the class CarbonResourceFinder method findDescendantResources.

@Override
public ResourceFinderResult findDescendantResources(AttributeValue parentResourceId, EvaluationCtx context) {
    ResourceFinderResult resourceFinderResult = null;
    Set<AttributeValue> resources = null;
    String dataType = parentResourceId.getType().toString();
    for (PIPResourceFinder finder : resourceFinders) {
        try {
            Set<String> resourceNames = null;
            if (isResourceCachingEnabled && !finder.overrideDefaultCache()) {
                IdentityCacheKey cacheKey = null;
                String key = PDPConstants.RESOURCE_DESCENDANTS + parentResourceId.encode() + domToString(context.getRequestRoot());
                cacheKey = new IdentityCacheKey(tenantId, key);
                IdentityCacheEntry cacheEntry = (IdentityCacheEntry) resourceCache.getValueFromCache(cacheKey);
                if (cacheEntry != null) {
                    String[] values = cacheEntry.getCacheEntryArray();
                    resourceNames = new HashSet<String>(Arrays.asList(values));
                    if (log.isDebugEnabled()) {
                        log.debug("Carbon Resource Cache Hit");
                    }
                }
                if (resourceNames != null) {
                    resourceNames = finder.findDescendantResources(parentResourceId.encode(), context);
                    if (log.isDebugEnabled()) {
                        log.debug("Carbon Resource Cache Miss");
                    }
                    cacheEntry = new IdentityCacheEntry(resourceNames.toArray(new String[resourceNames.size()]));
                    resourceCache.addToCache(cacheKey, cacheEntry);
                }
            } else {
                resourceNames = finder.findDescendantResources(parentResourceId.encode(), context);
            }
            if (resourceNames != null && !resourceNames.isEmpty()) {
                resources = new HashSet<AttributeValue>();
                for (String resourceName : resourceNames) {
                    resources.add(EntitlementUtil.getAttributeValue(resourceName, dataType));
                }
            }
        } catch (EntitlementException e) {
            log.error("Error while finding descendant resources", e);
        } catch (TransformerException e) {
            log.error("Error while finding descendant resources", e);
        } catch (Exception e) {
            log.error("Error while finding descendant resources", e);
        }
    }
    if (resources != null) {
        resourceFinderResult = new ResourceFinderResult(resources);
    } else {
        resourceFinderResult = new ResourceFinderResult();
    }
    return resourceFinderResult;
}
Also used : AttributeValue(org.wso2.balana.attr.AttributeValue) TransformerException(javax.xml.transform.TransformerException) EntitlementException(org.wso2.carbon.identity.entitlement.EntitlementException) IdentityCacheKey(org.wso2.carbon.identity.entitlement.cache.IdentityCacheKey) EntitlementException(org.wso2.carbon.identity.entitlement.EntitlementException) IdentityCacheEntry(org.wso2.carbon.identity.entitlement.cache.IdentityCacheEntry) ResourceFinderResult(org.wso2.balana.finder.ResourceFinderResult) TransformerException(javax.xml.transform.TransformerException)

Example 3 with EntitlementException

use of org.wso2.carbon.identity.entitlement.EntitlementException in project carbon-identity-framework by wso2.

the class PAPPolicyStore method addOrUpdatePolicy.

/**
 * @param policy
 * @throws EntitlementException
 */
public void addOrUpdatePolicy(PolicyDTO policy, String policyId, String policyPath) throws EntitlementException {
    String path = null;
    Resource resource = null;
    boolean newPolicy = false;
    OMElement omElement = null;
    if (log.isDebugEnabled()) {
        log.debug("Creating or updating entitlement policy");
    }
    if (policy == null || policyId == null) {
        log.error("Error while creating or updating entitlement policy: " + "Policy DTO or Policy Id can not be null");
        throw new EntitlementException("Invalid Entitlement Policy. Policy or policyId can not be Null");
    }
    try {
        path = policyPath + policyId;
        if (registry.resourceExists(path)) {
            resource = registry.get(path);
        } else {
            resource = registry.newResource();
        }
        Collection policyCollection;
        if (registry.resourceExists(policyPath)) {
            policyCollection = (Collection) registry.get(policyPath);
        } else {
            policyCollection = registry.newCollection();
        }
        if (policy.getPolicyOrder() > 0) {
            String noOfPolicies = policyCollection.getProperty(PDPConstants.MAX_POLICY_ORDER);
            if (noOfPolicies != null && Integer.parseInt(noOfPolicies) < policy.getPolicyOrder()) {
                policyCollection.setProperty(PDPConstants.MAX_POLICY_ORDER, Integer.toString(policy.getPolicyOrder()));
                registry.put(policyPath, policyCollection);
            }
            resource.setProperty(PDPConstants.POLICY_ORDER, Integer.toString(policy.getPolicyOrder()));
        } else {
            String previousOrder = resource.getProperty(PDPConstants.POLICY_ORDER);
            if (previousOrder == null) {
                if (policyCollection != null) {
                    int policyOrder = 1;
                    String noOfPolicies = policyCollection.getProperty(PDPConstants.MAX_POLICY_ORDER);
                    if (noOfPolicies != null) {
                        policyOrder = policyOrder + Integer.parseInt(noOfPolicies);
                    }
                    policyCollection.setProperty(PDPConstants.MAX_POLICY_ORDER, Integer.toString(policyOrder));
                    resource.setProperty(PDPConstants.POLICY_ORDER, Integer.toString(policyOrder));
                }
                registry.put(policyPath, policyCollection);
            }
        }
        if (StringUtils.isNotBlank(policy.getPolicy())) {
            resource.setContent(policy.getPolicy());
            newPolicy = true;
            PolicyAttributeBuilder policyAttributeBuilder = new PolicyAttributeBuilder(policy.getPolicy());
            Properties properties = policyAttributeBuilder.getPolicyMetaDataFromPolicy();
            Properties resourceProperties = new Properties();
            for (Object o : properties.keySet()) {
                String key = o.toString();
                resourceProperties.put(key, Collections.singletonList(properties.get(key)));
            }
            resource.setProperties(resourceProperties);
        }
        resource.setProperty(PDPConstants.ACTIVE_POLICY, Boolean.toString(policy.isActive()));
        resource.setProperty(PDPConstants.PROMOTED_POLICY, Boolean.toString(policy.isPromote()));
        if (policy.getVersion() != null) {
            resource.setProperty(PDPConstants.POLICY_VERSION, policy.getVersion());
        }
        resource.setProperty(PDPConstants.LAST_MODIFIED_TIME, Long.toString(System.currentTimeMillis()));
        resource.setProperty(PDPConstants.LAST_MODIFIED_USER, CarbonContext.getThreadLocalCarbonContext().getUsername());
        if (policy.getPolicyType() != null && policy.getPolicyType().trim().length() > 0) {
            resource.setProperty(PDPConstants.POLICY_TYPE, policy.getPolicyType());
        } else {
            try {
                if (newPolicy) {
                    omElement = AXIOMUtil.stringToOM(policy.getPolicy());
                    resource.setProperty(PDPConstants.POLICY_TYPE, omElement.getLocalName());
                }
            } catch (XMLStreamException e) {
                policy.setPolicyType(PDPConstants.POLICY_ELEMENT);
                log.warn("Policy Type can not be found. Default type is set");
            }
        }
        if (omElement != null) {
            Iterator iterator1 = omElement.getChildrenWithLocalName(PDPConstants.POLICY_REFERENCE);
            if (iterator1 != null) {
                String policyReferences = "";
                while (iterator1.hasNext()) {
                    OMElement policyReference = (OMElement) iterator1.next();
                    if (!"".equals(policyReferences)) {
                        policyReferences = policyReferences + PDPConstants.ATTRIBUTE_SEPARATOR + policyReference.getText();
                    } else {
                        policyReferences = policyReference.getText();
                    }
                }
                resource.setProperty(PDPConstants.POLICY_REFERENCE, policyReferences);
            }
            Iterator iterator2 = omElement.getChildrenWithLocalName(PDPConstants.POLICY_SET_REFERENCE);
            if (iterator2 != null) {
                String policySetReferences = "";
                while (iterator1.hasNext()) {
                    OMElement policySetReference = (OMElement) iterator2.next();
                    if (!"".equals(policySetReferences)) {
                        policySetReferences = policySetReferences + PDPConstants.ATTRIBUTE_SEPARATOR + policySetReference.getText();
                    } else {
                        policySetReferences = policySetReference.getText();
                    }
                }
                resource.setProperty(PDPConstants.POLICY_SET_REFERENCE, policySetReferences);
            }
        }
        // before writing basic policy editor meta data as properties,
        // delete any properties related to them
        String policyEditor = resource.getProperty(PDPConstants.POLICY_EDITOR_TYPE);
        if (newPolicy && policyEditor != null) {
            resource.removeProperty(PDPConstants.POLICY_EDITOR_TYPE);
        }
        // write policy meta data that is used for basic policy editor
        if (policy.getPolicyEditor() != null && policy.getPolicyEditor().trim().length() > 0) {
            resource.setProperty(PDPConstants.POLICY_EDITOR_TYPE, policy.getPolicyEditor().trim());
        }
        String[] policyMetaData = policy.getPolicyEditorData();
        if (policyMetaData != null && policyMetaData.length > 0) {
            String BasicPolicyEditorMetaDataAmount = resource.getProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA_AMOUNT);
            if (newPolicy && BasicPolicyEditorMetaDataAmount != null) {
                int amount = Integer.parseInt(BasicPolicyEditorMetaDataAmount);
                for (int i = 0; i < amount; i++) {
                    resource.removeProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA + i);
                }
                resource.removeProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA_AMOUNT);
            }
            int i = 0;
            for (String policyData : policyMetaData) {
                if (policyData != null && !"".equals(policyData)) {
                    resource.setProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA + i, policyData);
                }
                i++;
            }
            resource.setProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA_AMOUNT, Integer.toString(i));
        }
        registry.put(path, resource);
    } catch (RegistryException e) {
        log.error("Error while adding or updating entitlement policy " + policyId + " in policy store", e);
        throw new EntitlementException("Error while adding or updating entitlement policy in policy store");
    }
}
Also used : PolicyAttributeBuilder(org.wso2.carbon.identity.entitlement.policy.PolicyAttributeBuilder) Resource(org.wso2.carbon.registry.core.Resource) OMElement(org.apache.axiom.om.OMElement) Properties(java.util.Properties) RegistryException(org.wso2.carbon.registry.core.exceptions.RegistryException) EntitlementException(org.wso2.carbon.identity.entitlement.EntitlementException) XMLStreamException(javax.xml.stream.XMLStreamException) Iterator(java.util.Iterator) Collection(org.wso2.carbon.registry.core.Collection)

Example 4 with EntitlementException

use of org.wso2.carbon.identity.entitlement.EntitlementException in project carbon-identity-framework by wso2.

the class PAPPolicyStoreReader method readPolicyDTO.

/**
 * Reads PolicyDTO for given policy id
 *
 * @param policyId policy id
 * @return PolicyDTO
 * @throws EntitlementException throws, if fails
 */
public PolicyDTO readPolicyDTO(String policyId) throws EntitlementException {
    Resource resource = null;
    PolicyDTO dto = null;
    try {
        resource = store.getPolicy(policyId, PDPConstants.ENTITLEMENT_POLICY_PAP);
        if (resource == null) {
            log.error("Policy does not exist in the system with id " + policyId);
            throw new EntitlementException("Policy does not exist in the system with id " + policyId);
        }
        dto = new PolicyDTO();
        dto.setPolicyId(policyId);
        dto.setPolicy(new String((byte[]) resource.getContent(), Charset.forName("UTF-8")));
        dto.setActive(Boolean.parseBoolean(resource.getProperty(PDPConstants.ACTIVE_POLICY)));
        String policyOrder = resource.getProperty(PDPConstants.POLICY_ORDER);
        if (policyOrder != null) {
            dto.setPolicyOrder(Integer.parseInt(policyOrder));
        } else {
            dto.setPolicyOrder(0);
        }
        dto.setPolicyType(resource.getProperty(PDPConstants.POLICY_TYPE));
        String version = resource.getProperty(PDPConstants.POLICY_VERSION);
        if (version != null) {
            dto.setVersion(version);
        }
        String lastModifiedTime = resource.getProperty(PDPConstants.LAST_MODIFIED_TIME);
        if (lastModifiedTime != null) {
            dto.setLastModifiedTime(lastModifiedTime);
        }
        String lastModifiedUser = resource.getProperty(PDPConstants.LAST_MODIFIED_USER);
        if (lastModifiedUser != null) {
            dto.setLastModifiedUser(lastModifiedUser);
        }
        String policyReferences = resource.getProperty(PDPConstants.POLICY_REFERENCE);
        if (policyReferences != null && policyReferences.trim().length() > 0) {
            dto.setPolicyIdReferences(policyReferences.split(PDPConstants.ATTRIBUTE_SEPARATOR));
        }
        String policySetReferences = resource.getProperty(PDPConstants.POLICY_SET_REFERENCE);
        if (policySetReferences != null && policySetReferences.trim().length() > 0) {
            dto.setPolicySetIdReferences(policySetReferences.split(PDPConstants.ATTRIBUTE_SEPARATOR));
        }
        // read policy meta data that is used for basic policy editor
        dto.setPolicyEditor(resource.getProperty(PDPConstants.POLICY_EDITOR_TYPE));
        String basicPolicyEditorMetaDataAmount = resource.getProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA_AMOUNT);
        if (basicPolicyEditorMetaDataAmount != null) {
            int amount = Integer.parseInt(basicPolicyEditorMetaDataAmount);
            String[] basicPolicyEditorMetaData = new String[amount];
            for (int i = 0; i < amount; i++) {
                basicPolicyEditorMetaData[i] = resource.getProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA + i);
            }
            dto.setPolicyEditorData(basicPolicyEditorMetaData);
        }
        PolicyAttributeBuilder policyAttributeBuilder = new PolicyAttributeBuilder();
        dto.setAttributeDTOs(policyAttributeBuilder.getPolicyMetaDataFromRegistryProperties(resource.getProperties()));
        return dto;
    } catch (RegistryException e) {
        log.error("Error while loading entitlement policy " + policyId + " from PAP policy store", e);
        throw new EntitlementException("Error while loading entitlement policy " + policyId + " from PAP policy store");
    }
}
Also used : EntitlementException(org.wso2.carbon.identity.entitlement.EntitlementException) PolicyDTO(org.wso2.carbon.identity.entitlement.dto.PolicyDTO) PolicyAttributeBuilder(org.wso2.carbon.identity.entitlement.policy.PolicyAttributeBuilder) Resource(org.wso2.carbon.registry.core.Resource) RegistryException(org.wso2.carbon.registry.core.exceptions.RegistryException)

Example 5 with EntitlementException

use of org.wso2.carbon.identity.entitlement.EntitlementException in project carbon-identity-framework by wso2.

the class PAPPolicyStoreReader method readLightPolicyDTO.

/**
 * Reads Light Weight PolicyDTO for given policy id
 *
 * @param policyId policy id
 * @return PolicyDTO but don not contains XACML policy and attribute meta data
 * @throws EntitlementException throws, if fails
 */
public PolicyDTO readLightPolicyDTO(String policyId) throws EntitlementException {
    Resource resource = null;
    PolicyDTO dto = null;
    resource = store.getPolicy(policyId, PDPConstants.ENTITLEMENT_POLICY_PAP);
    if (resource == null) {
        return null;
    }
    dto = new PolicyDTO();
    dto.setPolicyId(policyId);
    String version = resource.getProperty(PDPConstants.POLICY_VERSION);
    if (version != null) {
        dto.setVersion(version);
    }
    String lastModifiedTime = resource.getProperty(PDPConstants.LAST_MODIFIED_TIME);
    if (lastModifiedTime != null) {
        dto.setLastModifiedTime(lastModifiedTime);
    }
    String lastModifiedUser = resource.getProperty(PDPConstants.LAST_MODIFIED_USER);
    if (lastModifiedUser != null) {
        dto.setLastModifiedUser(lastModifiedUser);
    }
    dto.setActive(Boolean.parseBoolean(resource.getProperty(PDPConstants.ACTIVE_POLICY)));
    String policyOrder = resource.getProperty(PDPConstants.POLICY_ORDER);
    if (policyOrder != null) {
        dto.setPolicyOrder(Integer.parseInt(policyOrder));
    } else {
        dto.setPolicyOrder(0);
    }
    dto.setPolicyType(resource.getProperty(PDPConstants.POLICY_TYPE));
    String policyReferences = resource.getProperty(PDPConstants.POLICY_REFERENCE);
    if (policyReferences != null && policyReferences.trim().length() > 0) {
        dto.setPolicyIdReferences(policyReferences.split(PDPConstants.ATTRIBUTE_SEPARATOR));
    }
    String policySetReferences = resource.getProperty(PDPConstants.POLICY_SET_REFERENCE);
    if (policySetReferences != null && policySetReferences.trim().length() > 0) {
        dto.setPolicySetIdReferences(policySetReferences.split(PDPConstants.ATTRIBUTE_SEPARATOR));
    }
    dto.setPolicyEditor(resource.getProperty(PDPConstants.POLICY_EDITOR_TYPE));
    return dto;
}
Also used : PolicyDTO(org.wso2.carbon.identity.entitlement.dto.PolicyDTO) Resource(org.wso2.carbon.registry.core.Resource)

Aggregations

EntitlementException (org.wso2.carbon.identity.entitlement.EntitlementException)42 RegistryException (org.wso2.carbon.registry.core.exceptions.RegistryException)23 ArrayList (java.util.ArrayList)19 PolicyDTO (org.wso2.carbon.identity.entitlement.dto.PolicyDTO)18 Resource (org.wso2.carbon.registry.core.Resource)18 Registry (org.wso2.carbon.registry.core.Registry)13 Collection (org.wso2.carbon.registry.core.Collection)12 Properties (java.util.Properties)11 AbstractPolicy (org.wso2.balana.AbstractPolicy)9 PolicyPublisher (org.wso2.carbon.identity.entitlement.policy.publisher.PolicyPublisher)9 PolicyStoreDTO (org.wso2.carbon.identity.entitlement.dto.PolicyStoreDTO)7 Map (java.util.Map)6 StatusHolder (org.wso2.carbon.identity.entitlement.dto.StatusHolder)6 PAPPolicyStoreManager (org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreManager)6 AttributeDTO (org.wso2.carbon.identity.entitlement.dto.AttributeDTO)5 PAPPolicyStore (org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStore)5 PolicyAttributeBuilder (org.wso2.carbon.identity.entitlement.policy.PolicyAttributeBuilder)5 PolicyVersionManager (org.wso2.carbon.identity.entitlement.policy.version.PolicyVersionManager)5 CertificateEncodingException (java.security.cert.CertificateEncodingException)4 SignatureException (org.opensaml.xmlsec.signature.support.SignatureException)4