Example 1 with EntitlementException
use of org.wso2.carbon.identity.entitlement.EntitlementException in project carbon-identity-framework by wso2.
the class CarbonResourceFinder method findChildResources.
@Override
public ResourceFinderResult findChildResources(AttributeValue parentResourceId, EvaluationCtx context) {
ResourceFinderResult resourceFinderResult = null;
Set<AttributeValue> resources = null;
String dataType = parentResourceId.getType().toString();
for (PIPResourceFinder finder : resourceFinders) {
try {
Set<String> resourceNames = null;
if (isResourceCachingEnabled && !finder.overrideDefaultCache()) {
IdentityCacheKey cacheKey = null;
String key = PDPConstants.RESOURCE_CHILDREN + parentResourceId.encode() + domToString(context.getRequestRoot());
cacheKey = new IdentityCacheKey(tenantId, key);
IdentityCacheEntry cacheEntry = (IdentityCacheEntry) resourceCache.getValueFromCache(cacheKey);
if (cacheEntry != null) {
String cacheEntryString = cacheEntry.getCacheEntry();
String[] attributes = cacheEntryString.split(PDPConstants.ATTRIBUTE_SEPARATOR);
if (attributes != null && attributes.length > 0) {
List<String> list = Arrays.asList(attributes);
resourceNames = new HashSet<String>(list);
}
if (log.isDebugEnabled()) {
log.debug("Carbon Resource Cache Hit");
}
} else {
resourceNames = finder.findChildResources(parentResourceId.encode(), context);
if (log.isDebugEnabled()) {
log.debug("Carbon Resource Cache Miss");
}
String cacheEntryString = "";
if (resourceNames != null && resourceNames.size() > 0) {
for (String attribute : resourceNames) {
if (cacheEntryString.equals("")) {
cacheEntryString = attribute;
} else {
cacheEntryString = cacheEntryString + PDPConstants.ATTRIBUTE_SEPARATOR + attribute;
}
}
}
cacheEntry = new IdentityCacheEntry(cacheEntryString);
resourceCache.addToCache(cacheKey, cacheEntry);
}
} else {
resourceNames = finder.findChildResources(parentResourceId.encode(), context);
}
if (resourceNames != null && !resourceNames.isEmpty()) {
resources = new HashSet<AttributeValue>();
for (String resourceName : resourceNames) {
resources.add(EntitlementUtil.getAttributeValue(resourceName, dataType));
}
}
} catch (EntitlementException e) {
log.error("Error while finding child resources", e);
} catch (TransformerException e) {
log.error("Error while finding child resources", e);
} catch (Exception e) {
log.error("Error while finding child resources", e);
}
}
if (resources != null) {
resourceFinderResult = new ResourceFinderResult(resources);
} else {
resourceFinderResult = new ResourceFinderResult();
}
return resourceFinderResult;
}
Also used :
AttributeValue(org.wso2.balana.attr.AttributeValue)
TransformerException(javax.xml.transform.TransformerException)
EntitlementException(org.wso2.carbon.identity.entitlement.EntitlementException)
IdentityCacheKey(org.wso2.carbon.identity.entitlement.cache.IdentityCacheKey)
EntitlementException(org.wso2.carbon.identity.entitlement.EntitlementException)
IdentityCacheEntry(org.wso2.carbon.identity.entitlement.cache.IdentityCacheEntry)
ResourceFinderResult(org.wso2.balana.finder.ResourceFinderResult)
TransformerException(javax.xml.transform.TransformerException)
Example 2 with EntitlementException
use of org.wso2.carbon.identity.entitlement.EntitlementException in project carbon-identity-framework by wso2.
the class CarbonResourceFinder method findDescendantResources.
@Override
public ResourceFinderResult findDescendantResources(AttributeValue parentResourceId, EvaluationCtx context) {
ResourceFinderResult resourceFinderResult = null;
Set<AttributeValue> resources = null;
String dataType = parentResourceId.getType().toString();
for (PIPResourceFinder finder : resourceFinders) {
try {
Set<String> resourceNames = null;
if (isResourceCachingEnabled && !finder.overrideDefaultCache()) {
IdentityCacheKey cacheKey = null;
String key = PDPConstants.RESOURCE_DESCENDANTS + parentResourceId.encode() + domToString(context.getRequestRoot());
cacheKey = new IdentityCacheKey(tenantId, key);
IdentityCacheEntry cacheEntry = (IdentityCacheEntry) resourceCache.getValueFromCache(cacheKey);
if (cacheEntry != null) {
String[] values = cacheEntry.getCacheEntryArray();
resourceNames = new HashSet<String>(Arrays.asList(values));
if (log.isDebugEnabled()) {
log.debug("Carbon Resource Cache Hit");
}
}
if (resourceNames != null) {
resourceNames = finder.findDescendantResources(parentResourceId.encode(), context);
if (log.isDebugEnabled()) {
log.debug("Carbon Resource Cache Miss");
}
cacheEntry = new IdentityCacheEntry(resourceNames.toArray(new String[resourceNames.size()]));
resourceCache.addToCache(cacheKey, cacheEntry);
}
} else {
resourceNames = finder.findDescendantResources(parentResourceId.encode(), context);
}
if (resourceNames != null && !resourceNames.isEmpty()) {
resources = new HashSet<AttributeValue>();
for (String resourceName : resourceNames) {
resources.add(EntitlementUtil.getAttributeValue(resourceName, dataType));
}
}
} catch (EntitlementException e) {
log.error("Error while finding descendant resources", e);
} catch (TransformerException e) {
log.error("Error while finding descendant resources", e);
} catch (Exception e) {
log.error("Error while finding descendant resources", e);
}
}
if (resources != null) {
resourceFinderResult = new ResourceFinderResult(resources);
} else {
resourceFinderResult = new ResourceFinderResult();
}
return resourceFinderResult;
}
Also used :
AttributeValue(org.wso2.balana.attr.AttributeValue)
TransformerException(javax.xml.transform.TransformerException)
EntitlementException(org.wso2.carbon.identity.entitlement.EntitlementException)
IdentityCacheKey(org.wso2.carbon.identity.entitlement.cache.IdentityCacheKey)
EntitlementException(org.wso2.carbon.identity.entitlement.EntitlementException)
IdentityCacheEntry(org.wso2.carbon.identity.entitlement.cache.IdentityCacheEntry)
ResourceFinderResult(org.wso2.balana.finder.ResourceFinderResult)
TransformerException(javax.xml.transform.TransformerException)
Example 3 with EntitlementException
use of org.wso2.carbon.identity.entitlement.EntitlementException in project carbon-identity-framework by wso2.
the class PAPPolicyStore method addOrUpdatePolicy.
/**
* @param policy
* @throws EntitlementException
*/
public void addOrUpdatePolicy(PolicyDTO policy, String policyId, String policyPath) throws EntitlementException {
String path = null;
Resource resource = null;
boolean newPolicy = false;
OMElement omElement = null;
if (log.isDebugEnabled()) {
log.debug("Creating or updating entitlement policy");
}
if (policy == null || policyId == null) {
log.error("Error while creating or updating entitlement policy: " + "Policy DTO or Policy Id can not be null");
throw new EntitlementException("Invalid Entitlement Policy. Policy or policyId can not be Null");
}
try {
path = policyPath + policyId;
if (registry.resourceExists(path)) {
resource = registry.get(path);
} else {
resource = registry.newResource();
}
Collection policyCollection;
if (registry.resourceExists(policyPath)) {
policyCollection = (Collection) registry.get(policyPath);
} else {
policyCollection = registry.newCollection();
}
if (policy.getPolicyOrder() > 0) {
String noOfPolicies = policyCollection.getProperty(PDPConstants.MAX_POLICY_ORDER);
if (noOfPolicies != null && Integer.parseInt(noOfPolicies) < policy.getPolicyOrder()) {
policyCollection.setProperty(PDPConstants.MAX_POLICY_ORDER, Integer.toString(policy.getPolicyOrder()));
registry.put(policyPath, policyCollection);
}
resource.setProperty(PDPConstants.POLICY_ORDER, Integer.toString(policy.getPolicyOrder()));
} else {
String previousOrder = resource.getProperty(PDPConstants.POLICY_ORDER);
if (previousOrder == null) {
if (policyCollection != null) {
int policyOrder = 1;
String noOfPolicies = policyCollection.getProperty(PDPConstants.MAX_POLICY_ORDER);
if (noOfPolicies != null) {
policyOrder = policyOrder + Integer.parseInt(noOfPolicies);
}
policyCollection.setProperty(PDPConstants.MAX_POLICY_ORDER, Integer.toString(policyOrder));
resource.setProperty(PDPConstants.POLICY_ORDER, Integer.toString(policyOrder));
}
registry.put(policyPath, policyCollection);
}
}
if (StringUtils.isNotBlank(policy.getPolicy())) {
resource.setContent(policy.getPolicy());
newPolicy = true;
PolicyAttributeBuilder policyAttributeBuilder = new PolicyAttributeBuilder(policy.getPolicy());
Properties properties = policyAttributeBuilder.getPolicyMetaDataFromPolicy();
Properties resourceProperties = new Properties();
for (Object o : properties.keySet()) {
String key = o.toString();
resourceProperties.put(key, Collections.singletonList(properties.get(key)));
}
resource.setProperties(resourceProperties);
}
resource.setProperty(PDPConstants.ACTIVE_POLICY, Boolean.toString(policy.isActive()));
resource.setProperty(PDPConstants.PROMOTED_POLICY, Boolean.toString(policy.isPromote()));
if (policy.getVersion() != null) {
resource.setProperty(PDPConstants.POLICY_VERSION, policy.getVersion());
}
resource.setProperty(PDPConstants.LAST_MODIFIED_TIME, Long.toString(System.currentTimeMillis()));
resource.setProperty(PDPConstants.LAST_MODIFIED_USER, CarbonContext.getThreadLocalCarbonContext().getUsername());
if (policy.getPolicyType() != null && policy.getPolicyType().trim().length() > 0) {
resource.setProperty(PDPConstants.POLICY_TYPE, policy.getPolicyType());
} else {
try {
if (newPolicy) {
omElement = AXIOMUtil.stringToOM(policy.getPolicy());
resource.setProperty(PDPConstants.POLICY_TYPE, omElement.getLocalName());
}
} catch (XMLStreamException e) {
policy.setPolicyType(PDPConstants.POLICY_ELEMENT);
log.warn("Policy Type can not be found. Default type is set");
}
}
if (omElement != null) {
Iterator iterator1 = omElement.getChildrenWithLocalName(PDPConstants.POLICY_REFERENCE);
if (iterator1 != null) {
String policyReferences = "";
while (iterator1.hasNext()) {
OMElement policyReference = (OMElement) iterator1.next();
if (!"".equals(policyReferences)) {
policyReferences = policyReferences + PDPConstants.ATTRIBUTE_SEPARATOR + policyReference.getText();
} else {
policyReferences = policyReference.getText();
}
}
resource.setProperty(PDPConstants.POLICY_REFERENCE, policyReferences);
}
Iterator iterator2 = omElement.getChildrenWithLocalName(PDPConstants.POLICY_SET_REFERENCE);
if (iterator2 != null) {
String policySetReferences = "";
while (iterator1.hasNext()) {
OMElement policySetReference = (OMElement) iterator2.next();
if (!"".equals(policySetReferences)) {
policySetReferences = policySetReferences + PDPConstants.ATTRIBUTE_SEPARATOR + policySetReference.getText();
} else {
policySetReferences = policySetReference.getText();
}
}
resource.setProperty(PDPConstants.POLICY_SET_REFERENCE, policySetReferences);
}
}
// before writing basic policy editor meta data as properties,
// delete any properties related to them
String policyEditor = resource.getProperty(PDPConstants.POLICY_EDITOR_TYPE);
if (newPolicy && policyEditor != null) {
resource.removeProperty(PDPConstants.POLICY_EDITOR_TYPE);
}
// write policy meta data that is used for basic policy editor
if (policy.getPolicyEditor() != null && policy.getPolicyEditor().trim().length() > 0) {
resource.setProperty(PDPConstants.POLICY_EDITOR_TYPE, policy.getPolicyEditor().trim());
}
String[] policyMetaData = policy.getPolicyEditorData();
if (policyMetaData != null && policyMetaData.length > 0) {
String BasicPolicyEditorMetaDataAmount = resource.getProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA_AMOUNT);
if (newPolicy && BasicPolicyEditorMetaDataAmount != null) {
int amount = Integer.parseInt(BasicPolicyEditorMetaDataAmount);
for (int i = 0; i < amount; i++) {
resource.removeProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA + i);
}
resource.removeProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA_AMOUNT);
}
int i = 0;
for (String policyData : policyMetaData) {
if (policyData != null && !"".equals(policyData)) {
resource.setProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA + i, policyData);
}
i++;
}
resource.setProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA_AMOUNT, Integer.toString(i));
}
registry.put(path, resource);
} catch (RegistryException e) {
log.error("Error while adding or updating entitlement policy " + policyId + " in policy store", e);
throw new EntitlementException("Error while adding or updating entitlement policy in policy store");
}
}
Also used :
PolicyAttributeBuilder(org.wso2.carbon.identity.entitlement.policy.PolicyAttributeBuilder)
Resource(org.wso2.carbon.registry.core.Resource)
OMElement(org.apache.axiom.om.OMElement)
Properties(java.util.Properties)
RegistryException(org.wso2.carbon.registry.core.exceptions.RegistryException)
EntitlementException(org.wso2.carbon.identity.entitlement.EntitlementException)
XMLStreamException(javax.xml.stream.XMLStreamException)
Iterator(java.util.Iterator)
Collection(org.wso2.carbon.registry.core.Collection)
Example 4 with EntitlementException
use of org.wso2.carbon.identity.entitlement.EntitlementException in project carbon-identity-framework by wso2.
the class PAPPolicyStoreReader method readPolicyDTO.
/**
* Reads PolicyDTO for given policy id
*
* @param policyId policy id
* @return PolicyDTO
* @throws EntitlementException throws, if fails
*/
public PolicyDTO readPolicyDTO(String policyId) throws EntitlementException {
Resource resource = null;
PolicyDTO dto = null;
try {
resource = store.getPolicy(policyId, PDPConstants.ENTITLEMENT_POLICY_PAP);
if (resource == null) {
log.error("Policy does not exist in the system with id " + policyId);
throw new EntitlementException("Policy does not exist in the system with id " + policyId);
}
dto = new PolicyDTO();
dto.setPolicyId(policyId);
dto.setPolicy(new String((byte[]) resource.getContent(), Charset.forName("UTF-8")));
dto.setActive(Boolean.parseBoolean(resource.getProperty(PDPConstants.ACTIVE_POLICY)));
String policyOrder = resource.getProperty(PDPConstants.POLICY_ORDER);
if (policyOrder != null) {
dto.setPolicyOrder(Integer.parseInt(policyOrder));
} else {
dto.setPolicyOrder(0);
}
dto.setPolicyType(resource.getProperty(PDPConstants.POLICY_TYPE));
String version = resource.getProperty(PDPConstants.POLICY_VERSION);
if (version != null) {
dto.setVersion(version);
}
String lastModifiedTime = resource.getProperty(PDPConstants.LAST_MODIFIED_TIME);
if (lastModifiedTime != null) {
dto.setLastModifiedTime(lastModifiedTime);
}
String lastModifiedUser = resource.getProperty(PDPConstants.LAST_MODIFIED_USER);
if (lastModifiedUser != null) {
dto.setLastModifiedUser(lastModifiedUser);
}
String policyReferences = resource.getProperty(PDPConstants.POLICY_REFERENCE);
if (policyReferences != null && policyReferences.trim().length() > 0) {
dto.setPolicyIdReferences(policyReferences.split(PDPConstants.ATTRIBUTE_SEPARATOR));
}
String policySetReferences = resource.getProperty(PDPConstants.POLICY_SET_REFERENCE);
if (policySetReferences != null && policySetReferences.trim().length() > 0) {
dto.setPolicySetIdReferences(policySetReferences.split(PDPConstants.ATTRIBUTE_SEPARATOR));
}
// read policy meta data that is used for basic policy editor
dto.setPolicyEditor(resource.getProperty(PDPConstants.POLICY_EDITOR_TYPE));
String basicPolicyEditorMetaDataAmount = resource.getProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA_AMOUNT);
if (basicPolicyEditorMetaDataAmount != null) {
int amount = Integer.parseInt(basicPolicyEditorMetaDataAmount);
String[] basicPolicyEditorMetaData = new String[amount];
for (int i = 0; i < amount; i++) {
basicPolicyEditorMetaData[i] = resource.getProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA + i);
}
dto.setPolicyEditorData(basicPolicyEditorMetaData);
}
PolicyAttributeBuilder policyAttributeBuilder = new PolicyAttributeBuilder();
dto.setAttributeDTOs(policyAttributeBuilder.getPolicyMetaDataFromRegistryProperties(resource.getProperties()));
return dto;
} catch (RegistryException e) {
log.error("Error while loading entitlement policy " + policyId + " from PAP policy store", e);
throw new EntitlementException("Error while loading entitlement policy " + policyId + " from PAP policy store");
}
}
Also used :
EntitlementException(org.wso2.carbon.identity.entitlement.EntitlementException)
PolicyDTO(org.wso2.carbon.identity.entitlement.dto.PolicyDTO)
PolicyAttributeBuilder(org.wso2.carbon.identity.entitlement.policy.PolicyAttributeBuilder)
Resource(org.wso2.carbon.registry.core.Resource)
RegistryException(org.wso2.carbon.registry.core.exceptions.RegistryException)
Example 5 with EntitlementException
use of org.wso2.carbon.identity.entitlement.EntitlementException in project carbon-identity-framework by wso2.
the class PAPPolicyStoreReader method readLightPolicyDTO.
/**
* Reads Light Weight PolicyDTO for given policy id
*
* @param policyId policy id
* @return PolicyDTO but don not contains XACML policy and attribute meta data
* @throws EntitlementException throws, if fails
*/
public PolicyDTO readLightPolicyDTO(String policyId) throws EntitlementException {
Resource resource = null;
PolicyDTO dto = null;
resource = store.getPolicy(policyId, PDPConstants.ENTITLEMENT_POLICY_PAP);
if (resource == null) {
return null;
}
dto = new PolicyDTO();
dto.setPolicyId(policyId);
String version = resource.getProperty(PDPConstants.POLICY_VERSION);
if (version != null) {
dto.setVersion(version);
}
String lastModifiedTime = resource.getProperty(PDPConstants.LAST_MODIFIED_TIME);
if (lastModifiedTime != null) {
dto.setLastModifiedTime(lastModifiedTime);
}
String lastModifiedUser = resource.getProperty(PDPConstants.LAST_MODIFIED_USER);
if (lastModifiedUser != null) {
dto.setLastModifiedUser(lastModifiedUser);
}
dto.setActive(Boolean.parseBoolean(resource.getProperty(PDPConstants.ACTIVE_POLICY)));
String policyOrder = resource.getProperty(PDPConstants.POLICY_ORDER);
if (policyOrder != null) {
dto.setPolicyOrder(Integer.parseInt(policyOrder));
} else {
dto.setPolicyOrder(0);
}
dto.setPolicyType(resource.getProperty(PDPConstants.POLICY_TYPE));
String policyReferences = resource.getProperty(PDPConstants.POLICY_REFERENCE);
if (policyReferences != null && policyReferences.trim().length() > 0) {
dto.setPolicyIdReferences(policyReferences.split(PDPConstants.ATTRIBUTE_SEPARATOR));
}
String policySetReferences = resource.getProperty(PDPConstants.POLICY_SET_REFERENCE);
if (policySetReferences != null && policySetReferences.trim().length() > 0) {
dto.setPolicySetIdReferences(policySetReferences.split(PDPConstants.ATTRIBUTE_SEPARATOR));
}
dto.setPolicyEditor(resource.getProperty(PDPConstants.POLICY_EDITOR_TYPE));
return dto;
}Aggregations
EntitlementException (org.wso2.carbon.identity.entitlement.EntitlementException)42
RegistryException (org.wso2.carbon.registry.core.exceptions.RegistryException)23
ArrayList (java.util.ArrayList)19
PolicyDTO (org.wso2.carbon.identity.entitlement.dto.PolicyDTO)18
Resource (org.wso2.carbon.registry.core.Resource)18
Registry (org.wso2.carbon.registry.core.Registry)13
Collection (org.wso2.carbon.registry.core.Collection)12
Properties (java.util.Properties)11
AbstractPolicy (org.wso2.balana.AbstractPolicy)9
PolicyPublisher (org.wso2.carbon.identity.entitlement.policy.publisher.PolicyPublisher)9
PolicyStoreDTO (org.wso2.carbon.identity.entitlement.dto.PolicyStoreDTO)7
Map (java.util.Map)6
StatusHolder (org.wso2.carbon.identity.entitlement.dto.StatusHolder)6
PAPPolicyStoreManager (org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreManager)6
AttributeDTO (org.wso2.carbon.identity.entitlement.dto.AttributeDTO)5
PAPPolicyStore (org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStore)5
PolicyAttributeBuilder (org.wso2.carbon.identity.entitlement.policy.PolicyAttributeBuilder)5
PolicyVersionManager (org.wso2.carbon.identity.entitlement.policy.version.PolicyVersionManager)5
CertificateEncodingException (java.security.cert.CertificateEncodingException)4
SignatureException (org.opensaml.xmlsec.signature.support.SignatureException)4
