Example 16 with AttributeDTO
use of org.wso2.carbon.identity.entitlement.dto.AttributeDTO in project carbon-identity-framework by wso2.
the class PolicySearch method getEntitledAttributes.
/**
* This returns resource name as the list of the entitled attributes for given
* user or role and action, after evaluating the all the active policies in the PDP
*
* @param subjectName subject name
* @param resourceName resource name
* @param subjectId subject attribute Id
* @param action Action Name
* @param enableChildSearch whether search is done for the child resources under the given resource name
* @return entitled resource id set
* @throws EntitlementException throws
*/
public EntitledResultSetDTO getEntitledAttributes(String subjectName, String resourceName, String subjectId, String action, boolean enableChildSearch) throws EntitlementException {
String cacheKey = "";
if (cachingEnable) {
cacheKey = (subjectId != null ? subjectId : "") + (subjectName != null ? subjectName : "") + (resourceName != null ? resourceName : "") + (action != null ? action : "") + enableChildSearch;
SearchResult searchResult = policySearchCache.getFromCache(cacheKey);
if (searchResult != null) {
return searchResult.getResultSetDTO();
}
}
AttributeDTO subjectAttributeDTO;
boolean hierarchicalResource = false;
EntitledResultSetDTO resultSetDTO = new EntitledResultSetDTO();
Set<EntitledAttributesDTO> resultSet = new HashSet<EntitledAttributesDTO>();
if (subjectName != null && subjectName.trim().length() > 0) {
subjectAttributeDTO = new AttributeDTO();
subjectAttributeDTO.setCategory(PDPConstants.SUBJECT_CATEGORY_URI);
subjectAttributeDTO.setAttributeValue(subjectName);
subjectAttributeDTO.setAttributeDataType(PDPConstants.STRING_DATA_TYPE);
if (subjectId != null && subjectId.trim().length() > 0) {
subjectAttributeDTO.setAttributeId(subjectId);
} else {
subjectAttributeDTO.setAttributeId(PDPConstants.SUBJECT_ID_DEFAULT);
}
} else {
throw new EntitlementException("Error : subject value can not be null");
}
if (getResponse(Arrays.asList(subjectAttributeDTO))) {
EntitledAttributesDTO dto = new EntitledAttributesDTO();
dto.setAllActions(true);
dto.setAllResources(true);
EntitledResultSetDTO setDTO = new EntitledResultSetDTO();
setDTO.setEntitledAttributesDTOs(new EntitledAttributesDTO[] { dto });
return setDTO;
}
for (PolicyFinderModule module : finderModules) {
if (module.isDefaultCategoriesSupported() && PolicyFinderModule.COMBINATIONS_BY_CATEGORY_AND_PARAMETER == module.getSupportedSearchAttributesScheme()) {
Map<String, Set<AttributeDTO>> requestMap = module.getSearchAttributes(null, new HashSet<AttributeDTO>(Arrays.asList(subjectAttributeDTO)));
for (Map.Entry<String, Set<AttributeDTO>> entry : requestMap.entrySet()) {
Set<AttributeDTO> attributeDTOs = entry.getValue();
if (attributeDTOs != null) {
Set<AttributeDTO> actions = new HashSet<AttributeDTO>();
Set<AttributeDTO> resources = new HashSet<AttributeDTO>();
Set<AttributeDTO> requestAttributes = new HashSet<AttributeDTO>();
if (resourceName != null && resourceName.trim().length() > 0) {
AttributeDTO resourceAttribute = new AttributeDTO();
resourceAttribute.setAttributeValue(resourceName);
resourceAttribute.setAttributeDataType(PDPConstants.STRING_DATA_TYPE);
resourceAttribute.setAttributeId(PDPConstants.RESOURCE_ID_DEFAULT);
resourceAttribute.setCategory(PDPConstants.RESOURCE_CATEGORY_URI);
resources.add(resourceAttribute);
hierarchicalResource = true;
}
AttributeDTO resourceScopeAttribute = new AttributeDTO();
resourceScopeAttribute.setAttributeValue(PDPConstants.RESOURCE_DESCENDANTS);
resourceScopeAttribute.setAttributeDataType(PDPConstants.STRING_DATA_TYPE);
resourceScopeAttribute.setAttributeId(PDPConstants.RESOURCE_SCOPE_ID);
resourceScopeAttribute.setCategory(PDPConstants.RESOURCE_CATEGORY_URI);
for (AttributeDTO attributeDTO : attributeDTOs) {
if (PDPConstants.ENVIRONMENT_CATEGORY_URI.equals(attributeDTO.getCategory()) || PDPConstants.ENVIRONMENT_ELEMENT.equals(attributeDTO.getCategory())) {
requestAttributes.add(attributeDTO);
attributeDTO.setAttributeId(PDPConstants.ENVIRONMENT_ID_DEFAULT);
requestAttributes.add(attributeDTO);
} else if (PDPConstants.ACTION_CATEGORY_URI.equals(attributeDTO.getCategory()) || PDPConstants.ACTION_ELEMENT.equals(attributeDTO.getCategory())) {
if (action != null && action.trim().length() > 0) {
attributeDTO.setAttributeValue(action);
}
actions.add(attributeDTO);
attributeDTO.setAttributeId(PDPConstants.ACTION_ID_DEFAULT);
actions.add(attributeDTO);
} else if ((PDPConstants.RESOURCE_CATEGORY_URI.equals(attributeDTO.getCategory()) || PDPConstants.RESOURCE_ELEMENT.equals(attributeDTO.getCategory())) && !hierarchicalResource) {
attributeDTO.setAttributeId(PDPConstants.RESOURCE_ID_DEFAULT);
resources.add(attributeDTO);
}
}
if (resultSetDTO.getMessage() == null) {
List<String> entitledActions = new ArrayList<String>();
for (AttributeDTO actionDTO : actions) {
List<AttributeDTO> currentRequestAttributes = new ArrayList<AttributeDTO>();
currentRequestAttributes.add(subjectAttributeDTO);
currentRequestAttributes.add(actionDTO);
if (getResponse(currentRequestAttributes)) {
EntitledAttributesDTO dto = new EntitledAttributesDTO();
dto.setAllResources(true);
dto.setAction(actionDTO.getAttributeValue());
resultSet.add(dto);
entitledActions.add(actionDTO.getAttributeValue());
}
}
for (AttributeDTO resource : resources) {
if (PDPConstants.RESOURCE_CATEGORY_URI.equals(resource.getCategory()) || PDPConstants.RESOURCE_ELEMENT.equals(resource.getCategory())) {
boolean allActionsAllowed = false;
int noOfRequests = 1;
if (enableChildSearch) {
noOfRequests = 0;
}
while (noOfRequests < 2) {
List<AttributeDTO> currentRequestAttributes = new ArrayList<AttributeDTO>();
for (AttributeDTO dto : requestAttributes) {
currentRequestAttributes.add(dto);
}
if (noOfRequests < 1) {
currentRequestAttributes.add(resourceScopeAttribute);
}
currentRequestAttributes.add(subjectAttributeDTO);
currentRequestAttributes.add(resource);
if (getResponse(currentRequestAttributes)) {
EntitledAttributesDTO dto = new EntitledAttributesDTO();
dto.setResourceName(resource.getAttributeValue());
dto.setAllActions(true);
resultSet.add(dto);
allActionsAllowed = true;
}
noOfRequests++;
}
if (allActionsAllowed) {
continue;
}
for (AttributeDTO actionAttributeDTO : actions) {
if (entitledActions.contains(actionAttributeDTO.getAttributeValue())) {
continue;
}
noOfRequests = 1;
if (enableChildSearch) {
noOfRequests = 0;
}
while (noOfRequests < 2) {
List<AttributeDTO> currentRequestAttributes = new ArrayList<AttributeDTO>();
for (AttributeDTO dto : requestAttributes) {
currentRequestAttributes.add(dto);
}
if (noOfRequests < 1) {
currentRequestAttributes.add(resourceScopeAttribute);
}
currentRequestAttributes.add(subjectAttributeDTO);
currentRequestAttributes.add(resource);
currentRequestAttributes.add(actionAttributeDTO);
if (getResponse(currentRequestAttributes)) {
EntitledAttributesDTO dto = new EntitledAttributesDTO();
dto.setResourceName(resource.getAttributeValue());
dto.setAction(actionAttributeDTO.getAttributeValue());
resultSet.add(dto);
}
noOfRequests++;
}
}
}
}
}
}
}
}
}
resultSetDTO.setEntitledAttributesDTOs(resultSet.toArray(new EntitledAttributesDTO[resultSet.size()]));
if (cachingEnable) {
SearchResult result = new SearchResult();
result.setResultSetDTO(resultSetDTO);
policySearchCache.addToCache(cacheKey, result);
if (log.isDebugEnabled()) {
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
log.debug("PDP Decision Cache Updated for tenantId " + tenantId);
}
}
return resultSetDTO;
}
Also used :
EntitledAttributesDTO(org.wso2.carbon.identity.entitlement.dto.EntitledAttributesDTO)
Set(java.util.Set)
HashSet(java.util.HashSet)
ArrayList(java.util.ArrayList)
AttributeDTO(org.wso2.carbon.identity.entitlement.dto.AttributeDTO)
EntitlementException(org.wso2.carbon.identity.entitlement.EntitlementException)
PolicyFinderModule(org.wso2.carbon.identity.entitlement.policy.finder.PolicyFinderModule)
EntitledResultSetDTO(org.wso2.carbon.identity.entitlement.dto.EntitledResultSetDTO)
HashMap(java.util.HashMap)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 17 with AttributeDTO
use of org.wso2.carbon.identity.entitlement.dto.AttributeDTO in project carbon-identity-framework by wso2.
the class PolicySearch method getAllCombinations.
/**
* Helper method to get all possible combination for given set of attributes
*
* @param allAttributes
* @return
*/
private Set<List<AttributeDTO>> getAllCombinations(Set<AttributeDTO> allAttributes) {
Set<List<AttributeDTO>> requestSet = new HashSet<List<AttributeDTO>>();
if (allAttributes.isEmpty()) {
requestSet.add(new ArrayList<AttributeDTO>());
return requestSet;
}
List<AttributeDTO> list = new ArrayList<AttributeDTO>(allAttributes);
AttributeDTO head = list.get(0);
Set<AttributeDTO> rest = new HashSet<AttributeDTO>(list.subList(1, list.size()));
for (List<AttributeDTO> set : getAllCombinations(rest)) {
List<AttributeDTO> newSet = new ArrayList<AttributeDTO>();
newSet.add(head);
newSet.addAll(set);
requestSet.add(newSet);
requestSet.add(set);
}
return requestSet;
}
Also used :
AttributeDTO(org.wso2.carbon.identity.entitlement.dto.AttributeDTO)
ArrayList(java.util.ArrayList)
ArrayList(java.util.ArrayList)
List(java.util.List)
HashSet(java.util.HashSet)
Example 18 with AttributeDTO
use of org.wso2.carbon.identity.entitlement.dto.AttributeDTO in project carbon-identity-framework by wso2.
the class PolicySearch method getAllCombinationsWithCategory.
/**
* Helper method to get all possible combination for given set of attributes based on category
*
* @param attributesMap
* @return
*/
private Set<List<AttributeDTO>> getAllCombinationsWithCategory(Map<String, Set<AttributeDTO>> attributesMap) {
Set<List<AttributeDTO>> requestSet = new HashSet<List<AttributeDTO>>();
List<String> categories = new ArrayList<String>(attributesMap.keySet());
if (!categories.isEmpty()) {
String category = categories.get(0);
Set<AttributeDTO> attributeDTOs = attributesMap.get(category);
List<AttributeDTO> dtoList;
for (AttributeDTO dto : attributeDTOs) {
dtoList = new ArrayList<AttributeDTO>();
dtoList.add(dto);
if (categories.get(1) != null) {
processCombinations(1, categories, attributesMap, dtoList, requestSet);
}
}
}
return requestSet;
}
Also used :
AttributeDTO(org.wso2.carbon.identity.entitlement.dto.AttributeDTO)
ArrayList(java.util.ArrayList)
ArrayList(java.util.ArrayList)
List(java.util.List)
HashSet(java.util.HashSet)
Example 19 with AttributeDTO
use of org.wso2.carbon.identity.entitlement.dto.AttributeDTO in project carbon-identity-framework by wso2.
the class RegistryPolicyStoreManageModule method addPolicy.
@Override
public void addPolicy(PolicyStoreDTO policy) throws EntitlementException {
Registry registry;
String policyPath;
Collection policyCollection;
Resource resource;
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
if (policy == null || StringUtils.isBlank(policy.getPolicyId())) {
throw new EntitlementException("Policy can not be null");
}
try {
registry = EntitlementServiceComponent.getRegistryService().getGovernanceSystemRegistry(tenantId);
if (registry.resourceExists(policyStorePath)) {
policyCollection = (Collection) registry.get(policyStorePath);
} else {
policyCollection = registry.newCollection();
}
registry.put(policyStorePath, policyCollection);
policyPath = policyStorePath + policy.getPolicyId();
if (registry.resourceExists(policyPath)) {
resource = registry.get(policyPath);
} else {
resource = registry.newResource();
}
if (policy.getPolicy() != null && policy.getPolicy().trim().length() != 0) {
resource.setContent(policy.getPolicy());
resource.setMediaType(PDPConstants.REGISTRY_MEDIA_TYPE);
AttributeDTO[] attributeDTOs = policy.getAttributeDTOs();
if (attributeDTOs != null) {
setAttributesAsProperties(attributeDTOs, resource);
}
}
if (policy.isSetActive()) {
resource.setProperty("active", Boolean.toString(policy.isActive()));
}
if (policy.isSetOrder()) {
int order = policy.getPolicyOrder();
if (order > 0) {
resource.setProperty("order", Integer.toString(order));
}
}
if (resource.getContent() == null) {
log.info("Prevented adding null content to resource " + policyPath);
return;
}
registry.put(policyPath, resource);
} catch (RegistryException e) {
log.error("Error while persisting policy", e);
throw new EntitlementException("Error while persisting policy", e);
}
}
Also used :
AttributeDTO(org.wso2.carbon.identity.entitlement.dto.AttributeDTO)
EntitlementException(org.wso2.carbon.identity.entitlement.EntitlementException)
Resource(org.wso2.carbon.registry.core.Resource)
Collection(org.wso2.carbon.registry.core.Collection)
Registry(org.wso2.carbon.registry.core.Registry)
RegistryException(org.wso2.carbon.registry.core.exceptions.RegistryException)
Example 20 with AttributeDTO
use of org.wso2.carbon.identity.entitlement.dto.AttributeDTO in project carbon-identity-framework by wso2.
the class RegistryPolicyStoreManageModule method getSearchAttributes.
@Override
public Map<String, Set<AttributeDTO>> getSearchAttributes(String identifier, Set<AttributeDTO> givenAttribute) {
PolicyDTO[] policyDTOs = null;
Map<String, Set<AttributeDTO>> attributeMap = null;
try {
policyDTOs = getPolicyReader().readAllPolicies(true, true);
} catch (Exception e) {
log.error("Policies can not be retrieved from registry policy finder module", e);
}
if (policyDTOs != null) {
attributeMap = new HashMap<String, Set<AttributeDTO>>();
for (PolicyDTO policyDTO : policyDTOs) {
Set<AttributeDTO> attributeDTOs = new HashSet<AttributeDTO>(Arrays.asList(policyDTO.getAttributeDTOs()));
String[] policyIdRef = policyDTO.getPolicyIdReferences();
String[] policySetIdRef = policyDTO.getPolicySetIdReferences();
if (policyIdRef != null && policyIdRef.length > 0 || policySetIdRef != null && policySetIdRef.length > 0) {
for (PolicyDTO dto : policyDTOs) {
if (policyIdRef != null) {
for (String policyId : policyIdRef) {
if (dto.getPolicyId().equals(policyId)) {
attributeDTOs.addAll(Arrays.asList(dto.getAttributeDTOs()));
}
}
}
for (String policySetId : policySetIdRef) {
if (dto.getPolicyId().equals(policySetId)) {
attributeDTOs.addAll(Arrays.asList(dto.getAttributeDTOs()));
}
}
}
}
attributeMap.put(policyDTO.getPolicyId(), attributeDTOs);
}
}
return attributeMap;
}
Also used :
AttributeDTO(org.wso2.carbon.identity.entitlement.dto.AttributeDTO)
PolicyDTO(org.wso2.carbon.identity.entitlement.dto.PolicyDTO)
HashSet(java.util.HashSet)
Set(java.util.Set)
RegistryException(org.wso2.carbon.registry.core.exceptions.RegistryException)
EntitlementException(org.wso2.carbon.identity.entitlement.EntitlementException)
HashSet(java.util.HashSet)
Aggregations
AttributeDTO (org.wso2.carbon.identity.entitlement.dto.AttributeDTO)21
ArrayList (java.util.ArrayList)10
Iterator (java.util.Iterator)9
OMElement (org.apache.axiom.om.OMElement)8
HashSet (java.util.HashSet)6
QName (javax.xml.namespace.QName)5
EntitlementException (org.wso2.carbon.identity.entitlement.EntitlementException)5
List (java.util.List)4
RegistryException (org.wso2.carbon.registry.core.exceptions.RegistryException)4
Set (java.util.Set)3
Map (java.util.Map)2
Properties (java.util.Properties)2
EntitledAttributesDTO (org.wso2.carbon.identity.entitlement.dto.EntitledAttributesDTO)2
EntitledResultSetDTO (org.wso2.carbon.identity.entitlement.dto.EntitledResultSetDTO)2
PolicyDTO (org.wso2.carbon.identity.entitlement.dto.PolicyDTO)2
PolicyFinderModule (org.wso2.carbon.identity.entitlement.policy.finder.PolicyFinderModule)2
Collection (org.wso2.carbon.registry.core.Collection)2
Registry (org.wso2.carbon.registry.core.Registry)2
Resource (org.wso2.carbon.registry.core.Resource)2
IOException (java.io.IOException)1
