use of org.wso2.carbon.identity.entitlement.pap.EntitlementAdminEngine in project carbon-identity-framework by wso2.
the class CarbonPolicyFinder method init.
private synchronized void init() {
if (initFinish) {
return;
}
log.info("Initializing of policy store is started at : " + new Date());
String maxEntries = EntitlementServiceComponent.getEntitlementConfig().getEngineProperties().getProperty(PDPConstants.MAX_POLICY_REFERENCE_ENTRIES);
if (maxEntries != null) {
try {
maxReferenceCacheEntries = Integer.parseInt(maxEntries.trim());
} catch (Exception e) {
// ignore
}
}
policyReferenceCache = new LinkedHashMap<URI, AbstractPolicy>() {
@Override
protected boolean removeEldestEntry(Map.Entry eldest) {
// oldest entry of the cache would be removed when max cache size become, i.e 50
return size() > maxReferenceCacheEntries;
}
};
PolicyCombiningAlgorithm policyCombiningAlgorithm = null;
// get registered finder modules
Map<PolicyFinderModule, Properties> finderModules = EntitlementServiceComponent.getEntitlementConfig().getPolicyFinderModules();
if (finderModules != null) {
this.finderModules = new ArrayList<PolicyFinderModule>(finderModules.keySet());
}
PolicyCollection tempPolicyCollection = null;
// get policy collection
Map<PolicyCollection, Properties> policyCollections = EntitlementServiceComponent.getEntitlementConfig().getPolicyCollections();
if (policyCollections != null && policyCollections.size() > 0) {
tempPolicyCollection = policyCollections.entrySet().iterator().next().getKey();
} else {
tempPolicyCollection = new SimplePolicyCollection();
}
// get policy reader
policyReader = PolicyReader.getInstance(finder);
if (this.finderModules != null && this.finderModules.size() > 0) {
// find policy combining algorithm.
// here we can get policy data store by using EntitlementAdminEngine. But we are not
// use it here. As we need not to have a dependant on EntitlementAdminEngine
PolicyDataStore policyDataStore;
Map<PolicyDataStore, Properties> dataStoreModules = EntitlementServiceComponent.getEntitlementConfig().getPolicyDataStore();
if (dataStoreModules != null && dataStoreModules.size() > 0) {
policyDataStore = dataStoreModules.entrySet().iterator().next().getKey();
} else {
policyDataStore = new DefaultPolicyDataStore();
}
policyCombiningAlgorithm = policyDataStore.getGlobalPolicyAlgorithm();
tempPolicyCollection.setPolicyCombiningAlgorithm(policyCombiningAlgorithm);
for (PolicyFinderModule finderModule : this.finderModules) {
log.info("Start retrieving policies from " + finderModule + " at : " + new Date());
String[] policies = finderModule.getActivePolicies();
for (int a = 0; a < policies.length; a++) {
String policy = policies[a];
AbstractPolicy abstractPolicy = policyReader.getPolicy(policy);
if (abstractPolicy != null) {
PolicyDTO policyDTO = new PolicyDTO();
policyDTO.setPolicyId(abstractPolicy.getId().toString());
policyDTO.setPolicyOrder(a);
policyCollectionOrder.add(policyDTO);
tempPolicyCollection.addPolicy(abstractPolicy);
}
}
log.info("Finish retrieving policies from " + finderModule + " at : " + new Date());
}
} else {
log.warn("No Carbon policy finder modules are registered");
}
policyCollection = tempPolicyCollection;
initFinish = true;
log.info("Initializing of policy store is finished at : " + new Date());
}
use of org.wso2.carbon.identity.entitlement.pap.EntitlementAdminEngine in project carbon-identity-framework by wso2.
the class EntitlementUtil method addFilesystemPolicy.
/**
* This method persists a new XACML policy, which was read from filesystem,
* in the registry
*
* @param policyDTO PolicyDTO object
* @param registry Registry
* @param promote where policy must be promote PDP or not
* @return returns whether True/False
* @throws org.wso2.carbon.identity.entitlement.EntitlementException throws if policy with same id is exist
*/
public static boolean addFilesystemPolicy(PolicyDTO policyDTO, Registry registry, boolean promote) throws EntitlementException {
PAPPolicyStoreManager policyAdmin;
AbstractPolicy policyObj;
if (policyDTO.getPolicy() != null) {
policyDTO.setPolicy(policyDTO.getPolicy().replaceAll(">\\s+<", "><"));
}
policyObj = getPolicy(policyDTO.getPolicy());
if (policyObj != null) {
PAPPolicyStore policyStore = new PAPPolicyStore(registry);
policyAdmin = new PAPPolicyStoreManager();
policyDTO.setPolicyId(policyObj.getId().toASCIIString());
policyDTO.setActive(true);
if (isPolicyExists(policyDTO.getPolicyId(), registry)) {
return false;
}
policyDTO.setPromote(promote);
PolicyVersionManager versionManager = EntitlementAdminEngine.getInstance().getVersionManager();
try {
String version = versionManager.createVersion(policyDTO);
policyDTO.setVersion(version);
} catch (EntitlementException e) {
log.error("Policy versioning is not supported", e);
}
policyAdmin.addOrUpdatePolicy(policyDTO);
PAPPolicyStoreReader reader = new PAPPolicyStoreReader(policyStore);
policyDTO = reader.readPolicyDTO(policyDTO.getPolicyId());
if (Boolean.parseBoolean(System.getProperty(ENHANCED_XACML_LOADING_SYSTEM_PROPERTY)) && promote) {
EntitlementAdminEngine adminEngine = EntitlementAdminEngine.getInstance();
adminEngine.getPolicyStoreManager().addPolicy(policyDTO);
} else {
PolicyStoreDTO policyStoreDTO = new PolicyStoreDTO();
policyStoreDTO.setPolicyId(policyDTO.getPolicyId());
policyStoreDTO.setPolicy(policyDTO.getPolicy());
policyStoreDTO.setPolicyOrder(policyDTO.getPolicyOrder());
policyStoreDTO.setAttributeDTOs(policyDTO.getAttributeDTOs());
policyStoreDTO.setActive(policyDTO.isActive());
policyStoreDTO.setSetActive(policyDTO.isActive());
if (promote) {
addPolicyToPDP(policyStoreDTO);
}
policyAdmin.addOrUpdatePolicy(policyDTO);
}
return true;
} else {
throw new EntitlementException("Invalid Entitlement Policy");
}
}
Aggregations