Example 1 with PAPPolicyStore
use of org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStore in project carbon-identity-framework by wso2.
the class EntitlementUtil method isPolicyExists.
/**
* This method checks whether there is a policy having the same policyId as the given policyId is in the registry
*
* @param policyId
* @param registry
* @return
* @throws EntitlementException
*/
public static boolean isPolicyExists(String policyId, Registry registry) throws EntitlementException {
PAPPolicyStoreReader policyReader = null;
policyReader = new PAPPolicyStoreReader(new PAPPolicyStore(registry));
return policyReader.isExistPolicy(policyId);
}
Also used :
PAPPolicyStoreReader(org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreReader)
PAPPolicyStore(org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStore)
Example 2 with PAPPolicyStore
use of org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStore in project carbon-identity-framework by wso2.
the class EntitlementUtil method addFilesystemPolicy.
/**
* This method persists a new XACML policy, which was read from filesystem,
* in the registry
*
* @param policyDTO PolicyDTO object
* @param registry Registry
* @param promote where policy must be promote PDP or not
* @return returns whether True/False
* @throws org.wso2.carbon.identity.entitlement.EntitlementException throws if policy with same id is exist
*/
public static boolean addFilesystemPolicy(PolicyDTO policyDTO, Registry registry, boolean promote) throws EntitlementException {
PAPPolicyStoreManager policyAdmin;
AbstractPolicy policyObj;
if (policyDTO.getPolicy() != null) {
policyDTO.setPolicy(policyDTO.getPolicy().replaceAll(">\\s+<", "><"));
}
policyObj = getPolicy(policyDTO.getPolicy());
if (policyObj != null) {
PAPPolicyStore policyStore = new PAPPolicyStore(registry);
policyAdmin = new PAPPolicyStoreManager();
policyDTO.setPolicyId(policyObj.getId().toASCIIString());
policyDTO.setActive(true);
if (isPolicyExists(policyDTO.getPolicyId(), registry)) {
return false;
}
policyDTO.setPromote(promote);
PolicyVersionManager versionManager = EntitlementAdminEngine.getInstance().getVersionManager();
try {
String version = versionManager.createVersion(policyDTO);
policyDTO.setVersion(version);
} catch (EntitlementException e) {
log.error("Policy versioning is not supported", e);
}
policyAdmin.addOrUpdatePolicy(policyDTO);
PAPPolicyStoreReader reader = new PAPPolicyStoreReader(policyStore);
policyDTO = reader.readPolicyDTO(policyDTO.getPolicyId());
if (Boolean.parseBoolean(System.getProperty(ENHANCED_XACML_LOADING_SYSTEM_PROPERTY)) && promote) {
EntitlementAdminEngine adminEngine = EntitlementAdminEngine.getInstance();
adminEngine.getPolicyStoreManager().addPolicy(policyDTO);
} else {
PolicyStoreDTO policyStoreDTO = new PolicyStoreDTO();
policyStoreDTO.setPolicyId(policyDTO.getPolicyId());
policyStoreDTO.setPolicy(policyDTO.getPolicy());
policyStoreDTO.setPolicyOrder(policyDTO.getPolicyOrder());
policyStoreDTO.setAttributeDTOs(policyDTO.getAttributeDTOs());
policyStoreDTO.setActive(policyDTO.isActive());
policyStoreDTO.setSetActive(policyDTO.isActive());
if (promote) {
addPolicyToPDP(policyStoreDTO);
}
policyAdmin.addOrUpdatePolicy(policyDTO);
}
return true;
} else {
throw new EntitlementException("Invalid Entitlement Policy");
}
}
Also used :
PolicyStoreDTO(org.wso2.carbon.identity.entitlement.dto.PolicyStoreDTO)
PAPPolicyStoreManager(org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreManager)
PolicyVersionManager(org.wso2.carbon.identity.entitlement.policy.version.PolicyVersionManager)
AbstractPolicy(org.wso2.balana.AbstractPolicy)
PAPPolicyStoreReader(org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreReader)
EntitlementAdminEngine(org.wso2.carbon.identity.entitlement.pap.EntitlementAdminEngine)
PAPPolicyStore(org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStore)
Example 3 with PAPPolicyStore
use of org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStore in project carbon-identity-framework by wso2.
the class DefaultPolicyVersionManager method createVersion.
@Override
public String createVersion(PolicyDTO policyDTO) throws EntitlementException {
PAPPolicyStore policyStore = new PAPPolicyStore();
Registry registry = EntitlementServiceComponent.getGovernanceRegistry(CarbonContext.getThreadLocalCarbonContext().getTenantId());
String version = "0";
try {
Collection collection = null;
try {
collection = (Collection) registry.get(PDPConstants.ENTITLEMENT_POLICY_VERSION + policyDTO.getPolicyId());
} catch (ResourceNotFoundException e) {
// ignore
}
if (collection != null) {
version = collection.getProperty("version");
} else {
collection = registry.newCollection();
collection.setProperty("version", "1");
registry.put(PDPConstants.ENTITLEMENT_POLICY_VERSION + policyDTO.getPolicyId(), collection);
}
int versionInt = Integer.parseInt(version);
String policyPath = PDPConstants.ENTITLEMENT_POLICY_VERSION + policyDTO.getPolicyId() + RegistryConstants.PATH_SEPARATOR;
// check whether this is larger than max version
if (versionInt > maxVersions) {
// delete the older version
int olderVersion = versionInt - maxVersions;
if (registry.resourceExists(policyPath + olderVersion)) {
registry.delete(policyPath + olderVersion);
}
}
// new version
version = Integer.toString(versionInt + 1);
// set version properties
policyDTO.setVersion(version);
// persist new version
policyStore.addOrUpdatePolicy(policyDTO, version, policyPath);
// set new version
collection.setProperty("version", version);
registry.put(PDPConstants.ENTITLEMENT_POLICY_VERSION + policyDTO.getPolicyId(), collection);
} catch (RegistryException e) {
log.error("Error while creating new version of policy", e);
}
return version;
}
Also used :
Collection(org.wso2.carbon.registry.api.Collection)
Registry(org.wso2.carbon.registry.api.Registry)
PAPPolicyStore(org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStore)
ResourceNotFoundException(org.wso2.carbon.registry.core.exceptions.ResourceNotFoundException)
RegistryException(org.wso2.carbon.registry.api.RegistryException)
Example 4 with PAPPolicyStore
use of org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStore in project carbon-identity-framework by wso2.
the class EntitlementServiceComponent method activate.
/**
* @param ctxt
*/
@Activate
protected void activate(ComponentContext ctxt) {
if (log.isDebugEnabled()) {
log.debug("Identity Entitlement bundle is activated");
}
try {
// build configuration file
EntitlementExtensionBuilder builder = new EntitlementExtensionBuilder();
builder.setBundleContext(ctxt.getBundleContext());
builder.buildEntitlementConfig(EntitlementConfigHolder.getInstance());
boolean balanaConfig = Boolean.parseBoolean((String) EntitlementServiceComponent.getEntitlementConfig().getEngineProperties().get(PDPConstants.BALANA_CONFIG_ENABLE));
String configProperty = System.getProperty(PDP_CONFIG_FILE_PATH);
if (balanaConfig && configProperty == null) {
String configFilePath = CarbonUtils.getCarbonConfigDirPath() + File.separator + "security" + File.separator + "balana-config.xml";
System.setProperty(PDP_CONFIG_FILE_PATH, configFilePath);
}
if (log.isDebugEnabled()) {
log.debug("Setting org.wso2.balana.PDPConfigFile property to " + System.getProperty(PDP_CONFIG_FILE_PATH));
}
// Start loading schema.
new Thread(new SchemaBuilder(EntitlementConfigHolder.getInstance())).start();
// Read XACML policy files from a pre-defined location in the
// filesystem and load to registry at the server startup
PAPPolicyStore papPolicyStore = new PAPPolicyStore(registryService.getGovernanceSystemRegistry());
String startUpPolicyAdding = EntitlementConfigHolder.getInstance().getEngineProperties().getProperty(PDPConstants.START_UP_POLICY_ADDING);
List<String> policyIdList = new ArrayList<>();
if (papPolicyStore != null && ArrayUtils.isNotEmpty(papPolicyStore.getAllPolicyIds())) {
String[] allPolicyIds = papPolicyStore.getAllPolicyIds();
policyIdList = Arrays.asList(allPolicyIds);
}
if (startUpPolicyAdding != null && Boolean.parseBoolean(startUpPolicyAdding)) {
File policyFolder = null;
String policyPathFromConfig = EntitlementConfigHolder.getInstance().getEngineProperties().getProperty(PDPConstants.FILESYSTEM_POLICY_PATH);
if (StringUtils.isNotBlank(policyPathFromConfig)) {
policyFolder = new File(policyPathFromConfig);
}
if (policyFolder != null && !policyFolder.exists()) {
log.warn("Defined policy directory location is not exit. " + "Therefore using default policy location");
}
if (policyPathFromConfig == null || (policyFolder != null && !policyFolder.exists())) {
policyFolder = new File(CarbonUtils.getCarbonHome() + File.separator + "repository" + File.separator + "resources" + File.separator + "identity" + File.separator + "policies" + File.separator + "xacml");
}
boolean customPolicies = false;
File[] fileList;
if (policyFolder != null && policyFolder.exists() && ArrayUtils.isNotEmpty(fileList = policyFolder.listFiles())) {
if (Boolean.parseBoolean(System.getProperty(ENHANCED_XACML_LOADING_SYSTEM_PROPERTY))) {
try {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
carbonContext.setTenantId(MultitenantConstants.SUPER_TENANT_ID);
carbonContext.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
long startTime = System.currentTimeMillis();
customPolicies = addPolicyFiles(policyIdList, fileList);
long endTime = (System.currentTimeMillis() - startTime) / 1000;
log.info("XACML Policies loaded in " + endTime + " sec");
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
} else {
customPolicies = addPolicyFiles(policyIdList, fileList);
}
}
if (!customPolicies) {
// load default policies
EntitlementUtil.addSamplePolicies(registryService.getGovernanceSystemRegistry());
}
}
// Cache clearing listener is always registered since cache clearing is a must when
// an update happens of user attributes
CacheClearingUserOperationListener pipUserOperationListener = new CacheClearingUserOperationListener();
ctxt.getBundleContext().registerService(UserOperationEventListener.class.getName(), pipUserOperationListener, null);
// only subscribed modules will send messages.
if (log.isDebugEnabled()) {
log.debug("Registering notification sender on user operations");
}
// TODO: Read from identity.xml, the configurations to be used in thrift based entitlement service.
// initialize thrift authenticator
ThriftEntitlementServiceImpl.init(thriftAuthenticationService);
// initialize thrift based Entitlement Service.
startThriftServices();
org.wso2.carbon.identity.entitlement.EntitlementService entitlementService = new org.wso2.carbon.identity.entitlement.EntitlementService();
ctxt.getBundleContext().registerService(org.wso2.carbon.identity.entitlement.EntitlementService.class.getName(), entitlementService, null);
} catch (Throwable throwable) {
log.error("Failed to initialize Entitlement Service", throwable);
}
}
Also used :
EntitlementService(org.wso2.carbon.identity.entitlement.thrift.EntitlementService)
UserOperationEventListener(org.wso2.carbon.user.core.listener.UserOperationEventListener)
CacheClearingUserOperationListener(org.wso2.carbon.identity.entitlement.listener.CacheClearingUserOperationListener)
ArrayList(java.util.ArrayList)
PrivilegedCarbonContext(org.wso2.carbon.context.PrivilegedCarbonContext)
PAPPolicyStore(org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStore)
File(java.io.File)
Activate(org.osgi.service.component.annotations.Activate)
Example 5 with PAPPolicyStore
use of org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStore in project carbon-identity-framework by wso2.
the class EntitlementUtil method getPolicy.
/**
* Gets policy dto for a given policy id
*
* @param policyId policy id
* @param registry Registry
* @return returns policy
* @throws org.wso2.carbon.identity.entitlement.EntitlementException
*/
public static PolicyDTO getPolicy(String policyId, Registry registry) throws EntitlementException {
PAPPolicyStoreReader policyReader = null;
policyReader = new PAPPolicyStoreReader(new PAPPolicyStore(registry));
return policyReader.readPolicyDTO(policyId);
}
Also used :
PAPPolicyStoreReader(org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreReader)
PAPPolicyStore(org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStore)
Aggregations
PAPPolicyStore (org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStore)6
PAPPolicyStoreReader (org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreReader)4
Collection (org.wso2.carbon.registry.api.Collection)2
Registry (org.wso2.carbon.registry.api.Registry)2
RegistryException (org.wso2.carbon.registry.api.RegistryException)2
File (java.io.File)1
ArrayList (java.util.ArrayList)1
Activate (org.osgi.service.component.annotations.Activate)1
AbstractPolicy (org.wso2.balana.AbstractPolicy)1
PrivilegedCarbonContext (org.wso2.carbon.context.PrivilegedCarbonContext)1
EntitlementException (org.wso2.carbon.identity.entitlement.EntitlementException)1
PolicyStoreDTO (org.wso2.carbon.identity.entitlement.dto.PolicyStoreDTO)1
CacheClearingUserOperationListener (org.wso2.carbon.identity.entitlement.listener.CacheClearingUserOperationListener)1
EntitlementAdminEngine (org.wso2.carbon.identity.entitlement.pap.EntitlementAdminEngine)1
PAPPolicyStoreManager (org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreManager)1
PolicyVersionManager (org.wso2.carbon.identity.entitlement.policy.version.PolicyVersionManager)1
EntitlementService (org.wso2.carbon.identity.entitlement.thrift.EntitlementService)1
Resource (org.wso2.carbon.registry.core.Resource)1
ResourceNotFoundException (org.wso2.carbon.registry.core.exceptions.ResourceNotFoundException)1
UserOperationEventListener (org.wso2.carbon.user.core.listener.UserOperationEventListener)1
