Example 1 with PAPPolicyStoreManager
use of org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreManager in project carbon-identity-framework by wso2.
the class EntitlementUtil method addPolicyToPDP.
/**
* @param policyStoreDTO
* @return
*/
public static void addPolicyToPDP(PolicyStoreDTO policyStoreDTO) throws EntitlementException {
Registry registry;
String policyPath;
Collection policyCollection;
Resource resource;
Map.Entry<PolicyStoreManageModule, Properties> entry = EntitlementServiceComponent.getEntitlementConfig().getPolicyStore().entrySet().iterator().next();
String policyStorePath = entry.getValue().getProperty("policyStorePath");
if (policyStorePath == null) {
policyStorePath = "/repository/identity/entitlement/policy/pdp/";
}
if (policyStoreDTO == null || policyStoreDTO.getPolicy() == null || policyStoreDTO.getPolicy().trim().length() == 0 || policyStoreDTO.getPolicyId() == null || policyStoreDTO.getPolicyId().trim().length() == 0) {
return;
}
try {
registry = EntitlementServiceComponent.getRegistryService().getGovernanceSystemRegistry();
if (registry.resourceExists(policyStorePath)) {
policyCollection = (Collection) registry.get(policyStorePath);
} else {
policyCollection = registry.newCollection();
}
registry.put(policyStorePath, policyCollection);
policyPath = policyStorePath + policyStoreDTO.getPolicyId();
if (registry.resourceExists(policyPath)) {
resource = registry.get(policyPath);
} else {
resource = registry.newResource();
}
resource.setProperty("policyOrder", Integer.toString(policyStoreDTO.getPolicyOrder()));
resource.setContent(policyStoreDTO.getPolicy());
resource.setMediaType("application/xacml-policy+xml");
resource.setProperty("active", String.valueOf(policyStoreDTO.isActive()));
AttributeDTO[] attributeDTOs = policyStoreDTO.getAttributeDTOs();
if (attributeDTOs != null) {
setAttributesAsProperties(attributeDTOs, resource);
}
registry.put(policyPath, resource);
// Enable published policies in PDP
PAPPolicyStoreManager storeManager = EntitlementAdminEngine.getInstance().getPapPolicyStoreManager();
if (storeManager.isExistPolicy(policyStoreDTO.getPolicyId())) {
PolicyPublisher publisher = EntitlementAdminEngine.getInstance().getPolicyPublisher();
String[] subscribers = new String[] { EntitlementConstants.PDP_SUBSCRIBER_ID };
if (policyStoreDTO.isActive()) {
publisher.publishPolicy(new String[] { policyStoreDTO.getPolicyId() }, null, EntitlementConstants.PolicyPublish.ACTION_ENABLE, false, 0, subscribers, null);
} else {
publisher.publishPolicy(new String[] { policyStoreDTO.getPolicyId() }, null, EntitlementConstants.PolicyPublish.ACTION_DISABLE, false, 0, subscribers, null);
}
}
} catch (RegistryException e) {
log.error(e);
throw new EntitlementException("Error while adding policy to PDP", e);
}
}
Also used :
PAPPolicyStoreManager(org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreManager)
Resource(org.wso2.carbon.registry.core.Resource)
Registry(org.wso2.carbon.registry.core.Registry)
Properties(java.util.Properties)
RegistryException(org.wso2.carbon.registry.core.exceptions.RegistryException)
AttributeDTO(org.wso2.carbon.identity.entitlement.dto.AttributeDTO)
PolicyStoreManageModule(org.wso2.carbon.identity.entitlement.policy.store.PolicyStoreManageModule)
PolicyPublisher(org.wso2.carbon.identity.entitlement.policy.publisher.PolicyPublisher)
Collection(org.wso2.carbon.registry.core.Collection)
Map(java.util.Map)
Example 2 with PAPPolicyStoreManager
use of org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreManager in project carbon-identity-framework by wso2.
the class EntitlementUtil method addFilesystemPolicy.
/**
* This method persists a new XACML policy, which was read from filesystem,
* in the registry
*
* @param policyDTO PolicyDTO object
* @param registry Registry
* @param promote where policy must be promote PDP or not
* @return returns whether True/False
* @throws org.wso2.carbon.identity.entitlement.EntitlementException throws if policy with same id is exist
*/
public static boolean addFilesystemPolicy(PolicyDTO policyDTO, Registry registry, boolean promote) throws EntitlementException {
PAPPolicyStoreManager policyAdmin;
AbstractPolicy policyObj;
if (policyDTO.getPolicy() != null) {
policyDTO.setPolicy(policyDTO.getPolicy().replaceAll(">\\s+<", "><"));
}
policyObj = getPolicy(policyDTO.getPolicy());
if (policyObj != null) {
PAPPolicyStore policyStore = new PAPPolicyStore(registry);
policyAdmin = new PAPPolicyStoreManager();
policyDTO.setPolicyId(policyObj.getId().toASCIIString());
policyDTO.setActive(true);
if (isPolicyExists(policyDTO.getPolicyId(), registry)) {
return false;
}
policyDTO.setPromote(promote);
PolicyVersionManager versionManager = EntitlementAdminEngine.getInstance().getVersionManager();
try {
String version = versionManager.createVersion(policyDTO);
policyDTO.setVersion(version);
} catch (EntitlementException e) {
log.error("Policy versioning is not supported", e);
}
policyAdmin.addOrUpdatePolicy(policyDTO);
PAPPolicyStoreReader reader = new PAPPolicyStoreReader(policyStore);
policyDTO = reader.readPolicyDTO(policyDTO.getPolicyId());
if (Boolean.parseBoolean(System.getProperty(ENHANCED_XACML_LOADING_SYSTEM_PROPERTY)) && promote) {
EntitlementAdminEngine adminEngine = EntitlementAdminEngine.getInstance();
adminEngine.getPolicyStoreManager().addPolicy(policyDTO);
} else {
PolicyStoreDTO policyStoreDTO = new PolicyStoreDTO();
policyStoreDTO.setPolicyId(policyDTO.getPolicyId());
policyStoreDTO.setPolicy(policyDTO.getPolicy());
policyStoreDTO.setPolicyOrder(policyDTO.getPolicyOrder());
policyStoreDTO.setAttributeDTOs(policyDTO.getAttributeDTOs());
policyStoreDTO.setActive(policyDTO.isActive());
policyStoreDTO.setSetActive(policyDTO.isActive());
if (promote) {
addPolicyToPDP(policyStoreDTO);
}
policyAdmin.addOrUpdatePolicy(policyDTO);
}
return true;
} else {
throw new EntitlementException("Invalid Entitlement Policy");
}
}
Also used :
PolicyStoreDTO(org.wso2.carbon.identity.entitlement.dto.PolicyStoreDTO)
PAPPolicyStoreManager(org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreManager)
PolicyVersionManager(org.wso2.carbon.identity.entitlement.policy.version.PolicyVersionManager)
AbstractPolicy(org.wso2.balana.AbstractPolicy)
PAPPolicyStoreReader(org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreReader)
EntitlementAdminEngine(org.wso2.carbon.identity.entitlement.pap.EntitlementAdminEngine)
PAPPolicyStore(org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStore)
Example 3 with PAPPolicyStoreManager
use of org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreManager in project carbon-identity-framework by wso2.
the class EntitlementPolicyAdminService method orderPolicy.
public void orderPolicy(String policyId, int newOrder) throws EntitlementException {
PolicyDTO policyDTO = new PolicyDTO();
policyDTO.setPolicyId(policyId);
policyDTO.setPolicyOrder(newOrder);
PAPPolicyStoreManager storeManager = EntitlementAdminEngine.getInstance().getPapPolicyStoreManager();
if (storeManager.isExistPolicy(policyId)) {
storeManager.addOrUpdatePolicy(policyDTO);
}
publishToPDP(new String[] { policyDTO.getPolicyId() }, EntitlementConstants.PolicyPublish.ACTION_ORDER, null, false, newOrder);
}
Also used :
PAPPolicyStoreManager(org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreManager)
PolicyDTO(org.wso2.carbon.identity.entitlement.dto.PolicyDTO)
Example 4 with PAPPolicyStoreManager
use of org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreManager in project carbon-identity-framework by wso2.
the class EntitlementPolicyAdminService method addOrUpdatePolicy.
/**
* This method persists a XACML policy
*
* @param policyDTO PolicyDTO object
* @param isAdd whether this is policy adding or updating
* @throws EntitlementException throws if invalid policy or if policy
* with same id is exist
*/
private void addOrUpdatePolicy(PolicyDTO policyDTO, boolean isAdd) throws EntitlementException {
String regString = EntitlementServiceComponent.getEntitlementConfig().getEngineProperties().getProperty(PDPConstants.POLICY_ID_REGEXP_PATTERN);
if (regString == null || regString.trim().length() == 0) {
regString = "[a-zA-Z0-9._:-]{3,100}$";
}
PAPPolicyStoreManager policyAdmin = EntitlementAdminEngine.getInstance().getPapPolicyStoreManager();
PolicyVersionManager versionManager = EntitlementAdminEngine.getInstance().getVersionManager();
AbstractPolicy policyObj;
String policyId = null;
String policy = null;
String operation = EntitlementConstants.StatusTypes.UPDATE_POLICY;
if (isAdd) {
operation = EntitlementConstants.StatusTypes.ADD_POLICY;
}
if (policyDTO == null) {
throw new EntitlementException("Entitlement Policy can not be null.");
}
if (isAdd && policyDTO.getPolicy() == null) {
throw new EntitlementException("Entitlement Policy can not be null.");
}
try {
policy = policyDTO.getPolicy();
if (policy != null) {
policyDTO.setPolicy(policy.replaceAll(">\\s+<", "><"));
if (!EntitlementUtil.validatePolicy(policyDTO)) {
throw new EntitlementException("Invalid Entitlement Policy. " + "Policy is not valid according to XACML schema");
}
policyObj = PAPPolicyReader.getInstance(null).getPolicy(policy);
if (policyObj != null) {
policyId = policyObj.getId().toASCIIString();
policyDTO.setPolicyId(policyId);
// All the policies wont be active at the time been added.
policyDTO.setActive(policyDTO.isActive());
if (policyId.contains("/")) {
throw new EntitlementException(" Policy Id cannot contain / characters. Please correct and upload again");
}
if (!policyId.matches(regString)) {
throw new EntitlementException("An Entitlement Policy Id is not valid. It contains illegal characters");
}
policyDTO.setPolicyId(policyId);
if (isAdd) {
if (policyAdmin.isExistPolicy(policyId)) {
throw new EntitlementException("An Entitlement Policy with the given Id already exists");
}
}
} else {
throw new EntitlementException("Unsupported Entitlement Policy. Policy can not be parsed");
}
try {
String version = versionManager.createVersion(policyDTO);
policyDTO.setVersion(version);
} catch (EntitlementException e) {
log.error("Policy versioning is not supported", e);
}
}
policyAdmin.addOrUpdatePolicy(policyDTO);
} catch (EntitlementException e) {
handleStatus(operation, policyDTO, false, e.getMessage());
throw e;
}
handleStatus(operation, policyDTO, true, null);
// publish policy to PDP directly
if (policyDTO.isPromote()) {
if (isAdd) {
publishToPDP(new String[] { policyDTO.getPolicyId() }, EntitlementConstants.PolicyPublish.ACTION_CREATE, null, policyDTO.isActive(), policyDTO.getPolicyOrder());
} else {
publishToPDP(new String[] { policyDTO.getPolicyId() }, EntitlementConstants.PolicyPublish.ACTION_UPDATE, null, policyDTO.isActive(), policyDTO.getPolicyOrder());
}
}
}
Also used :
PAPPolicyStoreManager(org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreManager)
PolicyVersionManager(org.wso2.carbon.identity.entitlement.policy.version.PolicyVersionManager)
AbstractPolicy(org.wso2.balana.AbstractPolicy)
Example 5 with PAPPolicyStoreManager
use of org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreManager in project carbon-identity-framework by wso2.
the class EntitlementPolicyAdminService method removePolicy.
/**
* Removes policy for given policy object
*
* @param policyId policyId
* @param dePromote whether these policy must be removed from PDP as well
* @throws EntitlementException throws
*/
public void removePolicy(String policyId, boolean dePromote) throws EntitlementException {
if (policyId == null) {
throw new EntitlementException("Entitlement PolicyId can not be null.");
}
PAPPolicyStoreManager policyAdmin = EntitlementAdminEngine.getInstance().getPapPolicyStoreManager();
PolicyDTO oldPolicy = null;
try {
try {
oldPolicy = getPolicy(policyId, false);
} catch (Exception e) {
// exception is ignore. as unwanted details are throws
}
if (oldPolicy == null) {
oldPolicy = new PolicyDTO();
oldPolicy.setPolicyId(policyId);
}
policyAdmin.removePolicy(policyId);
} catch (EntitlementException e) {
oldPolicy = new PolicyDTO();
oldPolicy.setPolicyId(policyId);
handleStatus(EntitlementConstants.StatusTypes.DELETE_POLICY, oldPolicy, false, e.getMessage());
throw e;
}
handleStatus(EntitlementConstants.StatusTypes.DELETE_POLICY, oldPolicy, true, null);
// remove versions
EntitlementAdminEngine.getInstance().getVersionManager().deletePolicy(policyId);
// policy remove from PDP. this is done by separate thread
if (dePromote) {
publishToPDP(new String[] { policyId }, null, EntitlementConstants.PolicyPublish.ACTION_DELETE);
}
}
Also used :
PAPPolicyStoreManager(org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreManager)
PolicyDTO(org.wso2.carbon.identity.entitlement.dto.PolicyDTO)
RegistryException(org.wso2.carbon.registry.core.exceptions.RegistryException)
PatternSyntaxException(java.util.regex.PatternSyntaxException)
IOException(java.io.IOException)
Aggregations
PAPPolicyStoreManager (org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreManager)6
PolicyDTO (org.wso2.carbon.identity.entitlement.dto.PolicyDTO)3
AbstractPolicy (org.wso2.balana.AbstractPolicy)2
PolicyVersionManager (org.wso2.carbon.identity.entitlement.policy.version.PolicyVersionManager)2
RegistryException (org.wso2.carbon.registry.core.exceptions.RegistryException)2
IOException (java.io.IOException)1
Map (java.util.Map)1
Properties (java.util.Properties)1
PatternSyntaxException (java.util.regex.PatternSyntaxException)1
AttributeDTO (org.wso2.carbon.identity.entitlement.dto.AttributeDTO)1
PolicyStoreDTO (org.wso2.carbon.identity.entitlement.dto.PolicyStoreDTO)1
EntitlementAdminEngine (org.wso2.carbon.identity.entitlement.pap.EntitlementAdminEngine)1
PAPPolicyStore (org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStore)1
PAPPolicyStoreReader (org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreReader)1
PolicyPublisher (org.wso2.carbon.identity.entitlement.policy.publisher.PolicyPublisher)1
PolicyStoreManageModule (org.wso2.carbon.identity.entitlement.policy.store.PolicyStoreManageModule)1
Collection (org.wso2.carbon.registry.core.Collection)1
Registry (org.wso2.carbon.registry.core.Registry)1
Resource (org.wso2.carbon.registry.core.Resource)1
