/* * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. * * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved * * The contents of this file are subject to the terms * of the Common Development and Distribution License * (the License). You may not use this file except in * compliance with the License. * * You can obtain a copy of the License at * https://opensso.dev.java.net/public/CDDLv1.0.html or * opensso/legal/CDDLv1.0.txt * See the License for the specific language governing * permission and limitations under the License. * * When distributing Covered Code, include this CDDL * Header Notice in each file and include the License file * at opensso/legal/CDDLv1.0.txt. * If applicable, add the following below the CDDL Header, * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: StringAttributeCondition.java,v 1.3 2009/08/31 19:48:14 veiming Exp $ * * Portions Copyrighted 2014-2015 ForgeRock AS. */ package com.sun.identity.entitlement; import org.forgerock.openam.utils.CollectionUtils; import org.forgerock.openam.utils.StringUtils; import org.json.JSONException; import org.json.JSONObject; import javax.security.auth.Subject; import java.util.Collections; import java.util.HashMap; import java.util.HashSet; import java.util.Map; import java.util.Set; /** * Condition for evaluating attribute value of string type. */ public class StringAttributeCondition extends EntitlementConditionAdaptor { public static final String ATTR_NAME_ATTRIBUTE_NAME = "attributeName"; public static final String ATTR_NAME_CASE_SENSITIVE = "caseSensitive"; public static final String ATTR_NAME_VALUE = "value"; private String attributeName; private boolean bCaseSensitive; private String value; @Override public void init(Map> parameters) { for (String key : parameters.keySet()) { if (key.equalsIgnoreCase(ATTR_NAME_ATTRIBUTE_NAME)) { attributeName = getInitStringValue(parameters.get(key)); } else if (key.equals(ATTR_NAME_CASE_SENSITIVE)) { bCaseSensitive = getInitBooleanValue(parameters.get(key)); } else if (key.equals(ATTR_NAME_VALUE)) { value = getInitStringValue(parameters.get(key)); } } } private static String getInitStringValue(Set set) { return ((set == null) || set.isEmpty()) ? null : set.iterator().next(); } private static boolean getInitBooleanValue(Set set) { String value = ((set == null) || set.isEmpty()) ? null : set.iterator().next(); return (value == null) ? false : Boolean.parseBoolean(value); } public void setState(String state) { try { JSONObject jo = new JSONObject(state); setState(jo); if (jo.has("attributeName")) { attributeName = jo.optString("attributeName"); } bCaseSensitive = Boolean.parseBoolean( jo.optString("bCaseSensitive")); if (jo.has("value")) { value = jo.getString("value"); } } catch (JSONException e) { PrivilegeManager.debug.error("StringAttributeCondition.setState", e); } } public String getState() { try { JSONObject jo = new JSONObject(); toJSONObject(jo); if (attributeName != null) { jo.put("attributeName", attributeName); } jo.put("bCaseSensitive", Boolean.toString(bCaseSensitive)); if (value != null) { jo.put("value", value); } return jo.toString(); } catch (JSONException e) { PrivilegeManager.debug.error("StringAttributeCondition.getState", e); return ""; } } public ConditionDecision evaluate(String realm, Subject subject, String resourceName, Map> environment) throws EntitlementException { boolean allowed = false; if ((attributeName != null) && (attributeName.length() > 0) && (value != null)) { Set values = environment.get(attributeName); if ((values != null) && !values.isEmpty()) { for (String v : values) { allowed = (bCaseSensitive) ? v.equals(value) : v. equalsIgnoreCase(value); if (allowed) { break; } } } } else { PrivilegeManager.debug.error( "StringAttributeCondition cannot be evaluated because either attribute name or value is null"); } if (!allowed && (attributeName != null) && (attributeName.length() > 0) ) { Map> advices = new HashMap>(); Set set = new HashSet(); StringBuilder advice = new StringBuilder(); advice.append(attributeName).append("="); if (value != null) { advice.append(value); } if (bCaseSensitive) { advice.append("("). append("casesensitive"). append(")"); } set.add(advice.toString()); advices.put(getClass().getName(), set); return new ConditionDecision(false, advices); } return new ConditionDecision(allowed, Collections.EMPTY_MAP); } public void setAttributeName(String attributeName) { this.attributeName = attributeName; } public void setCaseSensitive(boolean flag) { bCaseSensitive = flag; } public void setValue(String value) { this.value = value; } public String getAttributeName() { return attributeName; } public boolean isCaseSensitive() { return bCaseSensitive; } public String getValue() { return value; } @Override public boolean equals(Object obj) { if (!super.equals(obj)) { return false; } if (!getClass().equals(obj.getClass())) { return false; } StringAttributeCondition other = (StringAttributeCondition) obj; if (!CollectionUtils.genericCompare(this.attributeName, other.attributeName)) { return false; } if (this.bCaseSensitive != other.bCaseSensitive) { return false; } return CollectionUtils.genericCompare(this.value, other.value); } @Override public int hashCode() { int hc = super.hashCode(); if (attributeName != null) { hc = 31*hc + attributeName.hashCode(); } hc = 31*hc + (bCaseSensitive ? 1 : 0); if (value != null) { hc = 31*hc + value.hashCode(); } return hc; } @Override public void validate() throws EntitlementException { if (StringUtils.isBlank(attributeName)) { throw new EntitlementException(EntitlementException.PROPERTY_VALUE_NOT_DEFINED, ATTR_NAME_ATTRIBUTE_NAME); } if (value == null) { throw new EntitlementException(EntitlementException.PROPERTY_VALUE_NOT_DEFINED, ATTR_NAME_VALUE); } } }