ApplicationManager.java revision 25be0ff4f1d3a0aba597af3cebce429c72ba4203
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: ApplicationManager.java,v 1.11 2010/01/13 23:41:57 veiming Exp $
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington * Portions Copyrighted 2013-2015 ForgeRock AS.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.entitlement.util.SearchFilter;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.entitlement.util.SearchFilter.Operator;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.forgerock.openam.entitlement.PolicyConstants;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.forgerock.openam.entitlement.service.ResourceTypeService;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.forgerock.openam.utils.CollectionUtils;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport org.forgerock.util.annotations.VisibleForTesting;
9d1321897216c79ea0639b6d8e0f92d0565876b6Jason Lemayimport java.lang.reflect.InvocationTargetException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.util.concurrent.locks.ReentrantReadWriteLock;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Application Manager handles addition, deletion and listing of applications for each realm.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpublic final class ApplicationManager {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final Debug DEBUG = Debug.getInstance("Entitlement");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static Map<String, Set<Application>> applications = new ConcurrentHashMap<String, Set<Application>>();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final ReentrantReadWriteLock readWriteLock = new ReentrantReadWriteLock();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the application names in a realm.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When performing the search using the Subject {@link PrivilegeManager#superAdminSubject},
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the provided filters must not contain {@link Operator#LESS_THAN_OR_EQUAL_OPERATOR }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * or {@link Operator#GREATER_THAN_OR_EQUAL_OPERATOR } as these are not supported by LDAP.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param adminSubject Admin Subject who has the rights to access configuration datastore.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param realm Realm name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param filters Search Filters
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return application names in a realm.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static Set<String> search(Subject adminSubject, String realm, Set<SearchFilter> filters)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (adminSubject == PolicyConstants.SUPER_ADMIN_SUBJECT) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster EntitlementConfiguration ec = EntitlementConfiguration.getInstance(adminSubject, realm);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return ec.searchApplicationNames(adminSubject, filters);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Delegation to applications is currently not configurable, passing super admin (see AME-4959)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ApplicationPrivilegeManager.getInstance(realm, PolicyConstants.SUPER_ADMIN_SUBJECT);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set<String> applNames = apm.getApplications(ApplicationPrivilege.Action.READ);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return filterApplicationNames(realm, applNames, filters);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static Set<String> filterApplicationNames(String realm, Set<String> applNames, Set<SearchFilter> filters) {
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington if ((filters != null) && !filters.isEmpty()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Application app = ApplicationManager.getApplication(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyConstants.SUPER_ADMIN_SUBJECT, realm, name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyConstants.DEBUG.error("ApplicationManager.fitlerApplicationNames", ex);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster static boolean match(Set<SearchFilter> filters, Application app) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (Application.NAME_ATTRIBUTE.equals(filter.getName())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!StringUtils.match(app.getName(), filter.getValue())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (Application.DESCRIPTION_ATTRIBUTE.equals(filter.getName())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!StringUtils.match(app.getDescription(), filter.getValue())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (Application.CREATED_BY_ATTRIBUTE.equals(filter.getName())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!StringUtils.match(app.getCreatedBy(), filter.getValue())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (Application.LAST_MODIFIED_BY_ATTRIBUTE.equals(filter.getName())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!StringUtils.match(app.getLastModifiedBy(), filter.getValue())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (Application.CREATION_DATE_ATTRIBUTE.equals(filter.getName())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!match(app.getCreationDate(), filter.getNumericValue(), filter.getOperator())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (Application.LAST_MODIFIED_DATE_ATTRIBUTE.equals(filter.getName())){
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!match(app.getLastModifiedDate(), filter.getNumericValue(), filter.getOperator())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static boolean match(long value, long pattern, Operator operator) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the application names in a realm.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param adminSubject Admin Subject who has the rights to access
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * configuration datastore.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param realm Realm name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return application names in a realm.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set<Application> appls = getApplications(adminSubject, realm);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static Set<Application> getAllApplication(String realm)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster EntitlementConfiguration ec = EntitlementConfiguration.getInstance(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set<Application> appls = applications.get(realm);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ReferredApplicationManager mgr = ReferredApplicationManager.getInstance();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set<ReferredApplication> referredApplications = mgr.getReferredApplications(realm);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!"/".equals(realm) && (referredApplications == null || referredApplications.isEmpty())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster DEBUG.warning("No referred applications for sub-realm: " + realm);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static Set<Application> getApplications(Subject adminSubject,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set<Application> appls = getAllApplication(realm);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (adminSubject == PolicyConstants.SUPER_ADMIN_SUBJECT) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set<Application> accessible = new HashSet<Application>();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Delegation to applications is currently not configurable, passing super admin (see AME-4959)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ApplicationPrivilegeManager.getInstance(realm, PolicyConstants.SUPER_ADMIN_SUBJECT);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster apm.getApplications(ApplicationPrivilege.Action.READ);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (accessibleApplicationNames.contains(applicationName)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns application.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param realm Realm name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param name Name of Application.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return application.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static Application getApplicationForEvaluation(
9d1321897216c79ea0639b6d8e0f92d0565876b6Jason Lemay return getApplication(PolicyConstants.SUPER_ADMIN_SUBJECT, realm,
) throws EntitlementException {
return appl;
return appl;
return null;
public static void deleteApplication(
) throws EntitlementException {
if (!allowed) {
if (!allowed) {
public static void saveApplication(
) throws EntitlementException {
if (!allow) {
if (!allow) {
return null;
private static long getApplicationCreationDate(
private static boolean isReferredApplication(
realm);
private static boolean hasAccessToApplication(
private static boolean hasAccessToApplication(
private static boolean isNewApplication(
) throws EntitlementException {
public static void referApplication(
) throws EntitlementException {
if (!allowed) {
if (!allowed) {
public static void dereferApplication(
) throws EntitlementException {
if (!allowed) {
if (!allowed) {
) throws EntitlementException {
if (!allowed) {
if (!allowed) {
public static Application newApplication(String name, ApplicationType applicationType) throws EntitlementException {
public static void updateApplication(Application oldApplication, Application newApplication, Subject subject,
throws EntitlementException {