/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: EntitlementCombiner.java,v 1.4 2009/12/07 19:46:45 veiming Exp $
*
* Portions copyright 2010-2015 ForgeRock AS.
*/
/**
* Encapsulates a Strategy for combining the results of two {@link com.sun.identity.entitlement.Entitlement}s.
* Across the system, these can also be referred to as "decision combiners"; for example, the set of registered
* EntitlementCombiners can be retrieved from the <code>/json/decisioncombiners</code> REST endpoint.
*
* This is the base class and is, for example, extended by {@link com.sun.identity.entitlement.DenyOverride}.
*
* <code>init</code> needs to be called after it is created.
*/
public abstract class EntitlementCombiner {
private boolean isDone;
private boolean isRecursive;
/**
* root entitlement is the root entitlement when we are doing sub tree
* evaluation (recursive = true); and is the entitlement decision for
* single node evaluation (recursive = false).
*/
/**
* Initializes the combiner.
*
* @param realm Realm name.
* @param applicationName Application Name.
* @param normalisedResourceName The normalised resource name.
* @param requestedResourceName The requested resource name.
* @param actions Action names to be evaluated.
* @param isRecursive <code>true<</code> for subtree evaluation.
*/
public void init(String realm, String applicationName, String normalisedResourceName, String requestedResourceName,
}
/**
* Initializes the combiner.
*
* @param normalisedResourceName The normalised resource name.
* @param requestedResourceName The requested resource name.
* @param actions Action names to be evaluated.
* @param isRecursive <code>true<</code> for subtree evaluation.
* @param application The defining application.
*/
this.isRecursive = isRecursive;
}
/**
* Adds a set of entitlements to the overall entitlement decision. These
* entitlements will be combined with existing decision.
*
* @param entitlements Set of entitlements.
*/
if (!isRecursive) {
for (Entitlement e : entitlements) {
mergeActionValues(rootE, e);
mergeAdvices(rootE, e);
mergeAttributes(rootE, e);
}
} else {
boolean isRegExComparator = (resourceComparator instanceof
for (Entitlement e : entitlements) {
boolean toAdd = true;
mergeAdvices(existing, e);
mergeAttributes(existing, e);
toAdd = false;
mergeAdvices(existing, e);
mergeAttributes(existing, e);
mergeAdvices(e, existing);
mergeAttributes(e, existing);
} else if (!isRegExComparator &&
mergeAdvices(e, existing);
mergeAttributes(e, existing);
}
}
if (toAdd) {
e.getResourceName(), e.getActionValues());
}
}
}
}
/**
* Sets the action values of the first entitlement to be the union of all action values from the first and second
* entitlements; if a particular action value is contained in both entitlements, then the two values are combined
* (using the implementation-dependent) {@link #combine} method) before being added to the first entitlement.
*
* @param e1 Entitlement.
* @param e2 Entitlement.
*/
}
}
for (String n : actionNames) {
} else {
}
}
} else {
// Advice is present and therefore more data is needed before any actions can be taken.
}
isDone = isCompleted();
}
/**
* Sets the advices of the first entitlement to be the union of all advices from the first and second entitlements.
*
* @param e1 Entitlement.
* @param e2 Entitlement.
*/
}
}
if (r == null) {
}
}
}
}
}
/**
* Sets the attributes of the first entitlement to be the union of all attributes from the first and second
* entitlements.
*
* @param e1 Entitlement
* @param e2 Entitlement
*/
}
}
if (r == null) {
}
}
}
}
}
/**
* Merges time to live values. The lowest of the TTL values is set as the TTL.
*
* @param e1 Entitlement
* @param e2 Entitlement
*/
}
}
/**
* Returns action names.
*
* @return action names.
*/
return actions;
}
/**
* Returns <code>true</code> if this entitlement combiner is working on sub tree evaluation.
*
* @return <code>true</code> if this entitlement combiner is working on sub tree evaluation.
*/
protected boolean isRecursive() {
return isRecursive;
}
/**
* Returns the entitlement which will act as the root for sub tree evaluations.
*
* @return root entitlement for sub tree evaluations.
*/
return rootE;
}
/**
* Returns the resource comparator.
*
* @return resource comparator.
*/
return resourceComparator;
}
/**
* Returns <code>true</code> if policy decision can also be determined.
*
* @return <code>true</code> if policy decision can also be determined.
*/
public boolean isDone() {
return isDone;
}
/**
* Returns entitlements which are the result of combining a set of entitlements.
*
* @return entitlement results.
*/
return results;
}
/**
* Returns the result of combining two entitlement decisions.
*
* @param b1 entitlement decision.
* @param b2 entitlement decision.
* @return result of combining two entitlement decisions.
*/
/**
* Returns <code>true</code> if policy decision can also be determined.
* This method is called by derived classes. #isDone method shall be set if this returns true.
*
* @return <code>true</code> if policy decision can also be determined.
*/
protected abstract boolean isCompleted();
/**
* Returns the name of this class for ease of reference.
*
* @return The simple name of this instance's class
*/
return getClass().getSimpleName();
}
}