EntitlementService.java revision 47dd079b8470fc1b3d4bbd5c3c0c4af896acabf5
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: EntitlementService.java,v 1.13 2010/01/08 23:59:32 veiming Exp $
*
* Portions Copyrighted 2011-2015 ForgeRock AS.
*/
/**
*
*/
public class EntitlementService extends EntitlementConfiguration {
/**
* Entitlement Service name.
*/
private static final String SCHEMA_OPENSSO_SUBJECT_ATTRIBUTES_COLLECTOR = "OpenSSOSubjectAttributesCollector";
private static final String REALM_DN_TEMPLATE = "ou={0},ou=default,ou=OrganizationConfig,ou=1.0,ou="
+ SERVICE_NAME + ",ou=services,{1}";
/**
* Constructor.
*/
}
/**
* Returns set of attribute values of a given attribute name,
*
* @param attrName attribute name.
* @return set of attribute values of a given attribute name,
*/
}
return defaultValue;
}
try {
} catch (NumberFormatException e) {
"EntitlementService.getConfiguration: attribute name=" +
attrName, e);
return defaultValue;
}
}
) {
try {
attrName);
return as.getDefaultValues();
}
} else {
"EntitlementService.getAttributeValues: " +
"admin token is missing");
}
} catch (SMSException ex) {
"EntitlementService.getAttributeValues", ex);
} catch (SSOException ex) {
"EntitlementService.getAttributeValues", ex);
}
return Collections.EMPTY_SET;
}
try {
attrName);
}
} else {
"EntitlementService.getAttributeValues: " +
"admin token is missing");
}
} catch (SMSException ex) {
"EntitlementService.setAttributeValues", ex);
} catch (SSOException ex) {
"EntitlementService.setAttributeValues", ex);
}
}
/**
* Returns a set of registered application type.
*
* @return A set of registered application type.
*/
try {
"EntitlementService.getApplicationTypes : "+
"admin sso token is absent");
} else {
token);
}
}
} catch (InstantiationException ex) {
"EntitlementService.getApplicationTypes", ex);
} catch (IllegalAccessException ex) {
"EntitlementService.getApplicationTypes", ex);
} catch (SMSException ex) {
"EntitlementService.getApplicationTypes", ex);
} catch (SSOException ex) {
"EntitlementService.getApplicationTypes", ex);
}
return results;
}
throws SMSException, SSOException {
if (globalConfig != null) {
}
return null;
}
}
return set;
}
private SSOToken getSSOToken() {
getAdminToken() :
}
/**
* Returns a set of application names for a given search criteria.
*
* @param adminSubject Admin Subject
* @param filters Set of search filter.
* @return a set of application names for a given search criteria.
* @throws EntitlementException if search failed.
*/
) throws EntitlementException {
throw new EntitlementException(451);
}
return Collections.EMPTY_SET;
}
try {
}
}
}
return results;
} catch (SMSException e) {
throw new EntitlementException(450, e);
}
}
}
return getAdminToken();
}
}
} else {
} else {
}
}
}
}
}
/**
* {@inheritDoc}
*/
try {
}
} catch (EntitlementException ex) {
} catch (ClassCastException ex) {
} catch (InstantiationException ex) {
} catch (IllegalAccessException ex) {
} catch (SMSException ex) {
} catch (SSOException ex) {
}
return null;
}
/**
* Returns a set of registered applications.
*
* @return a set of registered applications.
*/
}
/**
* Get a set of registered application names.
* @param token The admin token for access to the Service Config.
* @param realm The realm from which to retrieve the application names.
* @return a set of registered application names.
*/
try {
}
}
} catch (EntitlementException ex) {
} catch (ClassCastException ex) {
} catch (InstantiationException ex) {
} catch (IllegalAccessException ex) {
} catch (SMSException ex) {
} catch (SSOException ex) {
}
return results;
}
/**
* Get the service config for registered applications.
* @param token The admin token for access to the Service Config.
* @param realm The realm from which to retrieve the service config.
* @return The application Service Config.
*/
try {
realm = "/";
}
// TODO. Since applications for the hidden realms have to be
// the same as root realm mainly for delegation without any
// referrals, the hack is to use root realm for hidden realm.
}
} else {
PrivilegeManager.debug.error("EntitlementService.getApplicationConfiguration, admin token is missing");
}
} catch (ClassCastException ex) {
} catch (SMSException ex) {
} catch (SSOException ex) {
}
return null;
}
}
/**
* Returns subject attribute names.
*
* @param applicationName Application name.
* @param names subject attribute names.
* @throws EntitlementException if subject attribute names cannot be
* returned.
*/
public void addSubjectAttributeNames(
) throws EntitlementException {
return;
}
try {
throw new EntitlementException(225);
}
}
if (parentRealm == null) {
break;
}
}
}
}
} catch (SMSException ex) {
} catch (SSOException ex) {
}
}
/**
* Adds a new action.
*
* @param appName application name.
* @param name Action name.
* @param defVal Default value.
* @throws EntitlementException if action cannot be added.
*/
public void addApplicationAction(
) throws EntitlementException {
try {
throw new EntitlementException(226);
}
}
}
} catch (SMSException ex) {
} catch (SSOException ex) {
}
}
private ServiceConfig getApplicationSubConfig(
) throws SMSException, SSOException {
token);
}
}
return applConf;
}
) throws EntitlementException {
} else {
}
return results;
}
/**
* Removes application.
*
* @param name name of application to be removed.
* @throws EntitlementException if application cannot be removed.
*/
throws EntitlementException
{
try {
"SUCCEEDED_REMOVE_APPLICATION", logParams,
getAdminSubject());
params);
}
} catch (SMSException ex) {
} catch (SSOException ex) {
}
}
/**
* Removes application type.
*
* @param name name of application type to be removed.
* @throws EntitlementException if application type cannot be removed.
*/
throws EntitlementException{
try {
}
}
} catch (SMSException ex) {
} catch (SSOException ex) {
}
}
throws SMSException, SSOException {
token);
}
return null;
}
throws SMSException, SSOException {
token);
}
}
return sc;
}
/**
* Stores the application to data store.
*
* @param appl Application object.
* @throws EntitlementException if application cannot be stored.
*/
throws EntitlementException {
try {
s.save();
params);
} catch (SMSException ex) {
} catch (SSOException ex) {
}
}
}
/**
* Stores the application type to data store.
*
* @param applicationType Application type object.
* @throws EntitlementException if application type cannot be stored.
*/
throws EntitlementException {
try {
}
} else {
}
}
} catch (SMSException ex) {
} catch (SSOException ex) {
}
}
return data;
}
} else {
}
for (String c : conditions) {
}
} else {
}
}
} else {
}
}
if (searchIndex != null) {
}
}
for (String s : sbjAttributes) {
}
} else {
}
}
}
return map;
}
desc = "";
}
}
if (lastModifiedBy != null) {
}
if (creationDate > 0) {
}
if (lastModifiedDate > 0) {
}
return info;
}
/**
* Returns subject attribute names.
*
* @param application Application name.
* @return subject attribute names.
*/
try {
return app.getAttributeNames();
}
} catch (EntitlementException ex) {
"EntitlementService.getSubjectAttributeNames", ex);
}
return Collections.EMPTY_SET;
}
/**
* Returns subject attributes collector names.
*
* @return subject attributes collector names.
* @throws EntitlementException if subject attributes collector names
* cannot be returned.
*/
throws EntitlementException {
try {
return conf.getSubConfigNames();
}
} else {
"EntitlementService.getSubjectAttributesCollectorNames: " +
"admin sso token is absent");
throw new EntitlementException(285);
}
} catch (SMSException ex) {
"EntitlementService.getSubjectAttributesCollectorNames", ex);
} catch (SSOException ex) {
"EntitlementService.getSubjectAttributesCollectorNames", ex);
}
return null;
}
/**
* Returns subject attributes collector configuration.
*
* @param name subject attributes collector name
* @return subject attributes collector configuration.
* @throws EntitlementException if subject attributes collector
* configuration cannot be returned.
*/
throws EntitlementException {
try {
}
// copy from parent sub config
if (porgConfig != null) {
if (psubConfig != null) {
}
}
}
}
attrs);
}
return subConfig.getAttributes();
}
} else {
"EntitlementService.getSubjectAttributesCollectorConfiguration:"
+ "admin sso token is absent");
}
} catch (SMSException ex) {
"EntitlementService.getSubjectAttributesCollectorConfiguration",
ex);
} catch (SSOException ex) {
"EntitlementService.getSubjectAttributesCollectorConfiguration",
ex);
}
return null;
}
/**
* Sets subject attributes collector configuration.
*
* @param name subject attributes collector name
* @param attrMap subject attributes collector configuration map.
* @throws EntitlementException if subject attributes collector
* configuration cannot be set.
*/
public void setSubjectAttributesCollectorConfiguration(
throws EntitlementException {
try {
}
attrMap);
} else {
}
}
} else {
"EntitlementService.setSubjectAttributesCollectorConfiguration:"
+ "admin sso token is absent");
}
} catch (SMSException ex) {
"EntitlementService.setSubjectAttributesCollectorConfiguration",
ex);
} catch (SSOException ex) {
"EntitlementService.setSubjectAttributesCollectorConfiguration",
ex);
}
}
/**
* Returns <code>true</code> if OpenAM policy data is migrated to a
* form that entitlements service can operates on them.
*
* @return <code>true</code> if OpenAM policy data is migrated to a
* form that entitlements service can operates on them.
*/
public boolean hasEntitlementDITs() {
try {
return true;
} catch (SMSException ex) {
return false;
} catch (SSOException ex) {
return false;
}
}
/**
* Returns <code>true</code> if the system is migrated to support
* entitlement services.
*
* @return <code>true</code> if the system is migrated to support
* entitlement services.
*/
public boolean migratedToEntitlementService() {
if (!hasEntitlementDITs()) {
return false;
}
}
/**
* Returns <code>true</code> if the system stores privileges in
* XACML format and supports exporting privileges in XACML format
*
*
* @return <code>true</code> if the system stores privileges in
* XACML format and supports exporting privileges in XACML format
*/
public boolean xacmlPrivilegeEnabled() {
if (!hasEntitlementDITs()) {
return false;
}
&& !xacmlEnabledSet.isEmpty()) ?
: false;
}
public boolean networkMonitorEnabled() {
if (!hasEntitlementDITs()) {
return false;
}
}
public void setNetworkMonitorEnabled(boolean enabled) {
}
public void reindexApplications() {
for (Application a : appls) {
try {
} catch (EntitlementException ex) {
//ignore
}
}
}
public boolean doesRealmExist() {
try {
getAdminToken(), realm);
return true;
} catch (SMSException ex) {
return false;
}
}
throws EntitlementException {
try {
getAdminToken(), realm);
}
} catch (SMSException ex) {
ex);
// realm no longer exist
}
return results;
}
return null;
}
if (idx == -1) {
return null;
}
}
}
/**
* For the passed in Entitlement environment, update the value associated with the key "am.policy.realmDN".
*
* @param environment The Entitlement environment to update with new realm DN value.
* @param subRealm The Sub Realm whose DN value should be stored in the environment map.
* @return The existing realm DN value stored in the environment map to enable it to be restored, may be
* null if the Policy Configuration for the Sub Realm could not be loaded.
* @see #restoreEnvironmentRealmDn
*/
public Set<String> updateEnvironmentRealmDn(Map<String, Set<String>> environment, String subRealm) {
try {
} catch (PolicyException ex) {
}
/**
* Save the realm name for the current policy config before passing control down to sub-realm
*/
// Update env to point to the realm policy config data.
}
return savedRealmDn;
}
/**
* {@inheritDoc}
*/
public void restoreEnvironmentRealmDn(Map<String, Set<String>> environment, Set<String> savedRealmDn) {
}
/**
* Whether the overall monitoring framework is enabled and running.
*
* @return true if monitoring is enabled, false otherwise.
*/
public boolean isMonitoringRunning() {
return MonitoringUtil.isRunning();
}
public int getPolicyWindowSize() {
return MonitoringUtil.getPolicyWindowSize();
}
}