OpenSSOIndexStore.java revision 0fe99aaa2652cb97bbd71876ea28074e6241c3c0
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: OpenSSOIndexStore.java,v 1.13 2010/01/25 23:48:15 veiming Exp $
*
* Portions copyright 2011-2015 ForgeRock AS.
*/
public class OpenSSOIndexStore extends PrivilegeIndexStore {
private static final int DEFAULT_CACHE_SIZE = 100000;
private static final int DEFAULT_THREAD_SIZE = 1;
private static final int DEFAULT_IDX_CACHE_SIZE = 100000;
private static final PolicyCache policyCache;
private static final PolicyCache referralCache;
private static final int policyCacheSize;
private static final Map indexCaches;
private static final Map referralIndexCaches;
private static final int indexCacheSize;
private static IThreadPool threadPool;
private static boolean isMultiThreaded;
private Subject superAdminSubject;
// Initialize the caches
static {
adminSubject, "/");
if (policyCacheSize > 0) {
} else {
policyCache = null;
}
if (indexCacheSize > 0) {
indexCaches = new CaseInsensitiveHashMap();
} else {
indexCaches = null;
}
threadSize) : new SequentialThreadPool();
// Register listener for realm deletions
try {
} catch (Exception e) {
"Unable to register for SMS notifications", e);
}
}
int defaultVal) {
return defaultVal;
}
}
// Instance variables
private IndexCache indexCache;
private IndexCache referralIndexCache;
/**
* Constructor.
*
* @param realm Realm Name
*/
super(adminSubject, realm);
// Get Index caches based on realm
if (indexCacheSize > 0) {
synchronized (indexCaches) {
if (indexCache == null) {
}
}
synchronized (referralIndexCaches) {
realmDN);
if (referralIndexCache == null) {
}
}
}
}
try {
} catch (NumberFormatException e) {
return defaultValue;
}
}
/**
* Adds a set of privileges to the data store. Proper indexes will be
* created to speed up policy evaluation.
*
* @param privileges Privileges to be added.
* @throws com.sun.identity.entitlement.EntitlementException if addition
* failed.
*/
throws EntitlementException {
for (IPrivilege p : privileges) {
if (p instanceof Privilege) {
} else if (p instanceof ReferralPrivilege) {
add((ReferralPrivilege)p);
}
}
}
}
throws EntitlementException {
// clone so that canonicalized resource name will be localized.
}
/**
* Deletes a set of privileges from data store.
*
* @param privilegeName Name of privilege to be deleted.
* @throws EntitlementException if deletion
* failed.
*/
throws EntitlementException {
delete(privilegeName, true);
}
/**
* Deletes a referral privilege from data store.
*
* @param privilegeName Name of referral to be deleted.
* @throws EntitlementException if deletion
* failed.
*/
throws EntitlementException {
deleteReferral(privilegeName, true);
}
/**
* Deletes a privilege from data store.
*
* @param privileges Privileges to be deleted.
* @throws EntitlementException if deletion
* failed.
*/
throws EntitlementException {
for (IPrivilege p : privileges) {
if (p instanceof Privilege) {
} else {
}
if (indexCacheSize > 0) {
if (p instanceof Privilege) {
} else {
}
}
}
}
}
throws EntitlementException {
if (notify) {
} else {
}
if (policyCacheSize > 0) {
}
return dn;
}
throws EntitlementException {
if (notify) {
}
if (policyCacheSize > 0) {
}
return dn;
}
private void cache(
) throws EntitlementException {
} else if (eval instanceof ReferralPrivilege) {
}
}
private void cache(
Privilege p,
) throws EntitlementException {
}
private void cache(
) throws EntitlementException {
}
/**
* Returns an iterator of matching privilege objects.
*
* @param realm Realm Name.
* @param indexes Resource search indexes.
* @param subjectIndexes Subject search indexes.
* @param bSubTree <code>true</code> for sub tree evaluation.
* @return an iterator of matching privilege objects.
* @throws com.sun.identity.entitlement.EntitlementException if results
* cannot be obtained.
*/
throws EntitlementException {
}
/**
* Search for policies.
*
* @param realm
* The realm of which the policy resides.
* @param indexes
* Policy indexes.
* @param subjectIndexes
* Subject indexes.
* @param bSubTree
* Whether in subtree mode.
* @param bReferral
* Whether there is a policy referral.
* @return An iterator of policies.
* @throws EntitlementException
* Should an error occur searching for policies.
*/
boolean bSubTree,
boolean bReferral
) throws EntitlementException {
// When not in subtree mode path indexes should be available.
return iterator;
}
// When in subtree mode parent path indexes should be available.
return iterator;
}
if (indexCacheSize > 0) {
}
if (bReferral) {
}
}
}
} else {
}
return iterator;
}
/**
* Retrieve an individual privilege from the data store.
*
* @param privilegeName Name of the privilege to return.
* @return The privilege, or empty if none was found.
*/
//if we have anything in the cache try to retrieve this one from it before going to DS
if (policyCacheSize > 0) {
return priv;
}
}
//only search if we don't know we have everything in the cache
if (isPolicyCacheBehind(getRealm())) {
try {
return result;
} catch (EntitlementException e) {
"OpenSSOIndexStore.GetTask.runPolicy", e);
}
}
return null;
}
) throws EntitlementException {
//TOFIX check if it is webagent service
try {
res);
}
} catch (SSOException e) {
"OpenSSOIndexStore.getOrgAliasReferral", e);
} catch (SMSException e) {
"OpenSSOIndexStore.getOrgAliasReferral", e);
}
}
return result;
}
int len = -1;
result = s;
}
}
return result;
}
throws SMSException, SSOException {
if (s.startsWith("://")) {
s = s.substring(3);
}
if (s.length() > 0) {
searchIndexes.add(s);
}
}
for (String r : realmNames) {
if (!r.equals("/")) {
if (!r.startsWith("/")) {
r = "/" + r;
}
}
}
return realms;
} else {
return Collections.EMPTY_SET;
}
}
if (!CacheTaboo.isEmpty()) {
return true;
}
return true;
}
return false;
}
if (!CacheTaboo.isEmpty()) {
return true;
}
return true;
}
return false;
}
private boolean isDSSearchNecessary() {
}
{
if (r != null) {
} else {
i.remove();
}
}
return setDNs;
}
{
if (p != null) {
} else {
i.remove();
}
}
return setDNs;
}
/**
* Returns a set of privilege names that satifies a search filter.
*
* @param filters Search filters.
* @param boolAnd <code>true</code> to have filters as exclusive.
* @param numOfEntries Number of max entries.
* @param sortResults <code>true</code> to have result sorted.
* @param ascendingOrder <code>true</code> to have result sorted in
* ascending order.
* @return a set of privilege names that satifies a search filter.
* @throws EntitlementException if search failed.
*/
boolean boolAnd,
int numOfEntries,
boolean sortResults,
boolean ascendingOrder
) throws EntitlementException {
}
} else {
} else {
if (boolAnd) {
} else {
}
}
}
}
}
/**
* Returns a set of referral privilege names that satifies a search filter.
*
* @param filters Search filters.
* @param boolAnd <code>true</code> to have filters as exclusive.
* @param numOfEntries Number of max entries.
* @param sortResults <code>true</code> to have result sorted.
* @param ascendingOrder <code>true</code> to have result sorted in
* ascending order.
* @return a set of referral privilege names that satifies a search filter.
* @throws EntitlementException if search failed.
*/
boolean boolAnd,
int numOfEntries,
boolean sortResults,
boolean ascendingOrder
) throws EntitlementException {
}
/**
* Returns a set of referral privilege names that matched a set of search
* criteria.
*
* @param filters Set of search filter (criteria).
* @param boolAnd <code>true</code> to be inclusive.
* @param numOfEntries Number of maximum search entries.
* @param sortResults <code>true</code> to have the result sorted.
* @param ascendingOrder <code>true</code> to have the result sorted in
* ascending order.
* @return a set of referral privilege names that matched a set of search
* criteria.
* @throws EntitlementException if search failed.
*/
boolean boolAnd,
int numOfEntries,
boolean sortResults,
boolean ascendingOrder
) throws EntitlementException {
} else {
} else {
if (boolAnd) {
} else {
}
}
}
}
}
/**
* Returns a set of resources that are referred to this realm.
*
* @param applicationTypeName Application type name,
* @return a set of resources that are referred to this realm.
* @throws EntitlementException if resources cannot be returned.
*/
throws EntitlementException {
return Collections.EMPTY_SET;
}
}
try {
}
for (ReferralPrivilege r : rPrivileges) {
}
}
}
}
return results;
} catch (SMSException ex) {
"OpenSSOIndexStore.getReferredResources", ex);
}
}
}
public List<Privilege> findAllPoliciesByApplication(String application) throws EntitlementException {
}
adminToken, realm);
while (true) {
break;
}
}
return results;
}
adminToken, realm);
base += "/";
}
}
return results;
}
) throws SMSException {
OrganizationConfigManager m = new
}
}
}
}
return results;
}
{
try {
} else {
return false;
}
} catch (SMSException ex) {
"OpenSSOIndexStore.isOrgAliasMappingResourceEnabled", ex);
return false;
} catch (SSOException ex) {
"OpenSSOIndexStore.isOrgAliasMappingResourceEnabled", ex);
return false;
}
}
String getRealmDN() {
return (realmDN);
}
// Monitoring
}
}
public static int getNumCachedPolicies() {
return policyCache.getCount();
}
public static int getNumCachedReferrals() {
return referralCache.getCount();
}
public boolean hasPrivilgesWithApplication(
applName);
}
public class SearchTask implements Runnable {
private BufferedIterator iterator;
private ResourceSearchIndexes indexes;
private boolean bSubTree;
public SearchTask(
boolean bSubTree,
) {
this.subjectIndexes = subjectIndexes;
this.excludeDNs = excludeDNs;
}
public void run() {
try {
if (indexCacheSize > 0) {
}
}
} catch (EntitlementException ex) {
"OpenSSOIndexStore.SearchTask.runPolicy", ex);
}
}
}
// SMS Listener to clear cache when realms are deleted
static class EntitlementsListener implements ServiceListener {
}
}
((serviceComponent == null) ||
// Realm has been deleted, clear the indexCaches &
}
}
}
}