XACMLExportImport.java revision 776f89d44ff3bc4d2988e0065737b4ab2f8302c1
/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2014 ForgeRock AS.
*/
/**
* Utility for handling the Export and subsequent Import of Policies into
* the OpenAM Entitlements framework.
*
* @since 12.0.0
*/
public class XACMLExportImport {
// Injected
private final XACMLReaderWriter xacmlReaderWriter;
private final SearchFilterFactory searchFilterFactory;
private final PrivilegeValidator privilegeValidator;
private final PrivilegeManagerFactory privilegeManagerFactory;
private final ReferralPrivilegeManagerFactory referralPrivilegeManagerFactory;
/**
* Creates an instance of the XACMLExportImport with dependencies provided.
*
* @param privilegeManagerFactory Non null, required to create PrivilegeManager instances.
* @param referralPrivilegeManagerFactory Non null, required to create ReferralPrivilegeManager instances.
* @param privilegeValidator Non null, required for validation of imported privileges.
* @param searchFilterFactory Non null, required for SearchFilter operations.
* @param debug Non null.
*/
this.xacmlReaderWriter = xacmlReaderWriter;
this.privilegeValidator = privilegeValidator;
}
/**
* Performs the Import based on the given Stream. The stream must contain XML in XACML.
*
* @param realm Non null Realm to populate with the Policies.
* @param xacml Non null stream to read.
* @param admin Non null admin Subject.
* @param dryRun boolean flag, indicating import steps should be reported but not applied.
* @return The sequence steps that could or have been used to carry out the import.
* @throws EntitlementException If there was any unexpected error.
*/
throws EntitlementException {
if (!dryRun) {
}
message("Import: Complete");
}
return importSteps;
}
/**
* Establishes the sequence of ImportSteps required to import the provided privileges into the specified realm.
*
* @param realm Non null Realm to populate with the Policies.
* @param privilegeSet Non null, collection of Privileges and ReferralPrivileges to import.
* @param admin Non null admin Subject.
* @return The sequence steps that can be used to carry out the import.
* @throws EntitlementException If there was any unexpected error.
*/
private List<ImportStep> generateImportSteps(String realm, PrivilegeSet privilegeSet, Subject admin)
throws EntitlementException {
ReferralPrivilegeManager rpm = referralPrivilegeManagerFactory.createPrivilegeManager(realm, admin);
} else {
}
}
} else {
}
}
return importSteps;
}
/**
* Performs an export of all Policies found in the Privilege Manager that match the
* provided filters.
*
* @param realm Non null realm.
* @param admin Non null admin subject to authenticate as.
* @param filters Non null, but maybe empty filters to select Privileges against.
* @return A non null but possibly empty collection of Policies.
* @throws EntitlementException If there was any problem with the generation of Policies.
*/
throws EntitlementException {
ReferralPrivilegeManager rpm = referralPrivilegeManagerFactory.createPrivilegeManager(realm, admin);
}
}
}
}
message("Export: Complete");
return policySet;
}
if (debug.messageEnabled()) {
}
}
/**
* Factory method for ReferralPrivilege ImportStep
*/
private ImportStep referralImportStep(ReferralPrivilegeManager rpm, DiffStatus type, ReferralPrivilege referral) {
}
/**
* Factory method for Privilege ImportStep
*/
}
/**
* Factory to allow PrivilegeManager to be mocked in tests
*/
public static class PrivilegeManagerFactory {
}
}
/**
* Factory to allow ReferralPrivilegeManager to be mocked in tests
*/
public static class ReferralPrivilegeManagerFactory {
}
}
/**
* Diff status types used to describe the change in state of a single resource.
*/
public static enum DiffStatus {
private final char code;
private DiffStatus(char code) {
}
/**
* Single character description of diff status.
*
* @return Character code description of diff status.
*/
public char getCode() {
return code;
}
}
/**
* Describes how a Privilege or ReferralPrivilege read from XACML will be imported into OpenAM.
*/
public interface ImportStep {
public DiffStatus getDiffStatus();
public IPrivilege getPrivilege();
}
/**
* {@inheritDoc}
*/
private final IPrivilegeManager<T> privilegeManager;
private final DiffStatus diffStatus;
private final T privilege;
private final String privilegeType;
public ImportStepImpl(IPrivilegeManager<T> manager, DiffStatus diffStatus, T privilege, String privilegeType) {
this.privilegeManager = manager;
this.diffStatus = diffStatus;
this.privilegeType = privilegeType;
}
public DiffStatus getDiffStatus() {
return diffStatus;
}
public IPrivilege getPrivilege() {
return privilege;
}
private void apply() throws EntitlementException {
switch (diffStatus) {
case ADD:
break;
case UPDATE:
break;
}
}
}
}