PolicyConfig.java revision ffe6b6c07b5ffa801f17d2719518a8eed1aa62fb
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: PolicyConfig.java,v 1.10 2009/01/28 05:35:01 ww203982 Exp $
*
*/
/**
* The <code>PolicyConfig</code> class manages policy configuration for
* an organization and resource comparator configuration for a <code>
* serviceType</code>.
* The policy organization configuration is defined in amPolicyConfiguration
* service. The policy configuration values need to be set for each
* organization. The <code>Subject</code> implementations get these
* configuration values as a <code>Map</code>. The keys to the map are defined
* as constants in this class. Different Subject implementations need different
* key values. For example, LDAP Group subject needs <code>
* LDAP_GROUP_SEARCH_FILTER, LDAP_GROUP_SEARCH_SCOPE</code>. All subject
* plugins that do not use Identity repository API, will require <code>
* LDAP_SERVER, LDAP_BASE_DN, LDAP_BIND_DN, LDAP_BIND_PASSWORD</code>.
* <p>
* The resource comparator configuration is a <code>Map</code>. The keys
* to this map are serviceType names. For example, "iplanetAMWebAgentService".
* The value for these keys is also a <code>Map</code>. The value map contains
* following keys. This map is passed to the ResourceComparator class while
* instantiating a ResourceComparator class.
* The map contains the following keys:
* <li><code>RESOURCE_COMPARATOR_CLASS</code></li>
* <li><code>RESOURCE_COMPARATOR_WILDCARD</code></li>
* <li><code>RESOURCE_COMPARATOR_ONE_LEVEL_WILDCARD</code></li>
* <li><code>RESOURCE_COMPARATOR_DELIMITER</code> </li>
* <li><code>RESOURCE_COMPARATOR_CASE_SENSITIVE</code></li>
*/
public static final String LDAP_SERVER =
"iplanet-am-policy-config-ldap-server";
public static final String LDAP_BASE_DN =
"iplanet-am-policy-config-ldap-base-dn";
public static final String LDAP_USERS_BASE_DN =
"iplanet-am-policy-config-ldap-users-base-dn";
public static final String LDAP_BIND_DN =
"iplanet-am-policy-config-ldap-bind-dn";
public static final String LDAP_BIND_PASSWORD =
"iplanet-am-policy-config-ldap-bind-password";
public static final String LDAP_ORG_SEARCH_FILTER =
"iplanet-am-policy-config-ldap-organizations-search-filter";
public static final String LDAP_ORG_SEARCH_SCOPE =
"iplanet-am-policy-config-ldap-organizations-search-scope";
public static final String LDAP_GROUP_SEARCH_FILTER =
"iplanet-am-policy-config-ldap-groups-search-filter";
public static final String LDAP_GROUP_SEARCH_SCOPE =
"iplanet-am-policy-config-ldap-groups-search-scope";
public static final String LDAP_USERS_SEARCH_FILTER =
"iplanet-am-policy-config-ldap-users-search-filter";
public static final String LDAP_USERS_SEARCH_SCOPE =
"iplanet-am-policy-config-ldap-users-search-scope";
public static final String LDAP_ROLES_SEARCH_FILTER =
"iplanet-am-policy-config-ldap-roles-search-filter";
public static final String LDAP_ROLES_SEARCH_SCOPE =
"iplanet-am-policy-config-ldap-roles-search-scope";
public static final String LDAP_ORG_SEARCH_ATTRIBUTE =
"iplanet-am-policy-config-ldap-organizations-search-attribute";
public static final String LDAP_GROUP_SEARCH_ATTRIBUTE =
"iplanet-am-policy-config-ldap-groups-search-attribute";
public static final String LDAP_USER_SEARCH_ATTRIBUTE =
"iplanet-am-policy-config-ldap-users-search-attribute";
public static final String LDAP_ROLES_SEARCH_ATTRIBUTE =
"iplanet-am-policy-config-ldap-roles-search-attribute";
public static final String LDAP_SEARCH_TIME_OUT =
"iplanet-am-policy-config-search-timeout";
public static final String LDAP_SEARCH_LIMIT =
"iplanet-am-policy-config-search-limit";
public static final String LDAP_CONNECTION_POOL_MIN_SIZE =
"iplanet-am-policy-config-connection_pool_min_size";
public static final String LDAP_CONNECTION_POOL_MAX_SIZE =
"iplanet-am-policy-config-connection_pool_max_size";
public static final String LDAP_SSL_ENABLED =
"iplanet-am-policy-config-ldap-ssl-enabled";
public static final String IS_ROLES_BASE_DN =
"iplanet-am-policy-config-is-roles-base-dn";
public static final String IS_ROLES_SEARCH_SCOPE =
"iplanet-am-policy-config-is-roles-search-scope";
public static final String SELECTED_SUBJECTS =
"iplanet-am-policy-selected-subjects";
public static final String SELECTED_REFERRALS =
"iplanet-am-policy-selected-referrals";
public static final String SELECTED_CONDITIONS =
"iplanet-am-policy-selected-conditions";
public static final String SELECTED_RESPONSE_PROVIDERS =
"sun-am-policy-selected-responseproviders";
public static final String SELECTED_DYNAMIC_ATTRIBUTES =
"sun-am-policy-dynamic-response-attributes";
public static final String USER_ALIAS_ENABLED =
"iplanet-am-policy-config-user-alias-enabled";
public static final String RESOURCE_COMPARATOR =
"iplanet-am-policy-config-resource-comparator";
public static final String RESOURCE_COMPARATOR_ONE_LEVEL_WILDCARD
= "oneLevelWildcard";
public static final String RESOURCE_COMPARATOR_CASE_SENSITIVE =
"caseSensitive";
public static final String CONTINUE_EVALUATION_ON_DENY_DECISION
= "iplanet-am-policy-config-continue-evaluation-on-deny-decision";
public static final String ORG_ALIAS_MAPPED_RESOURCES_ENABLED
= "sun-am-policy-config-org-alias-mapped-resources-enabled";
public static final String ADVICES_HANDLEABLE_BY_AM
= "sun-am-policy-config-advices-handleable-by-am";
/**
* attribute to define value for Subjects result ttl
*/
public static final String SUBJECTS_RESULT_TTL
= "iplanet-am-policy-config-subjects-result-ttl";
public static final String POLICY_CONFIG_SERVICE
= "iPlanetAMPolicyConfigService";
/**
* OpenSSO directory host.
*/
private static PolicyCache policyCache;
static boolean continueEvaluationOnDenyDecisionFlag = false;
static boolean orgAliasMappedResourcesEnabledFlag = false;
private PolicyConfig() {
// do nothing
}
}
return scm;
}
}
return ssm;
}
/**
* Returns the resource comparator configuration for the given
* service type
* @param service <code>ServiceType</code> name
*
* @return - Map containing data for <code>RESOURCE_COMPARATOR_CLASS</code>,
* <code>RESOURCE_COMPARATOR_DELIMITER</code>,
* <code>RESOURCE_COMPARATOR_WILDCARD</code>,
* <code>RESOURCE_COMPARATOR_ONE_LEVEL_WILDCARD</code>,
* <code>RESOURCE_COMPARATOR_CASE_SENSITIVE</code> keys.
* Note that return value would be null if service name passed in is null
* or if there is no configuration available for service
*/
throws PolicyException {
try {
} catch (SMSException se) {
throw (new PolicyException(se));
} catch (SSOException se) {
throw (new PolicyException(se));
}
if (globalSchema != null) {
}
}
synchronized(resourceCompMap) {
}
}
return config;
}
/**
* this method returns the policy configuration for the given organization.
* @param org Organization name
*
* @return Map of organization configuration attributes. The possible
* keys in the map are defined in <code>PolicyConfig</code>
*
* @throws PolicyException if it is not able to get the policy
* configuration for the given organization.
*/
if (policyCache == null) {
}
try {
} catch (SMSException se) {
"Unable to get ServiceConfig", se);
throw (new PolicyException(se));
} catch (SSOException se) {
"Unable to get ServiceConfig", se);
throw (new PolicyException(se));
}
//Add organizationDN to the map
synchronized (attrMap) {
}
}
}
synchronized(attrMap) {
}
}
/**
* This method will be invoked when a service's schema has been changed.
*
* @param serviceName name of the service
* @param version version of the service
*/
try {
"Unable to get global config ", se);
return;
}
if (globalSchema != null) {
}
}
/**
* This method will be invoked when a service's global configuation
* data has been changed. The parameter groupName denote the name
* of the configuration grouping (e.g. default) and serviceComponent
* denotes the service's sub-component that changed
*
* @param serviceName name of the service
* @param version version of the service
* @param serviceComponent name of the service components that
* changed
*/
// NO-OP
}
/**
* This method will be invoked when a service's organization
* configuation data has been changed. The parameters orgName,
* groupName and serviceComponent denotes the organization name,
* configuration grouping name and
* service's sub-component that are changed respectively.
*
* @param serviceName name of the service
* @param version version of the service
* @param groupName
* @param orgName organization name as DN
* @param serviceComponent the name of the service components that
* changed
*/
int changeType) {
try {
} catch (SMSException se) {
return;
} catch (SSOException se) {
return;
}
}
synchronized (attrMap) {
}
if (policyCache != null) {
}
}
/**
* This method converts the attributes map got from organization config
* into a key-value map. The keys are specified as constants in this class.
* The service management returns value for each key as a set. This method
* converts that to a string for easy access since all the organization
* policy configuration attribute values are string.
*/
/**
* Its known that the attributes are single type and string value
* Process the map to get the string value.
* use the ServiceSchemaManager and ServiceSchema to get the
* attribute type for processing.
*/
while ( keysIterator.hasNext() ) {
continue;
}
continue;
}
continue;
}
while (valIterator.hasNext()) {
/**
* don't want to expose ldap bind passwd
* in clear text
*/
}
}
}
}
}
}
return(orgAttrMap);
}
/** This function process RESOURCE_COMPARATOR attribute. It processes each
* element in the set. It creates a Map for each entry in the values
* <code>Set</code>. The serviceType becomes the key for the maps.
* For ex: serviceType=url service|class=PrefixCompare|wildcard=*|case=true
* becomes a map indexed by "url service". The value of the key is a map.
* This map would contain values for class, wildcard one level wildcard
* and case keys.
*/
// values is a set. each element in the set is of the form
// serviceType=1|class=com.sun.identity.policy.Class|wildcard=*|
// caseSensitive=true|one_level_wildcard=-*-
while (valIterator.hasNext()) {
int count = 0;
while (st.hasMoreTokens()) {
break;
}
}
// right now we don't handle spaces within elements
// separated by "|". We can add it later.
for (int i = 0; i < count; i++) {
+ " name is null");
continue;
}
+ " value is null");
continue;
}
name +
" Attr Value = " + value);
}
serviceType = value;
} else if (name.equalsIgnoreCase(
} else if (name.equalsIgnoreCase(
} else if (name.equalsIgnoreCase(
} else if (name.equalsIgnoreCase(
, value);
} else if (name.equalsIgnoreCase(
value);
}
}
"processResourceMap():configMap.toString()"+
}
synchronized(resourceCompMap) {
}
}
}
}
}
/**
* Gets subjectsResultTtl - time in milliseconds for which result of
* subjects evaluation would be cached based, on the policyConfig map
* passed.
*
* @param policyConfig policy config map that is used to compute
* subjectsResultTtl. Value of key
* PolicyConfig.SUBJECTS_RESULT_TTL in the map is assumed to be
* value of subjectsResultTtl in minutes. If the value is not
* defined in the map or it can not be parsed as int, the value
* would default to <code>0</code>
*
* @return subjectsResultTtl
*/
if (policyConfig != null) {
}
long subjectsResultTtl = 0;
if (subjectsTtl != null) {
try {
} catch (NumberFormatException nfe) {
"NumberFormatException while parsing "
+ " subjectsResultTtl defined in policyConfig "
+ " service using default "
}
}
}
return subjectsResultTtl;
}
/**
* set the value for attribute CONTINUE_EVALUATION_ON_DENY_DECISION
* getting it as one attribute in the <code>attributes</code> Map.
*/
if (attributes != null){
}
+ "setContinueEvaluationOnDenyDecision():"
+ "global attribute "
+ " continueEvaluationOnDenyDecision="
+ codValue);
}
}
}
+ "setContinueEvaluationOnDenyDecision():"
+ "continueEvaluationOnDenyDecision="
}
}
/**
* set the value for attribute ORG_ALIAS_MAPPED_RESOURCES_ENABLED
* getting it as one attribute in the <code>attributes</code> Map.
*/
if (attributes != null){
}
+ "setOrgAliasMappedResourcesEnabled():"
+ "global attribute "
+ " orgAliasMappedResourcesEnabledFlag="
+ amreValue);
}
}
}
+ "setOrgAliasMappedResourcesEnabled():"
+ "orgAliasMappedResourcesEnabledFlag="
}
}
/**
* return boolean representing the value of
*/
static boolean continueEvaluationOnDenyDecision() {
}
/**
* return boolean representing the value of
*/
static boolean orgAliasMappedResourcesEnabled() {
}
/**
* get the value for ADVICES_HANDLEABLE_BY_AM attribute
* from a map of attributes and
* intialize <code>advicesHandleableByAM</code> with it.
*/
if (attributes != null){
}
}
+ "setAdvicesHandleableByAM():"
+ "global attribute advicesHandleableByAM="
}
if (advicesHandleableByAM == null) {
}
}
/**
* Returns names of policy advices that could be handled by OpenSSO
* Enterprise if PEP redirects the user agent to OpenSSO.
* @return <code>Set</code> representing names of policy advices
* OpenSSO could handle.
*/
if (advicesHandleableByAM == null) {
}
+ "getAdvicesHandleableByAM():"
+ "returning global attribute advicesHandleableByAM="
}
return advicesHandleableByAM;
}
/**
* Find out if Referrals are enabled or not. This is a Global Attribute.
* @return True if Referrals are enabled, false if not or if the attribute can not be read.
* @throws SMSException
*/
return CollectionHelper.getBooleanMapAttr(
}
}