/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: ResourceIndexManager.java,v 1.4 2009/02/28 04:14:58 dillidorai Exp $
*
*/
/*
* Portions Copyrighted [2011] [ForgeRock AS]
*/
/**
* Class to find set of policy names that are applicable given
* resource type and resource name. This provides a subset of
* features provided by ResourceManager. ResourceIndexManager
* uses the index that is maintained by the ResourceManager in
* the data store. This class maintains one resource index for
* each resource type.
*/
class ResourceIndexManager {
//Constants to build XML representation
/**
* Constructs a ResourceIndexManager
* @param resourceManager resource manager that would be used
* by this resource index manager
*/
this.resourceManager = resourceManager;
}
/**
* Returns the set of policy names applicable to the given resource name
* and resource type.
*
* @param resourceType resource type
* @param resourceName resource name
* @param includeSrPolicies if <code>true</code> names of policies
* applicable to super resources of the resource name
* also are included in the return value
* @return set of policy names applicable to the given resource name
* and resource type
* @throws PolicyException
*/
includeSrPolicies) throws PolicyException {
if (resourceIndex == null) {
}
if ( DEBUG.messageEnabled() ) {
+ "- resourceName, policyNames="
}
return policyNames;
}
/**
* Returns the set of policy names applicable to the super resources
* of given resource name of the given resource type.
*
* @param resourceType resource type
* @param resourceName resource name
* @return set of policy names applicable to the super resources
* of given resource name of the given resource type.
* @throws PolicyException
*/
{
if (resourceIndex == null) {
}
resourceName); //include super resource policies
if ( DEBUG.messageEnabled() ) {
+ "- resourceName, policyNames="
}
return policyNames;
}
/**
* Returns the set of top level resource names
* of the given resource type.
*
* @param resourceType resource type
* @return the set of top level resource names
* of the given resource type.
* @throws PolicyException
*/
throws PolicyException
{
if (resourceIndex == null) {
}
return resourceIndex.getTopLevelResourceNames();
}
/**
* Returns the set of policy names applicable to the given resource name
* and its sub resources treating wild character
* in the policy resource name as literal
*
* @param resourceType resource type
* @param resourceName resource name
* @return set of policy names applicable to the given resource name
* and its sub resources
* @throws PolicyException
*/
if (resourceIndex == null) {
}
}
/**
* Returns the set of policy names applicable to the given resource name
* and its sub resources treating wild character in the policy resource
* name as wild
*
* @param resourceType resource type
* @param resourceName resource name
* @return set of policy names applicable to the given resource name
* and its sub resources
* @throws PolicyException
*/
if (resourceIndex == null) {
}
}
/**
* Clears resourceIndex of the given resource type name from
* the local cache. If an attempt is made to use this resource
* index subsequently, it would be refreshed from the datastore.
*
* @param resourceTypeName resource type name
*/
/*
We compare ingoring the case since we get the resourceTypeName
from SMS notification. SMS converts resourceTypeName to lowercase
*/
break;
}
}
}
/**
* Returns the resource index given the resource type.
* This would read from the data store, if the index
* was not aleady read from the datastore.
*
* @param resourceType resouce type
* @return resource index read from the datastore
* @throws PolicyException
*/
throws PolicyException {
if (resourceIndex == null) {
}
return resourceIndex;
}
/**
* Returns the resource index from data store for the given
* resource type
*
* @param resourceType resouce type
* @return resource index read from the datastore
* @throws PolicyException
*/
//private ResourceIndex getResourceIndexFromDataStore (ServiceType
resourceType) throws PolicyException {
return resourceIndex;
}
/**
* Refreshes the resource index in the local cache reading
* from the data store
*
* @param resourceType resouce type
* @return resource index read from the datastore
* @throws PolicyException
*/
resourceType) throws PolicyException {
return resourceIndex;
}
/**
* Adds a new index entry or updates an existing index entry
* @param resourceType resource type
* @param resourceName resource name
* @param policyName policy name
* @return <code>true</code> if an index entry was added or
* updated. <code>false</code> otherwise.
* @throws PolicyException
*/
if (resourceIndex == null) {
}
}
/**
* Removes or updates an index entry
* @param resourceType resource type
* @param resourceName resource name
* @param policyName policy name
* @return <code>true</code> if an index entry was removed or
* updated. <code>false</code> otherwise.
* @throws PolicyException
*/
if (resourceIndex == null) {
}
}
/**
* Returns the closest match and its children or all descendents of
* the resource name with the given resource type.
*
* @param resourceType resource type
* @param resourceName resource name
* @param followChild if <code>true</code> gets all the descendents,
* includindg direct children. Else, gets only direct children.
* @return set of names of child resources or all descendent resources
* @throws PolicyException
*/
boolean followChild) throws PolicyException {
if (resourceIndex == null) {
}
return resourceNames;
}
/**
* Saves the resource index in data store
* @param resourceType resource type
* @throws PolicyException
* @throws SSOException
*/
throws PolicyException, SSOException {
if ( resourceIndex != null ) {
}
}
/**
* Adds a policy's relevant content to the resource tree.
*
* @param svtm service type manager
* @param token sso token
* @param policy the policy to be added
*
* @exception PolicyException if unable to get the policy services,
* and will contain the exception thrown by SMS.
* @exception SSOException single-sign-on token invalid or expired
*/
}
}
//Process Referrals
while ( referralIter.hasNext() ) {
if ( referral instanceof OrgReferral ) {
if ( resourceName != null ) {
= rule1.getServiceTypeName();
service);
if (resourceNames == null) {
resourceNames = new HashSet();
}
}
}
while (serviceIter.hasNext()) {
}
} //processed a referral value
}
}
}
}
}
}
/**
* Removes a policy's relevant content from the resource tree.
*
* @param svtm service type manager
* @param token sso token
* @param policy the policy to be removed
*
* @exception PolicyException if unable to get the policy services,
* and will contain the exception thrown by SMS.
* @exception SSOException single-sign-on token invalid or expired
*/
// iterating through each rule
}
}
//Process Referrals
while ( referralIter.hasNext() ) {
if ( referral instanceof OrgReferral ) {
try {
= pm.getResourceManager();
if ( resourceName != null ) {
= rule1.getServiceTypeName();
if (resourceNames == null) {
resourceNames = new HashSet();
}
}
}
while (serviceIter.hasNext()) {
service);
}
} catch (PolicyException e) {
if (DEBUG.warningEnabled()) {
+ " prefixes in referrred to org :"
}
}
} // processed referral value
}
}
}
}
}
}
/**
* Replaces a policy's relevant content in the resource tree.
*
* @param svtm service type manager
* @param token sso token
* @param oldPolicy the policy to be replaced
* @param newPolicy the policy to replace the existins policy with
*
* @exception PolicyException if unable to get the policy services,
* and will contain the exception thrown by SMS.
* @exception SSOException single-sign-on token invalid or expired
*/
throws PolicyException, SSOException {
}
/**
* Class that holds the index of policy names by resource names
* for a resource type
*/
//private static class ResourceIndex {
static class ResourceIndex {
/**
* Constructs ResourceIndex
* @param resourceType resource type
* @param resourceManager resource manager
*/
this.resourceType = resourceType;
this.resourceManager = resourceManager;
}
/**
* Returns a set of policy names applicable to a resource
* @param resourceName resource name
* @param includeSrPolicies if <code>true</code> names of policies
* applicable to super resources of the resource name
* also are included in the return value
* @return set of policy names applicable to resource name
*/
if (includeSrPolicies) {
if (policyNames == null) {
policyNames = new HashSet();
}
}
}
else {
if (policyNames == null) {
policyNames = new HashSet();
}
}
}
if ( DEBUG.messageEnabled() ) {
+ "- resourceName, policyNames="
}
return policyNames;
}
//true - include super resources
if (resourceIndexEntry != null) {
}
return policyNames;
}
/**
* Refreshes this resource index reading from data store
* @throws PolicyException
*/
try {
resourceType.getName());
} catch (Exception e) {
"error_reading_resource_index_from_data_store",
null, e);
}
if (xmlRootNode != null) {
while (topIndexEntryNodes.hasNext()) {
while (indexEntryNodes.hasNext()) {
}
}
}
}
/**
* Adds or updates an index entry
* @param resourceName resource name
* @param policyName policy name
* @return <code>true</code> if an index entry was added or
* updated. <code>false</code> otherwise.
*/
/* return value of true indicates whether an index entry was
either added or updated*/
boolean processed = false;
resourceName, policyName)) {
processed = true;
}
}
if (!processed) {
// top level entry
// may have to reparent other top level entries
rie.getResourceName(), false);
}
}
processed = true;
}
return processed;
}
/**
* Removes an index entry
* @param resourceName resource name
* @param policyName policy name
* @return <code>true</code> if an index entry was added or
* updated. <code>false</code> otherwise.
*/
boolean processed = false;
resourceName, policyName)) {
processed = true;
}
}
return processed;
}
/**
* Finds the index entry with closest matching resource name
* for a given resource name
* Known problem : if the resourceName happens to be a super resource
* of more than one top level entry, one top level entry is
* returned. Which top level entry is returned is indeterminate
*
* @param resourceName resource name
* @return the index entry with closest matching resource name
* for the given resource name
*/
boolean processed = false;
if (resourceIndexEntry != null) {
processed = true;
}
}
return resourceIndexEntry;
}
/**
* Returns the set of policy names applicable to the given resource name
* and its sub resources treating wild character
* in the policy resource name as literal
*
* @param resourceName resource name
* @return the set of policy names that are applicable to a resource
* and its sub resources
*/
if (resourceIndexEntry != null) {
}
}
return policyNames;
}
/**
* Returns the set of policy names applicable to the given resource name
* and its sub resources treating wild character
* in the policy resource name as wild
*
* @param resourceType resource type
* @param resourceName resource name
* @return the set of policy names that are applicable to a resource
* and its sub resources
*/
resourceName));
}
return policyNames;
}
/**
* Converts a dom node to index entry and adds it to
* a parent index entry
*
* @param rie parent index entry
* @param indexNode dom node that needs to be converted to
* an index entry added to the parent index entry
*/
//= new ResourceIndexEntry(resourceType.append(
// rie.resourceName, resourceName), policyNames);
while (indexEntryNodes.hasNext()) {
}
}
/**
* Returns a set of policy names that are referenced in a dom
* reference node
*
* @param referenceNode dom reference node
* @return set of policy names
*/
}
return retVal;
}
/** Returns the closest match and its children or all descendents of
* the resource name with the given resource type.
*
* @param resourceName resource name
* @param followChild if <code>true</code> gets all the descendents,
* includindg direct children. Else, gets only direct children.
* @return set of names of child resources or all descendent resources
*/
} else {
}
return resourceNames;
}
/**
* Returns the set of top level resource names
*
* @return the set of top level resource names
*/
}
return tlr;
}
/** Returns the XML representation of this resource index
*/
resourceType.getName()))
}
}
}
/** class to represent each entry in the resource index */
private static class ResourceIndexEntry {
/**
* Constructs a resource index entry
* @param resourceName resource name
* @param policyName policy name
*/
this.resourceName = resourceName;
}
/**
* Constructs a resource index entry
* @param resourceName resource name
* @param policyNames set of policy names
*/
this.resourceName = resourceName;
if (policyNames != null) {
this.policyNames = policyNames;
}
}
/**
* Returns the resource name of this index entry
* @return resource name of this index entry
*/
return resourceName;
}
/**
* Sets the parent index entry of this index entry
* @param parent parent index entry of this index entry
*/
}
}
/**
* Returns the parent index entry of this index entry
*/
return parent;
}
/**
* Adds a new index entry or updates an existing index entry
* @param resourceType resource type
* @param resourceName resource name
* @param policyName policy name
* @return <code>true</code> if an index entry was added or
* updated. <code>false</code> otherwise.
* @throws PolicyException
*/
String policyName) {
boolean processed = false;
false);
processed = true;
}
resourceName, policyName)) {
processed = true;
}
}
if (!processed) {
// first level child, may have to reparent other first level
// children
rie.resourceName, false);
}
}
processed = true;
}
}
return processed;
}
/**
* Removes or updates an index entry
* @param resourceType resource type
* @param resourceName resource name
* @param policyName policy name
* @return <code>true</code> if an index entry was removed or
* updated. <code>false</code> otherwise.
*/
boolean processed = false;
false);
processed = true;
}
}
resourceName, policyName)) {
processed = true;
}
}
processed = true;
}
return processed;
}
/**
* Finds the index entry with closest matching resource name
* for a given resource name
*
* @param resourceType resource type
* @param resourceName resource name
* @return the index entry with closest matching resource name
* for the given resource name
*/
this.resourceName, false); //TODO should it be true
resourceIndexEntry = this;
}
boolean processed = false;
if (resourceIndexEntry != null) {
processed = true;
}
}
if (resourceIndexEntry == null) {
resourceIndexEntry = this;
}
}
return resourceIndexEntry;
}
/**
* Returns a set of policy names that are referenced in this
* index entry and optionally its ancestors
* @param includeSrPolicies if <code>true</code> names of policies
* applicable to super resources of the resource name
* also are included in the return value
* @return set of policy names referenced in this index entry
*/
if (includeSrPolicies) {
ResourceIndexEntry current = this;
}
}
else {
}
return pNames;
}
/**
* Returns the set of policy names referred in this index entry
* and its descendent entries
*
* @return set of policy names referred in this index entry
* and its descendent entries
* @throws PolicyException
*/
}
return pNames;
}
/**
* Returns the set of policy names that have resources matching the
* argument resource name as exact match, wild card match, or sub
* resource match. Wild character in policy resource name is
* treated as wild
*
* @param resourceType resource type
* @param resourceName resource name
* @return set of policy names referred in this index entry
* and its descendent entries
* @throws PolicyException
*/
this.resourceName, true); //interpret wild card
}
this.resourceName, true); //interpret wild card
}
}
return pNames;
}
/**
* Returns a set of policy names that are referenced in this
* index entry and its descendents and applicable to the
* given resource name
*
* @param resourceName resource name
* @param includeSrPolicies if <code>true</code> names of policies
* applicable to super resources of the resource name
* also are included in the return value
* @param resourceType resource type
*
* @return set of policy names referenced in this index entry and
* its descendents and applicable to the given
* resource name
*/
this.resourceName);
}
if ( includeSrPolicies ) {
}
}
}
if ( DEBUG.messageEnabled() ) {
+ "- resourceName, this.resourceName, resourceMach, "
+ " policyNames="
}
return pNames;
}
/**
* Returns a string representation of this index entry
* @return a string representation of this index entry
*/
}
/**
* Returns the resource names of this index entry and its child entries.
*
* @param followChild if <code>true</code> gets resource names of
* all the descendents includindg direct children and self.
* Else, gets resource names of only self and direct children.
* @return set of names of child resources or all descendent resources
*/
if ( followChild ) {
}
}
return resourceNames;
}
/**
* Returns XML representation of this index entry
*/
xmlString = "";
} else {
getResourceName()))
}
}
}
return xmlString;
}
}
}