/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: ResourceManager.java,v 1.7 2009/06/30 17:46:02 veiming Exp $
*
* Portions Copyrighted 2011-2015 ForgeRock AS.
*/
/**
* The class <code>ResourceManager</code> manages an index to the
* resources managed by policies in a specific organization/realm.
*
*/
public class ResourceManager {
private boolean canCreateNewRes = false;
// resources service config
// key: service type name, value: ServiceType object
//Constants to build XML representation
// Cache to store the policy names
/**
* this constructor is called by PolicyManager
*/
throws SSOException, SMSException {
token);
}
/**
* Returns a set of all managed resource names for all the
* service types
*
* @return names of the resources managed
*
* @exception PolicyException if unable to get the policy services,
* and will contain the exception thrown by SMS.
*/
} else {
try {
} catch (SMSException e1) {
throw new PolicyException(e1);
}
} else {
managedResources = new HashSet();
}
}
}
return managedResources;
}
/**
* Returns a set of all managed resource names for the given
* service type.
*
* @param serviceType the service type for which the resource
* names should be returned.
*
* @return names of the resources.
*
* @exception PolicyException if unable to get the policy services,
* and will contain the exception thrown by SMS.
*/
throws PolicyException {
return Collections.EMPTY_SET;
}
try {
} catch (SMSException e1) {
throw new PolicyException(e1);
} catch (SSOException e1) {
}
if (leafConfig == null) {
// no resource node for this service type
return Collections.EMPTY_SET;
}
// else, see if the attribute is there and non-empty
if ((existingAttrs == null) ||
return Collections.EMPTY_SET;
}
// else, need to look into the attribute
}
return resourcePrefixes;
}
/**
* Determines that with the given organization (or, sub-organization,
* or container) name, if a new resource can be created or not.
* Only root level organization/realm has the privilege to create
* any resource.
*
* @param ServiceType the service type
*
* @return <code>true</code> if new resources can be created,
* else <code>false</code>
*
* @exception PolicyException problem with configuration store
*/
throws PolicyException {
return canCreateNewRes;
}
/**
* Returns a set of valid service names that are applicable for
* the organization. The result will depended if new resources
* can be created for the organization and also if the organization
* has managed resources.
*
* @return set of service names that are valid for the organization
*
* @exception SSOException if the caller's single sign on token has expired
* @exception PolicyException if not able to get list of services
* defined for the organization
*/
while (serviceNames.hasNext()) {
if (canCreateNewResource(serviceName) ||
}
}
}
}
/**
* Returns a set of names of all the policies for the given resource
* of the given service.
*
* @param serviceType the service type which the resource is associated
* with
* @param resource the resource for which policies should be returned
* @param includePoliciesForSuperResources indicating whether the
* policies for all the super-resources in addition to the ultimate
* (sub)resource should be returned
*
* @return set of names of the policies.
*
* @exception InvalidFormatException the retrieved resources
* from the data store have been corrupted or do not have a
* valid format.
* @exception NoPermissionException the user does not have sufficient
* privileges.
* @exception PolicyException if unable to get the policy services,
* and will contain the exception thrown by SMS.
* @exception SSOException single-sign-on token invalid or expired
*/
boolean includePoliciesForSuperResources)
// %%% Need to flush the cache when policy's are changed
return (answer);
}
// This line may impact performance, try to optimize it later
return Collections.EMPTY_SET;
}
// add it to the cache
return (answer);
}
throws SSOException, NameNotFoundException {
}
return st;
}
/**
* Adds the resource names of the policy to the resource tree.
*
* @param policy the policy to be added
*
* @exception PolicyException if unable to get the policy services,
* and will contain the exception thrown by SMS.
* @exception SSOException single-sign-on token invalid or expired
*/
throws PolicyException, SSOException {
// iterating through each rule
while (i.hasNext()) {
}
//Process Referrals
while ( referralIter.hasNext() ) {
if ( referral instanceof OrgReferral ) {
if ( resourceName != null ) {
= rule1.getServiceTypeName();
}
}
}
}
}
}
}
}
}
/**
* Removes the resource names of the policy from the resource tree.
*
* @param policy the policy to be removed
*
* @exception PolicyException if unable to get the policy services,
* and will contain the exception thrown by SMS.
* @exception SSOException single-sign-on token invalid or expired
*/
throws PolicyException, SSOException {
// iterating through each rule
while (i.hasNext()) {
rule.getServiceType());
}
//Process Referrals
while ( referralIter.hasNext() ) {
if ( referral instanceof OrgReferral ) {
if ( resourceName != null ) {
= rule1.getServiceTypeName();
}
}
}
}
}
}
}
}
}
/**
* Replaces resource names of a policy in the resource tree.
*
* @param oldPolicy the policy to be replaced
* @param newPolicy the policy to replace the existins policy with
*
* @exception PolicyException if unable to get the policy services,
* and will contain the exception thrown by SMS.
* @exception SSOException single-sign-on token invalid or expired
*/
throws PolicyException, SSOException {
}
throws PolicyException {
try {
if (create) {
} else {
//rConfig = scm.getOrganizationConfig(org, null);
null);
}
} catch (SMSException e) {
throw new PolicyException(e);
} catch (SSOException e) {
}
}
if (debug.messageEnabled()) {
+ "rConfig is not valid");
}
try {
scm = new ServiceConfigManager(
} catch (SMSException e) {
throw new PolicyException(e);
} catch (SSOException e) {
}
}
return rConfig;
}
throws PolicyException, SSOException {
// to do: investigate this
}
return;
}
try {
} catch (SMSException e1) {
throw new PolicyException(e1);
}
if (leafConfig == null) {
// no resource node for this service type
try {
0,
newAttrs);
} catch (SMSException e2) {
throw new PolicyException(e2);
}
return;
}
// else, see if the attribute is there and non-empty
if ((existingAttrs == null) ||
try {
} catch (SMSException e4) {
throw new PolicyException(e4);
}
return;
}
// else, need to look into the attribute
if (existingRes.isEmpty()) {
try {
} catch (SMSException e5) {
throw new PolicyException(e5);
}
return;
}
// else, the attribute really contains something
boolean modified =
if (!modified) {
return;
}
// finally reset the modified xml content
try {
} catch (SMSException e6) {
throw new PolicyException(e6);
}
}
private void removeRuleFromResourceTree(
throws PolicyException, SSOException {
}
return;
}
try {
} catch (SMSException e1) {
throw new PolicyException(e1);
}
if (leafConfig == null) {
// no resource node for this service type
return;
}
// else, see if the attribute is there and non-empty
if ((existingAttrs == null) ||
return;
}
// else, need to look into the attribute
int n = existingAttrs.size();
if (existingRes.isEmpty()) {
return;
}
// else, the attribute really contains something
boolean modified =
if (!modified) {
return;
}
if (!rootNode.hasChildNodes()) {
try {
if (n == 1) {
}
return;
} catch (SMSException e3) {
throw new PolicyException(e3);
}
}
// finally reset the modified xml content
try {
} catch (SMSException e4) {
throw new PolicyException(e4);
}
}
private boolean matchAndAddReferenceNode(
throws PolicyException {
boolean modified = true;
if (referenceNodes == null ||
referenceNodes.isEmpty()) {
return modified;
}
boolean hasMatch = false;
// iterating through each reference node
hasMatch = true;
modified = false;
break;
}
// else
break;
}
hasMatch = true;
break;
}
}
if (!hasMatch) {
// didn't find any match, need to add (a) reference node(s)
}
return modified;
}
private boolean matchAndRemoveReferenceNode(
throws PolicyException {
return false;
}
// iterating through each reference node
stack);
}
return matchAndRemoveReferenceNode(
}
}
return false;
}
throws PolicyException {
}
throws PolicyException {
return true;
}
}
return false;
}
throws PolicyException {
if ( n < 1 ) {
return;
}
nodes[n-1] =
resources[n-1]);
for (int i=n-2; i>=0; i--) {
nodes[i] =
nodes[i].setAttribute(
resources[i]);
}
}
}
}
/**
* Returns the xml root node for the service type's resources xml blob
*
* @param serviceType the service type which the resources xml blob is
* associated with
*
* @return root node for the resources xml content.
*
* @exception InvalidFormatException the retrieved resources
* from the data store have been corrupted or do not have a
* valid format.
* @exception NoPermissionException the user does not have sufficient
* privileges.
* @exception PolicyException if unable to get the policy services,
* and will contain the exception thrown by SMS.
*/
"searching for resources of the service type: " +
}
try {
if (policyResources == null) {
"Resources branch is non-existent" +
" in organization: " + org);
}
return null;
}
if (serviceResources == null) {
serviceType + " branch under Resources is null" +
" in organization: " + org);
}
return null;
}
// Obtain the attributes
}
"Unable to find resources attribute for the service: "+
serviceType + " under Resources in organization: "+
org);
}
return null;
}
// Get the XML blob
"Unable to find resources attribute value for " +
org);
}
return null;
}
} catch (SMSException se) {
"Unable to get resources of the service type: " +
"unable_to_get_resources_for_service", objs);
} else {
throw new PolicyException(se);
}
} catch (SSOException ssoe) {
throw new PolicyException(
}
}
throws PolicyException {
try {
throw (new PolicyException(xmle));
}
"invalid (no root node) xml resources blob: " +
throw new InvalidFormatException(
null, "",
}
/*****
if (!rootNode.getNodeName().equalsIgnoreCase(
PolicyManager.POLICY_INDEX_ROOT_NODE))
throw (new InvalidFormatException());
******/
if (!referenceType.equals(
"invalid (no type attr for PolicyCrossReference element) "+
"xml resources blob: " + resourcesXml);
throw new InvalidFormatException(
}
return retVal;
}
/**
* this method recursively finds the names of the policies corresponding
* to the resource. Depending on the boolean input parameter, it would
* either returns all the policies including those for super resources,
* or, just returns the policies at the final level with exact match or
* the closest match
*/
boolean includePoliciesForSuperResources) {
node,
} else {
}
return getPolicyNames(referenceNode);
}
if (!includePoliciesForSuperResources) {
}
if (policyNamesForChildrenNodes.isEmpty()) {
return policyNamesForTheReferenceNode;
}
if (policyNamesForTheReferenceNode.isEmpty()) {
return policyNamesForChildrenNodes;
}
return policyNamesForTheReferenceNode;
}
}
// didn't find exact match, return policies for the last
// super-resource match
return getPolicyNames(referenceNode);
}
return Collections.EMPTY_SET;
}
/**
* this method finds the names of policies in the first
* level of the node,
*/
if ( referenceNode == null ) {
return Collections.EMPTY_SET;
}
}
return retVal;
}
/**
* Adds specified resource prefixes for a certain service type
*
* @param serviceTypeName the service type name the resource prefixes are
* associated with
* @param resourcePrefixes the prefixes to be added
*
* @exception PolicyException if unable to get the policy services,
* and will contain the exception thrown by SMS.
*/
throws PolicyException {
return;
}
try {
} catch (SMSException e1) {
throw new PolicyException(e1);
} catch (SSOException e1) {
}
if (leafConfig == null) {
// no resource node for this service type
try {
//newSet.addAll(resourcePrefixes);
0,
newAttrs);
} catch (SMSException e2) {
throw new PolicyException(e2);
} catch (SSOException e) {
}
return;
}
// else, see if the attribute is there and non-empty
if ((existingAttrs == null) ||
try {
//newSet.addAll(resourcePrefixes);
} catch (SMSException e4) {
throw new PolicyException(e4);
} catch (SSOException e) {
}
return;
}
// else, need to look into the attribute
try {
//existingRes.addAll(resourcePrefixes);
} else {
}
//newAttrs.put(RESOURCE_PREFIXES, existingRes);
} catch (SMSException e5) {
throw new PolicyException(e5);
} catch (SSOException e) {
}
}
/**
* Removed specified resource prefixes for a certain service type
*
* @param serviceTypeName the service type name the resource prefixes are
* associated with
* @param resourcePrefixes the prefixes to be removed
*
* @exception PolicyException if unable to get the policy services,
* and will contain the exception thrown by SMS.
*/
throws PolicyException {
return;
}
try {
} catch (SMSException e1) {
throw new PolicyException(e1);
} catch (SSOException e) {
}
if (leafConfig == null) {
// no resource node for this service type
return;
}
// else, see if the attribute is there and non-empty
if ((existingAttrs == null) ||
return;
}
// else, need to look into the attribute
int n = existingAttrs.size();
} else {
}
try {
/*
existingSet.removeAll(resourcePrefixes);
if (existingSet.isEmpty()) {
leafConfig.removeAttribute(RESOURCE_PREFIXES);
if (n == 1)
resources.removeSubConfig(serviceTypeName);
} else {
newAttrs.put(RESOURCE_PREFIXES, existingSet);
leafConfig.setAttributes(newAttrs);
}
*/
} catch (SMSException e5) {
throw new PolicyException(e5);
} catch (SSOException e) {
}
}
/**
* Returns the resource prefix (super-resource) and the rest of the
* resource name (sub-resource)
*
* @param serviceTypeName the service type which the resource is
* associated with
* @param resourceName the resource name to be split
*
* @return array of two strings, the first being the super-resource
* the second being the sub-resource
*
* @exception PolicyException if unable to get the policy services,
* and will contain the exception thrown by SMS.
* @exception NameNotFoundException service for the given <code>
* serviceTypeName</code> does not exist
* @exception SSOException single-sign-on token invalid or expired
*/
return retVal;
}
boolean foundSuperMatch = false;
boolean foundExactMatch = false;
foundSuperMatch = true;
break;
}
foundExactMatch = true;
break;
}
}
if (foundSuperMatch) {
return retVal;
}
if (foundExactMatch) {
return retVal;
}
return retVal;
}
/**
* Saves the resource index to data store
* @param resourceType resource type
* @param indexXML xml representation of index ( index to
* policies keyed by resource name, in a tree structure)
* @throws PolicyException
* @throws SSOException
*/
throws PolicyException ,SSOException {
try {
if (leafConfig == null) {
// no resource node for this service type
0,
newAttrs);
} else {
}
} catch (SMSException e1) {
throw new PolicyException(e1);
}
}
}
/**
* Converts xml representation of resource prefixes
* to a map representation
* Key in the map is the prefix and the value is
* a count of how many times the prefix has been
* effectively added. The count is incremented whenever
* the prefix is added and decremented whenever
* the prefix is removed. The count is not decremented
* below 0.
* @param xmlResourcePrefixes xml representation of resource
* prefixes. This is how it is stored in datastore.
* @return map representation of resource prefixes.
*
*/
try {
NAME);
COUNT);
}
}
}
}
}
+ " in organization: " + org);
}
return resourcePrefixes;
}
/**
* Converts map representation of resource prefixes
* to an xml representation
* @param resourcePrefixes map representation of resource
* prefixes
* @return xml representation of resource prefixes
*
*/
}
}
/**
* Adds a set of resource prefixes to a map of resource prefixes.
* Adding a prefix increments the the count for the prefix
* in map value.
* @param prefixes a set of resource prefixes to add
* @param prefixMap a map of resource prefixes to which to
* add the prefixes.
* @return prefixMap modified accounting for the addition
* of prefixes
*
*/
int intValue = 0;
try {
} catch (Exception e) {
"ResourceManager.addResourcePrefixes:", e);
}
}
intValue++;
}
return prefixMap;
}
/**
* Removes a set of resource prefixes from a map of resource prefixes.
* Removing a prefix decrements the count for the prefix in the
* map value. Count value is not decremented below 0.
* @param prefixes a set of resource prefixes to remove
* @param prefixMap a map of resource prefixes from which to
* remove the prefixes.
* @return prefixMap modified accounting for the removal
* of prefixes.
*/
int intValue = 0;
try {
} catch (Exception e) {
"ResourceManager.removeResourcePrefixes:", e);
}
}
intValue--;
if ( intValue > 0 ) {
} else {
}
}
return prefixMap;
}
}