8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: ResourceResultCache.java,v 1.21 2010/01/21 22:18:01 dillidorai Exp $
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington * Portions Copyrighted 2015 ForgeRock AS.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.dpro.session.SessionException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.services.comm.client.AlreadyRegisteredException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.services.comm.client.PLLClient;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.services.comm.client.SendRequestException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.services.comm.share.RequestSet;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.services.comm.share.Response;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.services.naming.URLNotFoundException;
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshottimport com.iplanet.services.naming.WebtopNaming;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.common.HttpURLConnectionManager;
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshottimport com.sun.identity.policy.ResBundleUtils;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.policy.interfaces.ResourceName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.policy.remote.AdvicesHandleableByAMRequest;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.policy.remote.AdvicesHandleableByAMResponse;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.policy.remote.PolicyChangeNotification;
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshottimport com.sun.identity.policy.remote.PolicyEvaluationException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.policy.remote.PolicyListenerRequest;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.policy.remote.PolicyNotification;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.policy.remote.PolicyRequest;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.policy.remote.PolicyResponse;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.policy.remote.PolicyService;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.policy.remote.RemoveListenerRequest;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.policy.remote.ResourceResultRequest;
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshottimport org.forgerock.openam.session.SessionCache;
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshottimport org.forgerock.openam.session.SessionCookies;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Singleton class that implements client side policy decision cache.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Handles communication with policy service acting
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * as a proxy to policy service. In effect, this is a caching proxy.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterclass ResourceResultCache implements SSOTokenListener {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //service>resource>tokenID>scope>result
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static ResourceResultCache resourceResultCache;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster = Collections.synchronizedSet(new HashSet(10));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //serviceName -> resourceName -> sessionId -> scope -> result
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private PolicyNotificationHandler notificationHandler;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Collections.synchronizedSet(new HashSet(10000));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static Debug debug = PolicyEvaluator.debug;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String POLICY_SERVICE_ID_FOR_NAMING = "policy";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String POLICY_SERVICE = "policyservice";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String REST_POLICY_SERVICE = "ws/1/entitlement/entitlement";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String REST_POLICY_SERVICE_LISTENER = "ws/1/entitlement/listener";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String REST_LISTENER_NOTIFICATION_URL = "url";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String IPLANET_AM_WEB_AGENT_SERVICE = "iPlanetAMWebAgentService";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String REST_QUERY_REALM = "realm";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String REST_QUERY_APPLICATION = "application";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String REST_QUERY_SUBJECT = "subject";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String REST_QUERY_RESOURCE = "resource";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String REST_QUERY_RESOURCES = "resources";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String REST_QUERY_ACTION = "actionName";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String REST_QUERY_ENV = "env";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String JSON_RESOURCE_NAME = "resourceName";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String JSON_ACTIONS_VALUES = "actionsValues";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String JSON_ADVICES = "advices";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String JSON_ATTRIBUTES = "attributes";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String GET_RESPONSE_ATTRIBUTES
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster = "Get_Response_Attributes";
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott private static final SessionCache sessionCache = SessionCache.getInstance();
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott private static final SessionCookies sessionCookies = SessionCookies.getInstance();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String REQUEST_ID_LOCK = "REQUEST_ID_LOCK";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String SECRET_MASK = "*********";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Constructs the singleton instance of <code>ResourceResultCache</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param policyProperties object that provides access to configuration
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * properties such as policy service URL, notification URL etc.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This is nice wrapper over
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>com.iplanet.am.util.SystemProperties</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private ResourceResultCache(PolicyProperties policyProperties)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster notificationHandler = new PolicyNotificationHandler(this);
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott if (policyProperties.notificationEnabled()){
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //register notification handler with PLLClient
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster registerHandlerWithPLLClient(notificationHandler);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "added policyNotificationHandler "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "with PLLClient");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "Singleton Instance Created");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns reference to the singleton instance of
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>ResourceResultCache</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param policyProperties object that provides access to configuration
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * properties such as policy service URL, notification URL etc.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This is nice wrapper over
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>com.iplanet.am.util.SystemProperties</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return reference to the singleton instance of
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>ResourceResultCache</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster synchronized static ResourceResultCache getInstance(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyProperties policyProperties) throws PolicyException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster resourceResultCache = new ResourceResultCache(policyProperties);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster resourceResultCache.policyProperties = policyProperties;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster resourceResultCache.cacheTtl = policyProperties.getCacheTtl();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns reference to the singleton instance of
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>ResourceResultCache</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return reference to the singleton instance of
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>ResourceResultCache</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private synchronized static ResourceResultCache getInstance() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.warning("ResourceResultCache.getInstance():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "ResourceResultCache has not been created:"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "returning null");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns policy decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param appToken application sso token to identify the client to policy
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceName name of service for which to get policy decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token session token of user for whom to get policy decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param resourceName resource name for which to get policy decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param actionNames action names for which to get policy decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param env environment map to use to get policy decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param retryCount try this many times before giving up if received policy
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * decision is found to have expired
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return policy decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws PolicyException if can not get policy decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SSOException if user session token is not valid
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws InvalidAppSSOTokenException if application session token
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * is not valid
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyDecision getPolicyDecision(SSOToken appToken, String serviceName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOToken token, String resourceName, Set actionNames,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean validTtl = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyDecision pd = getPolicyDecision(appToken, serviceName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (pd.getTimeToLive() > System.currentTimeMillis()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.getPolicyDecision():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "Received expired decision, "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "Getting decision again, repeat attempt="
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (pd.getTimeToLive() > System.currentTimeMillis()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.warning("ResourceResultCache.getPolicyDecision():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "Received expired decision from server");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new PolicyEvaluationException(ResBundleUtils.rbName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster (ActionDecision)actionDecisions.get(actionName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyUtils.appendMapToMap(pd.getResponseAttributes(),
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster pd1.setResponseAttributes(mergedReponseAttrsMap);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns policy decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param appToken application sso token to identify the client to policy
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceName name of service for which to get policy decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token session token of user for whom to get policy decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param resourceName resource name for which to get policy decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param actionNames action names for which to get policy decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param env environment map to use to get policy decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param useCache flag indicating whether to return a locally cached
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * policy decision. Locally cached decision is returned only if the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * value is <code>true</code>. Otherwise, policy decision is fetched
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * from policy service and returned.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return policy decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws PolicyException if can not get policy decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SSOException if session token is not valid
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private PolicyDecision getPolicyDecision(SSOToken appToken,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String serviceName, SSOToken token, String resourceName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String cacheMode = policyProperties.getCacheMode();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (PolicyProperties.SUBTREE.equals(cacheMode)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster rootResourceName = getRootResourceName(resourceName, serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.getPolicyDecision():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":would get resource results for root resource="
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set resourceResults = getResourceResults(appToken, serviceName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster token, rootResourceName, actionNames, env, cacheMode, useCache);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster (ResourceName)policyProperties.getResourceComparator(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyDecision pd = getPolicyDecisionFromResourceResults(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster resourceResults, resourceName, resourceComparator, serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.getPolicyDecision():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns a set of <code>ResourceResult</code> objects
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param appToken application sso token to identify the client to policy
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceName name of service for which to get resource results
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token session token of user for whom to get resource results
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param resourceName resource name for which to get resource results
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param actionNames action names for which to get resource results
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param env environment map to use to get resource results
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param scope the scope to be used while getting resource results
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return a set of <code>ResourceResult</code> objects
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws PolicyException if can not get
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SSOException if session token is not valid
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws InvalidAppSSOTokenException if application session token
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * is not valid
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private Set getResourceResults(SSOToken appToken, String serviceName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOToken token, String resourceName, Set actionNames,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return getResourceResults(appToken, serviceName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster true); //useCache
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns a set of <code>ResourceResult</code> objects
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param appToken application sso token to identify the client to policy
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceName name of service for which to get resource results
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token session token of user for whom to get resource results
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param resourceName resource name for which to get resource results
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param actionNames action names for which to get resource results
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param env environment map to use to get resource results
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param scope the scope to be used while getting resource results
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param useCache flag indicating whether to return locally cached
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * resource results. Locally cached resource results are
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * returned only if the value is <code>true</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return a set of <code>ResourceResult</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws PolicyException if can not get resource results
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SSOException if session token is not valid
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws InvalidAppSSOTokenException if application session token
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * is not valid
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private Set getResourceResults(SSOToken appToken, String serviceName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOToken token, String resourceName, Set actionNames,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOTokenManager.getInstance().validateToken(token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String cacheMode = policyProperties.getCacheMode();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.getResourceResults():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":useRESTProtocol()=" + policyProperties.useRESTProtocol()
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":entering ");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // resultCache -> serviceName -> resourceName -> sessionId -> scope -> result
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster synchronized(resultCache) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // resourceName -> sessionId -> scope -> result
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster resourceTokenIDsMap = (Map)resultCache.get(serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // changed to fix 4295 Policy cache causes frequent
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // full gc or out of memory issues
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster = new Cache(policyProperties.getResultsCacheResourceCap());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster resultCache.put(serviceName, resourceTokenIDsMap);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // resourceTokenIDsMap -> resourceName -> sessionId -> scope -> result
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // sessionId -> scope -> result
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster tokenIDScopesMap = (Map)resourceTokenIDsMap.get(resourceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // changed to fix 4295 Policy cache causes frequent full
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // gc or out of memory issues
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster = new Cache(policyProperties.getResultsCacheSessionCap());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster resourceTokenIDsMap.put(resourceName, tokenIDScopesMap);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String tokenID = token.getTokenID().toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // tokenIDScopesMap -> sessionId -> scope -> result
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster synchronized(tokenIDScopesMap) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster scopeResultsMap = (Map)tokenIDScopesMap.get(tokenID);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster tokenIDScopesMap.put(tokenID, scopeResultsMap);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // scopeResultsMap -> scope -> result
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster synchronized(scopeResultsMap) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster results = (Object[])scopeResultsMap.get(scope);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //array elements:resourceResults, env, ttl, actionNames
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.getResourceResults():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "would contact server since useCache is false");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.getResourceResults():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "would contact server "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + " since results not in cache");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if ((env == null) && (results[1] != null)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.getResourceResults():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "would contact server since env does not match");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if ((env != null) && !env.equals(results[1])) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.getResourceResults():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "would contact server since env does not Match");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.getResourceResults():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "would contact server since results ttl has "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + " expired");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if ((actionNames == null) && (results[3] != null)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.getResourceResults():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "would contact server since action names do not "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + " match");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if ((actionNames != null) && (results[3] == null)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.getResourceResults():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "would contact server since action names do not "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + " Match");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if ((results[3] !=null) &&!((Set)results[3]).containsAll(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.getResourceResults():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "would contact server since cached action names "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + " do not cover request action names");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (resourceResultsHasAdvices((Set)(results[0]))
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //get from server if there were advices in the cached decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //we do this only if cacheMode is self
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // changed to fix 4205 Policy client code has bottleneck when processing notificati
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // FIXME: remove the check for service name with the some fix on server
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster && IPLANET_AM_WEB_AGENT_SERVICE.equalsIgnoreCase(serviceName)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster resourceResults = getRESTResultsFromServer(appToken,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster resourceResults = getResultsFromServer(appToken,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster = new Long(System.currentTimeMillis() + cacheTtl);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.getResourceResults():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "would not contact server, "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + " would use results from cache ");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.getResourceResults("
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ": returning resourceResults");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private Set getRESTResultsFromServer(SSOToken appToken, String serviceName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOToken token, String resourceName, String scope,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throws InvalidAppSSOTokenException, SSOException,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AMIdentity userIdentity = IdUtils.getIdentity(token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String restUrl = getRESTPolicyServiceURL(token, scope);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String queryString = buildEntitlementRequestQueryString(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "/", serviceName, token, resourceName, actionNames, env);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.getRESTResultsFromServer():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":entering");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String jsonString = getResourceContent(appToken, token, restUrl);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.getRESTResultsFromServer():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":server response jsonString=" + jsonString);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster resourceResults = jsonResourceContentToResourceResults(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "rest_policy_request_exception",
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.getRESTResultsFromServer():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "returning");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns a set of <code>ResourceResult</code> objects from server.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Fresh resource results
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * are fetched from policy server and returned.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param appToken application sso token to identify the client to policy
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceName name of service for which to get resource results
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token session token of user for whom to get resource results
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param resourceName resource name for which to get resource results
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param scope the scope to be used while getting resource results
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param actionNames action names for which to get resource results
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param env environment map to use to get resource results
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return a set of <code>ResourceResult</code> objects
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws PolicyException if can not get resource results
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SSOException if session token is not valid
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws InvalidAppSSOTokenException if application session token
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * is not valid
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private Set getResultsFromServer(SSOToken appToken, String serviceName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOToken token, String resourceName, String scope,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throws InvalidAppSSOTokenException, SSOException,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster URL policyServiceUrl = getPolicyServiceURL(token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.getResultsFromServer():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":entering");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ResourceResultRequest rrRequest = new ResourceResultRequest();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster rrRequest.setUserSSOToken(token.getTokenID().toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster responseAttributes = getResponseAttributes(env);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.getResultsFromServer():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "responseAttributes to get="
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster rrRequest.setResponseAttributes(responseAttributes);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyRequest policyRequest = new PolicyRequest();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster policyRequest.setAppSSOToken(appToken.getTokenID().toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyRequest.POLICY_REQUEST_GET_RESOURCE_RESULTS);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster policyRequest.setResourceResultRequest(rrRequest);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyService ps = sendPLLRequest(policyServiceUrl, policyRequest);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String exceptionMessage = pr.getExceptionMsg();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "getResultsFromServer():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "getResultsFromServer():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + " appSSOToken is invalid");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "throwing InvalidAppSSOTokenException");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "server_reported_invalid_app_sso_token",
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "getResultsFromServer():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "response exception message="
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "server_reported_exception",
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "pll_send_request_exception",
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.getResultsFromServer():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "returning");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns policy decision computed from a set of
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>ResourceResult</code> objects
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param resourceResults resource results used to compute policy decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param resourceName resource name for which to get policy decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param resourceComparator <code>ResourceName</code>, resource
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * comparison algorithm used to compare resources
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return computed policy decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws PolicyException if can not get policy decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private PolicyDecision getPolicyDecisionFromResourceResults(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Iterator resultsIter = resourceResults.iterator();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean processed = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster processed = mergePolicyDecisions(pd, resourceResult,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster resourceName, resourceComparator, serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Merges policy decisions applicable to a resource
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * from a <code>ResourceResult</code> object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param pd a collector for merged policy decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param resourceResult <code>ResourceResult</code> from which
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * to find applicable policy decisions
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param resourceName resource name for which to get policy decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param resourceComparator <code>ResourceName</code>, resource
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * comparison algorithm used to compare resources
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceName service name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return a flag indicating whether more <code>ResourceResult</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * objects need to be visited to to compute the policy decision.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>true</code> is returned if no more <code>ResourceResult</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * objects need to be visited
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * a <code>ResourceResult</code> object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws PolicyException if can not get policy decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private boolean mergePolicyDecisions(PolicyDecision pd,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ResourceResult resourceResult, String resourceName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ResourceName resourceComparator, String serviceName)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean processed = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.mergePolicyDecisions():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":resourceResultResourceName="
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ResourceMatch result = resourceComparator.compare(resourceName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster resourceResult.getResourceName(), true); //wild card compare
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (result.equals(ResourceMatch.EXACT_MATCH)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster resetPolicyDecision(resourceResult.getPolicyDecision(), pd,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (result.equals(ResourceMatch.WILDCARD_MATCH)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster mergePolicyDecisions(resourceResult.getPolicyDecision(), pd,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (pd.getTimeToLive() < System.currentTimeMillis()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set resourceResults = resourceResult.getResourceResults();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Iterator resultsIter = resourceResults.iterator();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster processed = mergePolicyDecisions(pd, subResult,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster resourceName, resourceComparator, serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (result.equals(ResourceMatch.SUPER_RESOURCE_MATCH)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set resourceResults = resourceResult.getResourceResults();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Iterator resultsIter = resourceResults.iterator();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster processed = mergePolicyDecisions(pd, subResult,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster resourceName, resourceComparator, serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } // else NO_MATCH or SUBRESOURCE_MATCH nothing to do
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Merges two policy decisions
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param pd1 policy decision to be merged
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param pd2 policy decision to be merged into
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceName service name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return merged policy decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private PolicyDecision mergePolicyDecisions(PolicyDecision pd1,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyDecision pd2, String serviceName) { //pd2 is collector
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map actionDecisions1 = pd1.getActionDecisions();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ActionDecision ad1 = (ActionDecision) actionDecisions1.get(action);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster policyProperties.getTrueValue(serviceName, action),
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster policyProperties.getFalseValue(serviceName, action));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyUtils.appendMapToMap(pd1.getResponseAttributes(),
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyUtils.appendMapToMap(pd2.getResponseAttributes(),
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster pd2.setResponseAttributes(mergedReponseAttrsMap);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Merges two policy decisions
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param pd1 policy decision to be merged
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param pd2 policy decision to be merged into. Action decisions
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * present in the policy decision are cleared before merging
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceName service name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return merged policy decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private PolicyDecision resetPolicyDecision(PolicyDecision pd1,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyDecision pd2, String serviceName) { //pd2 is collector
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map actionDecisions1 = pd1.getActionDecisions();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map actionDecisions2 = pd2.getActionDecisions();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ActionDecision ad1 = (ActionDecision) actionDecisions1.get(action);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster policyProperties.getTrueValue(serviceName, action),
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster policyProperties.getFalseValue(serviceName, action));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyUtils.appendMapToMap(pd1.getResponseAttributes(),
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyUtils.appendMapToMap(pd2.getResponseAttributes(),
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster pd2.setResponseAttributes(mergedReponseAttrsMap);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Registers a listener with policy service to recieve
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * notifications on policy changes
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param appToken session token identifying the client
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceName service name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param notificationURL end point on the client that listens for
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * notifications
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster void addRemotePolicyListener(SSOToken appToken,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster addRemotePolicyListener(appToken, serviceName, notificationURL,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Registers a listener with policy service to recieve
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * notifications on policy changes
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param appToken session token identifying the client
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceName service name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param notificationURL end point on the client that listens for
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * notifications
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param reRegister flag indicating whether to register listener
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * even if it was already registered. <code>true</code> indicates
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * to register listener again even if it was previously registered
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean addRemotePolicyListener(SSOToken appToken,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean status = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.addRemotePolicyListener():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (remotePolicyListeners.contains(serviceName)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.addRemotePolicyListener():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":is already registered");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } //else do the following
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.addRemotePolicyListener():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((appToken != null) && (policyServiceURL != null)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyListenerRequest listenerReq = new PolicyListenerRequest();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster listenerReq.setNotificationURL(notificationURL);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster policyReq.setAppSSOToken(appToken.getTokenID().toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyRequest.POLICY_REQUEST_ADD_POLICY_LISTENER);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster policyReq.setPolicyListenerRequest(listenerReq);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyService ps = sendPLLRequest(policyServiceURL, policyReq);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "addRemotePolicyListener():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster == PolicyResponse.POLICY_ADD_LISTENER_RESPONSE) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "addRemotePolicyListener():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":add succeeded");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.addRemotePolicyListener():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + " no result");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.addRemotePolicyListener():",e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Removes a listener registered with policy service to recieve
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * notifications on policy changes
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param appToken session token identifying the client
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceName service name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param notificationURL end point on the client that listens for
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * notifications
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public boolean removeRemotePolicyListener(SSOToken appToken,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean status = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster policyServiceURL = getPolicyServiceURL(appToken);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.removeRemotePolicyListener():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((appToken != null) && (policyServiceURL != null)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster RemoveListenerRequest rmReq = new RemoveListenerRequest();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster policyReq.setAppSSOToken(appToken.getTokenID().toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyRequest.POLICY_REQUEST_REMOVE_POLICY_LISTENER);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyService ps = sendPLLRequest(policyServiceURL, policyReq);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "removeRemotePolicyListener():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster == PolicyResponse.POLICY_REMOVE_LISTENER_RESPONSE) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "removeRemotePolicyListener():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "no result");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.removeRemotePolicyListener():",
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Processes policy notifications forwarded from listener end
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * point of policy client
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param pn policy notification
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster static void processPolicyNotification(PolicyNotification pn)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache:processPolicyNotification():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ResourceResultCache cache = ResourceResultCache.getInstance();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyChangeNotification pcn = pn.getPolicyChangeNotification();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (cache.remotePolicyListeners.contains(serviceName)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set affectedResourceNames = pcn.getResourceNames();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "processPolicyNotification():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":affectedResourceNames="
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":clearing cache for affected "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "resource names");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "processPolicyNotification():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "serviceName not registered"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":no resource names cleared from cache");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "processPolicyNotification():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "serviceName is null"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":no resource names cleared from cache");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.processPolicyNotification()"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "PolicyNotification is null");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Registers policy notification handler with <code>PLLClient</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param handler policy notification handler
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PLLClient.addNotificationHandler(POLICY_SERVICE_ID_FOR_NAMING,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "registerHandlerWithPLLClient():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "registered notification handler");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "registerHandlerWithPLLClient():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns policy service URL based on session token
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token session token of user
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return policy service URL based on session token
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws PolicyException if can not get policy service URL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster static URL getPolicyServiceURL(SSOToken token) throws
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String ssoTokenID = token.getTokenID().toString();
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott Session session = sessionCache.getSession(sid);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster URL sessionServiceURL = session.getSessionServiceURL();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String protocol = sessionServiceURL.getProtocol();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.getPolicyServiceURL():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "policy_service_url_not_found",
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.getPolicyServiceURL():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "policy_service_url_not_found",
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Processes session token change ntofication
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param tokenEvent session token change notification event
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void ssoTokenChanged(SSOTokenEvent tokenEvent) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String tokenID = tokenEvent.getToken().getTokenID().toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.ssoTokenChanged():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "for tokenID=" + SECRET_MASK); //mask tokenID
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster synchronized(resultCache) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String serviceName = (String)serviceIter.next();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map resourceTokenIDsMap = (Map)resultCache.get(serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set resources = (Set)resourceTokenIDsMap.keySet();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean tokenPresent = tokenRegistry.remove(tokenID);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ( (tokenPresent == false) &&
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + " not found in Token Registry.");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "ssoTokenChanged():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "removing cache results for "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.warning("ResourceResultCache.ssoTokenChanged():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "Exception caught", t);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Clears cached decisions for a set of resources
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceName service name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param affectedResourceNames affected resource names
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static void clearCacheForResourceNames(String serviceName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster = (Map)(resourceResultCache.resultCache).get(serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Iterator arIter = affectedResourceNames.iterator();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "clearCacheForResourceNames():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster synchronized (resourceTokenIDsMap) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set cachedResourceNames = resourceTokenIDsMap.keySet();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Iterator crIter = cachedResourceNames.iterator();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "clearCacheForResourceNames():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "clearCacheForResourceNames():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "cleared cached results for "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":match=SAME RESOURCE NAME");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "clearCacheForResourceNames():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "cleared cached results for "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":match=EXACT_MATCH");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (rm.equals(ResourceMatch.WILDCARD_MATCH)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "clearCacheForResourceNames():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "cleared cached results for "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":match=WILD_CARD_MATCH");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "clearCacheForResourceNames():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "cleared cached results for "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":match=SUB_RESOURCE_MACTH");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns response attribute names specified in environment map
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param env environment map
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster responseAttributes = (Set) env.get(GET_RESPONSE_ATTRIBUTES);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns a new request ID. Used in identifying request messages
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * sent to policy service
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return a new request ID. Used in identifying request messages
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * sent to policy service
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster synchronized(REQUEST_ID_LOCK) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns root resource name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param resource resource name from which to compute root resource name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceName service name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return root resource name computed from resource name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private String getRootResourceName(String resource, String serviceName) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster = policyProperties.getResourceComparator(serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((resource != null) && (resource.length() != 0)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String[] resources = resourceComparator.split(resource);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster rootResource = resource.substring(0, index) + rootResource;
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee * Returns names of policy advices that could be handled by OpenAM
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee * Enterprise if PEP redirects user agent to OpenAM.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param appToken application sso token that would be used while
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee * communicating to OpenAM
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param refetchFromServer indicates whether to get the values fresh
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee * from OpenAM or return the values from local cache.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If the server reports app sso token is invalid, a new app sso
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * token is created and one more call is made to the server.
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee * @return names of policy advices that could be handled by OpenAM
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws InvalidAppSSOTokenException if the server reported that the
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee * app sso token provided was invalid
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws PolicyEvaluationException if the server reported any other error
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws PolicyException if there are problems in getting the advice
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SSOException if the appToken is detected to be invalid
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * at the client
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set getAdvicesHandleableByAM(SSOToken appToken, boolean refetchFromServer)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throws InvalidAppSSOTokenException, PolicyException, SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.getAdvicesHandleableByAM():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":entering");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ( (advicesHandleableByAM != null) && !refetchFromServer ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.getAdvicesHandleableByAM():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":returning cached advices"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.getAdvicesHandleableByAM():",
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((appToken != null) && (policyServiceURL != null)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster policyReq.setAppSSOToken(appToken.getTokenID().toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyRequest.POLICY_REQUEST_ADVICES_HANDLEABLE_BY_AM_REQUEST);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyService ps = sendPLLRequest(policyServiceURL, policyReq);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "getAdvicesHandleableByAM():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String exceptionMessage = psres.getExceptionMsg();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if(exceptionMessage.indexOf(ResBundleUtils.getString(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "getAdvicesHandleableByAM():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + " response exception "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "AdvicesHandleableByAM():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + " appSSOToken is invalid");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "throwing InvalidAppSSOTokenException");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "server_reported_invalid_app_sso_token",
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "AdvicesHandleableByAM():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "response exception message="
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "server_reported_exception",
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "getAdvicesHandleableByAM():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.getAdvicesHandleableByAM()"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster +":no result");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.getAdvicesHandleableByAM():",
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.getAdvicesHandleableByAM():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":returning advicesHandleableByAM"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Clears cached policy decisions
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceName service name for which cached decisions
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * would be cleared
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster void clearCachedDecisionsForService(String serviceName) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "clearCachedDecisionsForService():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster synchronized(resultCache) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Return a PolicyService object based on the XML document received
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * from remote Policy Server. This is in response to a request that we
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * send to the Policy server.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param policyServiceUrl The URL of the Policy Service
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param preq The SessionRequest XML document
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return PolicyService
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @exception SendRequestException is thrown if there was an error in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * sending the XML document or PolicyException if there are any parsing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static PolicyService sendPLLRequest(URL policyServiceUrl,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyRequest preq) throws SendRequestException,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyService policyService = new PolicyService();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster policyService.setMethodID(PolicyService.POLICY_REQUEST_ID);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String xmlString = policyService.toXMLString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster = new RequestSet(PolicyService.POLICY_SERVICE);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.sendPLLRequest:"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "sending PLL request to URL=" + policyServiceUrl
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Vector responses = PLLClient.send(policyServiceUrl, lbcookie, requestSet);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Response response = (Response) responses.elementAt(0);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyService ps = PolicyService.parseXML(response.getContent());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.sendPLLRequest:"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns lbcookie value for the Session
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott * @param preq policy request
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return lbcookie name and value pair
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws Exception if session in request is invalid
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getLBCookie(PolicyRequest preq) throws Exception{
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ResourceResultRequest rrReq = preq.getResourceResultRequest();
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott lbcookie = sessionCookies.getLBCookie(rrReq.getUserSSOToken());
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott lbcookie = sessionCookies.getLBCookie(preq.getAppSSOToken());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private boolean resourceResultsHasAdvices(Set resourceResults) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean hasAdvices = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ResourceResult rr = (ResourceResult)rrIter.next();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private String getRESTPolicyServiceURL(SSOToken token, String scope)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster URL policyServiceURL = getPolicyServiceURL(token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster restUrl = restUrl.replace(POLICY_SERVICE, REST_POLICY_SERVICE);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.getRESTPolicyServiceURL():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static Set<String> mapActionBooleanToString(String serviceName, String actionName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String getResourceContent(SSOToken appToken, SSOToken userToken, String url)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster conn = HttpURLConnectionManager.getConnection(new URL(url));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster new InputStreamReader(conn.getInputStream(), "UTF-8"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while ((len = reader.read(buf, 0, buf.length)) != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (responseCode == HttpURLConnection.HTTP_MOVED_TEMP) { // got a 302
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.warning("ResourceResultCache.getResourceContent():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "got 302 redirect");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.warning("ResourceResultCache.getResourceContent():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "throwing InvalidAppSSOTokenException");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "rest_call_to_server_caused_302",
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (responseCode != HttpURLConnection.HTTP_OK) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "ResourceResultCache.getResourceContent():" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "REST call failed with HTTP response code:" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "Entitlement REST call failed with error code:" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // should not happen
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.getResourceContent():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "UnsupportedEncodingException:" + uee.getMessage());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new PolicyException(ResBundleUtils.rbName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "rest_call_failed_with_io_exception", null, ie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String cookieValue = appToken.getTokenID().toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SystemProperties.get(Constants.AM_COOKIE_ENCODE, "false"))) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster cookieValue = URLEncoder.encode(cookieValue, "UTF-8");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String cookieName = SystemProperties.get(Constants.AM_COOKIE_NAME,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "iPlanetDirectoryPro");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster conn.setRequestProperty("Cookie", cookieName + "=" + cookieValue);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String userTokenId = userToken.getTokenID().toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String userTokenIdHeader = "ssotoken:" + userTokenId;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster conn.setRequestProperty("X-Query-Parameters", userTokenIdHeader);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set<ResourceResult> jsonResourceContentToResourceResults(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String jsonResourceContent, String serviceName)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster jsonObject = new JSONObject(jsonResourceContent);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.jsonResourceContentToResourceResults():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "json parsing error of response: " + jsonResourceContent);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "error_rest_reponse",
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster int statusCode = jsonObject.optInt("statusCode");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.jsonResourceContentToResourceResults():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "statusCode=" + statusCode + ", error response");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "error_rest_reponse",
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.jsonResourceContentToResourceResults():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "does not have decisions object");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "error_rest_reponse",
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster JSONArray jsonArray = jsonObject.optJSONArray("results");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster (ResourceName)policyProperties.getResourceComparator(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ResourceResult virtualResourceResult = new ResourceResult(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ResourceResult rr = jsonEntitlementToResourceResult(jo,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster virtualResourceResult.addResourceResult(rr, resourceComparator);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster resourceResults = virtualResourceResult.getResourceResults();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String resourceName = jsonObject.optString("resourceName");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster = jsonEntitlementToResourceResult(jsonObject, serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster resourceResults = new HashSet<ResourceResult>();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.jsonResourceContentToResourceResults():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "does not have results or resourceName object");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "error_rest_reponse",
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ResourceResult jsonEntitlementToResourceResult(JSONObject jsonEntitlement,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String resultResourceName = jsonEntitlement.optString(JSON_RESOURCE_NAME);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map<String, Set<String>> actionsValues = JSONUtils.getMapStringSetString(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map<String, Set<String>> advices = JSONUtils.getMapStringSetString(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map<String, Set<String>> attributes = JSONUtils.getMapStringSetString(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set<String> actValues = actionsValues.get(actName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster actValues = mapActionBooleanToString(serviceName, actName, actValues);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ActionDecision ad = new ActionDecision(actName, actValues);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ResourceResult resourceResult = new ResourceResult(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Registers a REST listener with policy service to recieve
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * notifications on policy changes
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param appToken session token identifying the client
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceName service name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param notificationURL end point on the client that listens for
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * notifications
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster void addRESTRemotePolicyListener(SSOToken appToken,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster addRESTRemotePolicyListener(appToken, serviceName, notificationURL,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Registers a REST listener with policy service to recieve
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * notifications on policy changes
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param appToken session token identifying the client
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceName service name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param notificationURL end point on the client that listens for
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * notifications
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param reRegister flag indicating whether to register listener
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * even if it was already registered. <code>true</code> indicates
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * to register listener again even if it was previously registered
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean addRESTRemotePolicyListener(SSOToken appToken,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean status = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.addRESTRemotePolicyListener():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (remotePolicyListeners.contains(serviceName)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.addRESTRemotePolicyListener():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":is already registered");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } //else do the following
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "addRESTRemotePolicyListener():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":policyServiceListenerURL=" + policyServiceListenerURL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set<String> resourceNames = new HashSet<String>();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String queryString = buildRegisterListenerQueryString(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // FIXME: what do we check in the content?
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // FIXME: check the response, detect error conditions?
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "addRESTRemotePolicyListener():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.addRESTRemotePolicyListener():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "Can not add policy listner", e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.addRESTRemotePolicyListener():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.addRESTRemotePolicyListener():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // log a debug message: not registering listener
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.addRESTRemotePolicyListener():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "not adding listener, app sso token is null");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Removes a REST listener registered with policy service to recieve
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * notifications on policy changes
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param appToken session token identifying the client
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param serviceName service name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param notificationURL end point on the client that listens for
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * notifications
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public boolean removeRESTRemotePolicyListener(SSOToken appToken,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean status = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster policyServiceURL = getPolicyServiceURL(appToken);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.removeRemotePolicyListener():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "removeRESTRemotePolicyListener():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":policyServiceListenerURL=" + policyServiceListenerURL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append(policyServiceListenerURL).append("/");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append(URLEncoder.encode(notificationURL, "UTF-8"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String resourceContent = deleteRESTResourceContent(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // FIXME: what do we check in the content
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "removeRESTRemotePolicyListener():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.addRESTRemotePolicyListener():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "Can not add policy listner", e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.addRESTRemotePolicyListener():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.removeRESTRemotePolicyListener():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // log a debug message: not removing listener
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // log a debug message: not registering listener
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.removeRESTRemotePolicyListener():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "not removing listener, app sso token is null");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Processes REST policy notifications forwarded from listener end
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * point of policy client
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param pn REST policy notification
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster static void processRESTPolicyNotification(String pn) //pn has to be JSON string
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // samplePn = "{realm: "/", privilgeName: "p1", resources: ["r1", "r2"]}";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache:processRESTPolicyNotification(), jsonString:"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ResourceResultCache cache = ResourceResultCache.getInstance();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // FIXME after servre side is fixed to provide serviceName in notification
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String serviceName = "iPlanetAMWebAgentService";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster JSONArray jsonArray = jo.optJSONArray("resources");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.processRESTPolicyNotification():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new PolicyEvaluationException("notification_not_valid_json");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (serviceName != null && affectedResourceNames != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (cache.remotePolicyListeners.contains(serviceName)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "processRESTPolicyNotification():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":affectedResourceNames="
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":clearing cache for affected "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "resource names");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "processRESTPolicyNotification():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "serviceName not registered"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":no resource names cleared from cache");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "processRESTPolicyNotification():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "serviceName or affectedResourceNames is null"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ":no resource names cleared from cache");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.processRESTPolicyNotification()"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "PolicyNotification is null");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private String getRESTPolicyServiceListenerURL(SSOToken token)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster URL policyServiceURL = getPolicyServiceURL(token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster restUrl = restUrl.replace(POLICY_SERVICE, REST_POLICY_SERVICE_LISTENER);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ResourceResultCache.getRESTPolicyServiceURL():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String postForm(SSOToken appToken, String url, String formContent)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "postForm():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster conn = HttpURLConnectionManager.getConnection(new URL(url));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while ((len = reader.read(buf, 0, buf.length)) != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // any 200 series response code is success
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (responseCode < 200 || responseCode > 299) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "postForm():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "REST call failed with HTTP response code:"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "Entitlement REST call failed with error code:"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // should not happen
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.postFormParams():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "UnsupportedEncodingException:" + uee.getMessage());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.postForm():IOException:"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new PolicyException(ResBundleUtils.rbName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "rest_call_failed_with_io_exception", null, ie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private String deleteRESTResourceContent(SSOToken appToken, String url)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster conn = HttpURLConnectionManager.getConnection(new URL(url));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster reader = new BufferedReader(new InputStreamReader(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while ((len = reader.read(buf, 0, buf.length)) != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "deleteRESTResourceContent():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "REST call failed with HTTP response code:"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "Entitlement REST call failed with error code:"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // should not happen
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.deleteRESTResourceContent():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "UnsupportedEncodingException:" + uee.getMessage());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new PolicyException(ResBundleUtils.rbName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "rest_call_failed_with_io_exception", null, ie);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster static String buildRegisterListenerQueryString(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String serviceName, // called application in entitlement
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set<String> resourceNames) throws PolicyException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.warning("ResourceResultCache.builRegisterListenerdQueryString():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "admin is null");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new PolicyException(ResBundleUtils.rbName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String tokenId = appToken.getTokenID().toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append(URLEncoder.encode(hashedTokenId, "UTF-8"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((serviceName == null) || (serviceName.length() == 0)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.warning("ResourceResultCache.builRegisterListenerdQueryString():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "serviceName can not be null");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new PolicyException(ResBundleUtils.rbName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append(URLEncoder.encode(serviceName, "UTF-8"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((resourceNames == null) || resourceNames.isEmpty()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.warning("ResourceResultCache.builRegisterListenerdQueryString():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "resoureNames is null or empty");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append(URLEncoder.encode(resourceName, "UTF-8"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // should not happen
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.buildRegisterListenerQueryString():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster static String buildEntitlementRequestQueryString(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster realm = (realm == null || (realm.trim().length() == 0)) ? "/"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((serviceName == null) || (serviceName.length() == 0)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "buildEntitlementRequestQueryString():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "serviceName can not be null");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new PolicyException(ResBundleUtils.rbName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append("&").append(REST_QUERY_APPLICATION).append("=");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append(URLEncoder.encode(serviceName, "UTF-8"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "buildEntitlementRequestQueryString():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "subject can not be null");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new PolicyException(ResBundleUtils.rbName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String userTokenId = userToken.getTokenID().toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String hashedUserTokenId = Hash.hash(userTokenId);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append("&").append(REST_QUERY_SUBJECT).append("=");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append(URLEncoder.encode(hashedUserTokenId, "UTF-8"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((resource == null) || (resource.trim().length() == 0)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "buildEntitlementRequestQueryString():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "resource can not be null");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new PolicyException(ResBundleUtils.rbName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append("&").append(REST_QUERY_RESOURCE).append("=");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append(URLEncoder.encode(resource, "UTF-8"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((actionNames != null) && !actionNames.isEmpty()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append("&").append(REST_QUERY_ACTION).append("=");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append(URLEncoder.encode(actObj.toString(), "UTF-8"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String encodedEq = URLEncoder.encode("=", "UTF-8");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String key = URLEncoder.encode(keyOb.toString(), "UTF-8");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append("&").append(REST_QUERY_ENV).append("=");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append(URLEncoder.encode(valueOb.toString(), "UTF-8"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // should not happen
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ResourceResultCache.buildEntitlementRequestQueryString():"