/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: AuthenticatedSharedAgentsCondition.java,v 1.7 2009/09/09 23:52:28 veiming Exp $
*
*/
/**
* The class <code>AuthenticatedSharedAgentsCondition</code> checks
* if the authenticated shared agent has the agent name it is trying to read.
*/
// Instance variables
// Configuration property names
// Debug file
// Constants for constructing resource names
"/sunIdentityRepositoryService/1.0/application/";
/** No argument constructor
*/
public AuthenticatedSharedAgentsCondition() {
try {
version);
}
scm.addListener(this);
}
} catch (SMSException smse) {
if (debug.warningEnabled()) {
+ "Unable to init scm due to " + smse);
}
} catch (SSOException ssoe) {
if (debug.warningEnabled()) {
+ "Unable to init scm due to " + ssoe);
}
}
}
/**
* Returns a set of property names for the condition.
*
* @return set of property names
*/
{
return (propertyNames);
}
/**
* Returns the syntax for a property name
* @see com.sun.identity.policy.Syntax
*
* @param property <code>String</code> representing property name
*
* @return <code>Syntax<code> for the property name
*/
{
}
/**
* Gets the display name for the property name.
* The <code>locale</code> variable could be used by the plugin to
* customize the display name for the given locale.
* The <code>locale</code> variable could be <code>null</code>, in which
* case the plugin must use the default locale.
*
* @param property property name.
* @param locale locale for which the property name must be customized.
* @return display name for the property name.
* @throws PolicyException if unable to get display name
*/
throws PolicyException
{
return property;
}
/**
* Returns a set of valid values given the property name. This method
* is called if the property Syntax is either the SINGLE_CHOICE or
* MULTIPLE_CHOICE.
*
* @param property <code>String</code> representing property name
* @return Set of valid values for the property.
* @exception PolicyException if unable to get the Syntax.
*/
{
return (Collections.EMPTY_SET);
}
/**
* Sets the properties of the condition.
* Evaluation of ConditionDecision is influenced by these properties.
* @param properties of the condition that governs
* whether a policy applies. The only defined property
* is <code>attributes</code>
*/
this.properties = properties;
}
/** Gets the properties of the condition.
* @return map view of properties that govern the
* evaluation of the condition decision
* @see #setProperties(Map)
*/
return (properties == null)
}
/**
* Gets the decision computed by this condition object.
*
* @param token single sign on token of the user
*
*
* @return the condition decision. The condition decision
* encapsulates whether a policy applies for the request.
*
* Policy framework continues evaluating a policy only if it
* applies to the request as indicated by the CondtionDecision.
* Otherwise, further evaluation of the policy is skipped.
*
* @throws SSOException if the token is invalid
*/
throws PolicyException, SSOException {
boolean allowed = false;
if (debug.messageEnabled()) {
"getConditionDecision: " +
", requestedResourcename: "
}
try {
} catch (SSOException ssoe) {
// Debug it and throe error message.
if (debug.messageEnabled()) {
+"getConditionDecision: invalid sso token: "
+ ssoe.getMessage());
}
throw ssoe;
} catch (IdRepoException ide) {
// Debug it and throw converted policy exception.
if (debug.messageEnabled()) {
+"getConditionDecision IdRepo exception: ", ide);
}
throw new PolicyException(ide);
}
// Get the resource name from the env
if (debug.messageEnabled()) {
+"getConditionDecision:"
}
if (o != null) {
if (o instanceof String ) {
resourceName = (String) o;
} else if (o instanceof Set) {
}
} else if (debug.warningEnabled()) {
resourceName = "";
+"getConditionDecision: Unable to get resource name");
}
// agent.
// Iterate and compare the agents from the shared list with
// the ones under resource from env and if equal assign true.
// resource from env might be a single element Set.
try {
}
return new ConditionDecision(false);
}
} else {
}
if (debug.messageEnabled()) {
"getConditionDecision: agentsFromEnv: " +
}
}
// Check in cache
if ((sharedAgentsCache != null) &&
if (agentsfromCache != null &&
!agentsfromCache.isEmpty()) {
}
return new ConditionDecision(allowed);
}
// If not in cache.
// Return the attributes for the given agent under
// default group.
if (debug.messageEnabled()) {
"getConditionDecision: agentsToRead: " +
}
}
// Update the cache.
} catch (IdRepoException idpe) {
"getConditionDecision(): Unable to read agent"+
throw new PolicyException(idpe);
}
}
return new ConditionDecision(allowed);
}
/*
* This check is for the resource name like this is constructed
* from the delegation service while getting the permission
* requestedResourcename:
* [sms://dc=openam,dc=forgerock,dc=org/sunIdentityRepositoryService
* /1.0/application/agentonly/http://quasar.red.iplanet.com:7001/
*/
// Get the index after the realm name
if (ndx != -1) {
// Get the substring after the realm, server name, version and
// application.
// Find the next index of "/" to bypass the agent type
if (ndx != -1) {
// Get the agent name
}
}
return (agentName);
}
/**
* Returns a copy of this object.
*
* @return a copy of this object
*/
try {
} catch (CloneNotSupportedException e) {
throw new InternalError();
}
return theClone;
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.sm.ServiceListener#globalConfigChanged(
* java.lang.String,
* java.lang.String, java.lang.String, java.lang.String, int)
*/
if (debug.messageEnabled()) {
"globalConfigChanged..");
}
clearCache();
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.sm.ServiceListener#organizationConfigChanged(
* java.lang.String,
* java.lang.String, java.lang.String, java.lang.String,
* java.lang.String, int)
*/
{
if (debug.messageEnabled()) {
"organizationConfigChanged..");
}
clearCache();
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.sm.ServiceListener#schemaChanged(java.lang.String,
* java.lang.String)
*/
if (debug.messageEnabled()) {
}
clearCache();
}
// Returns the attributes from the agent's profile.
if (debug.messageEnabled()) {
"getAttributes() called:AgentName- " + agentName);
}
try {
// Get the agent's config and then it's attributes.
}
} catch (SMSException sme) {
}
return (answer);
}
// Returns the organization configuration of the 'default' group
// from AgentService.
if (debug.messageEnabled()) {
"getOrgConfig() called. ");
}
try {
// Check in cache first
if (orgConfigCache.isValid()) {
return (orgConfigCache);
}
}
version);
}
// Update the realm cache.
} catch (SMSException smse) {
if (debug.warningEnabled()) {
"getOrgConfig(): Unable to get organization config "+
"due to " + smse);
}
} catch (SSOException ssoe) {
if (debug.warningEnabled()) {
"getOrgConfig(): Unable to get organization config "+
"due to " + ssoe);
}
}
return (orgConfigCache);
}
// Cache to store the agents configured for the "sharedAgentName".
Set agentsToRead) {
}
// Clears the cache where shared agent name and it's list of
// agents to be read are stored.
// Clears the cache where realm name and the service configuration
// for the realm are stored.
static void clearCache() {
}
// Cache to store the realm name and the organization config.
if (debug.messageEnabled()) {
"update cache for realm " + realmName);
}
realmCache = rmap;
}
/*
* Returns the permission for the shared agent to read the profile
* other agents by comparing the agent from resource from env
* parameter and from the token's list.
*/
boolean allowed = false;
allowed = true;
if (debug.messageEnabled()) {
+ "getPermission(): returning true.");
}
break;
}
}
}
}
if (!allowed) {
if (debug.messageEnabled()) {
+ "getPermission(): returning false.");
}
}
return (allowed);
}
/* Splits the given resource name
* @param res the resource name to be split
* @return an array of (String) split resource names
*/
int n = st.countTokens();
for (int i = 0; i < n; i++) {
}
return retVal;
}
}