/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: IDRepoResponseProvider.java,v 1.4 2008/06/25 05:43:51 qcheng Exp $
*
*/
/*
* Portions Copyrighted [2011] [ForgeRock AS]
*/
/**
* This class is an out of the box implementation of
* <code>ResponseProvider</code> interface. It defines 2 types of user
* attributes which it can fetch the values of: <code>STATIC</code>
* and <code>DYNAMIC</code>.
* It relies on underlying Identity repository service to
* fetch the attribute values for the Subject(s) defined in the policy.
* It computes a <code>Map</code> of response attributes
* based on the sso token, resource name and <code>env</code> map passed
* in the method call <code>getResponseDecision()</code>.
*
* Policy framework would make a call to the ResponseProvider to fetch
* response attributes in a policy only if the policy is applicable to a
* request as determined by sso token, resource name, Subjects and Conditions.
*
*/
private boolean initialized=false;
static {
}
/**
* No argument constructor.
*/
public IDRepoResponseProvider () {
}
/**
* Initialize the IDRepoResponseProvider object by using the configuration
* information passed by the Policy Framework.
* @param configParams the configuration information
* @exception PolicyException if an error occured during
* initialization of the instance
*/
if (DEBUG.messageEnabled()) {
+ "entering");
}
if (configParams == null) {
}
// get the organization name
}
if ( validDynamicAttrNames == null) {
}
initialized = true;
if (DEBUG.messageEnabled()) {
+ "initialized with:"
+ "orgName=" + orgName
+ ",validDynamicAttrNames=" + validDynamicAttrNames);
}
}
/**
* Returns a list of property names for the responseprovider.
*
* @return <code>List</code> of property names
*/
return propertyNames;
}
/**
* Returns the syntax for a property name
* @see com.sun.identity.policy.Syntax
*
* @param property property name
*
* @return <code>Syntax<code> for the property name
*/
}
return (Syntax.MULTIPLE_CHOICE);
}
}
/**
* Gets the display name for the property name.
* The <code>locale</code> variable could be used by the plugin to
* customize the display name for the given locale.
* The <code>locale</code> variable could be <code>null</code>, in which
* case the plugin must use the default locale.
*
* @param property property name
* @param locale locale for which the property name must be customized
* @return display name for the property name.
* @throws PolicyException
*/
throws PolicyException {
return property;
}
/**
* Returns a set of valid values given the property name. This method
* is called if the property Syntax is either the SINGLE_CHOICE or
* MULTIPLE_CHOICE.
*
* @param property property name
* from the PolicyConfig Service configured for the specified realm.
* @return Set of valid values for the property.
* @exception PolicyException if unable to get the Syntax.
*/
if (!initialized) {
}
return validDynamicAttrNames;
} else {
return Collections.EMPTY_SET;
}
}
/** Sets the properties of the responseProvider plugin.
* This influences the response attribute-value Map that would be
* computed by a call to method <code>getResponseDecision(Map)</code>
* These attribute-value pairs are encapsulated in
* <code>ResponseAttribute</code> element tag which is a child of the
* <code>PolicyDecision</code> element in the PolicyResponse xml
* if the policy is applicable to the user for the resource, subject and
* conditions defined.
* @param properties the properties of the responseProvider
* Keys of the properties have to be String.
* Value corresponding to each key have to be a Set of String
* elements. Each implementation of ResponseProvider could add
* further restrictions on the keys and values of this map.
* @throws PolicyException for any abnormal condition
*/
if (DEBUG.messageEnabled()) {
+ "entering with properties=" + properties);
}
throw new PolicyException(
}
this.properties = properties;
//Check if the keys needed for this provider are present namely
// STATIC_ATTRIBUTE and DYNAMIC_ATTRIBUTE
throw new PolicyException(
}
//validates STATIC_ATTRIBUTE and caches parsed static attributes map
}
//validates DYNAMIC_ATTRIBUTE and caches parsed
// responseAttrNames, repoAttrNames, responseAttrToRepoAttr
if (dynamicSet != null) {
}
if (DEBUG.messageEnabled()) {
+ "returning");
}
}
/** Gets the properties of the responseprovider
* @return properties of the responseprovider
* @see #setProperties
*/
return (properties == null)
}
/**
* Gets the response attributes computed by this ResponseProvider object,
* based on the sso token and map of environment parameters
*
* @param token single-sign-on token of the user
*
* @return a Map of response attributes.
* Keys of the Map are attribute names STATIC_ATTRIBUTE or
* DYNAMIC_ATTRIBUTE.
* Value is a Set of Strings representing response attribute
* values.
*
* @throws PolicyException if the decision could not be computed
* @throws SSOException if SSO token is not valid
*
*/
if (DEBUG.messageEnabled()) {
+ "entering");
}
if (staticResponse != null) {
if (DEBUG.messageEnabled()) {
+ "getResponseDecision():"
+ "adding staticResponse=" + staticResponse);
}
}
try {
}
}
}
}
if (DEBUG.messageEnabled()) {
+ "getResponseDecision():"
+ "adding dynamicResponse=" + dynamicResponse);
}
} else {
"getResponseDecision(): Principal is null");
}
} catch (IdRepoException ide) {
throw new PolicyException(ide);
}
}
if (DEBUG.messageEnabled()) {
+ "returning response=" + returnValues);
}
return returnValues;
}
/**
* This method validates the STATIC_ATTRIBUTE data
* for format and caches parsed static attributes map
* Needs to be in "attr=val" format.
* Else, throws PolicyException
*/
throws PolicyException {
if (DEBUG.messageEnabled()) {
+ "entering with staticSet=" + staticSet);
}
staticResponse = new HashMap();
+ ".validateStaticAttribute():"
+ " Invalid format in defining StaticAttribute, needs"
+ " to be attr=value format");
} else {
if (DEBUG.messageEnabled()) {
+ "validateStaticAttribute():"
+ "attrName=" + attrName
+ ",values=" + values);
+ "validateStaticAttribute():"
+ "caching staticResponse:"
+ staticResponse );
}
}
}
}
if (DEBUG.messageEnabled()) {
+ "returning");
}
}
/**
* This method validates the DYNAMIC_ATTRIBUTE data
* for format and caches parsed
* responseAttrNames, repoAttrNames
* Strings in the Set need to be in "responseAttr=repoAttr" format
* Else, throws PolicyException
*/
throws PolicyException {
if (DEBUG.messageEnabled()) {
+ "entering with dynamicSet=" + dynamicSet);
}
responseAttrNames = new HashSet();
repoAttrNames = new HashSet();
responseAttrToRepoAttr = new HashMap();
/* check if the attribute names being set in DYNAMIC_ATTRIBUTE
* are valid i.e are as defined in policy config service.
* Parse and store responseAttrNames and repoAttrNames
*/
if (DEBUG.messageEnabled()) {
+"valid dynamic attributes:" + validDynamicAttrNames);
}
if (DEBUG.messageEnabled()) {
+"selected dynamic attributes:" + dynamicAttrs);
}
while (dynamicAttrsIter.hasNext()) {
if (DEBUG.warningEnabled()) {
+"validateDynamicAttribute():Invalid dynamic property "
+"encountered:"+attr);
}
continue;
}
if (DEBUG.messageEnabled()) {
+ "validateDynamicAttribute():"
+"responseAttrName=" + responseAttrName
+ ", repoAttrName=" + repoAttrName);
}
}
if (DEBUG.messageEnabled()) {
+ "responseAttrToRepoAttr=" + responseAttrToRepoAttr);
+ "returning");
}
}
throws PolicyException {
if (dynamicAttrName != null) {
int delimiterIndex
if (delimiterIndex == 0) {
throw new PolicyException(
} else if (delimiterIndex < 0) {
throw new PolicyException(
}
} else {
throw new PolicyException(
}
}
}
return parsedNames;
}
if (idRepoAttrNames == null) {
idRepoAttrNames = new HashSet();
}
}
private void clearProperties() {
properties = null;
}
/**
* Returns a copy of this object.
*
* @return a copy of this object
*/
try {
} catch (CloneNotSupportedException e) {
// this should never happen
throw new InternalError();
}
if (validDynamicAttrNames != null) {
}
if (properties != null) {
}
}
if (staticResponse != null) {
}
}
if (responseAttrNames != null) {
}
if (repoAttrNames != null) {
}
if (responseAttrToRepoAttr != null) {
}
}
return theClone;
}
}