8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: SessionPropertyCondition.java,v 1.4 2008/06/25 05:43:52 qcheng Exp $
e60a1cf74ca44a3bb3e3fe63b106e6ef6dca910fPhill Cunnington * Portions Copyright 2014 ForgeRock AS
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.policy.interfaces.Condition;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.policy.ConditionDecision;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The class <code>SessionPropertyCondition</code> is a plugin
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * implementation of <code>Condition</code> interface.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This condition checks whether session properties contain at least
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * one value of the each property listed in the <code>Condition</code>
e60a1cf74ca44a3bb3e3fe63b106e6ef6dca910fPhill Cunnington * @deprecated Use {@link org.forgerock.openam.entitlement.conditions.environment.SessionPropertyCondition} instead.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpublic class SessionPropertyCondition implements Condition {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final boolean IGNORE_VALUE_CASE_DEFAULT = true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String IGNORE_VALUE_CASE_FALSE_STRING = "false";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private List propertyNames = Collections.EMPTY_LIST;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster = Debug.getInstance(PolicyManager.POLICY_DEBUG_NAME);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private boolean ignoreValueCase = IGNORE_VALUE_CASE_DEFAULT;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * No argument constructor
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns a <code>List</code> of property names for the condition.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>List</code> of property names
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the syntax for a property name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @see com.sun.identity.policy.Syntax
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param property <code>String</code> representing property name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>Syntax<code> for the property name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public Syntax getPropertySyntax(String property)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Gets the display name for the property name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The <code>locale</code> variable could be used by the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * plugin to customize the display name for the given locale.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The <code>locale</code> variable could be <code>null</code>, in which
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * case the plugin must use the default locale.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param property <code>String</code> representing property name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param locale <code>Locale</code> for which the property name must be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * customized.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return display name for the property name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @exception PolicyException if unable to get the display name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public String getDisplayName(String property, Locale locale)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns a set of valid values given the property name. This method
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * is called if the property Syntax is either the SINGLE_CHOICE or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * MULTIPLE_CHOICE.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param property <code>String</code> representing property name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>Set</code> of valid values for the property.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @exception PolicyException if unable to get the <code>Set</code> of
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * valid values.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public Set getValidValues(String property) throws PolicyException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Sets the properties of the condition.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Evaluation of <code>ConditionDecision</code> is influenced by these
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * properties.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param properties the properties of the condition that governs
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * whether a policy applies. The keys in properties should
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * be <code>String</code> objects. Value corresponding to each
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * key should be a Set of String(s). Please note that properties
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * is not cloned by the method.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws PolicyException if properties is null or empty
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void setProperties(Map properties) throws PolicyException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ( (properties == null) || properties.isEmpty() ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "properties_can_not_be_null_or_empty", null, null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "setProperties():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Get properties of this condition.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return unmodifiable <code>Map</code> view of the properties that govern
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the evaluation of the condition.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Please note that properties is not cloned before returning
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return Collections.unmodifiableMap(properties);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Gets the decision computed by this condition object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token single sign on token of the user
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param env request specific environment <code>Map</code> of key/value
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * pairs. Not used by this Condition implementation.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return the condition decision. The condition decision
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * encapsulates whether a policy applies for the request.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The condition decision would imply <code>true</code>, if
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the session properties contain at least
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * one value of the each property listed in the Condition.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Otherwise, it would imply <code>false</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Policy framework continues evaluating a <code>Policy</code> only if it
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * applies to the request as indicated by the CondtionDecision.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Otherwise, further evaluation of the policy is skipped.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SSOException if the token is invalid
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws PolicyException in unable to get the condition decision..
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public ConditionDecision getConditionDecision(SSOToken token, Map env)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean allowed = true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("SessionPropertyCondition.getConditionDecision():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "entering, ignoreValueCase= " + ignoreValueCase);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((properties != null) && !properties.isEmpty()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "getConditionDecision():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sessionValues = PolicyUtils.delimStringToSet(sessionValue,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "getConditionDecision():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (sessionValues != null) { //session, multivalued
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Iterator sessionValueIter = sessionValues.iterator();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else { //caseIgnore match
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Iterator sessionValueIter = sessionValues.iterator();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (splitSessionValue.equalsIgnoreCase(value)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (!ignoreValueCase) { //single session value, caseExact
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else { //single session value, caseIgnore match
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "getConditionDecision():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "no parameter defined, "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "defaulting allow = true ");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("SessionPropertyCondition.getConditionDecision():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns a copy of this object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return a copy of this object
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster theClone = (SessionPropertyCondition)super.clone();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //this should never happen
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Resets the value of property VALUE_CASE_INSENSITIVE in <code>properties
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * </code> Map
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set values = (Set)properties.get(VALUE_CASE_INSENSITIVE);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator iter = values.iterator(); iter.hasNext();) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (IGNORE_VALUE_CASE_FALSE_STRING.equalsIgnoreCase(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("SessionPropertyCondition.resetIgnoreValueCase():"