SessionPropertyWhitelist.java revision 3b9ac290688291dc5c5db6bd0a88107aff80ea4d
/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2015 ForgeRock AS.
*/
/**
* SessionPropertyWhitelist service that caches on a per-realm basis, and has listeners to
* update cached map if config changes.
**/
public class SessionPropertyWhitelist {
/**
* The name of the service implemented.
*/
/**
* The version of the service implemented.
*/
private ServiceConfigManager serviceConfigManager;
/**
* Constructor (called by Guice), registers a listener for this class against all
* SessionPropertyWhitelist changes.
*/
public SessionPropertyWhitelist() {
try {
} catch (SMSException | SSOException e) {
if (LOGGER.errorEnabled()) {
}
}
}
/**
* Get the properties listed for the provided realm, using the caller token to check
* they have permission to see this result.
*
* @param caller The token responsible for calling this method.
* @param realm The realm in which this operation is taking place.
* @return The set of allowed listed properties.
*/
try {
} catch (SessionException e) {
}
}
return allowed;
}
/**
* Returns true if the user is an administrator, or if it has delegated permissions to perform this
* request.
*
* @param token SSOToken performing the request.
* @param realm in which the request is taking place.
*/
throws DelegationException, SSOException {
return new DelegationEvaluatorImpl().isAllowed(token, dp, Collections.<String, Set<String>>emptyMap());
}
/**
* Whether or not the property is listed in the whitelist. If the caller has permission to see a protected
* property they will, otherwise protected properties are removed from the returned set before being returned.
*
* @param caller The user checking their permission.
* @param realm The realm in which this request is occurring.
* @param propertyNames The names they wish for a response to.
* @return true if all requested properties are whitelisted.
*/
throws DelegationException, SSOException {
try {
} catch (SessionException e) {
return false;
}
}
}
}
try {
} catch (SSOException | SMSException e) {
LOGGER.error("Unable to load ServiceConfigManager for SessionPropertyWhitelist in realm {}", realm, e);
return Collections.emptySet();
}
}
}
/**
* Our service config change listener.
*/
private final class SessionPropertyWhitelistListener implements ServiceListener {
/**
* No-op for this impl.
*/
//This section intentionally left blank
}
/**
* No-op for this impl.
*/
//This section intentionally left blank
}
public void organizationConfigChanged(String serviceName, String version, String orgName, String groupName,
try {
}
} catch (SSOException | SMSException e) {
orgName, e);
}
}
}
}