Privilege.java revision 78d425f83177385e7e1dc33cca56dcd6b1f116bf
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: Privilege.java,v 1.14 2010/01/08 22:20:47 veiming Exp $
*/
/*
* Portions Copyrighted 2010-2014 ForgeRock, AS.
*/
/**
* Class representing entitlement privilege
*/
public abstract class Privilege implements IPrivilege {
/**
* The system property defining the default Privilege sub-class to use when constructing new privilege instances.
*/
public static final String PRIVILEGE_CLASS_PROPERTY = "com.sun.identity.entitlement.default.privilege.class";
/**
* Default privilege concrete class to use. We use the name rather than the class here so that we can perform
* lazy initialisation (the OpenSSOPrivilege does a lot of stuff in static initialisers).
*/
private static final String DEFAULT_PRIVILEGE_CLASS = "com.sun.identity.entitlement.opensso.OpenSSOPrivilege";
/**
* application index key
*/
/**
* Created by index key
*/
/**
* Last modified by index key
*/
/**
* Creation date index key
*/
/**
* Last modified date index key
*/
public static final String LAST_MODIFIED_DATE_ATTRIBUTE =
"lastmodifieddate";
/**
* Name search attribute name,
*/
/**
* Macro used in resource name
*/
/**
* Macro used in condition
*/
/**
* Privilege description search attribute name,
*/
private boolean active = true;
private String description;
private Entitlement entitlement;
private EntitlementSubject eSubject;
private EntitlementCondition eCondition;
private String lastModifiedBy;
private long creationDate;
private long lastModifiedDate;
static {
String privilegeClassName = SystemPropertiesManager.get(PRIVILEGE_CLASS_PROPERTY, DEFAULT_PRIVILEGE_CLASS);
try {
} catch (ClassNotFoundException ex) {
}
}
/**
* Returns entitlement privilege.
*
* @return entitlement privilege.
* @throws EntitlementException if entitlementPrivilege cannot be returned.
*/
if (privilegeClass == null) {
throw new EntitlementException(2);
}
try {
return privilegeClass.newInstance();
} catch (InstantiationException ex) {
} catch (IllegalAccessException ex) {
}
}
public Privilege() {
}
) throws EntitlementException {
}
/**
* Sets entitlement subject.
*
* @param eSubject Entitlement subject
* @throws EntitlementException if subject is null.
*/
throws EntitlementException {
}
throws EntitlementException {
sbj = NOT_SUBJECT;
} else if (!sbj.isIdentity()) {
}
}
/**
* Returns the name of the privilege.
*
* @return name of the privilege.
*/
return name;
}
/**
* Returns the description of the privilege.
*
* @return description of the privilege.
*/
public String getDescription() {
return description;
}
/**
* Sets the description of the privilege.
*
* @param description Description of the privilege.
*/
this.description = description;
}
/**
* Returns the eSubject the privilege
* @return eSubject of the privilege.
*/
public EntitlementSubject getSubject() {
return eSubject;
}
/**
* Returns the eCondition the privilege
* @return eCondition of the privilege.
*/
public EntitlementCondition getCondition() {
return eCondition;
}
/**
* Returns the eResurceAttributes of the privilege
* @return eResourceAttributes of the privilege.
*/
return eResourceAttributes;
}
/**
* Returns entitlement defined in the privilege
* @return entitlement defined in the privilege
*/
public Entitlement getEntitlement() {
return entitlement;
}
/**
* Returns privilege Type.
* @see PrivilegeType
*
* @return privilege Type.
*/
public PrivilegeType getType() {
return PrivilegeType.UNKNOWN;
}
/**
* Returns a list of entitlement for a given subject, resource name
* and environment.
*
* @param adminSubject Admin Subject
* @param realm Realm Name
* @param subject Subject who is under evaluation.
* @param applicationName Application name.
* @param normalisedResourceName The normalised resource name.
* @param requestedResourceName The requested resource name.
* @param actionNames Set of action names.
* @param environment Environment parameters.
* @param recursive <code>true</code> to perform evaluation on sub resources
* from the given resource name.
* @return a list of entitlement for a given subject, resource name
* and environment.
* @throws EntitlementException if the result cannot be determined.
*/
boolean recursive,
/**
* Returns string representation of the object
* @return string representation of the object
*/
try {
} catch (JSONException joe) {
}
return s;
}
if (description != null) {
}
if (entitlement != null) {
}
}
if (eCondition != null) {
}
for (ResourceAttribute r : eResourceAttributes) {
}
}
return jo;
}
/**
* Returns JSONObject mapping of the object
* @return JSONObject mapping of the object
* @throws JSONException if can not map to JSONObject
*/
if (description != null) {
}
}
if (lastModifiedBy != null) {
}
return jo;
}
try {
"creationDate");
"lastModifiedDate");
}
return privilege;
} catch (InstantiationException ex) {
} catch (IllegalAccessException ex) {
} catch (ClassNotFoundException ex) {
} catch (JSONException ex) {
}
return null;
}
throws JSONException{
return null;
}
try {
} catch (InstantiationException ex) {
"Privilege.getResourceAttributes", ex);
} catch (IllegalAccessException ex) {
"Privilege.getResourceAttributes", ex);
} catch (ClassNotFoundException ex) {
"Privilege.getResourceAttributes", ex);
}
}
return results;
}
throws JSONException {
return new NoSubject();
}
try {
clazz.newInstance();
return eSubject;
} catch (InstantiationException ex) {
} catch (IllegalAccessException ex) {
} catch (ClassNotFoundException ex) {
}
return null;
}
throws JSONException {
return null;
}
try {
clazz.newInstance();
// Caching moved to #doesConditionMatch(..) method
return eCondition;
} catch (InstantiationException ex) {
} catch (IllegalAccessException ex) {
} catch (ClassNotFoundException ex) {
}
return null;
}
/**
* Returns <code>true</code> if the passed in object is equal to this object
* @param obj object to check for equality
* @return <code>true</code> if the passed in object is equal to this object
*/
boolean equalled = true;
return false;
}
return false;
}
return false;
}
} else { // name not null
return false;
return false;
}
}
return false;
}
if (entitlement == null) {
return false;
}
} else { // name not null
return false;
return false;
}
}
return false;
}
} else { // name not null
return false;
return false;
}
}
if (eResourceAttributes == null) {
return false;
}
} else { // name not null
return false;
} else if (!eResourceAttributes.equals(
object.getResourceAttributes())) {
return false;
}
}
if (eCondition == null) {
return false;
}
} else { // name not null
return false;
return false;
}
}
return equalled;
}
/**
* Returns hash code of the object
* @return hash code of the object
*/
public int hashCode() {
int code = 0;
}
if (entitlement != null) {
}
}
if (eCondition != null) {
}
if (eResourceAttributes != null) {
}
return code;
}
protected boolean doesSubjectMatch(
) throws EntitlementException {
boolean result = true;
if (getSubject() != null) {
if (!sDecision.isSatisfied()) {
}
result = false;
}
}
if (result) {
"[PolicyEval] Privilege.doesSubjectMatch: true", null);
} else {
"[PolicyEval] Privilege.doesSubjectMatch: false", null);
}
}
return result;
}
protected boolean doesConditionMatch(
) throws EntitlementException {
boolean result = true;
if (eCondition != null) {
}
}
if (result) {
"[PolicyEval] Privilege.doesConditionMatch: true", null);
} else {
"[PolicyEval] Privilege.doesConditionMatch: false", null);
}
}
return result;
}
/**
* Returns creation date.
*
* @return creation date.
*/
public long getCreationDate() {
return creationDate;
}
/**
* Sets the creation date.
*
* @param creationDate creation date.
*/
public void setCreationDate(long creationDate) {
this.creationDate = creationDate;
}
/**
* Returns last modified date.
*
* @return last modified date.
*/
public long getLastModifiedDate() {
return lastModifiedDate;
}
/**
* Sets the last modified date.
*
* @param lastModifiedDate last modified date.
*/
public void setLastModifiedDate(long lastModifiedDate) {
this.lastModifiedDate = lastModifiedDate;
}
/**
* Returns the user ID who last modified the policy.
*
* @return user ID who last modified the policy.
*/
public String getLastModifiedBy() {
return lastModifiedBy;
}
/**
* Sets the user ID who last modified the policy.
*
* @param lastModifiedBy user ID who last modified the policy.
*/
this.lastModifiedBy = lastModifiedBy;
}
/**
* Returns the user ID who created the policy.
*
* @return user ID who created the policy.
*/
public String getCreatedBy() {
return createdBy;
}
/**
* Sets the user ID who created the policy.
*
* @param createdBy user ID who created the policy.
*/
}
/**
* Canonicalizes resource name before persistence.
*
* @param adminSubject Admin Subject.
* @param realm Realm Name
*/
throws EntitlementException {
}
/**
* Returns resource save indexes.
*
* @param adminSubject Admin Subject.
* @param realm Realm Name
* @return resource save indexes.
*/
}
/**
* Sets name.
*
* @param name Name of privilege.
* @throws EntitlementException if name is null or empty.
*/
throw new EntitlementException(3);
}
}
/**
* Sets entitlement.
*
* @param entitlement Entitlement.
* @throws EntitlementException if entitlement is null.
*/
throws EntitlementException {
if (entitlement == null) {
}
this.entitlement = entitlement;
}
/**
* Sets condition.
*
* @param condition Condition.
*/
this.eCondition = condition;
}
/**
* Sets resource attributes.
*
* @param set Set of resource attribute.
*/
this.eResourceAttributes = null;
} else {
}
}
) throws EntitlementException {
for (ResourceAttribute e : eResourceAttributes) {
if (v == null) {
}
}
}
}
return result;
}
/**
* Returns <code>true</code> if this privilege is active.
*
* @return <code>true</code> if this privilege is active.
*/
public boolean isActive() {
return active;
}
/**
*
* @param active <code>true</code> if this privilege is to be active.
*/
}
throws EntitlementException {
throw new EntitlementException(9);
}
try {
} catch (JSONException ex) {
throw new EntitlementException(11);
}
}
throws EntitlementException {
if (privilegeClass == null) {
throw new EntitlementException(2);
}
try {
throw new EntitlementException(3);
}
}
// Validate the privilege condition when creating a new instance
}
return privilege;
} catch (InstantiationException ex) {
} catch (IllegalAccessException ex) {
} catch (JSONException ex) {
}
}
}
}
}