PrivilegeEvaluator.java revision 47dd079b8470fc1b3d4bbd5c3c0c4af896acabf5
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: PrivilegeEvaluator.java,v 1.2 2009/10/07 06:36:40 veiming Exp $
*
* Portions Copyrighted 2010-2015 ForgeRock AS.
*/
/**
* This class evaluates entitlements of a subject for a given resource
* and a environment parameters.
*/
class PrivilegeEvaluator {
private Subject adminSubject;
private String applicationName;
private String normalisedResourceName;
private String requestedResourceName;
private ResourceSearchIndexes indexes;
private Application application;
private EntitlementCombiner entitlementCombiner;
private boolean recursive;
private EntitlementException eException;
// Static variables
// TODO determine number of tasks per thread
private static final int TASKS_PER_THREAD = 5;
private static final IThreadPool threadPool;
private static final boolean isMultiThreaded;
static {
try {
} catch (NumberFormatException e) {
"PrivilegeEvaluator.<init>: get evaluation thread pool size",
e);
}
}
threadPool = isMultiThreaded ? new EntitlementThreadPool(evalThreadSize) : new SequentialThreadPool();
}
/**
* Initializes the evaluator.
*
* @param adminSubject Administrator subject which is used fo evaluation.
* @param subject Subject to be evaluated.
* @param realm Realm Name
* @param applicationName Application Name.
* @param normalisedResourceName The normalised resource name.
* @param requestedResourceName The requested resource name.
* @param actions Action names.
* @param envParameters Environment parameters.
* @param recursive <code>true</code> for sub tree evaluation
* @throws com.sun.identity.entitlement.EntitlementException if
* initialization fails.
*/
private void init(
boolean recursive
) throws EntitlementException {
this.adminSubject = adminSubject;
this.applicationName = applicationName;
this.envParameters = envParameters;
}
this.actionNames, recursive);
}
}
}
return "";
}
}
/**
* Returrns <code>true</code> if the subject has privilege to have the
* given entitlement.
*
* @param adminSubject Administrator subject which is used for evaluation.
* @param subject Subject to be evaluated.
* @param applicationName Application Name.
* @param entitlement Entitlement to be evaluated.
* @param envParameters Environment parameters.
* @return <code>true</code> if the subject has privilege to have the
* given entitlement.
* @throws com.sun.identity.entitlement.EntitlementException if
* evaluation fails.
*/
public boolean hasEntitlement(
) throws EntitlementException {
// TODO, use policy decision combining algorithm
// Default is deny overrides
if ((b == null) || !b.booleanValue()) {
return false;
}
}
return true;
}
/**
* Returns list of entitlements which is entitled to a subject.
*
* @param adminSubject Administrator subject which is used for evaluation.
* @param subject Subject to be evaluated.
* @param applicationName Application Name.
* @param normalisedResourceName The normalised resource name.
* @param requestedResourceName The requested resource name.
* @param envParameters Environment parameters.
* @param recursive <code>true</code> for sub tree evaluation.
* @return <code>true</code> if the subject has privilege to have the
* given entitlement.
* @throws com.sun.identity.entitlement.EntitlementException if
* evaluation fails.
*/
boolean recursive
) throws EntitlementException {
}
/**
* Responsible for the core evaluation of policies associated with the request resource.
*
* @param realm
* the evaluation realm
*
* @return a list of applicable entitlements
*
* @throws EntitlementException
*/
// Search for relevant policies.
final Iterator<IPrivilege> policyIterator = indexStore.search(realm, indexes, subjectIndexes, recursive);
int totalCount = 0;
// First collect policies to be evaluated locally.
if (policy instanceof ReferralPrivilege) {
// We want to ignore referrals - deprecated.
continue;
}
if (debug.messageEnabled()) {
}
totalCount++;
}
// Define an evaluation context.
final PrivilegeEvaluatorContext context =
// Submit additional policies to be executed by worker threads.
boolean tasksSubmitted = false;
while (policyIterator.hasNext()) {
tasksSubmitted = true;
if (policy instanceof ReferralPrivilege) {
// We want to ignore referrals - deprecated.
continue;
}
if (debug.messageEnabled()) {
}
totalCount++;
threadBatch.clear();
}
}
if (!threadBatch.isEmpty()) {
// Submit any remaining policies.
}
// Submit the local policies.
// Wait for submitted threads to complete evaluation.
if (tasksSubmitted) {
if (isMultiThreaded) {
} else {
boolean isDone = false;
}
}
} else if (eException == null) {
boolean isDone = false;
}
}
if (eException != null) {
// Throw caught exception.
throw eException;
}
return entitlementCombiner.getResults();
}
private void receiveEvalResults(int totalCount) {
int counter = 0;
try {
hasResults.await();
}
counter++;
}
}
} catch (InterruptedException ex) {
} finally {
}
}
private Application getApplication()
throws EntitlementException {
if (application == null) {
// If application is still null, throw an exception
if (application == null) {
}
}
return application;
}
class PrivilegeTask implements Runnable {
final PrivilegeEvaluator parent;
private final boolean isThreaded;
private final PrivilegeEvaluatorContext ctx;
this.privileges = privileges;
this.isThreaded = isThreaded;
}
public void run() {
try {
if (entitlements != null) {
if (isThreaded) {
try {
} finally {
}
} else {
}
}
}
} catch (EntitlementException ex) {
if (isThreaded) {
try {
} finally {
}
} else {
}
}
}
}
}