/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: PrivilegeManager.java,v 1.8 2010/01/26 20:10:15 dillidorai Exp $
*
* Portions Copyrighted 2011-2015 ForgeRock AS.
*/
/**
* Class to manage entitlement privileges: to add, remove, modify privilege
*/
/**
* Debug for Policy Administration Point classes
*/
//REF: make configurable
/**
* Returns instance of configured <code>PrivilegeManager</code>
* @param subject subject that would be used for the privilege management operations
* @return instance of configured <code>PrivilegeManager</code>
*/
if (!ec.migratedToEntitlementService()) {
throw new UnsupportedOperationException(
"Updating of DITs is required before using the entitlement service");
}
try {
.forName("com.sun.identity.entitlement.opensso.PolicyPrivilegeManager")
.asSubclass(PrivilegeManager.class);
return privilegeManager;
} catch (ClassNotFoundException e) {
}
return null;
}
/**
* Constructor.
*/
}
/**
* Initializes the object.
*
* @param realm Realm name
* @param subject subject to initilialize the privilege manager with
*/
this.adminSubject = subject;
}
/**
* Returns a privilege.
*
* @param name name for the privilege to be returned
* @param subject Subject to be used to obtain the privilege.
* @throws EntitlementException if privilege is not found or if the provided subject is not permitted to access it.
*/
/**
* Checks if a privilege with the specified name can be found.
*
* @param name name of the privilege.
* @throws com.sun.identity.entitlement.EntitlementException if search failed.
* @return true if a privilege with the specified name exists, false otherwise.
*/
}
/**
* Validates the passed policy.
*
* @param privilege
* the policy instance
*
* @throws EntitlementException
* should validator fail
*/
}
if (entitlement == null) {
}
if (application == null) {
}
}
// If no resource types have been defined then the following resource type validation is irrelevant.
return;
}
throw new EntitlementException(
}
if (resourceType == null) {
throw new EntitlementException(
}
}
/**
* Add a privilege.
*
* @param privilege privilege to add.
* @throws EntitlementException if privilege cannot be added.
*/
if (principalName != null) {
}
}
/**
* Modifies the specified policy.
*
* @param existingName
* The existing policy name
* @param privilege
* The new policy content
*
* @throws EntitlementException
* When an error occurs during modification
*/
/**
* Returns a set of privilege names for a given search criteria.
*
* @param filter Set of search filter.
* @param searchSizeLimit Search size limit.
* @param searchTimeLimit Search time limit in seconds.
* @return a set of privilege names for a given search criteria.
* @throws EntitlementException if search failed.
*/
throws EntitlementException {
}
return result;
}
/**
* Returns a set of privileges that match the given search criteria.
*
* @param filter the search filters to apply. An empty set means no filtering (returns all privileges).
* @param searchSizeLimit the maximum number of privileges to return.
* @param searchTimeLimit the maximum time limit in seconds. NOT IMPLEMENTED.
* @return the matching privileges.
* @throws EntitlementException if the search fails for any reason.
*/
throws EntitlementException {
// TODO Search time limit
// Delegation to applications is currently not configurable, passing super admin (see AME-4959)
break;
}
}
}
return results;
}
/**
* Returns a set of privileges that match the given search criteria with no size or time limits.
*
* @param filter the search filters to apply. An empty set means no filtering (returns all privileges).
* @return the matching privileges.
* @throws EntitlementException if the search fails for any reason.
*/
}
/**
* Returns a set of privilege names for a given search criteria.
*
* @param filter Set of search filter.
* @return a set of privilege names for a given search criteria.
* @throws EntitlementException if search failed.
*/
}
/**
* Finds all policies within the realm.
*
* @return list of matching policies
*
* @throws EntitlementException
* should some error occur
*/
/**
* Finds all policies within the realm and passed application.
*
* @param application
* the application
*
* @return list of matching policies
*
* @throws EntitlementException
* should some error occur
*/
public abstract List<Privilege> findAllPoliciesByApplication(String application) throws EntitlementException;
/**
* Returns realm name.
*
* @return realm name.
*/
return realm;
}
/**
* Returns the XML representation of this privilege.
*
* @param name Name of Privilege.
* @return XML representation of this privilege.
* @throws EntitlementException if privilege is not found, or cannot
* be obtained.
*/
/**
* Returns the XML representation of this privilege.
*
* @param names Name of Privileges to export as XML.
* @return XML representation of the specified privileges
* @throws EntitlementException if a specified privilege is not found, or cannot
* be obtained.
*/
return adminSubject;
}
throws EntitlementException {
if (r != null) {
resourceNames.addAll(r);
}
}
if (r != null) {
resourceNames.addAll(r);
}
}
}
}