PrivilegeManager.java revision 2eddbb614c733c5bcfea3755b1fc891bc6379d14
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: PrivilegeManager.java,v 1.8 2010/01/26 20:10:15 dillidorai Exp $
*
* Portions Copyrighted 2011-2014 ForgeRock AS
*/
/**
* Class to manage entitlement privileges: to add, remove, modify privilege
*/
/**
* Debug for Policy Administration Point classes
*/
//REF: make configurable
private Subject adminSubject;
/**
* Returns instance of configured <code>PrivilegeManager</code>
* @param subject subject that would be used for the privilege management operations
* @return instance of configured <code>PrivilegeManager</code>
*/
if (!ec.migratedToEntitlementService()) {
throw new UnsupportedOperationException(
"Updating of DITs is required before using the entitlement service");
}
try {
//RFE: read the class name from configuration
} catch (ClassNotFoundException e) {
} catch (InstantiationException e) {
} catch (IllegalAccessException e) {
}
return pm;
}
/**
* Constructor.
*/
protected PrivilegeManager() {
}
/**
* Initializes the object.
*
* @param realm Realm name
* @param subject subject to initilialize the privilege manager with
*/
this.adminSubject = subject;
}
/**
* Returns a privilege.
*
* @param name name for the privilege to be returned
* @param subject Subject to be used to obtain the privilege.
* @throws EntitlementException if privilege is not found or if the provided subject is not permitted to access it.
*/
/**
* Checks if a privilege with the specified name can be found.
*
* @param name name of the privilege.
* @throws com.sun.identity.entitlement.EntitlementException if search failed.
* @return true if a privilege with the specified name exists, false otherwise.
*/
}
throw new EntitlementException(3);
}
throw new EntitlementException(4);
}
}
/**
* Add a privilege.
*
* @param privilege privilege to add.
* @throws EntitlementException if privilege cannot be added.
*/
if (principalName != null) {
}
}
/**
* Modifies the specified policy.
*
* @param existingName
* The existing policy name
* @param privilege
* The new policy content
*
* @throws EntitlementException
* When an error occurs during modification
*/
/**
* Returns a set of privilege names for a given search criteria.
*
* @param filter Set of search filter.
* @param searchSizeLimit Search size limit.
* @param searchTimeLimit Search time limit in seconds.
* @return a set of privilege names for a given search criteria.
* @throws EntitlementException if search failed.
*/
throws EntitlementException {
}
return result;
}
/**
* Returns a set of privileges that match the given search criteria.
*
* @param filter the search filters to apply. An empty set means no filtering (returns all privileges).
* @param searchSizeLimit the maximum number of privileges to return.
* @param searchTimeLimit the maximum time limit in seconds. NOT IMPLEMENTED.
* @return the matching privileges.
* @throws EntitlementException if the search fails for any reason.
*/
throws EntitlementException {
// TODO Search time limit
// Delegation to applications is currently not configurable, passing super admin (see AME-4959)
break;
}
}
}
return results;
}
/**
* Returns a set of privileges that match the given search criteria with no size or time limits.
*
* @param filter the search filters to apply. An empty set means no filtering (returns all privileges).
* @return the matching privileges.
* @throws EntitlementException if the search fails for any reason.
*/
}
/**
* Returns a set of privilege names for a given search criteria.
*
* @param filter Set of search filter.
* @return a set of privilege names for a given search criteria.
* @throws EntitlementException if search failed.
*/
}
/**
* Returns realm name.
*
* @return realm name.
*/
return realm;
}
/**
* Returns the XML representation of this privilege.
*
* @param name Name of Privilege.
* @return XML representation of this privilege.
* @throws EntitlementException if privilege is not found, or cannot
* be obtained.
*/
/**
* Returns the XML representation of this privilege.
*
* @param names Name of Privileges to export as XML.
* @return XML representation of the specified privileges
* @throws EntitlementException if a specified privilege is not found, or cannot
* be obtained.
*/
protected Subject getAdminSubject() {
return adminSubject;
}
throws EntitlementException {
if (r != null) {
resourceNames.addAll(r);
}
}
if (r != null) {
resourceNames.addAll(r);
}
}
}
}