/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: AMIdentitySubject.java,v 1.3 2008/06/25 05:43:50 qcheng Exp $
*
*/
/*
* Portions Copyright 2011-2014 ForgeRock AS
*/
/**
* This class represents an Identity to be used in the entitlements policy engine
*/
public IdentitySubject() {
}
/**
* {@inheritDoc}
*/
try {
}
} catch (JSONException e) {
}
}
/**
* {@inheritDoc}
*/
}
/**
* {@inheritDoc}
*/
return map;
}
/**
* {@inheritDoc}
*/
return Collections.emptySet();
}
/**
* {@inheritDoc}
*/
public SubjectDecision evaluate(String realm, SubjectAttributesManager mgr, Subject subject, String resourceName,
if (tokenIDObject != null) {
}
}
if (debug.warningEnabled()) {
+ "tokenID is null");
+ "returning false");
}
} else {
try {
} catch (SSOException e) {
throw new EntitlementException(508, e);
}
}
if (debug.warningEnabled()) {
+ "userDN is null");
+ "returning false");
}
}
}
boolean listenerAdded = false;
boolean subjectMatch = false;
if (debug.messageEnabled()) {
+ "entering with userDN = " + userDN);
}
/* Actually this is universal id of AMIdentity object
*
*/
if (debug.messageEnabled()) {
+ "checking membership with userDN = " + userDN
+ ", subjectValue = " + subjectValue);
}
if (debug.messageEnabled()) {
+ "got membership from SubjectEvaluationCache "
+ " for userDN = " + userDN
+ ", subjectValue = " + subjectValue
}
if (result) {
if (debug.messageEnabled()) {
+ " returning membership status = "
+ result);
}
} else {
continue;
}
}
// got here so entry not in subject evalauation cache
if (debug.messageEnabled()) {
+ subjectValue + " not in subject evaluation "
+ "cache, so compute using IDRepo api");
}
try {
if (subjectIdentity == null) {
if (debug.messageEnabled()) {
+ "subjectIdentity is null for "
+ "subjectValue = " + subjectValue);
+ "returning false");
}
}
if (userIdentity == null) {
if (debug.messageEnabled()) {
+ "userIdentity is null");
+ "returning false");
}
}
if (debug.messageEnabled()) {
+ "user uuid = "
+ ", subject uuid = "
}
if (debug.messageEnabled()) {
+ "userIdentity equals subjectIdentity:"
+ "membership=true");
}
subjectMatch = true;
} else if (
if (debug.messageEnabled()) {
+ "userIdentity type " + userIdType +
" can be a member of "
+ "subjectIdentityType " + subjectIdType
+ ":membership=" + subjectMatch);
}
} else {
subjectMatch = false;
if (debug.messageEnabled()) {
+ "userIdentity type " + userIdType +
" can not be a member of "
+ "subjectIdentityType " + subjectIdType
+ ":membership=" + subjectMatch);
}
}
if (debug.messageEnabled()) {
+ "entry in SubjectEvaluationCache for "
+ ", for userDN = " + userDN
+ ", subjectValue = " + subjectValue
+ ", subjectMatch = " + subjectMatch);
}
if (!listenerAdded) {
tokenID)) {
if (debug.messageEnabled()) {
+ " sso listener added ");
}
listenerAdded = true;
}
}
if (subjectMatch) {
break;
}
} catch (IdRepoException ire) {
+ "can not check membership for user "
+ userDN + ", subject "
+ subjectValue, ire);
} catch (SSOException e) {
throw new EntitlementException(508, e);
}
}
}
if (debug.messageEnabled()) {
if (!subjectMatch) {
+ " is not a member of this subject");
} else {
+ " is a member of this subject");
}
}
}
/**
* {@inheritDoc}
*/
public boolean isIdentity() {
return true;
}
return subjectValues;
}
this.subjectValues = subjectValues;
}
}