PolicyGraph.java revision 16682c615640da7d54591f86528a5eb562e0ab97
/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2015 ForgeRock AS.
*/
/**
* Graph representation of the policy engine policies that represent all UMA policies for a single
* resource set.
* <p>
* Clients should construct the object with the Resource representation of the policies, then
* call the {@link #computeGraph()} method before using the other public methods.
*/
/**
* @see JsonPolicy
*/
private final String resourceOwner;
private final ResourceSetDescription resourceSet;
/**
* Construct a new instance to evaluate and update the graph of rights within the policy engine.
* @param resourceSet The resource set being evaluated.
*/
this.resourceSet = resourceSet;
this.policyRights = new HashMap<>();
}
synchronized (policyRights) {
}
}
synchronized (policyScopes) {
}
return true;
}
/**
* Computes the graph of rights contained within the policy engine policies.
*/
public void computeGraph() {
throw new IllegalStateException("Policies not fully loaded");
}
rights = findRights();
invalidUsers = new HashSet<>();
if (!grantedRights.equals(resharedRights) || !Sets.intersection(disabledRights, grantedRights).isEmpty()) {
}
}
}
/**
* Update the policy engine's policies so that they correctly reflect the state of the
* rights graph. Any users for whom the current policies are invalid (incorrectly
* either active or inactive based on entitlements) will be iterated over, moving scopes
* to the appropriate state based on that updated entitlement.
* @param context The current context, for updates being made.
* @param policyResourceDelegate The delegate to use for updating the policy engine.
* @return A promise for all the updates made.
*/
checkState();
try {
user);
}
}
} catch (BadRequestException e) {
return e.asPromise();
}
}
if (!createdPolicies.isEmpty()) {
}
if (!updatedPolicies.isEmpty()) {
}
}
/**
* @param moveFrom A map of policy owners to policies the scope is incorrectly currently in.
* @param moveTo A map of policy owner to existing policies the scope might be moved to.
* @param context The context for passing to the policy resource delegate.
* @param policyResourceDelegate To be used for deleting any policies that are emptied of scopes (actions).
* @param allMovingRights All the scopes that need switching state.
* @param createdPolicies Policies that are being created by this update.
* @param updatedPolicies Policies that are being updated by this update.
* @param scope The current scope being operated on.
* @param newPolicyActive Whether the scope is being moved to active state.
* @param promises Promises for all policy updates.
* @param user The user for whom we are switching scope state.
* @throws BadRequestException If the UmaPolicy cannot be created for new policy.
*/
private void moveScope(Map<String, JsonValue> moveFrom, Map<String, JsonValue> moveTo, Context context,
PolicyResourceDelegate policyResourceDelegate, Set<String> allMovingRights, Set<JsonValue> createdPolicies,
throws BadRequestException {
if (policyToMoveToAlreadyExists) {
// If this policy is being created already, no need to update.
}
} else {
// Create a new policy to move to
))
}
// No scopes left in the policy, so it can be removed.
promises.add(policyResourceDelegate.deletePolicies(context, singleton(policy.get("_id").asString())));
} else {
}
}
}
}
/**
* Get the validity state of the policy rights graph.
* @throws IllegalStateException If {@link #computeGraph()} has not yet been called.
* @return {@code true} if the policies correctly represent the rights graph, or {@code false} if updates
* are needed for that to be the case.
*/
public boolean isValid() {
checkState();
return invalidUsers.isEmpty();
}
private void checkState() {
if (invalidUsers == null) {
throw new IllegalStateException("Graph has not been computed");
}
}
}
}
return rights;
}
}
return;
}
}
}
}
public void handleException(ResourceException e) {
complete = false;
}
complete = true;
}
private static class PolicyEdge extends DefaultEdge {
}
return owner;
}
return subject;
}
return actions;
}
}
return obj instanceof PolicyEdge
}
public int hashCode() {
}
}
private class PolicyScopes {
}
} else {
}
} else {
}
}
}
}
}
}