DelegationEvaluatorImpl.java revision ba07e74da87b2caf40d3397e50523632daeb4cac
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: DelegationEvaluator.java,v 1.16 2009/12/07 19:46:44 veiming Exp $
*
*/
/**
* The <code>DelegationEvaluator</code> class provides interfaces to evaluate
* access permissions for an administrator.
*/
public class DelegationEvaluatorImpl implements DelegationEvaluator {
private static AMIdentity privilegedUser;
// Provide allow permission for super admin during install
"false")).booleanValue();
static AMIdentity adminUserId;
static {
try {
"com.sun.identity.authentication.super.user");
}
} catch (Exception e) {
}
// Register for notifications
}
static {
try {
} catch (Exception e) {
}
}
/**
* Constructor of <code>DelegationEvaluator</code> to get access control
* permissions for users.
*
* @throws DelegationException for any abnormal condition
*/
public DelegationEvaluatorImpl() throws DelegationException {
if (debug.messageEnabled()) {
}
}
public boolean isAllowed(
boolean subTreeMode
) throws SSOException, DelegationException {
if (!ec.migratedToEntitlementService()) {
return false;
}
try {
return true;
}
} catch (IdRepoException ide) {
}
if (!subTreeMode) {
}
}
}
}
}
}
try {
for (Entitlement e : results) {
copiedActions.remove(i);
}
}
if (copiedActions.isEmpty()) {
return true;
}
}
return false;
} catch (EntitlementException ex) {
throw new DelegationException(ex);
}
}
/**
* Returns a boolean value indicating if a user has the specified
* permission.
* @param token sso token of the user evaluating permission
* @param permission delegation permission to be evaluated
* @param envParameters run-time environment parameters
*
* @return the result of the evaluation as a boolean value
*
* @throws SSOException if single-sign-on token invalid or expired
* @throws DelegationException for any other abnormal condition
*
*/
boolean result = false;
try {
result = true;
} else {
if (pluginInstance == null) {
if (pluginInstance == null) {
}
}
}
} catch (IdRepoException ide) {
}
}
if (debug.messageEnabled()) {
" for user:token.getPrincipal().getName() " +
" for permission " + permission);
}
return result;
}
/**
* Returns a set of permissions that a user has.
* @param token <code>SSOToken</code> of the user requesting permissions
* @param orgName The name of the realm in which a user's delegation
* permissions are evaluated.
*
* @return a <code>Set</code> of permissions that a user has
*
* @throws SSOException if single-sign-on token invalid or expired
* @throws DelegationException for any other abnormal condition
*/
throws SSOException, DelegationException {
if (pluginInstance != null) {
} else {
}
}
}