EntitlementService.java revision 5819e70cd33d98751fbe907e0a358c3269159185
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: EntitlementService.java,v 1.13 2010/01/08 23:59:32 veiming Exp $
*
* Portions Copyrighted 2011-2016 ForgeRock AS.
*/
/**
*
*/
public class EntitlementService implements EntitlementConfiguration {
/**
* Entitlement Service name.
*/
private static final String SCHEMA_OPENSSO_SUBJECT_ATTRIBUTES_COLLECTOR = "OpenSSOSubjectAttributesCollector";
private static final String REALM_DN_TEMPLATE = "ou={0},ou=default,ou=OrganizationConfig,ou=1.0,ou="
+ SERVICE_NAME + ",ou=services,{1}";
/**
* Construct a new instance of {@link EntitlementService}.
*
* @param subject the calling subject
* @param realm the realm
*/
}
/**
* Returns set of attribute values of a given attribute name,
*
* @param attrName attribute name.
* @return set of attribute values of a given attribute name,
*/
}
return defaultValue;
}
try {
} catch (NumberFormatException e) {
"EntitlementService.getConfiguration: attribute name=" +
attrName, e);
return defaultValue;
}
}
) {
try {
attrName);
return as.getDefaultValues();
}
} else {
"EntitlementService.getAttributeValues: " +
"admin token is missing");
}
} catch (SMSException ex) {
"EntitlementService.getAttributeValues", ex);
} catch (SSOException ex) {
"EntitlementService.getAttributeValues", ex);
}
return Collections.EMPTY_SET;
}
try {
attrName);
}
} else {
"EntitlementService.getAttributeValues: " +
"admin token is missing");
}
} catch (SMSException ex) {
"EntitlementService.setAttributeValues", ex);
} catch (SSOException ex) {
"EntitlementService.setAttributeValues", ex);
}
}
/**
* Returns a set of registered application type.
*
* @return A set of registered application type.
*/
try {
"EntitlementService.getApplicationTypes : "+
"admin sso token is absent");
} else {
token);
}
}
} catch (InstantiationException ex) {
"EntitlementService.getApplicationTypes", ex);
} catch (IllegalAccessException ex) {
"EntitlementService.getApplicationTypes", ex);
} catch (SMSException ex) {
"EntitlementService.getApplicationTypes", ex);
} catch (SSOException ex) {
"EntitlementService.getApplicationTypes", ex);
}
return results;
}
throws SMSException, SSOException {
if (globalConfig != null) {
}
return null;
}
}
return set;
}
private SSOToken getSSOToken() {
}
throws EntitlementException {
return applications;
}
try {
@SuppressWarnings("unchecked")
}
}
throw new EntitlementException(APPLICATION_SEARCH_FAILED, e);
} catch (UnsupportedOperationException e) {
throw new EntitlementException(INVALID_QUERY_FILTER, e);
}
return applications;
}
return EntitlementUtils.getAdminToken();
}
}
}
try {
}
} catch (EntitlementException ex) {
} catch (ClassCastException ex) {
} catch (InstantiationException ex) {
} catch (IllegalAccessException ex) {
} catch (SMSException ex) {
} catch (SSOException ex) {
}
return null;
}
/**
* Returns a set of registered applications.
*
* @return a set of registered applications.
*/
try {
}
}
} catch (EntitlementException ex) {
} catch (ClassCastException ex) {
} catch (InstantiationException ex) {
} catch (IllegalAccessException ex) {
} catch (SMSException ex) {
} catch (SSOException ex) {
}
return results;
}
/**
* Get the service config for registered applications.
* @param token The admin token for access to the Service Config.
* @param realm The realm from which to retrieve the service config.
* @return The application Service Config.
*/
try {
realm = "/";
}
// TODO. Since applications for the hidden realms have to be
// the same as root realm mainly for delegation without any
// referrals, the hack is to use root realm for hidden realm.
}
} else {
PolicyConstants.DEBUG.error("EntitlementService.getApplicationConfiguration, admin token is missing");
}
} catch (ClassCastException ex) {
} catch (SMSException ex) {
} catch (SSOException ex) {
}
return null;
}
}
/**
* Returns subject attribute names.
*
* @param applicationName Application name.
* @param names subject attribute names.
* @throws EntitlementException if subject attribute names cannot be
* returned.
*/
public void addSubjectAttributeNames(
) throws EntitlementException {
return;
}
try {
throw new EntitlementException(225);
}
Application appl = getApplicationService(SUPER_ADMIN_SUBJECT, realm).getApplication(applicationName);
}
if (parentRealm == null) {
break;
}
}
}
}
} catch (SMSException ex) {
} catch (SSOException ex) {
}
}
private ServiceConfig getApplicationSubConfig(
) throws SMSException, SSOException {
token);
}
}
return applConf;
}
/**
* Removes application.
*
* @param name name of application to be removed.
* @throws EntitlementException if application cannot be removed.
*/
throws EntitlementException
{
try {
"SUCCEEDED_REMOVE_APPLICATION", logParams,
subject);
}
} catch (SMSException ex) {
} catch (SSOException ex) {
}
}
/**
* Removes application type.
*
* @param name name of application type to be removed.
* @throws EntitlementException if application type cannot be removed.
*/
throws EntitlementException{
try {
}
}
} catch (SMSException ex) {
} catch (SSOException ex) {
}
}
throws SMSException, SSOException {
token);
}
return null;
}
throws SMSException, SSOException {
token);
}
}
return sc;
}
/**
* Stores the application to data store.
*
* @param appl Application object.
* @throws EntitlementException if application cannot be stored.
*/
throws EntitlementException {
try {
s.save();
params);
} catch (SMSException ex) {
} catch (SSOException ex) {
}
}
}
/**
* Stores the application type to data store.
*
* @param applicationType Application type object.
* @throws EntitlementException if application type cannot be stored.
*/
throws EntitlementException {
try {
}
} else {
}
}
} catch (SMSException ex) {
} catch (SSOException ex) {
}
}
return data;
}
} else {
}
for (String c : conditions) {
}
} else {
}
}
} else {
}
}
if (searchIndex != null) {
}
}
for (String s : sbjAttributes) {
}
} else {
}
}
}
}
return map;
}
/**
* Returns subject attribute names.
*
* @param application Application name.
* @return subject attribute names.
*/
try {
return app.getAttributeNames();
}
} catch (EntitlementException ex) {
"EntitlementService.getSubjectAttributeNames", ex);
}
return Collections.EMPTY_SET;
}
/**
* Returns subject attributes collector configuration.
*
* @param name subject attributes collector name
* @return subject attributes collector configuration.
* @throws EntitlementException if subject attributes collector
* configuration cannot be returned.
*/
throws EntitlementException {
try {
}
// copy from parent sub config
if (porgConfig != null) {
if (psubConfig != null) {
}
}
}
}
attrs);
}
return subConfig.getAttributes();
}
} else {
"EntitlementService.getSubjectAttributesCollectorConfiguration:"
+ "admin sso token is absent");
}
} catch (SMSException ex) {
"EntitlementService.getSubjectAttributesCollectorConfiguration",
ex);
} catch (SSOException ex) {
"EntitlementService.getSubjectAttributesCollectorConfiguration",
ex);
}
return null;
}
/**
* Sets subject attributes collector configuration.
*
* @param name subject attributes collector name
* @param attrMap subject attributes collector configuration map.
* @throws EntitlementException if subject attributes collector
* configuration cannot be set.
*/
public void setSubjectAttributesCollectorConfiguration(
throws EntitlementException {
try {
}
attrMap);
} else {
}
}
} else {
"EntitlementService.setSubjectAttributesCollectorConfiguration:"
+ "admin sso token is absent");
}
} catch (SMSException ex) {
"EntitlementService.setSubjectAttributesCollectorConfiguration",
ex);
} catch (SSOException ex) {
"EntitlementService.setSubjectAttributesCollectorConfiguration",
ex);
}
}
/**
* Returns <code>true</code> if OpenAM policy data is migrated to a
* form that entitlements service can operates on them.
*
* @return <code>true</code> if OpenAM policy data is migrated to a
* form that entitlements service can operates on them.
*/
public boolean hasEntitlementDITs() {
try {
return true;
} catch (SMSException ex) {
return false;
} catch (SSOException ex) {
return false;
}
}
/**
* Returns <code>true</code> if the system stores privileges in
* XACML format and supports exporting privileges in XACML format
*
*
* @return <code>true</code> if the system stores privileges in
* XACML format and supports exporting privileges in XACML format
*/
public boolean xacmlPrivilegeEnabled() {
if (!hasEntitlementDITs()) {
return false;
}
&& !xacmlEnabledSet.isEmpty()) ?
: false;
}
public boolean networkMonitorEnabled() {
if (!hasEntitlementDITs()) {
return false;
}
}
public void setNetworkMonitorEnabled(boolean enabled) {
}
public void reindexApplications() {
for (Application a : appls) {
try {
} catch (EntitlementException ex) {
//ignore
}
}
}
return null;
}
if (idx == -1) {
return null;
}
}
/**
* Whether the overall monitoring framework is enabled and running.
*
* @return true if monitoring is enabled, false otherwise.
*/
public boolean isMonitoringRunning() {
return MonitoringUtil.isRunning();
}
public int getPolicyWindowSize() {
return MonitoringUtil.getPolicyWindowSize();
}
}