OpenSSOApplicationPrivilegeManager.java revision 47dd079b8470fc1b3d4bbd5c3c0c4af896acabf5
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: OpenSSOApplicationPrivilegeManager.java,v 1.16 2010/01/11 20:15:46 veiming Exp $
*
* Portions Copyrighted 2014-2015 ForgeRock AS
*/
public class OpenSSOApplicationPrivilegeManager extends
private static final String RESOURCE_PREFIX =
"/sunEntitlementService/1.0/application/default/application";
private static final String SUN_AM_REALM_RESOURCE =
"sms://*{0}/sunAMRealmService/*";
private static final String SUN_IDREPO_RESOURCE =
"sms://*{0}/sunIdentityRepositoryService/1.0/application/*";
private static final String HIDDEN_REALM_DN =
"o=sunamhiddenrealmdelegationservicepermissions,ou=services,";
private static final RegExResourceName regExComparator = new
private boolean bPolicyAdmin;
private Permission delegatables;
private Permission readables;
private Permission modifiables;
private String resourcePrefix;
private final ResourceTypeService resourceTypeService;
public OpenSSOApplicationPrivilegeManager(String realm, Subject caller, ResourceTypeService resourceTypeService)
throws EntitlementException {
super();
init();
}
}
throws EntitlementException {
for (Privilege p : privileges) {
}
}
throws EntitlementException {
throw new EntitlementException(320);
}
for (String n : applicationNames) {
if (application == null) {
}
throw new EntitlementException(322);
}
if (!isDelegatableResource(application, r)) {
}
}
}
}
} else {
throw new EntitlementException(326);
}
}
throws EntitlementException {
} else {
throw new EntitlementException(326);
}
}
private void cachePrivilege(Privilege p) {
modifiables.evaluate(p);
delegatables.evaluate(p);
}
/**
* Creates two privileges here
*/
throws EntitlementException {
try {
appPrivilege.getName());
for (SubjectImplementation i : subjects) {
}
} catch (UnsupportedEncodingException ex) {
}
return results;
}
switch (actions) {
case READ:
break;
case READ_MODIFY:
break;
case READ_MODIFY_DELEGATE:
break;
case READ_DELEGATE:
break;
}
return map;
}
}
}
}
}
throws EntitlementException {
if (p.getSubject() instanceof OrSubject) {
if (es instanceof SubjectImplementation) {
}
}
} else if (p.getSubject() instanceof SubjectImplementation) {
}
if (cond instanceof SimpleTimeCondition) {
}
return ap;
}
throws UnsupportedEncodingException {
name)));
}
return results;
}
private String createDelegationResources(
"?");
boolean first = true;
if (first) {
first = false;
} else {
}
}
}
if (!r.endsWith("*")) {
if (!r.endsWith("/")) {
r += "/";
}
r += "*";
}
if (isRegEx) {
return true;
}
} else {
return true;
}
return true;
}
}
}
}
return false;
}
throws EntitlementException {
}
return toApplicationPrivilege(privilege);
}
} else {
if (matchFilter(p, filters)) {
}
}
}
return names;
}
return true;
}
return true;
}
return true;
}
return true;
}
return true;
}
} else if (filterName.equals(
return true;
}
}
}
return false;
}
return true;
}
}
return false;
}
return (filterLong == value);
}
return (value > filterLong);
}
return (value < filterLong);
}
private void init()
throws EntitlementException {
}
private void initPrivilegeNames()
throws EntitlementException {
}
private void getSubResourceRelatedPrivileges() throws EntitlementException {
if (!bPolicyAdmin) {
}
getHiddenRealmDN());
Collections.EMPTY_SET, true, false);
delegatables.evaluate(p, true);
modifiables.evaluate(p, true);
}
}
}
}
private void getPrivileges() throws EntitlementException {
getHiddenRealmDN());
true, false);
delegatables.evaluate(p);
modifiables.evaluate(p);
}
}
}
private boolean doesSubjectMatch(
) throws EntitlementException {
return sDecision.isSatisfied();
}
private void initPermissionObjects() throws EntitlementException {
}
private void addToMap(
} else {
}
}
}
}
}
}
return results;
}
if (idx == -1) {
return Collections.EMPTY_MAP;
}
if (idx2 != -1) {
}
while (st.hasMoreTokens()) {
try {
} catch (UnsupportedEncodingException ex) {
"OpenSSOApplicationPrivilegeManager " +
".getApplicationPrivilegeResourceNames", ex);
return Collections.EMPTY_MAP;
}
}
return map;
}
private boolean isPolicyAdmin() {
if (isDsameUser()) {
return true;
}
try {
"/iPlanetAMPolicyService/*";
} catch (EntitlementException ex) {
"OpenSSOApplicationPrivilegeManager.isPolicyAdmin", ex);
return false;
}
}
private boolean isDsameUser() {
return true;
}
return false;
}
return true;
}
return true;
}
}
return false;
}
private static String getHiddenRealmDN() {
}
public boolean hasPrivilege(
Privilege p,
) throws EntitlementException {
if (isPolicyAdmin()) {
return true;
}
return permission.hasPermission(p);
}
public boolean hasPrivilege(
) throws EntitlementException {
if (isPolicyAdmin()) {
return true;
}
return permission.hasPermission(p);
}
public boolean hasPrivilege(
) throws EntitlementException {
if (isReferredApplication(app)) {
return true;
}
if (isPolicyAdmin()) {
return true;
}
} else {
if (isReferredApplication(app)) {
return false;
}
return isPolicyAdmin();
}
}
throws EntitlementException {
realm);
for (ReferredApplication a : appls) {
return true;
}
}
return false;
}
return p.getResourceNames(applicationName);
}
return p.getApplications();
}
/**
* Returns <code>true</code> if subject can create application.
*
* @param realm Realm where application is to be created.
*/
return isPolicyAdmin();
}
{
Permission p = readables;
p = modifiables;
p =delegatables;
}
return p;
}
getHiddenRealmDN());
}
static void removeAllPrivileges(
) throws EntitlementException {
}
}
private class Permission {
private boolean bPolicyAdmin;
private String resourcePrefix;
this.bPolicyAdmin = bPolicyAdmin;
this.resourcePrefix = resourcePrefix;
if (bPolicyAdmin) {
}
}
if (appNameToResourceNames.isEmpty()) {
return Collections.EMPTY_SET;
}
return results;
}
}
}
}
return privileges.keySet();
}
}
throws EntitlementException {
Application appl = ApplicationServiceHelper.get().getApplication(PrivilegeManager.superAdminSubject, realm, s);
}
return map;
}
/**
* Retrieve all the base resources associated with the passed application.
*
* @param application
* the application
* @return all base resources
*
* @throws EntitlementException
* should an error occur retrieving the base resources
*/
if (resourceType == null) {
throw new EntitlementException(EntitlementException.NO_SUCH_RESOURCE_TYPE, resourceTypeUuid, realm);
}
}
return baseResources;
}
}
}
}
}
return false;
}
if (!isSubResource(resources, t)) {
return false;
}
}
return true;
}
if (r.endsWith("/*")) {
}
return true;
}
}
return false;
}
p.getEntitlement().getActionValues();
boolean desiredAction = bPolicyAdmin;
if (!desiredAction) {
if (!desiredAction) {
break;
}
}
}
if (desiredAction) {
if (!bPolicyAdmin) {
}
}
}
}
return Collections.EMPTY_MAP;
}
}
ent.getResourceNames());
}
throws EntitlementException {
}
throws EntitlementException {
return false;
}
return false;
}
for (String r : pResources) {
return false;
}
}
return true;
}
throws EntitlementException {
return false;
}
return false;
}
for (String r : pResources) {
return false;
}
}
}
return true;
}
private boolean isSubResource(
) {
return true;
}
return true;
}
}
return false;
}
}
}