8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: PolicySubject.java,v 1.1 2009/08/19 05:40:36 veiming Exp $
0fb4093da08d574d3d1b661d4425dfbac8e02aabJames Phillpotts * Portions Copyrighted 2014-2015 ForgeRock AS.
0fb4093da08d574d3d1b661d4425dfbac8e02aabJames Phillpottsimport com.fasterxml.jackson.annotation.JsonIgnore;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.entitlement.EntitlementException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.entitlement.EntitlementSubject;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.entitlement.SubjectAttributesCollector;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.entitlement.SubjectAttributesManager;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.entitlement.SubjectDecision;
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Maddenimport com.sun.identity.policy.interfaces.Subject;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.security.AdminTokenAction;
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrestimport org.forgerock.openam.entitlement.PolicyConstants;
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee * This subject wraps all OpenAM policy subjects.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpublic class PolicySubject implements EntitlementSubject {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Constructor.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param name Name of condition.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param className Implementation class name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param values Values of this subject.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param exclusive <code>true</code> to be exclusive.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns class name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return class name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns values.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return values.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns <code>true</code> if this is an exclusive subject.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>true</code> if this is an exclusive subject.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Sets states
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param state State.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster this.values = getValues((JSONArray)jo.opt("values"));
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest PolicyConstants.DEBUG.error("PolicySubject.setState", ex);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns state of this subject.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return state of this subject.
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest PolicyConstants.DEBUG.error("PolicySubject.getState", ex);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns search index attributes.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return search index attributes.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public Map<String, Set<String>> getSearchIndexAttributes() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map<String, Set<String>> map = new HashMap<String, Set<String>>(4);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster set.add(SubjectAttributesCollector.ATTR_NAME_ALL_ENTITIES);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster map.put(SubjectAttributesCollector.NAMESPACE_IDENTITY, set);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns required attribute names.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return required attribute names.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public Set<String> getRequiredAttributeNames() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns subject decision.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param realm Realm name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param mgr Subject attribute manager
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param subject Subject to be evaluated.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param resourceName Resource name to be evaluated.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param environment Environment map.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return subject decision.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws com.sun.identity.entitlement.EntitlementException if error
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SSOToken adminToken = (SSOToken) AccessController.doPrivileged(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PolicyManager pm = new PolicyManager(adminToken, realm);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return new SubjectDecision(result, Collections.EMPTY_MAP);
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden private static SSOToken getSSOToken(javax.security.auth.Subject subject) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // subject could be null, a case in point: evaluation ignoring subjects
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set privateCred = subject.getPrivateCredentials();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator i = privateCred.iterator(); i.hasNext(); ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (o instanceof SSOToken) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns <code>true</code> is this subject is an identity object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>true</code> is this subject is an identity object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return true;
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden * Constructs a legacy policy subject based on the information in this adapter.
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden * @return the legacy policy subject
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden * @throws EntitlementException if an error occurs constructing the subject.
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden public Subject getPolicySubject() throws EntitlementException {