entitlement/opensso/PolicySubject.java

8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster/**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * opensso/legal/CDDLv1.0.txt
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * at opensso/legal/CDDLv1.0.txt.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: PolicySubject.java,v 1.1 2009/08/19 05:40:36 veiming Exp $
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest *
0fb4093da08d574d3d1b661d4425dfbac8e02aabJames Phillpotts * Portions Copyrighted 2014-2015 ForgeRock AS.
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden */
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpackage com.sun.identity.entitlement.opensso;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
0fb4093da08d574d3d1b661d4425dfbac8e02aabJames Phillpottsimport com.fasterxml.jackson.annotation.JsonIgnore;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.sso.SSOException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.sso.SSOToken;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.entitlement.EntitlementException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.entitlement.EntitlementSubject;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.entitlement.SubjectAttributesCollector;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.entitlement.SubjectAttributesManager;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.entitlement.SubjectDecision;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.policy.PolicyException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.policy.PolicyManager;
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Maddenimport com.sun.identity.policy.interfaces.Subject;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.security.AdminTokenAction;
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrestimport org.forgerock.openam.entitlement.PolicyConstants;
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Maddenimport org.json.JSONArray;
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Maddenimport org.json.JSONException;
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Maddenimport org.json.JSONObject;
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.security.AccessController;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.util.Collections;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.util.HashMap;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.util.HashSet;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.util.Iterator;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.util.Map;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.util.Set;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster/**
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee * This subject wraps all OpenAM policy subjects.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpublic class PolicySubject implements EntitlementSubject {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    private String name;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    private String className;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    private Set<String> values;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    private boolean exclusive;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public PolicySubject() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Constructor.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param name Name of condition.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param className Implementation class name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param values Values of this subject.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param exclusive <code>true</code> to be exclusive.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public PolicySubject(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        String name,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        String className,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        Set<String> values,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        boolean exclusive
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        this.name = name;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        this.className = className;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        this.values = values;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        this.exclusive = exclusive;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public String getName() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return name;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns class name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return class name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public String getClassName() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return className;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns values.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return values.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public Set<String> getValues() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return values;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns <code>true</code> if this is an exclusive subject.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return <code>true</code> if this is an exclusive subject.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public boolean isExclusive() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return exclusive;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Sets states
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param state State.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public void setState(String state) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            JSONObject jo = new JSONObject(state);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            this.name = jo.optString("name");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            this.className = jo.optString("className");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            this.exclusive = jo.optBoolean("exclusive");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            this.values = getValues((JSONArray)jo.opt("values"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } catch (JSONException ex) {
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest            PolicyConstants.DEBUG.error("PolicySubject.setState", ex);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    private Set<String> getValues(JSONArray jo)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        throws JSONException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        Set<String> result = new HashSet<String>();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        for (int i = 0; i < jo.length(); i++) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            result.add(jo.getString(i));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return result;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns state of this subject.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return state of this subject.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public String getState() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        JSONObject jo = new JSONObject();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            jo.put("name", name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            jo.put("className", className);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            jo.put("exclusive", exclusive);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            jo.put("values", values);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            return jo.toString(2);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } catch (JSONException ex) {
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest            PolicyConstants.DEBUG.error("PolicySubject.getState", ex);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return "";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns search index attributes.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return search index attributes.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public Map<String, Set<String>> getSearchIndexAttributes() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        Map<String, Set<String>> map = new HashMap<String, Set<String>>(4);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        Set<String> set = new HashSet<String>();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        set.add(SubjectAttributesCollector.ATTR_NAME_ALL_ENTITIES);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        map.put(SubjectAttributesCollector.NAMESPACE_IDENTITY, set);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return map;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns required attribute names.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return required attribute names.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public Set<String> getRequiredAttributeNames() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return(Collections.EMPTY_SET);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns subject decision.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param realm Realm name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param mgr Subject attribute manager
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param subject Subject to be evaluated.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param resourceName Resource name to be evaluated.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param environment Environment map.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return subject decision.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @throws com.sun.identity.entitlement.EntitlementException if error
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *         occurs.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public SubjectDecision evaluate(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        String realm,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        SubjectAttributesManager mgr,
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden        javax.security.auth.Subject subject,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        String resourceName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        Map<String, Set<String>> environment
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    ) throws EntitlementException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        SSOToken adminToken = (SSOToken) AccessController.doPrivileged(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            AdminTokenAction.getInstance());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            PolicyManager pm = new PolicyManager(adminToken, realm);
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden            Subject sbj = getPolicySubject();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            sbj.initialize(pm.getPolicyConfig());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            SSOToken token = getSSOToken(subject);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            boolean result = (token == null) ? true
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    : sbj.isMember(token) ^ exclusive;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            return new SubjectDecision(result, Collections.EMPTY_MAP);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } catch (SSOException ex) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            throw new EntitlementException(508, ex);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } catch (PolicyException ex) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            throw new EntitlementException(508, ex);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden    private static SSOToken getSSOToken(javax.security.auth.Subject subject) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        // subject could be null, a case in point: evaluation ignoring subjects
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (subject == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            return null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        Set privateCred = subject.getPrivateCredentials();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        for (Iterator i = privateCred.iterator(); i.hasNext(); ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            Object o = i.next();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            if (o instanceof SSOToken) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                return (SSOToken)o;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns <code>true</code> is this subject is an identity object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return <code>true</code> is this subject is an identity object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public boolean isIdentity() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden    /**
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden     * Constructs a legacy policy subject based on the information in this adapter.
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden     *
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden     * @return the legacy policy subject
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden     * @throws EntitlementException if an error occurs constructing the subject.
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden     */
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden    @JsonIgnore
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden    public Subject getPolicySubject() throws EntitlementException {
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden        try {
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden            Subject subject = Class.forName(className).asSubclass(Subject.class).newInstance();
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden            subject.setValues(values);
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden            return subject;
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden        } catch (Exception ex) {
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden            throw new EntitlementException(508, ex);
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden        }
2dcb4fe863ae1bed4b9689ec053f951d75335589Neil Madden    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster}