PolicyManager.java revision 0c9594d96d580b0cba488fa7d01802fbb49d8a3e
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * The contents of this file are subject to the terms
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * of the Common Development and Distribution License
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * (the License). You may not use this file except in
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * compliance with the License.
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * You can obtain a copy of the License at
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * https://opensso.dev.java.net/public/CDDLv1.0.html or
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * See the License for the specific language governing
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * permission and limitations under the License.
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * When distributing Covered Code, include this CDDL
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * Header Notice in each file and include the License file
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * If applicable, add the following below the CDDL Header,
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * with the fields enclosed by brackets [] replaced by
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * your own identifying information:
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * "Portions Copyrighted [year] [name of copyright owner]"
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * $Id: PolicyManager.java,v 1.19 2010/01/25 23:48:15 veiming Exp $
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * Portions Copyrighted 2011-2014 ForgeRock AS.
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbingsimport com.sun.identity.entitlement.opensso.PrivilegeUtils;
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbingsimport com.sun.identity.entitlement.Application;
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbingsimport com.sun.identity.entitlement.ApplicationManager;
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbingsimport com.sun.identity.entitlement.EntitlementConfiguration;
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbingsimport com.sun.identity.policy.interfaces.Subject;
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbingsimport com.sun.identity.entitlement.EntitlementException;
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbingsimport com.sun.identity.entitlement.IPrivilege;
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbingsimport com.sun.identity.entitlement.PrivilegeIndexStore;
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbingsimport com.sun.identity.entitlement.PrivilegeManager;
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbingsimport com.sun.identity.entitlement.ReferralPrivilege;
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbingsimport com.sun.identity.entitlement.ReferralPrivilegeManager;
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbingsimport com.sun.identity.entitlement.opensso.SubjectUtils;
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbingsimport com.sun.identity.security.AdminTokenAction;
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbingsimport com.sun.identity.sm.OrganizationConfigManager;
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbingsimport com.sun.identity.sm.ServiceAlreadyExistsException;
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbingsimport com.sun.identity.sm.ServiceConfigManager;
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbingsimport com.sun.identity.sm.ServiceNotFoundException;
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbingsimport com.sun.identity.sm.ServiceSchemaManager;
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbingsimport org.forgerock.openam.shared.concurrency.LockFactory;
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * The <code>PolicyManager</code> class manages policies
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * for a specific organization, sub organization or a container.
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * This class is the
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * starting point for policy management, and provides methods to
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * <p>It is a final class
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * and hence cannot be further extended. The methods in this class
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * works directly with the backend datastore (usually a
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * directory server) to store and manage policies. Hence, user
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * of this class must have valid <code>SSOToken</code>
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * and privileges to the backend datastore.
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * @supported.api
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * @deprecated since 12.0.0
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbingspublic final class PolicyManager {
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * The service name for Policy component.
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * @supported.api
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings public static final String POLICY_SERVICE_NAME = "iPlanetAMPolicyService";
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings public static final String POLICY_DEBUG_NAME = "amPolicy";
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * The key for the plugins to get the organization name.
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * @supported.api
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings public static final String ORGANIZATION_NAME = "OrganizationName";
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings "/sunamhiddenrealmdelegationservicepermissions";
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings public static final String NAMED_POLICY = "Policies";
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings static final String REALM_SUBJECTS = "RealmSubjects";
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings static final String XML_REALM_SUBJECTS = "xmlRealmSubjects";
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings private static final String NAMED_POLICY_ID = "NamedPolicy";
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings static final String RESOURCES_POLICY = "Resources";
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings static final String RESOURCES_POLICY_ID = "ServiceType";
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings private static final String SUBJECTS_POLICY = "Subjects";
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings static final String SUBJECT_POLICY = "Subject";
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings static final String REALM_SUBJECT_POLICY = "RealmSubject";
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings static final String CONDITION_POLICY = "Condition";
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings static final String RESP_PROVIDER_POLICY = "ResponseProvider";
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings static final String REFERRAL_POLICY = "Referral";
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings static final String REFERRALS_POLICY = "Referrals";
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings private static final String POLICY_XML = "xmlpolicy";
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings public static final String POLICY_ROOT_NODE = "Policy";
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings static final String POLICY_RULE_NODE = "Rule";
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings static final String POLICY_SUBJECTS_NODE = "Subjects";
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings static final String POLICY_CONDITIONS_NODE = "Conditions";
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings static final String POLICY_RESP_PROVIDERS_NODE = "ResponseProviders";
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings static final String POLICY_REFERRALS_NODE = "Referrals";
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings static final String POLICY_RULE_SERVICE_NODE = "ServiceName";
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings static final String POLICY_RULE_RESOURCE_NODE = "ResourceName";
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings static final String POLICY_RULE_EXCLUDED_RESOURCE_NODE =
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings "ExcludedResourceName";
static final String
private static boolean migratedToEntitlementService = false;
return (givenOrgName);
return policyConfig;
return (org);
+ org);
se));
return (answer);
if (isMigratedToEntitlementService()) {
policy);
} catch (EntitlementException e) {
} catch (ServiceAlreadyExistsException e) {
token);
if (isMigratedToEntitlementService()) {
} catch (EntitlementException e) {
token);
if (isMigratedToEntitlementService()) {
} catch (EntitlementException e) {
token);
return rm;
return (stm);
return (ctm);
return (rpm);
return (sConfig);
} catch (SMSException e) {
return (orgName);
throw (new UnsupportedOperationException());
throw (new UnsupportedOperationException());
return svtm;
return rtm;
} catch (Exception e) {
} catch (Exception e) {
return (null);
return viewBeanURL;
if ( useCache ) {
return policy;
return rim;
private boolean validateResourceForPrefixE(
boolean interpretWildCard = true;
private boolean validateResourceForPrefix(
boolean interpretWildCard = true;
if (isMigratedToEntitlementService()) {
initialise();
isEmpty()) {
null);
throw new PolicyException(
boolean validResource = true;
if (!validResource) {
throw new PolicyException(
throw new PolicyException(
return subjects;
return policies;
policy = p;
return policy;
throws PolicyException {
return managedResourceNames;
throws PolicyException {
return (isMigratedToEntitlementService()) ?
throws PolicyException {
return managedResourceNames;
throws PolicyException {
return managedResourceNames;
return null;
return orgAlias;
return aliasMappedOrg;
throws EntitlementException {
if (isMigratedToEntitlementService()) {
boolean can = false;
} catch (PolicyException e) {
return can;
private boolean hasReferredResources() {
boolean hasPrefixes = false;
} catch (PolicyException e) {
return hasPrefixes;
static boolean isMigratedToEntitlementService() {
initialise();
return migratedToEntitlementService;
private static void initialise() {
boolean can = false;
if (isMigratedToEntitlementService()) {
} catch (PolicyException e) {
return can;