PolicyEvaluator.java revision 8d3140b524c0e28c0a49dc7c7d481123ef3cfe11
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy * The contents of this file are subject to the terms
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy * of the Common Development and Distribution License
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy * (the License). You may not use this file except in
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy * compliance with the License.
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy * You can obtain a copy of the License at
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy * https://opensso.dev.java.net/public/CDDLv1.0.html or
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy * See the License for the specific language governing
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy * permission and limitations under the License.
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy * When distributing Covered Code, include this CDDL
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy * Header Notice in each file and include the License file
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy * If applicable, add the following below the CDDL Header,
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy * with the fields enclosed by brackets [] replaced by
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy * your own identifying information:
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy * "Portions Copyrighted [year] [name of copyright owner]"
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy * $Id: PolicyEvaluator.java,v 1.7 2009/10/21 23:50:46 dillidorai Exp $
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy * Portions Copyrighted 2013-2014 ForgeRock AS.
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedyimport com.sun.identity.shared.debug.Debug;
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedyimport com.iplanet.dpro.session.SessionException;
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedyimport com.sun.identity.policy.ActionDecision;
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedyimport com.sun.identity.policy.PolicyDecision;
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedyimport com.sun.identity.policy.ResBundleUtils;
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedyimport com.sun.identity.policy.PolicyException;
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedyimport com.sun.identity.policy.PolicyUtils;
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedyimport com.sun.identity.policy.remote.PolicyEvaluationException;
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedyimport com.sun.identity.security.AdminTokenAction;
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedyimport com.sun.identity.security.AppSSOTokenProvider;
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedyimport com.sun.identity.policy.interfaces.ResourceName;
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedyimport org.forgerock.util.thread.listener.ShutdownListener;
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedyimport org.forgerock.util.thread.listener.ShutdownManager;
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy * This class provides methods to get policy decisions
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy * for clients of policy service.
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy * This class uses XML/HTTP protocol to
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy * communicate with the Policy Service.
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy * Policy client API implementation caches policy decision locally.
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy * The cache is updated through policy change notifications and/or
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy * @supported.api
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy static Debug debug = Debug.getInstance("amRemotePolicy");
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy private PolicyProperties policyProperties;
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy * Reference to singleton ResourceResultCache instance
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy private ResourceResultCache resourceResultCache;
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy * Logger object for access messages
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy * Logger object for error messages
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy private static final String GET_RESPONSE_ATTRIBUTES
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy = "Get_Response_Attributes";
f38cb554a534c6df738be3f4d23327e69888e634John Wren Kennedy * Number of attempts to make to server if policy decision received
this.resourceResultCache
public void shutdown() {
boolean actionAllowed = false;
actionAllowed = false;
actionAllowed = true;
return actionAllowed;
//We need to normalize the resourcename before sending off the policy request to ensure the policy is evaluated
} catch (InvalidAppSSOTokenException e) {
return pd;
} catch (SSOException e) {
} catch (SSOException e) {
return token;
return appSSOTokenProvider;
} catch (InvalidAppSSOTokenException e) {
throw pe;
return advicesHandleableByAM;
boolean matchFound = false;
matchFound = true;
if (matchFound) {
return compositeAdvice;
throws PolicyException {