PolicyEvaluator.java revision bfbee81df9e5db55835a1bf1e6981ec03379926e
* communicate with the Policy Service. * Policy client API implementation caches policy decision locally. * The cache is updated through policy change notifications and/or * Reference to singleton ResourceResultCache instance * Logger object for access messages * Logger object for error messages =
"Get_Response_Attributes";
* Number of attempts to make to server if policy decision received * from server has expired ttl * Creates an instance of client policy evaluator * @param serviceName name of the service for which to create * @throws PolicyException if required properties cannot be retrieved. * @throws SSOException if application single sign on token is invalid. * Creates an instance of client policy evaluator * @param serviceName name of the service for which to create * @param appSSOTokenProvider an object where application single sign on * @throws PolicyException if required properties cannot be retrieved. * @throws SSOException if application single sign on token is invalid. +
"serviceName is null");
}
//else do the following * Initializes an instance of client policy evaluator object * @param serviceName name of the service for which to create * @param appSSOTokenProvider an object where application single sign on * @throws PolicyException if required properties cannot be retrieved. * @throws SSOException if application single sign on token is invalid. // register remote policy listener policy service +
"adding remote policy listener with policy " // Add a hook to remove our listener on shutdown. debug.
message(
"PolicyEvaluator: called removeRESTRemotePolicyListener, service " debug.
message(
"PolicyEvaluator: called removeRemotePolicyListener, service " +
"initialized PolicyEvaluator");
* Evaluates a simple privilege of boolean type. The privilege indicates * if the user can perform specified action on the specified resource. * @param token single sign on token of the user evaluating policies * @param resourceName name of the resource the user is trying to access * @param actionName name of the action the user is trying to perform on * @return the result of the evaluation as a boolean value * @throws PolicyException if result could not be computed for any * reason other than single sign on token problem. * @throws SSOException if single sign on token is not valid * Evaluates simple privileges of boolean type. The privilege indicates * if the user can perform specified action on the specified resource. * The evaluation also depends on user's application environment parameters. * @param token single sign on token of the user evaluating policies. * @param resourceName name of the resource the user is trying to access * @param actionName name of the action the user is trying to perform on * @param envParameters run time environment parameters * @return the result of the evaluation as a boolean value * @throws PolicyException if result could not be computed for * reason other than single sign on token problem. * @throws SSOException if single sign on token is not valid +
":envParameters) : entering");
* Evaluates privileges of the user to perform the specified actions * on the specified resource. * @param token single sign on token of the user evaluating policies. * @param resourceName name of the resource the user is trying to access. * @param actionNames Set of action names the user is trying to perform on * @return policy decision * @throws PolicyException if result could not be computed for any * reason other than single sign on token problem. * @throws SSOException if single sign on token is not valid * Evaluates privileges of the user to perform the specified actions * on the specified resource. The evaluation also depends on user's * run time environment parameters. * @param token single sign on token of the user evaluating policies. * @param resourceName name of the resource the user is trying to access * @param actionNames Set of action names the user is trying to perform on * @param envParameters run-time environment parameters * @return policy decision * @throws PolicyException if result could not be computed for any * reason other than single sign on token problem. * @throws SSOException if single sign on token is invalid or expired. //We need to normalize the resourcename before sending off the policy request to ensure the policy is evaluated //for the correct resource. +
"InvalidAppSSOTokenException occured:" +
"getting new appssotoken");
+
"InvalidAppSSOTokenException occured:" +
"reRegistering remote policy listener");
+
":returning policyDecision:" +
pd.
toXML());
* Returns the application single sign on token, this token will be * passed while initializing the <code>PolicyEvaluator</code> or * if the application session token currently being used by * this <code>PolicyEvaluator</code> has expired * @return a valid application single sign on token. +
"AdminTokenAction returned " +
" expired token, trying again");
+
"could not refresh session:", e);
+
"AdminTokenAction returned " +
" expired token, trying again");
+
"could not refresh session:", e);
debug.
error(
"PolicyEvaluator.getNewAppSSOToken():, " +
"cannot obtain application SSO token");
"can_not_create_app_sso_token",
null,
null);
* Logs an access message from policy client api * @param level logging level * @param message message string * @param token single sign on token of user +
"Failed to create Logger");
+
" writing access logs");
* Returns application single sign on token provider * @return <code>AppSSOTokenProvider</code> Object. * Gets names of policy advices that could be handled by OpenSSO * if PEP redirects user agent to OpenSSO. If the server reports * an error indicating the app sso token provided was invalid, * new app sso token is obtained from app * sso token provider and another attempt is made to get policy advices * @param refetchFromServer indicates whether to get the values fresh * from OpenSSO or return the values from local cache * @return names of policy advices that could be handled by OpenSSO * Enterprise if PEP redirects user agent to OpenSSO. * @throws InvalidAppSSOTokenException if the server reported that the * app sso token provided was invalid * @throws PolicyEvaluationException if the server reported any other error * @throws PolicyException if there are problems in policy module * while getting the result * @throws SSOException if there are problems with sso token * while getting the result debug.
message(
"PolicyEvaluator.getAdvicesHandleableByAM(): Entering" //retry with new app sso token +
"got InvalidAppSSOTokenException, " +
" retrying with new app token");
//retry with new app sso token +
"got SessionException, " +
" retrying with new app token");
+
" Returning advicesHandleableByAM=" * Returns XML string representation of advice map contained in the * actionDecision. This is a convenience method for use by PEP. * @param actionDecision actionDecision that contains the * @return XML string representation of advice map contained in the * actionDecision subject to the following rule. If the * actionDecision is null, the return value would be null. * Otherwise, if the actionDecision does not contain any advice, * the return value would be null. Otherwise, actionDecision contains * advices. In this case, if the advices contains at least one advice * name that could be handled by AM, the complete advices element is * serialized to XML and the XML string is returned. Otherwise, null * @throws PolicyException for any abnormal condition encountered in * @throws SSOException for any abnormal condition encountered in //false : use cached value * Registers this client again with policy service to get policy * @param appToken application sso token to use while registering with * policy service to get notifications debug.
message(
"PolicyEvaluator.reRegisterRemotePolicyListener():" //clear policy decision cache debug.
message(
"PolicyEvaluator.reRegisterRemotePolicyListener():"