ResourceResultCache.java revision f388a63c4ab81c43796df4744c42d935b75048c5
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: ResourceResultCache.java,v 1.21 2010/01/21 22:18:01 dillidorai Exp $
*
* Portions Copyrighted 2014 ForgeRock AS.
*/
/**
* Singleton class that implements client side policy decision cache.
* Handles communication with policy service acting
* as a proxy to policy service. In effect, this is a caching proxy.
*/
class ResourceResultCache implements SSOTokenListener {
//service>resource>tokenID>scope>result
private static ResourceResultCache resourceResultCache;
private PolicyProperties policyProperties;
private Set remotePolicyListeners
//serviceName -> resourceName -> sessionId -> scope -> result
private Set tokenRegistry =
private int cacheTtl;
private Set advicesHandleableByAM;
private static final String GET_RESPONSE_ATTRIBUTES
= "Get_Response_Attributes";
private static long requestID = 0;
/**
* Constructs the singleton instance of <code>ResourceResultCache</code>
*
* @param policyProperties object that provides access to configuration
* properties such as policy service URL, notification URL etc.
* This is nice wrapper over
* <code>com.iplanet.am.util.SystemProperties</code>
*/
throws PolicyException {
this.policyProperties = policyProperties;
notificationHandler = new PolicyNotificationHandler(this);
//register notification handler with PLLClient
if (debug.messageEnabled()) {
+ "added policyNotificationHandler "
+ "with PLLClient");
}
}
if (debug.messageEnabled()) {
+ "Singleton Instance Created");
}
}
/**
* Returns reference to the singleton instance of
* <code>ResourceResultCache</code>
*
* @param policyProperties object that provides access to configuration
* properties such as policy service URL, notification URL etc.
* This is nice wrapper over
* <code>com.iplanet.am.util.SystemProperties</code>
*
* @return reference to the singleton instance of
* <code>ResourceResultCache</code>
*/
synchronized static ResourceResultCache getInstance(
if (resourceResultCache == null) {
} else {
}
return resourceResultCache;
}
/**
* Returns reference to the singleton instance of
* <code>ResourceResultCache</code>
*
* @return reference to the singleton instance of
* <code>ResourceResultCache</code>
*/
private synchronized static ResourceResultCache getInstance() {
if ( (resourceResultCache == null)
&& debug.warningEnabled()) {
+ "ResourceResultCache has not been created:"
+ "returning null");
}
return resourceResultCache;
}
/**
* Returns policy decision
* @param appToken application sso token to identify the client to policy
* service
* @param serviceName name of service for which to get policy decision
* @param token session token of user for whom to get policy decision
* @param resourceName resource name for which to get policy decision
* @param actionNames action names for which to get policy decision
* @param env environment map to use to get policy decision
* @param retryCount try this many times before giving up if received policy
* decision is found to have expired
* @return policy decision
* @throws PolicyException if can not get policy decision
* @throws SSOException if user session token is not valid
* @throws InvalidAppSSOTokenException if application session token
* is not valid
*/
throws InvalidAppSSOTokenException,
int count = 0;
boolean validTtl = false;
env, true); //use cache
validTtl = true;
}
count++;
if (debug.messageEnabled()) {
+ "Received expired decision, "
+ "Getting decision again, repeat attempt="
+ count);
}
env, false); //do not use cache
validTtl = true;
break;
}
}
if (!validTtl) {
if (debug.warningEnabled()) {
+ "Received expired decision from server");
}
}
if (actionNames != null) {
}
}
} else {
}
return pd;
}
/**
* Returns policy decision
* @param appToken application sso token to identify the client to policy
* service
*
* @param serviceName name of service for which to get policy decision
* @param token session token of user for whom to get policy decision
* @param resourceName resource name for which to get policy decision
* @param actionNames action names for which to get policy decision
* @param env environment map to use to get policy decision
*
* @param useCache flag indicating whether to return a locally cached
* policy decision. Locally cached decision is returned only if the
* value is <code>true</code>. Otherwise, policy decision is fetched
* from policy service and returned.
*
* @return policy decision
* @throws PolicyException if can not get policy decision
* @throws SSOException if session token is not valid
*/
throws InvalidAppSSOTokenException,
if (debug.messageEnabled()) {
+ "resourceName=" + resourceName
+ ":cacheMode=" + cacheMode
+ ":would get resource results for root resource="
+ rootResourceName);
}
}
if (debug.messageEnabled()) {
+ ":serviceName=" + serviceName
+ ":resourceName=" + resourceName
+ ":cacehMode=" + cacheMode
+ ":useCache=" + useCache
+ ":returning policyDecision:" + pd);
}
return pd;
}
/**
* Returns a set of <code>ResourceResult</code> objects
* @param appToken application sso token to identify the client to policy
* service
*
* @param serviceName name of service for which to get resource results
* @param token session token of user for whom to get resource results
* @param resourceName resource name for which to get resource results
* @param actionNames action names for which to get resource results
* @param env environment map to use to get resource results
* @param scope the scope to be used while getting resource results
* @return a set of <code>ResourceResult</code> objects
*
* @throws PolicyException if can not get
* @throws SSOException if session token is not valid
* @throws InvalidAppSSOTokenException if application session token
* is not valid
*/
throws InvalidAppSSOTokenException,
true); //useCache
}
/**
* Returns a set of <code>ResourceResult</code> objects
* @param appToken application sso token to identify the client to policy
* service
*
* @param serviceName name of service for which to get resource results
* @param token session token of user for whom to get resource results
* @param resourceName resource name for which to get resource results
* @param actionNames action names for which to get resource results
* @param env environment map to use to get resource results
* @param scope the scope to be used while getting resource results
* @param useCache flag indicating whether to return locally cached
* resource results. Locally cached resource results are
* returned only if the value is <code>true</code>
*
* @return a set of <code>ResourceResult</code>
*
* @throws PolicyException if can not get resource results
* @throws SSOException if session token is not valid
* @throws InvalidAppSSOTokenException if application session token
* is not valid
*/
throws InvalidAppSSOTokenException,
if (debug.messageEnabled()) {
+ ":serviceName=" + serviceName
+ ":resourceName=" + resourceName
+ ":useCache=" + useCache
+ ":entering ");
}
// resultCache -> serviceName -> resourceName -> sessionId -> scope -> result
synchronized(resultCache) {
// resourceName -> sessionId -> scope -> result
if (resourceTokenIDsMap == null) {
// changed to fix 4295 Policy cache causes frequent
// full gc or out of memory issues
}
}
// resourceTokenIDsMap -> resourceName -> sessionId -> scope -> result
synchronized(resourceTokenIDsMap) {
// sessionId -> scope -> result
if (tokenIDScopesMap == null) {
// changed to fix 4295 Policy cache causes frequent full
// gc or out of memory issues
}
}
// tokenIDScopesMap -> sessionId -> scope -> result
synchronized(tokenIDScopesMap) {
if (scopeResultsMap == null) {
scopeResultsMap = new HashMap();
token.addSSOTokenListener(this);
}
}
}
boolean fetchResultsFromServer = false;
// scopeResultsMap -> scope -> result
synchronized(scopeResultsMap) {
//array elements:resourceResults, env, ttl, actionNames
}
if ( !useCache ) {
if (debug.messageEnabled()) {
+ "would contact server since useCache is false");
}
fetchResultsFromServer = true;
if (debug.messageEnabled()) {
+ "would contact server "
+ " since results not in cache");
}
fetchResultsFromServer = true;
if (debug.messageEnabled()) {
+ "would contact server since env does not match");
}
fetchResultsFromServer = true;
if (debug.messageEnabled()) {
+ "would contact server since env does not Match");
}
fetchResultsFromServer = true;
< System.currentTimeMillis()) {
if (debug.messageEnabled()) {
+ "would contact server since results ttl has "
+ " expired");
}
fetchResultsFromServer = true;
if (debug.messageEnabled()) {
+ "would contact server since action names do not "
+ " match");
}
fetchResultsFromServer = true;
if (debug.messageEnabled()) {
+ "would contact server since action names do not "
+ " Match");
}
fetchResultsFromServer = true;
actionNames)) {
if (debug.messageEnabled()) {
+ "would contact server since cached action names "
+ " do not cover request action names");
}
fetchResultsFromServer = true;
//get from server if there were advices in the cached decision
//we do this only if cacheMode is self
fetchResultsFromServer = true;
}
}
// changed to fix 4205 Policy client code has bottleneck when processing notificati
// FIXME: remove the check for service name with the some fix on server
if (fetchResultsFromServer) {
actionNames, env);
} else {
actionNames, env);
}
}
results[2]
if (actionNames != null) {
actionNames = new HashSet();
}
} else {
if (debug.messageEnabled()) {
+ "would not contact server, "
+ " would use results from cache ");
}
}
if (debug.messageEnabled()) {
+ serviceName + ","
+ resourceName + ","
+ actionNames + ",env)"
+ ": returning resourceResults");
}
return resourceResults;
}
throws InvalidAppSSOTokenException, SSOException,
try {
if (debug.messageEnabled()) {
+ ":serviceName=" + serviceName
+ ":resourceName=" + resourceName
+ ":scope=" + scope
+ ":restUrl=" + restUrl
+ ":entering");
}
if (debug.messageEnabled()) {
+ ":server response jsonString=" + jsonString);
}
} catch (InvalidAppSSOTokenException e) {
throw e;
} catch (Exception e) {
throw new PolicyEvaluationException(
"rest_policy_request_exception",
args, e);
}
if (debug.messageEnabled()) {
+ "returning");
}
return resourceResults;
}
/**
* Returns a set of <code>ResourceResult</code> objects from server.
* Fresh resource results
* are fetched from policy server and returned.
* @param appToken application sso token to identify the client to policy
* service
*
* @param serviceName name of service for which to get resource results
* @param token session token of user for whom to get resource results
* @param resourceName resource name for which to get resource results
* @param scope the scope to be used while getting resource results
* @param actionNames action names for which to get resource results
* @param env environment map to use to get resource results
*
* @return a set of <code>ResourceResult</code> objects
*
* @throws PolicyException if can not get resource results
* @throws SSOException if session token is not valid
* @throws InvalidAppSSOTokenException if application session token
* is not valid
*/
throws InvalidAppSSOTokenException, SSOException,
try {
if (debug.messageEnabled()) {
+ ":serviceName=" + serviceName
+ ":resourceName=" + resourceName
+ ":scope=" + scope
+ ":policyServiceURL=" + policyServiceUrl
+ ":entering");
}
if (debug.messageEnabled()) {
+ "responseAttributes to get="
}
if (responseAttributes != null) {
}
}
if (exceptionMessage != null) {
if (debug.warningEnabled()) {
+ "getResultsFromServer():"
+ " response exception " + exceptionMessage);
+ "getResultsFromServer():"
+ " appSSOToken is invalid");
+ "throwing InvalidAppSSOTokenException");
}
throw new InvalidAppSSOTokenException(
"server_reported_invalid_app_sso_token",
} else {
+ "getResultsFromServer():"
+ "response exception message="
+ exceptionMessage);
throw new PolicyEvaluationException(
"server_reported_exception",
}
} else {
}
}
} catch (SendRequestException sre) {
throw new PolicyEvaluationException(
"pll_send_request_exception",
}
if (debug.messageEnabled()) {
+ "returning");
}
return resourceResults;
}
/**
* Returns policy decision computed from a set of
* <code>ResourceResult</code> objects
*
* @param resourceResults resource results used to compute policy decision
* @param resourceName resource name for which to get policy decision
* @param resourceComparator <code>ResourceName</code>, resource
* comparison algorithm used to compare resources
*
* @return computed policy decision
*
* @throws PolicyException if can not get policy decision
*/
boolean processed = false;
}
return pd;
}
/**
* Merges policy decisions applicable to a resource
* from a <code>ResourceResult</code> object.
*
* @param pd a collector for merged policy decision
* @param resourceResult <code>ResourceResult</code> from which
* to find applicable policy decisions
* @param resourceName resource name for which to get policy decision
* @param resourceComparator <code>ResourceName</code>, resource
* comparison algorithm used to compare resources
*
* @param serviceName service name
*
* @return a flag indicating whether more <code>ResourceResult</code>
* objects need to be visited to to compute the policy decision.
* <code>true</code> is returned if no more <code>ResourceResult</code>
* objects need to be visited
*
*
* a <code>ResourceResult</code> object.
*
* @throws PolicyException if can not get policy decision
*/
throws PolicyException {
boolean processed = false;
if (debug.messageEnabled()) {
+ "resourceName=" + resourceName
+ ":resourceResultResourceName="
}
processed = true;
processed = true;
}
if (!processed) {
}
}
}
} // else NO_MATCH or SUBRESOURCE_MATCH nothing to do
return processed;
}
/**
* Merges two policy decisions
* @param pd1 policy decision to be merged
* @param pd2 policy decision to be merged into
* @param serviceName service name
* @return merged policy decision
*/
}
return pd2;
}
/**
* Merges two policy decisions
* @param pd1 policy decision to be merged
* @param pd2 policy decision to be merged into. Action decisions
* present in the policy decision are cleared before merging
* @param serviceName service name
* @return merged policy decision
*/
}
return pd2;
}
/**
* Registers a listener with policy service to recieve
* notifications on policy changes
* @param appToken session token identifying the client
* @param serviceName service name
* @param notificationURL end point on the client that listens for
* notifications
*/
false);
}
/**
* Registers a listener with policy service to recieve
* notifications on policy changes
* @param appToken session token identifying the client
* @param serviceName service name
* @param notificationURL end point on the client that listens for
* notifications
*
* @param reRegister flag indicating whether to register listener
* even if it was already registered. <code>true</code> indicates
* to register listener again even if it was previously registered
*/
boolean reRegister) {
boolean status = false;
if (debug.messageEnabled()) {
+ "serviceName=" + serviceName
+ ":notificationURL=" + notificationURL);
}
&& !reRegister) {
if (debug.messageEnabled()) {
+ "serviceName=" + serviceName
+ ":notificationURL=" + notificationURL
+ ":is already registered");
}
return status;
} //else do the following
try {
} catch (PolicyException pe) {
+ "Can not add policy listner", pe);
}
}
try {
if (debug.messageEnabled()) {
+ "addRemotePolicyListener():"
}
if (psres.getMethodID()
status = true;
if (debug.messageEnabled()) {
+ "addRemotePolicyListener():"
+ "serviceName=" + serviceName
+ ":notificationURL=" + notificationURL
+ ":policyServiceURL=" + policyServiceURL
+ ":add succeeded");
}
}
} else {
+ " no result");
}
} catch (Exception e) {
}
}
return status;
}
/**
* Removes a listener registered with policy service to recieve
* notifications on policy changes
* @param appToken session token identifying the client
* @param serviceName service name
* @param notificationURL end point on the client that listens for
* notifications
*/
boolean status = false;
try {
} catch (PolicyException pe) {
+ "Can not remove policy listner:", pe);
}
}
try {
if (debug.messageEnabled()) {
+ "removeRemotePolicyListener():"
}
if (psres.getMethodID()
status = true;
}
} else {
+ "removeRemotePolicyListener():"
+ "no result");
}
} catch (Exception e) {
e);
}
}
return status;
}
/**
* Processes policy notifications forwarded from listener end
* point of policy client
* @param pn policy notification
*/
throws PolicyEvaluationException {
if (debug.messageEnabled()) {
+ pn);
}
if (serviceName != null) {
if (debug.messageEnabled()) {
+ "processPolicyNotification():"
+ "serviceName=" + serviceName
+ ":affectedResourceNames="
+ ":clearing cache for affected "
+ "resource names");
}
} else {
if (debug.messageEnabled()) {
+ "processPolicyNotification():"
+ "serviceName not registered"
+ ":no resource names cleared from cache");
}
}
} else {
if (debug.messageEnabled()) {
+ "processPolicyNotification():"
+ "serviceName is null"
+ ":no resource names cleared from cache");
}
}
} else {
+ "PolicyNotification is null");
}
}
/**
* Registers policy notification handler with <code>PLLClient</code>
* @param handler policy notification handler
*/
private void registerHandlerWithPLLClient(
try {
handler);
if (debug.messageEnabled()) {
+ "registerHandlerWithPLLClient():"
+ "registered notification handler");
}
} catch (AlreadyRegisteredException ae) {
if (debug.warningEnabled()) {
+ "registerHandlerWithPLLClient():"
+ "AlreadyRegisteredException", ae);
}
}
}
/**
* Returns policy service URL based on session token
* @param token session token of user
* @return policy service URL based on session token
* @throws PolicyException if can not get policy service URL
*/
try {
if ( port == -1) {
portString = "";
} else {
}
} catch (SessionException se) {
+ "Can not find policy service URL", se);
throw new PolicyEvaluationException(
"policy_service_url_not_found",
} catch (URLNotFoundException ue) {
+ "Can not find policy service URL", ue);
throw new PolicyEvaluationException(
"policy_service_url_not_found",
}
return policyServiceURL;
}
/**
* Processes session token change ntofication
* @param tokenEvent session token change notification event
*/
if (debug.messageEnabled()) {
}
try {
synchronized(resultCache) {
while (serviceIter.hasNext()) {
synchronized(resourceTokenIDsMap) {
while (resourceIter.hasNext()) {
if (tokenIDScopesMap != null) {
}
if ( (tokenPresent == false) &&
(debug.messageEnabled()) ) {
+ " not found in Token Registry.");
}
if (debug.messageEnabled()) {
+ "ssoTokenChanged():"
+ "removing cache results for "
+ ":serviceName=" + serviceName
+ ":resource=" + resource);
}
}
}
}
}
} catch (Throwable t) {
if (debug.warningEnabled()) {
+ "Exception caught", t);
}
}
}
/**
* Clears cached decisions for a set of resources
* @param serviceName service name
* @param affectedResourceNames affected resource names
*/
if ((affectedResourceNames == null)
|| affectedResourceNames.isEmpty()) {
return;
}
if ((resourceTokenIDsMap == null)
|| resourceTokenIDsMap.isEmpty()) {
return;
}
if (debug.messageEnabled()) {
+ "clearCacheForResourceNames():"
+ "affectedResourceName=" + affectedRN);
}
synchronized (resourceTokenIDsMap) {
if (debug.messageEnabled()) {
+ "clearCacheForResourceNames():"
+ "affectedResourceName=" + affectedRN
+ ":cachedResourceName=" + cachedRN);
}
if (debug.messageEnabled()) {
+ "clearCacheForResourceNames():"
+ "cleared cached results for "
+ "resourceName=" + cachedRN
+ ":affectedResourceName=" + affectedRN
+ ":match=SAME RESOURCE NAME");
}
} else {
affectedRN, true); //wildcard compare
if (debug.messageEnabled()) {
+ "clearCacheForResourceNames():"
+ "cleared cached results for "
+ "resourceName=" + cachedRN
+ ":affectedResourceName=" + affectedRN
+ ":match=EXACT_MATCH");
}
if (debug.messageEnabled()) {
+ "clearCacheForResourceNames():"
+ "cleared cached results for "
+ "resourceName=" + cachedRN
+ ":affectedResourceName=" + affectedRN
+ ":match=WILD_CARD_MATCH");
}
if (debug.messageEnabled()) {
+ "clearCacheForResourceNames():"
+ "cleared cached results for "
+ "resourceName=" + cachedRN
+ ":affectedResourceName=" + affectedRN
+ ":match=SUB_RESOURCE_MACTH");
}
}
}
}
}
}
}
/**
* Returns response attribute names specified in environment map
* @param env environment map
*/
}
return responseAttributes;
}
/**
* Returns a new request ID. Used in identifying request messages
* sent to policy service
* @return a new request ID. Used in identifying request messages
* sent to policy service
*/
private String newRequestID() {
synchronized(REQUEST_ID_LOCK) {
}
return requestIDString;
}
/**
* Returns root resource name
* @param resource resource name from which to compute root resource name
* @param serviceName service name
* @return root resource name computed from resource name
*/
if ( index > 0 ) {
}
}
return rootResource;
}
/**
* Returns names of policy advices that could be handled by OpenSSO
* Enterprise if PEP redirects user agent to OpenSSO.
*
* @param appToken application sso token that would be used while
* communicating to OpenSSO
* @param refetchFromServer indicates whether to get the values fresh
* from OpenSSO or return the values from local cache.
* If the server reports app sso token is invalid, a new app sso
* token is created and one more call is made to the server.
* @return names of policy advices that could be handled by OpenSSO
* Enterprise
* @throws InvalidAppSSOTokenException if the server reported that the
* app sso token provided wasinvalid
* @throws PolicyEvaluationException if the server reported any other error
* @throws PolicyException if there are problems in getting the advice
* names
* @throws SSOException if the appToken is detected to be invalid
* at the client
*/
if (debug.messageEnabled()) {
+ ":entering");
}
if (debug.messageEnabled()) {
+ ":returning cached advices"
}
return advicesHandleableByAM;
}
try {
} catch (PolicyException pe) {
pe);
throw pe;
}
}
try {
if (debug.messageEnabled()) {
+ "getAdvicesHandleableByAM():"
}
if (exceptionMessage != null) {
"app_sso_token_invalid")) >= 0) {
if (debug.warningEnabled()) {
+ "getAdvicesHandleableByAM():"
+ " response exception "
+ exceptionMessage);
+ "AdvicesHandleableByAM():"
+ " appSSOToken is invalid");
+ "throwing InvalidAppSSOTokenException");
}
throw new InvalidAppSSOTokenException(
"server_reported_invalid_app_sso_token",
} else {
if (debug.warningEnabled()) {
+ "AdvicesHandleableByAM():"
+ "response exception message="
+ exceptionMessage);
}
throw new PolicyEvaluationException(
"server_reported_exception",
}
}
{
if (debug.messageEnabled()) {
+ "getAdvicesHandleableByAM():"
}
if (advicesHandleableByAMResponse != null) {
}
}
} else {
+":no result");
}
} catch (SendRequestException e) {
e);
throw new PolicyException(e);
}
}
if (advicesHandleableByAM == null) {
}
if (debug.messageEnabled()) {
+ ":returning advicesHandleableByAM"
}
return advicesHandleableByAM;
}
/**
* Clears cached policy decisions
* @param serviceName service name for which cached decisions
* would be cleared
*/
if (debug.messageEnabled()) {
+ "clearCachedDecisionsForService():"
+ "serviceName=" + serviceName);
}
synchronized(resultCache) {
}
}
/**
* Return a PolicyService object based on the XML document received
* from remote Policy Server. This is in response to a request that we
* send to the Policy server.
* @param policyServiceUrl The URL of the Policy Service
* @param preq The SessionRequest XML document
* @return PolicyService
* @exception SendRequestException is thrown if there was an error in
* sending the XML document or PolicyException if there are any parsing
* errors.
*/
try {
} catch (Exception e) {
throw new SendRequestException(e);
}
if (debug.messageEnabled()) {
+ "sending PLL request to URL=" + policyServiceUrl
+ ":\nPLL message=" + xmlString);
}
if (debug.messageEnabled()) {
}
return ps;
}
/**
* Returns lbcookie value for the Session
* @param a policy request
* @return lbcookie name and value pair
* @throws Exception if session in request is invalid
*/
} else {
}
return lbcookie;
}
boolean hasAdvices = false;
if (resourceResults != null) {
if (rr.hasAdvices()) {
hasAdvices =true;
break;
}
}
}
return hasAdvices;
}
throws SSOException, PolicyException {
}
if (debug.messageEnabled()) {
+ "restPolicyServiceUrl=" + restUrl);
}
return restUrl;
}
}
}
}
return values;
}
throws PolicyException {
try {
conn.setDoOutput(true);
conn.setUseCaches(false);
conn.setInstanceFollowRedirects(false);
reader = new BufferedReader(
int len;
char[] buf = new char[1024];
}
if (debug.warningEnabled()) {
+ "got 302 redirect");
+ "throwing InvalidAppSSOTokenException");
}
throw new InvalidAppSSOTokenException(
"rest_call_to_server_caused_302",
if (debug.warningEnabled()) {
"ResourceResultCache.getResourceContent():" +
"REST call failed with HTTP response code:" +
}
throw new PolicyException(
"Entitlement REST call failed with error code:" +
}
} catch (UnsupportedEncodingException uee) {
// should not happen
} catch (IOException ie) {
} finally {
try {
}
conn.disconnect();
}
} catch (Exception e) {
// ignore
}
}
}
private void setCookieAndHeader(
) throws UnsupportedEncodingException {
if (Boolean.parseBoolean(
}
"iPlanetDirectoryPro");
}
throws JSONException, PolicyException {
try {
} catch(JSONException e) {
+ "json parsing error of response: " + jsonResourceContent);
throw new PolicyEvaluationException(
"error_rest_reponse",
}
if (statusCode != 200) {
throw new PolicyEvaluationException(
"error_rest_reponse",
}
if (jsonObject == null) {
+ "does not have decisions object");
throw new PolicyEvaluationException(
"error_rest_reponse",
}
new PolicyDecision());
for (int i = 0; i < arrayLen; i++) {
}
}
} else {
if (resourceName != null) {
} else {
+ "does not have results or resourceName object");
throw new PolicyEvaluationException(
"error_rest_reponse",
}
}
return resourceResults;
}
}
}
pd);
return resourceResult;
}
/**
* Registers a REST listener with policy service to recieve
* notifications on policy changes
* @param appToken session token identifying the client
* @param serviceName service name
* @param notificationURL end point on the client that listens for
* notifications
*/
false);
}
/**
* Registers a REST listener with policy service to recieve
* notifications on policy changes
* @param appToken session token identifying the client
* @param serviceName service name
* @param notificationURL end point on the client that listens for
* notifications
*
* @param reRegister flag indicating whether to register listener
* even if it was already registered. <code>true</code> indicates
* to register listener again even if it was previously registered
*/
boolean reRegister) {
boolean status = false;
if (debug.messageEnabled()) {
+ "serviceName=" + serviceName
+ ":notificationURL=" + notificationURL);
}
&& !reRegister) {
if (debug.messageEnabled()) {
+ "serviceName=" + serviceName
+ ":notificationURL=" + notificationURL
+ ":is already registered");
}
return status;
} //else do the following
try {
if (debug.messageEnabled()) {
+ "addRESTRemotePolicyListener():"
+ "serviceName=" + serviceName
+ ":notificationURL=" + notificationURL
+ ":rootURL=" + rootURL
+ ":policyServiceListenerURL=" + policyServiceListenerURL
);
}
queryString += "&url=" +
// FIXME: what do we check in the content?
// FIXME: check the response, detect error conditions?
if (debug.messageEnabled()) {
+ "addRESTRemotePolicyListener():"
+ ":resourceContent=" + resourceContent
);
}
status = true;
} catch (UnsupportedEncodingException e) {
+ "Can not add policy listner", e);
} catch (SSOException se) {
+ "Can not add policy listner", se);
} catch (PolicyException pe) {
+ "Can not add policy listner", pe);
}
} else {
// log a debug message: not registering listener
if (debug.messageEnabled()) {
+ "not adding listener, app sso token is null");
}
}
return status;
}
/**
* Removes a REST listener registered with policy service to recieve
* notifications on policy changes
* @param appToken session token identifying the client
* @param serviceName service name
* @param notificationURL end point on the client that listens for
* notifications
*/
boolean status = false;
try {
} catch (PolicyException pe) {
+ "Can not remove policy listner:", pe);
}
}
try {
if (debug.messageEnabled()) {
+ "removeRESTRemotePolicyListener():"
+ "serviceName=" + serviceName
+ ":notificationURL=" + notificationURL
+ ":policyServiceListenerURL=" + policyServiceListenerURL
);
}
// FIXME: what do we check in the content
if (debug.messageEnabled()) {
+ "removeRESTRemotePolicyListener():"
+ ":resourceContent=" + resourceContent
);
}
} catch (UnsupportedEncodingException e) {
+ "Can not add policy listner", e);
} catch (SSOException se) {
+ "Can not add policy listner", se);
} catch (PolicyException pe) {
+ "Can not remove policy listner", pe);
}
} else {
// log a debug message: not removing listener
// log a debug message: not registering listener
if (debug.messageEnabled()) {
+ "not removing listener, app sso token is null");
}
}
return status;
}
/**
* Processes REST policy notifications forwarded from listener end
* point of policy client
* @param pn REST policy notification
*/
throws PolicyEvaluationException {
// samplePn = "{realm: "/", privilgeName: "p1", resources: ["r1", "r2"]}";
if (debug.messageEnabled()) {
+ pn);
}
// FIXME after servre side is fixed to provide serviceName in notification
try {
for (int i = 0; i < arrayLen; i++) {
if (affectedResourceNames == null) {
}
}
}
} catch (JSONException je) {
+ "pn=" + pn);
throw new PolicyEvaluationException("notification_not_valid_json");
}
if (debug.messageEnabled()) {
+ "processRESTPolicyNotification():"
+ "serviceName=" + serviceName
+ ":affectedResourceNames="
+ ":clearing cache for affected "
+ "resource names");
}
} else {
if (debug.messageEnabled()) {
+ "processRESTPolicyNotification():"
+ "serviceName not registered"
+ ":no resource names cleared from cache");
}
}
} else {
if (debug.messageEnabled()) {
+ "processRESTPolicyNotification():"
+ "serviceName or affectedResourceNames is null"
+ ":no resource names cleared from cache");
}
}
} else {
+ "PolicyNotification is null");
}
}
throws SSOException, PolicyException {
if (debug.messageEnabled()) {
+ "restPolicyServiceListenerUrl=" + restUrl);
}
return restUrl;
}
throws PolicyException {
if (debug.messageEnabled()) {
+ "postForm():"
+ "url=" + url
+ ", formContent=" + formContent);
}
try {
conn.setDoInput(true);
conn.setDoOutput(true);
conn.setUseCaches(false);
reader = new BufferedReader(
new InputStreamReader(
int len;
char[] buf = new char[1024];
}
// any 200 series response code is success
if (debug.warningEnabled()) {
+ "postForm():"
+ "REST call failed with HTTP response code:"
+ responseCode);
}
throw new PolicyException(
"Entitlement REST call failed with error code:"
+ responseCode);
}
} catch (UnsupportedEncodingException uee) {
// should not happen
} catch (IOException ie) {
} finally {
try {
}
conn.disconnect();
}
} catch (Exception e) {
// ignore
}
}
}
throws PolicyException {
try {
conn.setDoOutput(true);
conn.setUseCaches(false);
int len;
char[] buf = new char[1024];
}
if (debug.warningEnabled()) {
+ "deleteRESTResourceContent():"
+ "REST call failed with HTTP response code:"
+ responseCode);
}
throw new PolicyException(
"Entitlement REST call failed with error code:"
+ responseCode);
}
} catch (UnsupportedEncodingException uee) {
// should not happen
} catch (IOException ie) {
} finally {
try {
}
conn.disconnect();
}
} catch (Exception e) {
// ignore
}
}
}
try {
if (debug.warningEnabled()) {
+ "admin is null");
}
} else {
}
if (debug.warningEnabled()) {
+ "serviceName can not be null");
}
} else {
}
}
if (debug.warningEnabled()) {
+ "resoureNames is null or empty");
}
} else {
}
}
}
} catch (UnsupportedEncodingException use) {
// should not happen
+ use.getMessage());
}
}
try {
: realm;
if (debug.warningEnabled()) {
+ "buildEntitlementRequestQueryString():"
+ "serviceName can not be null");
}
} else {
}
if (debug.warningEnabled()) {
+ "buildEntitlementRequestQueryString():"
+ "subject can not be null");
}
} else {
}
if (debug.warningEnabled()) {
+ "buildEntitlementRequestQueryString():"
+ "resource can not be null");
}
} else {
}
}
}
}
}
}
}
} catch (UnsupportedEncodingException use) {
// should not happen
+ use.getMessage());
}
}
return null;
}
if (dsi == -1) {
return url;
}
if (si == -1) {
return url;
}
}
}