PolicyPrivilegeManager.java revision ccf9d4a5c6453fa9f8b839baeee25147865fbb7d
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, addReferral the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: PolicyPrivilegeManager.java,v 1.9 2010/01/26 20:10:15 dillidorai Exp $
*
* Portions Copyrighted 2014-2016 ForgeRock AS.
*/
/**
* Implementation of <code>PrivilegeManager</code> that saves privileges as <code>com.sun.identity.policy</code> objects
*/
public class PolicyPrivilegeManager extends PrivilegeManager {
private static boolean migratedToEntitlementSvc = false;
private static boolean xacmlEnabled = false;
private PolicyManager pm;
private static PolicyCache policyCache;
private static Subject dsameUserSubject;
static {
try {
"PolicyPrivilegeManager.static initializer, getting instance of PolicyCache");
}
} catch (Exception e) {
PrivilegeManager.debug.error("PolicyPrivilegeManager.static initializer failed to create PolicyCache", e);
}
}
/**
* Creates instance of <code>PolicyPrivilegeManager</code>
*/
}
/**
* Initializes the object
* @param subject subject that would be used for privilege management
* operations
*/
if (!migratedToEntitlementSvc) {
try {
} catch (SSOException e) {
} catch (PolicyException e) {
}
}
}
/**
* Finds a privilege by its unique name.
*
* @param name name of the privilege to be returned
* @throws com.sun.identity.entitlement.EntitlementException if privilege is not found.
*/
throws EntitlementException {
}
public Privilege findByName(String privilegeName, Subject adminSubject) throws EntitlementException {
if (privilegeName == null) {
throw new EntitlementException(12);
}
try {
if (!migratedToEntitlementSvc) {
}
} else {
throw new EntitlementException(EntitlementException.NO_SUCH_POLICY, new Object[] { privilegeName });
}
}
// Delegation to applications is currently not configurable, passing super admin (see AME-4959)
if (applPrivilegeMgr == null) {
return null;
}
throw new EntitlementException(326);
}
}
}
} catch (PolicyException pe) {
} catch (SSOException ssoe) {
}
return privilege;
}
if (indexStore == null) {
throw new NullPointerException("Policy index store not initialised");
}
return indexStore.findAllPolicies();
}
public List<Privilege> findAllPoliciesByApplication(String application) throws EntitlementException {
if (indexStore == null) {
throw new NullPointerException("Policy index store not initialised");
}
}
/**
* Add a privilege.
*
* @param privilege privilege to add.
* @throws EntitlementException if privilege cannot be added.
*/
try {
if (!migratedToEntitlementSvc) {
} else {
}
} catch (PolicyException e) {
} catch (SSOException e) {
}
}
/**
* Remove a privilege.
*
* @param name name of the privilege to be removed.
* @throws EntitlementException if privilege cannot be removed.
*/
throw new EntitlementException(12);
}
try {
if (!migratedToEntitlementSvc) {
} else {
}
}
} catch (PolicyException e) {
} catch (SSOException e) {
}
}
if (origPrivilege != null) {
}
}
}
/**
* Modify a privilege.
*
* @param existingName the name with which the privilege is currently stored
* @param privilege the privilege to be modified
* @throws com.sun.identity.entitlement.EntitlementException if privilege cannot be modified.
*/
try {
if (!migratedToEntitlementSvc) {
} else {
}
} catch (PolicyException e) {
} catch (SSOException e) {
}
}
/**
* Modify a privilege.
*
* @param privilege the privilege to be modified
* @throws com.sun.identity.entitlement.EntitlementException if privilege cannot be modified.
*/
}
/**
* Returns the XML representation of this privilege.
*
* @param name Privilege name.
* @return XML representation of this privilege.
* @throws EntitlementException if privilege is not found, or cannot
* be obtained.
*/
/* TODO: remove comment
try {
Object policy = null;
if (!migratedToEntitlementSvc) {
policy = pm.getPolicy(name);
} else {
PolicyDataStore pdb = PolicyDataStore.getInstance();
policy = (Policy)pdb.getPolicy(getAdminSubject(),
getRealm(), name);
}
xmlString = PrivilegeUtils.policyToXML(policy);
} catch (PolicyException pe) {
throw new EntitlementException(102, pe);
} catch (SSOException ssoe) {
throw new EntitlementException(102, ssoe);
}
*/
//TODO: remove the tempoarary work around 29may09
return xmlString;
}
/**
* Returns the XML representation of this privilege.
*
* @param names Name of Privileges to export as XML.
* @return XML representation of the specified privileges
* @throws EntitlementException if a specified privilege is not found, or cannot
* be obtained.
*/
return xmlString;
}
}
xmlString = XACMLPrivilegeUtils.toXML(XACMLPrivilegeUtils.privilegesToPolicySet(realm, privileges));
return xmlString;
}
/**
* Returns <code>true</code> if the system stores privileges in
* XACML format and supports exporting privileges in XACML format
*
*
* @return <code>true</code> if the system stores privileges in
* XACML format and supports exporting privileges in XACML format
*/
public static boolean xacmlPrivilegeEnabled() {
return xacmlEnabled;
}
protected void notifyPrivilegeChanged(String realm, Privilege previous, Privilege current) throws EntitlementException {
if (r != null) {
resourceNames.addAll(r);
}
}
if (r != null) {
resourceNames.addAll(r);
}
}
if (policyCache != null) {
// Retrieve the underlying application type to map to the legacy service type model.
if (application == null) {
}
}
}
}