XACMLExportImport.java revision cb7ae3378eb7595a9f486c189a192af8390b1d5d
/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2014-2016 ForgeRock AS.
*/
/**
* Utility for handling the Export and subsequent Import of Policies into
* the OpenAM Entitlements framework.
*
* @since 12.0.0
*/
public class XACMLExportImport {
// Injected
private final XACMLReaderWriter xacmlReaderWriter;
private final SearchFilterFactory searchFilterFactory;
private final PrivilegeValidator privilegeValidator;
private final PrivilegeManagerFactory privilegeManagerFactory;
private final ApplicationServiceFactory applicationServiceFactory;
private final ResourceTypeService resourceTypeService;
/**
* Creates an instance of the XACMLExportImport with dependencies provided.
*
* @param privilegeManagerFactory Non null, required to create PrivilegeManager instances.
* @param privilegeValidator Non null, required for validation of imported privileges.
* @param searchFilterFactory Non null, required for SearchFilter operations.
* @param debug Non null.
* @param applicationServiceFactory Application service factory responsible for creating the application service.
* @param resourceTypeService Resource type service responsible for creating resource types.
*/
this.xacmlReaderWriter = xacmlReaderWriter;
this.privilegeValidator = privilegeValidator;
}
/**
* Performs the Import based on the given Stream. The stream must contain XML in XACML.
*
* @param realm Non null Realm to populate with the Policies.
* @param xacml Non null stream to read.
* @param admin Non null admin Subject.
* @param dryRun boolean flag, indicating import steps should be reported but not applied.
* @return The sequence steps that could or have been used to carry out the import.
* @throws EntitlementException If there was any unexpected error.
*/
throws EntitlementException {
}
}
/**
* Establishes the sequence of ImportSteps required to import the provided privileges into the specified realm.
*
* @param realm Non null Realm to populate with the Policies.
* @param privilegeSet Non null, collection of Privileges, ReferralPrivileges etc. to import.
* @param admin Non null admin Subject.
* @return The sequence steps that can be used to carry out the import.
* @throws EntitlementException If there was any unexpected error.
*/
private List<PersistableImportStep> generateImportSteps(String realm, PrivilegeSet privilegeSet, Subject admin)
throws EntitlementException {
PrivilegeManager privilegeManager = privilegeManagerFactory.createReferralPrivilegeManager(realm, admin);
return importStepGenerator.getAllImportSteps();
}
private void applyIfRequired(boolean dryRun, List<PersistableImportStep> importSteps) throws EntitlementException {
if (!dryRun) {
message("Import: {0} {1} {2}",
importStep.apply();
}
message("Import: Complete");
}
}
/**
* Performs an export of all Policies found in the Privilege Manager that match the
* provided filters.
*
* @param realm Non null realm.
* @param admin Non null admin subject to authenticate as.
* @param filters Non null, but maybe empty filters to select Privileges against.
* @return A non null but possibly empty collection of Policies.
* @throws EntitlementException If there was any problem with the generation of Policies.
*/
throws EntitlementException {
}
}
}
message("Export: Complete");
return policySet;
}
if (debug.messageEnabled()) {
}
}
/**
* Factory to allow PrivilegeManager to be mocked in tests
*/
public static class PrivilegeManagerFactory {
}
}
}