List of usage examples for java.net URI getUserInfo
public String getUserInfo()
From source file:org.apache.nifi.web.api.VersionsResource.java
private VersionControlInformationEntity updateFlowVersion(final String groupId, final ComponentLifecycle componentLifecycle, final URI exampleUri, final Set<AffectedComponentEntity> affectedComponents, final boolean replicateRequest, final Revision revision, final VersionControlInformationEntity requestEntity, final VersionedFlowSnapshot flowSnapshot, final AsynchronousWebRequest<VersionControlInformationEntity> asyncRequest, final String idGenerationSeed, final boolean verifyNotModified, final boolean updateDescendantVersionedFlows) throws LifecycleManagementException, ResumeFlowException { // Steps 6-7: Determine which components must be stopped and stop them. final Set<String> stoppableReferenceTypes = new HashSet<>(); stoppableReferenceTypes.add(AffectedComponentDTO.COMPONENT_TYPE_PROCESSOR); stoppableReferenceTypes.add(AffectedComponentDTO.COMPONENT_TYPE_REMOTE_INPUT_PORT); stoppableReferenceTypes.add(AffectedComponentDTO.COMPONENT_TYPE_REMOTE_OUTPUT_PORT); stoppableReferenceTypes.add(AffectedComponentDTO.COMPONENT_TYPE_INPUT_PORT); stoppableReferenceTypes.add(AffectedComponentDTO.COMPONENT_TYPE_OUTPUT_PORT); final Set<AffectedComponentEntity> runningComponents = affectedComponents.stream() .filter(dto -> stoppableReferenceTypes.contains(dto.getComponent().getReferenceType())) .filter(dto -> "Running".equalsIgnoreCase(dto.getComponent().getState())) .collect(Collectors.toSet()); logger.info("Stopping {} Processors", runningComponents.size()); final CancellableTimedPause stopComponentsPause = new CancellableTimedPause(250, Long.MAX_VALUE, TimeUnit.MILLISECONDS); asyncRequest.setCancelCallback(stopComponentsPause::cancel); componentLifecycle.scheduleComponents(exampleUri, groupId, runningComponents, ScheduledState.STOPPED, stopComponentsPause);/*from w w w . java2s. c om*/ if (asyncRequest.isCancelled()) { return null; } asyncRequest.update(new Date(), "Disabling Affected Controller Services", 20); // Steps 8-9. Disable enabled controller services that are affected final Set<AffectedComponentEntity> enabledServices = affectedComponents.stream() .filter(dto -> AffectedComponentDTO.COMPONENT_TYPE_CONTROLLER_SERVICE .equals(dto.getComponent().getReferenceType())) .filter(dto -> "Enabled".equalsIgnoreCase(dto.getComponent().getState())) .collect(Collectors.toSet()); logger.info("Disabling {} Controller Services", enabledServices.size()); final CancellableTimedPause disableServicesPause = new CancellableTimedPause(250, Long.MAX_VALUE, TimeUnit.MILLISECONDS); asyncRequest.setCancelCallback(disableServicesPause::cancel); componentLifecycle.activateControllerServices(exampleUri, groupId, enabledServices, ControllerServiceState.DISABLED, disableServicesPause); if (asyncRequest.isCancelled()) { return null; } asyncRequest.update(new Date(), "Updating Flow", 40); logger.info("Updating Process Group with ID {} to version {} of the Versioned Flow", groupId, flowSnapshot.getSnapshotMetadata().getVersion()); // If replicating request, steps 10-12 are performed on each node individually, and this is accomplished // by replicating a PUT to /nifi-api/versions/process-groups/{groupId} try { if (replicateRequest) { final NiFiUser user = NiFiUserUtils.getNiFiUser(); final URI updateUri; try { updateUri = new URI(exampleUri.getScheme(), exampleUri.getUserInfo(), exampleUri.getHost(), exampleUri.getPort(), "/nifi-api/versions/process-groups/" + groupId, null, exampleUri.getFragment()); } catch (URISyntaxException e) { throw new RuntimeException(e); } final Map<String, String> headers = new HashMap<>(); headers.put("content-type", MediaType.APPLICATION_JSON); final VersionedFlowSnapshotEntity snapshotEntity = new VersionedFlowSnapshotEntity(); snapshotEntity.setProcessGroupRevision(dtoFactory.createRevisionDTO(revision)); snapshotEntity.setRegistryId(requestEntity.getVersionControlInformation().getRegistryId()); snapshotEntity.setVersionedFlow(flowSnapshot); snapshotEntity.setUpdateDescendantVersionedFlows(updateDescendantVersionedFlows); final NodeResponse clusterResponse; try { logger.debug("Replicating PUT request to {} for user {}", updateUri, user); if (getReplicationTarget() == ReplicationTarget.CLUSTER_NODES) { clusterResponse = getRequestReplicator() .replicate(user, HttpMethod.PUT, updateUri, snapshotEntity, headers) .awaitMergedResponse(); } else { clusterResponse = getRequestReplicator().forwardToCoordinator(getClusterCoordinatorNode(), user, HttpMethod.PUT, updateUri, snapshotEntity, headers).awaitMergedResponse(); } } catch (final InterruptedException ie) { logger.warn("Interrupted while replicating PUT request to {} for user {}", updateUri, user); Thread.currentThread().interrupt(); throw new LifecycleManagementException("Interrupted while updating flows across cluster", ie); } final int updateFlowStatus = clusterResponse.getStatus(); if (updateFlowStatus != Status.OK.getStatusCode()) { final String explanation = getResponseEntity(clusterResponse, String.class); logger.error( "Failed to update flow across cluster when replicating PUT request to {} for user {}. Received {} response with explanation: {}", updateUri, user, updateFlowStatus, explanation); throw new LifecycleManagementException( "Failed to update Flow on all nodes in cluster due to " + explanation); } } else { // Step 10: Ensure that if any connection exists in the flow and does not exist in the proposed snapshot, // that it has no data in it. Ensure that no Input Port was removed, unless it currently has no incoming connections. // Ensure that no Output Port was removed, unless it currently has no outgoing connections. serviceFacade.verifyCanUpdate(groupId, flowSnapshot, true, verifyNotModified); // Step 11-12. Update Process Group to the new flow and update variable registry with any Variables that were added or removed final VersionControlInformationDTO requestVci = requestEntity.getVersionControlInformation(); final Bucket bucket = flowSnapshot.getBucket(); final VersionedFlow flow = flowSnapshot.getFlow(); final VersionedFlowSnapshotMetadata metadata = flowSnapshot.getSnapshotMetadata(); final VersionControlInformationDTO vci = new VersionControlInformationDTO(); vci.setBucketId(metadata.getBucketIdentifier()); vci.setBucketName(bucket.getName()); vci.setFlowDescription(flow.getDescription()); vci.setFlowId(flow.getIdentifier()); vci.setFlowName(flow.getName()); vci.setGroupId(groupId); vci.setRegistryId(requestVci.getRegistryId()); vci.setRegistryName(serviceFacade.getFlowRegistryName(requestVci.getRegistryId())); vci.setVersion(metadata.getVersion()); vci.setState(flowSnapshot.isLatest() ? VersionedFlowState.UP_TO_DATE.name() : VersionedFlowState.STALE.name()); serviceFacade.updateProcessGroupContents(revision, groupId, vci, flowSnapshot, idGenerationSeed, verifyNotModified, false, updateDescendantVersionedFlows); } } finally { if (!asyncRequest.isCancelled()) { if (logger.isDebugEnabled()) { logger.debug("Re-Enabling {} Controller Services: {}", enabledServices.size(), enabledServices); } asyncRequest.update(new Date(), "Re-Enabling Controller Services", 60); // Step 13. Re-enable all disabled controller services final CancellableTimedPause enableServicesPause = new CancellableTimedPause(250, Long.MAX_VALUE, TimeUnit.MILLISECONDS); asyncRequest.setCancelCallback(enableServicesPause::cancel); final Set<AffectedComponentEntity> servicesToEnable = getUpdatedEntities(enabledServices); logger.info("Successfully updated flow; re-enabling {} Controller Services", servicesToEnable.size()); try { componentLifecycle.activateControllerServices(exampleUri, groupId, servicesToEnable, ControllerServiceState.ENABLED, enableServicesPause); } catch (final IllegalStateException ise) { // Component Lifecycle will re-enable the Controller Services only if they are valid. If IllegalStateException gets thrown, we need to provide // a more intelligent error message as to exactly what happened, rather than indicate that the flow could not be updated. throw new ResumeFlowException( "Failed to re-enable Controller Services because " + ise.getMessage(), ise); } } if (!asyncRequest.isCancelled()) { if (logger.isDebugEnabled()) { logger.debug("Restart {} Processors: {}", runningComponents.size(), runningComponents); } asyncRequest.update(new Date(), "Restarting Processors", 80); // Step 14. Restart all components final Set<AffectedComponentEntity> componentsToStart = getUpdatedEntities(runningComponents); // If there are any Remote Group Ports that are supposed to be started and have no connections, we want to remove those from our Set. // This will happen if the Remote Group Port is transmitting when the version change happens but the new flow version does not have // a connection to the port. In such a case, the Port still is included in the Updated Entities because we do not remove them // when updating the flow (they are removed in the background). final Set<AffectedComponentEntity> avoidStarting = new HashSet<>(); for (final AffectedComponentEntity componentEntity : componentsToStart) { final AffectedComponentDTO componentDto = componentEntity.getComponent(); final String referenceType = componentDto.getReferenceType(); if (!AffectedComponentDTO.COMPONENT_TYPE_REMOTE_INPUT_PORT.equals(referenceType) && !AffectedComponentDTO.COMPONENT_TYPE_REMOTE_OUTPUT_PORT.equals(referenceType)) { continue; } boolean startComponent; try { startComponent = serviceFacade.isRemoteGroupPortConnected(componentDto.getProcessGroupId(), componentDto.getId()); } catch (final ResourceNotFoundException rnfe) { // Could occur if RPG is refreshed at just the right time. startComponent = false; } // We must add the components to avoid starting to a separate Set and then remove them below, // rather than removing the component here, because doing so would result in a ConcurrentModificationException. if (!startComponent) { avoidStarting.add(componentEntity); } } componentsToStart.removeAll(avoidStarting); final CancellableTimedPause startComponentsPause = new CancellableTimedPause(250, Long.MAX_VALUE, TimeUnit.MILLISECONDS); asyncRequest.setCancelCallback(startComponentsPause::cancel); logger.info("Restarting {} Processors", componentsToStart.size()); try { componentLifecycle.scheduleComponents(exampleUri, groupId, componentsToStart, ScheduledState.RUNNING, startComponentsPause); } catch (final IllegalStateException ise) { // Component Lifecycle will restart the Processors only if they are valid. If IllegalStateException gets thrown, we need to provide // a more intelligent error message as to exactly what happened, rather than indicate that the flow could not be updated. throw new ResumeFlowException("Failed to restart components because " + ise.getMessage(), ise); } } } asyncRequest.setCancelCallback(null); if (asyncRequest.isCancelled()) { return null; } asyncRequest.update(new Date(), "Complete", 100); return serviceFacade.getVersionControlInformation(groupId); }
From source file:org.wso2.balana.openaz.resources.OpenAzBalanaAttributeFinderModule.java
/** * SunXacml AttributeFinderModule main interface. * <p>//from w w w . ja v a 2s . co m * The OpenAz Attr Finder uses specifically named subject-codebase * attributes in conjunction with a handle, azRequestContextMap, * that is externally initialized at creation to the broader * AzRequestContext to aid the attribute finding process, * for example the following shows how to get the attribute type * of the subject-codebase attr with id "...azentity:subject:id" * the value of which contains the id of the * AzEntity<AzCategoryIdSubjectAccess> ref'd by the current req: * <pre> * EvaluationResult evalResult = * context.getSubjectAttribute( * subjectCodebaseDataTypeURI, * subjectAzEntityAttributeIdURI, * subjectCodebaseCategoryURI); * AttributeValue attrValue = evalResult.getAttributeValue(); * if (attrValue.evaluatesToBag()) { * BagAttribute bagAttrValues = (BagAttribute) attrValue; * Iterator bagIt = bagAttrValues.iterator(); * while (bagIt.hasNext()) { * AttributeValue bagAttrValue = (AttributeValue) bagIt.next(); * if (log.isTraceEnabled()) log.trace( * "\n bagAttrValue = " + bagAttrValue.encode()); * } * } * </pre> * The above should evaluate to a bag attribute value type, then the * bag can be read for specific instances of the value found for the * given attributeId. * <p> * (Interface defn that follows is from SunXacml AttributeFinderModule) * * @param attributeType the datatype of the attributes to find * @param attributeId the identifier of the attributes to find * @param issuer the issuer of the attributes, or null if unspecified * @param subjectCategory the category of the attribute if the designatorType * is SUBJECT_TARGET, otherwise null * @param context the representation of the request data * @param designatorType the type of designator as named by the *_TARGET * fields in AttributeDesignator * * @return the result of attribute retrieval, which will be a bag of * attributes or an error */ public EvaluationResult findAttribute(URI attributeType, URI attributeId, URI issuer, URI subjectCategory, XACML2EvaluationCtx context, int designatorType) { StringWriter sw = new StringWriter(); if (log.isInfoEnabled()) log.info("\n CallBack (1st level) SunXacml AttrFinder Parameters: " + "\n\tattributeId = " + attributeId + "\n\tattributeType = " + attributeType + "\n\tsubjectCategory = " + subjectCategory + "\n\tissuer = " + issuer + "\n\tcontext.getResourceId() = " + context.getResourceId().encode() + //"\n\t (indicative value from the context for ref)" + "\n\tdesignatorType = " + new Integer(designatorType) + " (" + openAzAttrDesignatorToStringMap.get(new Integer(designatorType)) + ")\n"); if (log.isTraceEnabled()) { /* // use this dummy exception to get a stacktrace to find out // where this finder was called from: try { throw new Exception(); } catch (Exception e) { e.printStackTrace(new PrintWriter(sw)); log.trace("stackTrace entering finder:\n" + sw); } */ log.trace( "\n Get datatype of subject attribute" + "\n\t w category: subject-codebase" + "\n\t w attrId: ...azentity:subject-id" + "\n\tcontext.getSubjectAttribute(" + "\n\t\ttype = " + subjectCodebaseDataTypeURI.toString() + ",\n\t\tid = " + subjectAzEntityAttributeIdURI.toString() + ",\n\t\tcategory = " + subjectCodebaseCategoryURI.toString() + ")." + "\n\t\t\tgetAttributeValue().getClass().getName() = \n\t\t\t\t" + context .getSubjectAttribute(subjectCodebaseDataTypeURI, subjectAzEntityAttributeIdURI, subjectCodebaseCategoryURI, null) .getAttributeValue().getClass().getName()); } // get the AzEntityId of the AzEntity to which the attribute // being found by this method is associated. EvaluationResult evalResult = context.getSubjectAttribute(subjectCodebaseDataTypeURI, subjectAzEntityAttributeIdURI, subjectCodebaseCategoryURI, null); AttributeValue attrValue = evalResult.getAttributeValue(); if (log.isTraceEnabled()) log.trace("\n\tattrValue.evaluatesToBag() = " + attrValue.evaluatesToBag()); if (attrValue.evaluatesToBag()) { BagAttribute bagAttrValues = (BagAttribute) attrValue; Iterator bagIt = bagAttrValues.iterator(); while (bagIt.hasNext()) { AttributeValue bagAttrValue = (AttributeValue) bagIt.next(); if (log.isTraceEnabled()) log.trace("\n " + subjectAzEntityAttributeIdURI + " = " + "\n\t(i.e. bagAttrValue = ) " + bagAttrValue.encode()); } } evalResult = context.getSubjectAttribute(subjectCodebaseDataTypeURI, requestAzRequestContextAttributeIdURI, subjectCodebaseCategoryURI, null); attrValue = evalResult.getAttributeValue(); if (log.isTraceEnabled()) log.trace("\n\tattrValue.evaluatesToBag() = " + attrValue.evaluatesToBag()); AttributeValue bagAttrValue = null; if (attrValue.evaluatesToBag()) { BagAttribute bagAttrValues = (BagAttribute) attrValue; Iterator bagIt = bagAttrValues.iterator(); while (bagIt.hasNext()) { bagAttrValue = (AttributeValue) bagIt.next(); if (log.isTraceEnabled()) log.trace("\n " + requestAzRequestContextAttributeIdURI + " = " + "\n\t(i.e. bagAttrValue = ) " + bagAttrValue.encode()); } } AzRequestContext azReqCtx = null; //String azReqCtxId = bagAttrValue.toString(); String azReqCtxId = bagAttrValue.encode(); azReqCtx = azRequestContextMap.get(azReqCtxId); if (log.isTraceEnabled()) log.trace("\n azRequestContextMap: " + "\n\t keySet= " + azRequestContextMap.keySet() + "\n\t valueSet = " + azRequestContextMap.values() + "\n\t azReqCtxId = " + azReqCtxId); if (!(azReqCtx == null)) { if (log.isTraceEnabled()) log.trace("\n\tazReqCtx.getId() = " + azReqCtx.getId()); } else if (log.isTraceEnabled()) log.trace("\n\tazReqCtx = null"); // Need to set the appropriate AzCategoryId: //Enum<? extends AzCategoryId> t = null; // get the AzEntity // it is determined by combo of category that is requested // and the AzEntity id in the context AzEntity<?> azEntity = null; Set<AzEntity<? extends AzCategoryId>> azEntitySet = null; switch (designatorType) { case AttributeDesignator.ACTION_TARGET: azEntity = azReqCtx.getAzEntity(AzCategoryIdAction.AZ_CATEGORY_ID_ACTION); azEntitySet = azReqCtx.getAzEntitySet(AzCategoryIdAction.AZ_CATEGORY_ID_ACTION); // TODO: test this code for multi-request (bulk-decide) use case for (AzEntity<? extends AzCategoryId> azEntityItem : azEntitySet) { AzAttribute<?> azAttributeItem = azEntityItem.getAttributeByAttribId(actionAzEntityAttributeId); if (!(azAttributeItem == null)) { // match the arg value from the subject codebase in // find call to the arg value of the attr w same id // in the current AzEntity; if match this is the one // we want to pass along as the one that needs the // additional attribute. // for now just match automatically: azEntity = azEntityItem; break; } } break; case AttributeDesignator.RESOURCE_TARGET: azEntity = azReqCtx.getAzEntity(AzCategoryIdResource.AZ_CATEGORY_ID_RESOURCE); break; case AttributeDesignator.SUBJECT_TARGET: azEntity = azReqCtx.getAzEntity(AzCategoryIdSubjectAccess.AZ_CATEGORY_ID_SUBJECT_ACCESS); break; case AttributeDesignator.ENVIRONMENT_TARGET: azEntity = azReqCtx.getAzEntity(AzCategoryIdEnvironment.AZ_CATEGORY_ID_ENVIRONMENT); break; } // try to call the azapi finder from here // get the AzRequestContext AzAttribute<?> azAttribute = null; String issuerName = null; if (!(issuer == null)) { issuerName = issuer.toString(); } if (log.isTraceEnabled()) log.trace("\n issuerName = " + issuerName); if (log.isTraceEnabled()) log.trace("\n attributeType = " + attributeType.toString() + "\n Sample attr datatypes above type can match: " + "\n\t AzDataTypeIdString = " + AzDataTypeIdString.AZ_DATATYPE_ID_STRING + "\n\t AzDataTypeIdAnyURI = " + AzDataTypeIdAnyURI.AZ_DATATYPE_ID_ANYURI + "\n\t AzDataTypeIdRfc822Name = " + AzDataTypeIdRfc822Name.AZ_DATATYPE_ID_RFC822NAME + "\n\t AzDataTypeIdX500Name = " + AzDataTypeIdX500Name.AZ_DATATYPE_ID_X500NAME); // The following block of code determines what the DataType // of the requested attribute is and creates a null // AzAttributeValue of that DataType to pass to the azapi // AzAttributeFinder; This enables the AzAttributeFinder // to know what DataType is needed. // TODO: should remove these null attributeValues from the // AzEntity attribute lists if (log.isTraceEnabled()) log.trace("\n Find the datatype of the attribute being looked for, " + "\n\tand create an attribute with null value to pass the " + "\n\tattribute metadata to the OpenAz AzAttributeFinder module"); if (attributeType.toString().equals(AzDataTypeIdString.AZ_DATATYPE_ID_STRING.toString())) { if (log.isTraceEnabled()) log.trace("\n\tPassed the equals(AzDataTypeIdString." + "AZ_DATATYPE_ID_STRING.toString()) test"); azAttribute = azEntity.createAzAttribute(issuerName, attributeId.toString(), azEntity.createAzAttributeValue(AzDataTypeIdString.AZ_DATATYPE_ID_STRING, //new String(""))); null)); } else if (attributeType.toString().equals(AzDataTypeIdAnyURI.AZ_DATATYPE_ID_ANYURI.toString())) { if (log.isTraceEnabled()) log.trace("\n\tPassed the equals(AzDataTypeIdAnyURI." + "AZ_DATATYPE_ID_ANYURI.toString()) test"); azAttribute = azEntity.createAzAttribute(issuerName, attributeId.toString(), azEntity.createAzAttributeValue(AzDataTypeIdAnyURI.AZ_DATATYPE_ID_ANYURI, null)); } else if (attributeType.toString().equals(AzDataTypeIdRfc822Name.AZ_DATATYPE_ID_RFC822NAME)) { if (log.isTraceEnabled()) log.trace("\n\tPassed the equals(AzDataTypeIdRfc822Name." + "AZ_DATATYPE_ID_RFC822NAME) test"); azAttribute = azEntity.createAzAttribute(issuerName, attributeId.toString(), azEntity.createAzAttributeValue(AzDataTypeIdRfc822Name.AZ_DATATYPE_ID_RFC822NAME, null)); } else if (attributeType.toString().equals(AzDataTypeIdRfc822Name.AZ_DATATYPE_ID_RFC822NAME.toString())) { if (log.isTraceEnabled()) log.trace("\n Passed the equals(AzDataTypeIdRfc822Name." + "AZ_DATATYPE_ID_RFC822NAME.toString()) test"); azAttribute = azEntity.createAzAttribute(issuerName, attributeId.toString(), azEntity.createAzAttributeValue(AzDataTypeIdRfc822Name.AZ_DATATYPE_ID_RFC822NAME, null)); } else if (attributeType.toString().equals(AzDataTypeIdX500Name.AZ_DATATYPE_ID_X500NAME.toString())) { if (log.isTraceEnabled()) log.trace("\n Passed the equals(AzDataTypeIdX500Name." + "AZ_DATATYPE_ID_X500NAME.toString()) test"); azAttribute = azEntity.createAzAttribute(issuerName, attributeId.toString(), azEntity.createAzAttributeValue(AzDataTypeIdX500Name.AZ_DATATYPE_ID_X500NAME, null)); } else if (log.isTraceEnabled()) log.trace("\n attributeType not supported (yet): " + attributeType.toString()); if (!(azEntity == null)) { if (log.isTraceEnabled()) log.trace("\n\tazEntity.getId() = " + azEntity.getId()); } else if (log.isTraceEnabled()) log.trace("azEntity = null"); if (!(azAttribute == null)) { if (log.isTraceEnabled()) log.trace("\n About to use AzAttributeFinder.findAttribute() callback " + "to get this attribute: " + "\n\tazAttribute.getAttributeId() = " + azAttribute.getAttributeId() + "\n\tazAttribute.getAzCategoryId() = " + azAttribute.getAzCategoryId().toString() + "\n\tazAttribute.getType() = " + azAttribute.getAzAttributeValue().getType().toString() + "\n\tazAttribute.getAzAttributeValue().toXacmlString() = " + azAttribute.getAzAttributeValue().toXacmlString() + "\n"); } else if (log.isTraceEnabled()) log.trace("\n\tazAttribute = null"); // The following code calls the azapi AzAttributeFinder // by going thru the List of AzAttributeFinders that // are configured in the azAttributeFinderList member // variable. // TODO: this code needs to be cleaned up for proper list // handling; right now there is only one finder configured // so the loop processing is only executed one time thru. Collection<AzAttribute> foundAttributes = null; if (!(azAttributeFinderList == null)) { Iterator<AzAttributeFinder> itAttrFinder = azAttributeFinderList.iterator(); for (AzAttributeFinder azAttrFinder : azAttributeFinderList) { if (log.isTraceEnabled()) log.trace("\n Call the OpenAz AzAttributeFinder callback using:" + "\n\t" + azAttrFinder.getClass().getName()); foundAttributes = azAttrFinder.findAzAttribute(azReqCtx, azEntity, azAttribute); } } else { if (log.isTraceEnabled()) log.trace("\n No registered azapi AzAttributeFinders found." + azAttributeFinderList); } if (log.isTraceEnabled()) log.trace("\n foundAttributes = " + foundAttributes); // make sure this is the identifier we support // need to replace this code w something "real" // note: the code from the example was more instructive // in the sense that role mapping is potentially useful // here; but for now w azapi, it is just a test value. //if (! attributeId.toString().equals(ROLE_IDENTIFIER)) { if (log.isTraceEnabled()) log.trace("\n This SunXacml AttributeFinder is only a sample that " + "\n\tlooks for one dummy attribute with id: " + OPENAZ_TEST_IDENTIFIER); if (!attributeId.toString().equals(OPENAZ_TEST_IDENTIFIER)) { if (log.isTraceEnabled()) log.trace("\n Returning empty bag: " + "\n\twas expecting request for attributeId: " + //ROLE_IDENTIFIER + OPENAZ_TEST_IDENTIFIER + "\n\t but received request for: " + attributeId.toString()); return new EvaluationResult(BagAttribute.createEmptyBag(attributeType)); } else if (log.isTraceEnabled()) log.trace("\n got expected identifier: " + attributeId.toString()); // the following code is ultra-restrictive just to get // some test data thru; a lot more can be done here // make sure we've been asked for a string if (!attributeType.toString().equals(StringAttribute.identifier)) { if (log.isTraceEnabled()) log.trace("\n\tReturning empty bag, no attributes found.\n"); return new EvaluationResult(BagAttribute.createEmptyBag(attributeType)); } else if (log.isTraceEnabled()) log.trace("\n got expected string identifier: " + attributeType.toString()); // retrieve the subject identifier from the context //TODO:Not sure. Should test. EvaluationResult result = context.getSubjectAttribute(attributeType, subjectIdentifier, subjectCategory, issuer.getUserInfo()); if (log.isTraceEnabled()) log.trace("\n Args passed to getSubjectAttribute: " + "\n\tattributeType = " + attributeType + "\n\tsubjectIdentifier = " + subjectIdentifier + "\n\tissuer = " + issuer + "\n\tsubjectCategory = " + subjectCategory); if (!(result == null)) { if (log.isTraceEnabled()) log.trace("\n result.getStatus() = " + result.getStatus() + "\n\tresult.toString() = " + result.toString()); if (result.indeterminate()) { if (log.isTraceEnabled()) log.trace("\n result from getSubjectAttribute is indeterminate\n"); return result; } } else if (log.isTraceEnabled()) log.trace("\n result = " + result); // check that we succeeded in getting the subject identifier BagAttribute bag = (BagAttribute) (result.getAttributeValue()); if (bag.isEmpty()) { if (log.isTraceEnabled()) log.trace("\n\tbag is empty - returning missing attribute " + "for sunxacml test code for now\n"); ArrayList code = new ArrayList(); code.add(Status.STATUS_MISSING_ATTRIBUTE); Status status = new Status(code, "missing subject-id"); return new EvaluationResult(status); } // This is where we have to put the "foundAttributes" into // the return structure: // Collection<AzAttribute> foundAttributes = null; // finally, look for the subject who has the role-mapping defined, // and if they're the identified subject, add their role BagAttribute returnBag = null; Iterator it = bag.iterator(); while (it.hasNext()) { StringAttribute attr = (StringAttribute) (it.next()); if (log.isTraceEnabled()) log.trace("\n\tattr.getValue() = " + attr.getValue()); //if (attr.getValue().equals("Julius Hibbert")) { // the following is only test code that looks for // a user subject-id of "fred", and if found returns // a string of "throw" (set by the AzAttributeFinder) // in a StringAttribute that will be incorporated to // the pdp evaluation; this is all rigged for a single // passthru to work, but can easily be generalized. if (attr.getValue().equals("fred")) { if (log.isTraceEnabled()) log.trace("\n\tgot the needed subject-id: " + attr.getValue()); Set set = new HashSet(); Iterator<AzAttribute> itFound = foundAttributes.iterator(); AzAttribute foundAttr = null; AzAttributeValue foundAttrValue = null; while (itFound.hasNext()) { foundAttr = itFound.next(); foundAttrValue = foundAttr.getAzAttributeValue(); String foundAttrValueData = (String) foundAttrValue.getValue(); set.add(new StringAttribute(foundAttrValueData)); if (log.isTraceEnabled()) log.trace("\n Return StringAttribute " + "" + "w foundAttrValueData: " + foundAttrValueData); } //set.add(new StringAttribute("Physician")); returnBag = new BagAttribute(attributeType, set); break; } else if (log.isTraceEnabled()) log.trace("\n\tdid not get needed subject-id, fred, got: " + attr.getValue()); } if (!(returnBag == null)) { if (log.isTraceEnabled()) log.trace("\n returnBag.size() = " + returnBag.size() + "\n"); } else if (log.isTraceEnabled()) log.trace("returnBag = " + returnBag + "\n"); return new EvaluationResult(returnBag); }