org.wso2.carbon.identity.entitlement.EntitlementAdminService.java Source code

Java tutorial

Introduction

Here is the source code for org.wso2.carbon.identity.entitlement.EntitlementAdminService.java

Source

/*
 *  Copyright (c) Inc. (http://www.wso2.org) All Rights Reserved.
 *
 *  WSO2 Inc. licenses this file to you under the Apache License,
 *  Version 2.0 (the "License"); you may not use this file except
 *  in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package org.wso2.carbon.identity.entitlement;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.entitlement.dto.PDPDataHolder;
import org.wso2.carbon.identity.entitlement.dto.PIPFinderDataHolder;
import org.wso2.carbon.identity.entitlement.dto.PolicyFinderDataHolder;
import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent;
import org.wso2.carbon.identity.entitlement.pap.EntitlementAdminEngine;
import org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyFinder;
import org.wso2.carbon.identity.entitlement.pdp.EntitlementEngine;
import org.wso2.carbon.identity.entitlement.pip.AbstractPIPAttributeFinder;
import org.wso2.carbon.identity.entitlement.pip.CarbonAttributeFinder;
import org.wso2.carbon.identity.entitlement.pip.CarbonResourceFinder;
import org.wso2.carbon.identity.entitlement.pip.PIPAttributeFinder;
import org.wso2.carbon.identity.entitlement.pip.PIPResourceFinder;
import org.wso2.carbon.identity.entitlement.policy.finder.PolicyFinderModule;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;

/**
 * Entitlement PDP related admin services are exposed
 */
public class EntitlementAdminService {

    private static Log log = LogFactory.getLog(EntitlementAdminService.class);

    /**
     * Clears the decision cache.
     *
     * @throws EntitlementException throws
     */
    public void clearDecisionCache() throws EntitlementException {
        EntitlementEngine.getInstance().clearDecisionCache();
        if (log.isDebugEnabled()) {
            log.debug("Decision Caching is cleared by using admin service");
        }
    }

    /**
     * Clears the policy cache.
     *
     * @throws EntitlementException throws
     */
    public void clearPolicyCache() throws EntitlementException {
        EntitlementEngine.getInstance().getPolicyCache().invalidateCache();
        if (log.isDebugEnabled()) {
            log.debug("Decision Caching is cleared by using admin service");
        }
    }

    /**
     * Clears Carbon attribute finder cache and All the attribute cache implementations in each
     * PIP attribute finder level
     *
     * @throws EntitlementException throws
     */
    public void clearAllAttributeCaches() throws EntitlementException {
        CarbonAttributeFinder finder = EntitlementEngine.getInstance().getCarbonAttributeFinder();
        if (finder != null) {
            finder.clearAttributeCache();
            // we need invalidate decision cache as well.
            clearDecisionCache();
        } else {
            throw new EntitlementException(
                    "Can not clear all attribute caches - Carbon Attribute Finder " + "is not initialized");
        }

        Map<PIPAttributeFinder, Properties> designators = EntitlementServiceComponent.getEntitlementConfig()
                .getDesignators();
        if (designators != null && !designators.isEmpty()) {
            Set<PIPAttributeFinder> pipAttributeFinders = designators.keySet();
            for (PIPAttributeFinder pipAttributeFinder : pipAttributeFinders) {
                pipAttributeFinder.clearCache();
            }
        }
    }

    /**
     * Clears the carbon attribute cache
     *
     * @throws EntitlementException throws
     */
    public void clearCarbonAttributeCache() throws EntitlementException {

        CarbonAttributeFinder finder = EntitlementEngine.getInstance().getCarbonAttributeFinder();
        if (finder != null) {
            finder.clearAttributeCache();
            // we need invalidate decision cache as well.
            clearDecisionCache();
        } else {
            throw new EntitlementException(
                    "Can not clear attribute cache - Carbon Attribute Finder " + "is not initialized");
        }

        Map<PIPAttributeFinder, Properties> designators = EntitlementServiceComponent.getEntitlementConfig()
                .getDesignators();
        if (designators != null && !designators.isEmpty()) {
            Set<PIPAttributeFinder> pipAttributeFinders = designators.keySet();
            for (PIPAttributeFinder pipAttributeFinder : pipAttributeFinders) {
                if (pipAttributeFinder instanceof AbstractPIPAttributeFinder) {
                    pipAttributeFinder.clearCache();
                }
            }
        }
    }

    /**
     * Clears the cache maintained by the attribute finder.
     *
     * @param attributeFinder Canonical name of the attribute finder class.
     */
    public void clearAttributeFinderCache(String attributeFinder) {

        Map<PIPAttributeFinder, Properties> designators = EntitlementServiceComponent.getEntitlementConfig()
                .getDesignators();
        if (designators != null && !designators.isEmpty()) {
            Set<PIPAttributeFinder> pipAttributeFinders = designators.keySet();
            for (PIPAttributeFinder pipAttributeFinder : pipAttributeFinders) {
                if (pipAttributeFinder instanceof AbstractPIPAttributeFinder) {
                    if (pipAttributeFinder.getClass().getCanonicalName().equals(attributeFinder)) {
                        pipAttributeFinder.clearCache();
                        break;
                    }
                }
            }
        }
    }

    /**
     * Clears the cache maintained by the attribute finder - by attributes
     *
     * @param attributeFinder Canonical name of the attribute finder class.
     * @param attributeIds    An array of attribute id.
     */
    public void clearAttributeFinderCacheByAttributes(String attributeFinder, String[] attributeIds) {

        Map<PIPAttributeFinder, Properties> designators = EntitlementServiceComponent.getEntitlementConfig()
                .getDesignators();
        if (designators != null && !designators.isEmpty()) {
            Set<PIPAttributeFinder> pipAttributeFinders = designators.keySet();
            for (PIPAttributeFinder pipAttributeFinder : pipAttributeFinders) {
                if (pipAttributeFinder.getClass().getCanonicalName().equals(attributeFinder)) {
                    pipAttributeFinder.clearCache(attributeIds);
                    break;
                }
            }
        }
    }

    /**
     * Clears Carbon resource finder cache and All the resource cache implementations in each
     * PIP resource finder level
     *
     * @throws EntitlementException throws
     */
    public void clearAllResourceCaches() throws EntitlementException {
        CarbonResourceFinder finder = EntitlementEngine.getInstance().getCarbonResourceFinder();
        if (finder != null) {
            finder.clearAttributeCache();
            // we need invalidate decision cache as well.
            clearDecisionCache();
        } else {
            throw new EntitlementException(
                    "Can not clear attribute cache - Carbon Attribute Finder " + "is not initialized");
        }
    }

    /**
     * Clears the carbon resource cache
     *
     * @throws EntitlementException throws
     */
    public void clearCarbonResourceCache() throws EntitlementException {
        CarbonResourceFinder finder = EntitlementEngine.getInstance().getCarbonResourceFinder();
        if (finder != null) {
            finder.clearAttributeCache();
            // we need invalidate decision cache as well.
            clearDecisionCache();
        } else {
            throw new EntitlementException(
                    "Can not clear attribute cache - Carbon Attribute Finder " + "is not initialized");
        }

        Map<PIPResourceFinder, Properties> resourceConfigs = EntitlementServiceComponent.getEntitlementConfig()
                .getResourceFinders();
        if (resourceConfigs != null && !resourceConfigs.isEmpty()) {
            Set<PIPResourceFinder> resourceFinders = resourceConfigs.keySet();
            for (PIPResourceFinder pipResourceFinder : resourceFinders) {
                pipResourceFinder.clearCache();
            }
        }
    }

    /**
     * Clears the cache maintained by the resource finder.
     *
     * @param resourceFinder Canonical name of the resource finder class.
     */
    public void clearResourceFinderCache(String resourceFinder) {

        Map<PIPResourceFinder, Properties> resourceConfigs = EntitlementServiceComponent.getEntitlementConfig()
                .getResourceFinders();
        if (resourceConfigs != null && !resourceConfigs.isEmpty()) {
            Set<PIPResourceFinder> resourceFinders = resourceConfigs.keySet();
            for (PIPResourceFinder pipResourceFinder : resourceFinders) {
                if (resourceFinder.getClass().getCanonicalName().equals(resourceFinder)) {
                    pipResourceFinder.clearCache();
                    break;
                }
            }
        }
    }

    /**
     * Refreshes the supported Attribute ids of a given attribute finder module
     *
     * @param attributeFinder Canonical name of the attribute finder class.
     * @throws EntitlementException throws if fails to  refresh
     */
    public void refreshAttributeFinder(String attributeFinder) throws EntitlementException {

        Map<PIPAttributeFinder, Properties> designators = EntitlementServiceComponent.getEntitlementConfig()
                .getDesignators();
        if (attributeFinder != null && designators != null && !designators.isEmpty()) {
            Set<Map.Entry<PIPAttributeFinder, Properties>> pipAttributeFinders = designators.entrySet();
            for (Map.Entry<PIPAttributeFinder, Properties> entry : pipAttributeFinders) {
                if (attributeFinder.equals(entry.getKey().getClass().getName())
                        || attributeFinder.equals(entry.getKey().getModuleName())) {
                    try {
                        entry.getKey().init(entry.getValue());
                        entry.getKey().clearCache();
                        CarbonAttributeFinder carbonAttributeFinder = EntitlementEngine.getInstance()
                                .getCarbonAttributeFinder();
                        carbonAttributeFinder.init();
                    } catch (Exception e) {
                        throw new EntitlementException(
                                "Error while refreshing attribute finder - " + attributeFinder);
                    }
                    break;
                }
            }
        }
    }

    /**
     * Refreshes the supported resource id of a given resource finder module
     *
     * @param resourceFinder Canonical name of the resource finder class.
     * @throws EntitlementException throws if fails to  refresh
     */
    public void refreshResourceFinder(String resourceFinder) throws EntitlementException {

        Map<PIPResourceFinder, Properties> resourceFinders = EntitlementServiceComponent.getEntitlementConfig()
                .getResourceFinders();
        if (resourceFinder != null && resourceFinders != null && !resourceFinders.isEmpty()) {
            for (Map.Entry<PIPResourceFinder, Properties> entry : resourceFinders.entrySet()) {
                if (resourceFinder.equals(entry.getKey().getClass().getName())
                        || resourceFinder.equals(entry.getKey().getModuleName())) {
                    try {
                        entry.getKey().init(entry.getValue());
                        entry.getKey().clearCache();
                        CarbonAttributeFinder carbonAttributeFinder = EntitlementEngine.getInstance()
                                .getCarbonAttributeFinder();
                        carbonAttributeFinder.init();
                    } catch (Exception e) {
                        throw new EntitlementException(
                                "Error while refreshing attribute finder - " + resourceFinder);
                    }
                    break;
                }
            }
        }
    }

    /**
     * Refreshes the supported resource id of a given resource finder module
     *
     * @param policyFinder Canonical name of the resource finder class.
     * @throws EntitlementException throws if fails to  refresh
     */
    public void refreshPolicyFinders(String policyFinder) throws EntitlementException {

        Map<PolicyFinderModule, Properties> policyFinders = EntitlementServiceComponent.getEntitlementConfig()
                .getPolicyFinderModules();
        if (policyFinder != null && policyFinders != null && !policyFinders.isEmpty()) {
            for (Map.Entry<PolicyFinderModule, Properties> entry : policyFinders.entrySet()) {
                if (policyFinder.equals(entry.getKey().getClass().getName())
                        || policyFinder.equals(entry.getKey().getModuleName())) {
                    try {
                        entry.getKey().init(entry.getValue());
                        EntitlementEngine.getInstance().getCarbonPolicyFinder().init();
                        // need to re init all policy finder modules in the cluster.
                        // therefore calling invalidation cache
                        EntitlementEngine.getInstance().clearDecisionCache();
                    } catch (Exception e) {
                        throw new EntitlementException("Error while refreshing attribute finder - " + policyFinder);
                    }
                    break;
                }
            }
        }
    }

    /**
     * Tests engine of PAP policy store
     *
     * @param xacmlRequest
     * @return
     * @throws EntitlementException
     */
    public String doTestRequest(String xacmlRequest) throws EntitlementException {
        return EntitlementEngine.getInstance().test(xacmlRequest);
    }

    /**
     * Tests engine of PAP policy store
     *
     * @param xacmlRequest
     * @param policies     policy ids that is evaluated
     * @return
     * @throws EntitlementException
     */
    public String doTestRequestForGivenPolicies(String xacmlRequest, String[] policies)
            throws EntitlementException {
        EntitlementEngine engine = EntitlementEngine.getInstance();
        PAPPolicyFinder papPolicyFinder = (PAPPolicyFinder) engine.getPapPolicyFinder().getModules().iterator()
                .next();
        papPolicyFinder.setPolicyIds(Arrays.asList(policies));
        String response = EntitlementEngine.getInstance().test(xacmlRequest);
        papPolicyFinder.initPolicyIds();

        return response;
    }

    /**
     * @return
     */
    public PDPDataHolder getPDPData() {

        PDPDataHolder pdpDataHolder = new PDPDataHolder();

        Map<PolicyFinderModule, Properties> finderModules = EntitlementServiceComponent.getEntitlementConfig()
                .getPolicyFinderModules();
        Map<PIPAttributeFinder, Properties> attributeModules = EntitlementServiceComponent.getEntitlementConfig()
                .getDesignators();
        Map<PIPResourceFinder, Properties> resourceModules = EntitlementServiceComponent.getEntitlementConfig()
                .getResourceFinders();

        if (finderModules != null) {
            List<String> list = new ArrayList<String>();
            for (Map.Entry<PolicyFinderModule, Properties> entry : finderModules.entrySet()) {
                PolicyFinderModule module = entry.getKey();
                if (module != null) {
                    if (module.getModuleName() != null) {
                        list.add(module.getModuleName());
                    } else {
                        list.add(module.getClass().getName());
                    }
                }
            }
            pdpDataHolder.setPolicyFinders(list.toArray(new String[list.size()]));
        }

        if (attributeModules != null) {
            List<String> list = new ArrayList<String>();
            for (Map.Entry<PIPAttributeFinder, Properties> entry : attributeModules.entrySet()) {
                PIPAttributeFinder module = entry.getKey();
                if (module != null) {
                    if (module.getModuleName() != null) {
                        list.add(module.getModuleName());
                    } else {
                        list.add(module.getClass().getName());
                    }
                }
            }
            pdpDataHolder.setPipAttributeFinders(list.toArray(new String[list.size()]));
        }

        if (resourceModules != null) {
            List<String> list = new ArrayList<String>();
            for (Map.Entry<PIPResourceFinder, Properties> entry : resourceModules.entrySet()) {
                PIPResourceFinder module = entry.getKey();
                if (module != null) {
                    if (module.getModuleName() != null) {
                        list.add(module.getModuleName());
                    } else {
                        list.add(module.getClass().getName());
                    }
                }
            }
            pdpDataHolder.setPipResourceFinders(list.toArray(new String[list.size()]));
        }

        return pdpDataHolder;
    }

    /**
     * @param finder
     * @return
     */
    public PolicyFinderDataHolder getPolicyFinderData(String finder) {

        PolicyFinderDataHolder holder = null;
        // get registered finder modules
        Map<PolicyFinderModule, Properties> finderModules = EntitlementServiceComponent.getEntitlementConfig()
                .getPolicyFinderModules();
        if (finderModules == null || finder == null) {
            return null;
        }

        for (Map.Entry<PolicyFinderModule, Properties> entry : finderModules.entrySet()) {
            PolicyFinderModule module = entry.getKey();
            if (module != null
                    && (finder.equals(module.getModuleName()) || finder.equals(module.getClass().getName()))) {
                holder = new PolicyFinderDataHolder();
                if (module.getModuleName() != null) {
                    holder.setModuleName(module.getModuleName());
                } else {
                    holder.setModuleName(module.getClass().getName());
                }
                holder.setClassName(module.getClass().getName());
                holder.setPolicyIdentifiers(module.getOrderedPolicyIdentifiers());
                break;
            }

        }
        return holder;
    }

    /**
     * @param finder
     * @return
     */
    public PIPFinderDataHolder getPIPAttributeFinderData(String finder) {

        PIPFinderDataHolder holder = null;
        // get registered finder modules
        Map<PIPAttributeFinder, Properties> attributeModules = EntitlementServiceComponent.getEntitlementConfig()
                .getDesignators();
        if (attributeModules == null || finder == null) {
            return null;
        }

        for (Map.Entry<PIPAttributeFinder, Properties> entry : attributeModules.entrySet()) {
            PIPAttributeFinder module = entry.getKey();
            if (module != null
                    && (finder.equals(module.getModuleName()) || finder.equals(module.getClass().getName()))) {
                holder = new PIPFinderDataHolder();
                if (module.getModuleName() != null) {
                    holder.setModuleName(module.getModuleName());
                } else {
                    holder.setModuleName(module.getClass().getName());
                }
                holder.setClassName(module.getClass().getName());
                holder.setSupportedAttributeIds(module.getSupportedAttributes()
                        .toArray(new String[module.getSupportedAttributes().size()]));
                break;
            }
        }
        return holder;
    }

    /**
     * @param finder
     * @return
     */
    public PIPFinderDataHolder getPIPResourceFinderData(String finder) {

        PIPFinderDataHolder holder = null;
        // get registered finder modules
        Map<PIPResourceFinder, Properties> resourceModules = EntitlementServiceComponent.getEntitlementConfig()
                .getResourceFinders();

        if (resourceModules == null || finder == null) {
            return null;
        }

        for (Map.Entry<PIPResourceFinder, Properties> entry : resourceModules.entrySet()) {
            PIPResourceFinder module = entry.getKey();
            if (module != null) {
                holder = new PIPFinderDataHolder();
                if (module.getModuleName() != null) {
                    holder.setModuleName(module.getModuleName());
                } else {
                    holder.setModuleName(module.getClass().getName());
                }
                holder.setClassName(module.getClass().getName());
                break;
            }
        }
        return holder;
    }

    /**
     * Gets globally defined policy combining algorithm
     *
     * @return policy combining algorithm as a String
     * @throws EntitlementException throws
     */
    public String getGlobalPolicyAlgorithm() throws EntitlementException {

        return EntitlementAdminEngine.getInstance().getPolicyDataStore().getGlobalPolicyAlgorithmName();
    }

    /**
     * Sets policy combining algorithm globally
     *
     * @param policyCombiningAlgorithm policy combining algorithm as a String
     * @throws EntitlementException throws
     */
    public void setGlobalPolicyAlgorithm(String policyCombiningAlgorithm) throws EntitlementException {

        EntitlementAdminEngine.getInstance().getPolicyDataStore()
                .setGlobalPolicyAlgorithm(policyCombiningAlgorithm);
    }
}