public static void addSamplePolicies(Registry registry) {
File policyFolder =
new File(
CarbonUtils.getCarbonHome()
+ File.separator
+ "repository"
+ File.separator
+ "resources"
+ File.separator
+ "security"
+ File.separator
+ "policies"
+ File.separator
+ "xacml"
+ File.separator
+ "default");
if (policyFolder.exists()) {
for (File policyFile : policyFolder.listFiles()) {
if (policyFile.isFile()) {
PolicyDTO policyDTO = new PolicyDTO();
try {
policyDTO.setPolicy(FileUtils.readFileToString(policyFile));
EntitlementUtil.addFilesystemPolicy(policyDTO, registry, false);
} catch (Exception e) {
// log and ignore
log.error("Error while adding sample XACML policies", e);
}
}
}
}
}
@Override
public boolean overrideDefaultCache() {
Properties properties =
EntitlementServiceComponent.getEntitlementConfig().getEngineProperties();
if ("true".equals(properties.getProperty(PDPConstants.RESOURCE_CACHING))) {
abstractResourceCache =
EntitlementUtil.getCommonCache(PDPConstants.PIP_ABSTRACT_RESOURCE_CACHE);
isAbstractResourceCacheEnabled = true;
return true;
} else {
return false;
}
}
/*
* (non-Javadoc)
*
* @see org.wso2.balana.finder.AttributeFinderModule#findAttribute(java.net.URI, java.net.URI,
* java.net.URI, java.net.URI, org.wso2.balana.EvaluationCtx, int)
*/
public EvaluationResult findAttribute(
URI attributeType, URI attributeId, String issuer, URI category, EvaluationCtx context) {
List<AttributeValue> attrBag = new ArrayList<AttributeValue>();
// Get the list of attribute finders who are registered with this particular attribute.
List<PIPAttributeFinder> finders = attrFinders.get(attributeId.toString());
if (finders == null || finders.size() == 0) {
// there is a API for refresh attribute finder so remove this
// try {
// refreshAttributeFindersForNewAttributeId();
// } catch (Exception e) {
// log.warn("Error while refreshing attribute finders");
// }
finders = attrFinders.get(attributeId.toString());
if (finders == null || finders.size() == 0) {
log.info("No attribute designators defined for the attribute " + attributeId.toString());
return new EvaluationResult(BagAttribute.createEmptyBag(attributeType));
}
}
try {
for (Iterator iterator = finders.iterator(); iterator.hasNext(); ) {
PIPAttributeFinder pipAttributeFinder = (PIPAttributeFinder) iterator.next();
if (log.isDebugEnabled()) {
log.debug(
String.format(
"Finding attributes with the PIP attribute handler %1$s",
pipAttributeFinder.getClass()));
}
Set<String> attrs = null;
String key = null;
if (attributeFinderCache != null && !pipAttributeFinder.overrideDefaultCache()) {
key =
attributeType.toString()
+ attributeId.toString()
+ category.toString()
+ encodeContext(context);
if (issuer != null) {
key += issuer;
}
if (key != null) {
attrs = attributeFinderCache.getFromCache(tenantId, key);
}
}
if (attrs == null) {
if (log.isDebugEnabled()) {
log.debug("Carbon Attribute Cache Miss");
}
attrs =
pipAttributeFinder.getAttributeValues(
attributeType, attributeId, category, issuer, context);
if (attributeFinderCache != null
&& key != null
&& !pipAttributeFinder.overrideDefaultCache()) {
attributeFinderCache.addToCache(tenantId, key, attrs);
}
} else {
if (log.isDebugEnabled()) {
log.debug("Carbon Attribute Cache Hit");
}
}
if (attrs != null) {
for (Iterator iterAttr = attrs.iterator(); iterAttr.hasNext(); ) {
final String attr = (String) iterAttr.next();
AttributeValue attribute =
EntitlementUtil.getAttributeValue(attr, attributeType.toString());
attrBag.add(attribute);
}
}
}
} catch (ParsingException e) {
log.error("Error while parsing attribute values from EvaluationCtx : " + e);
ArrayList<String> code = new ArrayList<String>();
code.add(Status.STATUS_MISSING_ATTRIBUTE);
Status status =
new Status(
code, "Error while parsing attribute values from EvaluationCtx : " + e.getMessage());
return new EvaluationResult(status);
} catch (ParseException e) {
e.printStackTrace();
log.error("Error while parsing attribute values from EvaluationCtx : " + e);
ArrayList<String> code = new ArrayList<String>();
code.add(Status.STATUS_MISSING_ATTRIBUTE);
Status status =
new Status(
code, "Error while parsing attribute values from EvaluationCtx : " + e.getMessage());
return new EvaluationResult(status);
} catch (URISyntaxException e) {
log.error("Error while parsing attribute values from EvaluationCtx : " + e);
ArrayList<String> code = new ArrayList<String>();
code.add(Status.STATUS_MISSING_ATTRIBUTE);
Status status =
new Status(
code, "Error while parsing attribute values from EvaluationCtx :" + e.getMessage());
return new EvaluationResult(status);
} catch (Exception e) {
log.error("Error while retrieving attribute values from PIP attribute finder : " + e);
ArrayList<String> code = new ArrayList<String>();
code.add(Status.STATUS_MISSING_ATTRIBUTE);
Status status =
new Status(
code,
"Error while retrieving attribute values from PIP"
+ " attribute finder : "
+ e.getMessage());
return new EvaluationResult(status);
}
return new EvaluationResult(new BagAttribute(attributeType, attrBag));
}