@Override
 public void enforceGetObjectProfile(Context context, String pid, Date asOfDate)
     throws AuthzException {
   try {
     logger.debug("Entered enforceGetObjectProfile");
     String target = Constants.ACTION.GET_OBJECT_PROFILE.uri;
     context.setActionAttributes(null);
     MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
     try {
       resourceAttributes.set(
           Constants.RESOURCE.AS_OF_DATETIME.attributeId, ensureDate(asOfDate, context));
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(
           target + " couldn't set " + Constants.RESOURCE.AS_OF_DATETIME.uri, e);
     }
     context.setResourceAttributes(resourceAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIA.uri,
         pid,
         extractNamespace(pid),
         context);
   } finally {
     logger.debug("Exiting enforceGetObjectProfile");
   }
 }
 @Override
 public void enforce_Internal_DSState(Context context, String id, String state)
     throws AuthzException {
   try {
     logger.debug("Entered enforce_Internal_DSState");
     String target = Constants.ACTION.INTERNAL_DSSTATE.uri;
     context.setActionAttributes(null);
     MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
     try {
       resourceAttributes.set(Constants.DATASTREAM.ID.attributeId, id);
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(
           target + " couldn't set " + Constants.DATASTREAM.ID.uri, e);
     }
     try {
       resourceAttributes.set(Constants.DATASTREAM.STATE.attributeId, state);
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(
           target + " couldn't set " + Constants.DATASTREAM.STATE.uri, e);
     }
     context.setResourceAttributes(resourceAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIA.uri,
         "",
         "",
         context);
   } finally {
     logger.debug("Exiting enforce_Internal_DSState");
   }
 }
 @Override
 public final void enforceSetDatastreamVersionable(
     Context context, String pid, String datastreamId, boolean datastreamNewVersionable)
     throws AuthzException {
   try {
     logger.debug("Entered enforceSetDatastreamVersionable");
     String target = Constants.ACTION.SET_DATASTREAM_VERSIONABLE.uri;
     context.setActionAttributes(null);
     MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
     URI name = null;
     try {
       name = Constants.DATASTREAM.ID.attributeId;
       resourceAttributes.set(name, datastreamId);
       name = Constants.DATASTREAM.NEW_VERSIONABLE.attributeId;
       resourceAttributes.set(name, new Boolean(datastreamNewVersionable).toString());
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(target + " couldn't set " + name, e);
     }
     context.setResourceAttributes(resourceAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIM.uri,
         pid,
         extractNamespace(pid),
         context);
   } finally {
     logger.debug("Exiting enforceSetDatastreamVersionable");
   }
 }
 @Override
 public void enforcePurgeRelationship(
     Context context,
     String pid,
     String predicate,
     String object,
     boolean isLiteral,
     String datatype)
     throws AuthzException {
   try {
     logger.debug("Entered enforcePurgeRelationship");
     String target = Constants.ACTION.PURGE_RELATIONSHIP.uri;
     context.setActionAttributes(null);
     MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
     try {
       resourceAttributes.set(Constants.OBJECT.PID.attributeId, pid);
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(
           target + " couldn't set " + Constants.OBJECT.PID.uri, e);
     }
     context.setResourceAttributes(resourceAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIM.uri,
         pid,
         extractNamespace(pid),
         context);
   } finally {
     logger.debug("Exiting enforcePurgeRelationship");
   }
 }
 @Override
 public final void enforceModifyObject(
     Context context, String pid, String objectNewState, String objectNewOwnerId)
     throws AuthzException {
   try {
     logger.debug("Entered enforceModifyObject");
     String target = Constants.ACTION.MODIFY_OBJECT.uri;
     context.setActionAttributes(null);
     MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
     URI name = null;
     try {
       name = Constants.OBJECT.NEW_STATE.attributeId;
       resourceAttributes.set(name, objectNewState);
       if (objectNewOwnerId != null) {
         name = Constants.OBJECT.OWNER.attributeId;
         resourceAttributes.set(name, objectNewOwnerId.split(m_ownerIdSeparator));
       }
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(target + " couldn't set " + name, e);
     }
     context.setResourceAttributes(resourceAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIM.uri,
         pid,
         extractNamespace(pid),
         context);
   } finally {
     logger.debug("Exiting enforceModifyObject");
   }
 }
 @Override
 public final void enforceIngest(Context context, String pid, String format, String ingestEncoding)
     throws AuthzException {
   try {
     logger.debug("Entered enforceIngest");
     String target = Constants.ACTION.INGEST.uri;
     context.setActionAttributes(null);
     MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
     URI name = null;
     try {
       name = Constants.OBJECT.FORMAT_URI.attributeId;
       resourceAttributes.set(name, format);
       name = Constants.OBJECT.ENCODING.attributeId;
       resourceAttributes.set(name, ingestEncoding);
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(target + " couldn't set " + name, e);
     }
     context.setResourceAttributes(resourceAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIM.uri,
         pid,
         extractNamespace(pid),
         context);
   } finally {
     logger.debug("Exiting enforceIngest");
   }
 }
 @Override
 public final void enforceGetDatastreamHistory(Context context, String pid, String datastreamId)
     throws AuthzException {
   try {
     logger.debug("Entered enforceGetDatastreamHistory");
     String target = Constants.ACTION.GET_DATASTREAM_HISTORY.uri;
     context.setActionAttributes(null);
     MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
     try {
       resourceAttributes.set(Constants.DATASTREAM.ID.attributeId, datastreamId);
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(
           target + " couldn't set " + Constants.DATASTREAM.ID.uri, e);
     }
     context.setResourceAttributes(resourceAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIM.uri,
         pid,
         extractNamespace(pid),
         context);
   } finally {
     logger.debug("Exiting enforceGetDatastreamHistory");
   }
 }
 @Override
 public final void enforceGetObjectXML(Context context, String pid, String objectXmlEncoding)
     throws AuthzException {
   try {
     logger.debug("Entered enforceGetObjectXML");
     String target = Constants.ACTION.GET_OBJECT_XML.uri;
     context.setActionAttributes(null);
     MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
     try {
       resourceAttributes.set(Constants.OBJECT.ENCODING.attributeId, objectXmlEncoding);
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(
           target + " couldn't set " + Constants.OBJECT.ENCODING.uri, e);
     }
     context.setResourceAttributes(resourceAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIM.uri,
         pid,
         extractNamespace(pid),
         context);
   } finally {
     logger.debug("Exiting enforceGetObjectXML");
   }
 }
 @Override
 public final void enforceGetNextPid(Context context, String namespace, int nNewPids)
     throws AuthzException {
   try {
     logger.debug("Entered enforceGetNextPid");
     String target = Constants.ACTION.GET_NEXT_PID.uri;
     context.setActionAttributes(null);
     MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
     try {
       String nNewPidsAsString = Integer.toString(nNewPids);
       resourceAttributes.set(Constants.OBJECT.N_PIDS.attributeId, nNewPidsAsString);
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(
           target + " couldn't set " + Constants.OBJECT.N_PIDS.uri, e);
     }
     context.setResourceAttributes(resourceAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIM.uri,
         "",
         namespace,
         context);
   } finally {
     logger.debug("Exiting enforceGetNextPid");
   }
 }
 @Override
 public void enforceRetrieveFile(Context context, String fileURI) throws AuthzException {
   try {
     logger.debug("Entered enforceRetrieveFile for {}", fileURI);
     String target = Constants.ACTION.RETRIEVE_FILE.uri;
     context.setActionAttributes(null);
     try {
       MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
       resourceAttributes.set(Constants.DATASTREAM.FILE_URI.attributeId, fileURI);
       context.setResourceAttributes(resourceAttributes);
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(
           target + " couldn't be set " + Constants.DATASTREAM.FILE_URI.uri, e);
     }
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIM.uri,
         "",
         extractNamespace(fileURI),
         context);
   } finally {
     logger.debug("Exiting enforceRetrieveFile");
   }
 }
 @Override
 public void enforceGetDatastreamDissemination(
     Context context, String pid, String datastreamId, Date asOfDate) throws AuthzException {
   try {
     logger.debug("Entered enforceGetDatastreamDissemination");
     String target = Constants.ACTION.GET_DATASTREAM_DISSEMINATION.uri;
     context.setActionAttributes(null);
     MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
     URI name = null;
     try {
       name = Constants.DATASTREAM.ID.attributeId;
       resourceAttributes.set(name, datastreamId);
       name = Constants.RESOURCE.AS_OF_DATETIME.attributeId;
       resourceAttributes.set(name, ensureDate(asOfDate, context));
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(target + " couldn't set " + name, e);
     }
     context.setResourceAttributes(resourceAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIA.uri,
         pid,
         extractNamespace(pid),
         context);
   } finally {
     logger.debug("Exiting enforceGetDatastreamDissemination");
   }
 }
 @SuppressWarnings("deprecation")
 @Override
 public void enforceGetDissemination(
     Context context,
     String pid,
     String sDefPid,
     String methodName,
     Date asOfDate,
     String objectState,
     String sDefState,
     String sDepPid,
     String sDepState,
     String dissState)
     throws AuthzException {
   try {
     logger.debug("Entered enforceGetDissemination");
     String target = Constants.ACTION.GET_DISSEMINATION.uri;
     context.setActionAttributes(null);
     MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
     URI name = null;
     try {
       name = Constants.SDEF.PID.attributeId;
       resourceAttributes.set(name, sDefPid);
       name = Constants.SDEF.NAMESPACE.attributeId;
       resourceAttributes.set(name, extractNamespace(sDefPid));
       name = Constants.DISSEMINATOR.METHOD.attributeId;
       resourceAttributes.set(name, methodName);
       name = Constants.SDEP.PID.attributeId;
       resourceAttributes.set(name, sDepPid);
       name = Constants.SDEP.NAMESPACE.attributeId;
       resourceAttributes.set(name, extractNamespace(sDepPid));
       name = Constants.OBJECT.STATE.attributeId;
       resourceAttributes.set(name, objectState);
       name = Constants.DISSEMINATOR.STATE.attributeId;
       resourceAttributes.set(name, dissState);
       name = Constants.SDEF.STATE.attributeId;
       resourceAttributes.set(name, sDefState);
       name = Constants.SDEP.STATE.attributeId;
       resourceAttributes.set(name, sDepState);
       name = Constants.RESOURCE.AS_OF_DATETIME.attributeId;
       resourceAttributes.set(name, ensureDate(asOfDate, context));
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(target + " couldn't set " + name, e);
     }
     context.setResourceAttributes(resourceAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIA.uri,
         pid,
         extractNamespace(pid),
         context);
   } finally {
     logger.debug("Exiting enforceGetDissemination");
   }
 }
 /**
  * Enforce authorization for adding a datastream to an object. Provide attributes for the
  * authorization decision and wrap that xacml decision.
  *
  * <p>The following attributes are available for use in authorization policies during a call to
  * this method.
  *
  * <p>action attributes
  *
  * <ul>
  *   <li>urn:fedora:names:fedora:2.1:action:id ==
  *       urn:fedora:names:fedora:2.1:action:id-addDatastream
  *   <li>urn:fedora:names:fedora:2.1:action:api == urn:fedora:names:fedora:2.1:action:api-m
  * </ul>
  *
  * <p>resource attributes of object to which datastream would be added
  *
  * <ul>
  *   <li>urn:fedora:names:fedora:2.1:resource:object:pid
  *   <li>urn:fedora:names:fedora:2.1:resource:object:namespace (if pid is "x:y", namespace is "x")
  * </ul>
  *
  * <p>resource attributes of datastream which would be added
  *
  * <ul>
  *   <li>urn:fedora:names:fedora:2.1:resource:datastream:mimeType
  *   <li>urn:fedora:names:fedora:2.1:resource:datastream:formatUri
  *   <li>urn:fedora:names:fedora:2.1:resource:datastream:state
  *   <li>urn:fedora:names:fedora:2.1:resource:datastream:id
  *   <li>urn:fedora:names:fedora:2.1:resource:datastream:location
  *   <li>urn:fedora:names:fedora:2.1:resource:datastream:controlGroup
  *   <li>urn:fedora:names:fedora:2.1:resource:datastream:altIds
  *   <li>urn:fedora:names:fedora:2.1:resource:datastream:checksumType
  *   <li>urn:fedora:names:fedora:2.1:resource:datastream:checksum
  * </ul>
  */
 @Override
 public final void enforceAddDatastream(
     Context context,
     String pid,
     String dsId,
     String[] altIDs,
     String MIMEType,
     String formatURI,
     String dsLocation,
     String controlGroup,
     String dsState,
     String checksumType,
     String checksum)
     throws AuthzException {
   try {
     logger.debug("Entered enforceAddDatastream");
     String target = Constants.ACTION.ADD_DATASTREAM.uri;
     context.setActionAttributes(null);
     MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
     URI name = null;
     try {
       name = Constants.DATASTREAM.MIME_TYPE.attributeId;
       resourceAttributes.set(name, MIMEType);
       name = Constants.DATASTREAM.FORMAT_URI.attributeId;
       resourceAttributes.set(name, formatURI);
       name = Constants.DATASTREAM.STATE.attributeId;
       resourceAttributes.set(name, dsState);
       name = Constants.DATASTREAM.ID.attributeId;
       resourceAttributes.set(name, dsId);
       name = Constants.DATASTREAM.LOCATION.attributeId;
       resourceAttributes.set(name, dsLocation);
       name = Constants.DATASTREAM.CONTROL_GROUP.attributeId;
       resourceAttributes.set(name, controlGroup);
       name = Constants.DATASTREAM.ALT_IDS.attributeId;
       resourceAttributes.set(name, altIDs);
       name = Constants.DATASTREAM.CHECKSUM_TYPE.attributeId;
       resourceAttributes.set(name, checksumType);
       name = Constants.DATASTREAM.CHECKSUM.attributeId;
       resourceAttributes.set(name, checksum);
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(target + " couldn't set " + name, e);
     }
     context.setResourceAttributes(resourceAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIM.uri,
         pid,
         extractNamespace(pid),
         context);
   } finally {
     logger.debug("Exiting enforceAddDatastream");
   }
 }
 @Override
 public void enforceReloadPolicies(Context context) throws AuthzException {
   try {
     logger.debug("Entered enforceReloadPolicies");
     String target = Constants.ACTION.RELOAD_POLICIES.uri;
     context.setResourceAttributes(null);
     context.setActionAttributes(null);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), target, "", "", "", context);
   } finally {
     logger.debug("Exiting enforceReloadPolicies");
   }
 }
 @Override
 public final void enforceModifyDatastreamByReference(
     Context context,
     String pid,
     String datastreamId,
     String[] datastreamNewAltIDs,
     String datastreamNewMimeType,
     String datastreamNewFormatURI,
     String datastreamNewLocation,
     String datastreamNewChecksumType,
     String datastreamNewChecksum)
     throws AuthzException {
   try {
     logger.debug("Entered enforceModifyDatastreamByReference");
     String target = Constants.ACTION.MODIFY_DATASTREAM_BY_REFERENCE.uri;
     context.setActionAttributes(null);
     MultiValueMap<URI> resourceAttributes = new MultiValueMap<URI>();
     URI name = null;
     try {
       name = Constants.DATASTREAM.ID.attributeId;
       resourceAttributes.set(name, datastreamId);
       name = Constants.DATASTREAM.NEW_MIME_TYPE.attributeId;
       resourceAttributes.set(name, datastreamNewMimeType);
       name = Constants.DATASTREAM.NEW_FORMAT_URI.attributeId;
       resourceAttributes.set(name, datastreamNewFormatURI);
       name = Constants.DATASTREAM.NEW_LOCATION.attributeId;
       resourceAttributes.set(name, datastreamNewLocation);
       name = Constants.DATASTREAM.NEW_ALT_IDS.attributeId;
       resourceAttributes.set(name, datastreamNewAltIDs);
       name = Constants.DATASTREAM.NEW_CHECKSUM_TYPE.attributeId;
       resourceAttributes.set(name, datastreamNewChecksumType);
       name = Constants.DATASTREAM.NEW_CHECKSUM.attributeId;
       resourceAttributes.set(name, datastreamNewChecksum);
     } catch (Exception e) {
       context.setResourceAttributes(null);
       throw new AuthzOperationalException(target + " couldn't set " + name, e);
     }
     context.setResourceAttributes(resourceAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIM.uri,
         pid,
         extractNamespace(pid),
         context);
   } finally {
     logger.debug("Exiting enforceModifyDatastreamByReference");
   }
 }
 @Override
 public void enforceResolveDatastream(Context context, Date ticketIssuedDateTime)
     throws AuthzException {
   try {
     logger.debug("Entered enforceResolveDatastream");
     String target = Constants.ACTION.RESOLVE_DATASTREAM.uri;
     context.setResourceAttributes(null);
     MultiValueMap<URI> actionAttributes = new MultiValueMap<URI>();
     try {
       String ticketIssuedDateTimeString = DateUtility.convertDateToString(ticketIssuedDateTime);
       actionAttributes.set(
           Constants.RESOURCE.TICKET_ISSUED_DATETIME.attributeId, ticketIssuedDateTimeString);
     } catch (Exception e) {
       context.setActionAttributes(null);
       throw new AuthzOperationalException(
           target + " couldn't set " + Constants.RESOURCE.TICKET_ISSUED_DATETIME.uri, e);
     }
     context.setActionAttributes(actionAttributes);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri), target, "", "", "", context);
   } finally {
     logger.debug("Exiting enforceResolveDatastream");
   }
 }
 @Override
 public void enforceGetObjectHistory(Context context, String pid) throws AuthzException {
   try {
     logger.debug("Entered enforceGetObjectHistory");
     String target = Constants.ACTION.GET_OBJECT_HISTORY.uri;
     context.setActionAttributes(null);
     context.setResourceAttributes(null);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIA.uri,
         pid,
         extractNamespace(pid),
         context);
   } finally {
     logger.debug("Exiting enforceGetObjectHistory");
   }
 }
 @Override
 public void enforceDescribeRepository(Context context) throws AuthzException {
   try {
     logger.debug("Entered enforceDescribeRepository");
     String target = Constants.ACTION.DESCRIBE_REPOSITORY.uri;
     context.setActionAttributes(null);
     context.setResourceAttributes(null);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIA.uri,
         "",
         "",
         context);
   } finally {
     logger.debug("Exiting enforceDescribeRepository");
   }
 }
 @Override
 public void enforceRIFindObjects(Context context) throws AuthzException {
   try {
     logger.debug("Entered enforceRIFindObjects");
     String target = Constants.ACTION.RI_FIND_OBJECTS.uri;
     context.setActionAttributes(null);
     context.setResourceAttributes(null);
     xacmlPep.enforce(
         context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
         target,
         Constants.ACTION.APIA.uri,
         "",
         "",
         context);
   } finally {
     logger.debug("Exiting enforceRIFindObjects");
   }
 }
 @Override
 public final void enforceListObjectInResourceIndexResults(Context context, String pid)
     throws AuthzException {
   try {
     logger.debug("Entered enforceListObjectInResourceIndexResults");
     String target = Constants.ACTION.LIST_OBJECT_IN_RESOURCE_INDEX_RESULTS.uri;
     if (enforceListObjectInResourceIndexResults) {
       context.setActionAttributes(null);
       context.setResourceAttributes(null);
       xacmlPep.enforce(
           context.getSubjectValue(Constants.SUBJECT.LOGIN_ID.uri),
           target,
           Constants.ACTION.APIA.uri,
           pid,
           extractNamespace(pid),
           context);
     }
   } finally {
     logger.debug("Exiting enforceListObjectInResourceIndexResults");
   }
 }