private List<Entitlement> internalEvaluate(
Subject adminSubject,
String realm,
Subject subject,
String applicationName,
String resourceName,
Set<String> actionNames,
Map<String, Set<String>> environment,
boolean recursive)
throws EntitlementException {
long start = (recursive) ? EVAL_SUB_TREE_MONITOR.start() : EVAL_SINGLE_LEVEL_MONITOR.start();
List<Entitlement> results = new ArrayList<Entitlement>();
Set<ConditionDecision> decisions = new HashSet();
if (!isActive()) {
Entitlement origE = getEntitlement();
Entitlement e =
new Entitlement(
origE.getApplicationName(), origE.getResourceName(), Collections.EMPTY_SET);
results.add(e);
return results;
}
Map<String, Set<String>> advices = new HashMap<String, Set<String>>();
if (doesSubjectMatch(adminSubject, realm, advices, subject, resourceName, environment)
&& doesConditionMatch(realm, advices, subject, resourceName, environment, decisions)) {
Entitlement origE = getEntitlement();
Set<String> resources =
origE.evaluate(
adminSubject,
realm,
subject,
applicationName,
resourceName,
actionNames,
environment,
recursive);
if (PrivilegeManager.debug.messageEnabled()) {
PrivilegeManager.debug.message(
"[PolicyEval] OpenSSOPrivilege.evaluate: resources=" + resources.toString(), null);
}
for (String r : resources) {
Entitlement e = new Entitlement(origE.getApplicationName(), r, origE.getActionValues());
e.setAttributes(getAttributes(adminSubject, realm, subject, resourceName, environment));
e.setAdvices(advices);
e.setTTL(getLowestDecisionTTL(decisions));
results.add(e);
}
} else {
Entitlement origE = getEntitlement();
Entitlement e =
new Entitlement(
origE.getApplicationName(), origE.getResourceName(), Collections.EMPTY_SET);
e.setAdvices(advices);
e.setTTL(getLowestDecisionTTL(decisions));
results.add(e);
}
if (recursive) {
EVAL_SUB_TREE_MONITOR.end(start);
} else {
EVAL_SINGLE_LEVEL_MONITOR.end(start);
}
return results;
}
