private List<Entitlement> internalEvaluate( Subject adminSubject, String realm, Subject subject, String applicationName, String resourceName, Set<String> actionNames, Map<String, Set<String>> environment, boolean recursive) throws EntitlementException { long start = (recursive) ? EVAL_SUB_TREE_MONITOR.start() : EVAL_SINGLE_LEVEL_MONITOR.start(); List<Entitlement> results = new ArrayList<Entitlement>(); Set<ConditionDecision> decisions = new HashSet(); if (!isActive()) { Entitlement origE = getEntitlement(); Entitlement e = new Entitlement( origE.getApplicationName(), origE.getResourceName(), Collections.EMPTY_SET); results.add(e); return results; } Map<String, Set<String>> advices = new HashMap<String, Set<String>>(); if (doesSubjectMatch(adminSubject, realm, advices, subject, resourceName, environment) && doesConditionMatch(realm, advices, subject, resourceName, environment, decisions)) { Entitlement origE = getEntitlement(); Set<String> resources = origE.evaluate( adminSubject, realm, subject, applicationName, resourceName, actionNames, environment, recursive); if (PrivilegeManager.debug.messageEnabled()) { PrivilegeManager.debug.message( "[PolicyEval] OpenSSOPrivilege.evaluate: resources=" + resources.toString(), null); } for (String r : resources) { Entitlement e = new Entitlement(origE.getApplicationName(), r, origE.getActionValues()); e.setAttributes(getAttributes(adminSubject, realm, subject, resourceName, environment)); e.setAdvices(advices); e.setTTL(getLowestDecisionTTL(decisions)); results.add(e); } } else { Entitlement origE = getEntitlement(); Entitlement e = new Entitlement( origE.getApplicationName(), origE.getResourceName(), Collections.EMPTY_SET); e.setAdvices(advices); e.setTTL(getLowestDecisionTTL(decisions)); results.add(e); } if (recursive) { EVAL_SUB_TREE_MONITOR.end(start); } else { EVAL_SINGLE_LEVEL_MONITOR.end(start); } return results; }