@SuppressWarnings("unchecked") @Override public List<Record> authorizeByConnector( List<Record> records, Collection<UserCredentials> userCredentialsList, ConnectorManager connectorManager) { List<Record> authorizedRecords = new ArrayList<Record>(); Document document = DocumentHelper.createDocument(); Element root = document.addElement(ServletUtil.XMLTAG_AUTHZ_QUERY); Element connectorQueryElement = root.addElement(ServletUtil.XMLTAG_CONNECTOR_QUERY); Map<ConnectorInstance, UserCredentials> credentialsMap = new HashMap<ConnectorInstance, UserCredentials>(); Set<ConnectorInstance> connectorsWithoutCredentials = new HashSet<ConnectorInstance>(); Map<String, Record> recordsByURLMap = new HashMap<String, Record>(); boolean recordToValidate = false; for (Record record : records) { // Use to accelerate the matching between response urls and actual entities recordsByURLMap.put(record.getUrl(), record); ConnectorInstance connectorInstance = record.getConnectorInstance(); UserCredentials connectorCredentials = credentialsMap.get(connectorInstance); if (connectorCredentials == null && !connectorsWithoutCredentials.contains(connectorInstance)) { RecordCollection collection = connectorInstance.getRecordCollection(); for (CredentialGroup credentialGroup : collection.getCredentialGroups()) { if (credentialGroup.getConnectorInstances().contains(connectorInstance)) { for (UserCredentials userCredentials : userCredentialsList) { if (userCredentials.getCredentialGroup().equals(credentialGroup)) { connectorCredentials = userCredentials; credentialsMap.put(connectorInstance, userCredentials); break; } } break; } } } if (connectorCredentials == null) { connectorsWithoutCredentials.add(connectorInstance); LOGGER.warning("Missing credentials for connector " + connectorInstance.getName()); } else { String username = connectorCredentials.getUsername(); if (StringUtils.isNotBlank(username)) { String password = EncryptionUtils.decrypt(connectorCredentials.getEncryptedPassword()); String domain = connectorCredentials.getDomain(); Element identityElement = connectorQueryElement.addElement(ServletUtil.XMLTAG_IDENTITY); identityElement.setText(username); if (StringUtils.isNotBlank(domain)) { identityElement.addAttribute(ServletUtil.XMLTAG_DOMAIN_ATTRIBUTE, domain); } identityElement.addAttribute(ServletUtil.XMLTAG_PASSWORD_ATTRIBUTE, password); Element resourceElement = identityElement.addElement(ServletUtil.XMLTAG_RESOURCE); resourceElement.setText(record.getUrl()); resourceElement.addAttribute( ServletUtil.XMLTAG_CONNECTOR_NAME_ATTRIBUTE, connectorInstance.getName()); recordToValidate = true; } } } if (recordToValidate) { Element response = ConnectorManagerRequestUtils.sendPost(connectorManager, "/authorization", document); Element authzResponseElement = response.element(ServletUtil.XMLTAG_AUTHZ_RESPONSE); List<Element> answerElements = authzResponseElement.elements(ServletUtil.XMLTAG_ANSWER); for (Element answerElement : answerElements) { Element decisionElement = answerElement.element(ServletUtil.XMLTAG_DECISION); boolean permit = decisionElement.getTextTrim().equals("Permit"); if (permit) { Element resourceElement = answerElement.element(ServletUtil.XMLTAG_RESOURCE); String recordUrl = resourceElement.getTextTrim(); Record record = recordsByURLMap.get(recordUrl); authorizedRecords.add(record); } } } return authorizedRecords; }