diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement.ui/src/main/java/org/wso2/carbon/identity/entitlement/ui/client/EntitlementPolicyAdminServiceClient.java b/components/entitlement/org.wso2.carbon.identity.entitlement.ui/src/main/java/org/wso2/carbon/identity/entitlement/ui/client/EntitlementPolicyAdminServiceClient.java index 6b279c383215..6d18ce3c2dcf 100644 --- a/components/entitlement/org.wso2.carbon.identity.entitlement.ui/src/main/java/org/wso2/carbon/identity/entitlement/ui/client/EntitlementPolicyAdminServiceClient.java +++ b/components/entitlement/org.wso2.carbon.identity.entitlement.ui/src/main/java/org/wso2/carbon/identity/entitlement/ui/client/EntitlementPolicyAdminServiceClient.java @@ -247,9 +247,11 @@ public void uploadPolicy(String content) throws AxisFault { /** * Import XACML policy from registry * + * @deprecated since the functionality cannot be support by the rdbms based implementation * @param policyRegistryPath registry path * @throws AxisFault */ + @Deprecated public void importPolicyFromRegistry(String policyRegistryPath) throws AxisFault { try { diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/EntitlementAdminService.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/EntitlementAdminService.java index 4f7be486152c..f1cea7374fbe 100644 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/EntitlementAdminService.java +++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/EntitlementAdminService.java @@ -20,6 +20,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.identity.entitlement.dao.ConfigDAO; import org.wso2.carbon.identity.entitlement.dto.PDPDataHolder; import org.wso2.carbon.identity.entitlement.dto.PIPFinderDataHolder; import org.wso2.carbon.identity.entitlement.dto.PolicyFinderDataHolder; @@ -527,8 +528,8 @@ public PIPFinderDataHolder getPIPResourceFinderData(String finder) { */ public String getGlobalPolicyAlgorithm() throws EntitlementException { - return EntitlementAdminEngine.getInstance(). - getPolicyDataStore().getGlobalPolicyAlgorithmName(); + ConfigDAO configDAO = EntitlementAdminEngine.getInstance().getConfigDAO(); + return configDAO.getGlobalPolicyAlgorithmName(); } /** @@ -539,7 +540,8 @@ public String getGlobalPolicyAlgorithm() throws EntitlementException { */ public void setGlobalPolicyAlgorithm(String policyCombiningAlgorithm) throws EntitlementException { - EntitlementAdminEngine.getInstance(). - getPolicyDataStore().setGlobalPolicyAlgorithm(policyCombiningAlgorithm); + ConfigDAO configDAO = EntitlementAdminEngine.getInstance().getConfigDAO(); + configDAO.setGlobalPolicyAlgorithm(policyCombiningAlgorithm); + } } diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/EntitlementPolicyAdminService.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/EntitlementPolicyAdminService.java index 29cd0a13b30b..5ebd3df24df8 100644 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/EntitlementPolicyAdminService.java +++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/EntitlementPolicyAdminService.java @@ -24,6 +24,8 @@ import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.context.RegistryType; import org.wso2.carbon.identity.entitlement.common.EntitlementConstants; +import org.wso2.carbon.identity.entitlement.dao.PolicyDAO; +import org.wso2.carbon.identity.entitlement.dao.SubscriberDAO; import org.wso2.carbon.identity.entitlement.dto.AttributeDTO; import org.wso2.carbon.identity.entitlement.dto.EntitlementFinderDataHolder; import org.wso2.carbon.identity.entitlement.dto.EntitlementTreeNodeDTO; @@ -40,7 +42,6 @@ import org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreManager; import org.wso2.carbon.identity.entitlement.policy.publisher.PolicyPublisher; import org.wso2.carbon.identity.entitlement.policy.publisher.PolicyPublisherModule; -import org.wso2.carbon.identity.entitlement.policy.version.PolicyVersionManager; import org.wso2.carbon.registry.core.Registry; import org.wso2.carbon.registry.core.Resource; import org.wso2.carbon.registry.core.exceptions.RegistryException; @@ -99,9 +100,9 @@ public void addPolicies(PolicyDTO[] policies) throws EntitlementException { /** * This method finds the policy file from given registry path and adds the policy * + * @deprecated since the functionality cannot be support by the rdbms based implementation * @param policyRegistryPath given registry path - * @throws org.wso2.carbon.identity.entitlement.EntitlementException throws when fails or registry error - * occurs + * @throws org.wso2.carbon.identity.entitlement.EntitlementException throws when fails or registry error occurs */ public void importPolicyFromRegistry(String policyRegistryPath) throws EntitlementException { @@ -114,7 +115,7 @@ public void importPolicyFromRegistry(String policyRegistryPath) throws Entitleme // Finding from which registry by comparing prefix of resource path String resourceUri = policyRegistryPath.substring(policyRegistryPath.lastIndexOf(':') + 1); String registryIdentifier = policyRegistryPath.substring(0, - policyRegistryPath.lastIndexOf(':')); + policyRegistryPath.lastIndexOf(':')); if ("conf".equals(registryIdentifier)) { registry = (Registry) CarbonContext.getThreadLocalCarbonContext(). getRegistry(RegistryType.SYSTEM_CONFIGURATION); @@ -288,8 +289,8 @@ public PolicyDTO getPolicyByVersion(String policyId, String version) throws Enti PolicyDTO policyDTO = null; try { - PolicyVersionManager versionManager = EntitlementAdminEngine.getInstance().getVersionManager(); - policyDTO = versionManager.getPolicy(policyId, version); + PolicyDAO policyStore = EntitlementAdminEngine.getInstance().getPolicyDAO(); + policyDTO = policyStore.getPolicy(policyId, version); } catch (EntitlementException e) { policyDTO = new PolicyDTO(); policyDTO.setPolicy(policyId); @@ -369,9 +370,6 @@ public void removePolicy(String policyId, boolean dePromote) throws EntitlementE } handleStatus(EntitlementConstants.StatusTypes.DELETE_POLICY, oldPolicy, true, null); - //remove versions - EntitlementAdminEngine.getInstance().getVersionManager().deletePolicy(policyId); - // policy remove from PDP. this is done by separate thread if (dePromote) { publishToPDP(new String[]{policyId}, null, @@ -425,8 +423,8 @@ public String[] getAllPolicyIds(String searchString) throws EntitlementException */ public PublisherDataHolder getSubscriber(String subscribeId) throws EntitlementException { - PolicyPublisher publisher = EntitlementAdminEngine.getInstance().getPolicyPublisher(); - return publisher.retrieveSubscriber(subscribeId, false); + SubscriberDAO subscriberManager = EntitlementAdminEngine.getInstance().getSubscriberDAO(); + return subscriberManager.getSubscriber(subscribeId, false); } /** @@ -437,9 +435,9 @@ public PublisherDataHolder getSubscriber(String subscribeId) throws EntitlementE * @throws EntitlementException throws, if fails */ public String[] getSubscriberIds(String searchString) throws EntitlementException { - PolicyPublisher publisher = EntitlementAdminEngine.getInstance().getPolicyPublisher(); - String[] ids = publisher.retrieveSubscriberIds(searchString); - if (ids != null) { + SubscriberDAO subscriberManager = EntitlementAdminEngine.getInstance().getSubscriberDAO(); + String[] ids = subscriberManager.listSubscriberIds(searchString).toArray(new String[0]); + if (ids.length != 0) { return ids; } else { return new String[0]; @@ -454,8 +452,8 @@ public String[] getSubscriberIds(String searchString) throws EntitlementExceptio */ public void addSubscriber(PublisherDataHolder holder) throws EntitlementException { - PolicyPublisher publisher = EntitlementAdminEngine.getInstance().getPolicyPublisher(); - publisher.persistSubscriber(holder, false); + SubscriberDAO subscriberManager = EntitlementAdminEngine.getInstance().getSubscriberDAO(); + subscriberManager.addSubscriber(holder); } @@ -467,8 +465,8 @@ public void addSubscriber(PublisherDataHolder holder) throws EntitlementExceptio */ public void updateSubscriber(PublisherDataHolder holder) throws EntitlementException { - PolicyPublisher publisher = EntitlementAdminEngine.getInstance().getPolicyPublisher(); - publisher.persistSubscriber(holder, true); + SubscriberDAO subscriberManager = EntitlementAdminEngine.getInstance().getSubscriberDAO(); + subscriberManager.updateSubscriber(holder); } @@ -480,8 +478,8 @@ public void updateSubscriber(PublisherDataHolder holder) throws EntitlementExcep */ public void deleteSubscriber(String subscriberId) throws EntitlementException { - PolicyPublisher publisher = EntitlementAdminEngine.getInstance().getPolicyPublisher(); - publisher.deleteSubscriber(subscriberId); + SubscriberDAO subscriberManager = EntitlementAdminEngine.getInstance().getSubscriberDAO(); + subscriberManager.removeSubscriber(subscriberId); } @@ -504,14 +502,15 @@ public void publishPolicies(String[] policyIds, String[] subscriberIds, String a policyIds = EntitlementAdminEngine.getInstance().getPapPolicyStoreManager().getPolicyIds(); } if (subscriberIds == null || subscriberIds.length < 1) { - subscriberIds = publisher.retrieveSubscriberIds("*"); + SubscriberDAO subscriberManager = EntitlementAdminEngine.getInstance().getSubscriberDAO(); + subscriberIds = subscriberManager.listSubscriberIds("*").toArray(new String[0]); } if (policyIds == null || policyIds.length < 1) { throw new EntitlementException("There are no policies to publish"); } - if (subscriberIds == null || subscriberIds.length < 1) { + if (subscriberIds.length < 1) { throw new EntitlementException("There are no subscribers to publish"); } @@ -561,8 +560,8 @@ public void publishToPDP(String[] policyIds, String action, String version, bool */ public void rollBackPolicy(String policyId, String version) throws EntitlementException { - PolicyVersionManager versionManager = EntitlementAdminEngine.getInstance().getVersionManager(); - PolicyDTO policyDTO = versionManager.getPolicy(policyId, version); + PolicyDAO policyStore = EntitlementAdminEngine.getInstance().getPolicyDAO(); + PolicyDTO policyDTO = policyStore.getPolicy(policyId, version); addOrUpdatePolicy(policyDTO, false); } @@ -641,7 +640,8 @@ public EntitlementFinderDataHolder[] getEntitlementDataModules() { */ public String[] getPolicyVersions(String policyId) throws EntitlementException { - String[] versions = EntitlementAdminEngine.getInstance().getVersionManager().getVersions(policyId); + PolicyDAO policyStore = EntitlementAdminEngine.getInstance().getPolicyDAO(); + String[] versions = policyStore.getVersions(policyId); if(versions == null){ throw new EntitlementException("Error obtaining policy versions"); } @@ -658,7 +658,7 @@ public void orderPolicy(String policyId, int newOrder) throws EntitlementExcepti PAPPolicyStoreManager storeManager = EntitlementAdminEngine. getInstance().getPapPolicyStoreManager(); if (storeManager.isExistPolicy(policyId)) { - storeManager.addOrUpdatePolicy(policyDTO); + storeManager.addOrUpdatePolicy(policyDTO, false); } publishToPDP(new String[]{policyDTO.getPolicyId()}, EntitlementConstants.PolicyPublish.ACTION_ORDER, null, false, newOrder); @@ -672,7 +672,7 @@ public void enableDisablePolicy(String policyId, boolean enable) throws Entitlem PAPPolicyStoreManager storeManager = EntitlementAdminEngine. getInstance().getPapPolicyStoreManager(); if (storeManager.isExistPolicy(policyId)) { - storeManager.addOrUpdatePolicy(policyDTO); + storeManager.addOrUpdatePolicy(policyDTO, false); } if (enable) { @@ -713,7 +713,6 @@ private void addOrUpdatePolicy(PolicyDTO policyDTO, boolean isAdd) throws Entitl } PAPPolicyStoreManager policyAdmin = EntitlementAdminEngine.getInstance().getPapPolicyStoreManager(); - PolicyVersionManager versionManager = EntitlementAdminEngine.getInstance().getVersionManager(); AbstractPolicy policyObj; String policyId = null; @@ -764,14 +763,8 @@ private void addOrUpdatePolicy(PolicyDTO policyDTO, boolean isAdd) throws Entitl } else { throw new EntitlementException("Unsupported Entitlement Policy. Policy can not be parsed"); } - try { - String version = versionManager.createVersion(policyDTO); - policyDTO.setVersion(version); - } catch (EntitlementException e) { - log.error("Policy versioning is not supported", e); - } } - policyAdmin.addOrUpdatePolicy(policyDTO); + policyAdmin.addOrUpdatePolicy(policyDTO, true); } catch (EntitlementException e) { handleStatus(operation, policyDTO, false, e.getMessage()); throw e; diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/EntitlementUtil.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/EntitlementUtil.java index 2cb293a687ad..43250310c679 100644 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/EntitlementUtil.java +++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/EntitlementUtil.java @@ -55,32 +55,18 @@ import org.wso2.carbon.identity.entitlement.cache.EntitlementBaseCache; import org.wso2.carbon.identity.entitlement.cache.IdentityCacheEntry; import org.wso2.carbon.identity.entitlement.cache.IdentityCacheKey; -import org.wso2.carbon.identity.entitlement.common.EntitlementConstants; +import org.wso2.carbon.identity.entitlement.dao.PolicyDAO; import org.wso2.carbon.identity.entitlement.dto.AttributeDTO; import org.wso2.carbon.identity.entitlement.dto.PolicyDTO; -import org.wso2.carbon.identity.entitlement.dto.PolicyStoreDTO; import org.wso2.carbon.identity.entitlement.internal.EntitlementExtensionBuilder; import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent; import org.wso2.carbon.identity.entitlement.pap.EntitlementAdminEngine; -import org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStore; import org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreManager; import org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreReader; -import org.wso2.carbon.identity.entitlement.policy.publisher.PolicyPublisher; -import org.wso2.carbon.identity.entitlement.policy.store.PolicyStoreManageModule; -import org.wso2.carbon.identity.entitlement.policy.version.PolicyVersionManager; -import org.wso2.carbon.registry.core.Collection; import org.wso2.carbon.registry.core.Registry; -import org.wso2.carbon.registry.core.Resource; -import org.wso2.carbon.registry.core.exceptions.RegistryException; import org.wso2.carbon.utils.CarbonUtils; import org.xml.sax.SAXException; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; -import javax.xml.transform.dom.DOMResult; -import javax.xml.transform.dom.DOMSource; -import javax.xml.validation.Schema; -import javax.xml.validation.Validator; + import java.io.ByteArrayInputStream; import java.io.File; import java.io.IOException; @@ -95,6 +81,21 @@ import java.util.Properties; import java.util.Set; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.dom.DOMResult; +import javax.xml.transform.dom.DOMSource; +import javax.xml.validation.Schema; +import javax.xml.validation.Validator; + +import static org.wso2.carbon.identity.entitlement.PDPConstants.Algorithms.DENY_OVERRIDES; +import static org.wso2.carbon.identity.entitlement.PDPConstants.Algorithms.FIRST_APPLICABLE; +import static org.wso2.carbon.identity.entitlement.PDPConstants.Algorithms.ONLY_ONE_APPLICABLE; +import static org.wso2.carbon.identity.entitlement.PDPConstants.Algorithms.ORDERED_DENY_OVERRIDES; +import static org.wso2.carbon.identity.entitlement.PDPConstants.Algorithms.ORDERED_PERMIT_OVERRIDES; +import static org.wso2.carbon.identity.entitlement.PDPConstants.Algorithms.PERMIT_OVERRIDES; + /** * Provides utility functionalities used across different classes. */ @@ -102,8 +103,6 @@ public class EntitlementUtil { private static Log log = LogFactory.getLog(EntitlementUtil.class); - private static final String ENHANCED_XACML_LOADING_SYSTEM_PROPERTY = "enableEnhancedXACMLLoading"; - /** * Return an instance of a named cache that is common to all tenants. * @@ -341,6 +340,59 @@ public static PolicyCombiningAlgorithm getPolicyCombiningAlgorithm(String uri) throw new EntitlementException("Unsupported policy algorithm " + uri); } + /** + * Gets all supported policy combining algorithm names + * + * @return array of policy combining algorithm names + */ + public static String[] getAllGlobalPolicyAlgorithmNames() { + + return new String[]{DENY_OVERRIDES, PERMIT_OVERRIDES, FIRST_APPLICABLE, ORDERED_DENY_OVERRIDES, + ORDERED_PERMIT_OVERRIDES, ONLY_ONE_APPLICABLE}; + } + + /** + * Gets the maximum no of status records to persist + * + * @return maximum no of status records + */ + public static int getMaxNoOfStatusRecords() { + + int maxRecords = 0; + String maxRecordsString = EntitlementServiceComponent.getEntitlementConfig().getEngineProperties(). + getProperty(PDPConstants.MAX_NO_OF_STATUS_RECORDS); + + if (maxRecordsString != null) { + maxRecords = Integer.parseInt(maxRecordsString); + } + if (maxRecords == 0) { + maxRecords = PDPConstants.DEFAULT_MAX_NO_OF_STATUS_RECORDS; + } + + return maxRecords; + } + + /** + * Gets the maximum no of policy versions allowed + * + * @return maximum no of policy versions + */ + public static int getMaxNoOfPolicyVersions() { + + int maxVersions = 0; + String maxVersionsString = EntitlementServiceComponent.getEntitlementConfig().getEngineProperties(). + getProperty(PDPConstants.MAX_NO_OF_POLICY_VERSIONS); + + if (maxVersionsString != null) { + maxVersions = Integer.parseInt(maxVersionsString); + } + if (maxVersions == 0) { + maxVersions = PDPConstants.DEFAULT_MAX_NO_OF_POLICY_VERSIONS; + } + + return maxVersions; + } + /** * Creates Simple XACML request using given attribute value.Here category, attribute ids and datatypes are * taken as default values. @@ -377,7 +429,7 @@ public static String createSimpleXACMLRequest(String subject, String resource, S " "; } - public static void addSamplePolicies(Registry registry) { + public static void addSamplePolicies() { File policyFolder = new File(CarbonUtils.getCarbonHome() + File.separator + "repository" + File.separator + "resources" + File.separator @@ -391,7 +443,7 @@ public static void addSamplePolicies(Registry registry) { PolicyDTO policyDTO = new PolicyDTO(); try { policyDTO.setPolicy(FileUtils.readFileToString(policyFile)); - EntitlementUtil.addFilesystemPolicy(policyDTO, registry, false); + EntitlementUtil.addFilesystemPolicy(policyDTO, false); } catch (Exception e) { // log and ignore log.error("Error while adding sample XACML policies", e); @@ -402,31 +454,29 @@ public static void addSamplePolicies(Registry registry) { } /** - * This method checks whether there is a policy having the same policyId as the given policyId is in the registry + * This method checks whether there is a policy having the same policyId as the given policyId * * @param policyId - * @param registry * @return * @throws EntitlementException */ - public static boolean isPolicyExists(String policyId, Registry registry) throws EntitlementException { - PAPPolicyStoreReader policyReader = null; - policyReader = new PAPPolicyStoreReader(new PAPPolicyStore(registry)); + public static boolean isPolicyExists(String policyId) throws EntitlementException { + PAPPolicyStoreReader policyReader; + PolicyDAO store = EntitlementAdminEngine.getInstance().getPolicyDAO(); + policyReader = new PAPPolicyStoreReader(store); return policyReader.isExistPolicy(policyId); } /** * This method persists a new XACML policy, which was read from filesystem, - * in the registry + * in the policy store * * @param policyDTO PolicyDTO object - * @param registry Registry * @param promote where policy must be promote PDP or not * @return returns whether True/False * @throws org.wso2.carbon.identity.entitlement.EntitlementException throws if policy with same id is exist */ - public static boolean addFilesystemPolicy(PolicyDTO policyDTO, - Registry registry, boolean promote) + public static boolean addFilesystemPolicy(PolicyDTO policyDTO, boolean promote) throws EntitlementException { PAPPolicyStoreManager policyAdmin; @@ -439,44 +489,20 @@ public static boolean addFilesystemPolicy(PolicyDTO policyDTO, policyObj = getPolicy(policyDTO.getPolicy()); if (policyObj != null) { - PAPPolicyStore policyStore = new PAPPolicyStore(registry); policyAdmin = new PAPPolicyStoreManager(); policyDTO.setPolicyId(policyObj.getId().toASCIIString()); policyDTO.setActive(true); - if (isPolicyExists(policyDTO.getPolicyId(), registry)) { + if (isPolicyExists(policyDTO.getPolicyId())) { return false; } policyDTO.setPromote(promote); - PolicyVersionManager versionManager = EntitlementAdminEngine.getInstance().getVersionManager(); - try { - String version = versionManager.createVersion(policyDTO); - policyDTO.setVersion(version); - } catch (EntitlementException e) { - log.error("Policy versioning is not supported", e); - } - policyAdmin.addOrUpdatePolicy(policyDTO); - - PAPPolicyStoreReader reader = new PAPPolicyStoreReader(policyStore); - policyDTO = reader.readPolicyDTO(policyDTO.getPolicyId()); + policyAdmin.addOrUpdatePolicy(policyDTO, true); - if (Boolean.parseBoolean(System.getProperty(ENHANCED_XACML_LOADING_SYSTEM_PROPERTY)) && promote) { + if (promote) { EntitlementAdminEngine adminEngine = EntitlementAdminEngine.getInstance(); adminEngine.getPolicyStoreManager().addPolicy(policyDTO); - } else { - PolicyStoreDTO policyStoreDTO = new PolicyStoreDTO(); - policyStoreDTO.setPolicyId(policyDTO.getPolicyId()); - policyStoreDTO.setPolicy(policyDTO.getPolicy()); - policyStoreDTO.setPolicyOrder(policyDTO.getPolicyOrder()); - policyStoreDTO.setAttributeDTOs(policyDTO.getAttributeDTOs()); - policyStoreDTO.setActive(policyDTO.isActive()); - policyStoreDTO.setSetActive(policyDTO.isActive()); - - if (promote) { - addPolicyToPDP(policyStoreDTO); - } - policyAdmin.addOrUpdatePolicy(policyDTO); } return true; } else { @@ -518,6 +544,7 @@ public static AbstractPolicy getPolicy(String policy) { } } + /** * Gets policy dto for a given policy id * @@ -527,109 +554,12 @@ public static AbstractPolicy getPolicy(String policy) { * @throws org.wso2.carbon.identity.entitlement.EntitlementException */ public static PolicyDTO getPolicy(String policyId, Registry registry) throws EntitlementException { - PAPPolicyStoreReader policyReader = null; - policyReader = new PAPPolicyStoreReader(new PAPPolicyStore(registry)); + PAPPolicyStoreReader policyReader; + PolicyDAO store = EntitlementAdminEngine.getInstance().getPolicyDAO(); + policyReader = new PAPPolicyStoreReader(store); return policyReader.readPolicyDTO(policyId); } - /** - * @param policyStoreDTO - * @return - */ - public static void addPolicyToPDP(PolicyStoreDTO policyStoreDTO) throws EntitlementException { - - Registry registry; - String policyPath; - Collection policyCollection; - Resource resource; - - Map.Entry entry = EntitlementServiceComponent - .getEntitlementConfig().getPolicyStore().entrySet().iterator().next(); - String policyStorePath = entry.getValue().getProperty("policyStorePath"); - - if (policyStorePath == null) { - policyStorePath = "/repository/identity/entitlement/policy/pdp/"; - } - - if (policyStoreDTO == null || policyStoreDTO.getPolicy() == null - || policyStoreDTO.getPolicy().trim().length() == 0 - || policyStoreDTO.getPolicyId() == null - || policyStoreDTO.getPolicyId().trim().length() == 0) { - return; - } - - try { - registry = EntitlementServiceComponent.getRegistryService() - .getGovernanceSystemRegistry(); - - if (registry.resourceExists(policyStorePath)) { - policyCollection = (Collection) registry.get(policyStorePath); - } else { - policyCollection = registry.newCollection(); - } - - registry.put(policyStorePath, policyCollection); - policyPath = policyStorePath + policyStoreDTO.getPolicyId(); - - if (registry.resourceExists(policyPath)) { - resource = registry.get(policyPath); - } else { - resource = registry.newResource(); - } - - resource.setProperty("policyOrder", Integer.toString(policyStoreDTO.getPolicyOrder())); - resource.setContent(policyStoreDTO.getPolicy()); - resource.setMediaType("application/xacml-policy+xml"); - resource.setProperty("active", String.valueOf(policyStoreDTO.isActive())); - AttributeDTO[] attributeDTOs = policyStoreDTO.getAttributeDTOs(); - if (attributeDTOs != null) { - setAttributesAsProperties(attributeDTOs, resource); - } - registry.put(policyPath, resource); - //Enable published policies in PDP - PAPPolicyStoreManager storeManager = EntitlementAdminEngine.getInstance().getPapPolicyStoreManager(); - if (storeManager.isExistPolicy(policyStoreDTO.getPolicyId())) { - - PolicyPublisher publisher = EntitlementAdminEngine.getInstance().getPolicyPublisher(); - String[] subscribers = new String[]{EntitlementConstants.PDP_SUBSCRIBER_ID}; - - if (policyStoreDTO.isActive()) { - publisher.publishPolicy(new String[]{policyStoreDTO.getPolicyId()}, null, - EntitlementConstants.PolicyPublish.ACTION_ENABLE, false, 0, subscribers, null); - - } else { - publisher.publishPolicy(new String[]{policyStoreDTO.getPolicyId()}, null, - EntitlementConstants.PolicyPublish.ACTION_DISABLE, false, 0, subscribers, null); - } - } - - } catch (RegistryException e) { - log.error(e); - throw new EntitlementException("Error while adding policy to PDP", e); - } - } - - /** - * This helper method creates properties object which contains the policy meta data. - * - * @param attributeDTOs List of AttributeDTO - * @param resource registry resource - */ - public static void setAttributesAsProperties(AttributeDTO[] attributeDTOs, Resource resource) { - - int attributeElementNo = 0; - if (attributeDTOs != null) { - for (AttributeDTO attributeDTO : attributeDTOs) { - resource.setProperty("policyMetaData" + attributeElementNo, - attributeDTO.getCategory() + "," + - attributeDTO.getAttributeValue() + "," + - attributeDTO.getAttributeId() + "," + - attributeDTO.getAttributeDataType()); - attributeElementNo++; - } - } - } - /** * This will return all the properties of entitlement.properties config * @return Properties of config diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/PDPConstants.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/PDPConstants.java index 2ec9663bfe9c..a93632338099 100644 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/PDPConstants.java +++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/PDPConstants.java @@ -291,4 +291,21 @@ public class PDPConstants { public static final String STORE_POLICY_META_DATA = "PAP.Policy.Store.MetaData"; + public static final String MAX_NO_OF_STATUS_RECORDS = "maxRecodesToPersist"; + + public static final int DEFAULT_MAX_NO_OF_STATUS_RECORDS = 50; + + public static final String MAX_NO_OF_POLICY_VERSIONS = "maxVersions"; + + public static final int DEFAULT_MAX_NO_OF_POLICY_VERSIONS = 5; + + public static final class Algorithms { + + public static final String DENY_OVERRIDES = "deny-overrides"; + public static final String PERMIT_OVERRIDES = "permit-overrides"; + public static final String FIRST_APPLICABLE = "first-applicable"; + public static final String ORDERED_DENY_OVERRIDES = "ordered-deny-overrides"; + public static final String ONLY_ONE_APPLICABLE = "only-one-applicable"; + public static final String ORDERED_PERMIT_OVERRIDES = "ordered-permit-overrides"; + } } diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/dao/ConfigDAO.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/dao/ConfigDAO.java new file mode 100644 index 000000000000..d088e7f9e315 --- /dev/null +++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/dao/ConfigDAO.java @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.entitlement.dao; + +import org.wso2.balana.combine.PolicyCombiningAlgorithm; +import org.wso2.carbon.identity.entitlement.EntitlementException; + +/** + * This interface supports the management of policy configuration data. + */ +public interface ConfigDAO { + + /** + * Gets the global policy combining algorithm. + * + * @return global policy combining algorithm + */ + PolicyCombiningAlgorithm getGlobalPolicyAlgorithm(); + + /** + * Sets the global policy combining algorithm. + * + * @param policyCombiningAlgorithm policy combining algorithm name + * @throws EntitlementException If an error occurs + */ + void setGlobalPolicyAlgorithm(String policyCombiningAlgorithm) throws EntitlementException; + + /** + * Gets the policy combining algorithm name. + * + * @return global policy combining algorithm name + */ + String getGlobalPolicyAlgorithmName(); + +} diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/dao/PolicyDAO.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/dao/PolicyDAO.java new file mode 100644 index 000000000000..9fa77f19fcb3 --- /dev/null +++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/dao/PolicyDAO.java @@ -0,0 +1,122 @@ +/* + * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.entitlement.dao; + +import org.wso2.carbon.identity.entitlement.EntitlementException; +import org.wso2.carbon.identity.entitlement.dto.PolicyDTO; +import org.wso2.carbon.identity.entitlement.dto.PolicyStoreDTO; +import org.wso2.carbon.identity.entitlement.policy.finder.PolicyFinderModule; + +import java.util.List; + +/** + * This interface supports the management of XACML policies. + */ +public interface PolicyDAO extends PolicyFinderModule { + + /** + * Adds or updates the given policy. + * + * @param policy policy + * @throws EntitlementException If an error occurs + */ + void addOrUpdatePolicy(PolicyDTO policy, boolean enableVersioning) throws EntitlementException; + + /** + * Gets the requested policy. + * + * @param policyId policy ID + * @return policyDTO + * @throws EntitlementException If an error occurs + */ + PolicyDTO getPAPPolicy(String policyId) throws EntitlementException; + + /** + * Gets the requested policy version. + * + * @param policyId policy ID + * @param version policy version + * @return requested policy + * @throws EntitlementException If an error occurs + */ + PolicyDTO getPolicy(String policyId, String version) throws EntitlementException; + + /** + * Gets all versions of the given policy ID. + * + * @param policyId policy ID + * @return array of policy versions + */ + String[] getVersions(String policyId); + + /** + * Lists all PAP policy IDs. + * + * @return list of policy IDs + * @throws EntitlementException If an error occurs + */ + List listPolicyIds() throws EntitlementException; + + /** + * Removes the given policy. + * + * @param policyId policy ID + * @throws EntitlementException If an error occurs + */ + void removePolicy(String policyId) throws EntitlementException; + + /** + * Publishes the given policy. + * + * @param policy policy to be published + * @throws EntitlementException If an error occurs + */ + void publishPolicy(PolicyStoreDTO policy) throws EntitlementException; + + /** + * Checks whether the given policy is published or not. + * + * @param policyId policy ID + * @return whether the given policy is published or not + */ + boolean isPublished(String policyId); + + /** + * Gets the requested published policy. + * + * @param policyId policy ID + * @return requested policy + */ + PolicyDTO getPublishedPolicy(String policyId); + + /** + * Lists all published policy IDs. + * + * @return list of published policy IDs + * @throws EntitlementException If an error occurs + */ + List listPublishedPolicyIds() throws EntitlementException; + + /** + * Un-publishes the policy. + * + * @param policyId policy ID + */ + void unPublishPolicy(String policyId); +} diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/dao/RegistryConfigDAOImpl.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/dao/RegistryConfigDAOImpl.java new file mode 100644 index 000000000000..d584cd7eba85 --- /dev/null +++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/dao/RegistryConfigDAOImpl.java @@ -0,0 +1,158 @@ +/* + * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.entitlement.dao; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.wso2.balana.combine.PolicyCombiningAlgorithm; +import org.wso2.balana.combine.xacml3.DenyOverridesPolicyAlg; +import org.wso2.carbon.context.CarbonContext; +import org.wso2.carbon.identity.entitlement.EntitlementException; +import org.wso2.carbon.identity.entitlement.EntitlementUtil; +import org.wso2.carbon.identity.entitlement.PDPConstants; +import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent; +import org.wso2.carbon.identity.entitlement.pdp.EntitlementEngine; +import org.wso2.carbon.registry.core.Collection; +import org.wso2.carbon.registry.core.Registry; +import org.wso2.carbon.registry.core.exceptions.RegistryException; + +/** + * This implementation handles the Global PolicyDAO Combining Algorithm management in the Registry. + */ +public class RegistryConfigDAOImpl implements ConfigDAO { + + public static final String POLICY_COMBINING_PREFIX_1 = "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:"; + public static final String POLICY_COMBINING_PREFIX_3 = "urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:"; + // The logger that is used for all messages + private static final Log LOG = LogFactory.getLog(RegistryConfigDAOImpl.class); + private static final String GLOBAL_POLICY_COMBINING_ALGORITHM = "globalPolicyCombiningAlgorithm"; + private static final String POLICY_DATA_COLLECTION = PDPConstants.ENTITLEMENT_POLICY_DATA; + private final Registry registry; + + public RegistryConfigDAOImpl() { + + int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); + registry = EntitlementServiceComponent.getGovernanceRegistry(tenantId); + } + + /** + * Gets the global policy combining algorithm. + * + * @return global policy combining algorithm + */ + @Override + public PolicyCombiningAlgorithm getGlobalPolicyAlgorithm() { + + String algorithm = null; + try { + if (registry.resourceExists(POLICY_DATA_COLLECTION)) { + Collection collection = (Collection) registry.get(POLICY_DATA_COLLECTION); + algorithm = collection.getProperty(GLOBAL_POLICY_COMBINING_ALGORITHM); + } + + if (algorithm == null || algorithm.trim().isEmpty()) { + // Reads the algorithm from entitlement.properties file + algorithm = EntitlementServiceComponent.getEntitlementConfig().getEngineProperties(). + getProperty(PDPConstants.PDP_GLOBAL_COMBINING_ALGORITHM); + LOG.info("The global policy combining algorithm which is defined in the configuration file, " + + "is used."); + try { + return EntitlementUtil.getPolicyCombiningAlgorithm(algorithm); + } catch (Exception e) { + LOG.warn(e); + } + } + + if (algorithm != null && !algorithm.trim().isEmpty()) { + if (PDPConstants.Algorithms.FIRST_APPLICABLE.equals(algorithm) || + PDPConstants.Algorithms.ONLY_ONE_APPLICABLE.equals(algorithm)) { + algorithm = POLICY_COMBINING_PREFIX_1 + algorithm; + } else { + algorithm = POLICY_COMBINING_PREFIX_3 + algorithm; + } + return EntitlementUtil.getPolicyCombiningAlgorithm(algorithm); + } + + } catch (RegistryException | EntitlementException e) { + if (LOG.isDebugEnabled()) { + LOG.debug("Exception while getting global policy combining algorithm from policy data store.", e); + } + } + + LOG.warn("Global policy combining algorithm is not defined. Therefore the default algorithm is used."); + return new DenyOverridesPolicyAlg(); + } + + /** + * Sets the global policy combining algorithm. + * + * @param policyCombiningAlgorithm policy combining algorithm name + * @throws EntitlementException If an error occurs + */ + @Override + public void setGlobalPolicyAlgorithm(String policyCombiningAlgorithm) throws EntitlementException { + + try { + Collection policyCollection; + if (registry.resourceExists(POLICY_DATA_COLLECTION)) { + policyCollection = (Collection) registry.get(POLICY_DATA_COLLECTION); + } else { + policyCollection = registry.newCollection(); + } + + policyCollection.setProperty(GLOBAL_POLICY_COMBINING_ALGORITHM, policyCombiningAlgorithm); + registry.put(POLICY_DATA_COLLECTION, policyCollection); + + // Performs cache invalidation + EntitlementEngine.getInstance().invalidatePolicyCache(); + + } catch (RegistryException e) { + LOG.error("Error while updating global policy combining algorithm in policy store ", e); + throw new EntitlementException("Error while updating global policy combining algorithm in policy store"); + } + } + + /** + * Gets the policy combining algorithm name. + * + * @return global policy combining algorithm name + */ + @Override + public String getGlobalPolicyAlgorithmName() { + + String algorithm = null; + try { + if (registry.resourceExists(POLICY_DATA_COLLECTION)) { + Collection collection = (Collection) registry.get(POLICY_DATA_COLLECTION); + algorithm = collection.getProperty(GLOBAL_POLICY_COMBINING_ALGORITHM); + } + } catch (RegistryException e) { + if (LOG.isDebugEnabled()) { + LOG.debug(e); + } + } + + // set default + if (algorithm == null) { + algorithm = PDPConstants.Algorithms.DENY_OVERRIDES; + } + + return algorithm; + } +} diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/dao/RegistryPolicyDAOImpl.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/dao/RegistryPolicyDAOImpl.java new file mode 100644 index 000000000000..cc3dea614705 --- /dev/null +++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/dao/RegistryPolicyDAOImpl.java @@ -0,0 +1,1260 @@ +/* + * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.entitlement.dao; + +import org.apache.axiom.om.OMElement; +import org.apache.axiom.om.util.AXIOMUtil; +import org.apache.commons.lang.StringUtils; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.wso2.balana.AbstractPolicy; +import org.wso2.carbon.context.CarbonContext; +import org.wso2.carbon.identity.entitlement.EntitlementException; +import org.wso2.carbon.identity.entitlement.EntitlementUtil; +import org.wso2.carbon.identity.entitlement.PDPConstants; +import org.wso2.carbon.identity.entitlement.PolicyOrderComparator; +import org.wso2.carbon.identity.entitlement.dto.AttributeDTO; +import org.wso2.carbon.identity.entitlement.dto.PolicyDTO; +import org.wso2.carbon.identity.entitlement.dto.PolicyStoreDTO; +import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent; +import org.wso2.carbon.identity.entitlement.pap.PAPPolicyReader; +import org.wso2.carbon.identity.entitlement.policy.PolicyAttributeBuilder; +import org.wso2.carbon.identity.entitlement.policy.finder.AbstractPolicyFinderModule; +import org.wso2.carbon.identity.entitlement.policy.finder.PolicyFinderModule; +import org.wso2.carbon.registry.core.Collection; +import org.wso2.carbon.registry.core.Registry; +import org.wso2.carbon.registry.core.RegistryConstants; +import org.wso2.carbon.registry.core.Resource; +import org.wso2.carbon.registry.core.exceptions.RegistryException; +import org.wso2.carbon.registry.core.exceptions.ResourceNotFoundException; +import org.wso2.carbon.registry.core.utils.RegistryUtils; + +import java.nio.charset.StandardCharsets; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.Date; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.Properties; +import java.util.Set; + +import javax.xml.stream.XMLStreamException; + +/** + * This implementation handles the XACML policy management in the Registry. + */ +public class RegistryPolicyDAOImpl extends AbstractPolicyFinderModule implements PolicyDAO { + + // The logger that is used for all messages + private static final Log LOG = LogFactory.getLog(RegistryPolicyDAOImpl.class); + private static final String KEY_VALUE_POLICY_META_DATA = "policyMetaData"; + private static final String MODULE_NAME = "Registry Policy Finder Module"; + private static final String POLICY_STORE_PATH = "policyStorePath"; + private static final String DEFAULT_POLICY_STORE_PATH = "/repository/identity/entitlement/policy/pdp/"; + private final String policyStorePath; + private final int maxVersions; + + public RegistryPolicyDAOImpl() { + + policyStorePath = getPolicyStorePath(); + maxVersions = EntitlementUtil.getMaxNoOfPolicyVersions(); + } + + @Override + public void init(Properties properties) { + + } + + /** + * Adds or updates the given PAP policy. + * + * @param policy policy + * @throws EntitlementException If an error occurs + */ + @Override + public void addOrUpdatePolicy(PolicyDTO policy, boolean enableVersioning) throws EntitlementException { + + if (enableVersioning) { + String version = createVersion(policy); + policy.setVersion(version); + addOrUpdatePAPPolicy(policy, policy.getVersion(), PDPConstants.ENTITLEMENT_POLICY_VERSION + + policy.getPolicyId() + RegistryConstants.PATH_SEPARATOR); + } + addOrUpdatePAPPolicy(policy, policy.getPolicyId(), PDPConstants.ENTITLEMENT_POLICY_PAP); + + } + + /** + * Gets the requested policy. + * + * @param policyId policy ID + * @return policyDTO + * @throws EntitlementException If an error occurs + */ + @Override + public PolicyDTO getPAPPolicy(String policyId) throws EntitlementException { + + String path = PDPConstants.ENTITLEMENT_POLICY_PAP + policyId; + return getPolicyDTO(policyId, path); + } + + /** + * Gets the requested policy version. + * + * @param policyId policy ID + * @param version policy version + * @return policyDTO + * @throws EntitlementException If an error occurs + */ + @Override + public PolicyDTO getPolicy(String policyId, String version) throws EntitlementException { + + // Zero indicates the current version + if (version == null || version.trim().isEmpty()) { + try { + Registry registry = getRegistry(); + Collection collection = (Collection) registry.get(PDPConstants.ENTITLEMENT_POLICY_VERSION + policyId); + if (collection != null) { + version = collection.getProperty(PDPConstants.POLICY_VERSION); + } + } catch (RegistryException e) { + LOG.error(e); + throw new EntitlementException("Invalid policy version"); + } + } + + String collection = PDPConstants.ENTITLEMENT_POLICY_VERSION + policyId + RegistryConstants.PATH_SEPARATOR; + String path = collection + version; + PolicyDTO dto = getPolicyDTO(policyId, path); + + if (dto == null) { + throw new EntitlementException("Invalid policy version"); + } + return dto; + } + + /** + * Gets all versions of the given policy ID. + * + * @param policyId policy ID + * @return array of policy versions + */ + @Override + public String[] getVersions(String policyId) { + + List versions = new ArrayList<>(); + Collection collection = null; + try { + try { + Registry registry = getRegistry(); + collection = (Collection) registry.get(PDPConstants.ENTITLEMENT_POLICY_VERSION + policyId); + } catch (ResourceNotFoundException e) { + // ignore + } + if (collection != null && collection.getChildren() != null) { + String[] children = collection.getChildren(); + for (String child : children) { + versions.add(RegistryUtils.getResourceName(child)); + } + } + } catch (RegistryException e) { + LOG.error("Error while creating new version of policy", e); + } + return versions.toArray(new String[0]); + + } + + /** + * Gets the name of the module. + * + * @return name as String + */ + @Override + public String getModuleName() { + + return MODULE_NAME; + } + + /** + * Gets the policy for the given policy ID. + * + * @param policyId policy id as a string value + * @return policy as string + */ + @Override + public String getPolicy(String policyId) { + + PolicyDTO dto; + try { + dto = getPublishedPolicy(policyId); + return dto.getPolicy(); + } catch (Exception e) { + LOG.error("Policy with identifier " + policyId + " can not be retrieved " + + "from registry policy finder module", e); + } + return null; + } + + /** + * Gets the policy order. + * + * @param policyId policy id as a string value + * @return policy order + */ + @Override + public int getPolicyOrder(String policyId) { + + PolicyDTO dto; + try { + dto = getPublishedPolicy(policyId); + return dto.getPolicyOrder(); + } catch (Exception e) { + LOG.error("Policy with identifier " + policyId + " can not be retrieved " + + "from registry policy finder module", e); + } + return -1; + } + + /** + * Gets all supported active policies. + * If policy ordering is supported by the module itself, these policies must be ordered. + * + * @return array of policies as Strings + */ + @Override + public String[] getActivePolicies() { + + LOG.debug("Retrieving of Active policies are started. " + new Date()); + + List policies = new ArrayList<>(); + + try { + PolicyDTO[] policyDTOs = getAllPolicies(true, true); + for (PolicyDTO dto : policyDTOs) { + if (dto.getPolicy() != null) { + policies.add(dto.getPolicy()); + } + } + } catch (Exception e) { + LOG.error("Policies can not be retrieved from registry policy finder module", e); + } + + LOG.debug("Retrieving of Active policies are finished. " + new Date()); + + return policies.toArray(new String[0]); + } + + /** + * Gets all supported policy ids. + * If policy ordering is supported by the module itself, these policy ids must be ordered. + * + * @return array of policy ids as Strings + */ + @Override + public String[] getOrderedPolicyIdentifiers() { + + LOG.debug("Retrieving of Order Policy Ids are started. " + new Date()); + + List policies = new ArrayList<>(); + + try { + PolicyDTO[] policyDTOs = getAllPolicies(false, true); + for (PolicyDTO dto : policyDTOs) { + if (dto.getPolicy() != null) { + policies.add(dto.getPolicyId()); + } + } + } catch (Exception e) { + LOG.error("Policies can not be retrieved from registry policy finder module", e); + } + + LOG.debug("Retrieving of Order Policy Ids are finish. " + new Date()); + + return policies.toArray(new String[0]); + + } + + /** + * Gets all policy ids. + * + * @return array of policy ids as Strings + */ + @Override + public String[] getPolicyIdentifiers() { + + String[] policyIds = null; + try { + policyIds = listPublishedPolicyIds().toArray(new String[0]); + } catch (Exception e) { + LOG.error("Policy identifiers can not be retrieved from registry policy finder module", e); + } + return policyIds; + } + + /** + * Gets reference policy for the given policy ID. + * Reference policy can not be with PDP policy store, may be in some external policy store. + * Therefore, a new method has been added to retrieve reference policies. + * + * @param policyId policy id as String value + * @return reference policy as String + */ + @Override + public String getReferencedPolicy(String policyId) { + + // Retrieves for policies that are not active + PolicyDTO dto = getPublishedPolicy(policyId); + if (dto != null && dto.getPolicy() != null && !dto.isActive()) { + return dto.getPolicy(); + } + + return null; + } + + /** + * Gets attributes that are used for policy searching. + * + * @param identifier unique identifier to separate out search attributes + * @param givenAttribute pre-given attributes to retrieve other attributes + * @return return search attributes based on a given policy, Map of policy id with search attributes. + */ + @Override + public Map> getSearchAttributes(String identifier, Set givenAttribute) { + + PolicyDTO[] policyDTOs = null; + Map> attributeMap = null; + try { + policyDTOs = getAllPolicies(true, true); + } catch (Exception e) { + LOG.error("Policies can not be retrieved from registry policy finder module", e); + } + + if (policyDTOs != null) { + attributeMap = new HashMap<>(); + for (PolicyDTO policyDTO : policyDTOs) { + Set attributeDTOs = + new HashSet<>(Arrays.asList(policyDTO.getAttributeDTOs())); + String[] policyIdRef = policyDTO.getPolicyIdReferences(); + String[] policySetIdRef = policyDTO.getPolicySetIdReferences(); + + if (policyIdRef != null && policyIdRef.length > 0 || policySetIdRef != null && + policySetIdRef.length > 0) { + for (PolicyDTO dto : policyDTOs) { + if (policyIdRef != null) { + for (String policyId : policyIdRef) { + if (dto.getPolicyId().equals(policyId)) { + attributeDTOs.addAll(Arrays.asList(dto.getAttributeDTOs())); + } + } + } + for (String policySetId : policySetIdRef) { + if (dto.getPolicyId().equals(policySetId)) { + attributeDTOs.addAll(Arrays.asList(dto.getAttributeDTOs())); + } + } + } + } + attributeMap.put(policyDTO.getPolicyId(), attributeDTOs); + } + } + + return attributeMap; + } + + /** + * Gets support attribute searching scheme of the module. + * + * @return return scheme identifier value + */ + @Override + public int getSupportedSearchAttributesScheme() { + + return PolicyFinderModule.COMBINATIONS_BY_CATEGORY_AND_PARAMETER; + } + + /** + * Lists all PAP policy IDs. + * + * @return list of policy IDs + * @throws EntitlementException If an error occurs + */ + @Override + public List listPolicyIds() throws EntitlementException { + + String path = PDPConstants.ENTITLEMENT_POLICY_PAP; + return listAllPolicyIds(path); + + } + + /** + * Removes the given policy from PAP. + * + * @param policyId policy ID + * @throws EntitlementException If an error occurs + */ + @Override + public void removePolicy(String policyId) throws EntitlementException { + + String path; + + if (LOG.isDebugEnabled()) { + LOG.debug("Removing entitlement policy"); + } + + // Restricts removing policies, that have already been published + List publishedPolicies = listPublishedPolicyIds(); + if (publishedPolicies != null && publishedPolicies.contains(policyId)) { + LOG.error("Policies that have already been published, cannot be removed from PAP"); + throw new EntitlementException("Policies that have already been published, cannot be removed from PAP"); + } + + try { + path = PDPConstants.ENTITLEMENT_POLICY_PAP + policyId; + Registry registry = getRegistry(); + if (!registry.resourceExists(path)) { + if (LOG.isDebugEnabled()) { + LOG.debug("Trying to access an entitlement policy which does not exist"); + } + return; + } + registry.delete(path); + + // Removes versions + if (registry.resourceExists(PDPConstants.ENTITLEMENT_POLICY_VERSION + policyId)) { + registry.delete(PDPConstants.ENTITLEMENT_POLICY_VERSION + policyId); + } + + } catch (RegistryException e) { + LOG.error("Error while removing entitlement policy " + policyId + " from PAP policy store", e); + throw new EntitlementException("Error while removing policy " + policyId + " from PAP policy store"); + } + + } + + /** + * Publishes the given policy. + * + * @param policy policy to be published + * @throws EntitlementException If an error occurs + */ + @Override + public void publishPolicy(PolicyStoreDTO policy) throws EntitlementException { + + String policyPath; + Collection policyCollection; + Resource resource; + String papPath; + Resource papResource; + + if (policy == null || StringUtils.isBlank(policy.getPolicyId())) { + throw new EntitlementException("Policy can not be null"); + } + + try { + + // Restricts publishing policies that are not in PAP + papPath = PDPConstants.ENTITLEMENT_POLICY_PAP + policy.getPolicyId(); + Registry registry = getRegistry(); + if (!registry.resourceExists(papPath)) { + throw new EntitlementException("Policies that are not included in the PAP, cannot be published"); + } + + // Publishes policy to PDP + if (registry.resourceExists(policyStorePath)) { + policyCollection = (Collection) registry.get(policyStorePath); + } else { + policyCollection = registry.newCollection(); + } + registry.put(policyStorePath, policyCollection); + + policyPath = policyStorePath + policy.getPolicyId(); + if (registry.resourceExists(policyPath)) { + resource = registry.get(policyPath); + } else { + resource = registry.newResource(); + } + + if (policy.getPolicy() != null && !policy.getPolicy().trim().isEmpty()) { + resource.setContent(policy.getPolicy()); + resource.setMediaType(PDPConstants.REGISTRY_MEDIA_TYPE); + AttributeDTO[] attributeDTOs = policy.getAttributeDTOs(); + if (attributeDTOs != null && EntitlementUtil.isPolicyMetadataStoringEnabled()) { + setAttributesAsProperties(attributeDTOs, resource); + } + } + if (policy.isSetActive()) { + resource.setProperty("active", Boolean.toString(policy.isActive())); + } + if (policy.isSetOrder()) { + int order = policy.getPolicyOrder(); + if (order > 0) { + resource.setProperty("order", Integer.toString(order)); + } + } + if (resource.getContent() == null) { + LOG.info("Prevented adding null content to resource " + policyPath); + return; + } + // Store policy metadata based on the configured property. + if (!EntitlementUtil.isPolicyMetadataStoringEnabled()) { + for (Map.Entry entry : resource.getProperties().entrySet()) { + if (entry.getKey().toString().startsWith(PDPConstants.POLICY_META_DATA)) { + resource.getProperties().remove(entry.getKey()); + } + } + } + registry.put(policyPath, resource); + + // Updates the relevant resource in version store + String version = policy.getVersion(); + if (version == null || version.trim().isEmpty()) { + try { + Collection collection = (Collection) registry.get(PDPConstants.ENTITLEMENT_POLICY_VERSION + + policy.getPolicyId()); + if (collection != null) { + version = collection.getProperty(PDPConstants.POLICY_VERSION); + } + } catch (RegistryException e) { + LOG.error(e); + throw new EntitlementException("Invalid policy version"); + } + } + String versionCollectionPath = PDPConstants.ENTITLEMENT_POLICY_VERSION + policy.getPolicyId() + + RegistryConstants.PATH_SEPARATOR; + String versionPolicyPath = PDPConstants.ENTITLEMENT_POLICY_VERSION + policy.getPolicyId() + + RegistryConstants.PATH_SEPARATOR + version; + updateResource(policy, versionCollectionPath, versionPolicyPath); + + // If the publishing version is the latest version, updates the relevant resource in PAP + if (registry.resourceExists(papPath)) { + papResource = registry.get(papPath); + if (Objects.equals(papResource.getProperty(PDPConstants.POLICY_VERSION), version)) { + updateResource(policy, PDPConstants.ENTITLEMENT_POLICY_PAP, papPath); + } + } + + } catch (RegistryException e) { + LOG.error("Error while publishing policy", e); + throw new EntitlementException("Error while publishing policy", e); + } + } + + /** + * Checks whether the given policy is published or not. + * + * @param policyId policy ID + * @return whether the given policy is published or not + */ + @Override + public boolean isPublished(String policyId) { + + String policyPath; + if (policyId == null || policyId.trim().isEmpty()) { + return false; + } + try { + Registry registry = getRegistry(); + policyPath = policyStorePath + policyId; + return registry.resourceExists(policyPath); + } catch (RegistryException e) { + //ignore + return false; + } + } + + /** + * Gets the requested published policy. + * + * @param policyId policy ID + * @return requested policy + */ + @Override + public PolicyDTO getPublishedPolicy(String policyId) { + + try { + Resource resource; + resource = getPolicyResource(policyId); + if (resource == null) { + return new PolicyDTO(); + } + return readPolicy(resource); + } catch (EntitlementException e) { + LOG.error("Error while retrieving PDP policy : " + policyId); + return new PolicyDTO(); + } + + } + + /** + * Lists all published policy IDs. + * + * @return list of published policy IDs + * @throws EntitlementException If an error occurs + */ + @Override + public List listPublishedPolicyIds() throws EntitlementException { + + return listAllPolicyIds(policyStorePath); + } + + /** + * Un-publishes the policy. + * + * @param policyId policy ID + */ + @Override + public void unPublishPolicy(String policyId) { + + String policyPath; + + if (policyId == null || policyId.trim().isEmpty()) { + return; + } + + try { + Registry registry = getRegistry(); + // Removes from PDP + policyPath = policyStorePath + policyId; + registry.delete(policyPath); + + } catch (RegistryException e) { + LOG.error(e); + } + + } + + /** + * Adds or updates the given policy to PAP. + * + * @param policy policyDTO + * @param policyId policyID + * @param policyPath registry destination path + * @throws EntitlementException If an error occurs + */ + private void addOrUpdatePAPPolicy(PolicyDTO policy, String policyId, String policyPath) + throws EntitlementException { + + String path; + Resource resource; + boolean newPolicy = false; + OMElement omElement = null; + + if (LOG.isDebugEnabled()) { + LOG.debug("Creating or updating entitlement policy"); + } + + if (policyId == null) { + LOG.error("Error while creating or updating entitlement policy: " + + "PolicyDAO DTO or PolicyDAO Id can not be null"); + throw new EntitlementException("Invalid Entitlement PolicyDAO. PolicyDAO or policyId can not be Null"); + } + + try { + path = policyPath + policyId; + Registry registry = getRegistry(); + if (registry.resourceExists(path)) { + resource = registry.get(path); + } else { + resource = registry.newResource(); + } + + Collection policyCollection; + if (registry.resourceExists(policyPath)) { + policyCollection = (Collection) registry.get(policyPath); + } else { + policyCollection = registry.newCollection(); + } + + if (policy.getPolicyOrder() > 0) { + String noOfPolicies = policyCollection.getProperty(PDPConstants.MAX_POLICY_ORDER); + if (noOfPolicies != null && Integer.parseInt(noOfPolicies) < policy.getPolicyOrder()) { + policyCollection.setProperty(PDPConstants.MAX_POLICY_ORDER, + Integer.toString(policy.getPolicyOrder())); + registry.put(policyPath, policyCollection); + } + resource.setProperty(PDPConstants.POLICY_ORDER, Integer.toString(policy.getPolicyOrder())); + } else { + String previousOrder = resource.getProperty(PDPConstants.POLICY_ORDER); + if (previousOrder == null) { + if (policyCollection != null) { + int policyOrder = 1; + String noOfPolicies = policyCollection.getProperty(PDPConstants.MAX_POLICY_ORDER); + if (noOfPolicies != null) { + policyOrder = policyOrder + Integer.parseInt(noOfPolicies); + } + policyCollection.setProperty(PDPConstants.MAX_POLICY_ORDER, Integer.toString(policyOrder)); + resource.setProperty(PDPConstants.POLICY_ORDER, Integer.toString(policyOrder)); + } + registry.put(policyPath, policyCollection); + } + } + + if (StringUtils.isNotBlank(policy.getPolicy())) { + resource.setContent(policy.getPolicy()); + newPolicy = true; + PolicyAttributeBuilder policyAttributeBuilder = new PolicyAttributeBuilder(policy.getPolicy()); + Properties properties = policyAttributeBuilder.getPolicyMetaDataFromPolicy(); + Properties resourceProperties = new Properties(); + for (Object o : properties.keySet()) { + String key = o.toString(); + resourceProperties.put(key, Collections.singletonList(properties.get(key))); + } + // Store policy metadata based on the configured property. + if (EntitlementUtil.isPolicyMetadataStoringEnabled()) { + resource.setProperties(resourceProperties); + } + } + + resource.setProperty(PDPConstants.ACTIVE_POLICY, Boolean.toString(policy.isActive())); + resource.setProperty(PDPConstants.PROMOTED_POLICY, Boolean.toString(policy.isPromote())); + + if (policy.getVersion() != null) { + resource.setProperty(PDPConstants.POLICY_VERSION, policy.getVersion()); + } + resource.setProperty(PDPConstants.LAST_MODIFIED_TIME, Long.toString(System.currentTimeMillis())); + resource.setProperty(PDPConstants.LAST_MODIFIED_USER, + CarbonContext.getThreadLocalCarbonContext().getUsername()); + + if (policy.getPolicyType() != null && !policy.getPolicyType().trim().isEmpty()) { + resource.setProperty(PDPConstants.POLICY_TYPE, policy.getPolicyType()); + } else { + try { + if (newPolicy) { + omElement = AXIOMUtil.stringToOM(policy.getPolicy()); + resource.setProperty(PDPConstants.POLICY_TYPE, omElement.getLocalName()); + } + } catch (XMLStreamException e) { + policy.setPolicyType(PDPConstants.POLICY_ELEMENT); + LOG.warn("PolicyDAO Type can not be found. Default type is set"); + } + } + + if (omElement != null) { + Iterator iterator1 = omElement.getChildrenWithLocalName(PDPConstants.POLICY_REFERENCE); + if (iterator1 != null) { + String policyReferences = ""; + while (iterator1.hasNext()) { + OMElement policyReference = (OMElement) iterator1.next(); + if (!"".equals(policyReferences)) { + policyReferences = policyReferences + PDPConstants.ATTRIBUTE_SEPARATOR + + policyReference.getText(); + } else { + policyReferences = policyReference.getText(); + } + } + resource.setProperty(PDPConstants.POLICY_REFERENCE, policyReferences); + } + + Iterator iterator2 = omElement.getChildrenWithLocalName(PDPConstants.POLICY_SET_REFERENCE); + if (iterator2 != null) { + String policySetReferences = ""; + while (true) { + assert iterator1 != null; + if (!iterator1.hasNext()) { + break; + } + OMElement policySetReference = (OMElement) iterator2.next(); + if (!"".equals(policySetReferences)) { + policySetReferences = policySetReferences + PDPConstants.ATTRIBUTE_SEPARATOR + + policySetReference.getText(); + } else { + policySetReferences = policySetReference.getText(); + } + } + resource.setProperty(PDPConstants.POLICY_SET_REFERENCE, policySetReferences); + } + } + + // Before writing basic policy editor metadata as properties, deletes any properties related to them + String policyEditor = resource.getProperty(PDPConstants.POLICY_EDITOR_TYPE); + if (newPolicy && policyEditor != null) { + resource.removeProperty(PDPConstants.POLICY_EDITOR_TYPE); + } + + // Writes policy metadata that is used for basic policy editor + if (policy.getPolicyEditor() != null && !policy.getPolicyEditor().trim().isEmpty()) { + resource.setProperty(PDPConstants.POLICY_EDITOR_TYPE, policy.getPolicyEditor().trim()); + } + String[] policyMetaData = policy.getPolicyEditorData(); + if (policyMetaData != null && policyMetaData.length > 0) { + String basicPolicyEditorMetaDataAmount = + resource.getProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA_AMOUNT); + if (newPolicy && basicPolicyEditorMetaDataAmount != null) { + int amount = Integer.parseInt(basicPolicyEditorMetaDataAmount); + for (int i = 0; i < amount; i++) { + resource.removeProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA + i); + } + resource.removeProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA_AMOUNT); + } + + int i = 0; + for (String policyData : policyMetaData) { + if (policyData != null && !policyData.isEmpty()) { + resource.setProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA + i, policyData); + } + i++; + } + resource.setProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA_AMOUNT, Integer.toString(i)); + } + // Store policy metadata based on the configured property. + if (!EntitlementUtil.isPolicyMetadataStoringEnabled()) { + for (Map.Entry entry : resource.getProperties().entrySet()) { + if (entry.getKey().toString().startsWith(PDPConstants.POLICY_META_DATA)) { + resource.getProperties().remove(entry.getKey()); + } + } + } + + registry.put(path, resource); + + } catch (RegistryException e) { + LOG.error("Error while adding or updating entitlement policy " + policyId + " in policy store", e); + throw new EntitlementException("Error while adding or updating entitlement policy in policy store"); + } + } + + /** + * Creates a new policy version. + * + * @param policyDTO policy + * @return new policy version + */ + private String createVersion(PolicyDTO policyDTO) { + + String version = "0"; + + try { + Collection collection = null; + Registry registry = getRegistry(); + try { + collection = (Collection) registry.get(PDPConstants.ENTITLEMENT_POLICY_VERSION + + policyDTO.getPolicyId()); + } catch (ResourceNotFoundException e) { + // ignore + } + + if (collection != null) { + version = collection.getProperty(PDPConstants.POLICY_VERSION); + } else { + collection = registry.newCollection(); + collection.setProperty(PDPConstants.POLICY_VERSION, "1"); + registry.put(PDPConstants.ENTITLEMENT_POLICY_VERSION + policyDTO.getPolicyId(), collection); + } + + int versionInt = Integer.parseInt(version); + String policyPath = PDPConstants.ENTITLEMENT_POLICY_VERSION + policyDTO.getPolicyId() + + RegistryConstants.PATH_SEPARATOR; + + // Checks whether the version is larger than the maximum version + if (versionInt > maxVersions) { + // Deletes the older version + int olderVersion = versionInt - maxVersions; + if (registry.resourceExists(policyPath + olderVersion)) { + registry.delete(policyPath + olderVersion); + } + } + + // Creates the new version + version = Integer.toString(versionInt + 1); + policyDTO.setVersion(version); + + // Sets the new version + collection.setProperty("version", version); + registry.put(PDPConstants.ENTITLEMENT_POLICY_VERSION + policyDTO.getPolicyId(), collection); + + } catch (RegistryException e) { + LOG.error("Error while creating a new version for the policy", e); + } + return version; + } + + /** + * Creates a property object which contains the policy metadata. + * + * @param attributeDTOs list of AttributeDTO + * @param resource registry resource + */ + private void setAttributesAsProperties(AttributeDTO[] attributeDTOs, Resource resource) { + + int attributeElementNo = 0; + if (attributeDTOs != null) { + for (AttributeDTO attributeDTO : attributeDTOs) { + resource.setProperty(KEY_VALUE_POLICY_META_DATA + attributeElementNo, + attributeDTO.getCategory() + "," + + attributeDTO.getAttributeValue() + "," + + attributeDTO.getAttributeId() + "," + + attributeDTO.getAttributeDataType()); + attributeElementNo++; + } + } + } + + /** + * Gets the requested policy from PAP. + * + * @param policyId policy ID + * @return policyDTO + * @throws EntitlementException If an error occurs + */ + private PolicyDTO getPolicyDTO(String policyId, String path) throws EntitlementException { + + if (LOG.isDebugEnabled()) { + LOG.debug("Retrieving entitlement policy"); + } + + try { + Registry registry = getRegistry(); + if (!registry.resourceExists(path)) { + if (LOG.isDebugEnabled()) { + LOG.debug("Trying to access an entitlement policy which does not exist"); + } + return null; + } + + Resource resource = registry.get(path); + if (resource == null) { + return null; + } + + PolicyDTO dto = new PolicyDTO(); + dto.setPolicyId(policyId); + dto.setPolicy(new String((byte[]) resource.getContent(), StandardCharsets.UTF_8)); + dto.setActive(Boolean.parseBoolean(resource.getProperty(PDPConstants.ACTIVE_POLICY))); + String policyOrder = resource.getProperty(PDPConstants.POLICY_ORDER); + if (policyOrder != null) { + dto.setPolicyOrder(Integer.parseInt(policyOrder)); + } else { + dto.setPolicyOrder(0); + } + + String version = resource.getProperty(PDPConstants.POLICY_VERSION); + if (version != null) { + dto.setVersion(version); + } + String lastModifiedTime = resource.getProperty(PDPConstants.LAST_MODIFIED_TIME); + if (lastModifiedTime != null) { + dto.setLastModifiedTime(lastModifiedTime); + } + String lastModifiedUser = resource.getProperty(PDPConstants.LAST_MODIFIED_USER); + if (lastModifiedUser != null) { + dto.setLastModifiedUser(lastModifiedUser); + } + dto.setPolicyType(resource.getProperty(PDPConstants.POLICY_TYPE)); + + String policyReferences = resource.getProperty(PDPConstants.POLICY_REFERENCE); + if (policyReferences != null && !policyReferences.trim().isEmpty()) { + dto.setPolicyIdReferences(policyReferences.split(PDPConstants.ATTRIBUTE_SEPARATOR)); + } + + String policySetReferences = resource.getProperty(PDPConstants.POLICY_SET_REFERENCE); + if (policySetReferences != null && !policySetReferences.trim().isEmpty()) { + dto.setPolicySetIdReferences(policySetReferences.split(PDPConstants.ATTRIBUTE_SEPARATOR)); + } + + dto.setPolicyEditor(resource.getProperty(PDPConstants.POLICY_EDITOR_TYPE)); + String basicPolicyEditorMetaDataAmount = + resource.getProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA_AMOUNT); + if (basicPolicyEditorMetaDataAmount != null) { + int amount = Integer.parseInt(basicPolicyEditorMetaDataAmount); + String[] basicPolicyEditorMetaData = new String[amount]; + for (int i = 0; i < amount; i++) { + basicPolicyEditorMetaData[i] = resource.getProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA + i); + } + dto.setPolicyEditorData(basicPolicyEditorMetaData); + } + PolicyAttributeBuilder policyAttributeBuilder = new PolicyAttributeBuilder(); + dto.setAttributeDTOs( + policyAttributeBuilder.getPolicyMetaDataFromRegistryProperties(resource.getProperties())); + + return dto; + + } catch (RegistryException e) { + LOG.error("Error while retrieving entitlement policy PAP policy store", e); + throw new EntitlementException("Error while retrieving entitlement policy PAP policy store"); + } + + } + + /** + * Returns given policy as a registry resource. + * + * @param policyId policy id + * @return policy as a registry resource + * @throws EntitlementException If an error occurs + */ + private Resource getPolicyResource(String policyId) throws EntitlementException { + + String path; + + if (LOG.isDebugEnabled()) { + LOG.debug("Retrieving entitlement policy"); + } + + try { + path = policyStorePath + policyId; + Registry registry = getRegistry(); + if (!registry.resourceExists(path)) { + if (LOG.isDebugEnabled()) { + LOG.debug("Trying to access an entitlement policy which does not exist"); + } + return null; + } + return registry.get(path); + } catch (RegistryException e) { + LOG.error("Error while retrieving entitlement policy : " + policyId, e); + throw new EntitlementException("Error while retrieving entitlement policy : " + policyId, e); + } + } + + /** + * Reads All ordered active policies as PolicyDTO. + * + * @param active only return active policies + * @param order return ordered policy + * @return Array of PolicyDTO + * @throws EntitlementException If an error occurs + */ + private PolicyDTO[] getAllPolicies(boolean active, boolean order) throws EntitlementException { + + Resource[] resources; + resources = getAllPolicyResource(); + + if (resources.length == 0) { + return new PolicyDTO[0]; + } + List policyDTOList = new ArrayList<>(); + for (Resource resource : resources) { + PolicyDTO policyDTO = readPolicy(resource); + if (active) { + if (policyDTO.isActive()) { + policyDTOList.add(policyDTO); + } + } else { + policyDTOList.add(policyDTO); + } + } + + PolicyDTO[] policyDTOs = policyDTOList.toArray(new PolicyDTO[0]); + + if (order) { + Arrays.sort(policyDTOs, new PolicyOrderComparator()); + } + return policyDTOs; + } + + /** + * Returns all the policies as registry resources. + * + * @return policies as Resource[] + * @throws EntitlementException If an error occurs + */ + private Resource[] getAllPolicyResource() throws EntitlementException { + + String path; + Collection collection; + List resources = new ArrayList<>(); + String[] children; + + if (LOG.isDebugEnabled()) { + LOG.debug("Retrieving all entitlement policies"); + } + + try { + path = policyStorePath; + Registry registry = getRegistry(); + if (!registry.resourceExists(path)) { + if (LOG.isDebugEnabled()) { + LOG.debug("Trying to access an entitlement policy which does not exist"); + } + return new Resource[0]; + } + collection = (Collection) registry.get(path); + children = collection.getChildren(); + + for (String aChildren : children) { + resources.add(registry.get(aChildren)); + } + + } catch (RegistryException e) { + LOG.error("Error while retrieving entitlement policy", e); + throw new EntitlementException("Error while retrieving entitlement policies", e); + } + + return resources.toArray(new Resource[0]); + } + + /** + * Gets all policy IDs. + * + * @param path policy registry path + * @return list of policy IDs + * @throws EntitlementException If an error occurs + */ + private List listAllPolicyIds(String path) throws EntitlementException { + + Collection collection; + String[] children; + List resources = new ArrayList<>(); + + if (LOG.isDebugEnabled()) { + LOG.debug("Retrieving all entitlement policies"); + } + + try { + Registry registry = getRegistry(); + if (!registry.resourceExists(path)) { + if (LOG.isDebugEnabled()) { + LOG.debug("Trying to access an entitlement policy which does not exist"); + } + return Collections.emptyList(); + } + collection = (Collection) registry.get(path); + children = collection.getChildren(); + for (String child : children) { + String id = child.substring(child.lastIndexOf(RegistryConstants.PATH_SEPARATOR) + 1); + resources.add(id); + } + + } catch (RegistryException e) { + LOG.error("Error while retrieving entitlement policy resources", e); + throw new EntitlementException("Error while retrieving entitlement policy resources", e); + } + + return resources; + } + + /** + * Reads PolicyDTO for given registry resource. + * + * @param resource Registry resource + * @return PolicyDTO + * @throws EntitlementException If an error occurs + */ + private PolicyDTO readPolicy(Resource resource) throws EntitlementException { + + String policy; + AbstractPolicy absPolicy; + PolicyDTO dto; + + try { + if (resource.getContent() == null) { + throw new EntitlementException("Error while loading entitlement policy. Policy content is null"); + } + policy = new String((byte[]) resource.getContent(), StandardCharsets.UTF_8); + absPolicy = PAPPolicyReader.getInstance(null).getPolicy(policy); + dto = new PolicyDTO(); + dto.setPolicyId(absPolicy.getId().toASCIIString()); + dto.setPolicy(policy); + String policyOrder = resource.getProperty("order"); + if (policyOrder != null) { + dto.setPolicyOrder(Integer.parseInt(policyOrder)); + } else { + dto.setPolicyOrder(0); + } + String policyActive = resource.getProperty("active"); + if (policyActive != null) { + dto.setActive(Boolean.parseBoolean(policyActive)); + } + PolicyAttributeBuilder policyAttributeBuilder = new PolicyAttributeBuilder(); + dto.setAttributeDTOs(policyAttributeBuilder. + getPolicyMetaDataFromRegistryProperties(resource.getProperties())); + return dto; + } catch (RegistryException e) { + LOG.error("Error while loading entitlement policy", e); + throw new EntitlementException("Error while loading entitlement policy", e); + } + } + + /** + * Updates the given registry resource. + * + * @param policy publishing policy + * @param collectionPath registry collection path + * @param policyPath registry resource path + * @throws EntitlementException If an error occurs + */ + private void updateResource(PolicyStoreDTO policy, String collectionPath, String policyPath) + throws EntitlementException { + + Collection policyCollection; + Resource resource; + + try { + Registry registry = getRegistry(); + policyCollection = (Collection) registry.get(collectionPath); + resource = registry.get(policyPath); + + if (policy.isSetActive()) { + resource.setProperty(PDPConstants.ACTIVE_POLICY, Boolean.toString(policy.isActive())); + } + if (policy.isSetOrder()) { + int order = policy.getPolicyOrder(); + if (order > 0) { + if (Objects.equals(collectionPath, PDPConstants.ENTITLEMENT_POLICY_PAP)) { + String noOfPolicies = policyCollection.getProperty(PDPConstants.MAX_POLICY_ORDER); + if (noOfPolicies != null && Integer.parseInt(noOfPolicies) < order) { + policyCollection.setProperty(PDPConstants.MAX_POLICY_ORDER, Integer.toString(order)); + registry.put(PDPConstants.ENTITLEMENT_POLICY_PAP, policyCollection); + } + } + resource.setProperty(PDPConstants.POLICY_ORDER, Integer.toString(order)); + } + } + + if (policy.isSetOrder() || policy.isSetActive()) { + resource.setProperty(PDPConstants.LAST_MODIFIED_TIME, Long.toString(System.currentTimeMillis())); + resource.setProperty(PDPConstants.LAST_MODIFIED_USER, + CarbonContext.getThreadLocalCarbonContext().getUsername()); + } + + registry.put(policyPath, resource); + + } catch (RegistryException e) { + LOG.error("Error while publishing policy", e); + throw new EntitlementException("Error while publishing policy", e); + } + } + + /** + * Gets the policy store path + * + * @return policy store path + */ + private static String getPolicyStorePath() { + + String policyStorePath; + policyStorePath = EntitlementServiceComponent.getEntitlementConfig().getEngineProperties(). + getProperty(POLICY_STORE_PATH); + if (policyStorePath == null) { + policyStorePath = DEFAULT_POLICY_STORE_PATH; + } + return policyStorePath; + } + + private Registry getRegistry() { + + int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); + return EntitlementServiceComponent.getGovernanceRegistry(tenantId); + } +} diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/dao/RegistrySubscriberDAOImpl.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/dao/RegistrySubscriberDAOImpl.java new file mode 100644 index 000000000000..b880850ec821 --- /dev/null +++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/dao/RegistrySubscriberDAOImpl.java @@ -0,0 +1,289 @@ +/* + * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.entitlement.dao; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.context.CarbonContext; +import org.wso2.carbon.core.util.CryptoException; +import org.wso2.carbon.core.util.CryptoUtil; +import org.wso2.carbon.identity.entitlement.EntitlementException; +import org.wso2.carbon.identity.entitlement.PDPConstants; +import org.wso2.carbon.identity.entitlement.common.EntitlementConstants; +import org.wso2.carbon.identity.entitlement.dto.PublisherDataHolder; +import org.wso2.carbon.identity.entitlement.dto.PublisherPropertyDTO; +import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent; +import org.wso2.carbon.registry.core.Collection; +import org.wso2.carbon.registry.core.Registry; +import org.wso2.carbon.registry.core.RegistryConstants; +import org.wso2.carbon.registry.core.Resource; +import org.wso2.carbon.registry.core.exceptions.RegistryException; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +/** + * This implementation handles the subscriber management in the Registry. + */ +public class RegistrySubscriberDAOImpl implements SubscriberDAO { + + public static final String SUBSCRIBER_ID = "subscriberId"; + // The logger that is used for all messages + private static final Log LOG = LogFactory.getLog(RegistrySubscriberDAOImpl.class); + private final Registry registry; + + public RegistrySubscriberDAOImpl() { + + int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); + this.registry = EntitlementServiceComponent.getGovernanceRegistry(tenantId); + } + + /** + * Adds a subscriber. + * + * @param holder publisher data holder + * @throws EntitlementException If an error occurs + */ + @Override + public void addSubscriber(PublisherDataHolder holder) throws EntitlementException { + + persistSubscriber(holder, false); + } + + /** + * Gets the requested subscriber. + * + * @param subscriberId subscriber ID + * @param returnSecrets whether the subscriber should get returned with secret(decrypted) values or not + * @return publisher data holder + * @throws EntitlementException If an error occurs + */ + @Override + public PublisherDataHolder getSubscriber(String subscriberId, boolean returnSecrets) throws EntitlementException { + + try { + if (registry.resourceExists(PDPConstants.ENTITLEMENT_POLICY_PUBLISHER + + RegistryConstants.PATH_SEPARATOR + subscriberId)) { + Resource resource = registry.get(PDPConstants.ENTITLEMENT_POLICY_PUBLISHER + + RegistryConstants.PATH_SEPARATOR + subscriberId); + + return new PublisherDataHolder(resource, returnSecrets); + } + } catch (RegistryException e) { + LOG.error("Error while retrieving subscriber detail of id : " + subscriberId, e); + throw new EntitlementException("Error while retrieving subscriber detail of id : " + subscriberId, e); + } + + throw new EntitlementException("No SubscriberDAO is defined for the given Id"); + + } + + /** + * Gets all subscriber IDs. + * + * @param filter search string + * @return list of subscriber IDs + * @throws EntitlementException If an error occurs + */ + @Override + public List listSubscriberIds(String filter) throws EntitlementException { + + try { + if (registry.resourceExists(PDPConstants.ENTITLEMENT_POLICY_PUBLISHER + + RegistryConstants.PATH_SEPARATOR)) { + Resource resource = registry.get(PDPConstants.ENTITLEMENT_POLICY_PUBLISHER + + RegistryConstants.PATH_SEPARATOR); + Collection collection = (Collection) resource; + List list = new ArrayList<>(); + if (collection.getChildCount() > 0) { + filter = filter.replace("*", ".*"); + Pattern pattern = Pattern.compile(filter, Pattern.CASE_INSENSITIVE); + for (String path : collection.getChildren()) { + String id = path.substring(path.lastIndexOf(RegistryConstants.PATH_SEPARATOR) + 1); + Matcher matcher = pattern.matcher(id); + if (!matcher.matches()) { + continue; + } + Resource childResource = registry.get(path); + if (childResource != null && childResource.getProperty(SUBSCRIBER_ID) != null) { + list.add(childResource.getProperty(SUBSCRIBER_ID)); + } + } + } + return list; + } + } catch (RegistryException e) { + LOG.error("Error while retrieving subscriber ids", e); + throw new EntitlementException("Error while retrieving subscriber ids", e); + } + return Collections.emptyList(); + } + + /** + * Updates a subscriber. + * + * @param holder publisher data holder + * @throws EntitlementException If an error occurs + */ + @Override + public void updateSubscriber(PublisherDataHolder holder) throws EntitlementException { + + persistSubscriber(holder, true); + } + + /** + * Removes the subscriber of the given subscriber ID. + * + * @param subscriberId subscriber ID + * @throws EntitlementException If an error occurs + */ + @Override + public void removeSubscriber(String subscriberId) throws EntitlementException { + + String subscriberPath; + + if (subscriberId == null) { + LOG.error("SubscriberDAO Id can not be null"); + throw new EntitlementException("SubscriberDAO Id can not be null"); + } + + if (EntitlementConstants.PDP_SUBSCRIBER_ID.equals(subscriberId.trim())) { + LOG.error("Can not delete PDP publisher"); + throw new EntitlementException("Can not delete PDP publisher"); + } + + try { + subscriberPath = PDPConstants.ENTITLEMENT_POLICY_PUBLISHER + + RegistryConstants.PATH_SEPARATOR + subscriberId; + + if (registry.resourceExists(subscriberPath)) { + registry.delete(subscriberPath); + } + } catch (RegistryException e) { + LOG.error("Error while deleting subscriber details", e); + throw new EntitlementException("Error while deleting subscriber details", e); + } + } + + /** + * Adds or updates a subscriber. + * + * @param holder publisher data holder + * @param isUpdate whether the operation is an update or an addition + * @throws EntitlementException If an error occurs + */ + private void persistSubscriber(PublisherDataHolder holder, boolean isUpdate) throws EntitlementException { + + Collection policyCollection; + String subscriberPath; + String subscriberId = null; + + if (holder == null || holder.getPropertyDTOs() == null) { + LOG.error("Publisher data can not be null"); + throw new EntitlementException("Publisher data can not be null"); + } + + for (PublisherPropertyDTO dto : holder.getPropertyDTOs()) { + if (SUBSCRIBER_ID.equals(dto.getId())) { + subscriberId = dto.getValue(); + } + } + + if (subscriberId == null) { + LOG.error("SubscriberDAO Id can not be null"); + throw new EntitlementException("SubscriberDAO Id can not be null"); + } + + try { + if (registry.resourceExists(PDPConstants.ENTITLEMENT_POLICY_PUBLISHER)) { + policyCollection = registry.newCollection(); + registry.put(PDPConstants.ENTITLEMENT_POLICY_PUBLISHER, policyCollection); + } + + subscriberPath = PDPConstants.ENTITLEMENT_POLICY_PUBLISHER + + RegistryConstants.PATH_SEPARATOR + subscriberId; + + Resource resource; + + PublisherDataHolder oldHolder = null; + if (registry.resourceExists(subscriberPath)) { + if (isUpdate) { + resource = registry.get(subscriberPath); + oldHolder = new PublisherDataHolder(resource, false); + } else { + throw new EntitlementException("SubscriberDAO ID already exists"); + } + } else { + resource = registry.newResource(); + } + + populateProperties(holder, oldHolder, resource); + registry.put(subscriberPath, resource); + + } catch (RegistryException e) { + LOG.error("Error while persisting subscriber details", e); + throw new EntitlementException("Error while persisting subscriber details", e); + } + } + + /** + * Populate subscriber properties. + * + * @param holder subscriber data holder + * @param oldHolder old publisher data holder + * @param resource registry resource + */ + private void populateProperties(PublisherDataHolder holder, + PublisherDataHolder oldHolder, Resource resource) { + + PublisherPropertyDTO[] propertyDTOs = holder.getPropertyDTOs(); + for (PublisherPropertyDTO dto : propertyDTOs) { + if (dto.getId() != null && dto.getValue() != null && !dto.getValue().trim().isEmpty()) { + ArrayList list = new ArrayList<>(); + if (dto.isSecret()) { + PublisherPropertyDTO propertyDTO = null; + if (oldHolder != null) { + propertyDTO = oldHolder.getPropertyDTO(dto.getId()); + } + if (propertyDTO == null || !propertyDTO.getValue().equalsIgnoreCase(dto.getValue())) { + try { + String encryptedValue = CryptoUtil.getDefaultCryptoUtil(). + encryptAndBase64Encode(dto.getValue().getBytes()); + dto.setValue(encryptedValue); + } catch (CryptoException e) { + LOG.error("Error while encrypting secret value of subscriber. " + + "Secret would not be persist.", e); + continue; + } + } + } + list.add(dto.getValue()); + list.add(dto.getDisplayName()); + list.add(Integer.toString(dto.getDisplayOrder())); + list.add(Boolean.toString(dto.isRequired())); + list.add(Boolean.toString(dto.isSecret())); + resource.setProperty(dto.getId(), list); + } + } + resource.setProperty(PublisherDataHolder.MODULE_NAME, holder.getModuleName()); + } +} diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/dao/SubscriberDAO.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/dao/SubscriberDAO.java new file mode 100644 index 000000000000..9603e310bf3b --- /dev/null +++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/dao/SubscriberDAO.java @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.entitlement.dao; + +import org.wso2.carbon.identity.entitlement.EntitlementException; +import org.wso2.carbon.identity.entitlement.dto.PublisherDataHolder; + +import java.util.List; + +/** + * This interface supports the management of subscribers. + */ +public interface SubscriberDAO { + + /** + * Adds a subscriber. + * + * @param holder publisher data holder + * @throws EntitlementException If an error occurs + */ + void addSubscriber(PublisherDataHolder holder) throws EntitlementException; + + /** + * Gets the requested subscriber. + * + * @param subscriberId subscriber ID + * @param returnSecrets whether the subscriber should get returned with secret(decrypted) values or not + * @return publisher data holder + * @throws EntitlementException If an error occurs + */ + PublisherDataHolder getSubscriber(String subscriberId, boolean returnSecrets) throws EntitlementException; + + /** + * Lists all subscriber IDs. + * + * @param filter search string + * @return list of subscriber IDs + * @throws EntitlementException If an error occurs + */ + List listSubscriberIds(String filter) throws EntitlementException; + + /** + * Updates a subscriber. + * + * @param holder publisher data holder + * @throws EntitlementException If an error occurs + */ + void updateSubscriber(PublisherDataHolder holder) throws EntitlementException; + + /** + * Removes the subscriber of the given subscriber ID. + * + * @param subscriberId subscriber ID + * @throws EntitlementException If an error occurs + */ + void removeSubscriber(String subscriberId) throws EntitlementException; + +} diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/dto/PolicyStoreDTO.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/dto/PolicyStoreDTO.java index 2560928ceedf..58ff60385385 100644 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/dto/PolicyStoreDTO.java +++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/dto/PolicyStoreDTO.java @@ -37,6 +37,8 @@ public class PolicyStoreDTO { private boolean setActive; + private String version; + private AttributeDTO[] attributeDTOs = new AttributeDTO[0]; public String getPolicyId() { @@ -94,4 +96,13 @@ public boolean isSetActive() { public void setSetActive(boolean setActive) { this.setActive = setActive; } + + public String getVersion() { + return version; + } + + public void setVersion(String version) { + this.version = version; + } + } diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/internal/EntitlementConfigHolder.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/internal/EntitlementConfigHolder.java index 9df35a64f25e..a1e4287e5524 100644 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/internal/EntitlementConfigHolder.java +++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/internal/EntitlementConfigHolder.java @@ -19,6 +19,7 @@ package org.wso2.carbon.identity.entitlement.internal; import org.wso2.carbon.identity.application.mgt.ApplicationManagementService; +import org.wso2.carbon.identity.entitlement.dao.PolicyDAO; import org.wso2.carbon.identity.entitlement.PAPStatusDataHandler; import org.wso2.carbon.identity.entitlement.dto.PublisherDataHolder; import org.wso2.carbon.identity.entitlement.pap.EntitlementDataFinderModule; @@ -30,7 +31,6 @@ import org.wso2.carbon.identity.entitlement.policy.publisher.PolicyPublisherModule; import org.wso2.carbon.identity.entitlement.policy.publisher.PostPublisherModule; import org.wso2.carbon.identity.entitlement.policy.publisher.PublisherVerificationModule; -import org.wso2.carbon.identity.entitlement.policy.store.PolicyStoreManageModule; import org.wso2.carbon.utils.ConfigurationContextService; import java.util.ArrayList; @@ -109,8 +109,8 @@ public class EntitlementConfigHolder { /** * This holds all the policy storing logic of entitlement engine */ - private Map policyStore = - new HashMap(); + private Map policyStore = + new HashMap(); /** * This holds the policy schema against its version @@ -228,11 +228,11 @@ public void addPolicyCollection(PolicyCollection collection, Properties properti this.policyCollections.put(collection, properties); } - public Map getPolicyStore() { + public Map getPolicyStore() { return policyStore; } - public void addPolicyStore(PolicyStoreManageModule policyStoreStore, Properties properties) { + public void addPolicyStore(PolicyDAO policyStoreStore, Properties properties) { this.policyStore.put(policyStoreStore, properties); } diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/internal/EntitlementExtensionBuilder.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/internal/EntitlementExtensionBuilder.java index 4a5c96818d31..a7c98269cab2 100644 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/internal/EntitlementExtensionBuilder.java +++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/internal/EntitlementExtensionBuilder.java @@ -24,6 +24,7 @@ import org.wso2.carbon.identity.core.util.IdentityUtil; import org.wso2.carbon.identity.entitlement.PAPStatusDataHandler; import org.wso2.carbon.identity.entitlement.PDPConstants; +import org.wso2.carbon.identity.entitlement.dao.PolicyDAO; import org.wso2.carbon.identity.entitlement.pap.EntitlementDataFinderModule; import org.wso2.carbon.identity.entitlement.pip.PIPAttributeFinder; import org.wso2.carbon.identity.entitlement.pip.PIPExtension; @@ -33,7 +34,6 @@ import org.wso2.carbon.identity.entitlement.policy.publisher.PolicyPublisherModule; import org.wso2.carbon.identity.entitlement.policy.publisher.PostPublisherModule; import org.wso2.carbon.identity.entitlement.policy.publisher.PublisherVerificationModule; -import org.wso2.carbon.identity.entitlement.policy.store.PolicyStoreManageModule; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; @@ -331,8 +331,8 @@ private void populatePolicyFinders(Properties properties, EntitlementConfigHolde } finderModule.init(finderModuleProps); - if (finderModule instanceof PolicyStoreManageModule) { - holder.addPolicyStore((PolicyStoreManageModule) finderModule, finderModuleProps); + if (finderModule instanceof PolicyDAO) { + holder.addPolicyStore((PolicyDAO) finderModule, finderModuleProps); } holder.addPolicyFinderModule(finderModule, finderModuleProps); } @@ -374,12 +374,12 @@ private void populatePolicyCollection(Properties properties, EntitlementConfigHo private void populatePolicyStoreModule(Properties properties, EntitlementConfigHolder holder) throws Exception { - PolicyStoreManageModule policyStoreStore = null; + PolicyDAO policyStoreStore = null; if (properties.getProperty("PDP.Policy.Store.Module") != null) { String className = properties.getProperty("PDP.Policy.Store.Module"); Class clazz = Thread.currentThread().getContextClassLoader().loadClass(className); - policyStoreStore = (PolicyStoreManageModule) clazz.newInstance(); + policyStoreStore = (PolicyDAO) clazz.newInstance(); int j = 1; Properties storeProps = new Properties(); diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/internal/EntitlementServiceComponent.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/internal/EntitlementServiceComponent.java index 548b7c64fa40..0669b84d29d7 100644 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/internal/EntitlementServiceComponent.java +++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/internal/EntitlementServiceComponent.java @@ -17,6 +17,7 @@ */ package org.wso2.carbon.identity.entitlement.internal; +import org.apache.commons.collections.CollectionUtils; import org.apache.commons.io.FileUtils; import org.apache.commons.lang.ArrayUtils; import org.apache.commons.lang.StringUtils; @@ -40,9 +41,10 @@ import org.wso2.carbon.identity.core.util.IdentityUtil; import org.wso2.carbon.identity.entitlement.EntitlementUtil; import org.wso2.carbon.identity.entitlement.PDPConstants; +import org.wso2.carbon.identity.entitlement.dao.PolicyDAO; import org.wso2.carbon.identity.entitlement.dto.PolicyDTO; import org.wso2.carbon.identity.entitlement.listener.CacheClearingUserOperationListener; -import org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStore; +import org.wso2.carbon.identity.entitlement.pap.EntitlementAdminEngine; import org.wso2.carbon.identity.entitlement.thrift.EntitlementService; import org.wso2.carbon.identity.entitlement.thrift.ThriftConfigConstants; import org.wso2.carbon.identity.entitlement.thrift.ThriftEntitlementServiceImpl; @@ -155,21 +157,6 @@ public static Registry getGovernanceRegistry(int tenantId) { return null; } - /** - * @param httpService - */ - /*protected void setHttpService(HttpService httpService) { - httpServiceInstance = httpService; - } - - */ - - /** - * @param httpService - *//* - protected void unsetHttpService(HttpService httpService) { - httpServiceInstance = null; - }*/ public static NotificationSender getNotificationSender() { return EntitlementServiceComponent.notificationSender; } @@ -224,19 +211,19 @@ protected void activate(ComponentContext ctxt) { // Start loading schema. new Thread(new SchemaBuilder(EntitlementConfigHolder.getInstance())).start(); - // Read XACML policy files from a pre-defined location in the - // filesystem and load to registry at the server startup - PAPPolicyStore papPolicyStore = new PAPPolicyStore( - registryService.getGovernanceSystemRegistry()); + // Read XACML policy files from a pre-defined location in the filesystem + PolicyDAO papPolicyStore = EntitlementAdminEngine.getInstance().getPolicyDAO(); String startUpPolicyAdding = EntitlementConfigHolder.getInstance().getEngineProperties().getProperty( PDPConstants.START_UP_POLICY_ADDING); List policyIdList = new ArrayList<>(); - if (papPolicyStore != null && ArrayUtils.isNotEmpty(papPolicyStore.getAllPolicyIds())) { - String[] allPolicyIds = papPolicyStore.getAllPolicyIds(); - policyIdList = Arrays.asList(allPolicyIds); + if (papPolicyStore != null) { + List policyIds = papPolicyStore.listPolicyIds(); + if (CollectionUtils.isNotEmpty(policyIds)) { + policyIdList = policyIds; + } } if (startUpPolicyAdding != null && Boolean.parseBoolean(startUpPolicyAdding)) { @@ -288,7 +275,7 @@ protected void activate(ComponentContext ctxt) { if (!customPolicies) { // load default policies - EntitlementUtil.addSamplePolicies(registryService.getGovernanceSystemRegistry()); + EntitlementUtil.addSamplePolicies(); } } // Cache clearing listener is always registered since cache clearing is a must when @@ -335,8 +322,7 @@ private boolean addPolicyFiles(List policyIdList, File[] fileList) throw policyDTO.setPolicy(FileUtils.readFileToString(policyFile)); if (!policyIdList.contains(policyDTO.getPolicyId())) { try { - EntitlementUtil.addFilesystemPolicy(policyDTO, registryService - .getGovernanceSystemRegistry(), true); + EntitlementUtil.addFilesystemPolicy(policyDTO, true); } catch (Exception e) { // Log error and continue with the rest of the files. log.error("Error while adding XACML policies", e); diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/pap/EntitlementAdminEngine.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/pap/EntitlementAdminEngine.java index d3630843a929..5a339feafe7a 100644 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/pap/EntitlementAdminEngine.java +++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/pap/EntitlementAdminEngine.java @@ -22,14 +22,16 @@ import org.apache.commons.logging.LogFactory; import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.identity.entitlement.PAPStatusDataHandler; +import org.wso2.carbon.identity.entitlement.dao.ConfigDAO; +import org.wso2.carbon.identity.entitlement.dao.PolicyDAO; +import org.wso2.carbon.identity.entitlement.dao.RegistryConfigDAOImpl; +import org.wso2.carbon.identity.entitlement.dao.RegistryPolicyDAOImpl; +import org.wso2.carbon.identity.entitlement.dao.RegistrySubscriberDAOImpl; +import org.wso2.carbon.identity.entitlement.dao.SubscriberDAO; import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent; import org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreManager; import org.wso2.carbon.identity.entitlement.policy.publisher.PolicyPublisher; -import org.wso2.carbon.identity.entitlement.policy.store.DefaultPolicyDataStore; -import org.wso2.carbon.identity.entitlement.policy.store.PolicyDataStore; import org.wso2.carbon.identity.entitlement.policy.store.PolicyStoreManager; -import org.wso2.carbon.identity.entitlement.policy.version.DefaultPolicyVersionManager; -import org.wso2.carbon.identity.entitlement.policy.version.PolicyVersionManager; import java.util.Map; import java.util.Properties; @@ -46,26 +48,29 @@ public class EntitlementAdminEngine { new ConcurrentHashMap(); private static Log log = LogFactory.getLog(EntitlementAdminEngine.class); private PolicyPublisher policyPublisher; - private PolicyVersionManager versionManager; private EntitlementDataFinder entitlementDataFinder; - private PolicyDataStore policyDataStore; private PolicyStoreManager policyStoreManager; private PAPPolicyStoreManager papPolicyStoreManager; private Set papStatusDataHandlers; + private ConfigDAO configDAO; + private PolicyDAO policyDAO; + private SubscriberDAO subscriberDAO; public EntitlementAdminEngine() { this.entitlementDataFinder = new EntitlementDataFinder(); this.policyPublisher = new PolicyPublisher(); this.papPolicyStoreManager = new PAPPolicyStoreManager(); - this.versionManager = new DefaultPolicyVersionManager(); - this.policyDataStore = new DefaultPolicyDataStore(); Map statusDataHandlers = EntitlementServiceComponent. getEntitlementConfig().getPapStatusDataHandlers(); papStatusDataHandlers = statusDataHandlers.keySet(); this.policyPublisher.setPapStatusDataHandlers(papStatusDataHandlers); - this.policyStoreManager = new PolicyStoreManager(policyDataStore); + this.policyStoreManager = new PolicyStoreManager(); + this.configDAO = new RegistryConfigDAOImpl(); + this.policyDAO = new RegistryPolicyDAOImpl(); + this.subscriberDAO = new RegistrySubscriberDAOImpl(); + } /** @@ -96,13 +101,6 @@ public PolicyPublisher getPolicyPublisher() { return policyPublisher; } - /** - * @return - */ - public PolicyVersionManager getVersionManager() { - return versionManager; - } - /** * This method returns the entitlement data finder * @@ -112,13 +110,6 @@ public EntitlementDataFinder getEntitlementDataFinder() { return entitlementDataFinder; } - /** - * @return - */ - public PolicyDataStore getPolicyDataStore() { - return policyDataStore; - } - /** * This returns policy store manager * @@ -138,4 +129,10 @@ public PAPPolicyStoreManager getPapPolicyStoreManager() { public Set getPapStatusDataHandlers() { return papStatusDataHandlers; } + + public ConfigDAO getConfigDAO() { return configDAO; } + + public PolicyDAO getPolicyDAO() { return policyDAO; } + + public SubscriberDAO getSubscriberDAO() { return subscriberDAO; } } diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/pap/store/PAPPolicyStore.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/pap/store/PAPPolicyStore.java deleted file mode 100644 index f16eac94b8b1..000000000000 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/pap/store/PAPPolicyStore.java +++ /dev/null @@ -1,368 +0,0 @@ -/* - * Copyright (c) 2005-2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 Inc. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.wso2.carbon.identity.entitlement.pap.store; - -import org.apache.axiom.om.OMElement; -import org.apache.axiom.om.util.AXIOMUtil; -import org.apache.commons.lang.StringUtils; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.wso2.carbon.context.CarbonContext; -import org.wso2.carbon.identity.entitlement.EntitlementException; -import org.wso2.carbon.identity.entitlement.EntitlementUtil; -import org.wso2.carbon.identity.entitlement.PDPConstants; -import org.wso2.carbon.identity.entitlement.dto.PolicyDTO; -import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent; -import org.wso2.carbon.identity.entitlement.policy.PolicyAttributeBuilder; -import org.wso2.carbon.registry.core.Collection; -import org.wso2.carbon.registry.core.Registry; -import org.wso2.carbon.registry.core.Resource; -import org.wso2.carbon.registry.core.exceptions.RegistryException; - -import javax.xml.stream.XMLStreamException; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Properties; - -public class PAPPolicyStore { - - // The logger we'll use for all messages - private static final Log log = LogFactory.getLog(PAPPolicyStore.class); - private Registry registry; - - public PAPPolicyStore() { - - int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); - registry = EntitlementServiceComponent.getGovernanceRegistry(tenantId); - } - - public PAPPolicyStore(Registry registry) throws EntitlementException { - if (registry == null) { - log.error("Registry reference not set"); - throw new EntitlementException("Registry reference not set"); - } - this.registry = registry; - } - - - /** - * This returns all the policy ids as String list. Here we assume registry resource name as - * the policy id. - * - * @return policy ids as String[] - * @throws EntitlementException throws if fails - */ - public String[] getAllPolicyIds() throws EntitlementException { - String path = null; - Collection collection = null; - List resources = new ArrayList(); - String[] children = null; - - if (log.isDebugEnabled()) { - log.debug("Retrieving all entitlement policies"); - } - - try { - path = PDPConstants.ENTITLEMENT_POLICY_PAP; - - if (!registry.resourceExists(path)) { - if (log.isDebugEnabled()) { - log.debug("Trying to access an entitlement policy which does not exist"); - } - return null; - } - collection = (Collection) registry.get(path); - children = collection.getChildren(); - for (String child : children) { - String[] resourcePath = child.split("/"); - if (resourcePath != null && resourcePath.length > 0) { - resources.add(resourcePath[resourcePath.length - 1]); - } - } - - } catch (RegistryException e) { - log.error("Error while retrieving all entitlement policy identifiers from PAP policy store", e); - throw new EntitlementException("Error while retrieving entitlement policy " + - "identifiers from PAP policy store"); - } - - return resources.toArray(new String[resources.size()]); - } - - - /** - * This returns given policy as Registry resource - * - * @param policyId policy id - * @param collection - * @return policy as Registry resource - * @throws EntitlementException throws, if fails - */ - public Resource getPolicy(String policyId, String collection) throws EntitlementException { - String path = null; - - if (log.isDebugEnabled()) { - log.debug("Retrieving entitlement policy"); - } - - try { - path = collection + policyId; - - if (!registry.resourceExists(path)) { - if (log.isDebugEnabled()) { - log.debug("Trying to access an entitlement policy which does not exist"); - } - return null; - } - return registry.get(path); - } catch (RegistryException e) { - log.error("Error while retrieving entitlement policy " + policyId + " PAP policy store", e); - throw new EntitlementException("Error while retrieving entitlement policy " + policyId - + " PAP policy store"); - } - } - - public void addOrUpdatePolicy(PolicyDTO policy, String policyPath) throws EntitlementException { - addOrUpdatePolicy(policy, policy.getPolicyId(), policyPath); - - } - - /** - * @param policy - * @throws EntitlementException - */ - public void addOrUpdatePolicy(PolicyDTO policy, String policyId, String policyPath) - throws EntitlementException { - - String path = null; - Resource resource = null; - boolean newPolicy = false; - OMElement omElement = null; - - if (log.isDebugEnabled()) { - log.debug("Creating or updating entitlement policy"); - } - - if (policy == null || policyId == null) { - log.error("Error while creating or updating entitlement policy: " + - "Policy DTO or Policy Id can not be null"); - throw new EntitlementException("Invalid Entitlement Policy. Policy or policyId can not be Null"); - } - - try { - path = policyPath + policyId; - - if (registry.resourceExists(path)) { - resource = registry.get(path); - } else { - resource = registry.newResource(); - } - - Collection policyCollection; - if (registry.resourceExists(policyPath)) { - policyCollection = (Collection) registry.get(policyPath); - } else { - policyCollection = registry.newCollection(); - } - - - if (policy.getPolicyOrder() > 0) { - String noOfPolicies = policyCollection.getProperty(PDPConstants.MAX_POLICY_ORDER); - if (noOfPolicies != null && Integer.parseInt(noOfPolicies) < policy.getPolicyOrder()) { - policyCollection.setProperty(PDPConstants.MAX_POLICY_ORDER, - Integer.toString(policy.getPolicyOrder())); - registry.put(policyPath, policyCollection); - } - resource.setProperty(PDPConstants.POLICY_ORDER, - Integer.toString(policy.getPolicyOrder())); - } else { - String previousOrder = resource.getProperty(PDPConstants.POLICY_ORDER); - if (previousOrder == null) { - if (policyCollection != null) { - int policyOrder = 1; - String noOfPolicies = policyCollection.getProperty(PDPConstants.MAX_POLICY_ORDER); - if (noOfPolicies != null) { - policyOrder = policyOrder + Integer.parseInt(noOfPolicies); - } - policyCollection.setProperty(PDPConstants.MAX_POLICY_ORDER, - Integer.toString(policyOrder)); - resource.setProperty(PDPConstants.POLICY_ORDER, Integer.toString(policyOrder)); - } - registry.put(policyPath, policyCollection); - } - } - - if (StringUtils.isNotBlank(policy.getPolicy())) { - resource.setContent(policy.getPolicy()); - newPolicy = true; - PolicyAttributeBuilder policyAttributeBuilder = new PolicyAttributeBuilder(policy.getPolicy()); - Properties properties = policyAttributeBuilder.getPolicyMetaDataFromPolicy(); - Properties resourceProperties = new Properties(); - for (Object o : properties.keySet()) { - String key = o.toString(); - resourceProperties.put(key, Collections.singletonList(properties.get(key))); - } - - // Store policy metadata based on the configured property. - if (EntitlementUtil.isPolicyMetadataStoringEnabled()) { - resource.setProperties(resourceProperties); - } - } - - resource.setProperty(PDPConstants.ACTIVE_POLICY, Boolean.toString(policy.isActive())); - resource.setProperty(PDPConstants.PROMOTED_POLICY, Boolean.toString(policy.isPromote())); - - if (policy.getVersion() != null) { - resource.setProperty(PDPConstants.POLICY_VERSION, policy.getVersion()); - } - resource.setProperty(PDPConstants.LAST_MODIFIED_TIME, Long.toString(System.currentTimeMillis())); - resource.setProperty(PDPConstants.LAST_MODIFIED_USER, CarbonContext.getThreadLocalCarbonContext() - .getUsername()); - - if (policy.getPolicyType() != null && policy.getPolicyType().trim().length() > 0) { - resource.setProperty(PDPConstants.POLICY_TYPE, policy.getPolicyType()); - } else { - try { - if (newPolicy) { - omElement = AXIOMUtil.stringToOM(policy.getPolicy()); - resource.setProperty(PDPConstants.POLICY_TYPE, omElement.getLocalName()); - } - } catch (XMLStreamException e) { - policy.setPolicyType(PDPConstants.POLICY_ELEMENT); - log.warn("Policy Type can not be found. Default type is set"); - } - } - - if (omElement != null) { - Iterator iterator1 = omElement.getChildrenWithLocalName(PDPConstants. - POLICY_REFERENCE); - if (iterator1 != null) { - String policyReferences = ""; - while (iterator1.hasNext()) { - OMElement policyReference = (OMElement) iterator1.next(); - if (!"".equals(policyReferences)) { - policyReferences = policyReferences + PDPConstants.ATTRIBUTE_SEPARATOR - + policyReference.getText(); - } else { - policyReferences = policyReference.getText(); - } - } - resource.setProperty(PDPConstants.POLICY_REFERENCE, policyReferences); - } - - Iterator iterator2 = omElement.getChildrenWithLocalName(PDPConstants. - POLICY_SET_REFERENCE); - if (iterator2 != null) { - String policySetReferences = ""; - while (iterator1.hasNext()) { - OMElement policySetReference = (OMElement) iterator2.next(); - if (!"".equals(policySetReferences)) { - policySetReferences = policySetReferences + PDPConstants.ATTRIBUTE_SEPARATOR - + policySetReference.getText(); - } else { - policySetReferences = policySetReference.getText(); - } - } - resource.setProperty(PDPConstants.POLICY_SET_REFERENCE, policySetReferences); - } - } - - //before writing basic policy editor meta data as properties, - //delete any properties related to them - String policyEditor = resource.getProperty(PDPConstants.POLICY_EDITOR_TYPE); - if (newPolicy && policyEditor != null) { - resource.removeProperty(PDPConstants.POLICY_EDITOR_TYPE); - } - - //write policy meta data that is used for basic policy editor - if (policy.getPolicyEditor() != null && policy.getPolicyEditor().trim().length() > 0) { - resource.setProperty(PDPConstants.POLICY_EDITOR_TYPE, policy.getPolicyEditor().trim()); - } - String[] policyMetaData = policy.getPolicyEditorData(); - if (policyMetaData != null && policyMetaData.length > 0) { - String BasicPolicyEditorMetaDataAmount = resource.getProperty(PDPConstants. - BASIC_POLICY_EDITOR_META_DATA_AMOUNT); - if (newPolicy && BasicPolicyEditorMetaDataAmount != null) { - int amount = Integer.parseInt(BasicPolicyEditorMetaDataAmount); - for (int i = 0; i < amount; i++) { - resource.removeProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA + i); - } - resource.removeProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA_AMOUNT); - } - - int i = 0; - for (String policyData : policyMetaData) { - if (policyData != null && !"".equals(policyData)) { - resource.setProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA + i, - policyData); - } - i++; - } - resource.setProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA_AMOUNT, - Integer.toString(i)); - } - - // Store policy metadata based on the configured property. - if (!EntitlementUtil.isPolicyMetadataStoringEnabled()) { - for (Map.Entry entry : resource.getProperties().entrySet()) { - if (entry.getKey().toString().startsWith(PDPConstants.POLICY_META_DATA)) { - resource.getProperties().remove(entry.getKey()); - } - } - } - - registry.put(path, resource); - - } catch (RegistryException e) { - log.error("Error while adding or updating entitlement policy " + policyId + - " in policy store", e); - throw new EntitlementException("Error while adding or updating entitlement policy in policy store"); - } - } - - - /** - * @param policyId - * @throws EntitlementException - */ - public void removePolicy(String policyId) throws EntitlementException { - String path = null; - - if (log.isDebugEnabled()) { - log.debug("Removing entitlement policy"); - } - - try { - path = PDPConstants.ENTITLEMENT_POLICY_PAP + policyId; - if (!registry.resourceExists(path)) { - if (log.isDebugEnabled()) { - log.debug("Trying to access an entitlement policy which does not exist"); - } - return; - } - registry.delete(path); - } catch (RegistryException e) { - log.error("Error while removing entitlement policy " + policyId + " from PAP policy store", e); - throw new EntitlementException("Error while removing policy " + policyId + " from PAP policy store"); - } - } - -} diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/pap/store/PAPPolicyStoreManager.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/pap/store/PAPPolicyStoreManager.java index 171c6c8f4941..63f8cc7bf409 100644 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/pap/store/PAPPolicyStoreManager.java +++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/pap/store/PAPPolicyStoreManager.java @@ -20,23 +20,24 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.identity.entitlement.EntitlementException; -import org.wso2.carbon.identity.entitlement.PDPConstants; +import org.wso2.carbon.identity.entitlement.dao.PolicyDAO; +import org.wso2.carbon.identity.entitlement.dao.RegistryPolicyDAOImpl; import org.wso2.carbon.identity.entitlement.dto.PolicyDTO; import org.wso2.carbon.registry.core.Resource; public class PAPPolicyStoreManager { private static final Log log = LogFactory.getLog(PAPPolicyStoreManager.class); - private PAPPolicyStore store; + private PolicyDAO store; private PAPPolicyStoreReader storeReader; public PAPPolicyStoreManager() { - store = new PAPPolicyStore(); + store = new RegistryPolicyDAOImpl(); storeReader = new PAPPolicyStoreReader(store); } - public void addOrUpdatePolicy(PolicyDTO policy) throws EntitlementException { - store.addOrUpdatePolicy(policy, PDPConstants.ENTITLEMENT_POLICY_PAP); + public void addOrUpdatePolicy(PolicyDTO policy, boolean enableVersioning) throws EntitlementException { + store.addOrUpdatePolicy(policy, enableVersioning); } public void removePolicy(String policyId) throws EntitlementException { @@ -44,7 +45,7 @@ public void removePolicy(String policyId) throws EntitlementException { } public String[] getPolicyIds() throws EntitlementException { - return store.getAllPolicyIds(); + return store.listPolicyIds().toArray(new String[0]); } public PolicyDTO getPolicy(String policyId) throws EntitlementException { diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/pap/store/PAPPolicyStoreReader.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/pap/store/PAPPolicyStoreReader.java index 625e50ff0569..0e46c0d8af03 100644 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/pap/store/PAPPolicyStoreReader.java +++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/pap/store/PAPPolicyStoreReader.java @@ -23,6 +23,8 @@ import org.wso2.balana.finder.PolicyFinder; import org.wso2.carbon.identity.entitlement.EntitlementException; import org.wso2.carbon.identity.entitlement.PDPConstants; +import org.wso2.carbon.identity.entitlement.dao.PolicyDAO; +import org.wso2.carbon.identity.entitlement.dto.AttributeDTO; import org.wso2.carbon.identity.entitlement.dto.PolicyDTO; import org.wso2.carbon.identity.entitlement.pap.PAPPolicyReader; import org.wso2.carbon.identity.entitlement.policy.PolicyAttributeBuilder; @@ -38,33 +40,28 @@ public class PAPPolicyStoreReader { // the optional logger used for error reporting private static Log log = LogFactory.getLog(PAPPolicyStoreReader.class); - private PAPPolicyStore store; + private final PolicyDAO store; /** * @param store */ - public PAPPolicyStoreReader(PAPPolicyStore store) { + public PAPPolicyStoreReader(PolicyDAO store) { this.store = store; } - /** - * @param policyId - * @param finder - * @return - * @throws EntitlementException + * @param policyId policyId + * @param finder policy finder + * @return abstract policy + * @throws EntitlementException, throws, if fails */ public synchronized AbstractPolicy readPolicy(String policyId, PolicyFinder finder) throws EntitlementException { - Resource resource = store.getPolicy(policyId, PDPConstants.ENTITLEMENT_POLICY_PAP); - if (resource != null) { - try { - String policy = new String((byte[]) resource.getContent(), Charset.forName("UTF-8")); - return PAPPolicyReader.getInstance(null).getPolicy(policy); - } catch (RegistryException e) { - log.error("Error while parsing entitlement policy", e); - throw new EntitlementException("Error while loading entitlement policy"); - } + + PolicyDTO dto = store.getPAPPolicy(policyId); + if (dto != null) { + String policy = dto.getPolicy(); + return PAPPolicyReader.getInstance(null).getPolicy(policy); } return null; } @@ -72,26 +69,21 @@ public synchronized AbstractPolicy readPolicy(String policyId, PolicyFinder find /** * Reads All policies as Light Weight PolicyDTO * - * @return Array of PolicyDTO but don not contains XACML policy and attribute meta data + * @return Array of PolicyDTO but does not contain XACML policy and attribute metadata * @throws EntitlementException throws, if fails */ public PolicyDTO[] readAllLightPolicyDTOs() throws EntitlementException { - String[] resources = null; - resources = store.getAllPolicyIds(); + String[] resources; + resources = store.listPolicyIds().toArray(new String[0]); - if (resources == null) { - return new PolicyDTO[0]; - } - - List policyDTOList = new ArrayList(); + List policyDTOList = new ArrayList<>(); for (String resource : resources) { PolicyDTO policyDTO = readLightPolicyDTO(resource); policyDTOList.add(policyDTO); } - - return policyDTOList.toArray(new PolicyDTO[policyDTOList.size()]); + return policyDTOList.toArray(new PolicyDTO[0]); } /** @@ -102,82 +94,27 @@ public PolicyDTO[] readAllLightPolicyDTOs() throws EntitlementException { * @throws EntitlementException throws, if fails */ public PolicyDTO readPolicyDTO(String policyId) throws EntitlementException { - Resource resource = null; - PolicyDTO dto = null; - try { - resource = store.getPolicy(policyId, PDPConstants.ENTITLEMENT_POLICY_PAP); - if (resource == null) { - log.error("Policy does not exist in the system with id " + policyId); - throw new EntitlementException("Policy does not exist in the system with id " + policyId); - } - - dto = new PolicyDTO(); - dto.setPolicyId(policyId); - dto.setPolicy(new String((byte[]) resource.getContent(), Charset.forName("UTF-8"))); - dto.setActive(Boolean.parseBoolean(resource.getProperty(PDPConstants.ACTIVE_POLICY))); - String policyOrder = resource.getProperty(PDPConstants.POLICY_ORDER); - if (policyOrder != null) { - dto.setPolicyOrder(Integer.parseInt(policyOrder)); - } else { - dto.setPolicyOrder(0); - } - dto.setPolicyType(resource.getProperty(PDPConstants.POLICY_TYPE)); - String version = resource.getProperty(PDPConstants.POLICY_VERSION); - if (version != null) { - dto.setVersion(version); - } - String lastModifiedTime = resource.getProperty(PDPConstants.LAST_MODIFIED_TIME); - if (lastModifiedTime != null) { - dto.setLastModifiedTime(lastModifiedTime); - } - String lastModifiedUser = resource.getProperty(PDPConstants.LAST_MODIFIED_USER); - if (lastModifiedUser != null) { - dto.setLastModifiedUser(lastModifiedUser); - } - String policyReferences = resource.getProperty(PDPConstants.POLICY_REFERENCE); - if (policyReferences != null && policyReferences.trim().length() > 0) { - dto.setPolicyIdReferences(policyReferences.split(PDPConstants.ATTRIBUTE_SEPARATOR)); - } - String policySetReferences = resource.getProperty(PDPConstants.POLICY_SET_REFERENCE); - if (policySetReferences != null && policySetReferences.trim().length() > 0) { - dto.setPolicySetIdReferences(policySetReferences.split(PDPConstants.ATTRIBUTE_SEPARATOR)); - } - //read policy meta data that is used for basic policy editor - dto.setPolicyEditor(resource.getProperty(PDPConstants.POLICY_EDITOR_TYPE)); - String basicPolicyEditorMetaDataAmount = resource.getProperty(PDPConstants. - BASIC_POLICY_EDITOR_META_DATA_AMOUNT); - if (basicPolicyEditorMetaDataAmount != null) { - int amount = Integer.parseInt(basicPolicyEditorMetaDataAmount); - String[] basicPolicyEditorMetaData = new String[amount]; - for (int i = 0; i < amount; i++) { - basicPolicyEditorMetaData[i] = resource. - getProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA + i); - } - dto.setPolicyEditorData(basicPolicyEditorMetaData); - } - PolicyAttributeBuilder policyAttributeBuilder = new PolicyAttributeBuilder(); - dto.setAttributeDTOs(policyAttributeBuilder. - getPolicyMetaDataFromRegistryProperties(resource.getProperties())); - return dto; - } catch (RegistryException e) { - log.error("Error while loading entitlement policy " + policyId + " from PAP policy store", e); - throw new EntitlementException("Error while loading entitlement policy " + policyId + - " from PAP policy store"); + PolicyDTO dto = store.getPAPPolicy(policyId); + if (dto == null) { + log.error("Policy does not exist in the system with id " + policyId); + throw new EntitlementException("Policy does not exist in the system with id " + policyId); } + return dto; } /** - * Checks whether policy is exist for given policy id + * Checks whether policy exists for the given policy id * * @param policyId policy id * @return true of false */ public boolean isExistPolicy(String policyId) { - Resource resource = null; + + PolicyDTO dto; try { - resource = store.getPolicy(policyId, PDPConstants.ENTITLEMENT_POLICY_PAP); - if (resource != null) { + dto = store.getPAPPolicy(policyId); + if (dto != null) { return true; } } catch (EntitlementException e) { @@ -188,125 +125,40 @@ public boolean isExistPolicy(String policyId) { /** - * Reads Light Weight PolicyDTO for given policy id + * Reads light weight PolicyDTO for given policy id * * @param policyId policy id - * @return PolicyDTO but don not contains XACML policy and attribute meta data + * @return PolicyDTO but does not contain XACML policy and attribute meta data * @throws EntitlementException throws, if fails */ public PolicyDTO readLightPolicyDTO(String policyId) throws EntitlementException { - Resource resource = null; - PolicyDTO dto = null; - resource = store.getPolicy(policyId, PDPConstants.ENTITLEMENT_POLICY_PAP); - if (resource == null) { + PolicyDTO dto = store.getPAPPolicy(policyId); + if (dto == null) { return null; } - dto = new PolicyDTO(); - dto.setPolicyId(policyId); - String version = resource.getProperty(PDPConstants.POLICY_VERSION); - if (version != null) { - dto.setVersion(version); - } - String lastModifiedTime = resource.getProperty(PDPConstants.LAST_MODIFIED_TIME); - if (lastModifiedTime != null) { - dto.setLastModifiedTime(lastModifiedTime); - } - String lastModifiedUser = resource.getProperty(PDPConstants.LAST_MODIFIED_USER); - if (lastModifiedUser != null) { - dto.setLastModifiedUser(lastModifiedUser); - } - dto.setActive(Boolean.parseBoolean(resource.getProperty(PDPConstants.ACTIVE_POLICY))); - String policyOrder = resource.getProperty(PDPConstants.POLICY_ORDER); - if (policyOrder != null) { - dto.setPolicyOrder(Integer.parseInt(policyOrder)); - } else { - dto.setPolicyOrder(0); - } - dto.setPolicyType(resource.getProperty(PDPConstants.POLICY_TYPE)); - - String policyReferences = resource.getProperty(PDPConstants.POLICY_REFERENCE); - if (policyReferences != null && policyReferences.trim().length() > 0) { - dto.setPolicyIdReferences(policyReferences.split(PDPConstants.ATTRIBUTE_SEPARATOR)); - } - - String policySetReferences = resource.getProperty(PDPConstants.POLICY_SET_REFERENCE); - if (policySetReferences != null && policySetReferences.trim().length() > 0) { - dto.setPolicySetIdReferences(policySetReferences.split(PDPConstants.ATTRIBUTE_SEPARATOR)); - } - - dto.setPolicyEditor(resource.getProperty(PDPConstants.POLICY_EDITOR_TYPE)); - + dto.setPolicy(null); + dto.setAttributeDTOs(new AttributeDTO[0]); + dto.setPolicyEditorData( new String[0]); return dto; } /** - * Reads Light Weight PolicyDTO with Attribute meta data for given policy id + * Reads Light Weight PolicyDTO with Attribute metadata for given policy id * * @param policyId policy id * @return PolicyDTO but don not contains XACML policy * @throws EntitlementException throws, if fails */ public PolicyDTO readMetaDataPolicyDTO(String policyId) throws EntitlementException { - Resource resource = null; - PolicyDTO dto = null; - resource = store.getPolicy(policyId, PDPConstants.ENTITLEMENT_POLICY_PAP); - if (resource == null) { + PolicyDTO dto = store.getPAPPolicy(policyId); + if (dto == null) { return null; } - dto = new PolicyDTO(); - dto.setPolicyId(policyId); - dto.setActive(Boolean.parseBoolean(resource.getProperty(PDPConstants.ACTIVE_POLICY))); - String policyOrder = resource.getProperty(PDPConstants.POLICY_ORDER); - if (policyOrder != null) { - dto.setPolicyOrder(Integer.parseInt(policyOrder)); - } else { - dto.setPolicyOrder(0); - } - - String version = resource.getProperty(PDPConstants.POLICY_VERSION); - if (version != null) { - dto.setVersion(version); - } - String lastModifiedTime = resource.getProperty(PDPConstants.LAST_MODIFIED_TIME); - if (lastModifiedTime != null) { - dto.setLastModifiedTime(lastModifiedTime); - } - String lastModifiedUser = resource.getProperty(PDPConstants.LAST_MODIFIED_USER); - if (lastModifiedUser != null) { - dto.setLastModifiedUser(lastModifiedUser); - } - dto.setPolicyType(resource.getProperty(PDPConstants.POLICY_TYPE)); - - String policyReferences = resource.getProperty(PDPConstants.POLICY_REFERENCE); - if (policyReferences != null && policyReferences.trim().length() > 0) { - dto.setPolicyIdReferences(policyReferences.split(PDPConstants.ATTRIBUTE_SEPARATOR)); - } - - String policySetReferences = resource.getProperty(PDPConstants.POLICY_SET_REFERENCE); - if (policySetReferences != null && policySetReferences.trim().length() > 0) { - dto.setPolicySetIdReferences(policySetReferences.split(PDPConstants.ATTRIBUTE_SEPARATOR)); - } - - dto.setPolicyEditor(resource.getProperty(PDPConstants.POLICY_EDITOR_TYPE)); - String basicPolicyEditorMetaDataAmount = resource.getProperty(PDPConstants. - BASIC_POLICY_EDITOR_META_DATA_AMOUNT); - if (basicPolicyEditorMetaDataAmount != null) { - int amount = Integer.parseInt(basicPolicyEditorMetaDataAmount); - String[] basicPolicyEditorMetaData = new String[amount]; - for (int i = 0; i < amount; i++) { - basicPolicyEditorMetaData[i] = resource. - getProperty(PDPConstants.BASIC_POLICY_EDITOR_META_DATA + i); - } - dto.setPolicyEditorData(basicPolicyEditorMetaData); - } - PolicyAttributeBuilder policyAttributeBuilder = new PolicyAttributeBuilder(); - dto.setAttributeDTOs(policyAttributeBuilder. - getPolicyMetaDataFromRegistryProperties(resource.getProperties())); + dto.setPolicy(null); return dto; - } /** diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/pdp/EntitlementEngine.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/pdp/EntitlementEngine.java index 1b7eaf807caa..7ebf87dbe9c6 100644 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/pdp/EntitlementEngine.java +++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/pdp/EntitlementEngine.java @@ -39,7 +39,6 @@ import org.wso2.balana.finder.impl.CurrentEnvModule; import org.wso2.balana.finder.impl.SelectorModule; import org.wso2.carbon.context.CarbonContext; -import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.identity.base.IdentityConstants; import org.wso2.carbon.identity.core.util.IdentityUtil; import org.wso2.carbon.identity.entitlement.EntitlementException; @@ -48,9 +47,10 @@ import org.wso2.carbon.identity.entitlement.cache.DecisionCache; import org.wso2.carbon.identity.entitlement.cache.PolicyCache; import org.wso2.carbon.identity.entitlement.cache.SimpleDecisionCache; +import org.wso2.carbon.identity.entitlement.dao.PolicyDAO; import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent; +import org.wso2.carbon.identity.entitlement.pap.EntitlementAdminEngine; import org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyFinder; -import org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStore; import org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreReader; import org.wso2.carbon.identity.entitlement.pip.CarbonAttributeFinder; import org.wso2.carbon.identity.entitlement.pip.CarbonResourceFinder; @@ -58,12 +58,10 @@ import org.wso2.carbon.identity.entitlement.policy.PolicyRequestBuilder; import org.wso2.carbon.identity.entitlement.policy.finder.CarbonPolicyFinder; import org.wso2.carbon.identity.entitlement.policy.search.PolicySearch; -import org.wso2.carbon.utils.CarbonUtils; import org.wso2.carbon.utils.multitenancy.MultitenantConstants; import org.xml.sax.SAXException; import java.io.ByteArrayInputStream; -import java.io.File; import java.io.IOException; import java.util.ArrayList; import java.util.HashSet; @@ -248,7 +246,8 @@ private EntitlementEngine(int tenantId) { // Test PDP with all finders but policy finder is different PolicyFinder policyFinder = new PolicyFinder(); Set policyModules = new HashSet(); - PAPPolicyFinder papPolicyFinder = new PAPPolicyFinder(new PAPPolicyStoreReader(new PAPPolicyStore())); + PolicyDAO store = EntitlementAdminEngine.getInstance().getPolicyDAO(); + PAPPolicyFinder papPolicyFinder = new PAPPolicyFinder(new PAPPolicyStoreReader(store)); policyModules.add(papPolicyFinder); policyFinder.setModules(policyModules); this.papPolicyFinder = policyFinder; diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/AbstractPolicyFinderModule.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/AbstractPolicyFinderModule.java index 7c45414a1081..9fbceeece2a5 100644 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/AbstractPolicyFinderModule.java +++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/AbstractPolicyFinderModule.java @@ -22,7 +22,7 @@ import org.apache.commons.logging.LogFactory; import org.wso2.carbon.identity.entitlement.PolicyOrderComparator; import org.wso2.carbon.identity.entitlement.dto.AttributeDTO; -import org.wso2.carbon.identity.entitlement.dto.PolicyStoreDTO; +import org.wso2.carbon.identity.entitlement.dto.PolicyDTO; import org.wso2.carbon.identity.entitlement.pap.EntitlementAdminEngine; import org.wso2.carbon.identity.entitlement.pdp.EntitlementEngine; @@ -62,14 +62,14 @@ public String[] getOrderedPolicyIdentifiers() { log.debug("Start retrieving ordered policy identifiers at : " + new Date()); String[] policyIdentifiers = getPolicyIdentifiers(); if (policyIdentifiers != null && !isPolicyOrderingSupport()) { - PolicyStoreDTO[] policyDTOs = EntitlementAdminEngine.getInstance(). - getPolicyStoreManager().getAllPolicyData(); + PolicyDTO[] policyDTOs = EntitlementAdminEngine.getInstance(). + getPolicyStoreManager().getLightPolicies(); Arrays.sort(policyDTOs, new PolicyOrderComparator()); List list = new ArrayList(); List finalList = new ArrayList(); // 1st put non -order items list.addAll(Arrays.asList(policyIdentifiers)); - for (PolicyStoreDTO dto : policyDTOs) { + for (PolicyDTO dto : policyDTOs) { list.remove(dto.getPolicyId()); finalList.add(dto.getPolicyId()); } @@ -82,19 +82,17 @@ public String[] getOrderedPolicyIdentifiers() { @Override public String[] getActivePolicies() { + log.debug("Start retrieving active policies at : " + new Date()); List policies = new ArrayList(); String[] policyIdentifiers = getOrderedPolicyIdentifiers(); if (policyIdentifiers != null) { for (String identifier : policyIdentifiers) { if (!isPolicyDeActivationSupport()) { - PolicyStoreDTO data = EntitlementAdminEngine.getInstance(). - getPolicyDataStore().getPolicyData(identifier); - if (data != null && data.isActive()) { - String policy = getPolicy(identifier); - if (policy != null) { - policies.add(policy); - } + PolicyDTO policyDTO = EntitlementAdminEngine.getInstance(). + getPolicyStoreManager().getPolicy(identifier); + if (policyDTO != null && policyDTO.isActive()) { + policies.add(policyDTO.getPolicy()); } } else { String policy = getPolicy(identifier); @@ -109,7 +107,6 @@ public String[] getActivePolicies() { } - @Override public boolean isDefaultCategoriesSupported() { return true; diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/CarbonPolicyFinder.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/CarbonPolicyFinder.java index 69a61cd6b1ec..8b89eecb9c5c 100644 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/CarbonPolicyFinder.java +++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/CarbonPolicyFinder.java @@ -37,14 +37,14 @@ import org.wso2.carbon.identity.entitlement.PolicyOrderComparator; import org.wso2.carbon.identity.entitlement.cache.PolicyStatus; import org.wso2.carbon.identity.entitlement.common.EntitlementConstants; +import org.wso2.carbon.identity.entitlement.dao.ConfigDAO; import org.wso2.carbon.identity.entitlement.dto.PolicyDTO; import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent; +import org.wso2.carbon.identity.entitlement.pap.EntitlementAdminEngine; import org.wso2.carbon.identity.entitlement.pdp.EntitlementEngine; import org.wso2.carbon.identity.entitlement.policy.PolicyReader; import org.wso2.carbon.identity.entitlement.policy.collection.PolicyCollection; import org.wso2.carbon.identity.entitlement.policy.collection.SimplePolicyCollection; -import org.wso2.carbon.identity.entitlement.policy.store.DefaultPolicyDataStore; -import org.wso2.carbon.identity.entitlement.policy.store.PolicyDataStore; import java.net.URI; import java.net.URISyntaxException; @@ -143,12 +143,8 @@ protected boolean removeEldestEntry(Map.Entry eldest) { if (this.finderModules != null && this.finderModules.size() > 0) { // find policy combining algorithm. - // here we can get policy data store by using EntitlementAdminEngine. But we are not - // use it here. As we need not to have a dependant on EntitlementAdminEngine - PolicyDataStore policyDataStore; - policyDataStore = new DefaultPolicyDataStore(); - - policyCombiningAlgorithm = policyDataStore.getGlobalPolicyAlgorithm(); + ConfigDAO configDAO = EntitlementAdminEngine.getInstance().getConfigDAO(); + policyCombiningAlgorithm = configDAO.getGlobalPolicyAlgorithm(); tempPolicyCollection.setPolicyCombiningAlgorithm(policyCombiningAlgorithm); diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/PolicyFinderModule.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/PolicyFinderModule.java index 27da0ac1a857..a9147988da64 100644 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/PolicyFinderModule.java +++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/PolicyFinderModule.java @@ -154,4 +154,5 @@ public Map> getSearchAttributes(String identifier, */ public boolean isPolicyDeActivationSupport(); + } diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/registry/RegistryPolicyHandler.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/registry/RegistryPolicyHandler.java index b0d834aa22f5..ea3a46b07e54 100644 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/registry/RegistryPolicyHandler.java +++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/registry/RegistryPolicyHandler.java @@ -19,8 +19,8 @@ package org.wso2.carbon.identity.entitlement.policy.finder.registry; import org.wso2.carbon.identity.entitlement.PDPConstants; +import org.wso2.carbon.identity.entitlement.dao.RegistryPolicyDAOImpl; import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent; -import org.wso2.carbon.identity.entitlement.policy.store.RegistryPolicyStoreManageModule; import org.wso2.carbon.registry.core.exceptions.RegistryException; import org.wso2.carbon.registry.core.jdbc.handlers.Handler; import org.wso2.carbon.registry.core.jdbc.handlers.RequestContext; @@ -41,7 +41,7 @@ public void put(RequestContext requestContext) throws RegistryException { enableRegistryCacheClear = Boolean.parseBoolean(properties.getProperty(PDPConstants.PDP_REGISTRY_LEVEL_POLICY_CACHE_CLEAR)); } if(enableRegistryCacheClear) { - RegistryPolicyStoreManageModule.invalidateCache(); + RegistryPolicyDAOImpl.invalidateCache(); } @@ -57,7 +57,7 @@ public void delete(RequestContext requestContext) throws RegistryException { enableRegistryCacheClear = Boolean.parseBoolean(properties.getProperty(PDPConstants.PDP_REGISTRY_LEVEL_POLICY_CACHE_CLEAR)); } if(enableRegistryCacheClear) { - RegistryPolicyStoreManageModule.invalidateCache(); + RegistryPolicyDAOImpl.invalidateCache(); } } diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/registry/RegistryPolicyReader.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/registry/RegistryPolicyReader.java deleted file mode 100644 index 69266fd12e55..000000000000 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/finder/registry/RegistryPolicyReader.java +++ /dev/null @@ -1,303 +0,0 @@ -/* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ - -package org.wso2.carbon.identity.entitlement.policy.finder.registry; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.wso2.balana.AbstractPolicy; -import org.wso2.carbon.identity.entitlement.EntitlementException; -import org.wso2.carbon.identity.entitlement.PolicyOrderComparator; -import org.wso2.carbon.identity.entitlement.dto.PolicyDTO; -import org.wso2.carbon.identity.entitlement.pap.PAPPolicyReader; -import org.wso2.carbon.identity.entitlement.policy.PolicyAttributeBuilder; -import org.wso2.carbon.registry.core.Collection; -import org.wso2.carbon.registry.core.Registry; -import org.wso2.carbon.registry.core.RegistryConstants; -import org.wso2.carbon.registry.core.Resource; -import org.wso2.carbon.registry.core.exceptions.RegistryException; - -import java.nio.charset.Charset; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; - -/** - * Registry policy reader - */ -public class RegistryPolicyReader { - - /** - * logger - */ - private static Log log = LogFactory.getLog(RegistryPolicyReader.class); - /** - * Governance registry instance of current tenant - */ - private Registry registry; - /** - * policy store path of the registry - */ - private String policyStorePath; - - /** - * constructor - * - * @param registry registry instance - * @param policyStorePath policy store path of the registry - */ - public RegistryPolicyReader(Registry registry, String policyStorePath) { - this.registry = registry; - this.policyStorePath = policyStorePath; - } - - /** - * Reads given policy resource as PolicyDTO - * - * @param policyId policy id - * @return PolicyDTO - * @throws EntitlementException throws, if fails - */ - public PolicyDTO readPolicy(String policyId) throws EntitlementException { - - Resource resource = null; - - resource = getPolicyResource(policyId); - - if (resource == null) { - return new PolicyDTO(); - } - - return readPolicy(resource); - } - - /** - * Reads All ordered active policies as PolicyDTO - * - * @param active only return active policies - * @param order return ordered policy - * @return Array of PolicyDTO - * @throws EntitlementException throws, if fails - */ - public PolicyDTO[] readAllPolicies(boolean active, boolean order) throws EntitlementException { - - Resource[] resources = null; - resources = getAllPolicyResource(); - - if (resources == null) { - return new PolicyDTO[0]; - } - List policyDTOList = new ArrayList(); - for (Resource resource : resources) { - PolicyDTO policyDTO = readPolicy(resource); - if (active) { - if (policyDTO.isActive()) { - policyDTOList.add(policyDTO); - } - } else { - policyDTOList.add(policyDTO); - } - } - - PolicyDTO[] policyDTOs = policyDTOList.toArray(new PolicyDTO[policyDTOList.size()]); - - if (order) { - Arrays.sort(policyDTOs, new PolicyOrderComparator()); - } - return policyDTOs; - } - - - /** - * This returns all the policy ids as String list. Here we assume registry resource name as - * the policy id. - * - * @return policy ids as String[] - * @throws EntitlementException throws if fails - */ - public String[] getAllPolicyIds() throws EntitlementException { - - String path = null; - Collection collection = null; - String[] children = null; - List resources = new ArrayList(); - - if (log.isDebugEnabled()) { - log.debug("Retrieving all entitlement policies"); - } - - try { - path = policyStorePath; - - if (!registry.resourceExists(path)) { - if (log.isDebugEnabled()) { - log.debug("Trying to access an entitlement policy which does not exist"); - } - return null; - } - collection = (Collection) registry.get(path); - children = collection.getChildren(); - for (String child : children) { - String id = child.substring(child.lastIndexOf(RegistryConstants.PATH_SEPARATOR) + 1); - resources.add(id); - } - - } catch (RegistryException e) { - log.error("Error while retrieving entitlement policy resources", e); - throw new EntitlementException("Error while retrieving entitlement policy resources", e); - } - - return resources.toArray(new String[resources.size()]); - } - - /** - * Reads PolicyDTO for given registry resource - * - * @param resource Registry resource - * @return PolicyDTO - * @throws EntitlementException throws, if fails - */ - private PolicyDTO readPolicy(Resource resource) throws EntitlementException { - - String policy = null; - AbstractPolicy absPolicy = null; - PolicyDTO dto = null; - - try { - if (resource.getContent() == null) { - throw new EntitlementException("Error while loading entitlement policy. Policy content is null"); - } - policy = new String((byte[]) resource.getContent(), Charset.forName("UTF-8")); - absPolicy = PAPPolicyReader.getInstance(null).getPolicy(policy); - dto = new PolicyDTO(); - dto.setPolicyId(absPolicy.getId().toASCIIString()); - dto.setPolicy(policy); - String policyOrder = resource.getProperty("order"); - if (policyOrder != null) { - dto.setPolicyOrder(Integer.parseInt(policyOrder)); - } else { - dto.setPolicyOrder(0); - } - String policyActive = resource.getProperty("active"); - if (policyActive != null) { - dto.setActive(Boolean.parseBoolean(policyActive)); - } - PolicyAttributeBuilder policyAttributeBuilder = new PolicyAttributeBuilder(); - dto.setAttributeDTOs(policyAttributeBuilder. - getPolicyMetaDataFromRegistryProperties(resource.getProperties())); - return dto; - } catch (RegistryException e) { - log.error("Error while loading entitlement policy", e); - throw new EntitlementException("Error while loading entitlement policy", e); - } - } - - /** - * This reads the policy combining algorithm from registry resource property - * - * @return policy combining algorithm as String - * @throws EntitlementException throws - */ - public String readPolicyCombiningAlgorithm() throws EntitlementException { - try { - Collection policyCollection = null; - if (registry.resourceExists(policyStorePath)) { - policyCollection = (Collection) registry.get(policyStorePath); - } - if (policyCollection != null) { - return policyCollection.getProperty("globalPolicyCombiningAlgorithm"); - } - return null; - } catch (RegistryException e) { - log.error("Error while reading policy combining algorithm", e); - throw new EntitlementException("Error while reading policy combining algorithm", e); - } - } - - /** - * This returns given policy as Registry resource - * - * @param policyId policy id - * @return policy as Registry resource - * @throws EntitlementException throws, if fails - */ - private Resource getPolicyResource(String policyId) throws EntitlementException { - String path = null; - - if (log.isDebugEnabled()) { - log.debug("Retrieving entitlement policy"); - } - - try { - path = policyStorePath + policyId; - - if (!registry.resourceExists(path)) { - if (log.isDebugEnabled()) { - log.debug("Trying to access an entitlement policy which does not exist"); - } - return null; - } - return registry.get(path); - } catch (RegistryException e) { - log.error("Error while retrieving entitlement policy : " + policyId, e); - throw new EntitlementException("Error while retrieving entitlement policy : " + policyId, e); - } - } - - /** - * This returns all the policies as Registry resources. - * - * @return policies as Resource[] - * @throws org.wso2.carbon.identity.entitlement.EntitlementException throws if fails - */ - private Resource[] getAllPolicyResource() throws EntitlementException { - - String path = null; - Collection collection = null; - List resources = new ArrayList(); - String[] children = null; - - if (log.isDebugEnabled()) { - log.debug("Retrieving all entitlement policies"); - } - - try { - path = policyStorePath; - - if (!registry.resourceExists(path)) { - if (log.isDebugEnabled()) { - log.debug("Trying to access an entitlement policy which does not exist"); - } - return null; - } - collection = (Collection) registry.get(path); - children = collection.getChildren(); - - for (String aChildren : children) { - resources.add(registry.get(aChildren)); - } - - } catch (RegistryException e) { - log.error("Error while retrieving entitlement policy", e); - throw new EntitlementException("Error while retrieving entitlement policies", e); - } - - return resources.toArray(new Resource[resources.size()]); - } - -} diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/publisher/PolicyPublishExecutor.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/publisher/PolicyPublishExecutor.java index 93cd745c61f6..6ae492947129 100644 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/publisher/PolicyPublishExecutor.java +++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/publisher/PolicyPublishExecutor.java @@ -26,12 +26,13 @@ import org.wso2.carbon.identity.entitlement.PAPStatusDataHandler; import org.wso2.carbon.identity.entitlement.PDPConstants; import org.wso2.carbon.identity.entitlement.common.EntitlementConstants; +import org.wso2.carbon.identity.entitlement.dao.PolicyDAO; +import org.wso2.carbon.identity.entitlement.dao.SubscriberDAO; import org.wso2.carbon.identity.entitlement.dto.PolicyDTO; import org.wso2.carbon.identity.entitlement.dto.PublisherDataHolder; import org.wso2.carbon.identity.entitlement.dto.StatusHolder; import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent; import org.wso2.carbon.identity.entitlement.pap.EntitlementAdminEngine; -import org.wso2.carbon.identity.entitlement.policy.version.PolicyVersionManager; import org.wso2.carbon.registry.api.Registry; import java.util.ArrayList; @@ -121,7 +122,8 @@ public void publish() { holder = new PublisherDataHolder(policyPublisherModule.getModuleName()); } else { try { - holder = publisher.retrieveSubscriber(subscriberId, true); + SubscriberDAO subscriberManager = EntitlementAdminEngine.getInstance().getSubscriberDAO(); + holder = subscriberManager.getSubscriber(subscriberId, true); } catch (EntitlementException e) { log.error("Subscriber details can not be retrieved. So skip publishing policies " + "for subscriber : " + subscriberId); @@ -173,9 +175,9 @@ public void publish() { if (EntitlementConstants.PolicyPublish.ACTION_CREATE.equalsIgnoreCase(action) || EntitlementConstants.PolicyPublish.ACTION_UPDATE.equalsIgnoreCase(action)) { - PolicyVersionManager manager = EntitlementAdminEngine.getInstance().getVersionManager(); + PolicyDAO policyStore = EntitlementAdminEngine.getInstance().getPolicyDAO(); try { - policyDTO = manager.getPolicy(policyId, version); + policyDTO = policyStore.getPolicy(policyId, version); } catch (EntitlementException e) { // ignore } diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/publisher/PolicyPublisher.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/publisher/PolicyPublisher.java index de4456f9743e..a2159e5fff79 100644 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/publisher/PolicyPublisher.java +++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/publisher/PolicyPublisher.java @@ -18,42 +18,30 @@ package org.wso2.carbon.identity.entitlement.policy.publisher; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; import org.wso2.carbon.context.CarbonContext; -import org.wso2.carbon.core.util.CryptoException; -import org.wso2.carbon.core.util.CryptoUtil; import org.wso2.carbon.identity.entitlement.EntitlementException; import org.wso2.carbon.identity.entitlement.PAPStatusDataHandler; -import org.wso2.carbon.identity.entitlement.PDPConstants; import org.wso2.carbon.identity.entitlement.common.EntitlementConstants; +import org.wso2.carbon.identity.entitlement.dao.RegistrySubscriberDAOImpl; +import org.wso2.carbon.identity.entitlement.dao.SubscriberDAO; import org.wso2.carbon.identity.entitlement.dto.PublisherDataHolder; import org.wso2.carbon.identity.entitlement.dto.PublisherPropertyDTO; import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent; -import org.wso2.carbon.registry.core.Collection; -import org.wso2.carbon.registry.core.Registry; -import org.wso2.carbon.registry.core.RegistryConstants; -import org.wso2.carbon.registry.core.Resource; -import org.wso2.carbon.registry.core.exceptions.RegistryException; -import java.util.ArrayList; import java.util.HashSet; -import java.util.List; import java.util.Map; import java.util.Properties; import java.util.Set; -import java.util.regex.Matcher; -import java.util.regex.Pattern; /** * This is policy publisher. There can be different modules that have been plugged with this. - * This module currently is bound with the WSO2 registry, as some meta data is store there, + * */ public class PolicyPublisher { public static final String SUBSCRIBER_ID = "subscriberId"; public static final String SUBSCRIBER_DISPLAY_NAME = "Subscriber Id"; - private static Log log = LogFactory.getLog(PolicyPublisher.class); + /** * set of publisher modules @@ -69,15 +57,13 @@ public class PolicyPublisher { * Verification publisher modules */ PublisherVerificationModule verificationModule = null; - private Registry registry; + /** * Creates PolicyPublisher instance */ public PolicyPublisher() { - this.registry = EntitlementServiceComponent. - getGovernanceRegistry(CarbonContext.getThreadLocalCarbonContext().getTenantId()); Map publisherModules = EntitlementServiceComponent. getEntitlementConfig().getPolicyPublisherModules(); if (publisherModules != null && !publisherModules.isEmpty()) { @@ -90,7 +76,7 @@ public PolicyPublisher() { this.verificationModule = prePublisherModules.keySet().iterator().next(); } - // creating default subscriber to publish policies to PDP + // Creates a default subscriber to publish policies to PDP CarbonPDPPublisher publisher = new CarbonPDPPublisher(); this.publisherModules.add(publisher); @@ -99,16 +85,17 @@ public PolicyPublisher() { dto.setId(SUBSCRIBER_ID); dto.setDisplayName(SUBSCRIBER_DISPLAY_NAME); dto.setValue(EntitlementConstants.PDP_SUBSCRIBER_ID); - holder.setPropertyDTOs(new PublisherPropertyDTO[]{dto}); + holder.setPropertyDTOs(new PublisherPropertyDTO[] {dto}); try { PublisherDataHolder pdpDataHolder = null; + SubscriberDAO subscriberManager = new RegistrySubscriberDAOImpl(); try { - pdpDataHolder = retrieveSubscriber(EntitlementConstants.PDP_SUBSCRIBER_ID, false); + pdpDataHolder = subscriberManager.getSubscriber(EntitlementConstants.PDP_SUBSCRIBER_ID, false); } catch (Exception e) { // ignore } if (pdpDataHolder == null) { - persistSubscriber(holder, false); + subscriberManager.addSubscriber(holder); } } catch (EntitlementException e) { // ignore @@ -145,177 +132,6 @@ public void publishPolicy(String[] policyIds, String version, String action, boo executor.run(); } - - public void persistSubscriber(PublisherDataHolder holder, boolean update) throws EntitlementException { - - Collection policyCollection; - String subscriberPath; - String subscriberId = null; - - if (holder == null || holder.getPropertyDTOs() == null) { - log.error("Publisher data can not be null"); - throw new EntitlementException("Publisher data can not be null"); - } - - for (PublisherPropertyDTO dto : holder.getPropertyDTOs()) { - if (SUBSCRIBER_ID.equals(dto.getId())) { - subscriberId = dto.getValue(); - } - } - - if (subscriberId == null) { - log.error("Subscriber Id can not be null"); - throw new EntitlementException("Subscriber Id can not be null"); - } - - try { - if (registry.resourceExists(PDPConstants.ENTITLEMENT_POLICY_PUBLISHER)) { - policyCollection = registry.newCollection(); - registry.put(PDPConstants.ENTITLEMENT_POLICY_PUBLISHER, policyCollection); - } - - subscriberPath = PDPConstants.ENTITLEMENT_POLICY_PUBLISHER + - RegistryConstants.PATH_SEPARATOR + subscriberId; - - Resource resource; - - PublisherDataHolder oldHolder = null; - if (registry.resourceExists(subscriberPath)) { - if (update) { - resource = registry.get(subscriberPath); - oldHolder = new PublisherDataHolder(resource, false); - } else { - throw new EntitlementException("Subscriber ID already exists"); - } - } else { - resource = registry.newResource(); - } - - populateProperties(holder, oldHolder, resource); - registry.put(subscriberPath, resource); - - } catch (RegistryException e) { - log.error("Error while persisting subscriber details", e); - throw new EntitlementException("Error while persisting subscriber details", e); - } - } - - - public void deleteSubscriber(String subscriberId) throws EntitlementException { - - String subscriberPath; - - if (subscriberId == null) { - log.error("Subscriber Id can not be null"); - throw new EntitlementException("Subscriber Id can not be null"); - } - - if (EntitlementConstants.PDP_SUBSCRIBER_ID.equals(subscriberId.trim())) { - log.error("Can not delete PDP publisher"); - throw new EntitlementException("Can not delete PDP publisher"); - } - - try { - subscriberPath = PDPConstants.ENTITLEMENT_POLICY_PUBLISHER + - RegistryConstants.PATH_SEPARATOR + subscriberId; - - if (registry.resourceExists(subscriberPath)) { - registry.delete(subscriberPath); - } - } catch (RegistryException e) { - log.error("Error while deleting subscriber details", e); - throw new EntitlementException("Error while deleting subscriber details", e); - } - } - - public PublisherDataHolder retrieveSubscriber(String id, boolean returnSecrets) throws EntitlementException { - - try { - if (registry.resourceExists(PDPConstants.ENTITLEMENT_POLICY_PUBLISHER + - RegistryConstants.PATH_SEPARATOR + id)) { - Resource resource = registry.get(PDPConstants.ENTITLEMENT_POLICY_PUBLISHER + - RegistryConstants.PATH_SEPARATOR + id); - - return new PublisherDataHolder(resource, returnSecrets); - } - } catch (RegistryException e) { - log.error("Error while retrieving subscriber detail of id : " + id, e); - throw new EntitlementException("Error while retrieving subscriber detail of id : " + id, e); - } - - throw new EntitlementException("No Subscriber is defined for given Id"); - } - - public String[] retrieveSubscriberIds(String searchString) throws EntitlementException { - - try { - if (registry.resourceExists(PDPConstants.ENTITLEMENT_POLICY_PUBLISHER + - RegistryConstants.PATH_SEPARATOR)) { - Resource resource = registry.get(PDPConstants.ENTITLEMENT_POLICY_PUBLISHER + - RegistryConstants.PATH_SEPARATOR); - Collection collection = (Collection) resource; - List list = new ArrayList(); - if (collection.getChildCount() > 0) { - searchString = searchString.replace("*", ".*"); - Pattern pattern = Pattern.compile(searchString, Pattern.CASE_INSENSITIVE); - for (String path : collection.getChildren()) { - String id = path.substring(path.lastIndexOf(RegistryConstants.PATH_SEPARATOR) + 1); - Matcher matcher = pattern.matcher(id); - if (!matcher.matches()) { - continue; - } - Resource childResource = registry.get(path); - if (childResource != null && childResource.getProperty(SUBSCRIBER_ID) != null) { - list.add(childResource.getProperty(SUBSCRIBER_ID)); - } - } - } - return list.toArray(new String[list.size()]); - } - } catch (RegistryException e) { - log.error("Error while retrieving subscriber of ids", e); - throw new EntitlementException("Error while retrieving subscriber ids", e); - - } - - return null; - } - - private void populateProperties(PublisherDataHolder holder, - PublisherDataHolder oldHolder, Resource resource) { - - PublisherPropertyDTO[] propertyDTOs = holder.getPropertyDTOs(); - for (PublisherPropertyDTO dto : propertyDTOs) { - if (dto.getId() != null && dto.getValue() != null && dto.getValue().trim().length() > 0) { - ArrayList list = new ArrayList(); - if (dto.isSecret()) { - PublisherPropertyDTO propertyDTO = null; - if (oldHolder != null) { - propertyDTO = oldHolder.getPropertyDTO(dto.getId()); - } - if (propertyDTO == null || !propertyDTO.getValue().equalsIgnoreCase(dto.getValue())) { - try { - String encryptedValue = CryptoUtil.getDefaultCryptoUtil(). - encryptAndBase64Encode(dto.getValue().getBytes()); - dto.setValue(encryptedValue); - } catch (CryptoException e) { - log.error("Error while encrypting secret value of subscriber. " + - "Secret would not be persist.", e); - continue; - } - } - } - list.add(dto.getValue()); - list.add(dto.getDisplayName()); - list.add(Integer.toString(dto.getDisplayOrder())); - list.add(Boolean.toString(dto.isRequired())); - list.add(Boolean.toString(dto.isSecret())); - resource.setProperty(dto.getId(), list); - } - } - resource.setProperty(PublisherDataHolder.MODULE_NAME, holder.getModuleName()); - } - public Set getPublisherModules() { return publisherModules; } diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/DefaultPolicyDataStore.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/DefaultPolicyDataStore.java deleted file mode 100644 index c502c187164c..000000000000 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/DefaultPolicyDataStore.java +++ /dev/null @@ -1,278 +0,0 @@ -/* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ -package org.wso2.carbon.identity.entitlement.policy.store; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.wso2.balana.combine.PolicyCombiningAlgorithm; -import org.wso2.balana.combine.xacml3.DenyOverridesPolicyAlg; -import org.wso2.carbon.context.CarbonContext; -import org.wso2.carbon.identity.entitlement.EntitlementException; -import org.wso2.carbon.identity.entitlement.EntitlementUtil; -import org.wso2.carbon.identity.entitlement.PDPConstants; -import org.wso2.carbon.identity.entitlement.dto.PolicyStoreDTO; -import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent; -import org.wso2.carbon.identity.entitlement.pdp.EntitlementEngine; -import org.wso2.carbon.registry.core.Collection; -import org.wso2.carbon.registry.core.Registry; -import org.wso2.carbon.registry.core.RegistryConstants; -import org.wso2.carbon.registry.core.Resource; -import org.wso2.carbon.registry.core.exceptions.RegistryException; - -import java.util.ArrayList; -import java.util.List; -import java.util.Properties; - -/** - * This is default implementation, where data are stored in carbon registry - */ -public class DefaultPolicyDataStore implements PolicyDataStore { - - public static final String POLICY_COMBINING_PREFIX_1 = - "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:"; - public static final String POLICY_COMBINING_PREFIX_3 = - "urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:"; - private static Log log = LogFactory.getLog(DefaultPolicyDataStore.class); - private String policyDataCollection = PDPConstants.ENTITLEMENT_POLICY_DATA; - - @Override - public void init(Properties properties) throws EntitlementException { - - } - - @Override - public PolicyCombiningAlgorithm getGlobalPolicyAlgorithm() { - - - String algorithm = null; - try { - Registry registry = getGovernanceRegistry(); - if (registry.resourceExists(policyDataCollection)) { - Collection collection = (Collection) registry.get(policyDataCollection); - algorithm = collection.getProperty("globalPolicyCombiningAlgorithm"); - } - - if (algorithm == null || algorithm.trim().length() == 0) { - // read algorithm from entitlement.properties file - algorithm = EntitlementServiceComponent.getEntitlementConfig().getEngineProperties(). - getProperty(PDPConstants.PDP_GLOBAL_COMBINING_ALGORITHM); - log.info("Using Global policy combining algorithm that is defined in configuration file."); - try { - return EntitlementUtil.getPolicyCombiningAlgorithm(algorithm); - } catch (Exception e) { - log.debug(e); - } - } - - if (algorithm != null && algorithm.trim().length() > 0) { - if ("first-applicable".equals(algorithm) || "only-one-applicable".equals(algorithm)) { - algorithm = POLICY_COMBINING_PREFIX_1 + algorithm; - } else { - algorithm = POLICY_COMBINING_PREFIX_3 + algorithm; - } - return EntitlementUtil.getPolicyCombiningAlgorithm(algorithm); - } - - } catch (RegistryException | EntitlementException e) { - if (log.isDebugEnabled()) { - log.debug("Exception while getting Global Policy Algorithm from policy data store.", e); - } - } - - log.warn("Global policy combining algorithm is not defined. Therefore using default one"); - return new DenyOverridesPolicyAlg(); - } - - @Override - public void setGlobalPolicyAlgorithm(String policyCombiningAlgorithm) throws EntitlementException { - - Registry registry = getGovernanceRegistry(); - try { - Collection policyCollection; - if (registry.resourceExists(policyDataCollection)) { - policyCollection = (Collection) registry.get(policyDataCollection); - } else { - policyCollection = registry.newCollection(); - } - - policyCollection.setProperty("globalPolicyCombiningAlgorithm", policyCombiningAlgorithm); - registry.put(policyDataCollection, policyCollection); - - // performing cache invalidation - EntitlementEngine.getInstance().invalidatePolicyCache(); - - } catch (RegistryException e) { - log.error("Error while updating Global combing algorithm in policy store ", e); - throw new EntitlementException("Error while updating combing algorithm in policy store"); - } - } - - @Override - public String getGlobalPolicyAlgorithmName() { - - String algorithm = null; - try { - - Registry registry = getGovernanceRegistry(); - if (registry.resourceExists(policyDataCollection)) { - Collection collection = (Collection) registry.get(policyDataCollection); - algorithm = collection.getProperty("globalPolicyCombiningAlgorithm"); - } - } catch (RegistryException e) { - if (log.isDebugEnabled()) { - log.debug(e); - } - } catch (EntitlementException e) { - log.error("Error while getting Global Policy Combining Algorithm Name.", e); - } - - // set default - if (algorithm == null) { - algorithm = "deny-overrides"; - } - - return algorithm; - } - - @Override - public String[] getAllGlobalPolicyAlgorithmNames() { - - return new String[]{"deny-overrides", "permit-overrides", "first-applicable", - "ordered-deny-overrides", "ordered-permit-overrides", "only-one-applicable"}; - } - - @Override - public PolicyStoreDTO getPolicyData(String policyId) { - - PolicyStoreDTO dataDTO = new PolicyStoreDTO(); - try { - Registry registry = getGovernanceRegistry(); - String path = policyDataCollection + policyId; - if (registry.resourceExists(path)) { - Resource resource = registry.get(path); - String order = resource.getProperty("order"); - String active = resource.getProperty("active"); - if (order != null && order.trim().length() > 0) { - dataDTO.setPolicyOrder(Integer.parseInt(order)); - } - dataDTO.setActive(Boolean.parseBoolean(active)); - } - } catch (RegistryException e) { - if (log.isDebugEnabled()) { - log.debug(e); - } - } catch (EntitlementException e) { - log.error("Error while getting policy data for policyId: " + policyId, e); - } - return dataDTO; - } - - - @Override - public PolicyStoreDTO[] getPolicyData() { - - - List policyStoreDTOs = new ArrayList(); - try { - Registry registry = getGovernanceRegistry(); - if (registry.resourceExists(policyDataCollection)) { - Collection collection = (Collection) registry.get(policyDataCollection); - String[] paths = collection.getChildren(); - for (String path : paths) { - if (registry.resourceExists(path)) { - PolicyStoreDTO dataDTO = new PolicyStoreDTO(); - Resource resource = registry.get(path); - String order = resource.getProperty("order"); - String active = resource.getProperty("active"); - String id = path.substring(path.lastIndexOf(RegistryConstants.PATH_SEPARATOR) + 1); - dataDTO.setPolicyId(id); - if (order != null && order.trim().length() > 0) { - dataDTO.setPolicyOrder(Integer.parseInt(order)); - } - dataDTO.setActive(Boolean.parseBoolean(active)); - policyStoreDTOs.add(dataDTO); - } - } - } - } catch (RegistryException e) { - if (log.isDebugEnabled()) { - log.debug(e); - } - } catch (EntitlementException e) { - log.error("Error while getting all policy data.", e); - } - return policyStoreDTOs.toArray(new PolicyStoreDTO[policyStoreDTOs.size()]); - } - - @Override - public void setPolicyData(String policyId, PolicyStoreDTO policyDataDTO) throws EntitlementException { - - Registry registry = getGovernanceRegistry(); - try { - String path = policyDataCollection + policyId; - Resource resource; - if (registry.resourceExists(path)) { - resource = registry.get(path); - } else { - resource = registry.newCollection(); - } - - if (policyDataDTO.isSetActive()) { - resource.setProperty("active", Boolean.toString(policyDataDTO.isActive())); - } - if (policyDataDTO.isSetOrder()) { - int order = policyDataDTO.getPolicyOrder(); - if (order > 0) { - resource.setProperty("order", Integer.toString(order)); - } - } - registry.put(path, resource); - } catch (RegistryException e) { - log.error("Error while updating Policy data in policy store ", e); - throw new EntitlementException("Error while updating Policy data in policy store"); - } - } - - @Override - public void removePolicyData(String policyId) throws EntitlementException { - - Registry registry = getGovernanceRegistry(); - try { - String path = policyDataCollection + policyId; - if (registry.resourceExists(path)) { - registry.delete(path); - } - } catch (RegistryException e) { - log.error("Error while deleting Policy data in policy store ", e); - throw new EntitlementException("Error while deleting Policy data in policy store"); - } - - } - - private Registry getGovernanceRegistry() throws EntitlementException { - - int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); - Registry registry = EntitlementServiceComponent.getGovernanceRegistry(tenantId); - - if (registry == null) { - throw new EntitlementException("Unable to get governance registry for tenant: " + tenantId); - } - - return registry; - } -} diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/PolicyDataStore.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/PolicyDataStore.java deleted file mode 100644 index 6d9824c3b9a5..000000000000 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/PolicyDataStore.java +++ /dev/null @@ -1,104 +0,0 @@ -/* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ - -package org.wso2.carbon.identity.entitlement.policy.store; - -import org.wso2.balana.combine.PolicyCombiningAlgorithm; -import org.wso2.carbon.identity.entitlement.EntitlementException; -import org.wso2.carbon.identity.entitlement.dto.PolicyStoreDTO; - -import java.util.Properties; - -/** - * This is the entitlement policy data store that is used to persist meta data of the policies - * Such as global policy combining algorithm. - */ -public interface PolicyDataStore { - - - /** - * initializes the PolicyDataStore - * - * @param properties properties, that need to initialize the module. - * @throws EntitlementException throws when initialization is failed - */ - public void init(Properties properties) throws EntitlementException; - - /** - * Gets the policy combining algorithm of the PDP - * - * @return policy combining algorithm as PolicyCombiningAlgorithm - */ - public PolicyCombiningAlgorithm getGlobalPolicyAlgorithm(); - - /** - * Persist the policy combining algorithm in to data store - * - * @param policyCombiningAlgorithm policy combining algorithm name to persist - * @throws EntitlementException throws if fails - */ - public void setGlobalPolicyAlgorithm(String policyCombiningAlgorithm) throws EntitlementException; - - /** - * Gets the policy combining algorithm name of the PDP - * - * @return policy combining algorithm name as String - */ - public String getGlobalPolicyAlgorithmName(); - - /** - * Gets all supported policy combining algorithm name of the PDP - * - * @return policy combining algorithm names as Array of String - */ - public String[] getAllGlobalPolicyAlgorithmNames(); - - /** - * Gets policy data for given policy id - * - * @param policyId policy id as String - * @return policy data such as order and so on PolicyStoreDTO - */ - public PolicyStoreDTO getPolicyData(String policyId); - - - /** - * Gets all policy data - * - * @return Array of PolicyStoreDTO - */ - public PolicyStoreDTO[] getPolicyData(); - - /** - * Set policy data for give policy id - * - * @param policyId policy id as String - * @param policyDataDTO policy data such as order and so on PolicyStoreDTO - * @throws EntitlementException if it is failed - */ - public void setPolicyData(String policyId, PolicyStoreDTO policyDataDTO) throws EntitlementException; - - /** - * Remove policy data for give policy id - * - * @param policyId policy id as String - * @throws EntitlementException - */ - public void removePolicyData(String policyId) throws EntitlementException; - -} diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/PolicyStoreManageModule.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/PolicyStoreManageModule.java deleted file mode 100644 index f1b72e1713c7..000000000000 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/PolicyStoreManageModule.java +++ /dev/null @@ -1,71 +0,0 @@ -/* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ - -package org.wso2.carbon.identity.entitlement.policy.store; - -import org.wso2.carbon.identity.entitlement.EntitlementException; -import org.wso2.carbon.identity.entitlement.dto.PolicyStoreDTO; -import org.wso2.carbon.identity.entitlement.policy.finder.PolicyFinderModule; - -import java.util.Properties; - -/** - * Carbon policy manage module is an extension point where XACML policies can be stored and - * loaded in to the PDP from different sources. This is specially written for storing policies. - * There can be only one policy store manage module in PDP - */ -public interface PolicyStoreManageModule extends PolicyFinderModule { - - /** - * init policy store module - * - * @param properties - */ - public void init(Properties properties); - - /** - * add policy in to the store - * - * @param policy - */ - public void addPolicy(PolicyStoreDTO policy) throws EntitlementException; - - - /** - * update policy in to the store - * - * @param policy - */ - public void updatePolicy(PolicyStoreDTO policy) throws EntitlementException; - - /** - * delete policy from the store - * - * @param policyIdentifier - */ - public boolean deletePolicy(String policyIdentifier) throws EntitlementException; - - /** - * Check whether policy is exist or not - * - * @param policyId policy id as String - * @return whether true or false - */ - public boolean isPolicyExist(String policyId); - -} diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/PolicyStoreManager.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/PolicyStoreManager.java index 4b1b45e738eb..73a0e6b66666 100644 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/PolicyStoreManager.java +++ b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/PolicyStoreManager.java @@ -18,10 +18,11 @@ package org.wso2.carbon.identity.entitlement.policy.store; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; +import org.apache.commons.collections.MapUtils; import org.wso2.carbon.identity.entitlement.EntitlementException; import org.wso2.carbon.identity.entitlement.common.EntitlementConstants; +import org.wso2.carbon.identity.entitlement.dao.PolicyDAO; +import org.wso2.carbon.identity.entitlement.dao.RegistryPolicyDAOImpl; import org.wso2.carbon.identity.entitlement.dto.PolicyDTO; import org.wso2.carbon.identity.entitlement.dto.PolicyStoreDTO; import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent; @@ -39,21 +40,17 @@ */ public class PolicyStoreManager { - private PolicyStoreManageModule policyStoreStore = null; - private PolicyDataStore policyDataStore = null; + private final PolicyDAO policyStore; - private static Log log = LogFactory.getLog(PolicyStoreManager.class); + public PolicyStoreManager() { - public PolicyStoreManager(PolicyDataStore policyDataStore) { - // get policy collection - Map policyCollections = EntitlementServiceComponent. + Map policyCollections = EntitlementServiceComponent. getEntitlementConfig().getPolicyStore(); - if (policyCollections != null && policyCollections.size() > 0) { - policyStoreStore = policyCollections.entrySet().iterator().next().getKey(); + if (MapUtils.isNotEmpty(policyCollections)) { + policyStore = policyCollections.entrySet().iterator().next().getKey(); } else { - policyStoreStore = new RegistryPolicyStoreManageModule(); + policyStore = new RegistryPolicyDAOImpl(); } - this.policyDataStore = policyDataStore; } public void addPolicy(PolicyDTO policyDTO) throws EntitlementException { @@ -64,92 +61,93 @@ public void addPolicy(PolicyDTO policyDTO) throws EntitlementException { dto.setActive(policyDTO.isActive()); dto.setPolicyOrder(policyDTO.getPolicyOrder()); dto.setAttributeDTOs(policyDTO.getAttributeDTOs()); - if (policyStoreStore.isPolicyExist(policyDTO.getPolicyId())) { + dto.setVersion(policyDTO.getVersion()); + + if (policyStore.isPublished(policyDTO.getPolicyId())) { dto.setSetActive(false); dto.setSetOrder(false); } else { dto.setSetOrder(true); dto.setSetActive(true); } - policyStoreStore.addPolicy(dto); - policyDataStore.setPolicyData(policyDTO.getPolicyId(), dto); - RegistryPolicyStoreManageModule + policyStore.publishPolicy(dto); + RegistryPolicyDAOImpl .invalidateCache(dto.getPolicyId(), EntitlementConstants.PolicyPublish.ACTION_UPDATE); } public void updatePolicy(PolicyDTO policyDTO) throws EntitlementException { - if (!policyStoreStore.isPolicyExist(policyDTO.getPolicyId())) { - throw new EntitlementException("Policy is not exist in the Policy Store : PolicyId " + - policyDTO.getPolicyId()); + if (!policyStore.isPublished(policyDTO.getPolicyId())) { + throw new EntitlementException("Policy does not exist in the Policy Store : PolicyId " + + policyDTO.getPolicyId()); } + PolicyStoreDTO dto = new PolicyStoreDTO(); dto.setPolicyId(policyDTO.getPolicyId()); dto.setPolicy(policyDTO.getPolicy()); dto.setActive(policyDTO.isActive()); dto.setPolicyOrder(policyDTO.getPolicyOrder()); dto.setAttributeDTOs(policyDTO.getAttributeDTOs()); + dto.setVersion(policyDTO.getVersion()); dto.setSetActive(false); dto.setSetOrder(false); - policyStoreStore.updatePolicy(dto); - RegistryPolicyStoreManageModule + + policyStore.publishPolicy(dto); + RegistryPolicyDAOImpl .invalidateCache(dto.getPolicyId(), EntitlementConstants.PolicyPublish.ACTION_UPDATE); } public void enableDisablePolicy(PolicyDTO policyDTO) throws EntitlementException { - if (!policyStoreStore.isPolicyExist(policyDTO.getPolicyId())) { - throw new EntitlementException("Policy is not exist in the Policy Store : PolicyId " + - policyDTO.getPolicyId()); + if (!policyStore.isPublished(policyDTO.getPolicyId())) { + throw new EntitlementException("Policy does not exist in the Policy Store : PolicyId " + + policyDTO.getPolicyId()); } PolicyStoreDTO dto = new PolicyStoreDTO(); dto.setPolicyId(policyDTO.getPolicyId()); dto.setPolicy(policyDTO.getPolicy()); dto.setActive(policyDTO.isActive()); + dto.setVersion(policyDTO.getVersion()); dto.setSetActive(true); - if (policyStoreStore.isPolicyDeActivationSupport()) { - policyStoreStore.updatePolicy(dto); - } - policyDataStore.setPolicyData(policyDTO.getPolicyId(), dto); + + policyStore.publishPolicy(dto); if (policyDTO.isActive()) { - RegistryPolicyStoreManageModule + RegistryPolicyDAOImpl .invalidateCache(dto.getPolicyId(), EntitlementConstants.PolicyPublish.ACTION_ENABLE); } else { - RegistryPolicyStoreManageModule + RegistryPolicyDAOImpl .invalidateCache(dto.getPolicyId(), EntitlementConstants.PolicyPublish.ACTION_DISABLE); } } public void orderPolicy(PolicyDTO policyDTO) throws EntitlementException { - if (!policyStoreStore.isPolicyExist(policyDTO.getPolicyId())) { - throw new EntitlementException("Policy is not exist in the Policy Store : PolicyId " + - policyDTO.getPolicyId()); + if (!policyStore.isPublished(policyDTO.getPolicyId())) { + throw new EntitlementException("Policy does not exist in the Policy Store : PolicyId " + + policyDTO.getPolicyId()); } PolicyStoreDTO dto = new PolicyStoreDTO(); dto.setPolicyId(policyDTO.getPolicyId()); dto.setPolicy(policyDTO.getPolicy()); dto.setPolicyOrder(policyDTO.getPolicyOrder()); + dto.setVersion(policyDTO.getVersion()); dto.setSetOrder(true); - if (policyStoreStore.isPolicyOrderingSupport()) { - policyStoreStore.updatePolicy(dto); - } - policyDataStore.setPolicyData(policyDTO.getPolicyId(), dto); - RegistryPolicyStoreManageModule + + policyStore.publishPolicy(dto); + RegistryPolicyDAOImpl .invalidateCache(dto.getPolicyId(), EntitlementConstants.PolicyPublish.ACTION_ORDER); } public void removePolicy(PolicyDTO policyDTO) throws EntitlementException { - if (!policyStoreStore.isPolicyExist(policyDTO.getPolicyId())) { - throw new EntitlementException("Policy is not exist in the Policy Store : PolicyId " + - policyDTO.getPolicyId()); + if (!policyStore.isPublished(policyDTO.getPolicyId())) { + throw new EntitlementException("Policy does not exist in the Policy Store : PolicyId " + + policyDTO.getPolicyId()); } - policyStoreStore.deletePolicy(policyDTO.getPolicyId()); - policyDataStore.removePolicyData(policyDTO.getPolicyId()); - RegistryPolicyStoreManageModule + policyStore.unPublishPolicy(policyDTO.getPolicyId()); + RegistryPolicyDAOImpl .invalidateCache(policyDTO.getPolicyId(), EntitlementConstants.PolicyPublish.ACTION_DELETE); } @@ -157,38 +155,38 @@ public PolicyDTO getPolicy(String policyId) { PolicyDTO policyDTO = new PolicyDTO(); policyDTO.setPolicyId(policyId); - String policy = policyStoreStore.getPolicy(policyId); - PolicyStoreDTO storeDTO = policyDataStore.getPolicyData(policyId); - if (policy != null) { - policyDTO.setPolicy(policy); - policyDTO.setActive(storeDTO.isActive()); - policyDTO.setPolicyOrder(storeDTO.getPolicyOrder()); + PolicyDTO dto = policyStore.getPublishedPolicy(policyId); + if (dto != null && dto.getPolicy() != null) { + policyDTO.setPolicy(dto.getPolicy()); + policyDTO.setActive(dto.isActive()); + policyDTO.setPolicyOrder(dto.getPolicyOrder()); } return policyDTO; } public String[] getPolicyIds() { - return policyStoreStore.getOrderedPolicyIdentifiers(); + return policyStore.getOrderedPolicyIdentifiers(); } public PolicyDTO[] getLightPolicies() { - List policyDTOs = new ArrayList(); - String[] policies = policyStoreStore.getOrderedPolicyIdentifiers(); + List policyDTOs = new ArrayList<>(); + String[] policies = policyStore.getOrderedPolicyIdentifiers(); if (policies != null) { for (String policy : policies) { PolicyDTO policyDTO = new PolicyDTO(); policyDTO.setPolicyId(policy); - PolicyStoreDTO storeDTO = policyDataStore.getPolicyData(policy); - policyDTO.setActive(storeDTO.isActive()); - policyDTO.setPolicyOrder(storeDTO.getPolicyOrder()); - policyDTOs.add(policyDTO); + + PolicyDTO dto = policyStore.getPublishedPolicy(policy); + + if (dto != null) { + policyDTO.setActive(dto.isActive()); + policyDTO.setPolicyOrder(dto.getPolicyOrder()); + policyDTOs.add(policyDTO); + } } } - return policyDTOs.toArray(new PolicyDTO[policyDTOs.size()]); + return policyDTOs.toArray(new PolicyDTO[0]); } - public PolicyStoreDTO[] getAllPolicyData() { - return policyDataStore.getPolicyData(); - } } diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/RegistryPolicyStoreManageModule.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/RegistryPolicyStoreManageModule.java deleted file mode 100644 index c6b070d3938a..000000000000 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/store/RegistryPolicyStoreManageModule.java +++ /dev/null @@ -1,406 +0,0 @@ -/* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ - -package org.wso2.carbon.identity.entitlement.policy.store; - -import org.apache.commons.lang.StringUtils; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.wso2.carbon.context.CarbonContext; -import org.wso2.carbon.identity.entitlement.EntitlementException; -import org.wso2.carbon.identity.entitlement.EntitlementUtil; -import org.wso2.carbon.identity.entitlement.PDPConstants; -import org.wso2.carbon.identity.entitlement.dto.AttributeDTO; -import org.wso2.carbon.identity.entitlement.dto.PolicyDTO; -import org.wso2.carbon.identity.entitlement.dto.PolicyStoreDTO; -import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent; -import org.wso2.carbon.identity.entitlement.policy.finder.AbstractPolicyFinderModule; -import org.wso2.carbon.identity.entitlement.policy.finder.PolicyFinderModule; -import org.wso2.carbon.identity.entitlement.policy.finder.registry.RegistryPolicyReader; -import org.wso2.carbon.registry.core.Collection; -import org.wso2.carbon.registry.core.Registry; -import org.wso2.carbon.registry.core.Resource; -import org.wso2.carbon.registry.core.exceptions.RegistryException; - -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Date; -import java.util.HashMap; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Properties; -import java.util.Set; - -/** - * - */ -public class RegistryPolicyStoreManageModule extends AbstractPolicyFinderModule - implements PolicyStoreManageModule { - - private static final String MODULE_NAME = "Registry Policy Finder Module"; - private static final String PROPERTY_POLICY_STORE_PATH = "policyStorePath"; - private static final String PROPERTY_ATTRIBUTE_SEPARATOR = "attributeValueSeparator"; - private static final String DEFAULT_POLICY_STORE_PATH = "/repository/identity/entitlement" + - "/policy/pdp/"; - private static final String KEY_VALUE_POLICY_META_DATA = "policyMetaData"; - private static Log log = LogFactory.getLog(RegistryPolicyStoreManageModule.class); - private String policyStorePath; - - @Override - public void init(Properties properties) { - policyStorePath = properties.getProperty(PROPERTY_POLICY_STORE_PATH); - if (policyStorePath == null) { - policyStorePath = DEFAULT_POLICY_STORE_PATH; - } - } - - @Override - public void addPolicy(PolicyStoreDTO policy) throws EntitlementException { - - Registry registry; - String policyPath; - Collection policyCollection; - Resource resource; - int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); - - if (policy == null || StringUtils.isBlank(policy.getPolicyId())) { - throw new EntitlementException("Policy can not be null"); - } - - try { - registry = EntitlementServiceComponent.getRegistryService(). - getGovernanceSystemRegistry(tenantId); - - if (!registry.resourceExists(policyStorePath)) { - policyCollection = registry.newCollection(); - registry.put(policyStorePath, policyCollection); - } - - policyPath = policyStorePath + policy.getPolicyId(); - - if (registry.resourceExists(policyPath)) { - resource = registry.get(policyPath); - } else { - resource = registry.newResource(); - } - - if (policy.getPolicy() != null && policy.getPolicy().trim().length() != 0) { - resource.setContent(policy.getPolicy()); - resource.setMediaType(PDPConstants.REGISTRY_MEDIA_TYPE); - AttributeDTO[] attributeDTOs = policy.getAttributeDTOs(); - if (attributeDTOs != null) { - // Store policy metadata based on the configured property. - if (EntitlementUtil.isPolicyMetadataStoringEnabled()) { - setAttributesAsProperties(attributeDTOs, resource); - } - } - } - if (policy.isSetActive()) { - resource.setProperty("active", Boolean.toString(policy.isActive())); - } - if (policy.isSetOrder()) { - int order = policy.getPolicyOrder(); - if (order > 0) { - resource.setProperty("order", Integer.toString(order)); - } - } - if (resource.getContent() == null) { - log.info("Prevented adding null content to resource " + policyPath); - return; - } - - // Store policy metadata based on the configured property. - if (!EntitlementUtil.isPolicyMetadataStoringEnabled()) { - for (Map.Entry entry : resource.getProperties().entrySet()) { - if (entry.getKey().toString().startsWith(PDPConstants.POLICY_META_DATA)) { - resource.getProperties().remove(entry.getKey()); - } - } - } - registry.put(policyPath, resource); - } catch (RegistryException e) { - log.error("Error while persisting policy", e); - throw new EntitlementException("Error while persisting policy", e); - } - } - - @Override - public boolean isPolicyExist(String policyId) { - - Registry registry; - String policyPath; - int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); - - if (policyId == null || policyId.trim().length() == 0) { - return false; - } - - try { - registry = EntitlementServiceComponent.getRegistryService(). - getGovernanceSystemRegistry(tenantId); - - policyPath = policyStorePath + policyId; - return registry.resourceExists(policyPath); - } catch (RegistryException e) { - //ignore - return false; - } - } - - @Override - public void updatePolicy(PolicyStoreDTO policy) throws EntitlementException { - addPolicy(policy); - } - - - @Override - public boolean deletePolicy(String policyIdentifier) { - - Registry registry; - String policyPath; - int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); - - if (policyIdentifier == null || policyIdentifier.trim().length() == 0) { - return false; - } - - try { - registry = EntitlementServiceComponent.getRegistryService(). - getGovernanceSystemRegistry(tenantId); - - policyPath = policyStorePath + policyIdentifier; - registry.delete(policyPath); - return true; - } catch (RegistryException e) { - log.error(e); - return false; - } - } - - - @Override - public String getModuleName() { - return MODULE_NAME; - } - - @Override - public String getPolicy(String policyId) { - PolicyDTO dto; - try { - dto = getPolicyReader().readPolicy(policyId); - return dto.getPolicy(); - } catch (Exception e) { - log.error("Policy with identifier " + policyId + " can not be retrieved " + - "from registry policy finder module", e); - } - return null; - } - - @Override - public int getPolicyOrder(String policyId) { - PolicyDTO dto; - try { - dto = getPolicyReader().readPolicy(policyId); - return dto.getPolicyOrder(); - } catch (Exception e) { - log.error("Policy with identifier " + policyId + " can not be retrieved " + - "from registry policy finder module", e); - } - return -1; - } - - @Override - public String[] getActivePolicies() { - - log.debug("Retrieving of Active policies are started. " + new Date()); - - List policies = new ArrayList(); - - try { - PolicyDTO[] policyDTOs = getPolicyReader().readAllPolicies(true, true); - for (PolicyDTO dto : policyDTOs) { - if (dto.getPolicy() != null) { - policies.add(dto.getPolicy()); - } - } - } catch (Exception e) { - log.error("Policies can not be retrieved from registry policy finder module", e); - } - - log.debug("Retrieving of Active policies are finished. " + new Date()); - - return policies.toArray(new String[policies.size()]); - } - - - @Override - public String[] getOrderedPolicyIdentifiers() { - - log.debug("Retrieving of Order Policy Ids are started. " + new Date()); - - List policies = new ArrayList(); - - try { - PolicyDTO[] policyDTOs = getPolicyReader().readAllPolicies(false, true); - for (PolicyDTO dto : policyDTOs) { - if (dto.getPolicy() != null) { - policies.add(dto.getPolicyId()); - } - } - } catch (Exception e) { - log.error("Policies can not be retrieved from registry policy finder module", e); - } - - log.debug("Retrieving of Order Policy Ids are finish. " + new Date()); - - return policies.toArray(new String[policies.size()]); - - } - - @Override - public String[] getPolicyIdentifiers() { - String[] policyIds = null; - try { - policyIds = getPolicyReader().getAllPolicyIds(); - } catch (Exception e) { - log.error("Policy identifiers can not be retrieved from registry policy finder module", e); - } - return policyIds; - } - - @Override - public String getReferencedPolicy(String policyId) { - - // retrieve for policies that are not active - try { - PolicyDTO dto = getPolicyReader().readPolicy(policyId); - if (dto != null && dto.getPolicy() != null && !dto.isActive()) { - return dto.getPolicy(); - } - } catch (EntitlementException e) { - log.error("Error while retrieving reference policy " + policyId); - // ignore - } - - return null; - } - - @Override - public Map> getSearchAttributes(String identifier, Set givenAttribute) { - - PolicyDTO[] policyDTOs = null; - Map> attributeMap = null; - try { - policyDTOs = getPolicyReader().readAllPolicies(true, true); - } catch (Exception e) { - log.error("Policies can not be retrieved from registry policy finder module", e); - } - - if (policyDTOs != null) { - attributeMap = new HashMap>(); - for (PolicyDTO policyDTO : policyDTOs) { - Set attributeDTOs = - new HashSet(Arrays.asList(policyDTO.getAttributeDTOs())); - String[] policyIdRef = policyDTO.getPolicyIdReferences(); - String[] policySetIdRef = policyDTO.getPolicySetIdReferences(); - - if (policyIdRef != null && policyIdRef.length > 0 || policySetIdRef != null && - policySetIdRef.length > 0) { - for (PolicyDTO dto : policyDTOs) { - if (policyIdRef != null) { - for (String policyId : policyIdRef) { - if (dto.getPolicyId().equals(policyId)) { - attributeDTOs.addAll(Arrays.asList(dto.getAttributeDTOs())); - } - } - } - for (String policySetId : policySetIdRef) { - if (dto.getPolicyId().equals(policySetId)) { - attributeDTOs.addAll(Arrays.asList(dto.getAttributeDTOs())); - } - } - } - } - attributeMap.put(policyDTO.getPolicyId(), attributeDTOs); - } - } - - return attributeMap; - } - - - @Override - public int getSupportedSearchAttributesScheme() { - return PolicyFinderModule.COMBINATIONS_BY_CATEGORY_AND_PARAMETER; - } - - @Override - public boolean isDefaultCategoriesSupported() { - return true; - } - - /** - * creates policy reader instance - * - * @return - */ - private RegistryPolicyReader getPolicyReader() { - - Registry registry = null; - int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); - try { - registry = EntitlementServiceComponent.getRegistryService(). - getGovernanceSystemRegistry(tenantId); - } catch (RegistryException e) { - log.error("Error while obtaining registry for tenant : " + tenantId, e); - } - return new RegistryPolicyReader(registry, policyStorePath); - } - - /** - * This helper method creates properties object which contains the policy meta data. - * - * @param attributeDTOs List of AttributeDTO - * @param resource registry resource - */ - private void setAttributesAsProperties(AttributeDTO[] attributeDTOs, Resource resource) { - - int attributeElementNo = 0; - if (attributeDTOs != null) { - for (AttributeDTO attributeDTO : attributeDTOs) { - resource.setProperty(KEY_VALUE_POLICY_META_DATA + attributeElementNo, - attributeDTO.getCategory() + "," + - attributeDTO.getAttributeValue() + "," + - attributeDTO.getAttributeId() + "," + - attributeDTO.getAttributeDataType()); - attributeElementNo++; - } - } - } - - @Override - public boolean isPolicyOrderingSupport() { - return true; - } - - @Override - public boolean isPolicyDeActivationSupport() { - return true; - } -} diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/version/DefaultPolicyVersionManager.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/version/DefaultPolicyVersionManager.java deleted file mode 100644 index 0d8850363c31..000000000000 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/version/DefaultPolicyVersionManager.java +++ /dev/null @@ -1,196 +0,0 @@ -/* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ -package org.wso2.carbon.identity.entitlement.policy.version; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.wso2.carbon.context.CarbonContext; -import org.wso2.carbon.identity.entitlement.EntitlementException; -import org.wso2.carbon.identity.entitlement.PDPConstants; -import org.wso2.carbon.identity.entitlement.dto.PolicyDTO; -import org.wso2.carbon.identity.entitlement.internal.EntitlementServiceComponent; -import org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStore; -import org.wso2.carbon.identity.entitlement.pap.store.PAPPolicyStoreReader; -import org.wso2.carbon.registry.api.Collection; -import org.wso2.carbon.registry.api.Registry; -import org.wso2.carbon.registry.api.RegistryException; -import org.wso2.carbon.registry.core.RegistryConstants; -import org.wso2.carbon.registry.core.Resource; -import org.wso2.carbon.registry.core.exceptions.ResourceNotFoundException; -import org.wso2.carbon.registry.core.utils.RegistryUtils; - -import java.util.ArrayList; -import java.util.List; -import java.util.Properties; - -/** - * - */ -public class DefaultPolicyVersionManager implements PolicyVersionManager { - - - private static Log log = LogFactory.getLog(DefaultPolicyVersionManager.class); - - private static int DEFAULT_MAX_VERSION = 5; - - private int maxVersions; - - @Override - public void init(Properties properties) { - try { - maxVersions = Integer.parseInt(properties.getProperty("maxVersions")); - } catch (Exception e) { - // ignore - } - if (maxVersions == 0) { - maxVersions = DEFAULT_MAX_VERSION; - } - } - - @Override - public PolicyDTO getPolicy(String policyId, String version) throws EntitlementException { - - // Zero means current version - if (version == null || version.trim().length() == 0) { - Registry registry = EntitlementServiceComponent. - getGovernanceRegistry(CarbonContext.getThreadLocalCarbonContext().getTenantId()); - try { - Collection collection = (Collection) registry. - get(PDPConstants.ENTITLEMENT_POLICY_VERSION + policyId); - if (collection != null) { - version = collection.getProperty("version"); - } - } catch (RegistryException e) { - log.error(e); - throw new EntitlementException("Invalid policy version"); - } - } - - PAPPolicyStore policyStore = new PAPPolicyStore(); - PAPPolicyStoreReader reader = new PAPPolicyStoreReader(policyStore); - - Resource resource = policyStore.getPolicy(version, - PDPConstants.ENTITLEMENT_POLICY_VERSION + policyId + - RegistryConstants.PATH_SEPARATOR); - if (resource == null) { - throw new EntitlementException("Invalid policy version"); - } - - return reader.readPolicyDTO(resource); - } - - @Override - public String createVersion(PolicyDTO policyDTO) throws EntitlementException { - - PAPPolicyStore policyStore = new PAPPolicyStore(); - Registry registry = EntitlementServiceComponent. - getGovernanceRegistry(CarbonContext.getThreadLocalCarbonContext().getTenantId()); - - String version = "0"; - - try { - - Collection collection = null; - try { - collection = (Collection) registry. - get(PDPConstants.ENTITLEMENT_POLICY_VERSION + policyDTO.getPolicyId()); - } catch (ResourceNotFoundException e) { - // ignore - } - - if (collection != null) { - version = collection.getProperty("version"); - } else { - collection = registry.newCollection(); - collection.setProperty("version", "1"); - registry.put(PDPConstants.ENTITLEMENT_POLICY_VERSION + - policyDTO.getPolicyId(), collection); - } - - int versionInt = Integer.parseInt(version); - String policyPath = PDPConstants.ENTITLEMENT_POLICY_VERSION + - policyDTO.getPolicyId() + RegistryConstants.PATH_SEPARATOR; - - // check whether this is larger than max version - if (versionInt > maxVersions) { - // delete the older version - int olderVersion = versionInt - maxVersions; - if (registry.resourceExists(policyPath + olderVersion)) { - registry.delete(policyPath + olderVersion); - } - } - - //new version - version = Integer.toString(versionInt + 1); - - // set version properties - policyDTO.setVersion(version); - - // persist new version - policyStore.addOrUpdatePolicy(policyDTO, version, policyPath); - - // set new version - collection.setProperty("version", version); - registry.put(PDPConstants.ENTITLEMENT_POLICY_VERSION + - policyDTO.getPolicyId(), collection); - } catch (RegistryException e) { - log.error("Error while creating new version of policy", e); - } - return version; - } - - @Override - public void deletePolicy(String policyId) throws EntitlementException { - - Registry registry = EntitlementServiceComponent. - getGovernanceRegistry(CarbonContext.getThreadLocalCarbonContext().getTenantId()); - try { - if (registry.resourceExists(PDPConstants.ENTITLEMENT_POLICY_VERSION + policyId)) { - registry.delete(PDPConstants.ENTITLEMENT_POLICY_VERSION + policyId); - } - } catch (RegistryException e) { - log.error("Error while deleting all versions of policy", e); - } - } - - @Override - public String[] getVersions(String policyId) throws EntitlementException { - - List versions = new ArrayList(); - Registry registry = EntitlementServiceComponent. - getGovernanceRegistry(CarbonContext.getThreadLocalCarbonContext().getTenantId()); - Collection collection = null; - try { - try { - collection = (Collection) registry. - get(PDPConstants.ENTITLEMENT_POLICY_VERSION + policyId); - } catch (ResourceNotFoundException e) { - // ignore - } - if (collection != null && collection.getChildren() != null) { - String[] children = collection.getChildren(); - for (String child : children) { - versions.add(RegistryUtils.getResourceName(child)); - } - } - } catch (RegistryException e) { - log.error("Error while creating new version of policy", e); - } - return versions.toArray(new String[versions.size()]); - } -} diff --git a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/version/PolicyVersionManager.java b/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/version/PolicyVersionManager.java deleted file mode 100644 index 54c647ed79e1..000000000000 --- a/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/policy/version/PolicyVersionManager.java +++ /dev/null @@ -1,65 +0,0 @@ -/* -* Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ - -package org.wso2.carbon.identity.entitlement.policy.version; - -import org.wso2.carbon.identity.entitlement.EntitlementException; -import org.wso2.carbon.identity.entitlement.dto.PolicyDTO; - -import java.util.Properties; - -/** - * This manages the policy versions - */ -public interface PolicyVersionManager { - - /** - * init policy version handler - * - * @param properties - */ - public void init(Properties properties); - - /** - * @param policyId - * @param version - * @return - * @throws EntitlementException - */ - public PolicyDTO getPolicy(String policyId, String version) throws EntitlementException; - - /** - * @param policyDTO - * @return - * @throws EntitlementException - */ - public String createVersion(PolicyDTO policyDTO) throws EntitlementException; - - /** - * @param policyId - * @throws EntitlementException - */ - public void deletePolicy(String policyId) throws EntitlementException; - - /** - * @param policyId - * @return - * @throws EntitlementException - */ - public String[] getVersions(String policyId) throws EntitlementException; -} diff --git a/features/xacml/org.wso2.carbon.identity.xacml.server.feature/resources/entitlement.properties b/features/xacml/org.wso2.carbon.identity.xacml.server.feature/resources/entitlement.properties index 23e93ebedec9..f0c8cb848bc4 100644 --- a/features/xacml/org.wso2.carbon.identity.xacml.server.feature/resources/entitlement.properties +++ b/features/xacml/org.wso2.carbon.identity.xacml.server.feature/resources/entitlement.properties @@ -58,10 +58,10 @@ PAP.Policy.Publisher.Module.1=org.wso2.carbon.identity.entitlement.policy.publis PAP.Policy.Version.Module=org.wso2.carbon.identity.entitlement.policy.version.DefaultPolicyVersionManager PAP.Status.Data.Handler.1=org.wso2.carbon.identity.entitlement.SimplePAPStatusDataHandler -PDP.Policy.Finder.1=org.wso2.carbon.identity.entitlement.policy.store.RegistryPolicyStoreManageModule +PDP.Policy.Finder.1=org.wso2.carbon.identity.entitlement.dao.RegistryPolicyDAOImpl #PDP.Policy.Collection -PDP.Policy.Store.Module=org.wso2.carbon.identity.entitlement.policy.store.RegistryPolicyStoreManageModule -PDP.Policy.Data.Store.Module=org.wso2.carbon.identity.entitlement.policy.store.DefaultPolicyDataStore +PDP.Policy.Store.Module=org.wso2.carbon.identity.entitlement.dao.RegistryPolicyDAOImpl +PDP.Policy.Data.Store.Module=org.wso2.carbon.identity.entitlement.dao.RegistryPolicyDAOImpl # Properties needed for each extension. org.wso2.carbon.identity.entitlement.pip.DefaultAttributeFinder.1=MapFederatedUsersToLocal,true diff --git a/features/xacml/org.wso2.carbon.identity.xacml.server.feature/resources/entitlement.properties.j2 b/features/xacml/org.wso2.carbon.identity.xacml.server.feature/resources/entitlement.properties.j2 index 604799985525..b9935a6b7895 100644 --- a/features/xacml/org.wso2.carbon.identity.xacml.server.feature/resources/entitlement.properties.j2 +++ b/features/xacml/org.wso2.carbon.identity.xacml.server.feature/resources/entitlement.properties.j2 @@ -92,7 +92,6 @@ PAP.Policy.Publisher.Module.{{index}}={{custom_policy_publisher}} #PAP.Policy.Post.Publisher.Module.1= #PAP.Policy.Publisher.Verification.Handler= -PAP.Policy.Version.Module={{identity.entitlement.policy_point.pap.policy_version_module}} {% set status_data_handler_count = [] %} {% for status_data_handler in identity.entitlement.policy_point.pap.status_data_handlers %} PAP.Status.Data.Handler.{{loop.index}}={{status_data_handler}} diff --git a/features/xacml/org.wso2.carbon.identity.xacml.server.feature/resources/org.wso2.carbon.identity.xacml.server.feature.default.json b/features/xacml/org.wso2.carbon.identity.xacml.server.feature/resources/org.wso2.carbon.identity.xacml.server.feature.default.json index 09484b2a3905..f3cace7cce9e 100644 --- a/features/xacml/org.wso2.carbon.identity.xacml.server.feature/resources/org.wso2.carbon.identity.xacml.server.feature.default.json +++ b/features/xacml/org.wso2.carbon.identity.xacml.server.feature/resources/org.wso2.carbon.identity.xacml.server.feature.default.json @@ -15,10 +15,10 @@ "identity.entitlement.policy_point.pdp.registry_level_policy_cache_clear": false, "identity.entitlement.policy_point.pdp.reference_max_policy_entries": "3000", "identity.entitlement.policy_point.pdp.policy_finders": [ - "org.wso2.carbon.identity.entitlement.policy.store.RegistryPolicyStoreManageModule" + "org.wso2.carbon.identity.entitlement.dao.RegistryPolicyDAOImpl" ], - "identity.entitlement.policy_point.pdp.policy_store_module": "org.wso2.carbon.identity.entitlement.policy.store.RegistryPolicyStoreManageModule", - "identity.entitlement.policy_point.pdp.policy_data_store_module": "org.wso2.carbon.identity.entitlement.policy.store.DefaultPolicyDataStore", + "identity.entitlement.policy_point.pdp.policy_store_module": "org.wso2.carbon.identity.entitlement.dao.RegistryPolicyDAOImpl", + "identity.entitlement.policy_point.pdp.policy_data_store_module": "org.wso2.carbon.identity.entitlement.dao.RegistryPolicyDAOImpl", "identity.entitlement.policy_point.pap.enabled": true, "identity.entitlement.policy_point.pap.policy_add_start_enable": true, "identity.entitlement.policy_point.pap.items_per_page": "10", @@ -29,7 +29,6 @@ "identity.entitlement.policy_point.pap.policy_publisher_modules": [ "org.wso2.carbon.identity.entitlement.policy.publisher.CarbonBasicPolicyPublisherModule" ], - "identity.entitlement.policy_point.pap.policy_version_module": "org.wso2.carbon.identity.entitlement.policy.version.DefaultPolicyVersionManager", "identity.entitlement.policy_point.pap.status_data_handlers": [ "org.wso2.carbon.identity.entitlement.SimplePAPStatusDataHandler" ],