oracle.security.am.common.policy.runtime

Class PolicyRuntimeImpl

java.lang.Object

oracle.security.am.common.policy.runtime.PolicyRuntimeImpl

All Implemented Interfaces:

PolicyRuntime

public class PolicyRuntimeImpl
extends java.lang.Object
implements PolicyRuntime

PolicyRuntimeImpl provides the PolicyRuntime functionality. It is instantiated by PolicyRuntimeFactory with a PolicyRuntimeProvider. It performs any validation of a request generic to the API signature, before forwarding it to the associated PolicyRuntimeProvider for servicing.

Following is an illustration of how policy change notifications from policy admin are handled in policy runtime:

  [========================= Policy Abstract Layer ==========================][==== Policy Provider Layer ======]

   -------------------    --------------------------   ---------------------    -----------------------
  | PolicyRuntimeImpl |  | JournalEventListenerImpl | | CallbackHandlerImpl |  | PolicyRuntimeProvider |
   -------------------    --------------------------   ---------------------    -----------------------
         |                            |                          |                      (OES/XML)
         |                            |                          |                         |
 --------^--------------------------->|                          |                         |
   1.Journal event notification - J1  |                          |                         |
         |  (from Policy Admin)       |                          |                         |
         |                            |                          |                         |
         |<---------------------------| | 2. notify about j1 3. < ( transform to p1| |----------------------------^--------------------------^------------------------>|
         |     4. Notify about P1 (invoke provider.handlePolicyChangeEvent())              |\
         |                            |                          |                         | )> 5. Kick off policy refresh
         |                            |                          |                         |/       OES         XML
         |                            |                          |                         |         |           |
         |                            |                          |                         |     asynchronous   synchronous
         |                            |                          |                         |\        |           |
         |                            |                          |                         | ) 6. Do policy refresh
         |                            |                          |                         |/
         |                            |                          |<------------------------| | 7. notify change uptake completion. <--------------------------^--------------------------| 8. invoke handlepolicychangeuptakecompletion() 9. <( \| runtime event listeners < pre>

Since:

11gR1

See Also:

PolicyRuntimeFactory

Constructor Summary

Constructors

Constructor and Description
PolicyRuntimeImpl(PolicyRuntimeProvider provider, java.util.Map<java.lang.String,java.lang.Object> properties)

Method Summary

Modifier and Type	Method and Description
void	addPolicyChangeEventListener(PolicyChangeEventListener listener) Adds the specified event listener to receive policy runtime change events.
OAuthClient	createClient(OAuthClientImpl clientMetadata)
java.util.List<PolicyChangeEvent>	getAllPolicyChangeEvents() Returns all the policy change events.
java.util.List<PolicyChangeEvent>	getAllPolicyChangeEvents(long fromChangeVersion) Returns all the policy change events starting from the input change version to the latest version.
RuntimeAuthnScheme	getAuthnScheme(java.lang.String schemeName) Returns RuntimeAuthnScheme for the given scheme name.
OAuthClient	getClient(java.lang.String clientId, java.lang.String domainName)
java.lang.String	getHostIdentifier(java.lang.String host, int port) Returns Host Identifier associated with a host and port.
OAuthIdentityDomain	getIdentityDomain(java.lang.String domainName)
PolicyChangeEvent	getLatestPolicyChangeEvent() Returns the latest policy change event.
PolicyChangeEvent	getPolicyChangeEvent(long changeVersion) Returns the policy change event associated with the input change version.
OAuthResourceServer	getResource(java.lang.String resourceServerName, OAuthIdentityDomain domain)
OAuthResourceServer	getResource(java.lang.String resourceId, java.lang.String domainName)
ServerDiagnosticsDataInfo	getServerDiagnostics(boolean verbose)
long	getStoreVersionInUse() Returns the policy store version currently in use.
void	handlePolicyChangeEvent(PolicyChangeEvent event) Handles policy change event.
void	handlePolicyChangeUptakeCompletion(long policyStoreVersion) Handles the provider callback for policy change uptake completion notification.
AccessResult	isAuthorized(AccessRequest request) Determines if a given Subject is permitted to access a RuntimeResource.
java.lang.Boolean	isPolicyCacheValid() returns true if cache has been initialized otherwise return false.
AccessResult	isResourceProtected(AccessRequest request) Determines if a given RuntimeResource is protected with an authentication policy, if so, it evaluates the policy and returns the evaluation result,the authentication scheme specified for the resource, and any responses specified in the authentication policy.
AccessResult	isSessionValid(AccessRequest request) Determines if a given user session is valid for the access request.
AccessResult	isTokenRequestAuthorized(AccessRequest request) Determines if a given Subject is permitted to request a token that will be used to access RuntimeResource.
PolicyCacheRefreshResponse	refreshPolicyCacheOnDemand(java.lang.String desiredVersion)
void	removePolicyChangeEventListener(PolicyChangeEventListener listener) Removes the specified policy runtime change event listener.
void	shutdown() Shutdown hook for cleaning up
PolicyCacheWriteResponse	writePolicyCacheToFile()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PolicyRuntimeImpl

public PolicyRuntimeImpl(PolicyRuntimeProvider provider,
                         java.util.Map<java.lang.String,java.lang.Object> properties)
                  throws PolicyEvaluationException

Throws:

PolicyEvaluationException

Method Detail

isResourceProtected

public AccessResult isResourceProtected(AccessRequest request)
                                 throws PolicyEvaluationException

Determines if a given RuntimeResource is protected with an authentication policy, if so, it evaluates the policy and returns the evaluation result,the authentication scheme specified for the resource, and any responses specified in the authentication policy. (It does not do the processing by itself, it forwards the requests to PolicyRuntimeProvider for the actual processing of the request)

Specified by:

isResourceProtected in interface PolicyRuntime

Parameters:

request - AccessRequest containing resource (required), identity (optional), and access context (optional).

Returns:

AccessResult Access Result containing the policy evaluation result and authentication scheme

Throws:

PolicyEvaluationException - stores root cause for failure.

isAuthorized

public AccessResult isAuthorized(AccessRequest request)
                          throws PolicyEvaluationException

Determines if a given Subject is permitted to access a RuntimeResource. It returns the authorization policy evaluation result and any responses specified in the authorization policy. (It does not do the processing by itself, it forwards the requests to PolicyRuntimeProvider for the actual processing of the request)

Specified by:

isAuthorized in interface PolicyRuntime

Parameters:

request - AccessRequest containing resource (required), identity (required), and access context (optional).

Returns:

AccessResult Access Result containing the authorization policy evaluation result and responses

Throws:

PolicyEvaluationException - stores root cause for failure.

isSessionValid

public AccessResult isSessionValid(AccessRequest request)
                            throws PolicyEvaluationException

Determines if a given user session is valid for the access request.

Specified by:

isSessionValid in interface PolicyRuntime

Parameters:

request - AccessRequest containing resource (required), and access context (required, should contain session)

Returns:

access result containing the session validity check result.

Throws:

PolicyEvaluationException

isTokenRequestAuthorized

public AccessResult isTokenRequestAuthorized(AccessRequest request)
                                      throws PolicyEvaluationException

Determines if a given Subject is permitted to request a token that will be used to access RuntimeResource.

Specified by:

isTokenRequestAuthorized in interface PolicyRuntime

Parameters:

request - access request

Returns:

AccessResult token issuance authorization policy evaluation result

Throws:

PolicyEvaluationException

getAuthnScheme

public RuntimeAuthnScheme getAuthnScheme(java.lang.String schemeName)
                                  throws PolicyEvaluationException

Returns RuntimeAuthnScheme for the given scheme name.

Specified by:

getAuthnScheme in interface PolicyRuntime

Returns:

RuntimeAuthnScheme

Throws:

PolicyEvaluationException

getHostIdentifier

public java.lang.String getHostIdentifier(java.lang.String host,
                                          int port)
                                   throws PolicyEvaluationException

Returns Host Identifier associated with a host and port.

Specified by:

getHostIdentifier in interface PolicyRuntime

Parameters:

host - - hostname

port - - for preferred hosts port value is 0

Returns:

String Host Identifier Name

Throws:

PolicyEvaluationException

getPolicyChangeEvent

public PolicyChangeEvent getPolicyChangeEvent(long changeVersion)
                                       throws PolicyEvaluationException

Returns the policy change event associated with the input change version.

Specified by:

getPolicyChangeEvent in interface PolicyRuntime

Returns:

policy change event list

Throws:

PolicyEvaluationException

getLatestPolicyChangeEvent

public PolicyChangeEvent getLatestPolicyChangeEvent()
                                             throws PolicyEvaluationException

Returns the latest policy change event.

Specified by:

getLatestPolicyChangeEvent in interface PolicyRuntime

Returns:

policy change event

Throws:

PolicyEvaluationException

getAllPolicyChangeEvents

public java.util.List<PolicyChangeEvent> getAllPolicyChangeEvents()
                                                           throws PolicyEvaluationException

Returns all the policy change events.

Specified by:

getAllPolicyChangeEvents in interface PolicyRuntime

Returns:

policy change event list

Throws:

PolicyEvaluationException

getAllPolicyChangeEvents

public java.util.List<PolicyChangeEvent> getAllPolicyChangeEvents(long fromChangeVersion)
                                                           throws PolicyEvaluationException

Returns all the policy change events starting from the input change version to the latest version.

Specified by:

getAllPolicyChangeEvents in interface PolicyRuntime

Returns:

policy change event list

Throws:

PolicyEvaluationException

addPolicyChangeEventListener

public void addPolicyChangeEventListener(PolicyChangeEventListener listener)
                                  throws PolicyEvaluationException

Adds the specified event listener to receive policy runtime change events.

Specified by:

addPolicyChangeEventListener in interface PolicyRuntime

Throws:

PolicyEvaluationException

removePolicyChangeEventListener

public void removePolicyChangeEventListener(PolicyChangeEventListener listener)
                                     throws PolicyEvaluationException

Removes the specified policy runtime change event listener.

Specified by:

removePolicyChangeEventListener in interface PolicyRuntime

Throws:

PolicyEvaluationException

handlePolicyChangeEvent

public void handlePolicyChangeEvent(PolicyChangeEvent event)
                             throws PolicyEvaluationException

Handles policy change event. Invokes provider to handle policy change events.

Parameters:

event - policy change event

Throws:

PolicyEvaluationException

handlePolicyChangeUptakeCompletion

public void handlePolicyChangeUptakeCompletion(long policyStoreVersion)

Handles the provider callback for policy change uptake completion notification.

getStoreVersionInUse

public long getStoreVersionInUse()
                          throws PolicyEvaluationException

Returns the policy store version currently in use.

Specified by:

getStoreVersionInUse in interface PolicyRuntime

Returns:

store version

Throws:

PolicyEvaluationException

getClient

public OAuthClient getClient(java.lang.String clientId,
                             java.lang.String domainName)
                      throws PolicyEvaluationException

Specified by:

getClient in interface PolicyRuntime

Throws:

PolicyEvaluationException

createClient

public OAuthClient createClient(OAuthClientImpl clientMetadata)
                         throws PolicyEvaluationException

Specified by:

createClient in interface PolicyRuntime

Throws:

PolicyEvaluationException

getResource

public OAuthResourceServer getResource(java.lang.String resourceId,
                                       java.lang.String domainName)
                                throws PolicyEvaluationException

Specified by:

getResource in interface PolicyRuntime

Throws:

PolicyEvaluationException

getIdentityDomain

public OAuthIdentityDomain getIdentityDomain(java.lang.String domainName)
                                      throws PolicyEvaluationException

Specified by:

getIdentityDomain in interface PolicyRuntime

Throws:

PolicyEvaluationException

getResource

public OAuthResourceServer getResource(java.lang.String resourceServerName,
                                       OAuthIdentityDomain domain)
                                throws PolicyEvaluationException

Specified by:

getResource in interface PolicyRuntime

Throws:

PolicyEvaluationException

getServerDiagnostics

public ServerDiagnosticsDataInfo getServerDiagnostics(boolean verbose)

Specified by:

getServerDiagnostics in interface PolicyRuntime

Parameters:

verbose - Boolean parameter when set to true provides additional information such Application domains and their IDs. The number of application domains displayed is controlled by the VerboseMaxSize configuration parameter the defauly value of which is 50.

Returns:

Returns data obect that contain some or all values populated. Returned object, can itself be null.

refreshPolicyCacheOnDemand

public PolicyCacheRefreshResponse refreshPolicyCacheOnDemand(java.lang.String desiredVersion)

Specified by:

refreshPolicyCacheOnDemand in interface PolicyRuntime

Parameters:

desiredVersion - Cache version which it desire for the server to sync to. This can be null or empty string, in that case cache will be refreshed to latest version. If this is provided and provided version is incorrect or not available in persistent store, then cache will be refreshed to latest version available in the store.

Returns:

Returns data obect contains status of the request. In case of error, minor error code should be populated also. In case of success also, minor code should be populated if the desired version (non-null) was not avialble in the store. If null/empty version was provided, then response code wil not contain, minor code if request was successful Returned object, can itself be null.

writePolicyCacheToFile

public PolicyCacheWriteResponse writePolicyCacheToFile()

Specified by:

writePolicyCacheToFile in interface PolicyRuntime

Returns:

Returns data obect contains status of the request. In case of error, minor error code should be populated also. Returned object, can itself be null.

shutdown

public void shutdown()
              throws PolicyEvaluationException

Description copied from interface: PolicyRuntime

Shutdown hook for cleaning up

Specified by:

shutdown in interface PolicyRuntime

Throws:

PolicyEvaluationException

isPolicyCacheValid

public java.lang.Boolean isPolicyCacheValid()

Description copied from interface: PolicyRuntime

returns true if cache has been initialized otherwise return false.

Specified by:

isPolicyCacheValid in interface PolicyRuntime