Google Git
Sign in
apache / incubator-retired-openaz / a1d9310097fcde4f4c5e9a7980e0916cb62a5335 / . / openaz-xacml-pap-admin / src / main / java / org / apache / openaz / xacml / admin / XacmlAdminUI.java
blob: e55374991994f670da4ade9e076f3e687a7f6fcd [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.openaz.xacml.admin;
import java.io.IOException;
import java.net.URI;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.sql.SQLException;
import java.util.Properties;
import java.util.UUID;
import javax.persistence.EntityManager;
import javax.persistence.EntityManagerFactory;
import javax.persistence.Persistence;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.eclipse.jgit.api.Git;
import org.eclipse.jgit.api.errors.GitAPIException;
import org.eclipse.jgit.api.errors.InvalidRemoteException;
import org.eclipse.jgit.api.errors.TransportException;
import org.eclipse.jgit.lib.Repository;
import org.eclipse.jgit.lib.StoredConfig;
import org.eclipse.jgit.storage.file.FileRepositoryBuilder;
import org.eclipse.persistence.config.PersistenceUnitProperties;
import org.apache.openaz.xacml.admin.XacmlAdminAuthorization.AdminAction;
import org.apache.openaz.xacml.admin.XacmlAdminAuthorization.AdminResource;
import org.apache.openaz.xacml.admin.converters.XacmlConverterFactory;
import org.apache.openaz.xacml.admin.jpa.Attribute;
import org.apache.openaz.xacml.admin.jpa.Category;
import org.apache.openaz.xacml.admin.jpa.ConstraintType;
import org.apache.openaz.xacml.admin.jpa.Datatype;
import org.apache.openaz.xacml.admin.jpa.FunctionArgument;
import org.apache.openaz.xacml.admin.jpa.FunctionDefinition;
import org.apache.openaz.xacml.admin.jpa.Obadvice;
import org.apache.openaz.xacml.admin.jpa.ObadviceExpression;
import org.apache.openaz.xacml.admin.jpa.PIPConfiguration;
import org.apache.openaz.xacml.admin.jpa.PIPResolver;
import org.apache.openaz.xacml.admin.jpa.PIPType;
import org.apache.openaz.xacml.admin.jpa.PolicyAlgorithms;
import org.apache.openaz.xacml.admin.jpa.RuleAlgorithms;
import org.apache.openaz.xacml.admin.model.MatchFunctionQueryDelegate;
import org.apache.openaz.xacml.admin.util.RESTfulPAPEngine;
import org.apache.openaz.xacml.api.XACML3;
import org.apache.openaz.xacml.api.pap.PAPEngine;
import org.apache.openaz.xacml.api.pap.PAPException;
import org.apache.openaz.xacml.rest.XACMLRestProperties;
import org.apache.openaz.xacml.util.XACMLProperties;
import com.google.gwt.thirdparty.guava.common.base.Joiner;
import com.google.gwt.thirdparty.guava.common.base.Splitter;
import com.vaadin.addon.jpacontainer.JPAContainer;
import com.vaadin.addon.jpacontainer.provider.CachingLocalEntityProvider;
import com.vaadin.addon.jpacontainer.provider.CachingMutableLocalEntityProvider;
import com.vaadin.annotations.Push;
import com.vaadin.annotations.Theme;
import com.vaadin.data.util.sqlcontainer.SQLContainer;
import com.vaadin.data.util.sqlcontainer.connection.JDBCConnectionPool;
import com.vaadin.data.util.sqlcontainer.query.FreeformQuery;
import com.vaadin.navigator.Navigator;
import com.vaadin.server.VaadinRequest;
import com.vaadin.server.VaadinServletService;
import com.vaadin.ui.UI;
@Push
@SuppressWarnings("serial")
@Theme("xacml_pap_admin")
public class XacmlAdminUI extends UI implements PAPNotificationBroadcaster.PAPNotificationBroadcastListener {
//
// All static declarations
//
public static final String PERSISTENCE_UNIT = "XACML-PAP-ADMIN";
private static Log logger = LogFactory.getLog(XacmlAdminUI.class); //NOPMD
/*
* These objects are shared amongst sessions.
*/
private static Path repositoryPath;
private static Repository repository;
private static EntityManagerFactory emf;
private static JDBCConnectionPool pool;
/*
* These objects are created each session.
*/
private Path workspacePath;
private Path gitPath;
//
// Our Persistence Fields. For general use. NOTE: Be careful applying
// filters to these container objects. If one window applies a filter, then
// when another window uses the object, that filter will show up and cause confusion.
// If filters are needed within a window, then create another instance instead of
// using one of these pointers.
//
private EntityManager em;
private JPAContainer<Attribute> attributes;
private JPAContainer<ConstraintType> constraintTypes;
private JPAContainer<Obadvice> obadvice;
private JPAContainer<ObadviceExpression> obadviceExpressions;
private JPAContainer<Category> categories;
private JPAContainer<Datatype> datatypes;
private JPAContainer<PolicyAlgorithms> policyAlgorithms;
private JPAContainer<RuleAlgorithms> ruleAlgorithms;
private JPAContainer<PIPConfiguration> pipConfigurations;
private JPAContainer<PIPResolver> pipResolvers;
private JPAContainer<PIPType> pipTypes;
private JPAContainer<FunctionDefinition> functionDefinitions;
private JPAContainer<FunctionArgument> functionArguments;
private SQLContainer matchFunctionContainer;
private SQLContainer higherorderBagContainer;
//
// Our authorization object
//
XacmlAdminAuthorization authorizer = new XacmlAdminAuthorization();
//
// The PAP Engine
//
private PAPEngine papEngine;
//
// GUI navigation
//
private Navigator navigator = null;
private XacmlAdminConsole console = null;
//
// Vaadin Init
//
@Override
protected void init(VaadinRequest request) {
//
// Set our title
//
this.getPage().setTitle("Apache OpenAZ Admin Console");
//
// Create our authorization object
//
this.authorizer = new XacmlAdminAuthorization();
//
// Is the user authorized to use the application?
//
if (this.authorizer.isAuthorized(this.getUserid(),
XacmlAdminAuthorization.AdminAction.ACTION_ACCESS,
XacmlAdminAuthorization.AdminResource.RESOURCE_APPLICATION) == false) {
logger.error("user " + this.getUserid() + " is not authorized.");
//
// Create a navigator to manage all our views
//
this.navigator = new Navigator(this, this);
//
// Redirect to an error page
//
this.navigator.addView(XacmlErrorHandler.VIEWNAME, new XacmlErrorHandler("User " + this.getUserid() + " is not authorized to access application", null));
this.navigator.navigateTo(XacmlErrorHandler.VIEWNAME);
return;
}
try {
//
// Initialize user's Git repository
//
this.workspacePath = Paths.get(XACMLProperties.getProperty(XACMLRestProperties.PROP_ADMIN_WORKSPACE), this.getUserid());
this.gitPath = XacmlAdminUI.initializeUserRepository(this.workspacePath, this.getUserid(), this.getUserEmail());
} catch (Exception e) {
logger.error("Git Setup failure", e);
//
// Create a navigator to manage all our views
//
this.navigator = new Navigator(this, this);
//
// Redirect to an error page
//
this.navigator.addView(XacmlErrorHandler.VIEWNAME, new XacmlErrorHandler(e.getMessage(), null));
this.navigator.navigateTo(XacmlErrorHandler.VIEWNAME);
return;
}
//
// Create a navigator to manage all our views
//
this.navigator = new Navigator(this, this);
//
// Set our converter factory
//
this.getSession().setConverterFactory(new XacmlConverterFactory());
//
// Initialize our data objects
//
try {
//
// Initialize JPA and SQL. Create our custom entity manager.
//
logger.info("Creating Persistence Entity Manager");
//
// Now create the entity manager. This is used throughout the application to create JPA
// containers of the entities located in the database.
//
this.em = XacmlAdminUI.emf.createEntityManager();
//
// Our Read-Only containers
//
logger.info("Creating JPA read-only containers");
this.constraintTypes = new JPAContainer<ConstraintType>(ConstraintType.class);
this.constraintTypes.setEntityProvider(new CachingLocalEntityProvider<ConstraintType>(ConstraintType.class, this.em));
this.categories = new JPAContainer<Category>(Category.class);
this.categories.setEntityProvider(new CachingLocalEntityProvider<Category>(Category.class, this.em));
this.datatypes = new JPAContainer<Datatype>(Datatype.class);
this.datatypes.setEntityProvider(new CachingLocalEntityProvider<Datatype>(Datatype.class, this.em));
this.policyAlgorithms = new JPAContainer<PolicyAlgorithms>(PolicyAlgorithms.class);
this.policyAlgorithms.setEntityProvider(new CachingLocalEntityProvider<PolicyAlgorithms>(PolicyAlgorithms.class, this.em));
this.ruleAlgorithms = new JPAContainer<RuleAlgorithms>(RuleAlgorithms.class);
this.ruleAlgorithms.setEntityProvider(new CachingLocalEntityProvider<RuleAlgorithms>(RuleAlgorithms.class, this.em));
this.pipTypes = new JPAContainer<PIPType>(PIPType.class);
this.pipTypes.setEntityProvider(new CachingLocalEntityProvider<PIPType>(PIPType.class, this.em));
this.functionDefinitions = new JPAContainer<FunctionDefinition>(FunctionDefinition.class);
this.functionDefinitions.setEntityProvider(new CachingLocalEntityProvider<FunctionDefinition>(FunctionDefinition.class, this.em));
this.functionArguments = new JPAContainer<FunctionArgument>(FunctionArgument.class);
this.functionArguments.setEntityProvider(new CachingLocalEntityProvider<FunctionArgument>(FunctionArgument.class, this.em));
//
// Our writable containers. NOTE: The dictionaries have their own JPA instance since they can
// apply filters to their table views. If you update these, then refresh the dictionary containers
// by calling the appropriate refresh method defined in XacmlAdminUI.
//
logger.info("Creating JPA writable containers");
this.attributes = new JPAContainer<Attribute>(Attribute.class);
this.attributes.setEntityProvider(new CachingMutableLocalEntityProvider<Attribute>(Attribute.class, this.em));
this.obadvice = new JPAContainer<Obadvice>(Obadvice.class);
this.obadvice.setEntityProvider(new CachingMutableLocalEntityProvider<Obadvice>(Obadvice.class, this.em));
this.obadviceExpressions = new JPAContainer<ObadviceExpression>(ObadviceExpression.class);
this.obadviceExpressions.setEntityProvider(new CachingMutableLocalEntityProvider<ObadviceExpression>(ObadviceExpression.class, this.em));
this.pipConfigurations = new JPAContainer<PIPConfiguration>(PIPConfiguration.class);
this.pipConfigurations.setEntityProvider(new CachingMutableLocalEntityProvider<PIPConfiguration>(PIPConfiguration.class, this.em));
this.pipResolvers = new JPAContainer<PIPResolver>(PIPResolver.class);
this.pipResolvers.setEntityProvider(new CachingMutableLocalEntityProvider<PIPResolver>(PIPResolver.class, this.em));
//
// Sort our persistence data
//
logger.info("Sorting containers");
this.categories.sort(new String[]{"xacmlId"}, new boolean[]{true});
this.datatypes.sort(new String[]{"xacmlId"}, new boolean[]{true});
this.policyAlgorithms.sort(new String[]{"xacmlId"}, new boolean[]{true});
this.ruleAlgorithms.sort(new String[]{"xacmlId"}, new boolean[]{true});
this.functionDefinitions.sort(new String[]{"xacmlid"}, new boolean[]{true});
//this.functionArguments.sort(new String[]{"datatypeBean"}, new boolean[]{true});
//
// Create our special query for MatchType functions. We need a custom
// QueryDelegate because these functions are accessible via a View (vs a Table).
// The basic FreeformQuery does not work with filters on a View (via Vaadin).
//
// TODO: Consider putting this into a couple of Map's. Doing so would speed up
// access. However, if we want to support custom functions, then there needs to
// be a way for those custom functions to get into the Map. This is why a database
// is being used to store ALL the functions, both standard and custom.
//
logger.info("Creating SQL Queries");
MatchFunctionQueryDelegate delegate = new MatchFunctionQueryDelegate();
FreeformQuery query = new FreeformQuery("SELECT * FROM match_functions", XacmlAdminUI.pool, new String[] {});
query.setDelegate(delegate);
this.matchFunctionContainer = new SQLContainer(query);
//
// Same for this one
//
delegate = new MatchFunctionQueryDelegate();
query = new FreeformQuery("SELECT * FROM higherorder_bag_functions", XacmlAdminUI.pool, new String[] {});
query.setDelegate(delegate);
this.higherorderBagContainer = new SQLContainer(query);
//
// Load our PAP engine
//
logger.info("Creating PAP engine");
String myRequestURL = VaadinServletService.getCurrentServletRequest().getRequestURL().toString();
try {
//
// Set the URL for the RESTful PAP Engine
//
papEngine = new RESTfulPAPEngine(myRequestURL);
} catch (PAPException e ) {
logger.error("Failed to create PAP engine", e);
} catch (Exception e) {
logger.error("Failed to create PAP engine", e);
}
logger.info("done creating connections");
} catch(Exception e) {
//
// Redirect to an error page
//
logger.error(e);
e.printStackTrace();
this.navigator.addView("", new XacmlErrorHandler(e.getMessage(), null));
this.navigator.navigateTo("");
return;
}
logger.info("Creating main layout");
//
// Create our main component layout
//
this.console = new XacmlAdminConsole();
this.navigator.addView("", console);
this.navigator.setErrorView(new XacmlErrorHandler(null, null));
//
// Navigate to our view
//
this.navigator.navigateTo("");
//
// Register to receive PAP change notifications broadcasts
//
PAPNotificationBroadcaster.register(this);
}
public static void servletInit() throws ServletException {
//
// Initialize GIT repository.
//
XacmlAdminUI.initializeGitRepository();
//
// Initialize Entity Factory
//
XacmlAdminUI.initializeEntityFactory();
//
// If we get here, then the configuration information
// seems ok.
//
}
public static void servletDestroy() {
if (XacmlAdminUI.repository != null) {
XacmlAdminUI.repository.close();
}
}
/**
* An Update Notification has arrived from the PAP.
* Tell the Vaadin users to change their data.
*
* @param request
* @param response
* @throws ServletException
* @throws IOException
*/
public static void doPAPNotification(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
try {
//
// Notify all user instances to update groups
//
PAPNotificationBroadcaster.updateAllGroups();
} catch (Exception e) {
logger.error("Unable to process PAP request: "+e, e);
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
}
response.setStatus(HttpServletResponse.SC_NO_CONTENT);
}
// Must unregister when the UI expires
@Override
public void detach() {
PAPNotificationBroadcaster.unregister(this);
super.detach();
}
/**
* This will initialize the JPA Entity Manager Factory. This will determine if
* the database connection settings are correct.
*
* @throws ServletException
*/
private static void initializeEntityFactory() throws ServletException {
logger.info("intializing Persistence Entity Factory");
//
// Pull custom persistence settings
//
Properties properties;
try {
properties = XACMLProperties.getProperties();
} catch (IOException e) {
throw new ServletException(e.getMessage(), e.getCause());
}
//
// Create the factory
//
emf = Persistence.createEntityManagerFactory(XacmlAdminUI.PERSISTENCE_UNIT, properties);
//
// Did it get created?
//
if (emf == null) {
throw new ServletException("Unable to create Entity Manager Factory");
}
//
// Create our JDBC connection pool
//
try {
logger.info("intializing JDBC Connection Pool");
XacmlAdminUI.pool = new XacmlJDBCConnectionPool(
properties.getProperty(PersistenceUnitProperties.JDBC_DRIVER),
properties.getProperty(PersistenceUnitProperties.JDBC_URL),
properties.getProperty(PersistenceUnitProperties.JDBC_USER),
properties.getProperty(PersistenceUnitProperties.JDBC_PASSWORD));
} catch (SQLException e) {
throw new ServletException(e.getMessage(), e.getCause());
}
}
private static void initializeGitRepository() throws ServletException {
XacmlAdminUI.repositoryPath = Paths.get(XACMLProperties.getProperty(XACMLRestProperties.PROP_ADMIN_REPOSITORY));
FileRepositoryBuilder builder = new FileRepositoryBuilder();
try {
XacmlAdminUI.repository = builder.setGitDir(XacmlAdminUI.repositoryPath.toFile()).readEnvironment().findGitDir().setBare().build();
if (Files.notExists(XacmlAdminUI.repositoryPath) || Files.notExists(Paths.get(XacmlAdminUI.repositoryPath.toString(), "HEAD"))) {
//
// Create it if it doesn't exist. As a bare repository
//
logger.info("Creating bare git repository: " + XacmlAdminUI.repositoryPath.toString());
XacmlAdminUI.repository.create();
//
// Add the magic file so remote works.
//
Path daemon = Paths.get(XacmlAdminUI.repositoryPath.toString(), "git-daemon-export-ok");
Files.createFile(daemon);
}
} catch (IOException e) {
logger.error("Failed to build repository: " + repository, e);
throw new ServletException(e.getMessage(), e.getCause());
}
//
// Make sure the workspace directory is created
//
Path workspace = Paths.get(XACMLProperties.getProperty(XACMLRestProperties.PROP_ADMIN_WORKSPACE));
workspace = workspace.toAbsolutePath();
if (Files.notExists(workspace)) {
try {
Files.createDirectory(workspace);
} catch (IOException e) {
logger.error("Failed to build workspace: " + workspace, e);
throw new ServletException(e.getMessage(), e.getCause());
}
}
//
// Create the user workspace directory
//
workspace = Paths.get(workspace.toString(), "pe");
if (Files.notExists(workspace)) {
try {
Files.createDirectory(workspace);
} catch (IOException e) {
logger.error("Failed to create directory: " + workspace, e);
throw new ServletException(e.getMessage(), e.getCause());
}
}
//
// Get the path to where the repository is going to be
//
Path gitPath = Paths.get(workspace.toString(), XacmlAdminUI.repositoryPath.getFileName().toString());
if (Files.notExists(gitPath)) {
try {
Files.createDirectory(gitPath);
} catch (IOException e) {
logger.error("Failed to create directory: " + gitPath, e);
throw new ServletException(e.getMessage(), e.getCause());
}
}
//
// Initialize the domain structure
//
String base = null;
String domain = XacmlAdminUI.getDomain();
if (domain != null) {
for (String part : Splitter.on(':').trimResults().split(domain)) {
if (base == null) {
base = part;
}
Path subdir = Paths.get(gitPath.toString(), part);
if (Files.notExists(subdir)) {
try {
Files.createDirectory(subdir);
Files.createFile(Paths.get(subdir.toString(), ".svnignore"));
} catch (IOException e) {
logger.error("Failed to create: " + subdir, e);
throw new ServletException(e.getMessage(), e.getCause());
}
}
}
} else {
try {
Files.createFile(Paths.get(workspace.toString(), ".svnignore"));
base = ".svnignore";
} catch (IOException e) {
logger.error("Failed to create file", e);
throw new ServletException(e.getMessage(), e.getCause());
}
}
try {
//
// These are the sequence of commands that must be done initially to
// finish setting up the remote bare repository.
//
Git git = Git.init().setDirectory(gitPath.toFile()).setBare(false).call();
git.add().addFilepattern(base).call();
git.commit().setMessage("Initialize Bare Repository").call();
StoredConfig config = git.getRepository().getConfig();
config.setString("remote", "origin", "url", XacmlAdminUI.repositoryPath.toAbsolutePath().toString());
config.setString("remote", "origin", "fetch", "+refs/heads/*:refs/remotes/origin/*");
config.save();
git.push().setRemote("origin").add("master").call();
/*
* This will not work unless git.push().setRemote("origin").add("master").call();
* is called first. Otherwise it throws an exception. However, if the push() is
* called then calling this function seems to add nothing.
*
git.branchCreate().setName("master")
.setUpstreamMode(SetupUpstreamMode.SET_UPSTREAM)
.setStartPoint("origin/master").setForce(true).call();
*/
} catch (GitAPIException | IOException e) {
logger.error(e);
throw new ServletException(e.getMessage(), e.getCause());
}
}
/**
* Initializes a user's git repository.
*
*
* @param workspacePath
* @param userId
* @param email
* @return
* @throws IOException
* @throws InvalidRemoteException
* @throws TransportException
* @throws GitAPIException
*/
private static Path initializeUserRepository(Path workspacePath, String userId, URI email) throws IOException, InvalidRemoteException, TransportException, GitAPIException {
Path gitPath = null;
//
// Initialize the User's Git repository
//
if (Files.notExists(workspacePath)) {
logger.info("Creating user workspace: " + workspacePath.toAbsolutePath().toString());
//
// Create our user's directory
//
Files.createDirectory(workspacePath);
}
gitPath = Paths.get(workspacePath.toString(), XacmlAdminUI.repositoryPath.getFileName().toString());
if (Files.notExists(gitPath)) {
//
// It doesn't exist yet, so Clone it and check it out
//
logger.info("Cloning user git directory: " + gitPath.toAbsolutePath().toString());
Git.cloneRepository().setURI(XacmlAdminUI.repositoryPath.toUri().toString())
.setDirectory(gitPath.toFile())
.setNoCheckout(false)
.call();
//
// Set userid
//
Git git = Git.open(gitPath.toFile());
StoredConfig config = git.getRepository().getConfig();
config.setString("user", null, "name", userId);
if (email != null && email.getPath() != null) {
config.setString("user", null, "email", email.toString());
}
config.save();
}
return gitPath;
}
public static String getDomain() {
return XACMLProperties.getProperty(XACMLRestProperties.PROP_ADMIN_DOMAIN, "urn");
}
public static JDBCConnectionPool getConnectionPool() {
return pool;
}
public SQLContainer getMatchFunctionContainer() {
return this.matchFunctionContainer;
}
public SQLContainer getHigherOrderBagContainer() {
return this.higherorderBagContainer;
}
public EntityManager getEntityManager() {
return this.em;
}
public JPAContainer<Attribute> getAttributes() {
return this.attributes;
}
public void refreshAttributes() {
this.attributes.refresh();
this.console.refreshAttributes();
}
public JPAContainer<ConstraintType> getConstraintTypes() {
return this.constraintTypes;
}
public JPAContainer<Category> getCategories() {
return this.categories;
}
public JPAContainer<Datatype> getDatatypes() {
return this.datatypes;
}
public JPAContainer<PolicyAlgorithms> getPolicyAlgorithms() {
return this.policyAlgorithms;
}
public JPAContainer<RuleAlgorithms> getRuleAlgorithms() {
return this.ruleAlgorithms;
}
public JPAContainer<Obadvice> getObadvice() {
return this.obadvice;
}
public JPAContainer<ObadviceExpression> getObadviceExpressions() {
return this.obadviceExpressions;
}
public void refreshObadvice() {
this.obadvice.refresh();
this.obadviceExpressions.refresh();
this.console.refreshObadvice();
}
public JPAContainer<FunctionDefinition> getFunctionDefinitions() {
return this.functionDefinitions;
}
public JPAContainer<FunctionArgument> getFunctionArguments() {
return this.functionArguments;
}
public JPAContainer<PIPConfiguration> getPIPConfigurations() {
return this.pipConfigurations;
}
public JPAContainer<PIPResolver> getPIPResolvers() {
return this.pipResolvers;
}
public JPAContainer<PIPType> getPIPTypes() {
return this.pipTypes;
}
public void refreshPIPConfiguration() {
this.pipConfigurations.refresh();
this.console.refreshPIPConfiguration();
}
public Category getDefaultCategory() throws Exception {
for (Object id : categories.getItemIds()) {
Category cat = categories.getItem(id).getEntity();
if (cat.getIdentifer().equals(XACML3.ID_SUBJECT_CATEGORY_ACCESS_SUBJECT)) {
return cat;
}
}
throw new Exception("There is no default category.");
}
public Datatype getDefaultDatatype() throws Exception {
for (Object id: this.datatypes.getItemIds()) {
Datatype dt = this.datatypes.getItem(id).getEntity();
if (dt.getIdentifer().equals(XACML3.ID_DATATYPE_STRING)) {
return dt;
}
}
throw new Exception("There is no default datatype.");
}
public XacmlAdminAuthorization getAuthorizer() {
return this.authorizer;
}
public boolean isAuthorized(AdminAction action, AdminResource resource) {
return this.authorizer.isAuthorized(this.getUserid(), action, resource);
}
public String getUserid() {
Object id = this.getSession().getSession().getAttribute("xacml.rest.admin.user.id");
if (id == null) {
return XACMLProperties.getProperty("xacml.rest.admin.user.id", "guest");
}
String str = id.toString();
if (str == null || str.isEmpty()) {
return "guest";
}
return str;
}
public String getUserName() {
Object id = this.getSession().getSession().getAttribute("xacml.rest.admin.user.name");
if (id == null) {
return XACMLProperties.getProperty("xacml.rest.admin.user.name", "guest");
}
String str = id.toString();
if (str == null || str.isEmpty()) {
return "guest";
}
return str;
}
public URI getUserEmail() {
Object id = this.getSession().getSession().getAttribute("xacml.rest.admin.user.email");
if (id == null) {
return URI.create(XACMLProperties.getProperty("xacml.rest.admin.user.email", "guest"));
}
String str = id.toString();
if (str == null || str.isEmpty()) {
return null;
}
return URI.create(str);
}
public Path getUserWorkspace() {
return this.workspacePath;
}
public Path getUserGitPath() {
return this.gitPath;
}
public PAPEngine getPAPEngine() {
return this.papEngine;
}
public String newPolicyID() {
return Joiner.on(':').skipNulls().join((XacmlAdminUI.getDomain().startsWith("urn") ? null : "urn"),
XacmlAdminUI.getDomain().replaceAll("[/\\\\.]", ":"),
"xacml", "policy", "id", UUID.randomUUID());
}
public String newRuleID() {
return Joiner.on(':').skipNulls().join((XacmlAdminUI.getDomain().startsWith("urn") ? null : "urn"),
XacmlAdminUI.getDomain().replaceAll("[/\\\\.]", ":"),
"xacml", "rule", "id", UUID.randomUUID());
}
//
// PAPNotificationBroadcaster Interface implementation
//
/**
* Got a notification that the PAP has changed the PDP data,
* so update ALL PDPGroups.
* This is called once for each Vaadin instance for each PAP change Notification.
*/
public void updateAllGroups() {
access(new Runnable() {
@Override
public void run() {
//
// locking is needed to avoid race conditions.
// Shows up as Exception: "A connector should not be marked as dirty while a response is being written."
//
getUI().getSession().lock();
try {
//
// Tell the console to refresh its PDP group information
//
console.refreshPDPGroups();
} finally {
getUI().getSession().unlock();
}
}
});
}
}