com.waveset.provision
Class PolicyProcessor

java.lang.Object
  extended bycom.waveset.provision.PolicyProcessor

public class PolicyProcessor
extends java.lang.Object


Field Summary
static java.lang.String ACCOUNT_ID_POLICY
           
static java.lang.String CLASS
           
static java.lang.String code_id
           
static java.lang.String PASSWORD_POLICY
          getEffectivePolicy recognizes these policy types
 
Constructor Summary
PolicyProcessor(LighthouseContext ctx)
           
PolicyProcessor(LighthouseContext ctx, PolicyManager policyManager)
           
 
Method Summary
protected  void auditPolicyFailure(WSUser user, java.lang.String accountId, java.lang.String resourceName, java.lang.Throwable e)
          Audit all the information we can about the failure.
 void checkAccountIdPolicies(WSUser user, java.util.List accounts, java.lang.String op)
          Check just accountId policies for a list of accounts.
 void checkAccountPolicies(WSUser user, java.util.List accounts, java.lang.String op)
          Check accountId and password policies for a list of accounts.
 void checkAuthenticationPolicies(WSUser user)
          Check the authentication answers and supplied questions against the specified policies.
protected  void checkLighthouseAccountIdPolicy(WSUser user, java.util.Map atts, java.lang.String op)
          Check the Lighthouse accountId policy if necessary.
protected  void checkLighthousePasswordPolicy(WSUser user, java.util.Map atts)
          Check the Lighthouse password policy if necessary.
 void checkPasswordPolicies(WSUser user, java.util.List accounts)
          Check just password policies for a list of accounts.
protected  void checkPolicy(Policy p, java.lang.Object value, java.util.Map atts, java.util.List pwdhistory, java.lang.String owner)
           
 ResourceAdapter getAdapter(Resource res)
          Get the adapter for a resource definition.
 Policy getEffectivePolicy(WSUser user, java.lang.String policyType, boolean getDefaultIfNoneAssigned)
          Get the Waveset policy for id and password generation.
 boolean lighthouseIsAuthnResource(WSUser user)
          Return true if Lighthouse is in the authentication stack.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

code_id

public static final java.lang.String code_id
See Also:
Constant Field Values

CLASS

public static final java.lang.String CLASS
See Also:
Constant Field Values

PASSWORD_POLICY

public static final java.lang.String PASSWORD_POLICY
getEffectivePolicy recognizes these policy types

See Also:
Constant Field Values

ACCOUNT_ID_POLICY

public static final java.lang.String ACCOUNT_ID_POLICY
See Also:
Constant Field Values
Constructor Detail

PolicyProcessor

public PolicyProcessor(LighthouseContext ctx)
                throws WavesetException

PolicyProcessor

public PolicyProcessor(LighthouseContext ctx,
                       PolicyManager policyManager)
                throws WavesetException
Method Detail

lighthouseIsAuthnResource

public boolean lighthouseIsAuthnResource(WSUser user)
                                  throws WavesetException
Return true if Lighthouse is in the authentication stack. When this happens, users may be required to have a Lighthouse password. This is now done in several places, can't we find a nice home for this, perhaps this should go in InternalSession? If a WSUser is passed, we will use the presence of capabilities to determine which application stacks we examine. If no user is passed in, we will look at all of them.

Throws:
WavesetException

getEffectivePolicy

public Policy getEffectivePolicy(WSUser user,
                                 java.lang.String policyType,
                                 boolean getDefaultIfNoneAssigned)
                          throws WavesetException
Get the Waveset policy for id and password generation.

Throws:
WavesetException

checkAccountPolicies

public void checkAccountPolicies(WSUser user,
                                 java.util.List accounts,
                                 java.lang.String op)
                          throws PolicyViolation,
                                 WavesetException
Check accountId and password policies for a list of accounts. The accounts are identified through a list of ResourceInfo objects. Also check the Lighthouse account policies.

Throws:
PolicyViolation
WavesetException

checkAccountIdPolicies

public void checkAccountIdPolicies(WSUser user,
                                   java.util.List accounts,
                                   java.lang.String op)
                            throws PolicyViolation,
                                   WavesetException
Check just accountId policies for a list of accounts. The accounts are identified through a list of ResourceInfo objects.

Throws:
PolicyViolation
WavesetException

checkPasswordPolicies

public void checkPasswordPolicies(WSUser user,
                                  java.util.List accounts)
                           throws PolicyViolation,
                                  WavesetException
Check just password policies for a list of accounts. The accounts are identified through a list of ResourceInfo objects.

Throws:
PolicyViolation
WavesetException

checkAuthenticationPolicies

public final void checkAuthenticationPolicies(WSUser user)
                                       throws PolicyViolation,
                                              WavesetException
Check the authentication answers and supplied questions against the specified policies.

Parameters:
user -
Throws:
PolicyViolation - Exception containing information on all violations.
WavesetException

checkLighthousePasswordPolicy

protected void checkLighthousePasswordPolicy(WSUser user,
                                             java.util.Map atts)
                                      throws PolicyViolation,
                                             WavesetException
Check the Lighthouse password policy if necessary. This only happens if the Lighthouse is configured as an authentication resource in the LoginConfig, and if the password is marked as having been changed. Testing isPasswordChanged is important, if the password is being generated it will be null here so we can't check policy also we sometimes allow passwords in the repo that violate the policy, and don't want to raise this as an error until they explicitly change the password (a BNSF case I think). This method is protected since it's overridden by IDMXPolicyProcessor

Throws:
PolicyViolation
WavesetException

checkLighthouseAccountIdPolicy

protected void checkLighthouseAccountIdPolicy(WSUser user,
                                              java.util.Map atts,
                                              java.lang.String op)
                                       throws PolicyViolation,
                                              WavesetException
Check the Lighthouse accountId policy if necessary. This only happens if the Lighthouse is configured as an authentication resource in the LoginConfig, and the accountId name has been changed

In addition, this should only happen for creates and renames, not updates as the Lighthouse account id could have been set when the policy was different or could have been imported from another resource (see bug#5365) This method is protected since IDMXPolicyProcessor overrides it.

Throws:
PolicyViolation
WavesetException

checkPolicy

protected void checkPolicy(Policy p,
                           java.lang.Object value,
                           java.util.Map atts,
                           java.util.List pwdhistory,
                           java.lang.String owner)
                    throws PolicyViolation,
                           WavesetException
Throws:
PolicyViolation
WavesetException

getAdapter

public ResourceAdapter getAdapter(Resource res)
                           throws WavesetException
Get the adapter for a resource definition. Shorthand for a comparatively unwieldy call that you always forget.

Throws:
WavesetException

auditPolicyFailure

protected void auditPolicyFailure(WSUser user,
                                  java.lang.String accountId,
                                  java.lang.String resourceName,
                                  java.lang.Throwable e)
Audit all the information we can about the failure. Stick the policy failure in the Message so we know what policy failed when viewing the audit record.