private void verifyCircularReference(Policy policy, List<String> ids) { if (!policy.getType().equals("aggregate")) { return; } if (ids.contains(policy.getId())) { throw new RuntimeException("Circular reference found [" + policy.getName() + "]."); } ids.add(policy.getId()); for (Policy associated : policy.getAssociatedPolicies()) { verifyCircularReference(associated, ids); } }
@Override public Set<Policy> getAssociatedPolicies() { if (isUpdated()) { return updated.getAssociatedPolicies().stream().map(policy -> new PolicyAdapter(cacheSession.createCachedPolicy(policy, policy.getId()), cacheSession)).collect(Collectors.toSet()); } if (associatedPolicies != null) return associatedPolicies; associatedPolicies = new HashSet<>(); PolicyStore policyStore = cacheSession.getPolicyStore(); String resourceServerId = cached.getResourceServerId(); for (String id : cached.getAssociatedPoliciesIds(modelSupplier)) { Policy policy = policyStore.findById(id, resourceServerId); cacheSession.cachePolicy(policy); associatedPolicies.add(policy); } return associatedPolicies = Collections.unmodifiableSet(associatedPolicies); }
@Override public void onRemove(Policy policy, AuthorizationProvider authorization) { PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore(); for (Policy associatedPolicy : policy.getAssociatedPolicies()) { policyStore.delete(associatedPolicy.getId()); } }
Set<String> data = policy.getAssociatedPolicies().stream().map(Policy::getId).collect(Collectors.toSet()); this.associatedPoliciesIds = source -> data; } else { this.associatedPoliciesIds = new DefaultLazyLoader<>(source -> source.getAssociatedPolicies().stream().map(Policy::getId).collect(Collectors.toSet()), Collections::emptySet);
@Override public void evaluate(Evaluation evaluation) { AuthorizationProvider authorization = evaluation.getAuthorizationProvider(); DefaultEvaluation defaultEvaluation = DefaultEvaluation.class.cast(evaluation); Map<Policy, Map<Object, Decision.Effect>> decisionCache = defaultEvaluation.getDecisionCache(); Policy policy = evaluation.getPolicy(); ResourcePermission permission = evaluation.getPermission(); policy.getAssociatedPolicies().forEach(associatedPolicy -> { Map<Object, Decision.Effect> decisions = decisionCache.computeIfAbsent(associatedPolicy, p -> new HashMap<>()); Decision.Effect effect = decisions.get(permission); defaultEvaluation.setPolicy(associatedPolicy); if (effect == null) { PolicyProvider policyProvider = authorization.getProvider(associatedPolicy.getType()); policyProvider.evaluate(defaultEvaluation); evaluation.denyIfNoEffect(); decisions.put(permission, defaultEvaluation.getEffect()); } else { defaultEvaluation.setEffect(effect); } }); }
ResourcePermission permission = evaluation.getPermission(); for (Policy associatedPolicy : policy.getAssociatedPolicies()) { Map<Object, Decision.Effect> decisions = decisionCache.computeIfAbsent(associatedPolicy, p -> new HashMap<>()); Decision.Effect effect = decisions.get(permission);
representation.setOwner(policy.getOwner()); for (Policy associatedPolicy : policy.getAssociatedPolicies()) { AbstractPolicyRepresentation associatedRep = ModelToRepresentation.toRepresentation(associatedPolicy, authorization, false, false); RealmModel realm = authorization.getRealm();
@Override public void onUpdate(Policy policy, UmaPermissionRepresentation representation, AuthorizationProvider authorization) { PolicyStore policyStore = authorization.getStoreFactory().getPolicyStore(); Set<Policy> associatedPolicies = policy.getAssociatedPolicies();