001package com.identityworksllc.iiq.common.access; 002 003import com.identityworksllc.iiq.common.CommonSecurityConfig; 004import sailpoint.object.Identity; 005import sailpoint.rest.plugin.BasePluginResource; 006import sailpoint.tools.GeneralException; 007import sailpoint.web.UserContext; 008 009import java.util.HashMap; 010import java.util.Map; 011 012/** 013 * Access check input 014 */ 015public final class AccessCheckInput { 016 /** 017 * Configuration 018 */ 019 private CommonSecurityConfig configuration; 020 021 /** 022 * The plugin resource 023 */ 024 private UserContext userContext; 025 026 /** 027 * The state from this access check 028 */ 029 private Map<String, Object> state; 030 031 /** 032 * The target Identity being checked (may be null) 033 */ 034 private Identity target; 035 036 /** 037 * The name of the thing being checked 038 */ 039 private String thingName; 040 041 /** 042 * Constructs a basic access check input 043 */ 044 public AccessCheckInput() { 045 this.thingName = AccessCheck.ANONYMOUS_THING; 046 } 047 048 /** 049 * Copy constructor allowing override of an input 050 * 051 * @param parent The parent config 052 * @param config The 'child' config to replace with 053 */ 054 public AccessCheckInput(AccessCheckInput parent, CommonSecurityConfig config) { 055 this(parent.userContext, parent.target, parent.thingName, config, parent.state); 056 } 057 058 /** 059 * Access check input taking a plugin or target 060 * 061 * @param userContext The user context (likely a BasePluginResource) 062 * @param config The config 063 */ 064 public AccessCheckInput(UserContext userContext, CommonSecurityConfig config) { 065 this(userContext, null, AccessCheck.ANONYMOUS_THING, config, null); 066 } 067 /** 068 * Access check input taking a plugin or target 069 * 070 * @param userContext The user context (likely a BasePluginResource) 071 * @param target The target 072 * @param config The config 073 */ 074 public AccessCheckInput(UserContext userContext, Identity target, CommonSecurityConfig config) { 075 this(userContext, target, AccessCheck.ANONYMOUS_THING, config, null); 076 } 077 078 /** 079 * Access check input taking a plugin or target 080 * 081 * @param userContext The user context (likely a BasePluginResource) 082 * @param target The target 083 * @param thingName The thing name 084 * @param config The config 085 */ 086 public AccessCheckInput(UserContext userContext, Identity target, String thingName, CommonSecurityConfig config) { 087 this(userContext, target, thingName, config, null); 088 } 089 090 /** 091 * Access check input taking a plugin or target 092 * 093 * @param userContext The user context (likely a BasePluginResource) 094 * @param target The target 095 * @param thingName The thing name 096 * @param config The config 097 * @param state Any persistent state in the access checks 098 */ 099 public AccessCheckInput(UserContext userContext, Identity target, String thingName, CommonSecurityConfig config, Map<String, Object> state) { 100 this.userContext = userContext; 101 this.target = target; 102 this.configuration = config; 103 if (thingName == null || thingName.isEmpty()) { 104 this.thingName = AccessCheck.ANONYMOUS_THING; 105 } else { 106 this.thingName = thingName; 107 } 108 this.state = (state != null) ? state : new HashMap<>(); 109 } 110 111 /** 112 * Gets the configuration object 113 * @return The common security configuration object 114 */ 115 public CommonSecurityConfig getConfiguration() { 116 return configuration; 117 } 118 119 /** 120 * @deprecated Use {@link #getUserContext()} instead 121 * @return The configured plugin resource / user context 122 */ 123 @Deprecated 124 public UserContext getPluginResource() { 125 return userContext; 126 } 127 128 public UserContext getUserContext() { 129 return userContext; 130 } 131 132 public Map<String, Object> getState() { 133 return state; 134 } 135 136 public Identity getTarget() throws GeneralException { 137 if (this.target != null) { 138 return target; 139 } else { 140 return userContext.getLoggedInUser(); 141 } 142 } 143 144 public String getThingName() { 145 return thingName; 146 } 147 148 public void putState(String name, Object value) { 149 if (this.state == null) { 150 this.state = new HashMap<>(); 151 } 152 153 this.state.put(name, value); 154 } 155 156 public AccessCheckInput setConfiguration(Map<String, Object> configuration) throws GeneralException { 157 this.configuration = CommonSecurityConfig.decode(configuration); 158 return this; 159 } 160 161 162 public AccessCheckInput setConfiguration(CommonSecurityConfig configuration) { 163 this.configuration = configuration; 164 return this; 165 } 166 167 @Deprecated 168 public AccessCheckInput setPluginResource(BasePluginResource pluginResource) { 169 return setUserContext(pluginResource); 170 } 171 172 public AccessCheckInput setUserContext(UserContext userContext) { 173 this.userContext = userContext; 174 return this; 175 } 176 177 public AccessCheckInput setState(Map<String, Object> state) { 178 this.state = state; 179 return this; 180 } 181 182 public AccessCheckInput setTarget(Identity target) { 183 this.target = target; 184 return this; 185 } 186 187 public AccessCheckInput setThingName(String thingName) { 188 this.thingName = thingName; 189 return this; 190 } 191}