Commit ca749b04 authored by michael.simon's avatar michael.simon
Browse files

example rule and changes

parent 3de32de1
......@@ -131,7 +131,8 @@ public class KnowledgeSessionServiceImpl implements KnowledgeSessionService {
List<Object> objectList = new ArrayList<Object>(ksession.getObjects());
for (Object o : objectList) {
logger.debug("Deleting fact handle for Object {}", o);
if (logger.isTraceEnabled())
logger.trace("Deleting fact handle for Object {}", o);
FactHandle factHandle = ksession.getFactHandle(o);
if (factHandle != null)
ksession.delete(factHandle);
......@@ -149,6 +150,8 @@ public class KnowledgeSessionServiceImpl implements KnowledgeSessionService {
Set<GroupEntity> groups, Set<RoleEntity> roles)
throws MisconfiguredServiceException {
user = userDao.merge(user);
KieSession ksession = getStatefulSession(unitId);
if (ksession == null)
......@@ -242,7 +245,8 @@ public class KnowledgeSessionServiceImpl implements KnowledgeSessionService {
List<Object> objectList = new ArrayList<Object>(ksession.getObjects());
for (Object o : objectList) {
logger.debug("Deleting fact handle for Object {}", o);
if (logger.isTraceEnabled())
logger.trace("Deleting fact handle for Object {}", o);
FactHandle factHandle = ksession.getFactHandle(o);
if (factHandle != null)
ksession.delete(factHandle);
......
......@@ -4,28 +4,102 @@ import edu.kit.scc.webreg.entity.UserEntity;
import edu.kit.scc.webreg.entity.GroupEntity;
import edu.kit.scc.webreg.entity.LocalGroupEntity;
import edu.kit.scc.webreg.entity.ServiceEntity;
import edu.kit.scc.webreg.entity.SamlIdpMetadataEntity;
global org.slf4j.Logger logger;
rule "Filter test"
rule "FH1 Filter"
when
$user : UserEntity()
$service : ServiceEntity( shortName == "fh1" )
$group : LocalGroupEntity( name == "fh1-access" )
then
logger.debug( "allow user {} for service {}, because of membership in group {}", $user.getEppn(), $service.getName(), $group.getName() );
retract( $service );
end
rule "UC1 Filter"
when
$user : UserEntity( eppn == "ugcne@student.kit.edu" )
$user : UserEntity( ( idp.getEntityCategoryList() contains "http://aai.dfn.de/category/bwidm-member" )
&&
( attributeStore["urn:oid:1.3.6.1.4.1.5923.1.1.1.7"]
matches ".*(^|;)http://bwidm.de/entitlement/bwUniCluster(;|$).*" ) )
$service : ServiceEntity( shortName == "uc1" )
then
logger.debug( "allow user {} for service {}, because of entitlement", $user.getEppn(), $service.getName() );
retract( $service );
end
rule "UCB Filter"
when
$user : UserEntity( ( idp.getEntityCategoryList() contains "http://aai.dfn.de/category/bwidm-member" )
&&
( attributeStore["urn:oid:1.3.6.1.4.1.5923.1.1.1.7"]
matches ".*(^|;)http://bwidm.de/entitlement/bwUniClusterTest(;|$).*" ) )
$service : ServiceEntity( shortName == "ucb" )
then
logger.debug( "allow user {} for service {}", $user.getEppn(), $service.getName() );
logger.debug( "allow user {} for service {}, because of entitlement", $user.getEppn(), $service.getName() );
retract( $service );
end
rule "FH1 Filter"
rule "HC3 Filter"
when
$user : UserEntity()
$service : ServiceEntity( shortName == "fh1" )
$group : LocalGroupEntity( name == "fh1-access" )
$user : UserEntity( ( idp.entityId == "https://idp.scc.kit.edu/idp/shibboleth" )
&&
( attributeStore["urn:oid:1.3.6.1.4.1.5923.1.1.1.7"]
matches ".*(^|;)http://bwidm.scc.kit.edu/entitlement/hc3(;|$).*" ) )
$service : ServiceEntity( shortName == "hc3" )
then
logger.debug( "allow user {} for service {}, because of membership in group {}", $user.getEppn(), $service.getName(), $group.getName() );
logger.debug( "allow user {} for service {}, because of entitlement", $user.getEppn(), $service.getName() );
retract( $service );
end
rule "HCD Filter"
when
$user : UserEntity( ( idp.entityId == "https://idp.scc.kit.edu/idp/shibboleth" )
&&
( attributeStore["urn:oid:1.3.6.1.4.1.5923.1.1.1.7"]
matches ".*(^|;)http://bwidm.scc.kit.edu/entitlement/hcd(;|$).*" ) )
$service : ServiceEntity( shortName == "hcd" )
then
logger.debug( "allow user {} for service {}, because of entitlement", $user.getEppn(), $service.getName() );
retract( $service );
end
rule "IC2 Filter"
when
$user : UserEntity( ( idp.entityId == "https://idp.scc.kit.edu/idp/shibboleth" )
&&
( attributeStore["urn:oid:1.3.6.1.4.1.5923.1.1.1.7"]
matches ".*(^|;)http://bwidm.scc.kit.edu/entitlement/ic2(;|$).*" ) )
$service : ServiceEntity( shortName == "ic2" )
then
logger.debug( "allow user {} for service {}, because of entitlement", $user.getEppn(), $service.getName() );
retract( $service );
end
rule "ICC Filter"
when
$user : UserEntity( ( idp.entityId == "https://idp.scc.kit.edu/idp/shibboleth" )
&&
( attributeStore["urn:oid:1.3.6.1.4.1.5923.1.1.1.7"]
matches ".*(^|;)http://bwidm.scc.kit.edu/entitlement/icc(;|$).*" ) )
$service : ServiceEntity( shortName == "icc" )
then
logger.debug( "allow user {} for service {}, because of entitlement", $user.getEppn(), $service.getName() );
retract( $service );
end
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment