Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
reg-app
Regapp
Commits
ca749b04
Commit
ca749b04
authored
Oct 27, 2015
by
michael.simon
Browse files
example rule and changes
parent
3de32de1
Changes
2
Hide whitespace changes
Inline
Side-by-side
bwreg-service/src/main/java/edu/kit/scc/webreg/drools/impl/KnowledgeSessionServiceImpl.java
View file @
ca749b04
...
...
@@ -131,7 +131,8 @@ public class KnowledgeSessionServiceImpl implements KnowledgeSessionService {
List
<
Object
>
objectList
=
new
ArrayList
<
Object
>(
ksession
.
getObjects
());
for
(
Object
o
:
objectList
)
{
logger
.
debug
(
"Deleting fact handle for Object {}"
,
o
);
if
(
logger
.
isTraceEnabled
())
logger
.
trace
(
"Deleting fact handle for Object {}"
,
o
);
FactHandle
factHandle
=
ksession
.
getFactHandle
(
o
);
if
(
factHandle
!=
null
)
ksession
.
delete
(
factHandle
);
...
...
@@ -149,6 +150,8 @@ public class KnowledgeSessionServiceImpl implements KnowledgeSessionService {
Set
<
GroupEntity
>
groups
,
Set
<
RoleEntity
>
roles
)
throws
MisconfiguredServiceException
{
user
=
userDao
.
merge
(
user
);
KieSession
ksession
=
getStatefulSession
(
unitId
);
if
(
ksession
==
null
)
...
...
@@ -242,7 +245,8 @@ public class KnowledgeSessionServiceImpl implements KnowledgeSessionService {
List
<
Object
>
objectList
=
new
ArrayList
<
Object
>(
ksession
.
getObjects
());
for
(
Object
o
:
objectList
)
{
logger
.
debug
(
"Deleting fact handle for Object {}"
,
o
);
if
(
logger
.
isTraceEnabled
())
logger
.
trace
(
"Deleting fact handle for Object {}"
,
o
);
FactHandle
factHandle
=
ksession
.
getFactHandle
(
o
);
if
(
factHandle
!=
null
)
ksession
.
delete
(
factHandle
);
...
...
rules/service-filter.drl
View file @
ca749b04
...
...
@@ -4,28 +4,102 @@ import edu.kit.scc.webreg.entity.UserEntity;
import
edu
.
kit
.
scc
.
webreg
.
entity
.
GroupEntity
;
import
edu
.
kit
.
scc
.
webreg
.
entity
.
LocalGroupEntity
;
import
edu
.
kit
.
scc
.
webreg
.
entity
.
ServiceEntity
;
import
edu
.
kit
.
scc
.
webreg
.
entity
.
SamlIdpMetadataEntity
;
global
org
.
slf4j
.
Logger
logger
;
rule
"Filter test"
rule
"FH1 Filter"
when
$
user
:
UserEntity
()
$
service
:
ServiceEntity
(
shortName
==
"fh1"
)
$
group
:
LocalGroupEntity
(
name
==
"fh1-access"
)
then
logger
.
debug
(
"allow user {} for service {}, because of membership in group {}"
,
$
user
.
getEppn
(),
$
service
.
getName
(),
$
group
.
getName
()
);
retract
(
$
service
);
end
rule
"UC1 Filter"
when
$
user
:
UserEntity
(
eppn
==
"ugcne@student.kit.edu"
)
$
user
:
UserEntity
(
(
idp
.
getEntityCategoryList
()
contains
"http://aai.dfn.de/category/bwidm-member"
)
&&
(
attributeStore
[
"urn:oid:1.3.6.1.4.1.5923.1.1.1.7"
]
matches
".*(^|;)http://bwidm.de/entitlement/bwUniCluster(;|$).*"
)
)
$
service
:
ServiceEntity
(
shortName
==
"uc1"
)
then
logger
.
debug
(
"allow user {} for service {}, because of entitlement"
,
$
user
.
getEppn
(),
$
service
.
getName
()
);
retract
(
$
service
);
end
rule
"UCB Filter"
when
$
user
:
UserEntity
(
(
idp
.
getEntityCategoryList
()
contains
"http://aai.dfn.de/category/bwidm-member"
)
&&
(
attributeStore
[
"urn:oid:1.3.6.1.4.1.5923.1.1.1.7"
]
matches
".*(^|;)http://bwidm.de/entitlement/bwUniClusterTest(;|$).*"
)
)
$
service
:
ServiceEntity
(
shortName
==
"ucb"
)
then
logger
.
debug
(
"allow user {} for service {}"
,
$
user
.
getEppn
(),
$
service
.
getName
()
);
logger
.
debug
(
"allow user {} for service {}
, because of entitlement
"
,
$
user
.
getEppn
(),
$
service
.
getName
()
);
retract
(
$
service
);
end
rule
"
FH1
Filter"
rule
"
HC3
Filter"
when
$
user
:
UserEntity
()
$
service
:
ServiceEntity
(
shortName
==
"fh1"
)
$
group
:
LocalGroupEntity
(
name
==
"fh1-access"
)
$
user
:
UserEntity
(
(
idp
.
entityId
==
"https://idp.scc.kit.edu/idp/shibboleth"
)
&&
(
attributeStore
[
"urn:oid:1.3.6.1.4.1.5923.1.1.1.7"
]
matches
".*(^|;)http://bwidm.scc.kit.edu/entitlement/hc3(;|$).*"
)
)
$
service
:
ServiceEntity
(
shortName
==
"hc3"
)
then
logger
.
debug
(
"allow user {} for service {}, because of membership in group {}"
,
$
user
.
getEppn
(),
$
service
.
getName
(),
$
group
.
getName
()
);
logger
.
debug
(
"allow user {} for service {}, because of entitlement"
,
$
user
.
getEppn
(),
$
service
.
getName
()
);
retract
(
$
service
);
end
rule
"HCD Filter"
when
$
user
:
UserEntity
(
(
idp
.
entityId
==
"https://idp.scc.kit.edu/idp/shibboleth"
)
&&
(
attributeStore
[
"urn:oid:1.3.6.1.4.1.5923.1.1.1.7"
]
matches
".*(^|;)http://bwidm.scc.kit.edu/entitlement/hcd(;|$).*"
)
)
$
service
:
ServiceEntity
(
shortName
==
"hcd"
)
then
logger
.
debug
(
"allow user {} for service {}, because of entitlement"
,
$
user
.
getEppn
(),
$
service
.
getName
()
);
retract
(
$
service
);
end
rule
"IC2 Filter"
when
$
user
:
UserEntity
(
(
idp
.
entityId
==
"https://idp.scc.kit.edu/idp/shibboleth"
)
&&
(
attributeStore
[
"urn:oid:1.3.6.1.4.1.5923.1.1.1.7"
]
matches
".*(^|;)http://bwidm.scc.kit.edu/entitlement/ic2(;|$).*"
)
)
$
service
:
ServiceEntity
(
shortName
==
"ic2"
)
then
logger
.
debug
(
"allow user {} for service {}, because of entitlement"
,
$
user
.
getEppn
(),
$
service
.
getName
()
);
retract
(
$
service
);
end
rule
"ICC Filter"
when
$
user
:
UserEntity
(
(
idp
.
entityId
==
"https://idp.scc.kit.edu/idp/shibboleth"
)
&&
(
attributeStore
[
"urn:oid:1.3.6.1.4.1.5923.1.1.1.7"
]
matches
".*(^|;)http://bwidm.scc.kit.edu/entitlement/icc(;|$).*"
)
)
$
service
:
ServiceEntity
(
shortName
==
"icc"
)
then
logger
.
debug
(
"allow user {} for service {}, because of entitlement"
,
$
user
.
getEppn
(),
$
service
.
getName
()
);
retract
(
$
service
);
end
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment