package com.ibm.wps.ac.impl;

import com.ibm.portal.ObjectID;
import com.ibm.portal.ResourceType;
import com.ibm.wps.ac.ACManager;
import com.ibm.wps.ac.ACPrincipal;
import com.ibm.wps.ac.AccessControlMessages;
import com.ibm.wps.ac.ActionSet;
import com.ibm.wps.ac.AuthorizationDataException;
import com.ibm.wps.ac.AuthorizationModelException;
import com.ibm.wps.ac.ExternalAuthorizationException;
import com.ibm.wps.ac.NotAllowedException;
import com.ibm.wps.ac.PermissionCollection;
import com.ibm.wps.ac.RoleData;
import com.ibm.wps.ac.RoleMap;
import com.ibm.wps.ac.factories.ACAdministrationPermissionFactory;
import com.ibm.wps.ac.internal.ACNode;
import com.ibm.wps.ac.internal.LocalizedActionSet;
import com.ibm.wps.ac.internal.NodeConfig;
import com.ibm.wps.ac.internal.NodeConfigFactory;
import com.ibm.wps.command.CommandException;
import com.ibm.wps.datastore.ac.ProtectedResourceRO;
import com.ibm.wps.datastore.ac.RoleInstance;
import com.ibm.wps.logging.LogManager;
import com.ibm.wps.logging.Logger;
import com.ibm.wps.services.ac.internal.AccessControlConfigService;
import com.ibm.wps.services.datastore.DataStore;
import com.ibm.wps.services.datastore.Transaction;
import com.ibm.wps.util.ObjectIDUtils;
import com.ibm.wps.util.Properties;
import java.io.Writer;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Locale;
import java.util.Map;
import javax.servlet.ServletConfig;

/* loaded from: input_file:plugins/com.ibm.wps_v5_5.0.2/wps.jar:com/ibm/wps/ac/impl/AccessControlConfigImpl.class */
public final class AccessControlConfigImpl extends AccessControlConfigService {
    private static final String COPYRIGHT = "Licensed Materials - Property of IBM, 5724-E76 and 5724-E77, (C) Copyright IBM Corp. 2001, 2003 - All Rights reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    private ResourceManager resourceManager;
    private RoleManager roleManager;
    private Engine engine;
    private ACPrincipalManager acPrincipalManager;
    private ActionSetManager actionSetManager;
    private ExternalAccessControlManager externalizeManager;
    private BasePermissionFactoryImpl permissionFactoryImpl;
    private Optimizer optimizer;
    private ACAdministrationPermissionFactory permissionFactory;
    private static Logger logger;
    static Class class$com$ibm$wps$ac$impl$AccessControlConfigImpl;
    private boolean externalizationActivated = false;
    private boolean ownerEventsEnabled = false;
    private boolean roleBlockEventsEnabled = false;
    private boolean roleMappingEventsEnabled = false;
    private boolean resourceEventsEnabled = false;
    private boolean isResolveGroupMembership = false;
    private HashSet principalTypes = null;
    private NodeConfigFactory nodeConfigFactory = new NodeConfigFactoryImpl();

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.wps.services.Service
    public void init(ServletConfig servletConfig, Properties properties) throws Exception {
        super.init(servletConfig, properties);
        this.externalizationActivated = properties.getBoolean("accessControlConfig.enableExternalization", false);
        if (logger.isLogging(110)) {
            logger.text(110, "init", new StringBuffer().append("Externalization Activated: ").append(this.externalizationActivated).toString());
        }
        this.isResolveGroupMembership = properties.getBoolean("accessControlConfig.doResolveGroupMembershipForExternalAccessControl", false);
        if (logger.isLogging(110)) {
            logger.text(110, "init", new StringBuffer().append("doResolveGroupMembershipForExternalAccessControl Activated: ").append(this.isResolveGroupMembership).toString());
        }
        this.ownerEventsEnabled = properties.getBoolean("accessControlConfig.enableOwnerEvents", false);
        if (logger.isLogging(110)) {
            logger.text(110, "init", new StringBuffer().append("OwnerEvents Enabled: ").append(this.ownerEventsEnabled).toString());
        }
        this.roleBlockEventsEnabled = properties.getBoolean("accessControlConfig.enableRoleBlockEvents", false);
        if (logger.isLogging(110)) {
            logger.text(110, "init", new StringBuffer().append("RoleBlockEvents Enabled: ").append(this.roleBlockEventsEnabled).toString());
        }
        this.roleMappingEventsEnabled = properties.getBoolean("accessControlConfig.enableRoleMappingEvents", false);
        if (logger.isLogging(110)) {
            logger.text(110, "init", new StringBuffer().append("RoleMappingEvents Enabled: ").append(this.roleMappingEventsEnabled).toString());
        }
        this.resourceEventsEnabled = properties.getBoolean("accessControlConfig.enableResourceEvents", false);
        if (logger.isLogging(110)) {
            logger.text(110, "init", new StringBuffer().append("ResourceEvents Enabled: ").append(this.resourceEventsEnabled).toString());
        }
        this.resourceManager = AccessControlDataManagement.getResourceManager();
        this.roleManager = AccessControlDataManagement.getRoleManager();
        this.roleManager.setResolveGroupMembership(this.isResolveGroupMembership);
        this.engine = AccessControlDataManagement.getEngine();
        this.acPrincipalManager = AccessControlDataManagement.getACPrincipalManager();
        this.actionSetManager = AccessControlDataManagement.getActionSetManager();
        this.externalizeManager = AccessControlDataManagement.getExternalAccessControlManager();
        this.optimizer = AccessControlDataManagement.getOptimizer();
        this.principalTypes = new HashSet(2);
        this.principalTypes.add(ResourceType.USER_GROUP);
        this.principalTypes.add(ResourceType.COMMUNITY);
    }

    private void checkParameter(Object obj, String str) {
        if (obj == null) {
            throw new IllegalArgumentException(str);
        }
    }

    private void checkActionSet(ActionSet actionSet, String str) {
        if (((ActionSetImpl) actionSet).getFlagValue() == -1) {
            throw new IllegalArgumentException(str);
        }
    }

    static void checkPermissions(ACPrincipal aCPrincipal, PermissionCollection permissionCollection, String str) throws NotAllowedException, AuthorizationDataException {
        if (!ACManager.getAccessControl().hasPermission(aCPrincipal, permissionCollection)) {
            throw new NotAllowedException(AccessControlMessages.NOT_ALLOWED_ERROR_4, new Object[]{aCPrincipal.getName(), aCPrincipal.getObjectID(), str, permissionCollection});
        }
    }

    private ACAdministrationPermissionFactory getPermissionFactory() {
        if (this.permissionFactory == null) {
            this.permissionFactory = ACManager.getAccessControl().getAccessControlAdministrationPermissionFactory();
        }
        return this.permissionFactory;
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public boolean isExternalizationActivated() {
        return this.externalizationActivated;
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public boolean ownerEventsEnabled() {
        return this.ownerEventsEnabled;
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public boolean roleBlockEventsEnabled() {
        return this.roleBlockEventsEnabled;
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public boolean roleMappingEventsEnabled() {
        return this.roleMappingEventsEnabled;
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public boolean resourceEventsEnabled() {
        return this.resourceEventsEnabled;
    }

    private BasePermissionFactoryImpl getPermissionFactoryImpl() {
        if (this.permissionFactoryImpl == null) {
            this.permissionFactoryImpl = new BasePermissionFactoryImpl();
        }
        return this.permissionFactoryImpl;
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public ObjectID getVirtualRootResourceID(ResourceType resourceType) {
        return this.resourceManager.getVirtualRootResourceID(resourceType);
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public void createRoleMapping(ACPrincipal aCPrincipal, RoleData roleData) throws AuthorizationDataException, NotAllowedException, AuthorizationModelException, ExternalAuthorizationException {
        if (logger.isLogging(110)) {
            logger.entry(110, "createRoleMapping", new Object[]{aCPrincipal, roleData});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(roleData, "roleData must not be null");
        checkParameter(roleData.getResourceID(), "domainRoot must not be null");
        checkParameter(roleData.getActionSet(), "actionSet must not be null");
        checkParameter(roleData.getMappedPrincipals(), "mappedPrincipals must not be null");
        checkActionSet((ActionSetImpl) roleData.getActionSet(), "createRoleMapping");
        checkPermissions(aCPrincipal, getPermissionFactory().getCreateRoleMappingPermissions(roleData.getResourceID(), roleData.getActionSet(), roleData.getMappedPrincipals()), "Create Role Mapping");
        if (roleData.getMappedPrincipals().size() > 0) {
            Transaction transaction = DataStore.getTransaction();
            try {
                try {
                    transaction.begin();
                    this.roleManager.createRoleMapping(roleData);
                } catch (AuthorizationDataException e) {
                    transaction.setRollbackOnly();
                    throw e;
                } catch (AuthorizationModelException e2) {
                    transaction.setRollbackOnly();
                    throw e2;
                } catch (RuntimeException e3) {
                    transaction.setRollbackOnly();
                    throw e3;
                }
            } finally {
                transaction.commit();
            }
        }
        if (logger.isLogging(110)) {
            logger.exit(110, "createRoleMapping");
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public void deleteRoleMapping(ACPrincipal aCPrincipal, RoleData roleData) throws AuthorizationDataException, NotAllowedException, AuthorizationModelException {
        if (logger.isLogging(110)) {
            logger.entry(110, "deleteRoleMapping", new Object[]{aCPrincipal, roleData});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(roleData, "roleData must not be null");
        checkParameter(roleData.getResourceID(), "domainRoot must not be null");
        checkParameter(roleData.getActionSet(), "actionSet must not be null");
        checkParameter(roleData.getMappedPrincipals(), "mappedPrincipals must not be null");
        checkActionSet(roleData.getActionSet(), "deleteRoleMapping");
        checkPermissions(aCPrincipal, getPermissionFactory().getDeleteRoleMappingPermissions(roleData.getResourceID(), roleData.getActionSet(), roleData.getMappedPrincipals()), "Delete Role Mapping");
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                transaction.begin();
                this.roleManager.deleteRoleMapping(roleData);
                if (logger.isLogging(110)) {
                    logger.exit(110, "deleteRoleMapping");
                }
            } catch (AuthorizationDataException e) {
                transaction.setRollbackOnly();
                throw e;
            } catch (AuthorizationModelException e2) {
                transaction.setRollbackOnly();
                throw e2;
            } catch (RuntimeException e3) {
                transaction.setRollbackOnly();
                throw e3;
            }
        } finally {
            transaction.commit();
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public RoleMap loadInheritedRoleMappings(ACPrincipal aCPrincipal, ObjectID objectID, ActionSet actionSet) throws AuthorizationDataException, NotAllowedException {
        if (logger.isLogging(110)) {
            logger.entry(110, "loadInheritedRoleMappings", new Object[]{aCPrincipal, ObjectIDUtils.dump(objectID), actionSet});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(objectID, "domainChildID must not be null");
        checkParameter(actionSet, "actionSet must not be null");
        checkActionSet(actionSet, "loadInheritedRoleMappings");
        checkPermissions(aCPrincipal, getPermissionFactory().getQueryInheritedRoleMappingsPermissions(objectID), "Query Inherited Role Mappings");
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                try {
                    transaction.begin();
                    RoleMap loadInheritedRoleMappings = this.roleManager.loadInheritedRoleMappings(objectID, (ActionSetImpl) actionSet);
                    if (logger.isLogging(110)) {
                        logger.exit(110, "loadInheritedRoleMappings", loadInheritedRoleMappings);
                    }
                    return loadInheritedRoleMappings;
                } catch (AuthorizationDataException e) {
                    transaction.setRollbackOnly();
                    throw e;
                }
            } catch (RuntimeException e2) {
                transaction.setRollbackOnly();
                throw e2;
            }
        } finally {
            transaction.commit();
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public Collection loadAssignedRoles(ACPrincipal aCPrincipal, ObjectID objectID, ResourceType resourceType, ActionSet actionSet) throws AuthorizationDataException, NotAllowedException {
        if (logger.isLogging(110)) {
            logger.entry(110, "loadAssignedRoles", new Object[]{aCPrincipal, ObjectIDUtils.dump(objectID), resourceType, actionSet});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(objectID, "principalID must not be null");
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                try {
                    transaction.begin();
                    Collection loadAssignedRoles = this.roleManager.loadAssignedRoles(objectID, resourceType, (ActionSetImpl) actionSet);
                    if (logger.isLogging(110)) {
                        logger.exit(110, "loadAssignedRoles", loadAssignedRoles);
                    }
                    return loadAssignedRoles;
                } catch (AuthorizationDataException e) {
                    transaction.setRollbackOnly();
                    throw e;
                }
            } catch (RuntimeException e2) {
                transaction.setRollbackOnly();
                throw e2;
            }
        } finally {
            transaction.commit();
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public Collection loadRolesForPrincipalOnResource(ACPrincipal aCPrincipal, ObjectID objectID, ACPrincipal aCPrincipal2) throws AuthorizationDataException, NotAllowedException {
        if (logger.isLogging(110)) {
            logger.entry(110, "loadRolesForPrincipalOnResource", new Object[]{aCPrincipal, ObjectIDUtils.dump(objectID), aCPrincipal2});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(objectID, "resourceID must not be null");
        checkParameter(aCPrincipal2, "principal must not be null");
        checkPermissions(aCPrincipal, getPermissionFactory().getQueryRolesForPrincipalOnResourceCommand(objectID), "Query RoleDomain");
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                try {
                    transaction.begin();
                    Collection loadRolesForPrincipalOnResource = this.roleManager.loadRolesForPrincipalOnResource(aCPrincipal2, objectID);
                    if (logger.isLogging(110)) {
                        logger.exit(110, "createRole");
                    }
                    return loadRolesForPrincipalOnResource;
                } catch (AuthorizationDataException e) {
                    transaction.setRollbackOnly();
                    throw e;
                }
            } catch (RuntimeException e2) {
                transaction.setRollbackOnly();
                throw e2;
            }
        } finally {
            transaction.commit();
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public void createRole(ACPrincipal aCPrincipal, ObjectID objectID, ActionSet actionSet, String str) throws AuthorizationDataException, NotAllowedException, ExternalAuthorizationException, AuthorizationModelException {
        if (logger.isLogging(110)) {
            logger.entry(110, "createRole", new Object[]{aCPrincipal, ObjectIDUtils.dump(objectID), actionSet});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(objectID, "domainRootID must not be null");
        checkParameter(actionSet, "actionSet must not be null");
        checkActionSet(actionSet, "createRole");
        if (objectID.getResourceType().equals(ResourceType.USER)) {
            throw new AuthorizationModelException(AccessControlMessages.ROLE_ON_USER_ERROR_1, new Object[]{objectID});
        }
        checkPermissions(aCPrincipal, getPermissionFactory().getCreateRolePermissions(objectID, actionSet), "Create Role");
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                try {
                    transaction.begin();
                    this.roleManager.createRole(objectID, (ActionSetImpl) actionSet, str);
                    if (logger.isLogging(110)) {
                        logger.exit(110, "createRole");
                    }
                } catch (RuntimeException e) {
                    transaction.setRollbackOnly();
                    throw e;
                }
            } catch (AuthorizationDataException e2) {
                transaction.setRollbackOnly();
                throw e2;
            }
        } finally {
            transaction.commit();
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public void modifyRole(ACPrincipal aCPrincipal, ObjectID objectID, ActionSet actionSet, String str) throws AuthorizationDataException, NotAllowedException {
        if (logger.isLogging(110)) {
            logger.entry(110, "modifyRole", new Object[]{aCPrincipal, ObjectIDUtils.dump(objectID), actionSet});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(objectID, "domainRootID must not be null");
        checkParameter(actionSet, "actionSet must not be null");
        checkActionSet(actionSet, "modifyRole");
        checkPermissions(aCPrincipal, getPermissionFactory().getModifyRoleAliasPermissions(objectID, actionSet), "Modify Role");
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                transaction.begin();
                this.roleManager.modifyRole(objectID, (ActionSetImpl) actionSet, str);
                if (logger.isLogging(110)) {
                    logger.exit(110, "modifyRole");
                }
            } catch (AuthorizationDataException e) {
                transaction.setRollbackOnly();
                throw e;
            } catch (RuntimeException e2) {
                transaction.setRollbackOnly();
                throw e2;
            }
        } finally {
            transaction.commit();
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public void deleteRole(ACPrincipal aCPrincipal, ObjectID objectID, ActionSet actionSet) throws AuthorizationDataException, NotAllowedException, ExternalAuthorizationException {
        if (logger.isLogging(110)) {
            logger.entry(110, "deleteRole", new Object[]{aCPrincipal, ObjectIDUtils.dump(objectID), actionSet});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(objectID, "domainRootID must not be null");
        checkParameter(actionSet, "actionSet must not be null");
        checkActionSet(actionSet, "deleteRole");
        checkPermissions(aCPrincipal, getPermissionFactory().getDeleteRolePermissions(objectID, actionSet), "Delete Role");
        if (RoleManager.checkUnDeletableRole(objectID, actionSet)) {
            throw new UnsupportedOperationException("It is not possible to delete the Role Administrator@Portal");
        }
        ProtectedResourceRO resourceByExternalID = this.resourceManager.getResourceByExternalID(objectID);
        RoleInstance loadRoleInstance = this.roleManager.loadRoleInstance(resourceByExternalID, (ActionSetImpl) actionSet);
        Collection loadMappedPrincipals = this.roleManager.loadMappedPrincipals(loadRoleInstance);
        if (loadMappedPrincipals != null && loadMappedPrincipals.size() > 0) {
            checkPermissions(aCPrincipal, getPermissionFactory().getDeleteRoleMappingPermissions(objectID, actionSet, loadMappedPrincipals), "Delete Role and corresponding role mappings");
        }
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                transaction.begin();
                this.roleManager.deleteRole(resourceByExternalID, loadRoleInstance, objectID, (ActionSetImpl) actionSet, loadMappedPrincipals);
                if (logger.isLogging(110)) {
                    logger.exit(110, "deleteRole");
                }
            } catch (AuthorizationDataException e) {
                transaction.setRollbackOnly();
                throw e;
            } catch (RuntimeException e2) {
                transaction.setRollbackOnly();
                throw e2;
            }
        } finally {
            transaction.commit();
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public Collection loadRoleDomain(ACPrincipal aCPrincipal, ObjectID objectID, ActionSet actionSet) throws AuthorizationDataException, NotAllowedException {
        if (logger.isLogging(110)) {
            logger.entry(110, "loadRoleDomain", new Object[]{aCPrincipal, ObjectIDUtils.dump(objectID), actionSet});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(objectID, "domainRootID must not be null");
        checkParameter(actionSet, "actionSet must not be null");
        checkActionSet(actionSet, "loadRoleDomain");
        checkPermissions(aCPrincipal, getPermissionFactory().getQueryRoleDomainPermissions(objectID), "Query RoleDomain");
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                try {
                    transaction.begin();
                    Collection loadRoleDomain = this.engine.loadRoleDomain(objectID, (ActionSetImpl) actionSet);
                    if (logger.isLogging(110)) {
                        logger.exit(110, "loadRoleDomain", loadRoleDomain);
                    }
                    return loadRoleDomain;
                } catch (AuthorizationDataException e) {
                    transaction.setRollbackOnly();
                    throw e;
                }
            } catch (RuntimeException e2) {
                transaction.setRollbackOnly();
                throw e2;
            }
        } finally {
            transaction.commit();
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public void loadRole(ACPrincipal aCPrincipal, RoleData roleData) throws AuthorizationDataException, NotAllowedException {
        if (logger.isLogging(110)) {
            logger.entry(110, "loadRole", new Object[]{aCPrincipal, roleData});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(roleData, "roleData must not be null");
        checkParameter(roleData.getResourceID(), "domainRoot must not be null");
        checkParameter(roleData.getActionSet(), "actionSet must not be null");
        checkActionSet(roleData.getActionSet(), "loadRole");
        checkPermissions(aCPrincipal, getPermissionFactory().getQueryMappedPrincipalsPermissions(roleData.getResourceID()), "Query Role and Role Mappings");
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                transaction.begin();
                this.roleManager.loadRole((RoleDataImpl) roleData);
                if (logger.isLogging(110)) {
                    logger.exit(110, "loadRole", roleData);
                }
            } catch (AuthorizationDataException e) {
                transaction.setRollbackOnly();
                throw e;
            } catch (RuntimeException e2) {
                transaction.setRollbackOnly();
                throw e2;
            }
        } finally {
            transaction.commit();
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public HashMap loadRoles(ACPrincipal aCPrincipal, ObjectID objectID) throws AuthorizationDataException, NotAllowedException {
        if (logger.isLogging(110)) {
            logger.entry(110, "loadRoles", new Object[]{aCPrincipal, ObjectIDUtils.dump(objectID)});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(objectID, "resourceID must not be null");
        checkPermissions(aCPrincipal, getPermissionFactory().getQueryMappedPrincipalsPermissions(objectID), "Query Roles and Role Mappings");
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                try {
                    transaction.begin();
                    HashMap loadRoles = this.roleManager.loadRoles(objectID);
                    if (logger.isLogging(110)) {
                        logger.exit(110, "loadRoles", loadRoles);
                    }
                    return loadRoles;
                } catch (AuthorizationDataException e) {
                    transaction.setRollbackOnly();
                    throw e;
                }
            } catch (RuntimeException e2) {
                transaction.setRollbackOnly();
                throw e2;
            }
        } finally {
            transaction.commit();
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public Collection loadChildNodes(ACPrincipal aCPrincipal, ObjectID objectID) throws AuthorizationDataException {
        if (logger.isLogging(110)) {
            logger.entry(110, "addResource", new Object[]{aCPrincipal, ObjectIDUtils.dump(objectID)});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(objectID, "resourceHandle must not be null");
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                try {
                    transaction.begin();
                    Collection childNodesByExternalID = this.resourceManager.getChildNodesByExternalID(objectID);
                    if (logger.isLogging(110)) {
                        logger.exit(110, "loadChildNodes", new Object[]{childNodesByExternalID});
                    }
                    return childNodesByExternalID;
                } catch (AuthorizationDataException e) {
                    transaction.setRollbackOnly();
                    throw e;
                }
            } catch (RuntimeException e2) {
                transaction.setRollbackOnly();
                throw e2;
            }
        } finally {
            transaction.commit();
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public void addResource(ACPrincipal aCPrincipal, ObjectID objectID, ObjectID objectID2, String str, NodeConfig nodeConfig, ObjectID objectID3) throws AuthorizationDataException, NotAllowedException, AuthorizationModelException {
        if (logger.isLogging(110)) {
            logger.entry(110, "addResource", new Object[]{aCPrincipal, ObjectIDUtils.dump(objectID), ObjectIDUtils.dump(objectID2), str, nodeConfig, ObjectIDUtils.dump(objectID3)});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(objectID, "resourceHandle must not be null");
        checkParameter(nodeConfig, "nodeConfig must not be null");
        if (objectID.getResourceType().equals(ResourceType.USER)) {
            throw new AuthorizationModelException(AccessControlMessages.CREATE_USER_ERROR_0);
        }
        if (objectID2 != null && objectID2.getResourceType().equals(ResourceType.USER_GROUP)) {
            throw new AuthorizationModelException(AccessControlMessages.CREATE_RESOURCE_UNDER_GROUP_ERROR_1, new Object[]{objectID});
        }
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                try {
                    try {
                        transaction.begin();
                        if (((ACPrincipalBaseImpl) aCPrincipal).isXmlAccessScriptingUser()) {
                            this.resourceManager.addResource(objectID, objectID2, str, nodeConfig, objectID3, false);
                        } else {
                            this.resourceManager.addResource(objectID, objectID2, str, nodeConfig, objectID3, true);
                        }
                        if (logger.isLogging(110)) {
                            logger.exit(110, "addResource");
                        }
                    } catch (AuthorizationDataException e) {
                        transaction.setRollbackOnly();
                        throw e;
                    }
                } catch (AuthorizationModelException e2) {
                    transaction.setRollbackOnly();
                    throw e2;
                }
            } catch (RuntimeException e3) {
                transaction.setRollbackOnly();
                throw e3;
            }
        } finally {
            transaction.commit();
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public ObjectID addResource(ACPrincipal aCPrincipal, ResourceType resourceType, ObjectID objectID, String str, NodeConfig nodeConfig, ObjectID objectID2) throws AuthorizationDataException, NotAllowedException, AuthorizationModelException {
        throw new RuntimeException("Do not use this method any more!!!");
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public ACNode loadResource(ACPrincipal aCPrincipal, ObjectID objectID) throws AuthorizationDataException, NotAllowedException {
        if (logger.isLogging(110)) {
            logger.entry(110, "loadResource", new Object[]{aCPrincipal, ObjectIDUtils.dump(objectID)});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(objectID, "resourceID must not be null");
        checkPermissions(aCPrincipal, getPermissionFactory().getQueryProtectedResourcePermissions(objectID), "Query Resource");
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                try {
                    transaction.begin();
                    ACNodeImpl loadACNodeByExternalOID = this.resourceManager.loadACNodeByExternalOID(objectID);
                    if (logger.isLogging(110)) {
                        logger.exit(110, "loadResource", loadACNodeByExternalOID);
                    }
                    return loadACNodeByExternalOID;
                } catch (AuthorizationDataException e) {
                    transaction.setRollbackOnly();
                    throw e;
                }
            } catch (RuntimeException e2) {
                transaction.setRollbackOnly();
                throw e2;
            }
        } finally {
            transaction.commit();
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public void removeResource(ACPrincipal aCPrincipal, ObjectID objectID) throws AuthorizationDataException, NotAllowedException, AuthorizationModelException {
        if (logger.isLogging(110)) {
            logger.entry(110, "removeResource", new Object[]{aCPrincipal, ObjectIDUtils.dump(objectID)});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(objectID, "resourceID must not be null");
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                transaction.begin();
                if (isPrincipalType(objectID)) {
                    this.acPrincipalManager.deletePrincipal(objectID);
                }
                this.resourceManager.deleteResource(objectID);
                if (logger.isLogging(110)) {
                    logger.exit(110, "removeResource");
                }
            } catch (AuthorizationDataException e) {
                transaction.setRollbackOnly();
                throw e;
            } catch (RuntimeException e2) {
                transaction.setRollbackOnly();
                throw e2;
            }
        } finally {
            transaction.commit();
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public void moveResource(ACPrincipal aCPrincipal, ObjectID objectID, ObjectID objectID2) throws AuthorizationDataException, NotAllowedException, AuthorizationModelException {
        if (logger.isLogging(110)) {
            logger.entry(110, "moveResource", new Object[]{aCPrincipal, ObjectIDUtils.dump(objectID), ObjectIDUtils.dump(objectID2)});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(objectID, "resourceID must not be null");
        checkParameter(objectID2, "parentID must not be null");
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                transaction.begin();
                this.resourceManager.moveResource(objectID, objectID2);
                if (logger.isLogging(110)) {
                    logger.exit(110, "moveResource");
                }
            } catch (AuthorizationDataException e) {
                transaction.setRollbackOnly();
                throw e;
            } catch (AuthorizationModelException e2) {
                transaction.setRollbackOnly();
                throw e2;
            } catch (RuntimeException e3) {
                transaction.setRollbackOnly();
                throw e3;
            }
        } finally {
            transaction.commit();
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public void modifyOwner(ACPrincipal aCPrincipal, ObjectID objectID, ObjectID objectID2) throws AuthorizationDataException, NotAllowedException, AuthorizationModelException {
        if (logger.isLogging(110)) {
            logger.entry(110, "modifyOwner", new Object[]{aCPrincipal, ObjectIDUtils.dump(objectID), ObjectIDUtils.dump(objectID2)});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(objectID, "resourceID must not be null");
        checkPermissions(aCPrincipal, getPermissionFactory().getModifyOwnerPermissions(objectID, objectID2), "Modify Owner of a Resource");
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                try {
                    transaction.begin();
                    this.resourceManager.modifyOwner(objectID, objectID2);
                    if (logger.isLogging(110)) {
                        logger.exit(110, "modifyOwner");
                    }
                } catch (RuntimeException e) {
                    transaction.setRollbackOnly();
                    throw e;
                }
            } catch (AuthorizationDataException e2) {
                transaction.setRollbackOnly();
                throw e2;
            } catch (AuthorizationModelException e3) {
                transaction.setRollbackOnly();
                throw e3;
            }
        } finally {
            transaction.commit();
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public void modifySingleBlocks(ACPrincipal aCPrincipal, ObjectID objectID, NodeConfig nodeConfig, boolean z, boolean z2) throws AuthorizationDataException, NotAllowedException, AuthorizationModelException {
        if (logger.isLogging(110)) {
            logger.entry(110, "modifyBlocks", new Object[]{aCPrincipal, ObjectIDUtils.dump(objectID), nodeConfig});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(objectID, "resourceID must not be null");
        checkParameter(nodeConfig, "nodeConfig must not be null");
        if (objectID.getResourceType().equals(ResourceType.USER_GROUP)) {
            throw new AuthorizationModelException(AccessControlMessages.BLOCK_NOT_ALLOWED_ERROR_1, new Object[]{objectID});
        }
        checkPermissions(aCPrincipal, getPermissionFactory().getModifyPropagationRoleBlockPermissions(objectID, ActionSetImpl.getIncludedActionSets(nodeConfig.getPropagationFlag())), "Modify Propagation Blocks");
        checkPermissions(aCPrincipal, getPermissionFactory().getModifyInheritanceRoleBlockPermissions(objectID, ActionSetImpl.getIncludedActionSets(nodeConfig.getInheritanceFlag())), "Modify Inheritance Blocks");
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                transaction.begin();
                this.resourceManager.modifySingleBlocks(objectID, nodeConfig, z, z2);
                if (logger.isLogging(110)) {
                    logger.exit(110, "modifyBlocks");
                }
            } catch (AuthorizationDataException e) {
                transaction.setRollbackOnly();
                throw e;
            } catch (RuntimeException e2) {
                transaction.setRollbackOnly();
                throw e2;
            }
        } finally {
            transaction.commit();
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public void modifyBlocks(ACPrincipal aCPrincipal, ObjectID objectID, NodeConfig nodeConfig, boolean z, boolean z2) throws AuthorizationDataException, NotAllowedException, AuthorizationModelException {
        if (logger.isLogging(110)) {
            logger.entry(110, "modifyBlocks", new Object[]{aCPrincipal, ObjectIDUtils.dump(objectID), nodeConfig});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(objectID, "resourceID must not be null");
        checkParameter(nodeConfig, "nodeConfig must not be null");
        if (objectID.getResourceType().equals(ResourceType.USER_GROUP)) {
            throw new AuthorizationModelException(AccessControlMessages.BLOCK_NOT_ALLOWED_ERROR_1, new Object[]{objectID});
        }
        if (z) {
            checkPermissions(aCPrincipal, getPermissionFactory().getModifyPropagationRoleBlockPermissions(objectID, ActionSetImpl.getIncludedActionSets(nodeConfig.getPropagationFlag())), "Modify Propagation Blocks");
        }
        if (z2) {
            checkPermissions(aCPrincipal, getPermissionFactory().getModifyInheritanceRoleBlockPermissions(objectID, ActionSetImpl.getIncludedActionSets(nodeConfig.getInheritanceFlag())), "Modify Inheritance Blocks");
        }
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                try {
                    transaction.begin();
                    this.resourceManager.modifyBlocks(objectID, nodeConfig, z, z2);
                    if (logger.isLogging(110)) {
                        logger.exit(110, "modifyBlocks");
                    }
                } catch (RuntimeException e) {
                    transaction.setRollbackOnly();
                    throw e;
                }
            } catch (AuthorizationDataException e2) {
                transaction.setRollbackOnly();
                throw e2;
            }
        } finally {
            transaction.commit();
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public Collection loadOwnedResources(ACPrincipal aCPrincipal, ObjectID objectID) throws AuthorizationDataException, NotAllowedException {
        if (logger.isLogging(110)) {
            logger.entry(110, "loadOwnedResources", new Object[]{aCPrincipal, ObjectIDUtils.dump(objectID)});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(objectID, "ownerID must not be null");
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                try {
                    transaction.begin();
                    Collection ownedResources = this.resourceManager.getOwnedResources(objectID);
                    if (logger.isLogging(110)) {
                        logger.exit(110, "loadOwnedResources", ownedResources);
                    }
                    return ownedResources;
                } catch (AuthorizationDataException e) {
                    transaction.setRollbackOnly();
                    throw e;
                }
            } catch (RuntimeException e2) {
                transaction.setRollbackOnly();
                throw e2;
            }
        } finally {
            transaction.commit();
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public void modifyState(ACPrincipal aCPrincipal, ObjectID objectID, boolean z, boolean z2) throws AuthorizationDataException, NotAllowedException, AuthorizationModelException {
        if (logger.isLogging(110)) {
            logger.entry(110, "modifyState", new Object[]{aCPrincipal, ObjectIDUtils.dump(objectID), new Boolean(z), new Boolean(z2)});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(objectID, "resourceID must not be null");
        if (z) {
            checkPermissions(aCPrincipal, getPermissionFactory().getTransformTOPrivatePermissions(), "Transform the State of a Resource to private");
        } else {
            checkPermissions(aCPrincipal, getPermissionFactory().getTransformTOSharedPermissions(objectID, null), "Transform the State of a Resource to shared");
        }
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                try {
                    transaction.begin();
                    this.resourceManager.modifyState(objectID, z, aCPrincipal.getObjectID(), z2);
                    if (logger.isLogging(110)) {
                        logger.exit(110, "modifyState");
                    }
                } catch (RuntimeException e) {
                    transaction.setRollbackOnly();
                    throw e;
                }
            } catch (AuthorizationDataException e2) {
                transaction.setRollbackOnly();
                throw e2;
            } catch (AuthorizationModelException e3) {
                transaction.setRollbackOnly();
                throw e3;
            }
        } finally {
            transaction.commit();
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public void deletePrincipal(ACPrincipal aCPrincipal, ObjectID objectID) throws AuthorizationDataException, NotAllowedException, AuthorizationModelException {
        if (logger.isLogging(110)) {
            logger.entry(110, "deletePrincipal", new Object[]{aCPrincipal, ObjectIDUtils.dump(objectID)});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(objectID, "principalID must not be null");
        checkPermissions(aCPrincipal, getPermissionFactory().getDeleteACPrincipalPermissions(objectID), "Delete Principal");
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                transaction.begin();
                this.acPrincipalManager.deletePrincipal(objectID);
                if (logger.isLogging(110)) {
                    logger.exit(110, "deletePrincipal");
                }
            } catch (AuthorizationDataException e) {
                transaction.setRollbackOnly();
                throw e;
            } catch (AuthorizationModelException e2) {
                transaction.setRollbackOnly();
                throw e2;
            } catch (RuntimeException e3) {
                transaction.setRollbackOnly();
                throw e3;
            }
        } finally {
            transaction.commit();
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public ACPrincipal loadPrincipal(ACPrincipal aCPrincipal, ObjectID objectID) throws AuthorizationDataException, NotAllowedException {
        if (logger.isLogging(110)) {
            logger.entry(110, "loadPrincipal", new Object[]{aCPrincipal, ObjectIDUtils.dump(objectID)});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(objectID, "principalID must not be null");
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                try {
                    transaction.begin();
                    ACPrincipal loadPrincipal = this.acPrincipalManager.loadPrincipal(objectID);
                    checkPermissions(aCPrincipal, getPermissionFactory().getQueryACPrincipalPermissions(loadPrincipal), "Query Principal");
                    if (logger.isLogging(110)) {
                        logger.exit(110, "loadPrincipal", loadPrincipal);
                    }
                    return loadPrincipal;
                } catch (AuthorizationDataException e) {
                    transaction.setRollbackOnly();
                    throw e;
                }
            } catch (RuntimeException e2) {
                transaction.setRollbackOnly();
                throw e2;
            }
        } finally {
            transaction.commit();
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public ACPrincipal loadPrincipal(ACPrincipal aCPrincipal, String str, ResourceType resourceType) throws AuthorizationDataException, NotAllowedException {
        if (logger.isLogging(110)) {
            logger.entry(110, "loadPrincipal", new Object[]{aCPrincipal, str, resourceType});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(str, "uniqueName must not be null");
        checkParameter(resourceType, "principalType must not be null");
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                try {
                    transaction.begin();
                    ACPrincipal loadPrincipal = this.acPrincipalManager.loadPrincipal(str, resourceType);
                    checkPermissions(aCPrincipal, getPermissionFactory().getQueryACPrincipalPermissions(loadPrincipal), "Query Principal");
                    if (logger.isLogging(110)) {
                        logger.exit(110, "loadPrincipal", loadPrincipal);
                    }
                    return loadPrincipal;
                } catch (RuntimeException e) {
                    transaction.setRollbackOnly();
                    throw e;
                }
            } catch (AuthorizationDataException e2) {
                transaction.setRollbackOnly();
                throw e2;
            }
        } finally {
            transaction.commit();
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public LocalizedActionSet loadActionSet(ACPrincipal aCPrincipal, ActionSet actionSet, Locale locale) throws AuthorizationDataException {
        if (logger.isLogging(110)) {
            logger.entry(110, "loadActionSet", new Object[]{aCPrincipal, actionSet, locale});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(actionSet, "actionSet must not be null");
        checkParameter(locale, "locale must not be null");
        checkActionSet(actionSet, "loadActionSet");
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                try {
                    transaction.begin();
                    LocalizedActionSetImpl loadLocalizedActionSet = this.actionSetManager.loadLocalizedActionSet(actionSet, locale);
                    if (logger.isLogging(110)) {
                        logger.exit(110, "loadActionSet", loadLocalizedActionSet);
                    }
                    return loadLocalizedActionSet;
                } catch (AuthorizationDataException e) {
                    transaction.setRollbackOnly();
                    throw e;
                }
            } catch (RuntimeException e2) {
                transaction.setRollbackOnly();
                throw e2;
            }
        } finally {
            transaction.commit();
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public ActionSet createCustomActionSet(ACPrincipal aCPrincipal, Collection collection, String str, ObjectID objectID, Map map, Map map2) throws AuthorizationDataException, NotAllowedException {
        if (logger.isLogging(110)) {
            logger.entry(110, "createCustomActionSet", new Object[]{aCPrincipal, collection, str, objectID, map, map2});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(collection, "actions must not be null");
        checkParameter(str, "name must not be null");
        checkPermissions(aCPrincipal, getPermissionFactory().getCreateActionSetPermissions(), "Create Actionsets");
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                try {
                    transaction.begin();
                    ActionSet createCustomActionSet = this.actionSetManager.createCustomActionSet(collection, str, objectID, map, map2);
                    if (logger.isLogging(110)) {
                        logger.exit(110, "createCustomActionSet", createCustomActionSet);
                    }
                    return createCustomActionSet;
                } catch (AuthorizationDataException e) {
                    transaction.setRollbackOnly();
                    throw e;
                }
            } catch (RuntimeException e2) {
                transaction.setRollbackOnly();
                throw e2;
            }
        } finally {
            transaction.commit();
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public LocalizedActionSet loadActionSet(ACPrincipal aCPrincipal, ObjectID objectID, Locale locale) throws AuthorizationDataException {
        if (logger.isLogging(110)) {
            logger.entry(110, "loadActionSet", new Object[]{aCPrincipal, objectID, locale});
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkParameter(objectID, "actionSet must not be null");
        checkParameter(locale, "locale must not be null");
        Transaction transaction = DataStore.getTransaction();
        try {
            try {
                try {
                    transaction.begin();
                    LocalizedActionSetImpl loadLocalizedActionSet = this.actionSetManager.loadLocalizedActionSet(objectID, locale);
                    if (logger.isLogging(110)) {
                        logger.exit(110, "loadActionSet", loadLocalizedActionSet);
                    }
                    return loadLocalizedActionSet;
                } catch (RuntimeException e) {
                    transaction.setRollbackOnly();
                    throw e;
                }
            } catch (AuthorizationDataException e2) {
                transaction.setRollbackOnly();
                throw e2;
            }
        } finally {
            transaction.commit();
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public Collection loadCustomActionSet(ACPrincipal aCPrincipal) throws AuthorizationDataException {
        if (logger.isLogging(110)) {
            logger.entry(110, "loadCustomActionSet", new Object[]{aCPrincipal});
        }
        Collection customizedActionSets = this.actionSetManager.getCustomizedActionSets();
        if (logger.isLogging(110)) {
            logger.exit(110, "loadCustomActionSet", customizedActionSets);
        }
        return customizedActionSets;
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public void updateActionSetLocales(ACPrincipal aCPrincipal, ObjectID objectID, Map map, Map map2) throws AuthorizationDataException {
        if (logger.isLogging(110)) {
            logger.entry(110, "updateActionSetLocales", new Object[]{aCPrincipal, objectID, map, map2});
        }
        this.actionSetManager.updateActionSetLocales(objectID, map, map2);
        if (logger.isLogging(110)) {
            logger.exit(110, "updateActionSetLocales");
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public Collection externalizeResource(ACPrincipal aCPrincipal, ObjectID objectID, boolean z) throws AuthorizationDataException, NotAllowedException, ExternalAuthorizationException, AuthorizationModelException {
        Collection internalizeResourceTree;
        if (logger.isLogging(110)) {
            logger.entry(110, "externalizeRoleInstance", new Object[]{aCPrincipal, ObjectIDUtils.dump(objectID), new Boolean(z)});
        }
        if (!this.externalizationActivated) {
            logger.text(100, "externalizeRoleInstance", "Externalization is deactivated");
            throw new ExternalAuthorizationException(AccessControlMessages.EXTERNALIZATION_DEACTIVATED_ERROR_0);
        }
        boolean z2 = false;
        ACPrincipal aCPrincipal2 = aCPrincipal;
        if (((ACPrincipalBaseImpl) aCPrincipal).isXmlAccessScriptingUser()) {
            z2 = true;
            aCPrincipal2 = ACManager.getAccessControl().createPrincipal(((ACPrincipalXmlAccessScriptingUserImpl) aCPrincipal).getActingUserID());
        }
        if (z) {
            checkPermissions(aCPrincipal, getPermissionFactory().getExternalizeResourcePermissions(objectID), "Externalize Resource");
            internalizeResourceTree = this.externalizeManager.externalizeResourceTree(aCPrincipal2, objectID, z2);
        } else {
            checkPermissions(aCPrincipal, getPermissionFactory().getInternalizeResourcePermissions(objectID), "Internalize Resource");
            internalizeResourceTree = this.externalizeManager.internalizeResourceTree(objectID, z2);
        }
        if (logger.isLogging(110)) {
            logger.exit(110, "externalizeRoleInstance");
        }
        return internalizeResourceTree;
    }

    boolean isPrincipalType(ObjectID objectID) {
        return this.principalTypes.contains(objectID.getResourceType());
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public void optimizeConfiguration(ACPrincipal aCPrincipal, Writer writer) throws AuthorizationDataException, NotAllowedException, ExternalAuthorizationException, AuthorizationModelException, CommandException {
        if (logger.isLogging(110)) {
            logger.entry(110, "optimizeConfiguration", aCPrincipal);
        }
        checkParameter(aCPrincipal, "caller must not be null");
        checkPermissions(aCPrincipal, getPermissionFactory().getOptimizeConfigurationPermissions(), "Delete Principal");
        this.optimizer.optimize(writer);
        if (logger.isLogging(110)) {
            logger.exit(110, "optimizeConfiguration");
        }
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public ResourceType[] getActiveProtectedResourceTypes() {
        return AccessControlDataManagement.getActiveProtectedResourceTypes();
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public ResourceType[] getAllActiveProtectedResourceTypes() {
        return AccessControlDataManagement.getAllActiveProtectedResourceTypes();
    }

    @Override // com.ibm.wps.services.ac.internal.AccessControlConfigService, com.ibm.wps.services.ac.internal.AccessControlConfigInterface
    public NodeConfigFactory getNodeConfigFactory() {
        return this.nodeConfigFactory;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        LogManager logManager = LogManager.getLogManager();
        if (class$com$ibm$wps$ac$impl$AccessControlConfigImpl == null) {
            cls = class$("com.ibm.wps.ac.impl.AccessControlConfigImpl");
            class$com$ibm$wps$ac$impl$AccessControlConfigImpl = cls;
        } else {
            cls = class$com$ibm$wps$ac$impl$AccessControlConfigImpl;
        }
        logger = logManager.getLogger(cls);
    }
}
