package edu.kit.scc.webreg.dools.uniclusterimport edu.kit.scc.webreg.entity.SamlUserEntity;import edu.kit.scc.webreg.drools.UnauthorizedUser;import edu.kit.scc.webreg.entity.SamlIdpMetadataEntity;global org.slf4j.Logger logger;rule "is bwIdm Member" when $user : SamlUserEntity( idp.getEntityCategoryList() not contains "http://aai.dfn.de/category/bwidm-member" ) then logger.info( "User {} is not bwIdm Member", $user.getEppn() ); insert( new UnauthorizedUser($user, "not-bwidm-member") );endrule "Email is set" when $user : SamlUserEntity( email == null ) then logger.info( "E-Mail for user {} is not set", $user.getEppn() ); insert( new UnauthorizedUser($user, "e-mail-missing") );endrule "Entitlement is set" when $user : SamlUserEntity( attributeStore["urn:oid:1.3.6.1.4.1.5923.1.1.1.7"] not matches ".*(^|;)http://evil-corp.com/entitlement/svc01(;|$).*" ) then logger.info( "Entitlement for user {} is missing", $user.getEppn() ); insert( new UnauthorizedUser($user, "entitlement-missing") );endrule "uidNumber above 1000" when $user : SamlUserEntity( (uidNumber == null) || (uidNumber < 1000) ) then logger.info( "User {} has uidNumber null or lesser thean 1000", $user.getEppn() ); insert( new UnauthorizedUser($user, "uid-number-wrong") );endrule "primary group is set" when $user : SamlUserEntity( (primaryGroup == null) || (primaryGroup.getName() == "invalid") ) then logger.info( "User {} has no or invalid primary group", $user.getEppn() ); insert( new UnauthorizedUser($user, "primary-gid-wrong") );endrule "Home ID is set" when $user : SamlUserEntity( attributeStore["http://bwidm.de/bwidmOrgId"] == null ) then logger.info( "Home ID for user {} is missing", $user.getEppn() ); insert( new UnauthorizedUser($user, "home-id-missing") );endrule "Home UID is set" when $user : SamlUserEntity( attributeStore["urn:oid:0.9.2342.19200300.100.1.1"] == null ) then logger.info( "Home UID for user {} is missing", $user.getEppn() ); insert( new UnauthorizedUser($user, "home-uid-missing") );end