use of com.sun.identity.xacml.context.Subject in project OpenAM by OpenRock.
the class FMSubjectMapper method mapToNativeSubject.
/**
* Returns native subject, OpenAM SSOToken
* @param xacmlContextSubjects XACML context Subject(s) from the
* xacml-context:Request
* @return native subject, OpenAM SSOToken, returns null if
* Subject did not match
* @exception XACMLException if can not map to native subject
*/
public Object mapToNativeSubject(List xacmlContextSubjects) throws XACMLException {
if (xacmlContextSubjects == null) {
return null;
}
String sid = null;
String userName = null;
//for (int subCount=0;subCount<xacmlContextSubjects.length;subCount++) {
for (Iterator iter = xacmlContextSubjects.iterator(); iter.hasNext(); ) {
//Subject subject = xacmlContextSubjects[subCount];
Subject subject = (Subject) iter.next();
if (subject == null) {
continue;
}
URI subjectCategory = subject.getSubjectCategory();
if ((subjectCategory != null) && (!subjectCategory.toString().equals(XACMLConstants.ACCESS_SUBJECT))) {
continue;
}
List attributes = subject.getAttributes();
if (attributes != null) {
for (int count = 0; count < attributes.size(); count++) {
Attribute attr = (Attribute) attributes.get(count);
if (attr != null) {
URI tmpURI = attr.getAttributeId();
if (tmpURI.toString().equals(XACMLConstants.SUBJECT_ID)) {
tmpURI = attr.getDataType();
if (tmpURI.toString().equals(XACMLConstants.OPENSSO_SESSION_ID)) {
Element sidElement = (Element) attr.getAttributeValues().get(0);
sid = XMLUtils.getElementValue(sidElement);
} else if (tmpURI.toString().equals(XACMLConstants.X500NAME)) {
Element sidElement = (Element) attr.getAttributeValues().get(0);
userName = XMLUtils.getElementValue(sidElement);
} else if (tmpURI.toString().equals(XACMLConstants.SAML2_NAMEID)) {
Element sidElement = (Element) attr.getAttributeValues().get(0);
String nameID = XMLUtils.getElementValue(sidElement);
if (nameID != null) {
userName = (String) IDPCache.userIDByTransientNameIDValue.get(nameID);
}
// TODO:Need to support non-transient nameid format
}
}
}
}
}
}
SSOToken ssoToken = null;
if (sid != null) {
//create ssoToken based on sessionId
try {
SSOTokenManager tokenManager = SSOTokenManager.getInstance();
ssoToken = tokenManager.createSSOToken(sid);
} catch (SSOException ssoExp) {
if (XACMLSDKUtils.debug.messageEnabled()) {
XACMLSDKUtils.debug.message("FMSubjectMapper.mapToNativeSubject()" + ":caught SSOException:", ssoExp);
}
}
}
//create ssoToken based on x500name (userName)
if ((ssoToken == null) && (userName != null)) {
try {
ssoToken = createFMSession(userName);
} catch (SessionException se) {
if (XACMLSDKUtils.debug.messageEnabled()) {
XACMLSDKUtils.debug.message("FMSubjectMapper.mapToNativeSubject()" + ":caught SessionException:", se);
}
}
}
return ssoToken;
}
use of com.sun.identity.xacml.context.Subject in project OpenAM by OpenRock.
the class RequestImpl method toXMLString.
/**
* Returns a <code>String</code> representation of this object
* @param includeNSPrefix Determines whether or not the namespace qualifier
* is prepended to the Element when converted
* @param declareNS Determines whether or not the namespace is declared
* within the Element.
* @return a string representation of this object
* @exception XACMLException if conversion fails for any reason
*/
public String toXMLString(boolean includeNSPrefix, boolean declareNS) throws XACMLException {
StringBuffer sb = new StringBuffer(2000);
StringBuffer namespaceBuffer = new StringBuffer(100);
String nsDeclaration = "";
if (declareNS) {
namespaceBuffer.append(XACMLConstants.CONTEXT_NS_DECLARATION).append(XACMLConstants.SPACE);
namespaceBuffer.append(XACMLConstants.XSI_NS_URI).append(XACMLConstants.SPACE).append(XACMLConstants.CONTEXT_SCHEMA_LOCATION);
}
if (includeNSPrefix) {
nsDeclaration = XACMLConstants.CONTEXT_NS_PREFIX + ":";
}
sb.append("\n<").append(nsDeclaration).append(XACMLConstants.REQUEST).append(namespaceBuffer).append(">\n");
int length = 0;
if (subjects != null && !subjects.isEmpty()) {
length = subjects.size();
for (int i = 0; i < length; i++) {
Subject sub = (Subject) subjects.get(i);
sb.append(sub.toXMLString(includeNSPrefix, false));
}
}
if (resources != null && !resources.isEmpty()) {
length = resources.size();
for (int i = 0; i < length; i++) {
Resource resource = (Resource) resources.get(i);
sb.append(resource.toXMLString(includeNSPrefix, false));
}
}
if (action != null) {
sb.append(action.toXMLString(includeNSPrefix, false));
}
if (env != null) {
sb.append(env.toXMLString(includeNSPrefix, false));
}
sb.append("</").append(nsDeclaration).append(XACMLConstants.REQUEST).append(">\n");
return sb.toString();
}
use of com.sun.identity.xacml.context.Subject in project OpenAM by OpenRock.
the class XACMLRequestProcessorTest method createSampleXacmlRequest.
private Request createSampleXacmlRequest(String subjectId, String subjectIdType, String subjectCategory, String resourceId, String resourceIdType, String serviceName, String serviceNameType, String actionId, String actionIdType) throws XACMLException, URISyntaxException {
Request request = ContextFactory.getInstance().createRequest();
//Subject1, access-subject
Subject subject1 = ContextFactory.getInstance().createSubject();
//supported category for id
//urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
subject1.setSubjectCategory(new URI(subjectCategory));
Attribute attribute = ContextFactory.getInstance().createAttribute();
//key attribute id
//urn:oasis:names:tc:xacml:1.0:subject:subject-id
attribute.setAttributeId(new URI(XACMLConstants.SUBJECT_ID));
//supported data type for id
//urn:oasis:names:tc:xacml:1.0:data-type:x500Name
//urn:sun:names:xacml:2.0:data-type:opensso-session-id
//urn:sun:names:xacml:2.0:data-type:openfm-sp-nameid
attribute.setDataType(new URI(subjectIdType));
attribute.setIssuer("sampleIssuer1");
//set values
List<String> valueList = new ArrayList<String>();
valueList.add(subjectId);
attribute.setAttributeStringValues(valueList);
List<Attribute> attributeList = new ArrayList<Attribute>();
attributeList.add(attribute);
subject1.setAttributes(attributeList);
//Subject2, intermediary-subject
Subject subject2 = ContextFactory.getInstance().createSubject();
subject2.setSubjectCategory(new URI(XACMLConstants.INTERMEDIARY_SUBJECT));
attribute = ContextFactory.getInstance().createAttribute();
attribute.setAttributeId(new URI(XACMLConstants.SUBJECT_ID));
//supported data type for id
//urn:oasis:names:tc:xacml:1.0:data-type:x500Name
//urn:sun:names:xacml:2.0:data-type:opensso-session-id
//urn:sun:names:xacml:2.0:data-type:openfm-sp-nameid
attribute.setDataType(new URI(subjectIdType));
attribute.setIssuer("sampleIssuer2");
//set values
valueList = new ArrayList<String>();
valueList.add(subjectId);
attribute.setAttributeStringValues(valueList);
attributeList = new ArrayList<Attribute>();
attributeList.add(attribute);
subject2.setAttributes(attributeList);
//set subjects in request
List<Subject> subjectList = new ArrayList<Subject>();
subjectList.add(subject1);
subjectList.add(subject2);
request.setSubjects(subjectList);
//Resource
Resource resource = ContextFactory.getInstance().createResource();
//resoruce-id attribute
attribute = ContextFactory.getInstance().createAttribute();
//key attribute id
//urn:oasis:names:tc:xacml:1.0:resource:resource-id
attribute.setAttributeId(new URI(XACMLConstants.RESOURCE_ID));
//supported data type
//http://www.w3.org/2001/XMLSchema#string
attribute.setDataType(new URI(resourceIdType));
attribute.setIssuer("sampleIssuer3");
//set values
valueList = new ArrayList<String>();
valueList.add(resourceId);
attribute.setAttributeStringValues(valueList);
attributeList = new ArrayList<Attribute>();
attributeList.add(attribute);
//serviceName attribute
attribute = ContextFactory.getInstance().createAttribute();
//additional attribute id
//urn:sun:names:xacml:2.0:resource:target-service
attribute.setAttributeId(new URI(XACMLConstants.TARGET_SERVICE));
//supported data type
//http://www.w3.org/2001/XMLSchema#string
attribute.setDataType(new URI(serviceNameType));
attribute.setIssuer("sampleIssuer3");
//set values
valueList = new ArrayList<String>();
valueList.add(serviceName);
attribute.setAttributeStringValues(valueList);
attributeList.add(attribute);
resource.setAttributes(attributeList);
List<Resource> resourceList = new ArrayList<Resource>();
resourceList.add(resource);
request.setResources(resourceList);
//Action
Action action = ContextFactory.getInstance().createAction();
attribute = ContextFactory.getInstance().createAttribute();
//key attribute id
//urn:oasis:names:tc:xacml:1.0:action:action-id
attribute.setAttributeId(new URI(XACMLConstants.ACTION_ID));
//supported data type
//http://www.w3.org/2001/XMLSchema#string
attribute.setDataType(new URI(actionIdType));
attribute.setIssuer("sampleIssuer5");
valueList = new ArrayList<String>();
valueList.add(actionId);
attribute.setAttributeStringValues(valueList);
attributeList = new ArrayList<Attribute>();
attributeList.add(attribute);
action.setAttributes(attributeList);
request.setAction(action);
//Enviornment
Environment environment = ContextFactory.getInstance().createEnvironment();
request.setEnvironment(environment);
return request;
}
use of com.sun.identity.xacml.context.Subject in project OpenAM by OpenRock.
the class XACMLQueryUtil method getPolicyDecisionForFedlet.
/**
* Sends the XACML query to specifiied PDP, gets the policy decision
* and sends it back to the Fedlet
*
* @param request HTTP Servlet Request
* @param pepEntityID PEP entity ID
* @param pdpEntityID PDP entity ID
* @param nameIDValue NameID value
* @param serviceName Service Name
* @param resource Resource URL
* @param action Action
*
* @return the <code>String</code> object
* @exception SAML2Exception if the operation is not successful
*
* @supported.api
*/
public static String getPolicyDecisionForFedlet(HttpServletRequest request, String pepEntityID, String pdpEntityID, String nameIDValue, String serviceName, String resource, String action) throws SAML2Exception {
Request Xrequest = ContextFactory.getInstance().createRequest();
Response xacmlResponse = null;
try {
//Subject
Subject subject = ContextFactory.getInstance().createSubject();
subject.setSubjectCategory(new URI(XACMLConstants.ACCESS_SUBJECT));
//set subject id
Attribute attribute = ContextFactory.getInstance().createAttribute();
attribute.setAttributeId(new URI(XACMLConstants.SUBJECT_ID));
attribute.setDataType(new URI(XACMLConstants.SAML2_NAMEID));
List valueList = new ArrayList();
valueList.add(nameIDValue);
attribute.setAttributeStringValues(valueList);
List attributeList = new ArrayList();
attributeList.add(attribute);
subject.setAttributes(attributeList);
// Set Subject in Request
List subjectList = new ArrayList();
subjectList.add(subject);
Xrequest.setSubjects(subjectList);
// Resource
Resource xacml_resource = ContextFactory.getInstance().createResource();
// Set resource id
attribute = ContextFactory.getInstance().createAttribute();
attribute.setAttributeId(new URI(XACMLConstants.RESOURCE_ID));
attribute.setDataType(new URI(XACMLConstants.XS_STRING));
valueList = new ArrayList();
valueList.add(resource);
attribute.setAttributeStringValues(valueList);
attributeList = new ArrayList();
attributeList.add(attribute);
// Set serviceName
attribute = ContextFactory.getInstance().createAttribute();
attribute.setAttributeId(new URI(XACMLConstants.TARGET_SERVICE));
attribute.setDataType(new URI(XACMLConstants.XS_STRING));
valueList = new ArrayList();
valueList.add(serviceName);
attribute.setAttributeStringValues(valueList);
attributeList.add(attribute);
xacml_resource.setAttributes(attributeList);
// Set Resource in Request
List resourceList = new ArrayList();
resourceList.add(xacml_resource);
Xrequest.setResources(resourceList);
// Action
Action xacml_action = ContextFactory.getInstance().createAction();
attribute = ContextFactory.getInstance().createAttribute();
attribute.setAttributeId(new URI(XACMLConstants.ACTION_ID));
attribute.setDataType(new URI(XACMLConstants.XS_STRING));
// Set actionID
valueList = new ArrayList();
valueList.add(action);
attribute.setAttributeStringValues(valueList);
attributeList = new ArrayList();
attributeList.add(attribute);
xacml_action.setAttributes(attributeList);
// Set Action in Request
Xrequest.setAction(xacml_action);
Environment environment = ContextFactory.getInstance().createEnvironment();
Xrequest.setEnvironment(environment);
xacmlResponse = XACMLRequestProcessor.getInstance().processRequest(Xrequest, pdpEntityID, pepEntityID);
if (xacmlResponse != null) {
List results = xacmlResponse.getResults();
if (results.size() > 0) {
Result policy_result = (Result) results.get(0);
if (policy_result != null) {
Decision decision = (Decision) policy_result.getDecision();
if (decision != null) {
String policy_decision = decision.getValue();
if (policy_decision != null) {
return policy_decision;
}
}
}
}
}
} catch (URISyntaxException uriexp) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("XACMLQueryUtil." + "getPolicyDecisionForFedlet: " + "URI Exception while sending the XACML Request");
}
} catch (XACMLException xacmlexp) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("XACMLQueryUtil." + "getPolicyDecisionForFedlet: " + "Error while processing the XACML Response");
}
}
return null;
}
use of com.sun.identity.xacml.context.Subject in project OpenAM by OpenRock.
the class XACMLClientSample method createSampleXacmlRequest.
private Request createSampleXacmlRequest(String subjectId, String subjectIdType, String subjectCategory, String resourceId, String resourceIdType, String serviceName, String serviceNameType, String actionId, String actionIdType) throws XACMLException, URISyntaxException {
Request request = ContextFactory.getInstance().createRequest();
//Subject
Subject subject = ContextFactory.getInstance().createSubject();
subject.setSubjectCategory(new URI(subjectCategory));
//set subject id
Attribute attribute = ContextFactory.getInstance().createAttribute();
attribute.setAttributeId(new URI(XACMLConstants.SUBJECT_ID));
attribute.setDataType(new URI(subjectIdType));
List valueList = new ArrayList();
valueList.add(subjectId);
attribute.setAttributeStringValues(valueList);
List attributeList = new ArrayList();
attributeList.add(attribute);
subject.setAttributes(attributeList);
//set Subject in Request
List subjectList = new ArrayList();
subjectList.add(subject);
request.setSubjects(subjectList);
//Resource
Resource resource = ContextFactory.getInstance().createResource();
//set resource id
attribute = ContextFactory.getInstance().createAttribute();
attribute.setAttributeId(new URI(XACMLConstants.RESOURCE_ID));
attribute.setDataType(new URI(resourceIdType));
valueList = new ArrayList();
valueList.add(resourceId);
attribute.setAttributeStringValues(valueList);
attributeList = new ArrayList();
attributeList.add(attribute);
//set serviceName
attribute = ContextFactory.getInstance().createAttribute();
attribute.setAttributeId(new URI(XACMLConstants.TARGET_SERVICE));
attribute.setDataType(new URI(serviceNameType));
valueList = new ArrayList();
valueList.add(serviceName);
attribute.setAttributeStringValues(valueList);
attributeList.add(attribute);
resource.setAttributes(attributeList);
//set Resource in Request
List resourceList = new ArrayList();
resourceList.add(resource);
request.setResources(resourceList);
//Action
Action action = ContextFactory.getInstance().createAction();
attribute = ContextFactory.getInstance().createAttribute();
attribute.setAttributeId(new URI(XACMLConstants.ACTION_ID));
attribute.setDataType(new URI(actionIdType));
//set actionId
valueList = new ArrayList();
valueList.add(actionId);
attribute.setAttributeStringValues(valueList);
attributeList = new ArrayList();
attributeList.add(attribute);
action.setAttributes(attributeList);
//set Action in Request
request.setAction(action);
//Enviornment, our PDP does not use environment now
Environment environment = ContextFactory.getInstance().createEnvironment();
request.setEnvironment(environment);
return request;
}
Aggregations