Search in sources :

Example 1 with Subject

use of com.sun.identity.xacml.context.Subject in project OpenAM by OpenRock.

the class FMSubjectMapper method mapToNativeSubject.

/**
     * Returns native subject, OpenAM SSOToken
     * @param xacmlContextSubjects XACML  context Subject(s) from the
     * xacml-context:Request
     * @return native subject, OpenAM SSOToken, returns null if
     *         Subject did not match
     * @exception XACMLException if can not map to native subject
     */
public Object mapToNativeSubject(List xacmlContextSubjects) throws XACMLException {
    if (xacmlContextSubjects == null) {
        return null;
    }
    String sid = null;
    String userName = null;
    //for (int subCount=0;subCount<xacmlContextSubjects.length;subCount++) {
    for (Iterator iter = xacmlContextSubjects.iterator(); iter.hasNext(); ) {
        //Subject subject = xacmlContextSubjects[subCount];
        Subject subject = (Subject) iter.next();
        if (subject == null) {
            continue;
        }
        URI subjectCategory = subject.getSubjectCategory();
        if ((subjectCategory != null) && (!subjectCategory.toString().equals(XACMLConstants.ACCESS_SUBJECT))) {
            continue;
        }
        List attributes = subject.getAttributes();
        if (attributes != null) {
            for (int count = 0; count < attributes.size(); count++) {
                Attribute attr = (Attribute) attributes.get(count);
                if (attr != null) {
                    URI tmpURI = attr.getAttributeId();
                    if (tmpURI.toString().equals(XACMLConstants.SUBJECT_ID)) {
                        tmpURI = attr.getDataType();
                        if (tmpURI.toString().equals(XACMLConstants.OPENSSO_SESSION_ID)) {
                            Element sidElement = (Element) attr.getAttributeValues().get(0);
                            sid = XMLUtils.getElementValue(sidElement);
                        } else if (tmpURI.toString().equals(XACMLConstants.X500NAME)) {
                            Element sidElement = (Element) attr.getAttributeValues().get(0);
                            userName = XMLUtils.getElementValue(sidElement);
                        } else if (tmpURI.toString().equals(XACMLConstants.SAML2_NAMEID)) {
                            Element sidElement = (Element) attr.getAttributeValues().get(0);
                            String nameID = XMLUtils.getElementValue(sidElement);
                            if (nameID != null) {
                                userName = (String) IDPCache.userIDByTransientNameIDValue.get(nameID);
                            }
                        // TODO:Need to support non-transient nameid format
                        }
                    }
                }
            }
        }
    }
    SSOToken ssoToken = null;
    if (sid != null) {
        //create ssoToken based on sessionId
        try {
            SSOTokenManager tokenManager = SSOTokenManager.getInstance();
            ssoToken = tokenManager.createSSOToken(sid);
        } catch (SSOException ssoExp) {
            if (XACMLSDKUtils.debug.messageEnabled()) {
                XACMLSDKUtils.debug.message("FMSubjectMapper.mapToNativeSubject()" + ":caught SSOException:", ssoExp);
            }
        }
    }
    //create ssoToken based on x500name (userName)
    if ((ssoToken == null) && (userName != null)) {
        try {
            ssoToken = createFMSession(userName);
        } catch (SessionException se) {
            if (XACMLSDKUtils.debug.messageEnabled()) {
                XACMLSDKUtils.debug.message("FMSubjectMapper.mapToNativeSubject()" + ":caught SessionException:", se);
            }
        }
    }
    return ssoToken;
}
Also used : SSOTokenManager(com.iplanet.sso.SSOTokenManager) SSOToken(com.iplanet.sso.SSOToken) Attribute(com.sun.identity.xacml.context.Attribute) Element(org.w3c.dom.Element) Iterator(java.util.Iterator) SessionException(com.sun.identity.plugin.session.SessionException) List(java.util.List) SSOException(com.iplanet.sso.SSOException) URI(java.net.URI) Subject(com.sun.identity.xacml.context.Subject)

Example 2 with Subject

use of com.sun.identity.xacml.context.Subject in project OpenAM by OpenRock.

the class RequestImpl method toXMLString.

/**
    * Returns a <code>String</code> representation of this object
    * @param includeNSPrefix Determines whether or not the namespace qualifier
    *        is prepended to the Element when converted
    * @param declareNS Determines whether or not the namespace is declared
    *        within the Element.
    * @return a string representation of this object
    * @exception XACMLException if conversion fails for any reason
     */
public String toXMLString(boolean includeNSPrefix, boolean declareNS) throws XACMLException {
    StringBuffer sb = new StringBuffer(2000);
    StringBuffer namespaceBuffer = new StringBuffer(100);
    String nsDeclaration = "";
    if (declareNS) {
        namespaceBuffer.append(XACMLConstants.CONTEXT_NS_DECLARATION).append(XACMLConstants.SPACE);
        namespaceBuffer.append(XACMLConstants.XSI_NS_URI).append(XACMLConstants.SPACE).append(XACMLConstants.CONTEXT_SCHEMA_LOCATION);
    }
    if (includeNSPrefix) {
        nsDeclaration = XACMLConstants.CONTEXT_NS_PREFIX + ":";
    }
    sb.append("\n<").append(nsDeclaration).append(XACMLConstants.REQUEST).append(namespaceBuffer).append(">\n");
    int length = 0;
    if (subjects != null && !subjects.isEmpty()) {
        length = subjects.size();
        for (int i = 0; i < length; i++) {
            Subject sub = (Subject) subjects.get(i);
            sb.append(sub.toXMLString(includeNSPrefix, false));
        }
    }
    if (resources != null && !resources.isEmpty()) {
        length = resources.size();
        for (int i = 0; i < length; i++) {
            Resource resource = (Resource) resources.get(i);
            sb.append(resource.toXMLString(includeNSPrefix, false));
        }
    }
    if (action != null) {
        sb.append(action.toXMLString(includeNSPrefix, false));
    }
    if (env != null) {
        sb.append(env.toXMLString(includeNSPrefix, false));
    }
    sb.append("</").append(nsDeclaration).append(XACMLConstants.REQUEST).append(">\n");
    return sb.toString();
}
Also used : Resource(com.sun.identity.xacml.context.Resource) Subject(com.sun.identity.xacml.context.Subject)

Example 3 with Subject

use of com.sun.identity.xacml.context.Subject in project OpenAM by OpenRock.

the class XACMLRequestProcessorTest method createSampleXacmlRequest.

private Request createSampleXacmlRequest(String subjectId, String subjectIdType, String subjectCategory, String resourceId, String resourceIdType, String serviceName, String serviceNameType, String actionId, String actionIdType) throws XACMLException, URISyntaxException {
    Request request = ContextFactory.getInstance().createRequest();
    //Subject1, access-subject
    Subject subject1 = ContextFactory.getInstance().createSubject();
    //supported category for id
    //urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
    subject1.setSubjectCategory(new URI(subjectCategory));
    Attribute attribute = ContextFactory.getInstance().createAttribute();
    //key attribute id
    //urn:oasis:names:tc:xacml:1.0:subject:subject-id
    attribute.setAttributeId(new URI(XACMLConstants.SUBJECT_ID));
    //supported data type for id
    //urn:oasis:names:tc:xacml:1.0:data-type:x500Name
    //urn:sun:names:xacml:2.0:data-type:opensso-session-id
    //urn:sun:names:xacml:2.0:data-type:openfm-sp-nameid
    attribute.setDataType(new URI(subjectIdType));
    attribute.setIssuer("sampleIssuer1");
    //set values
    List<String> valueList = new ArrayList<String>();
    valueList.add(subjectId);
    attribute.setAttributeStringValues(valueList);
    List<Attribute> attributeList = new ArrayList<Attribute>();
    attributeList.add(attribute);
    subject1.setAttributes(attributeList);
    //Subject2, intermediary-subject
    Subject subject2 = ContextFactory.getInstance().createSubject();
    subject2.setSubjectCategory(new URI(XACMLConstants.INTERMEDIARY_SUBJECT));
    attribute = ContextFactory.getInstance().createAttribute();
    attribute.setAttributeId(new URI(XACMLConstants.SUBJECT_ID));
    //supported data type for id
    //urn:oasis:names:tc:xacml:1.0:data-type:x500Name
    //urn:sun:names:xacml:2.0:data-type:opensso-session-id
    //urn:sun:names:xacml:2.0:data-type:openfm-sp-nameid
    attribute.setDataType(new URI(subjectIdType));
    attribute.setIssuer("sampleIssuer2");
    //set values
    valueList = new ArrayList<String>();
    valueList.add(subjectId);
    attribute.setAttributeStringValues(valueList);
    attributeList = new ArrayList<Attribute>();
    attributeList.add(attribute);
    subject2.setAttributes(attributeList);
    //set subjects in request
    List<Subject> subjectList = new ArrayList<Subject>();
    subjectList.add(subject1);
    subjectList.add(subject2);
    request.setSubjects(subjectList);
    //Resource
    Resource resource = ContextFactory.getInstance().createResource();
    //resoruce-id attribute
    attribute = ContextFactory.getInstance().createAttribute();
    //key attribute id
    //urn:oasis:names:tc:xacml:1.0:resource:resource-id
    attribute.setAttributeId(new URI(XACMLConstants.RESOURCE_ID));
    //supported data type
    //http://www.w3.org/2001/XMLSchema#string
    attribute.setDataType(new URI(resourceIdType));
    attribute.setIssuer("sampleIssuer3");
    //set values
    valueList = new ArrayList<String>();
    valueList.add(resourceId);
    attribute.setAttributeStringValues(valueList);
    attributeList = new ArrayList<Attribute>();
    attributeList.add(attribute);
    //serviceName attribute
    attribute = ContextFactory.getInstance().createAttribute();
    //additional attribute id
    //urn:sun:names:xacml:2.0:resource:target-service
    attribute.setAttributeId(new URI(XACMLConstants.TARGET_SERVICE));
    //supported data type
    //http://www.w3.org/2001/XMLSchema#string
    attribute.setDataType(new URI(serviceNameType));
    attribute.setIssuer("sampleIssuer3");
    //set values
    valueList = new ArrayList<String>();
    valueList.add(serviceName);
    attribute.setAttributeStringValues(valueList);
    attributeList.add(attribute);
    resource.setAttributes(attributeList);
    List<Resource> resourceList = new ArrayList<Resource>();
    resourceList.add(resource);
    request.setResources(resourceList);
    //Action
    Action action = ContextFactory.getInstance().createAction();
    attribute = ContextFactory.getInstance().createAttribute();
    //key attribute id
    //urn:oasis:names:tc:xacml:1.0:action:action-id
    attribute.setAttributeId(new URI(XACMLConstants.ACTION_ID));
    //supported data type
    //http://www.w3.org/2001/XMLSchema#string
    attribute.setDataType(new URI(actionIdType));
    attribute.setIssuer("sampleIssuer5");
    valueList = new ArrayList<String>();
    valueList.add(actionId);
    attribute.setAttributeStringValues(valueList);
    attributeList = new ArrayList<Attribute>();
    attributeList.add(attribute);
    action.setAttributes(attributeList);
    request.setAction(action);
    //Enviornment
    Environment environment = ContextFactory.getInstance().createEnvironment();
    request.setEnvironment(environment);
    return request;
}
Also used : Action(com.sun.identity.xacml.context.Action) Attribute(com.sun.identity.xacml.context.Attribute) Request(com.sun.identity.xacml.context.Request) ArrayList(java.util.ArrayList) Resource(com.sun.identity.xacml.context.Resource) URI(java.net.URI) Subject(com.sun.identity.xacml.context.Subject) Environment(com.sun.identity.xacml.context.Environment)

Example 4 with Subject

use of com.sun.identity.xacml.context.Subject in project OpenAM by OpenRock.

the class XACMLQueryUtil method getPolicyDecisionForFedlet.

/**
     * Sends the XACML query to specifiied PDP, gets the policy decision
     * and sends it back to the Fedlet
     *
     * @param request HTTP Servlet Request
     * @param pepEntityID PEP entity ID
     * @param pdpEntityID PDP entity ID
     * @param nameIDValue  NameID value 
     * @param serviceName  Service Name
     * @param resource  Resource URL
     * @param action  Action
     *
     * @return the <code>String</code> object
     * @exception SAML2Exception if the operation is not successful
     *
     * @supported.api
     */
public static String getPolicyDecisionForFedlet(HttpServletRequest request, String pepEntityID, String pdpEntityID, String nameIDValue, String serviceName, String resource, String action) throws SAML2Exception {
    Request Xrequest = ContextFactory.getInstance().createRequest();
    Response xacmlResponse = null;
    try {
        //Subject
        Subject subject = ContextFactory.getInstance().createSubject();
        subject.setSubjectCategory(new URI(XACMLConstants.ACCESS_SUBJECT));
        //set subject id
        Attribute attribute = ContextFactory.getInstance().createAttribute();
        attribute.setAttributeId(new URI(XACMLConstants.SUBJECT_ID));
        attribute.setDataType(new URI(XACMLConstants.SAML2_NAMEID));
        List valueList = new ArrayList();
        valueList.add(nameIDValue);
        attribute.setAttributeStringValues(valueList);
        List attributeList = new ArrayList();
        attributeList.add(attribute);
        subject.setAttributes(attributeList);
        // Set Subject in Request
        List subjectList = new ArrayList();
        subjectList.add(subject);
        Xrequest.setSubjects(subjectList);
        // Resource
        Resource xacml_resource = ContextFactory.getInstance().createResource();
        // Set resource id
        attribute = ContextFactory.getInstance().createAttribute();
        attribute.setAttributeId(new URI(XACMLConstants.RESOURCE_ID));
        attribute.setDataType(new URI(XACMLConstants.XS_STRING));
        valueList = new ArrayList();
        valueList.add(resource);
        attribute.setAttributeStringValues(valueList);
        attributeList = new ArrayList();
        attributeList.add(attribute);
        // Set serviceName
        attribute = ContextFactory.getInstance().createAttribute();
        attribute.setAttributeId(new URI(XACMLConstants.TARGET_SERVICE));
        attribute.setDataType(new URI(XACMLConstants.XS_STRING));
        valueList = new ArrayList();
        valueList.add(serviceName);
        attribute.setAttributeStringValues(valueList);
        attributeList.add(attribute);
        xacml_resource.setAttributes(attributeList);
        // Set Resource in Request
        List resourceList = new ArrayList();
        resourceList.add(xacml_resource);
        Xrequest.setResources(resourceList);
        // Action
        Action xacml_action = ContextFactory.getInstance().createAction();
        attribute = ContextFactory.getInstance().createAttribute();
        attribute.setAttributeId(new URI(XACMLConstants.ACTION_ID));
        attribute.setDataType(new URI(XACMLConstants.XS_STRING));
        // Set actionID
        valueList = new ArrayList();
        valueList.add(action);
        attribute.setAttributeStringValues(valueList);
        attributeList = new ArrayList();
        attributeList.add(attribute);
        xacml_action.setAttributes(attributeList);
        // Set Action in Request
        Xrequest.setAction(xacml_action);
        Environment environment = ContextFactory.getInstance().createEnvironment();
        Xrequest.setEnvironment(environment);
        xacmlResponse = XACMLRequestProcessor.getInstance().processRequest(Xrequest, pdpEntityID, pepEntityID);
        if (xacmlResponse != null) {
            List results = xacmlResponse.getResults();
            if (results.size() > 0) {
                Result policy_result = (Result) results.get(0);
                if (policy_result != null) {
                    Decision decision = (Decision) policy_result.getDecision();
                    if (decision != null) {
                        String policy_decision = decision.getValue();
                        if (policy_decision != null) {
                            return policy_decision;
                        }
                    }
                }
            }
        }
    } catch (URISyntaxException uriexp) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("XACMLQueryUtil." + "getPolicyDecisionForFedlet: " + "URI Exception while sending the XACML Request");
        }
    } catch (XACMLException xacmlexp) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("XACMLQueryUtil." + "getPolicyDecisionForFedlet: " + "Error while processing the XACML Response");
        }
    }
    return null;
}
Also used : Action(com.sun.identity.xacml.context.Action) Attribute(com.sun.identity.xacml.context.Attribute) Request(com.sun.identity.xacml.context.Request) HttpServletRequest(javax.servlet.http.HttpServletRequest) ArrayList(java.util.ArrayList) Resource(com.sun.identity.xacml.context.Resource) URISyntaxException(java.net.URISyntaxException) URI(java.net.URI) Subject(com.sun.identity.xacml.context.Subject) Decision(com.sun.identity.xacml.context.Decision) Result(com.sun.identity.xacml.context.Result) XACMLException(com.sun.identity.xacml.common.XACMLException) Response(com.sun.identity.xacml.context.Response) Environment(com.sun.identity.xacml.context.Environment) ArrayList(java.util.ArrayList) List(java.util.List)

Example 5 with Subject

use of com.sun.identity.xacml.context.Subject in project OpenAM by OpenRock.

the class XACMLClientSample method createSampleXacmlRequest.

private Request createSampleXacmlRequest(String subjectId, String subjectIdType, String subjectCategory, String resourceId, String resourceIdType, String serviceName, String serviceNameType, String actionId, String actionIdType) throws XACMLException, URISyntaxException {
    Request request = ContextFactory.getInstance().createRequest();
    //Subject
    Subject subject = ContextFactory.getInstance().createSubject();
    subject.setSubjectCategory(new URI(subjectCategory));
    //set subject id
    Attribute attribute = ContextFactory.getInstance().createAttribute();
    attribute.setAttributeId(new URI(XACMLConstants.SUBJECT_ID));
    attribute.setDataType(new URI(subjectIdType));
    List valueList = new ArrayList();
    valueList.add(subjectId);
    attribute.setAttributeStringValues(valueList);
    List attributeList = new ArrayList();
    attributeList.add(attribute);
    subject.setAttributes(attributeList);
    //set Subject in Request
    List subjectList = new ArrayList();
    subjectList.add(subject);
    request.setSubjects(subjectList);
    //Resource
    Resource resource = ContextFactory.getInstance().createResource();
    //set resource id
    attribute = ContextFactory.getInstance().createAttribute();
    attribute.setAttributeId(new URI(XACMLConstants.RESOURCE_ID));
    attribute.setDataType(new URI(resourceIdType));
    valueList = new ArrayList();
    valueList.add(resourceId);
    attribute.setAttributeStringValues(valueList);
    attributeList = new ArrayList();
    attributeList.add(attribute);
    //set serviceName
    attribute = ContextFactory.getInstance().createAttribute();
    attribute.setAttributeId(new URI(XACMLConstants.TARGET_SERVICE));
    attribute.setDataType(new URI(serviceNameType));
    valueList = new ArrayList();
    valueList.add(serviceName);
    attribute.setAttributeStringValues(valueList);
    attributeList.add(attribute);
    resource.setAttributes(attributeList);
    //set Resource in Request
    List resourceList = new ArrayList();
    resourceList.add(resource);
    request.setResources(resourceList);
    //Action
    Action action = ContextFactory.getInstance().createAction();
    attribute = ContextFactory.getInstance().createAttribute();
    attribute.setAttributeId(new URI(XACMLConstants.ACTION_ID));
    attribute.setDataType(new URI(actionIdType));
    //set actionId
    valueList = new ArrayList();
    valueList.add(actionId);
    attribute.setAttributeStringValues(valueList);
    attributeList = new ArrayList();
    attributeList.add(attribute);
    action.setAttributes(attributeList);
    //set Action in Request
    request.setAction(action);
    //Enviornment, our PDP does not use environment now
    Environment environment = ContextFactory.getInstance().createEnvironment();
    request.setEnvironment(environment);
    return request;
}
Also used : Action(com.sun.identity.xacml.context.Action) Attribute(com.sun.identity.xacml.context.Attribute) Request(com.sun.identity.xacml.context.Request) ArrayList(java.util.ArrayList) Resource(com.sun.identity.xacml.context.Resource) Environment(com.sun.identity.xacml.context.Environment) ArrayList(java.util.ArrayList) List(java.util.List) URI(java.net.URI) Subject(com.sun.identity.xacml.context.Subject)

Aggregations

Subject (com.sun.identity.xacml.context.Subject)7 Attribute (com.sun.identity.xacml.context.Attribute)5 Resource (com.sun.identity.xacml.context.Resource)5 URI (java.net.URI)5 ArrayList (java.util.ArrayList)5 List (java.util.List)4 XACMLException (com.sun.identity.xacml.common.XACMLException)3 Action (com.sun.identity.xacml.context.Action)3 Environment (com.sun.identity.xacml.context.Environment)3 Request (com.sun.identity.xacml.context.Request)3 SSOException (com.iplanet.sso.SSOException)2 SSOToken (com.iplanet.sso.SSOToken)2 URISyntaxException (java.net.URISyntaxException)2 Element (org.w3c.dom.Element)2 SSOTokenManager (com.iplanet.sso.SSOTokenManager)1 AuthContext (com.sun.identity.authentication.AuthContext)1 AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)1 SessionException (com.sun.identity.plugin.session.SessionException)1 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)1 ContextFactory (com.sun.identity.xacml.context.ContextFactory)1