Example 1 with ResourceAttribute
use of com.sun.identity.entitlement.ResourceAttribute in project OpenAM by OpenRock.
the class PrivilegeUtils method nrpsToResourceAttributes.
private static Set<ResourceAttribute> nrpsToResourceAttributes(Set nrps) throws EntitlementException {
Set<ResourceAttribute> resourceAttributesSet = new HashSet<ResourceAttribute>();
if (nrps != null && !nrps.isEmpty()) {
for (Object nrpObj : nrps) {
Object[] nrpa = (Object[]) nrpObj;
String nrpName = (String) nrpa[0];
ResponseProvider rp = (ResponseProvider) nrpa[1];
if (rp instanceof IDRepoResponseProvider) {
resourceAttributesSet.addAll(nrpsToResourceAttributes((IDRepoResponseProvider) rp, nrpName));
} else if (rp instanceof ResponseProvider) {
resourceAttributesSet.addAll(mapGenericResponseProvider(nrpName, rp));
}
}
}
return resourceAttributesSet;
}
Also used :
IDRepoResponseProvider(com.sun.identity.policy.plugins.IDRepoResponseProvider)
ResponseProvider(com.sun.identity.policy.interfaces.ResponseProvider)
ResourceAttribute(com.sun.identity.entitlement.ResourceAttribute)
IDRepoResponseProvider(com.sun.identity.policy.plugins.IDRepoResponseProvider)
HashSet(java.util.HashSet)
Example 2 with ResourceAttribute
use of com.sun.identity.entitlement.ResourceAttribute in project OpenAM by OpenRock.
the class PrivilegeUtils method resourceAttributesToResponseProviders.
private static Map<String, ResponseProvider> resourceAttributesToResponseProviders(Set<ResourceAttribute> resourceAttributes) throws PolicyException, EntitlementException {
Map<String, ResponseProvider> results = new HashMap<String, ResponseProvider>();
if (resourceAttributes != null) {
Map<String, Map<String, Set<String>>> map = new HashMap<String, Map<String, Set<String>>>();
for (ResourceAttribute ra : resourceAttributes) {
if (ra instanceof StaticAttributes) {
resourceAttributesToResponseProviders((StaticAttributes) ra, map);
} else if (ra instanceof UserAttributes) {
resourceAttributesToResponseProviders((UserAttributes) ra, map);
}
}
for (String n : map.keySet()) {
ResponseProvider rp = new IDRepoResponseProvider();
Map<String, Set<String>> values = map.get(n);
Set<String> dynValues = values.get(IDRepoResponseProvider.DYNAMIC_ATTRIBUTE);
if ((dynValues != null) && !dynValues.isEmpty()) {
Map<String, Set<String>> configParams = new HashMap<String, Set<String>>();
configParams.put(PolicyConfig.SELECTED_DYNAMIC_ATTRIBUTES, dynValues);
rp.initialize(configParams);
}
rp.setProperties(values);
results.put(n, rp);
}
// Copy any legacy response providers over directly
for (ResourceAttribute ra : resourceAttributes) {
if (ra instanceof PolicyResponseProvider) {
PolicyResponseProvider prp = (PolicyResponseProvider) ra;
results.put(prp.getPResponseProviderName(), prp.getResponseProvider());
}
}
}
return results;
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
HashMap(java.util.HashMap)
StaticAttributes(com.sun.identity.entitlement.StaticAttributes)
IDRepoResponseProvider(com.sun.identity.policy.plugins.IDRepoResponseProvider)
UserAttributes(com.sun.identity.entitlement.UserAttributes)
IDRepoResponseProvider(com.sun.identity.policy.plugins.IDRepoResponseProvider)
ResponseProvider(com.sun.identity.policy.interfaces.ResponseProvider)
ResourceAttribute(com.sun.identity.entitlement.ResourceAttribute)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 3 with ResourceAttribute
use of com.sun.identity.entitlement.ResourceAttribute in project OpenAM by OpenRock.
the class PrivilegeUtils method nrpsToResourceAttributes.
private static Set<ResourceAttribute> nrpsToResourceAttributes(IDRepoResponseProvider irp, String nrpName) throws EntitlementException {
Map<String, ResourceAttribute> map = new HashMap<String, ResourceAttribute>();
Map props = irp.getProperties();
if ((props != null) && !props.isEmpty()) {
Set<String> sas = (Set<String>) props.get(IDRepoResponseProvider.STATIC_ATTRIBUTE);
if (sas != null && !sas.isEmpty()) {
for (String sat : sas) {
int i = sat.indexOf("=");
String name = (i != -1) ? sat.substring(0, i) : sat;
String value = (i != -1) ? sat.substring(i + 1) : null;
String k = name + "_" + IDRepoResponseProvider.STATIC_ATTRIBUTE;
StaticAttributes sa = (StaticAttributes) map.get(k);
if (sa == null) {
sa = new StaticAttributes();
sa.setPropertyName(name);
map.put(k, sa);
}
if (value != null) {
sa.getPropertyValues().add(value);
}
sa.setPResponseProviderName(nrpName);
}
}
Set<String> uas = (Set<String>) props.get(IDRepoResponseProvider.DYNAMIC_ATTRIBUTE);
if (uas != null && !uas.isEmpty()) {
for (String uat : uas) {
int i = uat.indexOf("=");
String name = (i != -1) ? uat.substring(0, i) : uat;
String value = (i != -1) ? uat.substring(i + 1) : null;
String k = name + "_" + IDRepoResponseProvider.DYNAMIC_ATTRIBUTE;
UserAttributes ua = (UserAttributes) map.get(k);
if (ua == null) {
ua = new UserAttributes();
ua.setPropertyName(name);
map.put(k, ua);
}
if (value != null) {
ua.getPropertyValues().add(value);
}
ua.setPResponseProviderName(nrpName);
}
}
}
Set<ResourceAttribute> results = new HashSet<ResourceAttribute>();
results.addAll(map.values());
return results;
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
HashMap(java.util.HashMap)
StaticAttributes(com.sun.identity.entitlement.StaticAttributes)
ResourceAttribute(com.sun.identity.entitlement.ResourceAttribute)
HashMap(java.util.HashMap)
Map(java.util.Map)
UserAttributes(com.sun.identity.entitlement.UserAttributes)
HashSet(java.util.HashSet)
Example 4 with ResourceAttribute
use of com.sun.identity.entitlement.ResourceAttribute in project OpenAM by OpenRock.
the class XACMLPrivilegeUtils method privilegeToPolicyInternal.
private static Policy privilegeToPolicyInternal(Privilege privilege) throws JAXBException, EntitlementException {
if (privilege == null) {
return null;
}
Policy policy = new Policy();
String privilegeName = privilege.getName();
String applicationName = null;
String entitlementName = null;
Entitlement entitlement = privilege.getEntitlement();
if (entitlement != null) {
applicationName = entitlement.getApplicationName();
entitlementName = entitlement.getName();
}
String policyId = privilegeNameToPolicyId(privilegeName, applicationName);
policy.setPolicyId(policyId);
String description = privilege.getDescription();
policy.setDescription(description);
List<Object> vrList = policy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition();
JAXBContext jaxbContext = JAXBContext.newInstance(XACMLConstants.XACML3_CORE_PKG);
if (applicationName != null) {
VariableDefinition appName = new VariableDefinition();
vrList.add(appName);
appName.setVariableId(XACMLConstants.APPLICATION_NAME);
AttributeValue cbv = new AttributeValue();
cbv.setDataType(XACMLConstants.XS_STRING);
cbv.getContent().add(applicationName);
JAXBElement<AttributeValue> cbve = objectFactory.createAttributeValue(cbv);
appName.setExpression(cbve);
}
if (entitlementName != null) {
VariableDefinition entName = new VariableDefinition();
vrList.add(entName);
entName.setVariableId(XACMLConstants.ENTITLEMENT_NAME);
AttributeValue cbv = new AttributeValue();
cbv.setDataType(XACMLConstants.XS_STRING);
cbv.getContent().add(entitlementName);
JAXBElement<AttributeValue> cbve = objectFactory.createAttributeValue(cbv);
entName.setExpression(cbve);
}
VariableDefinition createdBy = new VariableDefinition();
vrList.add(createdBy);
createdBy.setVariableId(XACMLConstants.PRIVILEGE_CREATED_BY);
AttributeValue cbv = new AttributeValue();
cbv.setDataType(XACMLConstants.XS_STRING);
cbv.getContent().add(privilege.getCreatedBy());
JAXBElement<AttributeValue> cbve = objectFactory.createAttributeValue(cbv);
createdBy.setExpression(cbve);
VariableDefinition lastModifiedBy = new VariableDefinition();
vrList.add(lastModifiedBy);
lastModifiedBy.setVariableId(XACMLConstants.PRIVILEGE_LAST_MODIFIED_BY);
AttributeValue lmbv = new AttributeValue();
lmbv.setDataType(XACMLConstants.XS_STRING);
lmbv.getContent().add(privilege.getLastModifiedBy());
JAXBElement<AttributeValue> lmbve = objectFactory.createAttributeValue(lmbv);
lastModifiedBy.setExpression(lmbve);
SimpleDateFormat sdf1 = new SimpleDateFormat("yyyy-MM-dd");
SimpleDateFormat sdf2 = new SimpleDateFormat("HH:mm:ss.SSS");
SimpleDateFormat sdf3 = new SimpleDateFormat("yyyy.MM.dd.HH.mm.ss.SSS");
sdf1.setTimeZone(TimeZone.getTimeZone("GMT"));
sdf2.setTimeZone(TimeZone.getTimeZone("GMT"));
sdf3.setTimeZone(TimeZone.getTimeZone("GMT"));
VariableDefinition creationDate = new VariableDefinition();
vrList.add(creationDate);
creationDate.setVariableId(XACMLConstants.PRIVILEGE_CREATION_DATE);
AttributeValue cdv = new AttributeValue();
cdv.setDataType(XACMLConstants.XS_DATE_TIME);
cdv.getContent().add(sdf1.format(privilege.getCreationDate()) + "T" + sdf2.format(privilege.getCreationDate()));
JAXBElement<AttributeValue> cdve = objectFactory.createAttributeValue(cdv);
creationDate.setExpression(cdve);
VariableDefinition lastModifiedDate = new VariableDefinition();
vrList.add(lastModifiedDate);
lastModifiedDate.setVariableId(XACMLConstants.PRIVILEGE_LAST_MODIFIED_DATE);
AttributeValue lmdv = new AttributeValue();
lmdv.setDataType(XACMLConstants.XS_DATE_TIME);
lmdv.getContent().add(sdf1.format(privilege.getLastModifiedDate()) + "T" + sdf2.format(privilege.getLastModifiedDate()));
JAXBElement<AttributeValue> lmdve = objectFactory.createAttributeValue(lmdv);
lastModifiedDate.setExpression(lmdve);
// PolicyIssuer policyIssuer = null; // optional, TODO
Version version = new Version();
// TODO: use privilege version in future
version.setValue(sdf3.format(privilege.getLastModifiedDate()));
policy.setVersion(version);
// Defaults policyDefaults = null; // optional, TODO
String rca = getRuleCombiningAlgId(applicationName);
policy.setRuleCombiningAlgId(rca);
// String ruleCombiningAlgId = "rca"; // required
// XACML Target contains a list of AnyOf(s)
// XACML AnyOf contains a list of AllOf(s)
// XACML AllOf contains a list of Match(s)
Target target = new Target();
policy.setTarget(target);
List<AnyOf> targetAnyOfList = target.getAnyOf();
EntitlementSubject es = privilege.getSubject();
/* TODO: detect simple subjects and set attribute value and designator
List<AnyOf> anyOfSubjectList = entitlementSubjectToAnyOfList(es);
if (anyOfSubjectList != null) {
targetAnyOfList.addAll(anyOfSubjectList);
}
*/
AnyOf anyOfSubject = entitlementSubjectToAnyOf(es);
if (anyOfSubject != null) {
targetAnyOfList.add(anyOfSubject);
}
Set<String> resources = entitlement.getResourceNames();
List<AnyOf> anyOfResourceList = resourceNamesToAnyOfList(resources, applicationName);
if (anyOfResourceList != null) {
targetAnyOfList.addAll(anyOfResourceList);
}
AnyOf anyOfApplication = applicationNameToAnyOf(applicationName);
if (anyOfApplication != null) {
targetAnyOfList.add(anyOfApplication);
}
Map<String, Boolean> actionValues = entitlement.getActionValues();
List<AnyOf> anyOfActionList = actionNamesToAnyOfList(actionValues.keySet(), applicationName);
if (anyOfActionList != null) {
targetAnyOfList.addAll(anyOfActionList);
}
// PermitRule, DenyRule
Set<String> permitActions = new HashSet<String>();
Set<String> denyActions = new HashSet<String>();
if (actionValues != null) {
Set<String> actionNames = actionValues.keySet();
for (String actionName : actionNames) {
if (Boolean.TRUE.equals(actionValues.get(actionName))) {
permitActions.add(actionName);
} else {
denyActions.add(actionName);
}
}
}
Condition condition = eSubjectConditionToXCondition(privilege.getSubject(), privilege.getCondition());
// Include resource attributes (ResourceProvider) as AdviceExpressions
Set<ResourceAttribute> ra = privilege.getResourceAttributes();
if (ra != null && !ra.isEmpty()) {
AdviceExpressions adviceExpressions = schemaFactory.resourceAttributesToAdviceExpressions(ra);
policy.setAdviceExpressions(adviceExpressions);
}
if (!permitActions.isEmpty()) {
Rule permitRule = new Rule();
vrList.add(permitRule);
permitRule.setRuleId(entitlement.getName() + ":" + XACMLConstants.PREMIT_RULE_SUFFIX);
permitRule.setDescription(XACMLConstants.PERMIT_RULE_DESCRIPTION);
permitRule.setEffect(EffectType.PERMIT);
Target permitTarget = new Target();
permitRule.setTarget(permitTarget);
List<AnyOf> permitTargetAnyOfList = permitTarget.getAnyOf();
List<AnyOf> anyOfPermitActionList = actionNamesToAnyOfList(permitActions, applicationName);
if (anyOfPermitActionList != null) {
permitTargetAnyOfList.addAll(anyOfPermitActionList);
}
if (condition != null) {
permitRule.setCondition(condition);
}
}
if (!denyActions.isEmpty()) {
Rule denyRule = new Rule();
vrList.add(denyRule);
denyRule.setRuleId(entitlement.getName() + ":" + XACMLConstants.DENY_RULE_SUFFIX);
denyRule.setDescription(XACMLConstants.DENY_RULE_DESCRIPTION);
denyRule.setEffect(EffectType.DENY);
Target denyTarget = new Target();
denyRule.setTarget(denyTarget);
List<AnyOf> denyTargetAnyOfList = denyTarget.getAnyOf();
List<AnyOf> anyOfDenyActionList = actionNamesToAnyOfList(denyActions, applicationName);
if (anyOfDenyActionList != null) {
denyTargetAnyOfList.addAll(anyOfDenyActionList);
}
if (condition != null) {
denyRule.setCondition(condition);
}
}
return policy;
}
Also used :
Policy(com.sun.identity.entitlement.xacml3.core.Policy)
EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition)
Condition(com.sun.identity.entitlement.xacml3.core.Condition)
AttributeValue(com.sun.identity.entitlement.xacml3.core.AttributeValue)
VariableDefinition(com.sun.identity.entitlement.xacml3.core.VariableDefinition)
AnyOf(com.sun.identity.entitlement.xacml3.core.AnyOf)
JAXBContext(javax.xml.bind.JAXBContext)
EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject)
Target(com.sun.identity.entitlement.xacml3.core.Target)
Version(com.sun.identity.entitlement.xacml3.core.Version)
JSONObject(org.json.JSONObject)
AdviceExpressions(com.sun.identity.entitlement.xacml3.core.AdviceExpressions)
Rule(com.sun.identity.entitlement.xacml3.core.Rule)
Entitlement(com.sun.identity.entitlement.Entitlement)
ResourceAttribute(com.sun.identity.entitlement.ResourceAttribute)
SimpleDateFormat(java.text.SimpleDateFormat)
HashSet(java.util.HashSet)
Example 5 with ResourceAttribute
use of com.sun.identity.entitlement.ResourceAttribute in project OpenAM by OpenRock.
the class XACMLSchemaFactoryTest method shouldConvertAdviceExpressionsToAndFrom.
@Test
public void shouldConvertAdviceExpressionsToAndFrom() throws EntitlementException {
// When...
Set<ResourceAttribute> raSet = xacmlSchemaFactory.adviceExpressionsToResourceAttributes(aes);
AdviceExpressions expressions = xacmlSchemaFactory.resourceAttributesToAdviceExpressions(raSet);
// Then...
assertEqualAdviceExpressions(aes, expressions);
}
Also used :
AdviceExpressions(com.sun.identity.entitlement.xacml3.core.AdviceExpressions)
ResourceAttribute(com.sun.identity.entitlement.ResourceAttribute)
Test(org.testng.annotations.Test)
Aggregations
ResourceAttribute (com.sun.identity.entitlement.ResourceAttribute)20
Test (org.testng.annotations.Test)11
HashSet (java.util.HashSet)8
StaticAttributes (com.sun.identity.entitlement.StaticAttributes)7
Entitlement (com.sun.identity.entitlement.Entitlement)6
EntitlementCondition (com.sun.identity.entitlement.EntitlementCondition)6
Privilege (com.sun.identity.entitlement.Privilege)6
EntitlementSubject (com.sun.identity.entitlement.EntitlementSubject)5
UserAttributes (com.sun.identity.entitlement.UserAttributes)5
HashMap (java.util.HashMap)5
ReferralPrivilege (com.sun.identity.entitlement.ReferralPrivilege)3
AdviceExpression (com.sun.identity.entitlement.xacml3.core.AdviceExpression)3
AdviceExpressions (com.sun.identity.entitlement.xacml3.core.AdviceExpressions)3
Set (java.util.Set)3
AndCondition (com.sun.identity.entitlement.AndCondition)2
OrSubject (com.sun.identity.entitlement.OrSubject)2
UserSubject (com.sun.identity.entitlement.UserSubject)2
OpenSSOPrivilege (com.sun.identity.entitlement.opensso.OpenSSOPrivilege)2
OpenSSOUserSubject (com.sun.identity.entitlement.opensso.OpenSSOUserSubject)2
ResponseProvider (com.sun.identity.policy.interfaces.ResponseProvider)2
