Example 6 with AttributeValue
use of com.sun.identity.entitlement.xacml3.core.AttributeValue in project OpenAM by OpenRock.
the class XACMLPrivilegeUtils method getEntitlementSubjectFromPolicy.
static EntitlementSubject getEntitlementSubjectFromPolicy(Policy policy) {
if (policy == null) {
return null;
}
List<Rule> rules = getRules(policy);
if (rules == null) {
return null;
}
EntitlementSubject es = null;
for (Rule rule : rules) {
Condition condition = rule.getCondition();
JAXBElement jaxbElement = condition.getExpression();
if (jaxbElement.getDeclaredType().equals(Apply.class)) {
Apply apply = (Apply) jaxbElement.getValue();
String functionId = apply.getFunctionId();
if (XACMLConstants.JSON_SUBJECT_AND_CONDITION_SATISFIED.equals(functionId)) {
List<JAXBElement<?>> expressionList = apply.getExpression();
for (JAXBElement jaxe : expressionList) {
if (jaxe.getDeclaredType().equals(AttributeValue.class)) {
AttributeValue av = (AttributeValue) jaxe.getValue();
String dataType = av.getDataType();
if (dataType.startsWith(XACMLConstants.JSON_SUBJECT_DATATYPE)) {
List<Object> valueList = av.getContent();
String value = null;
if (valueList != null) {
for (Object ob : valueList) {
if (ob instanceof String) {
value = (String) ob;
break;
}
}
}
if (value != null) {
es = createEntitlementSubject(dataType, value);
}
}
}
}
}
}
if (es != null) {
break;
}
}
return es;
}
Also used :
EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject)
EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition)
Condition(com.sun.identity.entitlement.xacml3.core.Condition)
AttributeValue(com.sun.identity.entitlement.xacml3.core.AttributeValue)
Apply(com.sun.identity.entitlement.xacml3.core.Apply)
JSONObject(org.json.JSONObject)
Rule(com.sun.identity.entitlement.xacml3.core.Rule)
JAXBElement(javax.xml.bind.JAXBElement)
Example 7 with AttributeValue
use of com.sun.identity.entitlement.xacml3.core.AttributeValue in project OpenAM by OpenRock.
the class XACMLPrivilegeUtils method referralToPolicyInternal.
public static Policy referralToPolicyInternal(ReferralPrivilege privilege) throws JAXBException, JSONException {
if (privilege == null) {
return null;
}
Policy policy = new Policy();
String privilegeName = privilege.getName();
String policyId = privilegeNameToPolicyId(privilegeName, null);
policy.setPolicyId(policyId);
String description = privilege.getDescription();
policy.setDescription(description);
List<Object> vrList = policy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition();
JAXBContext jaxbContext = JAXBContext.newInstance(XACMLConstants.XACML3_CORE_PKG);
VariableDefinition createdBy = new VariableDefinition();
vrList.add(createdBy);
createdBy.setVariableId(XACMLConstants.PRIVILEGE_CREATED_BY);
AttributeValue cbv = new AttributeValue();
cbv.setDataType(XACMLConstants.XS_STRING);
cbv.getContent().add(privilege.getCreatedBy());
JAXBElement<AttributeValue> cbve = objectFactory.createAttributeValue(cbv);
createdBy.setExpression(cbve);
VariableDefinition lastModifiedBy = new VariableDefinition();
vrList.add(lastModifiedBy);
lastModifiedBy.setVariableId(XACMLConstants.PRIVILEGE_LAST_MODIFIED_BY);
AttributeValue lmbv = new AttributeValue();
lmbv.setDataType(XACMLConstants.XS_STRING);
lmbv.getContent().add(privilege.getLastModifiedBy());
JAXBElement<AttributeValue> lmbve = objectFactory.createAttributeValue(lmbv);
lastModifiedBy.setExpression(lmbve);
SimpleDateFormat sdf1 = new SimpleDateFormat("yyyy-MM-dd");
SimpleDateFormat sdf2 = new SimpleDateFormat("HH:mm:ss.SSS");
SimpleDateFormat sdf3 = new SimpleDateFormat("yyyy.MM.dd.HH.mm.ss.SSS");
sdf1.setTimeZone(TimeZone.getTimeZone("GMT"));
sdf2.setTimeZone(TimeZone.getTimeZone("GMT"));
sdf3.setTimeZone(TimeZone.getTimeZone("GMT"));
VariableDefinition creationDate = new VariableDefinition();
vrList.add(creationDate);
creationDate.setVariableId(XACMLConstants.PRIVILEGE_CREATION_DATE);
AttributeValue cdv = new AttributeValue();
cdv.setDataType(XACMLConstants.XS_DATE_TIME);
cdv.getContent().add(sdf1.format(privilege.getCreationDate()) + "T" + sdf2.format(privilege.getCreationDate()));
JAXBElement<AttributeValue> cdve = objectFactory.createAttributeValue(cdv);
creationDate.setExpression(cdve);
VariableDefinition lastModifiedDate = new VariableDefinition();
vrList.add(lastModifiedDate);
lastModifiedDate.setVariableId(XACMLConstants.PRIVILEGE_LAST_MODIFIED_DATE);
AttributeValue lmdv = new AttributeValue();
lmdv.setDataType(XACMLConstants.XS_DATE_TIME);
lmdv.getContent().add(sdf1.format(privilege.getLastModifiedDate()) + "T" + sdf2.format(privilege.getLastModifiedDate()));
JAXBElement<AttributeValue> lmdve = objectFactory.createAttributeValue(lmdv);
lastModifiedDate.setExpression(lmdve);
VariableDefinition isReferralPolicy = new VariableDefinition();
vrList.add(isReferralPolicy);
isReferralPolicy.setVariableId(XACMLConstants.IS_REFERRAL_POLICY);
AttributeValue irdv = new AttributeValue();
irdv.setDataType(XACMLConstants.XS_BOOLEAN_TYPE);
irdv.getContent().add(XACMLConstants.XS_BOOLEAN_TRUE);
JAXBElement<AttributeValue> irdve = objectFactory.createAttributeValue(irdv);
isReferralPolicy.setExpression(irdve);
// PolicyIssuer policyIssuer = null; // optional, TODO
Version version = new Version();
// TODO: use privilege version in future
version.setValue(sdf3.format(privilege.getLastModifiedDate()));
policy.setVersion(version);
// Defaults policyDefaults = null; // optional, TODO
policy.setRuleCombiningAlgId(XACMLConstants.XACML_RULE_DENY_OVERRIDES);
// XACML Target contains a list of AnyOf(s)
// XACML AnyOf contains a list of AllOf(s)
// XACML AllOf contains a list of Match(s)
Target target = new Target();
policy.setTarget(target);
List<AnyOf> targetAnyOfList = target.getAnyOf();
Set<String> realms = privilege.getRealms();
Map<String, Set<String>> appsResources = privilege.getOriginalMapApplNameToResources();
AnyOf anyOfRealmsAppsResources = realmsAppsResourcesToAnyOf(realms, appsResources);
if (anyOfRealmsAppsResources != null) {
targetAnyOfList.add(anyOfRealmsAppsResources);
}
Rule permitRule = new Rule();
vrList.add(permitRule);
permitRule.setRuleId(privilegeName + ":" + XACMLConstants.PREMIT_RULE_SUFFIX);
permitRule.setDescription(XACMLConstants.PERMIT_RULE_DESCRIPTION);
permitRule.setEffect(EffectType.PERMIT);
Target permitTarget = new Target();
permitRule.setTarget(permitTarget);
return policy;
}
Also used :
Policy(com.sun.identity.entitlement.xacml3.core.Policy)
AttributeValue(com.sun.identity.entitlement.xacml3.core.AttributeValue)
Set(java.util.Set)
PolicySet(com.sun.identity.entitlement.xacml3.core.PolicySet)
HashSet(java.util.HashSet)
VariableDefinition(com.sun.identity.entitlement.xacml3.core.VariableDefinition)
AnyOf(com.sun.identity.entitlement.xacml3.core.AnyOf)
JAXBContext(javax.xml.bind.JAXBContext)
Target(com.sun.identity.entitlement.xacml3.core.Target)
Version(com.sun.identity.entitlement.xacml3.core.Version)
JSONObject(org.json.JSONObject)
Rule(com.sun.identity.entitlement.xacml3.core.Rule)
SimpleDateFormat(java.text.SimpleDateFormat)
Example 8 with AttributeValue
use of com.sun.identity.entitlement.xacml3.core.AttributeValue in project OpenAM by OpenRock.
the class XACMLPrivilegeUtils method applicationNameToMatch.
public static Match applicationNameToMatch(String applicationName) {
if (applicationName == null || applicationName.length() == 0) {
return null;
}
Match match = new Match();
String matchId = XACMLConstants.APPLICATION_MATCH;
match.setMatchId(matchId);
AttributeValue attributeValue = new AttributeValue();
String dataType = XACMLConstants.XS_STRING;
attributeValue.setDataType(dataType);
attributeValue.getContent().add(applicationName);
AttributeDesignator attributeDesignator = new AttributeDesignator();
String category = XACMLConstants.APPLICATION_CATEGORY;
attributeDesignator.setCategory(category);
String attributeId = XACMLConstants.APPLICATION_ID;
attributeDesignator.setAttributeId(attributeId);
String dt = XACMLConstants.XS_STRING;
attributeDesignator.setDataType(dt);
// TODO: not a constant?
String issuer = XACMLConstants.APPLICATION_ISSUER;
// attributeDesignator.setIssuer(issuer); // TODO: verify and fix
boolean mustBePresent = false;
attributeDesignator.setMustBePresent(mustBePresent);
match.setAttributeValue(attributeValue);
match.setAttributeDesignator(attributeDesignator);
return match;
}
Also used :
AttributeValue(com.sun.identity.entitlement.xacml3.core.AttributeValue)
AttributeDesignator(com.sun.identity.entitlement.xacml3.core.AttributeDesignator)
Match(com.sun.identity.entitlement.xacml3.core.Match)
Example 9 with AttributeValue
use of com.sun.identity.entitlement.xacml3.core.AttributeValue in project OpenAM by OpenRock.
the class XACMLSchemaFactoryTest method createAdviceExpression.
/**
* Create an advice expression using the values in the specified resource attribute
* @param ra the specified resource attribute
* @return an advice expression
* @throws EntitlementException if there are JSON errors
*/
private AdviceExpression createAdviceExpression(final ResourceAttribute ra) throws EntitlementException {
AdviceExpression result = new AdviceExpression();
AttributeValue attributeValue = new AttributeValue();
attributeValue.setDataType(XACMLConstants.XS_STRING);
// We bypass much of the grief of conversion by getting JSON to do the heavy lifting for us.
attributeValue.getContent().add(resourceAttributeUtil.toJSON(ra));
JAXBElement<AttributeValue> jaxbElement = new JAXBElement<AttributeValue>(QName.valueOf(AttributeValue.class.getSimpleName()), AttributeValue.class, null, attributeValue);
AttributeAssignmentExpression attributeAssignmentExpression = new AttributeAssignmentExpression();
attributeAssignmentExpression.setExpression(jaxbElement);
attributeAssignmentExpression.setAttributeId(XACMLConstants.JSON_RESOURCE_ATTRIBUTE_ADVICE_ID + ":" + ra.getClass().getName() + ":" + ra.getPropertyName());
result.getAttributeAssignmentExpression().add(attributeAssignmentExpression);
result.setAppliesTo(EffectType.PERMIT);
result.setAdviceId(XACMLConstants.JSON_RESOURCE_ATTRIBUTE_ADVICE_ID + ":" + ra.getClass().getName());
return result;
}
Also used :
AdviceExpression(com.sun.identity.entitlement.xacml3.core.AdviceExpression)
AttributeValue(com.sun.identity.entitlement.xacml3.core.AttributeValue)
AttributeAssignmentExpression(com.sun.identity.entitlement.xacml3.core.AttributeAssignmentExpression)
JAXBElement(javax.xml.bind.JAXBElement)
Example 10 with AttributeValue
use of com.sun.identity.entitlement.xacml3.core.AttributeValue in project OpenAM by OpenRock.
the class XACMLPrivilegeUtils method getEntitlementConditionFromPolicy.
static EntitlementCondition getEntitlementConditionFromPolicy(Policy policy) throws EntitlementException {
if (policy == null) {
return null;
}
List<Rule> rules = getRules(policy);
if (rules == null) {
return null;
}
EntitlementCondition ec = null;
for (Rule rule : rules) {
Condition condition = rule.getCondition();
JAXBElement jaxbElement = condition.getExpression();
if (jaxbElement.getDeclaredType().equals(Apply.class)) {
Apply apply = (Apply) jaxbElement.getValue();
String functionId = apply.getFunctionId();
if (XACMLConstants.JSON_SUBJECT_AND_CONDITION_SATISFIED.equals(functionId)) {
List<JAXBElement<?>> expressionList = apply.getExpression();
for (JAXBElement jaxe : expressionList) {
if (jaxe.getDeclaredType().equals(AttributeValue.class)) {
AttributeValue av = (AttributeValue) jaxe.getValue();
String dataType = av.getDataType();
if (dataType.startsWith(XACMLConstants.JSON_CONDITION_DATATYPE)) {
List<Object> valueList = av.getContent();
String value = null;
if (valueList != null) {
for (Object ob : valueList) {
if (ob instanceof String) {
value = (String) ob;
break;
}
}
}
if (value != null) {
ec = createEntitlementCondition(dataType, value);
}
}
}
}
}
if (ec != null) {
break;
}
}
}
return ec;
}
Also used :
EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition)
Condition(com.sun.identity.entitlement.xacml3.core.Condition)
EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition)
AttributeValue(com.sun.identity.entitlement.xacml3.core.AttributeValue)
Apply(com.sun.identity.entitlement.xacml3.core.Apply)
JSONObject(org.json.JSONObject)
Rule(com.sun.identity.entitlement.xacml3.core.Rule)
JAXBElement(javax.xml.bind.JAXBElement)
Aggregations
AttributeValue (com.sun.identity.entitlement.xacml3.core.AttributeValue)20
Match (com.sun.identity.entitlement.xacml3.core.Match)10
JSONObject (org.json.JSONObject)9
AttributeDesignator (com.sun.identity.entitlement.xacml3.core.AttributeDesignator)7
AnyOf (com.sun.identity.entitlement.xacml3.core.AnyOf)5
JAXBElement (javax.xml.bind.JAXBElement)5
EntitlementCondition (com.sun.identity.entitlement.EntitlementCondition)4
Condition (com.sun.identity.entitlement.xacml3.core.Condition)4
Rule (com.sun.identity.entitlement.xacml3.core.Rule)4
HashSet (java.util.HashSet)4
AllOf (com.sun.identity.entitlement.xacml3.core.AllOf)3
Apply (com.sun.identity.entitlement.xacml3.core.Apply)3
AttributeAssignmentExpression (com.sun.identity.entitlement.xacml3.core.AttributeAssignmentExpression)3
VariableDefinition (com.sun.identity.entitlement.xacml3.core.VariableDefinition)3
JAXBContext (javax.xml.bind.JAXBContext)3
EntitlementSubject (com.sun.identity.entitlement.EntitlementSubject)2
AdviceExpression (com.sun.identity.entitlement.xacml3.core.AdviceExpression)2
Policy (com.sun.identity.entitlement.xacml3.core.Policy)2
Target (com.sun.identity.entitlement.xacml3.core.Target)2
Version (com.sun.identity.entitlement.xacml3.core.Version)2
