Search in sources :

Example 6 with AttributeValue

use of com.sun.identity.entitlement.xacml3.core.AttributeValue in project OpenAM by OpenRock.

the class XACMLPrivilegeUtils method getEntitlementSubjectFromPolicy.

static EntitlementSubject getEntitlementSubjectFromPolicy(Policy policy) {
    if (policy == null) {
        return null;
    }
    List<Rule> rules = getRules(policy);
    if (rules == null) {
        return null;
    }
    EntitlementSubject es = null;
    for (Rule rule : rules) {
        Condition condition = rule.getCondition();
        JAXBElement jaxbElement = condition.getExpression();
        if (jaxbElement.getDeclaredType().equals(Apply.class)) {
            Apply apply = (Apply) jaxbElement.getValue();
            String functionId = apply.getFunctionId();
            if (XACMLConstants.JSON_SUBJECT_AND_CONDITION_SATISFIED.equals(functionId)) {
                List<JAXBElement<?>> expressionList = apply.getExpression();
                for (JAXBElement jaxe : expressionList) {
                    if (jaxe.getDeclaredType().equals(AttributeValue.class)) {
                        AttributeValue av = (AttributeValue) jaxe.getValue();
                        String dataType = av.getDataType();
                        if (dataType.startsWith(XACMLConstants.JSON_SUBJECT_DATATYPE)) {
                            List<Object> valueList = av.getContent();
                            String value = null;
                            if (valueList != null) {
                                for (Object ob : valueList) {
                                    if (ob instanceof String) {
                                        value = (String) ob;
                                        break;
                                    }
                                }
                            }
                            if (value != null) {
                                es = createEntitlementSubject(dataType, value);
                            }
                        }
                    }
                }
            }
        }
        if (es != null) {
            break;
        }
    }
    return es;
}
Also used : EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject) EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition) Condition(com.sun.identity.entitlement.xacml3.core.Condition) AttributeValue(com.sun.identity.entitlement.xacml3.core.AttributeValue) Apply(com.sun.identity.entitlement.xacml3.core.Apply) JSONObject(org.json.JSONObject) Rule(com.sun.identity.entitlement.xacml3.core.Rule) JAXBElement(javax.xml.bind.JAXBElement)

Example 7 with AttributeValue

use of com.sun.identity.entitlement.xacml3.core.AttributeValue in project OpenAM by OpenRock.

the class XACMLPrivilegeUtils method referralToPolicyInternal.

public static Policy referralToPolicyInternal(ReferralPrivilege privilege) throws JAXBException, JSONException {
    if (privilege == null) {
        return null;
    }
    Policy policy = new Policy();
    String privilegeName = privilege.getName();
    String policyId = privilegeNameToPolicyId(privilegeName, null);
    policy.setPolicyId(policyId);
    String description = privilege.getDescription();
    policy.setDescription(description);
    List<Object> vrList = policy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition();
    JAXBContext jaxbContext = JAXBContext.newInstance(XACMLConstants.XACML3_CORE_PKG);
    VariableDefinition createdBy = new VariableDefinition();
    vrList.add(createdBy);
    createdBy.setVariableId(XACMLConstants.PRIVILEGE_CREATED_BY);
    AttributeValue cbv = new AttributeValue();
    cbv.setDataType(XACMLConstants.XS_STRING);
    cbv.getContent().add(privilege.getCreatedBy());
    JAXBElement<AttributeValue> cbve = objectFactory.createAttributeValue(cbv);
    createdBy.setExpression(cbve);
    VariableDefinition lastModifiedBy = new VariableDefinition();
    vrList.add(lastModifiedBy);
    lastModifiedBy.setVariableId(XACMLConstants.PRIVILEGE_LAST_MODIFIED_BY);
    AttributeValue lmbv = new AttributeValue();
    lmbv.setDataType(XACMLConstants.XS_STRING);
    lmbv.getContent().add(privilege.getLastModifiedBy());
    JAXBElement<AttributeValue> lmbve = objectFactory.createAttributeValue(lmbv);
    lastModifiedBy.setExpression(lmbve);
    SimpleDateFormat sdf1 = new SimpleDateFormat("yyyy-MM-dd");
    SimpleDateFormat sdf2 = new SimpleDateFormat("HH:mm:ss.SSS");
    SimpleDateFormat sdf3 = new SimpleDateFormat("yyyy.MM.dd.HH.mm.ss.SSS");
    sdf1.setTimeZone(TimeZone.getTimeZone("GMT"));
    sdf2.setTimeZone(TimeZone.getTimeZone("GMT"));
    sdf3.setTimeZone(TimeZone.getTimeZone("GMT"));
    VariableDefinition creationDate = new VariableDefinition();
    vrList.add(creationDate);
    creationDate.setVariableId(XACMLConstants.PRIVILEGE_CREATION_DATE);
    AttributeValue cdv = new AttributeValue();
    cdv.setDataType(XACMLConstants.XS_DATE_TIME);
    cdv.getContent().add(sdf1.format(privilege.getCreationDate()) + "T" + sdf2.format(privilege.getCreationDate()));
    JAXBElement<AttributeValue> cdve = objectFactory.createAttributeValue(cdv);
    creationDate.setExpression(cdve);
    VariableDefinition lastModifiedDate = new VariableDefinition();
    vrList.add(lastModifiedDate);
    lastModifiedDate.setVariableId(XACMLConstants.PRIVILEGE_LAST_MODIFIED_DATE);
    AttributeValue lmdv = new AttributeValue();
    lmdv.setDataType(XACMLConstants.XS_DATE_TIME);
    lmdv.getContent().add(sdf1.format(privilege.getLastModifiedDate()) + "T" + sdf2.format(privilege.getLastModifiedDate()));
    JAXBElement<AttributeValue> lmdve = objectFactory.createAttributeValue(lmdv);
    lastModifiedDate.setExpression(lmdve);
    VariableDefinition isReferralPolicy = new VariableDefinition();
    vrList.add(isReferralPolicy);
    isReferralPolicy.setVariableId(XACMLConstants.IS_REFERRAL_POLICY);
    AttributeValue irdv = new AttributeValue();
    irdv.setDataType(XACMLConstants.XS_BOOLEAN_TYPE);
    irdv.getContent().add(XACMLConstants.XS_BOOLEAN_TRUE);
    JAXBElement<AttributeValue> irdve = objectFactory.createAttributeValue(irdv);
    isReferralPolicy.setExpression(irdve);
    // PolicyIssuer policyIssuer = null;  // optional, TODO
    Version version = new Version();
    // TODO: use privilege version in future
    version.setValue(sdf3.format(privilege.getLastModifiedDate()));
    policy.setVersion(version);
    // Defaults policyDefaults = null; // optional, TODO
    policy.setRuleCombiningAlgId(XACMLConstants.XACML_RULE_DENY_OVERRIDES);
    // XACML Target contains a  list of AnyOf(s)
    // XACML AnyOf contains a list of AllOf(s)
    // XACML AllOf contains a list of Match(s)
    Target target = new Target();
    policy.setTarget(target);
    List<AnyOf> targetAnyOfList = target.getAnyOf();
    Set<String> realms = privilege.getRealms();
    Map<String, Set<String>> appsResources = privilege.getOriginalMapApplNameToResources();
    AnyOf anyOfRealmsAppsResources = realmsAppsResourcesToAnyOf(realms, appsResources);
    if (anyOfRealmsAppsResources != null) {
        targetAnyOfList.add(anyOfRealmsAppsResources);
    }
    Rule permitRule = new Rule();
    vrList.add(permitRule);
    permitRule.setRuleId(privilegeName + ":" + XACMLConstants.PREMIT_RULE_SUFFIX);
    permitRule.setDescription(XACMLConstants.PERMIT_RULE_DESCRIPTION);
    permitRule.setEffect(EffectType.PERMIT);
    Target permitTarget = new Target();
    permitRule.setTarget(permitTarget);
    return policy;
}
Also used : Policy(com.sun.identity.entitlement.xacml3.core.Policy) AttributeValue(com.sun.identity.entitlement.xacml3.core.AttributeValue) Set(java.util.Set) PolicySet(com.sun.identity.entitlement.xacml3.core.PolicySet) HashSet(java.util.HashSet) VariableDefinition(com.sun.identity.entitlement.xacml3.core.VariableDefinition) AnyOf(com.sun.identity.entitlement.xacml3.core.AnyOf) JAXBContext(javax.xml.bind.JAXBContext) Target(com.sun.identity.entitlement.xacml3.core.Target) Version(com.sun.identity.entitlement.xacml3.core.Version) JSONObject(org.json.JSONObject) Rule(com.sun.identity.entitlement.xacml3.core.Rule) SimpleDateFormat(java.text.SimpleDateFormat)

Example 8 with AttributeValue

use of com.sun.identity.entitlement.xacml3.core.AttributeValue in project OpenAM by OpenRock.

the class XACMLPrivilegeUtils method applicationNameToMatch.

public static Match applicationNameToMatch(String applicationName) {
    if (applicationName == null || applicationName.length() == 0) {
        return null;
    }
    Match match = new Match();
    String matchId = XACMLConstants.APPLICATION_MATCH;
    match.setMatchId(matchId);
    AttributeValue attributeValue = new AttributeValue();
    String dataType = XACMLConstants.XS_STRING;
    attributeValue.setDataType(dataType);
    attributeValue.getContent().add(applicationName);
    AttributeDesignator attributeDesignator = new AttributeDesignator();
    String category = XACMLConstants.APPLICATION_CATEGORY;
    attributeDesignator.setCategory(category);
    String attributeId = XACMLConstants.APPLICATION_ID;
    attributeDesignator.setAttributeId(attributeId);
    String dt = XACMLConstants.XS_STRING;
    attributeDesignator.setDataType(dt);
    // TODO: not a constant?
    String issuer = XACMLConstants.APPLICATION_ISSUER;
    // attributeDesignator.setIssuer(issuer); // TODO: verify and fix
    boolean mustBePresent = false;
    attributeDesignator.setMustBePresent(mustBePresent);
    match.setAttributeValue(attributeValue);
    match.setAttributeDesignator(attributeDesignator);
    return match;
}
Also used : AttributeValue(com.sun.identity.entitlement.xacml3.core.AttributeValue) AttributeDesignator(com.sun.identity.entitlement.xacml3.core.AttributeDesignator) Match(com.sun.identity.entitlement.xacml3.core.Match)

Example 9 with AttributeValue

use of com.sun.identity.entitlement.xacml3.core.AttributeValue in project OpenAM by OpenRock.

the class XACMLSchemaFactoryTest method createAdviceExpression.

/**
     * Create an advice expression using the values in the specified resource attribute
     * @param ra the specified resource attribute
     * @return an advice expression
     * @throws EntitlementException if there are JSON errors
     */
private AdviceExpression createAdviceExpression(final ResourceAttribute ra) throws EntitlementException {
    AdviceExpression result = new AdviceExpression();
    AttributeValue attributeValue = new AttributeValue();
    attributeValue.setDataType(XACMLConstants.XS_STRING);
    // We bypass much of the grief of conversion by getting JSON to do the heavy lifting for us.
    attributeValue.getContent().add(resourceAttributeUtil.toJSON(ra));
    JAXBElement<AttributeValue> jaxbElement = new JAXBElement<AttributeValue>(QName.valueOf(AttributeValue.class.getSimpleName()), AttributeValue.class, null, attributeValue);
    AttributeAssignmentExpression attributeAssignmentExpression = new AttributeAssignmentExpression();
    attributeAssignmentExpression.setExpression(jaxbElement);
    attributeAssignmentExpression.setAttributeId(XACMLConstants.JSON_RESOURCE_ATTRIBUTE_ADVICE_ID + ":" + ra.getClass().getName() + ":" + ra.getPropertyName());
    result.getAttributeAssignmentExpression().add(attributeAssignmentExpression);
    result.setAppliesTo(EffectType.PERMIT);
    result.setAdviceId(XACMLConstants.JSON_RESOURCE_ATTRIBUTE_ADVICE_ID + ":" + ra.getClass().getName());
    return result;
}
Also used : AdviceExpression(com.sun.identity.entitlement.xacml3.core.AdviceExpression) AttributeValue(com.sun.identity.entitlement.xacml3.core.AttributeValue) AttributeAssignmentExpression(com.sun.identity.entitlement.xacml3.core.AttributeAssignmentExpression) JAXBElement(javax.xml.bind.JAXBElement)

Example 10 with AttributeValue

use of com.sun.identity.entitlement.xacml3.core.AttributeValue in project OpenAM by OpenRock.

the class XACMLPrivilegeUtils method getEntitlementConditionFromPolicy.

static EntitlementCondition getEntitlementConditionFromPolicy(Policy policy) throws EntitlementException {
    if (policy == null) {
        return null;
    }
    List<Rule> rules = getRules(policy);
    if (rules == null) {
        return null;
    }
    EntitlementCondition ec = null;
    for (Rule rule : rules) {
        Condition condition = rule.getCondition();
        JAXBElement jaxbElement = condition.getExpression();
        if (jaxbElement.getDeclaredType().equals(Apply.class)) {
            Apply apply = (Apply) jaxbElement.getValue();
            String functionId = apply.getFunctionId();
            if (XACMLConstants.JSON_SUBJECT_AND_CONDITION_SATISFIED.equals(functionId)) {
                List<JAXBElement<?>> expressionList = apply.getExpression();
                for (JAXBElement jaxe : expressionList) {
                    if (jaxe.getDeclaredType().equals(AttributeValue.class)) {
                        AttributeValue av = (AttributeValue) jaxe.getValue();
                        String dataType = av.getDataType();
                        if (dataType.startsWith(XACMLConstants.JSON_CONDITION_DATATYPE)) {
                            List<Object> valueList = av.getContent();
                            String value = null;
                            if (valueList != null) {
                                for (Object ob : valueList) {
                                    if (ob instanceof String) {
                                        value = (String) ob;
                                        break;
                                    }
                                }
                            }
                            if (value != null) {
                                ec = createEntitlementCondition(dataType, value);
                            }
                        }
                    }
                }
            }
            if (ec != null) {
                break;
            }
        }
    }
    return ec;
}
Also used : EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition) Condition(com.sun.identity.entitlement.xacml3.core.Condition) EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition) AttributeValue(com.sun.identity.entitlement.xacml3.core.AttributeValue) Apply(com.sun.identity.entitlement.xacml3.core.Apply) JSONObject(org.json.JSONObject) Rule(com.sun.identity.entitlement.xacml3.core.Rule) JAXBElement(javax.xml.bind.JAXBElement)

Aggregations

AttributeValue (com.sun.identity.entitlement.xacml3.core.AttributeValue)20 Match (com.sun.identity.entitlement.xacml3.core.Match)10 JSONObject (org.json.JSONObject)9 AttributeDesignator (com.sun.identity.entitlement.xacml3.core.AttributeDesignator)7 AnyOf (com.sun.identity.entitlement.xacml3.core.AnyOf)5 JAXBElement (javax.xml.bind.JAXBElement)5 EntitlementCondition (com.sun.identity.entitlement.EntitlementCondition)4 Condition (com.sun.identity.entitlement.xacml3.core.Condition)4 Rule (com.sun.identity.entitlement.xacml3.core.Rule)4 HashSet (java.util.HashSet)4 AllOf (com.sun.identity.entitlement.xacml3.core.AllOf)3 Apply (com.sun.identity.entitlement.xacml3.core.Apply)3 AttributeAssignmentExpression (com.sun.identity.entitlement.xacml3.core.AttributeAssignmentExpression)3 VariableDefinition (com.sun.identity.entitlement.xacml3.core.VariableDefinition)3 JAXBContext (javax.xml.bind.JAXBContext)3 EntitlementSubject (com.sun.identity.entitlement.EntitlementSubject)2 AdviceExpression (com.sun.identity.entitlement.xacml3.core.AdviceExpression)2 Policy (com.sun.identity.entitlement.xacml3.core.Policy)2 Target (com.sun.identity.entitlement.xacml3.core.Target)2 Version (com.sun.identity.entitlement.xacml3.core.Version)2