use of com.sun.identity.entitlement.xacml3.core.AttributeValue in project OpenAM by OpenRock.
the class XACMLPrivilegeUtils method getEntitlementConditionFromPolicy.
static EntitlementCondition getEntitlementConditionFromPolicy(Policy policy) throws EntitlementException {
if (policy == null) {
return null;
}
List<Rule> rules = getRules(policy);
if (rules == null) {
return null;
}
EntitlementCondition ec = null;
for (Rule rule : rules) {
Condition condition = rule.getCondition();
JAXBElement jaxbElement = condition.getExpression();
if (jaxbElement.getDeclaredType().equals(Apply.class)) {
Apply apply = (Apply) jaxbElement.getValue();
String functionId = apply.getFunctionId();
if (XACMLConstants.JSON_SUBJECT_AND_CONDITION_SATISFIED.equals(functionId)) {
List<JAXBElement<?>> expressionList = apply.getExpression();
for (JAXBElement jaxe : expressionList) {
if (jaxe.getDeclaredType().equals(AttributeValue.class)) {
AttributeValue av = (AttributeValue) jaxe.getValue();
String dataType = av.getDataType();
if (dataType.startsWith(XACMLConstants.JSON_CONDITION_DATATYPE)) {
List<Object> valueList = av.getContent();
String value = null;
if (valueList != null) {
for (Object ob : valueList) {
if (ob instanceof String) {
value = (String) ob;
break;
}
}
}
if (value != null) {
ec = createEntitlementCondition(dataType, value);
}
}
}
}
}
if (ec != null) {
break;
}
}
}
return ec;
}
use of com.sun.identity.entitlement.xacml3.core.AttributeValue in project OpenAM by OpenRock.
the class XACMLPrivilegeUtils method eSubjectConditionToXCondition.
public static Condition eSubjectConditionToXCondition(EntitlementSubject es, EntitlementCondition ec) throws JAXBException {
Condition condition = null;
if (es != null || ec != null) {
condition = new Condition();
JAXBContext jaxbContext = JAXBContext.newInstance(XACMLConstants.XACML3_CORE_PKG);
Apply apply = new Apply();
apply.setFunctionId(XACMLConstants.JSON_SUBJECT_AND_CONDITION_SATISFIED);
List applyExpressions = apply.getExpression();
if (es != null) {
String esString = es.getState();
// TODO: add custom xml attribute to idenity as privilge subject
AttributeValue esv = new AttributeValue();
Map<QName, String> otherAttrs = esv.getOtherAttributes();
QName qn = new QName("privilegeComponent");
otherAttrs.put(qn, "entitlementSubject");
String dataType = XACMLConstants.JSON_SUBJECT_DATATYPE + ":" + es.getClass().getName();
esv.setDataType(dataType);
esv.getContent().add(esString);
JAXBElement esve = objectFactory.createAttributeValue(esv);
applyExpressions.add(esve);
}
if (ec != null) {
String ecString = ec.getState();
// TODO: add custom xml attribute to idenity as privilge condition
AttributeValue ecv = new AttributeValue();
Map<QName, String> otherAttrs = ecv.getOtherAttributes();
QName qn = new QName("privilegeComponent");
otherAttrs.put(qn, "entitlementCondition");
String dataType = XACMLConstants.JSON_CONDITION_DATATYPE + ":" + ec.getClass().getName();
ecv.setDataType(dataType);
ecv.getContent().add(ecString);
JAXBElement ecve = objectFactory.createAttributeValue(ecv);
applyExpressions.add(ecve);
}
JAXBElement applyElement = objectFactory.createApply(apply);
condition.setExpression(applyElement);
}
return condition;
}
use of com.sun.identity.entitlement.xacml3.core.AttributeValue in project OpenAM by OpenRock.
the class XACMLPrivilegeUtils method getActionNamesFromMatches.
static Set<String> getActionNamesFromMatches(List<Match> matches) {
if (matches == null) {
return null;
}
Set<String> actionNames = new HashSet<String>();
for (Match match : matches) {
String matchId = match.getMatchId();
if ((matchId != null) && matchId.indexOf(":action-match:") != -1) {
AttributeValue attributeValue = match.getAttributeValue();
if (attributeValue != null) {
List<Object> contentList = attributeValue.getContent();
if ((contentList != null) && !contentList.isEmpty()) {
// FIXME: log a warning if more than one element
Object obj = contentList.get(0);
actionNames.add(obj.toString());
}
}
}
}
return actionNames;
}
use of com.sun.identity.entitlement.xacml3.core.AttributeValue in project verify-hub by alphagov.
the class VerifiedAttributesLoggerTest method shouldLogDateOfBirthHistory.
@Test
public void shouldLogDateOfBirthHistory() throws Exception {
Attribute dateOfBirthAttribute = new AttributeBuilder().buildObject();
dateOfBirthAttribute.setName(IdaConstants.Attributes_1_1.DateOfBirth.NAME);
AttributeValue oldDateOfBirthAttributeValue = new DateAttributeValueBuilder().withTo(DateTime.now().minusDays(1)).withVerified(true).build();
AttributeValue currentDateOfBirthAttributeValue = new DateAttributeValueBuilder().withTo(null).build();
dateOfBirthAttribute.getAttributeValues().add(oldDateOfBirthAttributeValue);
dateOfBirthAttribute.getAttributeValues().add(currentDateOfBirthAttributeValue);
List<Attribute> attributes = aMatchingDatasetAttributeStatement_1_1().withDateOfBirth(dateOfBirthAttribute).build().getAttributes();
AttributeStatementLogData actual = mapper.readValue(formatAttributes("any-issuer", LEVEL_2, attributes), AttributeStatementLogData.class);
Map<String, List<VerifiedAttributeLogData>> attributesMap = actual.getAttributes();
assertThat(attributesMap.get(IdaConstants.Attributes_1_1.DateOfBirth.NAME)).isEqualTo(ImmutableList.of(new VerifiedAttributeLogData(true, "less than 180 days"), new VerifiedAttributeLogData(false, null)));
}
use of com.sun.identity.entitlement.xacml3.core.AttributeValue in project verify-hub by alphagov.
the class VerifiedAttributesLoggerTest method shouldLogPreviousAddressHistory.
@Test
public void shouldLogPreviousAddressHistory() throws Exception {
AttributeValue previousAddressAttributeValue = new AddressAttributeValueBuilder_1_1().withFrom(DateTime.now().minusYears(10)).withTo(DateTime.now().minusYears(1)).withVerified(false).build();
Attribute previousAddressAttribute = new AttributeBuilder().buildObject();
previousAddressAttribute.setName(IdaConstants.Attributes_1_1.PreviousAddress.NAME);
previousAddressAttribute.getAttributeValues().add(previousAddressAttributeValue);
List<Attribute> attributes = aMatchingDatasetAttributeStatement_1_1().addPreviousAddress(previousAddressAttribute).build().getAttributes();
AttributeStatementLogData actual = mapper.readValue(formatAttributes("any-issuer", LEVEL_2, attributes), AttributeStatementLogData.class);
Map<String, List<VerifiedAttributeLogData>> attributesMap = actual.getAttributes();
assertThat(attributesMap.get(IdaConstants.Attributes_1_1.PreviousAddress.NAME)).isEqualTo(ImmutableList.of(new VerifiedAttributeLogData(false, "more than 180 days")));
}
Aggregations