use of com.sun.identity.entitlement.xacml3.core.Policy in project OpenAM by OpenRock.
the class XACMLReaderWriter method toXACML.
/**
* Translate provided OpenAM Privilege and ReferralPrivilege objects into XACML PolicySet.
*
* @param realm The realm to which the provided privileges belong.,
* @param privilegeSet The Privileges and ReferralPrivileges to translate.
* @return XACML PolicySet
* @throws EntitlementException If there was any unexpected error.
*/
public PolicySet toXACML(String realm, PrivilegeSet privilegeSet) throws EntitlementException {
PolicySet policySet = XACMLPrivilegeUtils.privilegesToPolicySet(realm, privilegeSet.getPrivileges());
for (ReferralPrivilege referralPrivilege : privilegeSet.getReferralPrivileges()) {
try {
Policy policy = XACMLPrivilegeUtils.referralToPolicy(referralPrivilege);
XACMLPrivilegeUtils.addPolicyToPolicySet(policy, policySet);
} catch (JSONException e) {
throw new EntitlementException(JSON_PARSE_ERROR, e);
} catch (JAXBException e) {
throw new EntitlementException(JSON_PARSE_ERROR, e);
}
}
return policySet;
}
use of com.sun.identity.entitlement.xacml3.core.Policy in project OpenAM by OpenRock.
the class XACMLSchemaFactory method resourceAttributeToAdviceExpression.
/**
* Convert one {@link com.sun.identity.entitlement.ResourceAttribute} object into an
* {@link com.sun.identity.entitlement.xacml3.core.AdviceExpression} object.
*
* @param resourceAttribute The resource attribute
* @return the advice expression
* @throws com.sun.identity.entitlement.EntitlementException on JSON conversion errors
*/
public AdviceExpression resourceAttributeToAdviceExpression(ResourceAttribute resourceAttribute) throws EntitlementException {
// A pseudo-urn to use for advice/attribute id
final String adviceId = XACMLConstants.JSON_RESOURCE_ATTRIBUTE_ADVICE_ID + ":" + resourceAttribute.getClass().getName();
AdviceExpression result = new AdviceExpression();
AttributeValue attributeValue = factory.createAttributeValue();
attributeValue.setDataType(XACMLConstants.XS_STRING);
// We bypass much of the grief of conversion by getting JSON to do the heavy lifting for us.
attributeValue.getContent().add(resourceAttributeUtil.toJSON(resourceAttribute));
JAXBElement<AttributeValue> jaxbElement = factory.createAttributeValue(attributeValue);
AttributeAssignmentExpression attributeAssignmentExpression = factory.createAttributeAssignmentExpression();
attributeAssignmentExpression.setExpression(jaxbElement);
attributeAssignmentExpression.setAttributeId(adviceId + ":" + resourceAttribute.getPropertyName());
result.getAttributeAssignmentExpression().add(attributeAssignmentExpression);
// Resource Attributes are returned on successful policy decisions
result.setAppliesTo(EffectType.PERMIT);
// Set an AdviceId to be in strict compliance with the schema
result.setAdviceId(adviceId);
return result;
}
use of com.sun.identity.entitlement.xacml3.core.Policy in project OpenAM by OpenRock.
the class XACMLPrivilegeUtils method policyToPrivilege.
public static Privilege policyToPrivilege(Policy policy) throws EntitlementException {
String policyId = policy.getPolicyId();
String privilegeName = policyIdToPrivilegeName(policyId);
String description = policy.getDescription();
String createdBy = getVariableById(policy, XACMLConstants.PRIVILEGE_CREATED_BY);
long createdAt = dateStringToLong(getVariableById(policy, XACMLConstants.PRIVILEGE_CREATION_DATE));
String lastModifiedBy = getVariableById(policy, XACMLConstants.PRIVILEGE_LAST_MODIFIED_BY);
long lastModifiedAt = dateStringToLong(getVariableById(policy, XACMLConstants.PRIVILEGE_LAST_MODIFIED_DATE));
String entitlementName = getVariableById(policy, XACMLConstants.ENTITLEMENT_NAME);
String applicationName = getVariableById(policy, XACMLConstants.APPLICATION_NAME);
List<Match> policyMatches = getAllMatchesFromTarget(policy.getTarget());
Set<String> resourceNames = getResourceNamesFromMatches(policyMatches);
Map<String, Boolean> actionValues = getActionValuesFromPolicy(policy);
EntitlementSubject es = getEntitlementSubjectFromPolicy(policy);
EntitlementCondition ec = getEntitlementConditionFromPolicy(policy);
/*
* Construct entitlement from Rule target
* Get resource names, excluded resource names, action names from Rule Match element
* One Match for Action
* One Rule per value
*/
Entitlement entitlement = new Entitlement(applicationName, resourceNames, actionValues);
if (entitlementName != null) {
entitlement.setName(entitlementName);
}
// Process AdviceExpressions from Export into ResourceAttributes
Set<ResourceAttribute> ras = schemaFactory.adviceExpressionsToResourceAttributes(policy.getAdviceExpressions());
Privilege privilege = new XACMLOpenSSOPrivilege();
privilege.setName(privilegeName);
privilege.setDescription(description);
privilege.setCreatedBy(createdBy);
privilege.setCreationDate(createdAt);
privilege.setLastModifiedBy(lastModifiedBy);
privilege.setLastModifiedDate(lastModifiedAt);
privilege.setEntitlement(entitlement);
privilege.setSubject(es);
privilege.setCondition(ec);
privilege.setResourceAttributes(ras);
return privilege;
}
use of com.sun.identity.entitlement.xacml3.core.Policy in project OpenAM by OpenRock.
the class XACMLPrivilegeUtils method getPoliciesFromPolicySet.
public static Set<Policy> getPoliciesFromPolicySet(PolicySet policySet) {
if (policySet == null) {
return null;
}
Set<Policy> policies = new HashSet<Policy>();
List<JAXBElement<?>> choiceList = policySet.getPolicySetOrPolicyOrPolicySetIdReference();
for (JAXBElement jaxe : choiceList) {
if (jaxe.getDeclaredType().equals(Policy.class)) {
Policy p = (Policy) jaxe.getValue();
policies.add(p);
}
}
return policies;
}
use of com.sun.identity.entitlement.xacml3.core.Policy in project OpenAM by OpenRock.
the class XACMLPrivilegeUtils method getVariableById.
public static String getVariableById(Policy policy, String id) {
String val = null;
List<Object> vrList = policy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition();
for (Object obj : vrList) {
if (obj instanceof VariableDefinition) {
VariableDefinition vd = (VariableDefinition) obj;
if (vd.getVariableId().equals(id)) {
JAXBElement<AttributeValue> jav = (JAXBElement<AttributeValue>) vd.getExpression();
AttributeValue attributeValue = (AttributeValue) jav.getValue();
val = attributeValue.getContent().get(0).toString();
}
}
}
return val;
}
Aggregations