Examples with Policy com.sun.identity.entitlement.xacml3.core.Policy used on opensource projects

Example 21 with Policy

use of com.sun.identity.entitlement.xacml3.core.Policy in project OpenAM by OpenRock.

the class XACMLReaderWriter method toXACML.

/**
     * Translate provided OpenAM Privilege and ReferralPrivilege objects into XACML PolicySet.
     *
     * @param realm The realm to which the provided privileges belong.,
     * @param privilegeSet The Privileges and ReferralPrivileges to translate.
     * @return XACML PolicySet
     * @throws EntitlementException If there was any unexpected error.
     */
public PolicySet toXACML(String realm, PrivilegeSet privilegeSet) throws EntitlementException {
    PolicySet policySet = XACMLPrivilegeUtils.privilegesToPolicySet(realm, privilegeSet.getPrivileges());
    for (ReferralPrivilege referralPrivilege : privilegeSet.getReferralPrivileges()) {
        try {
            Policy policy = XACMLPrivilegeUtils.referralToPolicy(referralPrivilege);
            XACMLPrivilegeUtils.addPolicyToPolicySet(policy, policySet);
        } catch (JSONException e) {
            throw new EntitlementException(JSON_PARSE_ERROR, e);
        } catch (JAXBException e) {
            throw new EntitlementException(JSON_PARSE_ERROR, e);
        }
    }
    return policySet;
}

Example 22 with Policy

use of com.sun.identity.entitlement.xacml3.core.Policy in project OpenAM by OpenRock.

the class XACMLSchemaFactory method resourceAttributeToAdviceExpression.

/**
     * Convert one {@link com.sun.identity.entitlement.ResourceAttribute} object into an
     * {@link com.sun.identity.entitlement.xacml3.core.AdviceExpression} object.
     *
     * @param resourceAttribute The resource attribute
     * @return the advice expression
     * @throws com.sun.identity.entitlement.EntitlementException on JSON conversion errors
     */
public AdviceExpression resourceAttributeToAdviceExpression(ResourceAttribute resourceAttribute) throws EntitlementException {
    // A pseudo-urn to use for advice/attribute id
    final String adviceId = XACMLConstants.JSON_RESOURCE_ATTRIBUTE_ADVICE_ID + ":" + resourceAttribute.getClass().getName();
    AdviceExpression result = new AdviceExpression();
    AttributeValue attributeValue = factory.createAttributeValue();
    attributeValue.setDataType(XACMLConstants.XS_STRING);
    // We bypass much of the grief of conversion by getting JSON to do the heavy lifting for us.
    attributeValue.getContent().add(resourceAttributeUtil.toJSON(resourceAttribute));
    JAXBElement<AttributeValue> jaxbElement = factory.createAttributeValue(attributeValue);
    AttributeAssignmentExpression attributeAssignmentExpression = factory.createAttributeAssignmentExpression();
    attributeAssignmentExpression.setExpression(jaxbElement);
    attributeAssignmentExpression.setAttributeId(adviceId + ":" + resourceAttribute.getPropertyName());
    result.getAttributeAssignmentExpression().add(attributeAssignmentExpression);
    // Resource Attributes are returned on successful policy decisions
    result.setAppliesTo(EffectType.PERMIT);
    // Set an AdviceId to be in strict compliance with the schema
    result.setAdviceId(adviceId);
    return result;
}

Example 23 with Policy

use of com.sun.identity.entitlement.xacml3.core.Policy in project OpenAM by OpenRock.

the class XACMLPrivilegeUtils method policyToPrivilege.

public static Privilege policyToPrivilege(Policy policy) throws EntitlementException {
    String policyId = policy.getPolicyId();
    String privilegeName = policyIdToPrivilegeName(policyId);
    String description = policy.getDescription();
    String createdBy = getVariableById(policy, XACMLConstants.PRIVILEGE_CREATED_BY);
    long createdAt = dateStringToLong(getVariableById(policy, XACMLConstants.PRIVILEGE_CREATION_DATE));
    String lastModifiedBy = getVariableById(policy, XACMLConstants.PRIVILEGE_LAST_MODIFIED_BY);
    long lastModifiedAt = dateStringToLong(getVariableById(policy, XACMLConstants.PRIVILEGE_LAST_MODIFIED_DATE));
    String entitlementName = getVariableById(policy, XACMLConstants.ENTITLEMENT_NAME);
    String applicationName = getVariableById(policy, XACMLConstants.APPLICATION_NAME);
    List<Match> policyMatches = getAllMatchesFromTarget(policy.getTarget());
    Set<String> resourceNames = getResourceNamesFromMatches(policyMatches);
    Map<String, Boolean> actionValues = getActionValuesFromPolicy(policy);
    EntitlementSubject es = getEntitlementSubjectFromPolicy(policy);
    EntitlementCondition ec = getEntitlementConditionFromPolicy(policy);
    /*
         * Construct entitlement from Rule target
         * Get resource names, excluded resource names, action names from Rule Match element
         * One Match for Action
         * One Rule per value
         */
    Entitlement entitlement = new Entitlement(applicationName, resourceNames, actionValues);
    if (entitlementName != null) {
        entitlement.setName(entitlementName);
    }
    // Process AdviceExpressions from Export into ResourceAttributes
    Set<ResourceAttribute> ras = schemaFactory.adviceExpressionsToResourceAttributes(policy.getAdviceExpressions());
    Privilege privilege = new XACMLOpenSSOPrivilege();
    privilege.setName(privilegeName);
    privilege.setDescription(description);
    privilege.setCreatedBy(createdBy);
    privilege.setCreationDate(createdAt);
    privilege.setLastModifiedBy(lastModifiedBy);
    privilege.setLastModifiedDate(lastModifiedAt);
    privilege.setEntitlement(entitlement);
    privilege.setSubject(es);
    privilege.setCondition(ec);
    privilege.setResourceAttributes(ras);
    return privilege;
}

Example 24 with Policy

use of com.sun.identity.entitlement.xacml3.core.Policy in project OpenAM by OpenRock.

the class XACMLPrivilegeUtils method getPoliciesFromPolicySet.

public static Set<Policy> getPoliciesFromPolicySet(PolicySet policySet) {
    if (policySet == null) {
        return null;
    }
    Set<Policy> policies = new HashSet<Policy>();
    List<JAXBElement<?>> choiceList = policySet.getPolicySetOrPolicyOrPolicySetIdReference();
    for (JAXBElement jaxe : choiceList) {
        if (jaxe.getDeclaredType().equals(Policy.class)) {
            Policy p = (Policy) jaxe.getValue();
            policies.add(p);
        }
    }
    return policies;
}

Example 25 with Policy

use of com.sun.identity.entitlement.xacml3.core.Policy in project OpenAM by OpenRock.

the class XACMLPrivilegeUtils method getVariableById.

public static String getVariableById(Policy policy, String id) {
    String val = null;
    List<Object> vrList = policy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition();
    for (Object obj : vrList) {
        if (obj instanceof VariableDefinition) {
            VariableDefinition vd = (VariableDefinition) obj;
            if (vd.getVariableId().equals(id)) {
                JAXBElement<AttributeValue> jav = (JAXBElement<AttributeValue>) vd.getExpression();
                AttributeValue attributeValue = (AttributeValue) jav.getValue();
                val = attributeValue.getContent().get(0).toString();
            }
        }
    }
    return val;
}