Examples with Target com.sun.identity.entitlement.xacml3.core.Target used on opensource projects

Search in sources :

Example 1 with Target

use of com.sun.identity.entitlement.xacml3.core.Target in project OpenAM by OpenRock.

the class XACMLPrivilegeUtils method privilegeToPolicyInternal.

private static Policy privilegeToPolicyInternal(Privilege privilege) throws JAXBException, EntitlementException {
    if (privilege == null) {
        return null;
    }
    Policy policy = new Policy();
    String privilegeName = privilege.getName();
    String applicationName = null;
    String entitlementName = null;
    Entitlement entitlement = privilege.getEntitlement();
    if (entitlement != null) {
        applicationName = entitlement.getApplicationName();
        entitlementName = entitlement.getName();
    }
    String policyId = privilegeNameToPolicyId(privilegeName, applicationName);
    policy.setPolicyId(policyId);
    String description = privilege.getDescription();
    policy.setDescription(description);
    List<Object> vrList = policy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition();
    JAXBContext jaxbContext = JAXBContext.newInstance(XACMLConstants.XACML3_CORE_PKG);
    if (applicationName != null) {
        VariableDefinition appName = new VariableDefinition();
        vrList.add(appName);
        appName.setVariableId(XACMLConstants.APPLICATION_NAME);
        AttributeValue cbv = new AttributeValue();
        cbv.setDataType(XACMLConstants.XS_STRING);
        cbv.getContent().add(applicationName);
        JAXBElement<AttributeValue> cbve = objectFactory.createAttributeValue(cbv);
        appName.setExpression(cbve);
    }
    if (entitlementName != null) {
        VariableDefinition entName = new VariableDefinition();
        vrList.add(entName);
        entName.setVariableId(XACMLConstants.ENTITLEMENT_NAME);
        AttributeValue cbv = new AttributeValue();
        cbv.setDataType(XACMLConstants.XS_STRING);
        cbv.getContent().add(entitlementName);
        JAXBElement<AttributeValue> cbve = objectFactory.createAttributeValue(cbv);
        entName.setExpression(cbve);
    }
    VariableDefinition createdBy = new VariableDefinition();
    vrList.add(createdBy);
    createdBy.setVariableId(XACMLConstants.PRIVILEGE_CREATED_BY);
    AttributeValue cbv = new AttributeValue();
    cbv.setDataType(XACMLConstants.XS_STRING);
    cbv.getContent().add(privilege.getCreatedBy());
    JAXBElement<AttributeValue> cbve = objectFactory.createAttributeValue(cbv);
    createdBy.setExpression(cbve);
    VariableDefinition lastModifiedBy = new VariableDefinition();
    vrList.add(lastModifiedBy);
    lastModifiedBy.setVariableId(XACMLConstants.PRIVILEGE_LAST_MODIFIED_BY);
    AttributeValue lmbv = new AttributeValue();
    lmbv.setDataType(XACMLConstants.XS_STRING);
    lmbv.getContent().add(privilege.getLastModifiedBy());
    JAXBElement<AttributeValue> lmbve = objectFactory.createAttributeValue(lmbv);
    lastModifiedBy.setExpression(lmbve);
    SimpleDateFormat sdf1 = new SimpleDateFormat("yyyy-MM-dd");
    SimpleDateFormat sdf2 = new SimpleDateFormat("HH:mm:ss.SSS");
    SimpleDateFormat sdf3 = new SimpleDateFormat("yyyy.MM.dd.HH.mm.ss.SSS");
    sdf1.setTimeZone(TimeZone.getTimeZone("GMT"));
    sdf2.setTimeZone(TimeZone.getTimeZone("GMT"));
    sdf3.setTimeZone(TimeZone.getTimeZone("GMT"));
    VariableDefinition creationDate = new VariableDefinition();
    vrList.add(creationDate);
    creationDate.setVariableId(XACMLConstants.PRIVILEGE_CREATION_DATE);
    AttributeValue cdv = new AttributeValue();
    cdv.setDataType(XACMLConstants.XS_DATE_TIME);
    cdv.getContent().add(sdf1.format(privilege.getCreationDate()) + "T" + sdf2.format(privilege.getCreationDate()));
    JAXBElement<AttributeValue> cdve = objectFactory.createAttributeValue(cdv);
    creationDate.setExpression(cdve);
    VariableDefinition lastModifiedDate = new VariableDefinition();
    vrList.add(lastModifiedDate);
    lastModifiedDate.setVariableId(XACMLConstants.PRIVILEGE_LAST_MODIFIED_DATE);
    AttributeValue lmdv = new AttributeValue();
    lmdv.setDataType(XACMLConstants.XS_DATE_TIME);
    lmdv.getContent().add(sdf1.format(privilege.getLastModifiedDate()) + "T" + sdf2.format(privilege.getLastModifiedDate()));
    JAXBElement<AttributeValue> lmdve = objectFactory.createAttributeValue(lmdv);
    lastModifiedDate.setExpression(lmdve);
    // PolicyIssuer policyIssuer = null;  // optional, TODO
    Version version = new Version();
    // TODO: use privilege version in future
    version.setValue(sdf3.format(privilege.getLastModifiedDate()));
    policy.setVersion(version);
    // Defaults policyDefaults = null; // optional, TODO
    String rca = getRuleCombiningAlgId(applicationName);
    policy.setRuleCombiningAlgId(rca);
    // String ruleCombiningAlgId = "rca"; // required
    // XACML Target contains a  list of AnyOf(s)
    // XACML AnyOf contains a list of AllOf(s)
    // XACML AllOf contains a list of Match(s)
    Target target = new Target();
    policy.setTarget(target);
    List<AnyOf> targetAnyOfList = target.getAnyOf();
    EntitlementSubject es = privilege.getSubject();
    /* TODO: detect simple subjects and set attribute value and designator
        List<AnyOf> anyOfSubjectList = entitlementSubjectToAnyOfList(es);
        if (anyOfSubjectList != null) {
            targetAnyOfList.addAll(anyOfSubjectList);
        }
        */
    AnyOf anyOfSubject = entitlementSubjectToAnyOf(es);
    if (anyOfSubject != null) {
        targetAnyOfList.add(anyOfSubject);
    }
    Set<String> resources = entitlement.getResourceNames();
    List<AnyOf> anyOfResourceList = resourceNamesToAnyOfList(resources, applicationName);
    if (anyOfResourceList != null) {
        targetAnyOfList.addAll(anyOfResourceList);
    }
    AnyOf anyOfApplication = applicationNameToAnyOf(applicationName);
    if (anyOfApplication != null) {
        targetAnyOfList.add(anyOfApplication);
    }
    Map<String, Boolean> actionValues = entitlement.getActionValues();
    List<AnyOf> anyOfActionList = actionNamesToAnyOfList(actionValues.keySet(), applicationName);
    if (anyOfActionList != null) {
        targetAnyOfList.addAll(anyOfActionList);
    }
    // PermitRule, DenyRule
    Set<String> permitActions = new HashSet<String>();
    Set<String> denyActions = new HashSet<String>();
    if (actionValues != null) {
        Set<String> actionNames = actionValues.keySet();
        for (String actionName : actionNames) {
            if (Boolean.TRUE.equals(actionValues.get(actionName))) {
                permitActions.add(actionName);
            } else {
                denyActions.add(actionName);
            }
        }
    }
    Condition condition = eSubjectConditionToXCondition(privilege.getSubject(), privilege.getCondition());
    // Include resource attributes (ResourceProvider) as AdviceExpressions
    Set<ResourceAttribute> ra = privilege.getResourceAttributes();
    if (ra != null && !ra.isEmpty()) {
        AdviceExpressions adviceExpressions = schemaFactory.resourceAttributesToAdviceExpressions(ra);
        policy.setAdviceExpressions(adviceExpressions);
    }
    if (!permitActions.isEmpty()) {
        Rule permitRule = new Rule();
        vrList.add(permitRule);
        permitRule.setRuleId(entitlement.getName() + ":" + XACMLConstants.PREMIT_RULE_SUFFIX);
        permitRule.setDescription(XACMLConstants.PERMIT_RULE_DESCRIPTION);
        permitRule.setEffect(EffectType.PERMIT);
        Target permitTarget = new Target();
        permitRule.setTarget(permitTarget);
        List<AnyOf> permitTargetAnyOfList = permitTarget.getAnyOf();
        List<AnyOf> anyOfPermitActionList = actionNamesToAnyOfList(permitActions, applicationName);
        if (anyOfPermitActionList != null) {
            permitTargetAnyOfList.addAll(anyOfPermitActionList);
        }
        if (condition != null) {
            permitRule.setCondition(condition);
        }
    }
    if (!denyActions.isEmpty()) {
        Rule denyRule = new Rule();
        vrList.add(denyRule);
        denyRule.setRuleId(entitlement.getName() + ":" + XACMLConstants.DENY_RULE_SUFFIX);
        denyRule.setDescription(XACMLConstants.DENY_RULE_DESCRIPTION);
        denyRule.setEffect(EffectType.DENY);
        Target denyTarget = new Target();
        denyRule.setTarget(denyTarget);
        List<AnyOf> denyTargetAnyOfList = denyTarget.getAnyOf();
        List<AnyOf> anyOfDenyActionList = actionNamesToAnyOfList(denyActions, applicationName);
        if (anyOfDenyActionList != null) {
            denyTargetAnyOfList.addAll(anyOfDenyActionList);
        }
        if (condition != null) {
            denyRule.setCondition(condition);
        }
    }
    return policy;
}
Also used : Policy(com.sun.identity.entitlement.xacml3.core.Policy) EntitlementCondition(com.sun.identity.entitlement.EntitlementCondition) Condition(com.sun.identity.entitlement.xacml3.core.Condition) AttributeValue(com.sun.identity.entitlement.xacml3.core.AttributeValue) VariableDefinition(com.sun.identity.entitlement.xacml3.core.VariableDefinition) AnyOf(com.sun.identity.entitlement.xacml3.core.AnyOf) JAXBContext(javax.xml.bind.JAXBContext) EntitlementSubject(com.sun.identity.entitlement.EntitlementSubject) Target(com.sun.identity.entitlement.xacml3.core.Target) Version(com.sun.identity.entitlement.xacml3.core.Version) JSONObject(org.json.JSONObject) AdviceExpressions(com.sun.identity.entitlement.xacml3.core.AdviceExpressions) Rule(com.sun.identity.entitlement.xacml3.core.Rule) Entitlement(com.sun.identity.entitlement.Entitlement) ResourceAttribute(com.sun.identity.entitlement.ResourceAttribute) SimpleDateFormat(java.text.SimpleDateFormat) HashSet(java.util.HashSet)

Example 2 with Target

use of com.sun.identity.entitlement.xacml3.core.Target in project OpenAM by OpenRock.

the class XACMLPrivilegeUtils method getActionValuesFromPolicy.

static Map<String, Boolean> getActionValuesFromPolicy(Policy policy) {
    if (policy == null) {
        return null;
    }
    List<Rule> rules = getRules(policy);
    if (rules == null) {
        return null;
    }
    Map<String, Boolean> actionValues = new HashMap<String, Boolean>();
    for (Rule rule : rules) {
        Target target = rule.getTarget();
        List<Match> matches = getAllMatchesFromTarget(target);
        Set<String> actions = getActionNamesFromMatches(matches);
        EffectType effectType = rule.getEffect();
        for (String action : actions) {
            actionValues.put(action, (EffectType.PERMIT == effectType) ? Boolean.TRUE : Boolean.FALSE);
        }
    }
    return actionValues;
}
Also used : Target(com.sun.identity.entitlement.xacml3.core.Target) HashMap(java.util.HashMap) Rule(com.sun.identity.entitlement.xacml3.core.Rule) EffectType(com.sun.identity.entitlement.xacml3.core.EffectType) Match(com.sun.identity.entitlement.xacml3.core.Match)

Example 3 with Target

use of com.sun.identity.entitlement.xacml3.core.Target in project OpenAM by OpenRock.

the class XACMLPrivilegeUtils method referralToPolicyInternal.

public static Policy referralToPolicyInternal(ReferralPrivilege privilege) throws JAXBException, JSONException {
    if (privilege == null) {
        return null;
    }
    Policy policy = new Policy();
    String privilegeName = privilege.getName();
    String policyId = privilegeNameToPolicyId(privilegeName, null);
    policy.setPolicyId(policyId);
    String description = privilege.getDescription();
    policy.setDescription(description);
    List<Object> vrList = policy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition();
    JAXBContext jaxbContext = JAXBContext.newInstance(XACMLConstants.XACML3_CORE_PKG);
    VariableDefinition createdBy = new VariableDefinition();
    vrList.add(createdBy);
    createdBy.setVariableId(XACMLConstants.PRIVILEGE_CREATED_BY);
    AttributeValue cbv = new AttributeValue();
    cbv.setDataType(XACMLConstants.XS_STRING);
    cbv.getContent().add(privilege.getCreatedBy());
    JAXBElement<AttributeValue> cbve = objectFactory.createAttributeValue(cbv);
    createdBy.setExpression(cbve);
    VariableDefinition lastModifiedBy = new VariableDefinition();
    vrList.add(lastModifiedBy);
    lastModifiedBy.setVariableId(XACMLConstants.PRIVILEGE_LAST_MODIFIED_BY);
    AttributeValue lmbv = new AttributeValue();
    lmbv.setDataType(XACMLConstants.XS_STRING);
    lmbv.getContent().add(privilege.getLastModifiedBy());
    JAXBElement<AttributeValue> lmbve = objectFactory.createAttributeValue(lmbv);
    lastModifiedBy.setExpression(lmbve);
    SimpleDateFormat sdf1 = new SimpleDateFormat("yyyy-MM-dd");
    SimpleDateFormat sdf2 = new SimpleDateFormat("HH:mm:ss.SSS");
    SimpleDateFormat sdf3 = new SimpleDateFormat("yyyy.MM.dd.HH.mm.ss.SSS");
    sdf1.setTimeZone(TimeZone.getTimeZone("GMT"));
    sdf2.setTimeZone(TimeZone.getTimeZone("GMT"));
    sdf3.setTimeZone(TimeZone.getTimeZone("GMT"));
    VariableDefinition creationDate = new VariableDefinition();
    vrList.add(creationDate);
    creationDate.setVariableId(XACMLConstants.PRIVILEGE_CREATION_DATE);
    AttributeValue cdv = new AttributeValue();
    cdv.setDataType(XACMLConstants.XS_DATE_TIME);
    cdv.getContent().add(sdf1.format(privilege.getCreationDate()) + "T" + sdf2.format(privilege.getCreationDate()));
    JAXBElement<AttributeValue> cdve = objectFactory.createAttributeValue(cdv);
    creationDate.setExpression(cdve);
    VariableDefinition lastModifiedDate = new VariableDefinition();
    vrList.add(lastModifiedDate);
    lastModifiedDate.setVariableId(XACMLConstants.PRIVILEGE_LAST_MODIFIED_DATE);
    AttributeValue lmdv = new AttributeValue();
    lmdv.setDataType(XACMLConstants.XS_DATE_TIME);
    lmdv.getContent().add(sdf1.format(privilege.getLastModifiedDate()) + "T" + sdf2.format(privilege.getLastModifiedDate()));
    JAXBElement<AttributeValue> lmdve = objectFactory.createAttributeValue(lmdv);
    lastModifiedDate.setExpression(lmdve);
    VariableDefinition isReferralPolicy = new VariableDefinition();
    vrList.add(isReferralPolicy);
    isReferralPolicy.setVariableId(XACMLConstants.IS_REFERRAL_POLICY);
    AttributeValue irdv = new AttributeValue();
    irdv.setDataType(XACMLConstants.XS_BOOLEAN_TYPE);
    irdv.getContent().add(XACMLConstants.XS_BOOLEAN_TRUE);
    JAXBElement<AttributeValue> irdve = objectFactory.createAttributeValue(irdv);
    isReferralPolicy.setExpression(irdve);
    // PolicyIssuer policyIssuer = null;  // optional, TODO
    Version version = new Version();
    // TODO: use privilege version in future
    version.setValue(sdf3.format(privilege.getLastModifiedDate()));
    policy.setVersion(version);
    // Defaults policyDefaults = null; // optional, TODO
    policy.setRuleCombiningAlgId(XACMLConstants.XACML_RULE_DENY_OVERRIDES);
    // XACML Target contains a  list of AnyOf(s)
    // XACML AnyOf contains a list of AllOf(s)
    // XACML AllOf contains a list of Match(s)
    Target target = new Target();
    policy.setTarget(target);
    List<AnyOf> targetAnyOfList = target.getAnyOf();
    Set<String> realms = privilege.getRealms();
    Map<String, Set<String>> appsResources = privilege.getOriginalMapApplNameToResources();
    AnyOf anyOfRealmsAppsResources = realmsAppsResourcesToAnyOf(realms, appsResources);
    if (anyOfRealmsAppsResources != null) {
        targetAnyOfList.add(anyOfRealmsAppsResources);
    }
    Rule permitRule = new Rule();
    vrList.add(permitRule);
    permitRule.setRuleId(privilegeName + ":" + XACMLConstants.PREMIT_RULE_SUFFIX);
    permitRule.setDescription(XACMLConstants.PERMIT_RULE_DESCRIPTION);
    permitRule.setEffect(EffectType.PERMIT);
    Target permitTarget = new Target();
    permitRule.setTarget(permitTarget);
    return policy;
}
Also used : Policy(com.sun.identity.entitlement.xacml3.core.Policy) AttributeValue(com.sun.identity.entitlement.xacml3.core.AttributeValue) Set(java.util.Set) PolicySet(com.sun.identity.entitlement.xacml3.core.PolicySet) HashSet(java.util.HashSet) VariableDefinition(com.sun.identity.entitlement.xacml3.core.VariableDefinition) AnyOf(com.sun.identity.entitlement.xacml3.core.AnyOf) JAXBContext(javax.xml.bind.JAXBContext) Target(com.sun.identity.entitlement.xacml3.core.Target) Version(com.sun.identity.entitlement.xacml3.core.Version) JSONObject(org.json.JSONObject) Rule(com.sun.identity.entitlement.xacml3.core.Rule) SimpleDateFormat(java.text.SimpleDateFormat)

Example 4 with Target

use of com.sun.identity.entitlement.xacml3.core.Target in project OpenAM by OpenRock.

the class XACMLPrivilegeUtils method getAllMatchesFromTarget.

static List<Match> getAllMatchesFromTarget(Target target) {
    List<Match> matches = new ArrayList<Match>();
    if (target != null) {
        List<AnyOf> anyOfList = target.getAnyOf();
        for (AnyOf anyOf : anyOfList) {
            List<AllOf> allOfList = anyOf.getAllOf();
            for (AllOf allOf : allOfList) {
                List<Match> matchList = allOf.getMatch();
                matches.addAll(matchList);
            }
        }
    }
    return matches;
}
Also used : AnyOf(com.sun.identity.entitlement.xacml3.core.AnyOf) ArrayList(java.util.ArrayList) AllOf(com.sun.identity.entitlement.xacml3.core.AllOf) Match(com.sun.identity.entitlement.xacml3.core.Match)

Example 5 with Target

use of com.sun.identity.entitlement.xacml3.core.Target in project OpenAM by OpenRock.

the class XACMLPrivilegeUtils method policiesToPolicySetInternal.

private static PolicySet policiesToPolicySetInternal(String realm, Set<Policy> policies) throws JAXBException {
    PolicySet policySet = new PolicySet();
    SimpleDateFormat sdf = new SimpleDateFormat("yyyy.MM.dd.HH.mm.ss.SSS");
    sdf.setTimeZone(TimeZone.getTimeZone("GMT"));
    String currentTime = sdf.format(System.currentTimeMillis());
    String policySetId = realm + ":" + currentTime;
    policySet.setPolicySetId(policySetId);
    Version version = new Version();
    version.setValue(sdf.format(System.currentTimeMillis()));
    policySet.setVersion(version);
    // FIXME: is there a better choice?
    // policySet could contain policies for different applications
    policySet.setPolicyCombiningAlgId(XACMLConstants.XACML_RULE_DENY_OVERRIDES);
    Target target = new Target();
    policySet.setVersion(version);
    policySet.setTarget(target);
    JAXBContext jaxbContext = JAXBContext.newInstance(XACMLConstants.XACML3_CORE_PKG);
    List<JAXBElement<?>> pList = policySet.getPolicySetOrPolicyOrPolicySetIdReference();
    if (policies != null) {
        for (Policy policy : policies) {
            JAXBElement<Policy> policyElement = objectFactory.createPolicy(policy);
            pList.add(policyElement);
        }
    }
    return policySet;
}
Also used : Policy(com.sun.identity.entitlement.xacml3.core.Policy) Target(com.sun.identity.entitlement.xacml3.core.Target) Version(com.sun.identity.entitlement.xacml3.core.Version) JAXBContext(javax.xml.bind.JAXBContext) JAXBElement(javax.xml.bind.JAXBElement) SimpleDateFormat(java.text.SimpleDateFormat) PolicySet(com.sun.identity.entitlement.xacml3.core.PolicySet)

Aggregations

Target (com.sun.identity.entitlement.xacml3.core.Target)5 Version (com.sun.identity.entitlement.xacml3.core.Version)4 SimpleDateFormat (java.text.SimpleDateFormat)4 AnyOf (com.sun.identity.entitlement.xacml3.core.AnyOf)3 Match (com.sun.identity.entitlement.xacml3.core.Match)3 Policy (com.sun.identity.entitlement.xacml3.core.Policy)3 PolicySet (com.sun.identity.entitlement.xacml3.core.PolicySet)3 Rule (com.sun.identity.entitlement.xacml3.core.Rule)3 JAXBContext (javax.xml.bind.JAXBContext)3 Entitlement (com.sun.identity.entitlement.Entitlement)2 EntitlementCondition (com.sun.identity.entitlement.EntitlementCondition)2 EntitlementSubject (com.sun.identity.entitlement.EntitlementSubject)2 ResourceAttribute (com.sun.identity.entitlement.ResourceAttribute)2 AttributeValue (com.sun.identity.entitlement.xacml3.core.AttributeValue)2 VariableDefinition (com.sun.identity.entitlement.xacml3.core.VariableDefinition)2 HashSet (java.util.HashSet)2 JSONObject (org.json.JSONObject)2 Privilege (com.sun.identity.entitlement.Privilege)1 ReferralPrivilege (com.sun.identity.entitlement.ReferralPrivilege)1 XACMLOpenSSOPrivilege (com.sun.identity.entitlement.opensso.XACMLOpenSSOPrivilege)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial