use of com.sun.identity.policy.ActionDecision in project OpenAM by OpenRock.
the class Gateway method getActionDecision.
private ActionDecision getActionDecision(String url) {
ActionDecision ad = null;
if (pe != null) {
PolicyDecision pd = null;
try {
HashMap envParameters = new HashMap();
pd = pe.getPolicyDecisionIgnoreSubjects(url, actionNames, envParameters);
} catch (Exception e) {
debug.error("GatewayServlet: Error in getting policy decision.", e);
return (null);
}
Map actionDecisions = pd.getActionDecisions();
if (actionDecisions != null) {
if ((ad = (ActionDecision) actionDecisions.get(GET)) == null) {
ad = (ActionDecision) actionDecisions.get(POST);
}
}
}
return ad;
}
use of com.sun.identity.policy.ActionDecision in project OpenAM by OpenRock.
the class PolicyDecisionUtils method getActionDecision.
private static ActionDecision getActionDecision(String url, Map envParameters) throws PolicyException {
ActionDecision ad = null;
if (pe != null) {
PolicyDecision pd = null;
try {
pd = pe.getPolicyDecisionIgnoreSubjects(url, actionNames, envParameters);
} catch (PolicyException e) {
debug.error("PolicyDecisionUtils.getActionDecision()", e);
return null;
} catch (SSOException ssoe) {
debug.error("PolicyDecisionUtils.getActionDecision()", ssoe);
return null;
}
Map actionDecisions = pd.getActionDecisions();
if (actionDecisions != null) {
if ((ad = (ActionDecision) actionDecisions.get(GET)) == null) {
ad = (ActionDecision) actionDecisions.get(POST);
}
}
} else {
throw new PolicyException(errorMsg);
}
return ad;
}
use of com.sun.identity.policy.ActionDecision in project OpenAM by OpenRock.
the class IDPPTest method evaluate.
private boolean evaluate(String res) throws Exception {
AuthContext lc = new AuthContext(orgName);
lc.login();
while (lc.hasMoreRequirements()) {
Callback[] callbacks = lc.getRequirements();
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
NameCallback nc = (NameCallback) callbacks[i];
nc.setName(USER1_NAME);
} else if (callbacks[i] instanceof PasswordCallback) {
PasswordCallback pc = (PasswordCallback) callbacks[i];
pc.setPassword(USER1_NAME.toCharArray());
} else {
throw new Exception("No callback");
}
}
lc.submitRequirements(callbacks);
}
if (lc.getStatus() != AuthContext.Status.SUCCESS) {
return false;
}
SSOToken ssoToken = lc.getSSOToken();
PolicyEvaluator evaluator = new PolicyEvaluator(serviceType);
String resource = URL1;
String action = "MODIFY";
Set actions = new HashSet();
actions.add(action);
PolicyDecision policyDecision = evaluator.getPolicyDecision(ssoToken, resource, actions, null);
if (policyDecision == null) {
return false;
}
Map actionDecisions = policyDecision.getActionDecisions();
ActionDecision actionDecision = (ActionDecision) actionDecisions.get(action);
if (actionDecision == null) {
return false;
}
Set values = (Set) actionDecision.getValues();
if ((values == null) || (values.size() != 1)) {
return false;
}
String actionValue = (String) (values.iterator().next());
return (actionValue.equals("deny"));
}
use of com.sun.identity.policy.ActionDecision in project OpenAM by OpenRock.
the class Util method isGetPostAllowed.
/**
* Checks the user/url combination against existing Policy rules.
* @param userToken The user to use in the policy check.
* @param url The URL to use in the policy check.
* @param scope The scope of the policy check.
* @return True if the policy check was OK for the given user/url combination.
* @throws SSOException If there was a problem with the users token.
* @throws PolicyException if there was a problem checking the url.
* @throws NameNotFoundException If there was a problem looking up the policy service.
*/
public static boolean isGetPostAllowed(SSOToken userToken, String url, String scope) throws SSOException, PolicyException, NameNotFoundException {
PolicyEvaluator pe = new PolicyEvaluator(IPLANETAMWEBAGENTSERVICE);
Set<ResourceResult> resResults = pe.getResourceResults(userToken, url, scope, Collections.EMPTY_MAP);
ResourceResult resResult = resResults.iterator().next();
PolicyDecision pd = resResult.getPolicyDecision();
Map<String, ActionDecision> decisions = pd.getActionDecisions();
ActionDecision get = decisions.get(GET_ACTION);
ActionDecision post = decisions.get(POST_ACTION);
return (get != null && get.getValues().contains(ALLOW_DECISION)) && (post != null && post.getValues().contains(ALLOW_DECISION));
}
use of com.sun.identity.policy.ActionDecision in project OpenAM by OpenRock.
the class ResourceResultCache method resetPolicyDecision.
/**
* Merges two policy decisions
* @param pd1 policy decision to be merged
* @param pd2 policy decision to be merged into. Action decisions
* present in the policy decision are cleared before merging
* @param serviceName service name
* @return merged policy decision
*/
private PolicyDecision resetPolicyDecision(PolicyDecision pd1, PolicyDecision pd2, String serviceName) {
//pd2 is collector
Map actionDecisions1 = pd1.getActionDecisions();
Map actionDecisions2 = pd2.getActionDecisions();
actionDecisions2.clear();
Set actions = new HashSet();
actions.addAll(actionDecisions1.keySet());
Iterator iter = actions.iterator();
while (iter.hasNext()) {
String action = (String) iter.next();
ActionDecision ad1 = (ActionDecision) actionDecisions1.get(action);
pd2.addActionDecision(ad1, policyProperties.getTrueValue(serviceName, action), policyProperties.getFalseValue(serviceName, action));
}
Map mergedReponseAttrsMap = new HashMap();
PolicyUtils.appendMapToMap(pd1.getResponseAttributes(), mergedReponseAttrsMap);
PolicyUtils.appendMapToMap(pd2.getResponseAttributes(), mergedReponseAttrsMap);
pd2.setResponseAttributes(mergedReponseAttrsMap);
return pd2;
}
Aggregations