Example 16 with PolicyDecision
use of com.sun.identity.policy.PolicyDecision in project OpenAM by OpenRock.
the class IDPPTest method evaluate.
private boolean evaluate(String res) throws Exception {
AuthContext lc = new AuthContext(orgName);
lc.login();
while (lc.hasMoreRequirements()) {
Callback[] callbacks = lc.getRequirements();
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
NameCallback nc = (NameCallback) callbacks[i];
nc.setName(USER1_NAME);
} else if (callbacks[i] instanceof PasswordCallback) {
PasswordCallback pc = (PasswordCallback) callbacks[i];
pc.setPassword(USER1_NAME.toCharArray());
} else {
throw new Exception("No callback");
}
}
lc.submitRequirements(callbacks);
}
if (lc.getStatus() != AuthContext.Status.SUCCESS) {
return false;
}
SSOToken ssoToken = lc.getSSOToken();
PolicyEvaluator evaluator = new PolicyEvaluator(serviceType);
String resource = URL1;
String action = "MODIFY";
Set actions = new HashSet();
actions.add(action);
PolicyDecision policyDecision = evaluator.getPolicyDecision(ssoToken, resource, actions, null);
if (policyDecision == null) {
return false;
}
Map actionDecisions = policyDecision.getActionDecisions();
ActionDecision actionDecision = (ActionDecision) actionDecisions.get(action);
if (actionDecision == null) {
return false;
}
Set values = (Set) actionDecision.getValues();
if ((values == null) || (values.size() != 1)) {
return false;
}
String actionValue = (String) (values.iterator().next());
return (actionValue.equals("deny"));
}
Also used :
PolicyDecision(com.sun.identity.policy.PolicyDecision)
SSOToken(com.iplanet.sso.SSOToken)
HashSet(java.util.HashSet)
Set(java.util.Set)
ActionDecision(com.sun.identity.policy.ActionDecision)
AuthContext(com.sun.identity.authentication.AuthContext)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
PolicyEvaluator(com.sun.identity.policy.PolicyEvaluator)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
HashMap(java.util.HashMap)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 17 with PolicyDecision
use of com.sun.identity.policy.PolicyDecision in project OpenAM by OpenRock.
the class DecisionMergeTest method testOldAPI.
@Test
public void testOldAPI() throws SSOException, PolicyException {
PolicyEvaluator pe = new PolicyEvaluator("/", ApplicationTypeManager.URL_APPLICATION_TYPE_NAME);
Set<String> actions = new HashSet<String>();
actions.add("GET");
Set<ResourceResult> res = pe.getResourceResults(adminToken, "http://www.DecisionMergeTest.com", ResourceResult.SUBTREE_SCOPE, Collections.EMPTY_MAP);
for (ResourceResult r : res) {
PolicyDecision pd = r.getPolicyDecision();
pd.toString();
}
}
Also used :
PolicyDecision(com.sun.identity.policy.PolicyDecision)
ResourceResult(com.sun.identity.policy.ResourceResult)
PolicyEvaluator(com.sun.identity.policy.PolicyEvaluator)
HashSet(java.util.HashSet)
Test(org.testng.annotations.Test)
Example 18 with PolicyDecision
use of com.sun.identity.policy.PolicyDecision in project OpenAM by OpenRock.
the class Util method isGetPostAllowed.
/**
* Checks the user/url combination against existing Policy rules.
* @param userToken The user to use in the policy check.
* @param url The URL to use in the policy check.
* @param scope The scope of the policy check.
* @return True if the policy check was OK for the given user/url combination.
* @throws SSOException If there was a problem with the users token.
* @throws PolicyException if there was a problem checking the url.
* @throws NameNotFoundException If there was a problem looking up the policy service.
*/
public static boolean isGetPostAllowed(SSOToken userToken, String url, String scope) throws SSOException, PolicyException, NameNotFoundException {
PolicyEvaluator pe = new PolicyEvaluator(IPLANETAMWEBAGENTSERVICE);
Set<ResourceResult> resResults = pe.getResourceResults(userToken, url, scope, Collections.EMPTY_MAP);
ResourceResult resResult = resResults.iterator().next();
PolicyDecision pd = resResult.getPolicyDecision();
Map<String, ActionDecision> decisions = pd.getActionDecisions();
ActionDecision get = decisions.get(GET_ACTION);
ActionDecision post = decisions.get(POST_ACTION);
return (get != null && get.getValues().contains(ALLOW_DECISION)) && (post != null && post.getValues().contains(ALLOW_DECISION));
}
Also used :
PolicyDecision(com.sun.identity.policy.PolicyDecision)
ResourceResult(com.sun.identity.policy.ResourceResult)
PolicyEvaluator(com.sun.identity.policy.PolicyEvaluator)
ActionDecision(com.sun.identity.policy.ActionDecision)
Example 19 with PolicyDecision
use of com.sun.identity.policy.PolicyDecision in project OpenAM by OpenRock.
the class PolicyEvaluator method getPolicyDecision.
/**
* Evaluates privileges of the user to perform the specified actions
* on the specified resource. The evaluation also depends on user's
* run time environment parameters.
*
* @param token single sign on token of the user evaluating policies.
* @param resourceName name of the resource the user is trying to access
* @param actionNames Set of action names the user is trying to perform on
* the resource.
* @param envParameters run-time environment parameters
* @return policy decision
* @throws PolicyException if result could not be computed for any
* reason other than single sign on token problem.
* @throws SSOException if single sign on token is invalid or expired.
*
* @supported.api
*/
public PolicyDecision getPolicyDecision(SSOToken token, String resourceName, Set actionNames, Map envParameters) throws PolicyException, SSOException {
//validate the token
ssoTokenManager.validateToken(token);
if (debug.messageEnabled()) {
debug.message("PolicyEvaluator:getPolicyDecision():" + "token=" + token.getPrincipal().getName() + ":resourceName=" + resourceName + ":actionName=" + actionNames + ":entering");
}
//We need to normalize the resourcename before sending off the policy request to ensure the policy is evaluated
//for the correct resource.
ResourceName resourceComparator = policyProperties.getResourceComparator(serviceName);
resourceName = resourceComparator.canonicalize(resourceName);
PolicyDecision pd = null;
try {
pd = resourceResultCache.getPolicyDecision(appSSOToken, serviceName, token, resourceName, actionNames, envParameters, RETRY_COUNT);
} catch (InvalidAppSSOTokenException e) {
if (debug.warningEnabled()) {
debug.warning("PolicyEvaluator.getPolicyDecision():" + "InvalidAppSSOTokenException occured:" + "getting new appssotoken");
}
appSSOToken = getNewAppSSOToken();
if (policyProperties.notificationEnabled()) {
if (debug.warningEnabled()) {
debug.warning("PolicyEvaluator.getPolicyDecision():" + "InvalidAppSSOTokenException occured:" + "reRegistering remote policy listener");
}
reRegisterRemotePolicyListener(appSSOToken);
}
pd = resourceResultCache.getPolicyDecision(appSSOToken, serviceName, token, resourceName, actionNames, envParameters, RETRY_COUNT);
}
if (debug.messageEnabled()) {
debug.message("PolicyEvaluator:getPolicyDecision():" + "token=" + token.getPrincipal().getName() + ":resourceName=" + resourceName + ":actionNames=" + actionNames + ":returning policyDecision:" + pd.toXML());
}
Object[] objs = { resourceName, actionNames, pd.toXML() };
if (PolicyProperties.DECISION.equals(logActions)) {
logAccessMessage(Level.INFO, ResBundleUtils.getString("policy_eval_decision", objs), token);
}
return pd;
}
Also used :
PolicyDecision(com.sun.identity.policy.PolicyDecision)
ResourceName(com.sun.identity.policy.interfaces.ResourceName)
Example 20 with PolicyDecision
use of com.sun.identity.policy.PolicyDecision in project OpenAM by OpenRock.
the class ResourceResultCache method jsonResourceContentToResourceResults.
Set<ResourceResult> jsonResourceContentToResourceResults(String jsonResourceContent, String serviceName) throws JSONException, PolicyException {
Set<ResourceResult> resourceResults = null;
JSONObject jsonObject = null;
try {
jsonObject = new JSONObject(jsonResourceContent);
} catch (JSONException e) {
debug.error("ResourceResultCache.jsonResourceContentToResourceResults():" + "json parsing error of response: " + jsonResourceContent);
throw new PolicyEvaluationException(ResBundleUtils.rbName, "error_rest_reponse", null, null);
}
int statusCode = jsonObject.optInt("statusCode");
if (statusCode != 200) {
debug.error("ResourceResultCache.jsonResourceContentToResourceResults():" + "statusCode=" + statusCode + ", error response");
throw new PolicyEvaluationException(ResBundleUtils.rbName, "error_rest_reponse", null, null);
}
jsonObject = jsonObject.optJSONObject("body");
if (jsonObject == null) {
debug.error("ResourceResultCache.jsonResourceContentToResourceResults():" + "does not have decisions object");
throw new PolicyEvaluationException(ResBundleUtils.rbName, "error_rest_reponse", null, null);
}
JSONArray jsonArray = jsonObject.optJSONArray("results");
if (jsonArray != null) {
ResourceName resourceComparator = (ResourceName) policyProperties.getResourceComparator(serviceName);
ResourceResult virtualResourceResult = new ResourceResult(ResourceResult.VIRTUAL_ROOT, new PolicyDecision());
int arrayLen = jsonArray.length();
for (int i = 0; i < arrayLen; i++) {
JSONObject jo = jsonArray.optJSONObject(i);
if (jo != null) {
ResourceResult rr = jsonEntitlementToResourceResult(jo, serviceName);
virtualResourceResult.addResourceResult(rr, resourceComparator);
}
}
resourceResults = virtualResourceResult.getResourceResults();
} else {
String resourceName = jsonObject.optString("resourceName");
if (resourceName != null) {
ResourceResult resourceResult = jsonEntitlementToResourceResult(jsonObject, serviceName);
resourceResults = new HashSet<ResourceResult>();
resourceResults.add(resourceResult);
} else {
debug.error("ResourceResultCache.jsonResourceContentToResourceResults():" + "does not have results or resourceName object");
throw new PolicyEvaluationException(ResBundleUtils.rbName, "error_rest_reponse", null, null);
}
}
return resourceResults;
}
Also used :
PolicyDecision(com.sun.identity.policy.PolicyDecision)
ResourceResult(com.sun.identity.policy.ResourceResult)
JSONObject(org.json.JSONObject)
ResourceName(com.sun.identity.policy.interfaces.ResourceName)
JSONArray(org.json.JSONArray)
JSONException(org.json.JSONException)
PolicyEvaluationException(com.sun.identity.policy.remote.PolicyEvaluationException)
Aggregations
PolicyDecision (com.sun.identity.policy.PolicyDecision)22
HashSet (java.util.HashSet)14
Set (java.util.Set)13
Map (java.util.Map)12
HashMap (java.util.HashMap)11
SSOToken (com.iplanet.sso.SSOToken)8
ActionDecision (com.sun.identity.policy.ActionDecision)8
ResourceResult (com.sun.identity.policy.ResourceResult)6
PolicyEvaluator (com.sun.identity.policy.client.PolicyEvaluator)6
PolicyEvaluator (com.sun.identity.policy.PolicyEvaluator)5
Test (org.testng.annotations.Test)5
Parameters (org.testng.annotations.Parameters)4
PolicyException (com.sun.identity.policy.PolicyException)3
ResourceName (com.sun.identity.policy.interfaces.ResourceName)3
IOException (java.io.IOException)3
Iterator (java.util.Iterator)3
ServletException (javax.servlet.ServletException)3
RequestSet (com.iplanet.services.comm.share.RequestSet)2
SSOException (com.iplanet.sso.SSOException)2
AuthContext (com.sun.identity.authentication.AuthContext)2
