use of com.sun.identity.policy.client.PolicyEvaluator in project OpenAM by OpenRock.
the class PolicyClientServlet method doGet.
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// Get query parameters
String orgname = request.getParameter("orgname");
if ((orgname == null) || (orgname.length() == 0)) {
orgname = "/";
}
String username = request.getParameter("username");
String password = request.getParameter("password");
String servicename = request.getParameter("servicename");
String resource = request.getParameter("resource");
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println(SampleConstants.HTML_HEADER);
if ((username == null) || (password == null) || (servicename == null) || (resource == null)) {
out.println(displayXML("Usage: " + request.getRequestURL() + "?username=<username>&password=<password>&orgname=<orgname>" + "&servicename=<servicename>&resource=<resource>"));
out.println("</body></html>");
return;
}
try {
PolicyEvaluatorFactory pef = PolicyEvaluatorFactory.getInstance();
PolicyEvaluator pe = pef.getPolicyEvaluator(servicename);
AuthContext lc = authenticate(orgname, username, password, out);
if (lc != null) {
SSOToken token = lc.getSSOToken();
Set actions = new HashSet();
actions.add("GET");
actions.add("POST");
Map env = new HashMap();
Set attrSet = new HashSet();
attrSet.add("mail");
env.put("Get_Response_Attributes", attrSet);
out.println("<h5>USERID: " + username + "<br>");
out.println("ORG: " + orgname + "<br>");
out.println("SERVICE NAME: " + servicename + "<br>");
out.println("RESOURCE: " + resource + "<br>");
out.println("</h5><br>");
out.println("----------getPolicyDecision() Test-----------");
out.println("<br>");
PolicyDecision pd = pe.getPolicyDecision(token, resource, actions, env);
out.println(displayXML(pd.toXML()));
out.println("End of Test.<br>");
}
} catch (Exception e) {
e.printStackTrace(out);
}
out.println("</body></html>");
}
use of com.sun.identity.policy.client.PolicyEvaluator in project OpenAM by OpenRock.
the class ISPermission method implies.
/**
* Checks if the specified permission's actions are "implied by"
* this object's actions.
* <P>
* The <code>implies</code> method is used by the
* <code>AccessController</code> to determine whether or not a requested
* permission is implied by another permission that is known to be valid
* in the current execution context.
*
* @param perm the permission to check against.
*
* @return true if the specified permission is implied by this object,
* false if not. The check is made against the OpenAM's
* policy service to determine this evaluation.
*/
public boolean implies(Permission perm) {
debug.message("ISPermission: implies called");
boolean allowed = false;
if (perm instanceof ISPermission) {
debug.message("ISPermission:passed perm is of type ISPermission");
if (protectionDomain != null) {
debug.message("ISPermission:implies:protectionDomain not null");
if (debug.messageEnabled()) {
debug.message("ISPermission::implies: protectionDomain:" + protectionDomain.toString());
}
final String serviceName = ((ISPermission) perm).getServiceName();
final String resourceName = ((ISPermission) perm).getResourceName();
final String actions = ((ISPermission) perm).getActions();
final Map envParams = ((ISPermission) perm).getEnvParams();
if (debug.messageEnabled()) {
debug.message("ISPermission: resourceName=" + resourceName);
debug.message("ISPermission: serviceName=" + serviceName);
debug.message("ISPermission: actions=" + actions);
}
SSOTokenPrincipal tokenPrincipal = null;
try {
Principal[] principals = protectionDomain.getPrincipals();
// principals should have only one entry
Principal principal = (Principal) principals[0];
if (principal.getName().equals("com.sun.identity." + "authentication.service.SSOTokenPrincipal")) {
if (debug.messageEnabled()) {
debug.message("ISPermission::implies:principals:" + principal.toString());
}
tokenPrincipal = (SSOTokenPrincipal) principal;
}
if (tokenPrincipal == null) {
if (debug.messageEnabled()) {
debug.error("ISPermission::implies:" + " Principal is null");
}
} else {
SSOTokenManager ssomgr = SSOTokenManager.getInstance();
final SSOToken token = ssomgr.createSSOToken(tokenPrincipal.getName());
/* TODO currently ISPermission uses remote policy
client API so if this class gets used from server side
, will always make remote call, need to make changes
in this code to to make a local/remote call accordingly.
*/
if (policyEvalFactory == null) {
policyEvalFactory = PolicyEvaluatorFactory.getInstance();
}
PolicyEvaluator policyEvaluator = policyEvalFactory.getPolicyEvaluator(serviceName);
if (debug.messageEnabled()) {
debug.message("ISPermission::implies::created " + "PolicyEvaluator for " + serviceName);
}
if (actions != null) {
StringTokenizer st = new StringTokenizer(actions, ",");
while (st.hasMoreTokens()) {
String action = (String) st.nextToken();
allowed = policyEvaluator.isAllowed(token, resourceName, action, envParams);
if (!allowed) {
// the final result is not allowwed
break;
}
if (debug.messageEnabled()) {
debug.message("ISPermission::result for " + action + " is :" + allowed);
}
}
if (debug.messageEnabled()) {
debug.message("ISPermission::result for " + actions + " is :" + allowed);
}
} else {
if (debug.messageEnabled()) {
debug.message("ISPermission:: actions is null");
}
}
}
} catch (SSOException ssoe) {
if (debug.messageEnabled()) {
debug.error("ISPermission::SSOException:" + ssoe.getMessage());
ssoe.printStackTrace();
}
} catch (Exception e) {
if (debug.messageEnabled()) {
debug.error("ISPermission::Exception:" + e.getMessage());
e.printStackTrace();
}
}
} else {
debug.message("ISPermission:: subject was null");
}
}
if (debug.messageEnabled()) {
debug.message("ISPermission: allowed::" + allowed);
}
return allowed;
}
use of com.sun.identity.policy.client.PolicyEvaluator in project OpenAM by OpenRock.
the class Issue619Test method testGetPolicyDecision.
@Test(groups = { "policy-client" })
@Parameters({ "orgName", "userName", "password", "serviceName", "resourceName", "actionName" })
public void testGetPolicyDecision(String orgName, String userName, String password, String serviceName, String resourceName, String actionName) throws Exception {
entering("testGetPolicyDecision()", null);
log(Level.INFO, "orgName:", orgName);
log(Level.INFO, "userName:", userName);
log(Level.INFO, "password:", password);
log(Level.INFO, "serviceName:", serviceName);
log(Level.INFO, "resourceName:", resourceName);
log(Level.INFO, "actionName:", actionName);
SSOToken token = TokenUtils.getSessionToken(orgName, userName, password);
log(Level.INFO, "Created ssoToken", "\n");
PolicyEvaluator pe = PolicyEvaluatorFactory.getInstance().getPolicyEvaluator(serviceName);
Map env = new HashMap();
Set attrSet = new HashSet();
//attrSet.add(invocatorUuid);
log(Level.INFO, "set auth level in envMap as a set containing " + "/:1, /:2", "\n");
attrSet.add("/:1");
attrSet.add("/:2");
env.put(Condition.REQUEST_AUTH_LEVEL, attrSet);
log(Level.INFO, "env Map:" + env, "\n");
Set actions = new HashSet();
actions.add(actionName);
PolicyDecision pd = pe.getPolicyDecision(token, resourceName, actions, env);
log(Level.INFO, "PolicyDecision XML:", pd.toXML());
entering("testGetPolicyDecision()", null);
}
use of com.sun.identity.policy.client.PolicyEvaluator in project OpenAM by OpenRock.
the class Issue736Test method testGetPolicyDecision.
@Test(groups = { "policy-client" })
@Parameters({ "orgName", "userName", "password", "serviceName", "actionName" })
public void testGetPolicyDecision(String orgName, String userName, String password, String serviceName, String actionName) throws Exception {
entering("Issue736Test.testGetPolicyDecision()", null);
String resourceName = "http://host1.sample.com:80/banner.html";
log(Level.INFO, "orgName:", orgName);
log(Level.INFO, "userName:", userName);
log(Level.INFO, "password:", password);
log(Level.INFO, "serviceName:", serviceName);
log(Level.INFO, "resourceName:", resourceName);
log(Level.INFO, "actionName:", actionName);
SSOToken token = TokenUtils.getSessionToken(orgName, userName, password);
log(Level.INFO, "Created ssoToken", "\n");
PolicyEvaluator pe = PolicyEvaluatorFactory.getInstance().getPolicyEvaluator(serviceName);
Set actions = new HashSet();
actions.add(actionName);
PolicyDecision pd = pe.getPolicyDecision(token, resourceName, actions, //null envMap
null);
log(Level.INFO, "PolicyDecision XML:", pd.toXML());
entering("testGetPolicyDecision()", null);
}
use of com.sun.identity.policy.client.PolicyEvaluator in project OpenAM by OpenRock.
the class PolicyEvaluatorTest method testGetPolicyDecision.
@Test(groups = { "policy-client" })
@Parameters({ "orgName", "userName", "password", "serviceName", "resourceName", "actionName" })
public void testGetPolicyDecision(String orgName, String userName, String password, String serviceName, String resourceName, String actionName) throws Exception {
entering("testGetPolicyDecision()", null);
log(Level.INFO, "orgName:", orgName);
log(Level.INFO, "userName:", userName);
log(Level.INFO, "password:", password);
log(Level.INFO, "serviceName:", serviceName);
log(Level.INFO, "resourceName:", resourceName);
log(Level.INFO, "actionName:", actionName);
SSOToken token = TokenUtils.getSessionToken(orgName, userName, password);
log(Level.INFO, "Created ssoToken", "\n");
PolicyEvaluator pe = PolicyEvaluatorFactory.getInstance().getPolicyEvaluator(serviceName);
Map env = new HashMap();
Set attrSet = new HashSet();
//attrSet.add(invocatorUuid);
env.put("invocatorPrincipalUuid", attrSet);
log(Level.INFO, "env Map:" + env, "\n");
Set actions = new HashSet();
actions.add(actionName);
PolicyDecision pd = pe.getPolicyDecision(token, resourceName, actions, env);
log(Level.INFO, "PolicyDecision XML:", pd.toXML());
entering("testGetPolicyDecision()", null);
}
Aggregations