Search in sources :

Example 1 with PolicyEvaluator

use of com.sun.identity.policy.client.PolicyEvaluator in project OpenAM by OpenRock.

the class PolicyClientServlet method doGet.

public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    // Get query parameters
    String orgname = request.getParameter("orgname");
    if ((orgname == null) || (orgname.length() == 0)) {
        orgname = "/";
    }
    String username = request.getParameter("username");
    String password = request.getParameter("password");
    String servicename = request.getParameter("servicename");
    String resource = request.getParameter("resource");
    response.setContentType("text/html");
    PrintWriter out = response.getWriter();
    out.println(SampleConstants.HTML_HEADER);
    if ((username == null) || (password == null) || (servicename == null) || (resource == null)) {
        out.println(displayXML("Usage: " + request.getRequestURL() + "?username=<username>&password=<password>&orgname=<orgname>" + "&servicename=<servicename>&resource=<resource>"));
        out.println("</body></html>");
        return;
    }
    try {
        PolicyEvaluatorFactory pef = PolicyEvaluatorFactory.getInstance();
        PolicyEvaluator pe = pef.getPolicyEvaluator(servicename);
        AuthContext lc = authenticate(orgname, username, password, out);
        if (lc != null) {
            SSOToken token = lc.getSSOToken();
            Set actions = new HashSet();
            actions.add("GET");
            actions.add("POST");
            Map env = new HashMap();
            Set attrSet = new HashSet();
            attrSet.add("mail");
            env.put("Get_Response_Attributes", attrSet);
            out.println("<h5>USERID: " + username + "<br>");
            out.println("ORG: " + orgname + "<br>");
            out.println("SERVICE NAME: " + servicename + "<br>");
            out.println("RESOURCE: " + resource + "<br>");
            out.println("</h5><br>");
            out.println("----------getPolicyDecision() Test-----------");
            out.println("<br>");
            PolicyDecision pd = pe.getPolicyDecision(token, resource, actions, env);
            out.println(displayXML(pd.toXML()));
            out.println("End of Test.<br>");
        }
    } catch (Exception e) {
        e.printStackTrace(out);
    }
    out.println("</body></html>");
}
Also used : PolicyDecision(com.sun.identity.policy.PolicyDecision) SSOToken(com.iplanet.sso.SSOToken) Set(java.util.Set) HashSet(java.util.HashSet) PolicyEvaluator(com.sun.identity.policy.client.PolicyEvaluator) HashMap(java.util.HashMap) AuthContext(com.sun.identity.authentication.AuthContext) HashMap(java.util.HashMap) Map(java.util.Map) PolicyEvaluatorFactory(com.sun.identity.policy.client.PolicyEvaluatorFactory) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) PrintWriter(java.io.PrintWriter) HashSet(java.util.HashSet)

Example 2 with PolicyEvaluator

use of com.sun.identity.policy.client.PolicyEvaluator in project OpenAM by OpenRock.

the class ISPermission method implies.

/**
     * Checks if the specified permission's actions are "implied by" 
     * this object's actions.
     * <P>
     * The <code>implies</code> method is used by the
     * <code>AccessController</code> to determine whether or not a requested
     * permission is implied by another permission that is known to be valid
     * in the current execution context.
     *
     * @param perm the permission to check against.
     *
     * @return true if the specified permission is implied by this object,
     *         false if not. The check is made against the OpenAM's
     *         policy service to determine this evaluation.
     */
public boolean implies(Permission perm) {
    debug.message("ISPermission: implies called");
    boolean allowed = false;
    if (perm instanceof ISPermission) {
        debug.message("ISPermission:passed perm is of type ISPermission");
        if (protectionDomain != null) {
            debug.message("ISPermission:implies:protectionDomain not null");
            if (debug.messageEnabled()) {
                debug.message("ISPermission::implies: protectionDomain:" + protectionDomain.toString());
            }
            final String serviceName = ((ISPermission) perm).getServiceName();
            final String resourceName = ((ISPermission) perm).getResourceName();
            final String actions = ((ISPermission) perm).getActions();
            final Map envParams = ((ISPermission) perm).getEnvParams();
            if (debug.messageEnabled()) {
                debug.message("ISPermission: resourceName=" + resourceName);
                debug.message("ISPermission: serviceName=" + serviceName);
                debug.message("ISPermission: actions=" + actions);
            }
            SSOTokenPrincipal tokenPrincipal = null;
            try {
                Principal[] principals = protectionDomain.getPrincipals();
                // principals should have only one entry
                Principal principal = (Principal) principals[0];
                if (principal.getName().equals("com.sun.identity." + "authentication.service.SSOTokenPrincipal")) {
                    if (debug.messageEnabled()) {
                        debug.message("ISPermission::implies:principals:" + principal.toString());
                    }
                    tokenPrincipal = (SSOTokenPrincipal) principal;
                }
                if (tokenPrincipal == null) {
                    if (debug.messageEnabled()) {
                        debug.error("ISPermission::implies:" + " Principal is null");
                    }
                } else {
                    SSOTokenManager ssomgr = SSOTokenManager.getInstance();
                    final SSOToken token = ssomgr.createSSOToken(tokenPrincipal.getName());
                    /* TODO currently ISPermission uses remote policy 
                        client API so if this class gets used from server side
                        , will always make remote call, need to make changes 
                        in this code to to make a local/remote call accordingly.
                        */
                    if (policyEvalFactory == null) {
                        policyEvalFactory = PolicyEvaluatorFactory.getInstance();
                    }
                    PolicyEvaluator policyEvaluator = policyEvalFactory.getPolicyEvaluator(serviceName);
                    if (debug.messageEnabled()) {
                        debug.message("ISPermission::implies::created " + "PolicyEvaluator for " + serviceName);
                    }
                    if (actions != null) {
                        StringTokenizer st = new StringTokenizer(actions, ",");
                        while (st.hasMoreTokens()) {
                            String action = (String) st.nextToken();
                            allowed = policyEvaluator.isAllowed(token, resourceName, action, envParams);
                            if (!allowed) {
                                // the final result is not allowwed
                                break;
                            }
                            if (debug.messageEnabled()) {
                                debug.message("ISPermission::result for " + action + " is :" + allowed);
                            }
                        }
                        if (debug.messageEnabled()) {
                            debug.message("ISPermission::result for " + actions + " is :" + allowed);
                        }
                    } else {
                        if (debug.messageEnabled()) {
                            debug.message("ISPermission:: actions is null");
                        }
                    }
                }
            } catch (SSOException ssoe) {
                if (debug.messageEnabled()) {
                    debug.error("ISPermission::SSOException:" + ssoe.getMessage());
                    ssoe.printStackTrace();
                }
            } catch (Exception e) {
                if (debug.messageEnabled()) {
                    debug.error("ISPermission::Exception:" + e.getMessage());
                    e.printStackTrace();
                }
            }
        } else {
            debug.message("ISPermission:: subject was null");
        }
    }
    if (debug.messageEnabled()) {
        debug.message("ISPermission: allowed::" + allowed);
    }
    return allowed;
}
Also used : SSOTokenManager(com.iplanet.sso.SSOTokenManager) SSOToken(com.iplanet.sso.SSOToken) SSOTokenPrincipal(com.sun.identity.authentication.service.SSOTokenPrincipal) SSOException(com.iplanet.sso.SSOException) SSOException(com.iplanet.sso.SSOException) StringTokenizer(java.util.StringTokenizer) PolicyEvaluator(com.sun.identity.policy.client.PolicyEvaluator) Map(java.util.Map) Principal(java.security.Principal) SSOTokenPrincipal(com.sun.identity.authentication.service.SSOTokenPrincipal)

Example 3 with PolicyEvaluator

use of com.sun.identity.policy.client.PolicyEvaluator in project OpenAM by OpenRock.

the class Issue619Test method testGetPolicyDecision.

@Test(groups = { "policy-client" })
@Parameters({ "orgName", "userName", "password", "serviceName", "resourceName", "actionName" })
public void testGetPolicyDecision(String orgName, String userName, String password, String serviceName, String resourceName, String actionName) throws Exception {
    entering("testGetPolicyDecision()", null);
    log(Level.INFO, "orgName:", orgName);
    log(Level.INFO, "userName:", userName);
    log(Level.INFO, "password:", password);
    log(Level.INFO, "serviceName:", serviceName);
    log(Level.INFO, "resourceName:", resourceName);
    log(Level.INFO, "actionName:", actionName);
    SSOToken token = TokenUtils.getSessionToken(orgName, userName, password);
    log(Level.INFO, "Created ssoToken", "\n");
    PolicyEvaluator pe = PolicyEvaluatorFactory.getInstance().getPolicyEvaluator(serviceName);
    Map env = new HashMap();
    Set attrSet = new HashSet();
    //attrSet.add(invocatorUuid);
    log(Level.INFO, "set auth level in envMap as a set containing " + "/:1, /:2", "\n");
    attrSet.add("/:1");
    attrSet.add("/:2");
    env.put(Condition.REQUEST_AUTH_LEVEL, attrSet);
    log(Level.INFO, "env Map:" + env, "\n");
    Set actions = new HashSet();
    actions.add(actionName);
    PolicyDecision pd = pe.getPolicyDecision(token, resourceName, actions, env);
    log(Level.INFO, "PolicyDecision XML:", pd.toXML());
    entering("testGetPolicyDecision()", null);
}
Also used : PolicyDecision(com.sun.identity.policy.PolicyDecision) SSOToken(com.iplanet.sso.SSOToken) Set(java.util.Set) HashSet(java.util.HashSet) PolicyEvaluator(com.sun.identity.policy.client.PolicyEvaluator) HashMap(java.util.HashMap) HashMap(java.util.HashMap) Map(java.util.Map) HashSet(java.util.HashSet) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test)

Example 4 with PolicyEvaluator

use of com.sun.identity.policy.client.PolicyEvaluator in project OpenAM by OpenRock.

the class Issue736Test method testGetPolicyDecision.

@Test(groups = { "policy-client" })
@Parameters({ "orgName", "userName", "password", "serviceName", "actionName" })
public void testGetPolicyDecision(String orgName, String userName, String password, String serviceName, String actionName) throws Exception {
    entering("Issue736Test.testGetPolicyDecision()", null);
    String resourceName = "http://host1.sample.com:80/banner.html";
    log(Level.INFO, "orgName:", orgName);
    log(Level.INFO, "userName:", userName);
    log(Level.INFO, "password:", password);
    log(Level.INFO, "serviceName:", serviceName);
    log(Level.INFO, "resourceName:", resourceName);
    log(Level.INFO, "actionName:", actionName);
    SSOToken token = TokenUtils.getSessionToken(orgName, userName, password);
    log(Level.INFO, "Created ssoToken", "\n");
    PolicyEvaluator pe = PolicyEvaluatorFactory.getInstance().getPolicyEvaluator(serviceName);
    Set actions = new HashSet();
    actions.add(actionName);
    PolicyDecision pd = pe.getPolicyDecision(token, resourceName, actions, //null envMap
    null);
    log(Level.INFO, "PolicyDecision XML:", pd.toXML());
    entering("testGetPolicyDecision()", null);
}
Also used : PolicyDecision(com.sun.identity.policy.PolicyDecision) SSOToken(com.iplanet.sso.SSOToken) Set(java.util.Set) HashSet(java.util.HashSet) PolicyEvaluator(com.sun.identity.policy.client.PolicyEvaluator) HashSet(java.util.HashSet) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test)

Example 5 with PolicyEvaluator

use of com.sun.identity.policy.client.PolicyEvaluator in project OpenAM by OpenRock.

the class PolicyEvaluatorTest method testGetPolicyDecision.

@Test(groups = { "policy-client" })
@Parameters({ "orgName", "userName", "password", "serviceName", "resourceName", "actionName" })
public void testGetPolicyDecision(String orgName, String userName, String password, String serviceName, String resourceName, String actionName) throws Exception {
    entering("testGetPolicyDecision()", null);
    log(Level.INFO, "orgName:", orgName);
    log(Level.INFO, "userName:", userName);
    log(Level.INFO, "password:", password);
    log(Level.INFO, "serviceName:", serviceName);
    log(Level.INFO, "resourceName:", resourceName);
    log(Level.INFO, "actionName:", actionName);
    SSOToken token = TokenUtils.getSessionToken(orgName, userName, password);
    log(Level.INFO, "Created ssoToken", "\n");
    PolicyEvaluator pe = PolicyEvaluatorFactory.getInstance().getPolicyEvaluator(serviceName);
    Map env = new HashMap();
    Set attrSet = new HashSet();
    //attrSet.add(invocatorUuid);
    env.put("invocatorPrincipalUuid", attrSet);
    log(Level.INFO, "env Map:" + env, "\n");
    Set actions = new HashSet();
    actions.add(actionName);
    PolicyDecision pd = pe.getPolicyDecision(token, resourceName, actions, env);
    log(Level.INFO, "PolicyDecision XML:", pd.toXML());
    entering("testGetPolicyDecision()", null);
}
Also used : PolicyDecision(com.sun.identity.policy.PolicyDecision) SSOToken(com.iplanet.sso.SSOToken) Set(java.util.Set) HashSet(java.util.HashSet) PolicyEvaluator(com.sun.identity.policy.client.PolicyEvaluator) HashMap(java.util.HashMap) HashMap(java.util.HashMap) Map(java.util.Map) HashSet(java.util.HashSet) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test)

Aggregations

PolicyEvaluator (com.sun.identity.policy.client.PolicyEvaluator)7 SSOToken (com.iplanet.sso.SSOToken)6 PolicyDecision (com.sun.identity.policy.PolicyDecision)6 HashSet (java.util.HashSet)6 Map (java.util.Map)6 Set (java.util.Set)6 HashMap (java.util.HashMap)5 Parameters (org.testng.annotations.Parameters)4 Test (org.testng.annotations.Test)4 SSOException (com.iplanet.sso.SSOException)1 SSOTokenManager (com.iplanet.sso.SSOTokenManager)1 AuthContext (com.sun.identity.authentication.AuthContext)1 SSOTokenPrincipal (com.sun.identity.authentication.service.SSOTokenPrincipal)1 PolicyEvaluatorFactory (com.sun.identity.policy.client.PolicyEvaluatorFactory)1 IOException (java.io.IOException)1 PrintWriter (java.io.PrintWriter)1 Principal (java.security.Principal)1 StringTokenizer (java.util.StringTokenizer)1 ServletException (javax.servlet.ServletException)1