Example 1 with Action
use of com.sun.identity.saml.assertion.Action in project OpenAM by OpenRock.
the class DefaultActionMapper method getAuthorizationDecisions.
/**
* This method first converts the AttributeStatements in Evidence to
* OpenAM Policy API environment variables. The Attributes in
* the AttributeStatement(s) are expected to be OpenAM
* attributes.
* It then query the Policy decision one action at a time. Currently,
* it handles actions defined in urn:oasis:names:tc:SAML:1.0:ghpp only.
* This action Namespace is mapped to OpenAM
* iPlanetAMWebAgentService.
*/
public Map getAuthorizationDecisions(AuthorizationDecisionQuery query, Object token, String sourceID) throws SAMLException {
if ((query == null) || (token == null)) {
SAMLUtils.debug.message("DefaultActionMapper: null input.");
throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
}
Evidence evidence = query.getEvidence();
Subject querySubject = query.getSubject();
Map envParameters = convertEvidence(evidence, querySubject, sourceID);
List permitActions = new ArrayList();
List denyActions = new ArrayList();
List actions = query.getAction();
Iterator iterator = actions.iterator();
PolicyEvaluator pe = null;
String resource = query.getResource();
Action action = null;
String actionNamespace = null;
while (iterator.hasNext()) {
action = (Action) iterator.next();
// get ActionNameSpace
actionNamespace = action.getNameSpace();
if ((actionNamespace != null) && (actionNamespace.equals(SAMLConstants.ACTION_NAMESPACE_GHPP))) {
try {
if (pe == null) {
pe = new PolicyEvaluator("iPlanetAMWebAgentService");
}
boolean result = pe.isAllowed((SSOToken) token, resource, action.getAction(), envParameters);
if (result) {
permitActions.add(action);
} else {
denyActions.add(action);
}
} catch (Exception e) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultActionMapper: " + "Exception from policy:" + e);
}
// indeterminate
continue;
}
}
}
// while loop for each action
Map resultMap = new HashMap();
if (!permitActions.isEmpty()) {
resultMap.put(ActionMapper.PERMIT, permitActions);
} else if (!denyActions.isEmpty()) {
resultMap.put(ActionMapper.DENY, denyActions);
} else {
resultMap.put(ActionMapper.INDETERMINATE, actions);
}
return resultMap;
}
Also used :
Action(com.sun.identity.saml.assertion.Action)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
SAMLException(com.sun.identity.saml.common.SAMLException)
Subject(com.sun.identity.saml.assertion.Subject)
SAMLException(com.sun.identity.saml.common.SAMLException)
MissingResourceException(java.util.MissingResourceException)
PolicyEvaluator(com.sun.identity.policy.PolicyEvaluator)
Iterator(java.util.Iterator)
Evidence(com.sun.identity.saml.assertion.Evidence)
ArrayList(java.util.ArrayList)
NodeList(org.w3c.dom.NodeList)
List(java.util.List)
HashMap(java.util.HashMap)
Map(java.util.Map)
Aggregations
PolicyEvaluator (com.sun.identity.policy.PolicyEvaluator)1
Action (com.sun.identity.saml.assertion.Action)1
Evidence (com.sun.identity.saml.assertion.Evidence)1
Subject (com.sun.identity.saml.assertion.Subject)1
SAMLException (com.sun.identity.saml.common.SAMLException)1
ArrayList (java.util.ArrayList)1
HashMap (java.util.HashMap)1
Iterator (java.util.Iterator)1
List (java.util.List)1
Map (java.util.Map)1
MissingResourceException (java.util.MissingResourceException)1
NodeList (org.w3c.dom.NodeList)1
