Search in sources :

Example 1 with StatusDetail

use of com.sun.identity.saml2.protocol.StatusDetail in project OpenAM by OpenRock.

the class XACMLAuthzDecisionQueryHandler method handleQuery.

/**
     * Processes an XACMLAuthzDecisionQuery and retruns a SAML2 Response.
     *
     * @param pdpEntityId EntityID of PDP
     * @param pepEntityId EntityID of PEP
     * @param samlpRequest SAML2 Request, an XAMLAuthzDecisionQuery
     * @param soapMessage SOAPMessage that carried the SAML2 Request
     * @return SAML2 Response with an XAMLAuthzDecisionStatement
     * @exception SAML2Exception if the query can not be handled
     */
public com.sun.identity.saml2.protocol.Response handleQuery(String pdpEntityId, String pepEntityId, RequestAbstract samlpRequest, SOAPMessage soapMessage) throws SAML2Exception {
    //TODO: logging, i18n
    //TODO: long term, allow different mapper impls for  different
    //combination of pdp, pep
    SubjectMapper subjectMapper = new FMSubjectMapper();
    subjectMapper.initialize(pdpEntityId, pepEntityId, null);
    ResourceMapper resourceMapper = new FMResourceMapper();
    resourceMapper.initialize(pdpEntityId, pepEntityId, null);
    ActionMapper actionMapper = new FMActionMapper();
    actionMapper.initialize(pdpEntityId, pepEntityId, null);
    EnvironmentMapper environmentMapper = new FMEnvironmentMapper();
    environmentMapper.initialize(pdpEntityId, pepEntityId, null);
    ResultMapper resultMapper = new FMResultMapper();
    resultMapper.initialize(pdpEntityId, pepEntityId, null);
    boolean evaluationFailed = false;
    String statusCodeValue = null;
    if (XACMLSDKUtils.debug.messageEnabled()) {
        XACMLSDKUtils.debug.message("XACMLAuthzDecisionQueryHandler.handleQuery(), entering" + ":pdpEntityId=" + pdpEntityId + ":pepEntityId=" + pepEntityId + ":samlpRequest=\n" + samlpRequest.toXMLString(true, true) + ":soapMessage=\n" + soapMessage);
    }
    Request xacmlRequest = ((XACMLAuthzDecisionQuery) samlpRequest).getRequest();
    boolean returnContext = ((XACMLAuthzDecisionQuery) samlpRequest).getReturnContext();
    SSOToken ssoToken = null;
    String resourceName = null;
    String serviceName = null;
    String actionName = null;
    Map environment = null;
    boolean booleanDecision = false;
    try {
        //get native sso token
        ssoToken = (SSOToken) subjectMapper.mapToNativeSubject(xacmlRequest.getSubjects());
        if (ssoToken == null) {
            //TODO: log message and fill missing attribute details 
            statusCodeValue = XACMLConstants.STATUS_CODE_MISSING_ATTRIBUTE;
            evaluationFailed = true;
        } else {
            if (XACMLSDKUtils.debug.messageEnabled()) {
                XACMLSDKUtils.debug.message("XACMLAuthzDecisionQueryHandler.handleQuery()," + "created ssoToken");
            }
        }
        if (ssoToken != null) {
            //get native service name, resource name 
            List resources = xacmlRequest.getResources();
            Resource resource = null;
            if (!resources.isEmpty()) {
                //We deal with only one resource for now
                resource = (Resource) resources.get(0);
            }
            if (resource != null) {
                String[] resourceService = resourceMapper.mapToNativeResource(resource);
                if (resourceService != null) {
                    if (resourceService.length > 0) {
                        resourceName = resourceService[0];
                    }
                    if (resourceService.length > 1) {
                        serviceName = resourceService[1];
                    }
                }
            }
            if (resourceName == null) {
                //TODO: log message and fill missing attribute details 
                statusCodeValue = XACMLConstants.STATUS_CODE_MISSING_ATTRIBUTE;
                evaluationFailed = true;
            }
            if (serviceName == null) {
                //TODO: log message and fill missing attribute details
                throw new SAML2Exception(XACMLSDKUtils.xacmlResourceBundle.getString("missing_attribute"));
            }
        }
        if (serviceName != null) {
            //get native action name
            if (serviceName != null) {
                actionName = actionMapper.mapToNativeAction(xacmlRequest.getAction(), serviceName);
            }
            if (actionName == null) {
                //TODO: log message and fill missing attribute details
                statusCodeValue = XACMLConstants.STATUS_CODE_MISSING_ATTRIBUTE;
                evaluationFailed = true;
            }
        }
    //get environment map
    /*
            environment = environmentMapper.mapToNativeEnvironment(
                    xacmlRequest.getEnvironment(), 
                    xacmlRequest.getSubjects());
            */
    } catch (XACMLException xe) {
        statusCodeValue = XACMLConstants.STATUS_CODE_MISSING_ATTRIBUTE;
        evaluationFailed = true;
        if (XACMLSDKUtils.debug.warningEnabled()) {
            XACMLSDKUtils.debug.warning("XACMLAuthzDecisionQueryHandler.handleQuery()," + "caught exception", xe);
        }
    }
    //get native policy deicison using native policy evaluator
    if (!evaluationFailed) {
        try {
            PolicyEvaluator pe = new PolicyEvaluator(serviceName);
            booleanDecision = pe.isAllowed(ssoToken, resourceName, actionName, environment);
        } catch (SSOException ssoe) {
            if (XACMLSDKUtils.debug.warningEnabled()) {
                XACMLSDKUtils.debug.warning("XACMLAuthzDecisionQueryHandler.handleQuery()," + "caught exception", ssoe);
            }
            evaluationFailed = true;
        } catch (PolicyException pe) {
            if (XACMLSDKUtils.debug.warningEnabled()) {
                XACMLSDKUtils.debug.warning("XACMLAuthzDecisionQueryHandler.handleQuery()," + "caught exception", pe);
            }
            evaluationFailed = true;
        }
    }
    //decision: Indeterminate, Deny, Permit, NotApplicable
    //status code: missing_attribute, syntax_error, processing_error, ok
    Decision decision = ContextFactory.getInstance().createDecision();
    Status status = ContextFactory.getInstance().createStatus();
    StatusCode code = ContextFactory.getInstance().createStatusCode();
    StatusMessage message = ContextFactory.getInstance().createStatusMessage();
    StatusDetail detail = ContextFactory.getInstance().createStatusDetail();
    detail.getElement().insertBefore(detail.getElement().cloneNode(true), null);
    if (evaluationFailed) {
        decision.setValue(XACMLConstants.INDETERMINATE);
        if (statusCodeValue == null) {
            statusCodeValue = XACMLConstants.STATUS_CODE_PROCESSING_ERROR;
        }
        code.setValue(statusCodeValue);
        //TODO: i18n
        message.setValue("processing_error");
    } else if (booleanDecision) {
        decision.setValue(XACMLConstants.PERMIT);
        code.setValue(XACMLConstants.STATUS_CODE_OK);
        //TODO: i18n
        message.setValue("ok");
    } else {
        decision.setValue(XACMLConstants.DENY);
        code.setValue(XACMLConstants.STATUS_CODE_OK);
        //TODO: i18n
        message.setValue("ok");
    }
    Result result = ContextFactory.getInstance().createResult();
    String resourceId = resourceName;
    List resources = xacmlRequest.getResources();
    Resource resource = null;
    if (!resources.isEmpty()) {
        //We deal with only one resource for now
        resource = (Resource) resources.get(0);
        if (resource != null) {
            List attributes = resource.getAttributes();
            if (attributes != null) {
                for (int count = 0; count < attributes.size(); count++) {
                    Attribute attr = (Attribute) attributes.get(count);
                    if (attr != null) {
                        URI tmpURI = attr.getAttributeId();
                        if (tmpURI.toString().equals(XACMLConstants.RESOURCE_ID)) {
                            Element element = (Element) attr.getAttributeValues().get(0);
                            resourceId = XMLUtils.getElementValue(element);
                            break;
                        }
                    }
                }
            }
        }
    }
    result.setResourceId(resourceId);
    result.setDecision(decision);
    status.setStatusCode(code);
    status.setStatusMessage(message);
    status.setStatusDetail(detail);
    result.setStatus(status);
    Response response = ContextFactory.getInstance().createResponse();
    response.addResult(result);
    XACMLAuthzDecisionStatement statement = ContextFactory.getInstance().createXACMLAuthzDecisionStatement();
    statement.setResponse(response);
    if (returnContext) {
        statement.setRequest(xacmlRequest);
    }
    com.sun.identity.saml2.protocol.Response samlpResponse = createSamlpResponse(statement, status.getStatusCode().getValue());
    if (XACMLSDKUtils.debug.messageEnabled()) {
        XACMLSDKUtils.debug.message("XACMLAuthzDecisionQueryHandler.handleQuery(), returning" + ":samlResponse=\n" + samlpResponse.toXMLString(true, true));
    }
    return samlpResponse;
}
Also used : SSOToken(com.iplanet.sso.SSOToken) Attribute(com.sun.identity.xacml.context.Attribute) Element(org.w3c.dom.Element) SSOException(com.iplanet.sso.SSOException) StatusCode(com.sun.identity.xacml.context.StatusCode) URI(java.net.URI) Result(com.sun.identity.xacml.context.Result) ResourceResult(com.sun.identity.policy.ResourceResult) ActionMapper(com.sun.identity.xacml.spi.ActionMapper) XACMLAuthzDecisionStatement(com.sun.identity.xacml.saml2.XACMLAuthzDecisionStatement) PolicyEvaluator(com.sun.identity.policy.PolicyEvaluator) SubjectMapper(com.sun.identity.xacml.spi.SubjectMapper) PolicyException(com.sun.identity.policy.PolicyException) ResourceMapper(com.sun.identity.xacml.spi.ResourceMapper) ArrayList(java.util.ArrayList) List(java.util.List) Status(com.sun.identity.xacml.context.Status) Request(com.sun.identity.xacml.context.Request) Resource(com.sun.identity.xacml.context.Resource) EnvironmentMapper(com.sun.identity.xacml.spi.EnvironmentMapper) Decision(com.sun.identity.xacml.context.Decision) XACMLException(com.sun.identity.xacml.common.XACMLException) StatusMessage(com.sun.identity.xacml.context.StatusMessage) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) Response(com.sun.identity.xacml.context.Response) ResultMapper(com.sun.identity.xacml.spi.ResultMapper) StatusDetail(com.sun.identity.xacml.context.StatusDetail) XACMLAuthzDecisionQuery(com.sun.identity.xacml.saml2.XACMLAuthzDecisionQuery) Map(java.util.Map)

Example 2 with StatusDetail

use of com.sun.identity.saml2.protocol.StatusDetail in project OpenAM by OpenRock.

the class LogoutUtil method getSessionIndex.

static List getSessionIndex(LogoutResponse logoutRes) {
    StatusDetail statusDetail = logoutRes.getStatus().getStatusDetail();
    if (statusDetail == null) {
        return null;
    }
    List details = statusDetail.getAny();
    if (details == null || details.isEmpty()) {
        return null;
    }
    List sessionIndexList = new ArrayList();
    for (Iterator iter = details.iterator(); iter.hasNext(); ) {
        String detail = (String) iter.next();
        Document doc = XMLUtils.toDOMDocument(detail, debug);
        Element elem = doc.getDocumentElement();
        String localName = elem.getLocalName();
        if (SAML2Constants.SESSION_INDEX.equals(localName)) {
            sessionIndexList.add(XMLUtils.getElementString(elem));
        }
    }
    return sessionIndexList;
}
Also used : StatusDetail(com.sun.identity.saml2.protocol.StatusDetail) SingleLogoutServiceElement(com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement) SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement) Element(org.w3c.dom.Element) IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement) ArrayList(java.util.ArrayList) Iterator(java.util.Iterator) List(java.util.List) ArrayList(java.util.ArrayList) Document(org.w3c.dom.Document)

Example 3 with StatusDetail

use of com.sun.identity.saml2.protocol.StatusDetail in project OpenAM by OpenRock.

the class LogoutUtil method setSessionIndex.

static void setSessionIndex(Status status, List sessionIndex) {
    try {
        StatusDetail sd = ProtocolFactory.getInstance().createStatusDetail();
        status.setStatusDetail(sd);
        if (sessionIndex != null && !sessionIndex.isEmpty()) {
            List details = new ArrayList();
            for (Iterator iter = sessionIndex.iterator(); iter.hasNext(); ) {
                String si = (String) iter.next();
                SessionIndex sIndex = ProtocolFactory.getInstance().createSessionIndex(si);
                details.add(sIndex.toXMLString(true, true));
            }
            sd.setAny(details);
        }
    } catch (SAML2Exception e) {
        debug.error("LogoutUtil.setSessionIndex: ", e);
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) StatusDetail(com.sun.identity.saml2.protocol.StatusDetail) SessionIndex(com.sun.identity.saml2.protocol.SessionIndex) ArrayList(java.util.ArrayList) Iterator(java.util.Iterator) List(java.util.List) ArrayList(java.util.ArrayList)

Example 4 with StatusDetail

use of com.sun.identity.saml2.protocol.StatusDetail in project OpenAM by OpenRock.

the class StatusImpl method parseElement.

/* Parses the <code>Status</code> Element. */
private void parseElement(Element element) throws SAML2Exception {
    ProtocolFactory protoFactory = ProtocolFactory.getInstance();
    NodeList nList = element.getChildNodes();
    if ((nList != null) && (nList.getLength() > 0)) {
        for (int i = 0; i < nList.getLength(); i++) {
            Node childNode = nList.item(i);
            String cName = childNode.getLocalName();
            if (cName != null) {
                if (cName.equals(SAML2Constants.STATUS_CODE)) {
                    statusCode = protoFactory.createStatusCode((Element) childNode);
                    validateStatusCode(statusCode);
                } else if (cName.equals(SAML2Constants.STATUS_MESSAGE)) {
                    statusMessage = XMLUtils.getElementString((Element) childNode);
                } else if (cName.equals(SAML2Constants.STATUS_DETAIL)) {
                    statusDetail = protoFactory.createStatusDetail((Element) childNode);
                }
            }
        }
    }
}
Also used : ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory) NodeList(org.w3c.dom.NodeList) Node(org.w3c.dom.Node) Element(org.w3c.dom.Element)

Example 5 with StatusDetail

use of com.sun.identity.saml2.protocol.StatusDetail in project OpenAM by OpenRock.

the class StatusImpl method toXMLString.

/**
     * Returns the <code>Status</code> in an XML document String format
     * based on the <code>Status</code> schema described above.
     *
     * @param includeNSPrefix Determines whether or not the namespace qualifier
     *        is prepended to the Element when converted
     * @param declareNS Determines whether or not the namespace is declared
     *        within the Element.
     * @return A XML String representing the <code>Status</code>.
     * @throws SAML2Exception if some error occurs during conversion to
     *         <code>String</code>.
     */
public String toXMLString(boolean includeNSPrefix, boolean declareNS) throws SAML2Exception {
    String xmlStr = null;
    if (statusCode != null) {
        StringBuffer xmlString = new StringBuffer(500);
        xmlString.append(SAML2Constants.START_TAG);
        if (includeNSPrefix) {
            xmlString.append(SAML2Constants.PROTOCOL_PREFIX);
        }
        xmlString.append(SAML2Constants.STATUS);
        if (declareNS) {
            xmlString.append(SAML2Constants.PROTOCOL_DECLARE_STR);
        }
        xmlString.append(SAML2Constants.END_TAG);
        xmlString.append(SAML2Constants.NEWLINE).append(statusCode.toXMLString(includeNSPrefix, declareNS));
        if ((statusMessage != null) && (statusMessage.length() != 0)) {
            ProtocolFactory protoFactory = ProtocolFactory.getInstance();
            StatusMessage sMessage = protoFactory.createStatusMessage(statusMessage);
            xmlString.append(SAML2Constants.NEWLINE).append(sMessage.toXMLString(includeNSPrefix, declareNS));
        }
        if (statusDetail != null) {
            xmlString.append(SAML2Constants.NEWLINE).append(statusDetail.toXMLString(includeNSPrefix, declareNS));
        }
        xmlString.append(SAML2Constants.NEWLINE).append(SAML2Constants.SAML2_END_TAG).append(SAML2Constants.STATUS).append(SAML2Constants.END_TAG);
        xmlStr = xmlString.toString();
    }
    return xmlStr;
}
Also used : ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory) StatusMessage(com.sun.identity.saml2.protocol.StatusMessage)

Aggregations

ArrayList (java.util.ArrayList)3 List (java.util.List)3 Element (org.w3c.dom.Element)3 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)2 ProtocolFactory (com.sun.identity.saml2.protocol.ProtocolFactory)2 StatusDetail (com.sun.identity.saml2.protocol.StatusDetail)2 Iterator (java.util.Iterator)2 SSOException (com.iplanet.sso.SSOException)1 SSOToken (com.iplanet.sso.SSOToken)1 PolicyEvaluator (com.sun.identity.policy.PolicyEvaluator)1 PolicyException (com.sun.identity.policy.PolicyException)1 ResourceResult (com.sun.identity.policy.ResourceResult)1 IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)1 SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)1 SingleLogoutServiceElement (com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement)1 SessionIndex (com.sun.identity.saml2.protocol.SessionIndex)1 StatusMessage (com.sun.identity.saml2.protocol.StatusMessage)1 XACMLException (com.sun.identity.xacml.common.XACMLException)1 Attribute (com.sun.identity.xacml.context.Attribute)1 Decision (com.sun.identity.xacml.context.Decision)1