use of com.sun.identity.xacml.common.XACMLException in project OpenAM by OpenRock.
the class AttributeImpl method setAttributeValues.
/**
* Sets the <code>AttributeValue</code> elements of this object
*
* @param values a <code>List</code> containing Element representing
* <code>AttributeValue</code> of this object.
*
* @exception XACMLException if the object is immutable
* An object is considered <code>immutable</code> if <code>
* makeImmutable()</code> has been invoked on it. It can
* be determined by calling <code>isMutable</code> on the object.
*/
public void setAttributeValues(List values) throws XACMLException {
if (!isMutable) {
throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString("objectImmutable"));
}
if (this.values == null) {
this.values = new ArrayList();
}
if (values == null || values.isEmpty()) {
throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString("null_not_valid"));
}
for (int i = 0; i < values.size(); i++) {
Element value = (Element) values.get(i);
String elemName = value.getLocalName();
if (elemName == null || !elemName.equals(XACMLConstants.ATTRIBUTE_VALUE)) {
XACMLSDKUtils.debug.error("StatusMessageImpl.processElement():" + "local name missing or incorrect");
throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString("missing_local_name"));
}
this.values.add(value);
}
}
use of com.sun.identity.xacml.common.XACMLException in project OpenAM by OpenRock.
the class EnvironmentImpl method processElement.
private void processElement(Element element) throws XACMLException {
if (element == null) {
XACMLSDKUtils.debug.error("EnvironmentImpl.processElement(): invalid root element");
throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString("invalid_element"));
}
String elemName = element.getLocalName();
if (elemName == null) {
XACMLSDKUtils.debug.error("EnvironmentImpl.processElement(): local name missing");
throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString("missing_local_name"));
}
if (!elemName.equals(XACMLConstants.ENVIRONMENT)) {
XACMLSDKUtils.debug.error("EnvironmentImpl.processElement(): invalid local name " + elemName);
throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString("invalid_local_name"));
}
// starts processing subelements
NodeList nodes = element.getChildNodes();
int numOfNodes = nodes.getLength();
if (numOfNodes >= 1) {
ContextFactory factory = ContextFactory.getInstance();
for (int nextElem = 0; nextElem < numOfNodes; nextElem++) {
Node child = (Node) nodes.item(nextElem);
if (child.getNodeType() == Node.ELEMENT_NODE) {
// The child nodes should be <Attribute>
String attrChildName = child.getLocalName();
if (attrChildName.equals(XACMLConstants.ATTRIBUTE)) {
if (this.attributes == null) {
this.attributes = new ArrayList();
}
Attribute attribute = factory.getInstance().createAttribute((Element) child);
attributes.add(attribute);
} else {
XACMLSDKUtils.debug.error("EnvironmentImpl." + "processElement(): Invalid element :" + attrChildName);
throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString("invalid_element"));
}
}
}
}
}
use of com.sun.identity.xacml.common.XACMLException in project OpenAM by OpenRock.
the class ResponseImpl method setResults.
/**
* Sets the <code>Result</code>s of this object
*
* @param values the <code>Result</code>s of this object.
* @throws XACMLException if the object is immutable.
*/
public void setResults(List values) throws XACMLException {
if (!mutable) {
throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString("objectImmutable"));
}
if (values != null) {
Iterator iter = values.iterator();
results = new ArrayList();
while (iter.hasNext()) {
Result value = (Result) iter.next();
results.add(value);
}
} else {
results = null;
}
}
use of com.sun.identity.xacml.common.XACMLException in project OpenAM by OpenRock.
the class ResultImpl method processElement.
private void processElement(Element element) throws XACMLException {
if (element == null) {
XACMLSDKUtils.debug.error("ResultImpl.processElement(): invalid root element");
throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString("invalid_element"));
}
String elemName = element.getLocalName();
if (elemName == null) {
XACMLSDKUtils.debug.error("ResultImpl.processElement(): local name missing");
throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString("missing_local_name"));
}
if (!elemName.equals(XACMLConstants.RESULT)) {
XACMLSDKUtils.debug.error("ResultImpl.processElement(): invalid local name " + elemName);
throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString("invalid_local_name"));
}
String resourceIdValue = element.getAttribute(XACMLConstants.RESOURCE_ID);
if ((resourceIdValue != null) || (resourceIdValue.length() != 0)) {
resourceId = resourceIdValue;
}
NodeList nodes = element.getChildNodes();
int numOfNodes = nodes.getLength();
List childElements = new ArrayList();
int i = 0;
while (i < numOfNodes) {
Node child = (Node) nodes.item(i);
if (child.getNodeType() == Node.ELEMENT_NODE) {
childElements.add(child);
}
i++;
}
int childCount = childElements.size();
if (childCount < 1) {
XACMLSDKUtils.debug.error("ResultImpl.processElement(): invalid child element count: " + childCount);
throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString(//FIXME: add i18n key
"invalid_child_count"));
} else if (childCount > 3) {
XACMLSDKUtils.debug.error("ResultImpl.processElement(): invalid child element count: " + childCount);
throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString(//FIXME: add i18n key
"invalid_child_count"));
}
//process decision element
Element firstChild = (Element) childElements.get(0);
String firstChildName = firstChild.getLocalName();
if (firstChildName.equals(XACMLConstants.DECISION)) {
decision = ContextFactory.getInstance().createDecision(firstChild);
} else {
XACMLSDKUtils.debug.error("ResultImpl.processElement(): invalid first child element: " + firstChildName);
throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString(//FIXME: add i18n key
"invalid_first_child"));
}
//process status element
if (childCount > 1) {
Element secondChild = (Element) childElements.get(1);
String secondChildName = secondChild.getLocalName();
if (secondChildName.equals(XACMLConstants.STATUS)) {
status = ContextFactory.getInstance().createStatus(secondChild);
} else if (secondChildName.equals(XACMLConstants.OBLIGATIONS)) {
obligations = PolicyFactory.getInstance().createObligations(secondChild);
} else {
XACMLSDKUtils.debug.error("ResultImpl.processElement(): invalid second child element: " + secondChildName);
throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString(//FIXME: add i18n key
"invalid_second_child"));
}
if (childCount > 2) {
Element thirdChild = (Element) childElements.get(2);
String thirdChildName = thirdChild.getLocalName();
if (thirdChildName.equals(XACMLConstants.OBLIGATIONS) && (obligations == null)) {
obligations = PolicyFactory.getInstance().createObligations(thirdChild);
} else {
XACMLSDKUtils.debug.error("ResultImpl.processElement(): invalid third child element: " + thirdChildName);
throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString(//FIXME: add i18n key
"invalid_third_child"));
}
}
if (childCount > 3) {
Element thirdChild = (Element) childElements.get(3);
String thirdChildName = thirdChild.getLocalName();
XACMLSDKUtils.debug.error("ResultImpl.processElement(): invalid third child element: " + thirdChildName);
throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString(//FIXME: add i18n key
"invalid_third_child"));
}
}
}
use of com.sun.identity.xacml.common.XACMLException in project OpenAM by OpenRock.
the class XACMLAuthzDecisionQueryHandler method handleQuery.
/**
* Processes an XACMLAuthzDecisionQuery and retruns a SAML2 Response.
*
* @param pdpEntityId EntityID of PDP
* @param pepEntityId EntityID of PEP
* @param samlpRequest SAML2 Request, an XAMLAuthzDecisionQuery
* @param soapMessage SOAPMessage that carried the SAML2 Request
* @return SAML2 Response with an XAMLAuthzDecisionStatement
* @exception SAML2Exception if the query can not be handled
*/
public com.sun.identity.saml2.protocol.Response handleQuery(String pdpEntityId, String pepEntityId, RequestAbstract samlpRequest, SOAPMessage soapMessage) throws SAML2Exception {
//TODO: logging, i18n
//TODO: long term, allow different mapper impls for different
//combination of pdp, pep
SubjectMapper subjectMapper = new FMSubjectMapper();
subjectMapper.initialize(pdpEntityId, pepEntityId, null);
ResourceMapper resourceMapper = new FMResourceMapper();
resourceMapper.initialize(pdpEntityId, pepEntityId, null);
ActionMapper actionMapper = new FMActionMapper();
actionMapper.initialize(pdpEntityId, pepEntityId, null);
EnvironmentMapper environmentMapper = new FMEnvironmentMapper();
environmentMapper.initialize(pdpEntityId, pepEntityId, null);
ResultMapper resultMapper = new FMResultMapper();
resultMapper.initialize(pdpEntityId, pepEntityId, null);
boolean evaluationFailed = false;
String statusCodeValue = null;
if (XACMLSDKUtils.debug.messageEnabled()) {
XACMLSDKUtils.debug.message("XACMLAuthzDecisionQueryHandler.handleQuery(), entering" + ":pdpEntityId=" + pdpEntityId + ":pepEntityId=" + pepEntityId + ":samlpRequest=\n" + samlpRequest.toXMLString(true, true) + ":soapMessage=\n" + soapMessage);
}
Request xacmlRequest = ((XACMLAuthzDecisionQuery) samlpRequest).getRequest();
boolean returnContext = ((XACMLAuthzDecisionQuery) samlpRequest).getReturnContext();
SSOToken ssoToken = null;
String resourceName = null;
String serviceName = null;
String actionName = null;
Map environment = null;
boolean booleanDecision = false;
try {
//get native sso token
ssoToken = (SSOToken) subjectMapper.mapToNativeSubject(xacmlRequest.getSubjects());
if (ssoToken == null) {
//TODO: log message and fill missing attribute details
statusCodeValue = XACMLConstants.STATUS_CODE_MISSING_ATTRIBUTE;
evaluationFailed = true;
} else {
if (XACMLSDKUtils.debug.messageEnabled()) {
XACMLSDKUtils.debug.message("XACMLAuthzDecisionQueryHandler.handleQuery()," + "created ssoToken");
}
}
if (ssoToken != null) {
//get native service name, resource name
List resources = xacmlRequest.getResources();
Resource resource = null;
if (!resources.isEmpty()) {
//We deal with only one resource for now
resource = (Resource) resources.get(0);
}
if (resource != null) {
String[] resourceService = resourceMapper.mapToNativeResource(resource);
if (resourceService != null) {
if (resourceService.length > 0) {
resourceName = resourceService[0];
}
if (resourceService.length > 1) {
serviceName = resourceService[1];
}
}
}
if (resourceName == null) {
//TODO: log message and fill missing attribute details
statusCodeValue = XACMLConstants.STATUS_CODE_MISSING_ATTRIBUTE;
evaluationFailed = true;
}
if (serviceName == null) {
//TODO: log message and fill missing attribute details
throw new SAML2Exception(XACMLSDKUtils.xacmlResourceBundle.getString("missing_attribute"));
}
}
if (serviceName != null) {
//get native action name
if (serviceName != null) {
actionName = actionMapper.mapToNativeAction(xacmlRequest.getAction(), serviceName);
}
if (actionName == null) {
//TODO: log message and fill missing attribute details
statusCodeValue = XACMLConstants.STATUS_CODE_MISSING_ATTRIBUTE;
evaluationFailed = true;
}
}
//get environment map
/*
environment = environmentMapper.mapToNativeEnvironment(
xacmlRequest.getEnvironment(),
xacmlRequest.getSubjects());
*/
} catch (XACMLException xe) {
statusCodeValue = XACMLConstants.STATUS_CODE_MISSING_ATTRIBUTE;
evaluationFailed = true;
if (XACMLSDKUtils.debug.warningEnabled()) {
XACMLSDKUtils.debug.warning("XACMLAuthzDecisionQueryHandler.handleQuery()," + "caught exception", xe);
}
}
//get native policy deicison using native policy evaluator
if (!evaluationFailed) {
try {
PolicyEvaluator pe = new PolicyEvaluator(serviceName);
booleanDecision = pe.isAllowed(ssoToken, resourceName, actionName, environment);
} catch (SSOException ssoe) {
if (XACMLSDKUtils.debug.warningEnabled()) {
XACMLSDKUtils.debug.warning("XACMLAuthzDecisionQueryHandler.handleQuery()," + "caught exception", ssoe);
}
evaluationFailed = true;
} catch (PolicyException pe) {
if (XACMLSDKUtils.debug.warningEnabled()) {
XACMLSDKUtils.debug.warning("XACMLAuthzDecisionQueryHandler.handleQuery()," + "caught exception", pe);
}
evaluationFailed = true;
}
}
//decision: Indeterminate, Deny, Permit, NotApplicable
//status code: missing_attribute, syntax_error, processing_error, ok
Decision decision = ContextFactory.getInstance().createDecision();
Status status = ContextFactory.getInstance().createStatus();
StatusCode code = ContextFactory.getInstance().createStatusCode();
StatusMessage message = ContextFactory.getInstance().createStatusMessage();
StatusDetail detail = ContextFactory.getInstance().createStatusDetail();
detail.getElement().insertBefore(detail.getElement().cloneNode(true), null);
if (evaluationFailed) {
decision.setValue(XACMLConstants.INDETERMINATE);
if (statusCodeValue == null) {
statusCodeValue = XACMLConstants.STATUS_CODE_PROCESSING_ERROR;
}
code.setValue(statusCodeValue);
//TODO: i18n
message.setValue("processing_error");
} else if (booleanDecision) {
decision.setValue(XACMLConstants.PERMIT);
code.setValue(XACMLConstants.STATUS_CODE_OK);
//TODO: i18n
message.setValue("ok");
} else {
decision.setValue(XACMLConstants.DENY);
code.setValue(XACMLConstants.STATUS_CODE_OK);
//TODO: i18n
message.setValue("ok");
}
Result result = ContextFactory.getInstance().createResult();
String resourceId = resourceName;
List resources = xacmlRequest.getResources();
Resource resource = null;
if (!resources.isEmpty()) {
//We deal with only one resource for now
resource = (Resource) resources.get(0);
if (resource != null) {
List attributes = resource.getAttributes();
if (attributes != null) {
for (int count = 0; count < attributes.size(); count++) {
Attribute attr = (Attribute) attributes.get(count);
if (attr != null) {
URI tmpURI = attr.getAttributeId();
if (tmpURI.toString().equals(XACMLConstants.RESOURCE_ID)) {
Element element = (Element) attr.getAttributeValues().get(0);
resourceId = XMLUtils.getElementValue(element);
break;
}
}
}
}
}
}
result.setResourceId(resourceId);
result.setDecision(decision);
status.setStatusCode(code);
status.setStatusMessage(message);
status.setStatusDetail(detail);
result.setStatus(status);
Response response = ContextFactory.getInstance().createResponse();
response.addResult(result);
XACMLAuthzDecisionStatement statement = ContextFactory.getInstance().createXACMLAuthzDecisionStatement();
statement.setResponse(response);
if (returnContext) {
statement.setRequest(xacmlRequest);
}
com.sun.identity.saml2.protocol.Response samlpResponse = createSamlpResponse(statement, status.getStatusCode().getValue());
if (XACMLSDKUtils.debug.messageEnabled()) {
XACMLSDKUtils.debug.message("XACMLAuthzDecisionQueryHandler.handleQuery(), returning" + ":samlResponse=\n" + samlpResponse.toXMLString(true, true));
}
return samlpResponse;
}
Aggregations