Search in sources :

Example 6 with XACMLException

use of com.sun.identity.xacml.common.XACMLException in project OpenAM by OpenRock.

the class EnvironmentImpl method processElement.

private void processElement(Element element) throws XACMLException {
    if (element == null) {
        XACMLSDKUtils.debug.error("EnvironmentImpl.processElement(): invalid root element");
        throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString("invalid_element"));
    }
    String elemName = element.getLocalName();
    if (elemName == null) {
        XACMLSDKUtils.debug.error("EnvironmentImpl.processElement(): local name missing");
        throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString("missing_local_name"));
    }
    if (!elemName.equals(XACMLConstants.ENVIRONMENT)) {
        XACMLSDKUtils.debug.error("EnvironmentImpl.processElement(): invalid local name " + elemName);
        throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString("invalid_local_name"));
    }
    // starts processing subelements
    NodeList nodes = element.getChildNodes();
    int numOfNodes = nodes.getLength();
    if (numOfNodes >= 1) {
        ContextFactory factory = ContextFactory.getInstance();
        for (int nextElem = 0; nextElem < numOfNodes; nextElem++) {
            Node child = (Node) nodes.item(nextElem);
            if (child.getNodeType() == Node.ELEMENT_NODE) {
                // The child nodes should be <Attribute> 
                String attrChildName = child.getLocalName();
                if (attrChildName.equals(XACMLConstants.ATTRIBUTE)) {
                    if (this.attributes == null) {
                        this.attributes = new ArrayList();
                    }
                    Attribute attribute = factory.getInstance().createAttribute((Element) child);
                    attributes.add(attribute);
                } else {
                    XACMLSDKUtils.debug.error("EnvironmentImpl." + "processElement(): Invalid element :" + attrChildName);
                    throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString("invalid_element"));
                }
            }
        }
    }
}
Also used : ContextFactory(com.sun.identity.xacml.context.ContextFactory) Attribute(com.sun.identity.xacml.context.Attribute) NodeList(org.w3c.dom.NodeList) Node(org.w3c.dom.Node) ArrayList(java.util.ArrayList) XACMLException(com.sun.identity.xacml.common.XACMLException)

Example 7 with XACMLException

use of com.sun.identity.xacml.common.XACMLException in project OpenAM by OpenRock.

the class ResponseImpl method setResults.

/**
     * Sets the <code>Result</code>s of this object
     *
     * @param values the <code>Result</code>s of this object.
     * @throws XACMLException if the object is immutable.
     */
public void setResults(List values) throws XACMLException {
    if (!mutable) {
        throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString("objectImmutable"));
    }
    if (values != null) {
        Iterator iter = values.iterator();
        results = new ArrayList();
        while (iter.hasNext()) {
            Result value = (Result) iter.next();
            results.add(value);
        }
    } else {
        results = null;
    }
}
Also used : Iterator(java.util.Iterator) ArrayList(java.util.ArrayList) XACMLException(com.sun.identity.xacml.common.XACMLException) Result(com.sun.identity.xacml.context.Result)

Example 8 with XACMLException

use of com.sun.identity.xacml.common.XACMLException in project OpenAM by OpenRock.

the class ResultImpl method processElement.

private void processElement(Element element) throws XACMLException {
    if (element == null) {
        XACMLSDKUtils.debug.error("ResultImpl.processElement(): invalid root element");
        throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString("invalid_element"));
    }
    String elemName = element.getLocalName();
    if (elemName == null) {
        XACMLSDKUtils.debug.error("ResultImpl.processElement(): local name missing");
        throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString("missing_local_name"));
    }
    if (!elemName.equals(XACMLConstants.RESULT)) {
        XACMLSDKUtils.debug.error("ResultImpl.processElement(): invalid local name " + elemName);
        throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString("invalid_local_name"));
    }
    String resourceIdValue = element.getAttribute(XACMLConstants.RESOURCE_ID);
    if ((resourceIdValue != null) || (resourceIdValue.length() != 0)) {
        resourceId = resourceIdValue;
    }
    NodeList nodes = element.getChildNodes();
    int numOfNodes = nodes.getLength();
    List childElements = new ArrayList();
    int i = 0;
    while (i < numOfNodes) {
        Node child = (Node) nodes.item(i);
        if (child.getNodeType() == Node.ELEMENT_NODE) {
            childElements.add(child);
        }
        i++;
    }
    int childCount = childElements.size();
    if (childCount < 1) {
        XACMLSDKUtils.debug.error("ResultImpl.processElement(): invalid child element count: " + childCount);
        throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString(//FIXME: add i18n key
        "invalid_child_count"));
    } else if (childCount > 3) {
        XACMLSDKUtils.debug.error("ResultImpl.processElement(): invalid child element count: " + childCount);
        throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString(//FIXME: add i18n key
        "invalid_child_count"));
    }
    //process decision element
    Element firstChild = (Element) childElements.get(0);
    String firstChildName = firstChild.getLocalName();
    if (firstChildName.equals(XACMLConstants.DECISION)) {
        decision = ContextFactory.getInstance().createDecision(firstChild);
    } else {
        XACMLSDKUtils.debug.error("ResultImpl.processElement(): invalid first child element: " + firstChildName);
        throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString(//FIXME: add i18n key
        "invalid_first_child"));
    }
    //process status element
    if (childCount > 1) {
        Element secondChild = (Element) childElements.get(1);
        String secondChildName = secondChild.getLocalName();
        if (secondChildName.equals(XACMLConstants.STATUS)) {
            status = ContextFactory.getInstance().createStatus(secondChild);
        } else if (secondChildName.equals(XACMLConstants.OBLIGATIONS)) {
            obligations = PolicyFactory.getInstance().createObligations(secondChild);
        } else {
            XACMLSDKUtils.debug.error("ResultImpl.processElement(): invalid second child element: " + secondChildName);
            throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString(//FIXME: add i18n key
            "invalid_second_child"));
        }
        if (childCount > 2) {
            Element thirdChild = (Element) childElements.get(2);
            String thirdChildName = thirdChild.getLocalName();
            if (thirdChildName.equals(XACMLConstants.OBLIGATIONS) && (obligations == null)) {
                obligations = PolicyFactory.getInstance().createObligations(thirdChild);
            } else {
                XACMLSDKUtils.debug.error("ResultImpl.processElement(): invalid third child element: " + thirdChildName);
                throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString(//FIXME: add i18n key
                "invalid_third_child"));
            }
        }
        if (childCount > 3) {
            Element thirdChild = (Element) childElements.get(3);
            String thirdChildName = thirdChild.getLocalName();
            XACMLSDKUtils.debug.error("ResultImpl.processElement(): invalid third child element: " + thirdChildName);
            throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString(//FIXME: add i18n key
            "invalid_third_child"));
        }
    }
}
Also used : NodeList(org.w3c.dom.NodeList) Node(org.w3c.dom.Node) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) NodeList(org.w3c.dom.NodeList) ArrayList(java.util.ArrayList) List(java.util.List) XACMLException(com.sun.identity.xacml.common.XACMLException)

Example 9 with XACMLException

use of com.sun.identity.xacml.common.XACMLException in project OpenAM by OpenRock.

the class XACMLQueryUtil method getPolicyDecisionForFedlet.

/**
     * Sends the XACML query to specifiied PDP, gets the policy decision
     * and sends it back to the Fedlet
     *
     * @param request HTTP Servlet Request
     * @param pepEntityID PEP entity ID
     * @param pdpEntityID PDP entity ID
     * @param nameIDValue  NameID value 
     * @param serviceName  Service Name
     * @param resource  Resource URL
     * @param action  Action
     *
     * @return the <code>String</code> object
     * @exception SAML2Exception if the operation is not successful
     *
     * @supported.api
     */
public static String getPolicyDecisionForFedlet(HttpServletRequest request, String pepEntityID, String pdpEntityID, String nameIDValue, String serviceName, String resource, String action) throws SAML2Exception {
    Request Xrequest = ContextFactory.getInstance().createRequest();
    Response xacmlResponse = null;
    try {
        //Subject
        Subject subject = ContextFactory.getInstance().createSubject();
        subject.setSubjectCategory(new URI(XACMLConstants.ACCESS_SUBJECT));
        //set subject id
        Attribute attribute = ContextFactory.getInstance().createAttribute();
        attribute.setAttributeId(new URI(XACMLConstants.SUBJECT_ID));
        attribute.setDataType(new URI(XACMLConstants.SAML2_NAMEID));
        List valueList = new ArrayList();
        valueList.add(nameIDValue);
        attribute.setAttributeStringValues(valueList);
        List attributeList = new ArrayList();
        attributeList.add(attribute);
        subject.setAttributes(attributeList);
        // Set Subject in Request
        List subjectList = new ArrayList();
        subjectList.add(subject);
        Xrequest.setSubjects(subjectList);
        // Resource
        Resource xacml_resource = ContextFactory.getInstance().createResource();
        // Set resource id
        attribute = ContextFactory.getInstance().createAttribute();
        attribute.setAttributeId(new URI(XACMLConstants.RESOURCE_ID));
        attribute.setDataType(new URI(XACMLConstants.XS_STRING));
        valueList = new ArrayList();
        valueList.add(resource);
        attribute.setAttributeStringValues(valueList);
        attributeList = new ArrayList();
        attributeList.add(attribute);
        // Set serviceName
        attribute = ContextFactory.getInstance().createAttribute();
        attribute.setAttributeId(new URI(XACMLConstants.TARGET_SERVICE));
        attribute.setDataType(new URI(XACMLConstants.XS_STRING));
        valueList = new ArrayList();
        valueList.add(serviceName);
        attribute.setAttributeStringValues(valueList);
        attributeList.add(attribute);
        xacml_resource.setAttributes(attributeList);
        // Set Resource in Request
        List resourceList = new ArrayList();
        resourceList.add(xacml_resource);
        Xrequest.setResources(resourceList);
        // Action
        Action xacml_action = ContextFactory.getInstance().createAction();
        attribute = ContextFactory.getInstance().createAttribute();
        attribute.setAttributeId(new URI(XACMLConstants.ACTION_ID));
        attribute.setDataType(new URI(XACMLConstants.XS_STRING));
        // Set actionID
        valueList = new ArrayList();
        valueList.add(action);
        attribute.setAttributeStringValues(valueList);
        attributeList = new ArrayList();
        attributeList.add(attribute);
        xacml_action.setAttributes(attributeList);
        // Set Action in Request
        Xrequest.setAction(xacml_action);
        Environment environment = ContextFactory.getInstance().createEnvironment();
        Xrequest.setEnvironment(environment);
        xacmlResponse = XACMLRequestProcessor.getInstance().processRequest(Xrequest, pdpEntityID, pepEntityID);
        if (xacmlResponse != null) {
            List results = xacmlResponse.getResults();
            if (results.size() > 0) {
                Result policy_result = (Result) results.get(0);
                if (policy_result != null) {
                    Decision decision = (Decision) policy_result.getDecision();
                    if (decision != null) {
                        String policy_decision = decision.getValue();
                        if (policy_decision != null) {
                            return policy_decision;
                        }
                    }
                }
            }
        }
    } catch (URISyntaxException uriexp) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("XACMLQueryUtil." + "getPolicyDecisionForFedlet: " + "URI Exception while sending the XACML Request");
        }
    } catch (XACMLException xacmlexp) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("XACMLQueryUtil." + "getPolicyDecisionForFedlet: " + "Error while processing the XACML Response");
        }
    }
    return null;
}
Also used : Action(com.sun.identity.xacml.context.Action) Attribute(com.sun.identity.xacml.context.Attribute) Request(com.sun.identity.xacml.context.Request) HttpServletRequest(javax.servlet.http.HttpServletRequest) ArrayList(java.util.ArrayList) Resource(com.sun.identity.xacml.context.Resource) URISyntaxException(java.net.URISyntaxException) URI(java.net.URI) Subject(com.sun.identity.xacml.context.Subject) Decision(com.sun.identity.xacml.context.Decision) Result(com.sun.identity.xacml.context.Result) XACMLException(com.sun.identity.xacml.common.XACMLException) Response(com.sun.identity.xacml.context.Response) Environment(com.sun.identity.xacml.context.Environment) ArrayList(java.util.ArrayList) List(java.util.List)

Example 10 with XACMLException

use of com.sun.identity.xacml.common.XACMLException in project OpenAM by OpenRock.

the class FMSubjectMapperTest method testMapToNativeSubject.

@Test(groups = { "xacml" })
public void testMapToNativeSubject() throws XACMLException, URISyntaxException {
    FMSubjectMapper subjectMapper = new FMSubjectMapper();
    Subject subject1 = ContextFactory.getInstance().createSubject();
    //supported category for id
    //urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
    subject1.setSubjectCategory(new URI("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"));
    Attribute attribute = ContextFactory.getInstance().createAttribute();
    attribute.setIssuer("sampleIssuer1");
    //key attribute id
    //urn:oasis:names:tc:xacml:1.0:subject:subject-id
    attribute.setAttributeId(new URI("urn:oasis:names:tc:xacml:1.0:subject:subject-id"));
    //supported data type for id
    //urn:oasis:names:tc:xacml:1.0:data-type:x500Name
    //urn:sun:names:xacml:2.0:data-type:opensso-session-id
    //urn:sun:names:xacml:2.0:data-type:openfm-sp-nameid
    attribute.setDataType(new URI("urn:sun:names:xacml:2.0:data-type:opensso-session-id"));
    List<String> valueList = new ArrayList<String>();
    AuthContext lc = null;
    String[] callbacks = { "amadmin", "admin123" };
    SSOToken ssot = null;
    try {
        lc = new AuthContext("/");
        AuthContext.IndexType indexType = AuthContext.IndexType.MODULE_INSTANCE;
        String indexName = "DataStore";
        log(Level.INFO, "testMapToNativeSubject():\n", " LDAPLogin: Obtained login context");
        lc.login(indexType, indexName, callbacks);
        if (lc.getStatus() == AuthContext.Status.SUCCESS) {
            log(Level.INFO, "testMapToNativeSubject():\n", " Login success!!");
        }
        ssot = lc.getSSOToken();
    } catch (Exception le) {
        le.printStackTrace();
        log(Level.INFO, "testMapToNativeSubject():\n", " Login failed!!");
    }
    String sid = ssot.getTokenID().toString();
    log(Level.INFO, "testMapToNativeSubject():\n", " sid = " + sid);
    valueList.add(sid);
    attribute.setAttributeStringValues(valueList);
    List<Attribute> attributeList = new ArrayList<Attribute>();
    attributeList.add(attribute);
    subject1.setAttributes(attributeList);
    Subject[] subjects = { subject1 };
    List<Subject> subjectsList = new ArrayList<Subject>();
    subjectsList.add(subject1);
    SSOToken retSSOToken = (SSOToken) subjectMapper.mapToNativeSubject(subjectsList);
    String retSid = retSSOToken.getTokenID().toString();
    log(Level.INFO, "testMapToNativeSubject():\n", " return sid = " + retSid);
}
Also used : SSOToken(com.iplanet.sso.SSOToken) Attribute(com.sun.identity.xacml.context.Attribute) ArrayList(java.util.ArrayList) AuthContext(com.sun.identity.authentication.AuthContext) URI(java.net.URI) Subject(com.sun.identity.xacml.context.Subject) URISyntaxException(java.net.URISyntaxException) XACMLException(com.sun.identity.xacml.common.XACMLException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) SSOException(com.iplanet.sso.SSOException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) Test(org.testng.annotations.Test)

Aggregations

XACMLException (com.sun.identity.xacml.common.XACMLException)22 ArrayList (java.util.ArrayList)18 Element (org.w3c.dom.Element)14 Node (org.w3c.dom.Node)14 NodeList (org.w3c.dom.NodeList)14 Attribute (com.sun.identity.xacml.context.Attribute)7 List (java.util.List)7 ContextFactory (com.sun.identity.xacml.context.ContextFactory)6 URI (java.net.URI)6 Resource (com.sun.identity.xacml.context.Resource)3 Result (com.sun.identity.xacml.context.Result)3 Subject (com.sun.identity.xacml.context.Subject)3 Iterator (java.util.Iterator)3 NamedNodeMap (org.w3c.dom.NamedNodeMap)3 SSOException (com.iplanet.sso.SSOException)2 SSOToken (com.iplanet.sso.SSOToken)2 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)2 Decision (com.sun.identity.xacml.context.Decision)2 Request (com.sun.identity.xacml.context.Request)2 Response (com.sun.identity.xacml.context.Response)2