Search in sources :

Example 1 with Request

use of com.sun.identity.xacml.context.Request in project OpenAM by OpenRock.

the class XACMLRequestProcessorTest method createSampleXacmlRequest.

private Request createSampleXacmlRequest(String subjectId, String subjectIdType, String subjectCategory, String resourceId, String resourceIdType, String serviceName, String serviceNameType, String actionId, String actionIdType) throws XACMLException, URISyntaxException {
    Request request = ContextFactory.getInstance().createRequest();
    //Subject1, access-subject
    Subject subject1 = ContextFactory.getInstance().createSubject();
    //supported category for id
    //urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
    subject1.setSubjectCategory(new URI(subjectCategory));
    Attribute attribute = ContextFactory.getInstance().createAttribute();
    //key attribute id
    //urn:oasis:names:tc:xacml:1.0:subject:subject-id
    attribute.setAttributeId(new URI(XACMLConstants.SUBJECT_ID));
    //supported data type for id
    //urn:oasis:names:tc:xacml:1.0:data-type:x500Name
    //urn:sun:names:xacml:2.0:data-type:opensso-session-id
    //urn:sun:names:xacml:2.0:data-type:openfm-sp-nameid
    attribute.setDataType(new URI(subjectIdType));
    attribute.setIssuer("sampleIssuer1");
    //set values
    List<String> valueList = new ArrayList<String>();
    valueList.add(subjectId);
    attribute.setAttributeStringValues(valueList);
    List<Attribute> attributeList = new ArrayList<Attribute>();
    attributeList.add(attribute);
    subject1.setAttributes(attributeList);
    //Subject2, intermediary-subject
    Subject subject2 = ContextFactory.getInstance().createSubject();
    subject2.setSubjectCategory(new URI(XACMLConstants.INTERMEDIARY_SUBJECT));
    attribute = ContextFactory.getInstance().createAttribute();
    attribute.setAttributeId(new URI(XACMLConstants.SUBJECT_ID));
    //supported data type for id
    //urn:oasis:names:tc:xacml:1.0:data-type:x500Name
    //urn:sun:names:xacml:2.0:data-type:opensso-session-id
    //urn:sun:names:xacml:2.0:data-type:openfm-sp-nameid
    attribute.setDataType(new URI(subjectIdType));
    attribute.setIssuer("sampleIssuer2");
    //set values
    valueList = new ArrayList<String>();
    valueList.add(subjectId);
    attribute.setAttributeStringValues(valueList);
    attributeList = new ArrayList<Attribute>();
    attributeList.add(attribute);
    subject2.setAttributes(attributeList);
    //set subjects in request
    List<Subject> subjectList = new ArrayList<Subject>();
    subjectList.add(subject1);
    subjectList.add(subject2);
    request.setSubjects(subjectList);
    //Resource
    Resource resource = ContextFactory.getInstance().createResource();
    //resoruce-id attribute
    attribute = ContextFactory.getInstance().createAttribute();
    //key attribute id
    //urn:oasis:names:tc:xacml:1.0:resource:resource-id
    attribute.setAttributeId(new URI(XACMLConstants.RESOURCE_ID));
    //supported data type
    //http://www.w3.org/2001/XMLSchema#string
    attribute.setDataType(new URI(resourceIdType));
    attribute.setIssuer("sampleIssuer3");
    //set values
    valueList = new ArrayList<String>();
    valueList.add(resourceId);
    attribute.setAttributeStringValues(valueList);
    attributeList = new ArrayList<Attribute>();
    attributeList.add(attribute);
    //serviceName attribute
    attribute = ContextFactory.getInstance().createAttribute();
    //additional attribute id
    //urn:sun:names:xacml:2.0:resource:target-service
    attribute.setAttributeId(new URI(XACMLConstants.TARGET_SERVICE));
    //supported data type
    //http://www.w3.org/2001/XMLSchema#string
    attribute.setDataType(new URI(serviceNameType));
    attribute.setIssuer("sampleIssuer3");
    //set values
    valueList = new ArrayList<String>();
    valueList.add(serviceName);
    attribute.setAttributeStringValues(valueList);
    attributeList.add(attribute);
    resource.setAttributes(attributeList);
    List<Resource> resourceList = new ArrayList<Resource>();
    resourceList.add(resource);
    request.setResources(resourceList);
    //Action
    Action action = ContextFactory.getInstance().createAction();
    attribute = ContextFactory.getInstance().createAttribute();
    //key attribute id
    //urn:oasis:names:tc:xacml:1.0:action:action-id
    attribute.setAttributeId(new URI(XACMLConstants.ACTION_ID));
    //supported data type
    //http://www.w3.org/2001/XMLSchema#string
    attribute.setDataType(new URI(actionIdType));
    attribute.setIssuer("sampleIssuer5");
    valueList = new ArrayList<String>();
    valueList.add(actionId);
    attribute.setAttributeStringValues(valueList);
    attributeList = new ArrayList<Attribute>();
    attributeList.add(attribute);
    action.setAttributes(attributeList);
    request.setAction(action);
    //Enviornment
    Environment environment = ContextFactory.getInstance().createEnvironment();
    request.setEnvironment(environment);
    return request;
}
Also used : Action(com.sun.identity.xacml.context.Action) Attribute(com.sun.identity.xacml.context.Attribute) Request(com.sun.identity.xacml.context.Request) ArrayList(java.util.ArrayList) Resource(com.sun.identity.xacml.context.Resource) URI(java.net.URI) Subject(com.sun.identity.xacml.context.Subject) Environment(com.sun.identity.xacml.context.Environment)

Example 2 with Request

use of com.sun.identity.xacml.context.Request in project OpenAM by OpenRock.

the class XACMLClientSample method testProcessRequest.

private void testProcessRequest(String pdpEntityId, String pepEntityId, String subjectId, String subjectIdType, String subjectCategory, String resourceId, String resourceIdType, String serviceName, String serviceNameType, String actionId, String actionIdType) throws XACMLException, SAML2Exception, URISyntaxException, Exception {
    Request xacmlRequest = createSampleXacmlRequest(subjectId, subjectIdType, subjectCategory, resourceId, resourceIdType, serviceName, serviceNameType, actionId, actionIdType);
    System.out.println("\ntestProcessRequest():xacmlRequest:\n" + xacmlRequest.toXMLString(true, true));
    Response xacmlResponse = XACMLRequestProcessor.getInstance().processRequest(xacmlRequest, pdpEntityId, pepEntityId);
    System.out.println("testProcessRequest():xacmlResponse:\n" + xacmlResponse.toXMLString(true, true));
}
Also used : Response(com.sun.identity.xacml.context.Response) Request(com.sun.identity.xacml.context.Request)

Example 3 with Request

use of com.sun.identity.xacml.context.Request in project OpenAM by OpenRock.

the class XACMLAuthzDecisionQueryHandler method handleQuery.

/**
     * Processes an XACMLAuthzDecisionQuery and retruns a SAML2 Response.
     *
     * @param pdpEntityId EntityID of PDP
     * @param pepEntityId EntityID of PEP
     * @param samlpRequest SAML2 Request, an XAMLAuthzDecisionQuery
     * @param soapMessage SOAPMessage that carried the SAML2 Request
     * @return SAML2 Response with an XAMLAuthzDecisionStatement
     * @exception SAML2Exception if the query can not be handled
     */
public com.sun.identity.saml2.protocol.Response handleQuery(String pdpEntityId, String pepEntityId, RequestAbstract samlpRequest, SOAPMessage soapMessage) throws SAML2Exception {
    //TODO: logging, i18n
    //TODO: long term, allow different mapper impls for  different
    //combination of pdp, pep
    SubjectMapper subjectMapper = new FMSubjectMapper();
    subjectMapper.initialize(pdpEntityId, pepEntityId, null);
    ResourceMapper resourceMapper = new FMResourceMapper();
    resourceMapper.initialize(pdpEntityId, pepEntityId, null);
    ActionMapper actionMapper = new FMActionMapper();
    actionMapper.initialize(pdpEntityId, pepEntityId, null);
    EnvironmentMapper environmentMapper = new FMEnvironmentMapper();
    environmentMapper.initialize(pdpEntityId, pepEntityId, null);
    ResultMapper resultMapper = new FMResultMapper();
    resultMapper.initialize(pdpEntityId, pepEntityId, null);
    boolean evaluationFailed = false;
    String statusCodeValue = null;
    if (XACMLSDKUtils.debug.messageEnabled()) {
        XACMLSDKUtils.debug.message("XACMLAuthzDecisionQueryHandler.handleQuery(), entering" + ":pdpEntityId=" + pdpEntityId + ":pepEntityId=" + pepEntityId + ":samlpRequest=\n" + samlpRequest.toXMLString(true, true) + ":soapMessage=\n" + soapMessage);
    }
    Request xacmlRequest = ((XACMLAuthzDecisionQuery) samlpRequest).getRequest();
    boolean returnContext = ((XACMLAuthzDecisionQuery) samlpRequest).getReturnContext();
    SSOToken ssoToken = null;
    String resourceName = null;
    String serviceName = null;
    String actionName = null;
    Map environment = null;
    boolean booleanDecision = false;
    try {
        //get native sso token
        ssoToken = (SSOToken) subjectMapper.mapToNativeSubject(xacmlRequest.getSubjects());
        if (ssoToken == null) {
            //TODO: log message and fill missing attribute details 
            statusCodeValue = XACMLConstants.STATUS_CODE_MISSING_ATTRIBUTE;
            evaluationFailed = true;
        } else {
            if (XACMLSDKUtils.debug.messageEnabled()) {
                XACMLSDKUtils.debug.message("XACMLAuthzDecisionQueryHandler.handleQuery()," + "created ssoToken");
            }
        }
        if (ssoToken != null) {
            //get native service name, resource name 
            List resources = xacmlRequest.getResources();
            Resource resource = null;
            if (!resources.isEmpty()) {
                //We deal with only one resource for now
                resource = (Resource) resources.get(0);
            }
            if (resource != null) {
                String[] resourceService = resourceMapper.mapToNativeResource(resource);
                if (resourceService != null) {
                    if (resourceService.length > 0) {
                        resourceName = resourceService[0];
                    }
                    if (resourceService.length > 1) {
                        serviceName = resourceService[1];
                    }
                }
            }
            if (resourceName == null) {
                //TODO: log message and fill missing attribute details 
                statusCodeValue = XACMLConstants.STATUS_CODE_MISSING_ATTRIBUTE;
                evaluationFailed = true;
            }
            if (serviceName == null) {
                //TODO: log message and fill missing attribute details
                throw new SAML2Exception(XACMLSDKUtils.xacmlResourceBundle.getString("missing_attribute"));
            }
        }
        if (serviceName != null) {
            //get native action name
            if (serviceName != null) {
                actionName = actionMapper.mapToNativeAction(xacmlRequest.getAction(), serviceName);
            }
            if (actionName == null) {
                //TODO: log message and fill missing attribute details
                statusCodeValue = XACMLConstants.STATUS_CODE_MISSING_ATTRIBUTE;
                evaluationFailed = true;
            }
        }
    //get environment map
    /*
            environment = environmentMapper.mapToNativeEnvironment(
                    xacmlRequest.getEnvironment(), 
                    xacmlRequest.getSubjects());
            */
    } catch (XACMLException xe) {
        statusCodeValue = XACMLConstants.STATUS_CODE_MISSING_ATTRIBUTE;
        evaluationFailed = true;
        if (XACMLSDKUtils.debug.warningEnabled()) {
            XACMLSDKUtils.debug.warning("XACMLAuthzDecisionQueryHandler.handleQuery()," + "caught exception", xe);
        }
    }
    //get native policy deicison using native policy evaluator
    if (!evaluationFailed) {
        try {
            PolicyEvaluator pe = new PolicyEvaluator(serviceName);
            booleanDecision = pe.isAllowed(ssoToken, resourceName, actionName, environment);
        } catch (SSOException ssoe) {
            if (XACMLSDKUtils.debug.warningEnabled()) {
                XACMLSDKUtils.debug.warning("XACMLAuthzDecisionQueryHandler.handleQuery()," + "caught exception", ssoe);
            }
            evaluationFailed = true;
        } catch (PolicyException pe) {
            if (XACMLSDKUtils.debug.warningEnabled()) {
                XACMLSDKUtils.debug.warning("XACMLAuthzDecisionQueryHandler.handleQuery()," + "caught exception", pe);
            }
            evaluationFailed = true;
        }
    }
    //decision: Indeterminate, Deny, Permit, NotApplicable
    //status code: missing_attribute, syntax_error, processing_error, ok
    Decision decision = ContextFactory.getInstance().createDecision();
    Status status = ContextFactory.getInstance().createStatus();
    StatusCode code = ContextFactory.getInstance().createStatusCode();
    StatusMessage message = ContextFactory.getInstance().createStatusMessage();
    StatusDetail detail = ContextFactory.getInstance().createStatusDetail();
    detail.getElement().insertBefore(detail.getElement().cloneNode(true), null);
    if (evaluationFailed) {
        decision.setValue(XACMLConstants.INDETERMINATE);
        if (statusCodeValue == null) {
            statusCodeValue = XACMLConstants.STATUS_CODE_PROCESSING_ERROR;
        }
        code.setValue(statusCodeValue);
        //TODO: i18n
        message.setValue("processing_error");
    } else if (booleanDecision) {
        decision.setValue(XACMLConstants.PERMIT);
        code.setValue(XACMLConstants.STATUS_CODE_OK);
        //TODO: i18n
        message.setValue("ok");
    } else {
        decision.setValue(XACMLConstants.DENY);
        code.setValue(XACMLConstants.STATUS_CODE_OK);
        //TODO: i18n
        message.setValue("ok");
    }
    Result result = ContextFactory.getInstance().createResult();
    String resourceId = resourceName;
    List resources = xacmlRequest.getResources();
    Resource resource = null;
    if (!resources.isEmpty()) {
        //We deal with only one resource for now
        resource = (Resource) resources.get(0);
        if (resource != null) {
            List attributes = resource.getAttributes();
            if (attributes != null) {
                for (int count = 0; count < attributes.size(); count++) {
                    Attribute attr = (Attribute) attributes.get(count);
                    if (attr != null) {
                        URI tmpURI = attr.getAttributeId();
                        if (tmpURI.toString().equals(XACMLConstants.RESOURCE_ID)) {
                            Element element = (Element) attr.getAttributeValues().get(0);
                            resourceId = XMLUtils.getElementValue(element);
                            break;
                        }
                    }
                }
            }
        }
    }
    result.setResourceId(resourceId);
    result.setDecision(decision);
    status.setStatusCode(code);
    status.setStatusMessage(message);
    status.setStatusDetail(detail);
    result.setStatus(status);
    Response response = ContextFactory.getInstance().createResponse();
    response.addResult(result);
    XACMLAuthzDecisionStatement statement = ContextFactory.getInstance().createXACMLAuthzDecisionStatement();
    statement.setResponse(response);
    if (returnContext) {
        statement.setRequest(xacmlRequest);
    }
    com.sun.identity.saml2.protocol.Response samlpResponse = createSamlpResponse(statement, status.getStatusCode().getValue());
    if (XACMLSDKUtils.debug.messageEnabled()) {
        XACMLSDKUtils.debug.message("XACMLAuthzDecisionQueryHandler.handleQuery(), returning" + ":samlResponse=\n" + samlpResponse.toXMLString(true, true));
    }
    return samlpResponse;
}
Also used : SSOToken(com.iplanet.sso.SSOToken) Attribute(com.sun.identity.xacml.context.Attribute) Element(org.w3c.dom.Element) SSOException(com.iplanet.sso.SSOException) StatusCode(com.sun.identity.xacml.context.StatusCode) URI(java.net.URI) Result(com.sun.identity.xacml.context.Result) ResourceResult(com.sun.identity.policy.ResourceResult) ActionMapper(com.sun.identity.xacml.spi.ActionMapper) XACMLAuthzDecisionStatement(com.sun.identity.xacml.saml2.XACMLAuthzDecisionStatement) PolicyEvaluator(com.sun.identity.policy.PolicyEvaluator) SubjectMapper(com.sun.identity.xacml.spi.SubjectMapper) PolicyException(com.sun.identity.policy.PolicyException) ResourceMapper(com.sun.identity.xacml.spi.ResourceMapper) ArrayList(java.util.ArrayList) List(java.util.List) Status(com.sun.identity.xacml.context.Status) Request(com.sun.identity.xacml.context.Request) Resource(com.sun.identity.xacml.context.Resource) EnvironmentMapper(com.sun.identity.xacml.spi.EnvironmentMapper) Decision(com.sun.identity.xacml.context.Decision) XACMLException(com.sun.identity.xacml.common.XACMLException) StatusMessage(com.sun.identity.xacml.context.StatusMessage) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) Response(com.sun.identity.xacml.context.Response) ResultMapper(com.sun.identity.xacml.spi.ResultMapper) StatusDetail(com.sun.identity.xacml.context.StatusDetail) XACMLAuthzDecisionQuery(com.sun.identity.xacml.saml2.XACMLAuthzDecisionQuery) Map(java.util.Map)

Example 4 with Request

use of com.sun.identity.xacml.context.Request in project OpenAM by OpenRock.

the class XACMLClientSample method createSampleXacmlRequest.

private Request createSampleXacmlRequest(String subjectId, String subjectIdType, String subjectCategory, String resourceId, String resourceIdType, String serviceName, String serviceNameType, String actionId, String actionIdType) throws XACMLException, URISyntaxException {
    Request request = ContextFactory.getInstance().createRequest();
    //Subject
    Subject subject = ContextFactory.getInstance().createSubject();
    subject.setSubjectCategory(new URI(subjectCategory));
    //set subject id
    Attribute attribute = ContextFactory.getInstance().createAttribute();
    attribute.setAttributeId(new URI(XACMLConstants.SUBJECT_ID));
    attribute.setDataType(new URI(subjectIdType));
    List valueList = new ArrayList();
    valueList.add(subjectId);
    attribute.setAttributeStringValues(valueList);
    List attributeList = new ArrayList();
    attributeList.add(attribute);
    subject.setAttributes(attributeList);
    //set Subject in Request
    List subjectList = new ArrayList();
    subjectList.add(subject);
    request.setSubjects(subjectList);
    //Resource
    Resource resource = ContextFactory.getInstance().createResource();
    //set resource id
    attribute = ContextFactory.getInstance().createAttribute();
    attribute.setAttributeId(new URI(XACMLConstants.RESOURCE_ID));
    attribute.setDataType(new URI(resourceIdType));
    valueList = new ArrayList();
    valueList.add(resourceId);
    attribute.setAttributeStringValues(valueList);
    attributeList = new ArrayList();
    attributeList.add(attribute);
    //set serviceName
    attribute = ContextFactory.getInstance().createAttribute();
    attribute.setAttributeId(new URI(XACMLConstants.TARGET_SERVICE));
    attribute.setDataType(new URI(serviceNameType));
    valueList = new ArrayList();
    valueList.add(serviceName);
    attribute.setAttributeStringValues(valueList);
    attributeList.add(attribute);
    resource.setAttributes(attributeList);
    //set Resource in Request
    List resourceList = new ArrayList();
    resourceList.add(resource);
    request.setResources(resourceList);
    //Action
    Action action = ContextFactory.getInstance().createAction();
    attribute = ContextFactory.getInstance().createAttribute();
    attribute.setAttributeId(new URI(XACMLConstants.ACTION_ID));
    attribute.setDataType(new URI(actionIdType));
    //set actionId
    valueList = new ArrayList();
    valueList.add(actionId);
    attribute.setAttributeStringValues(valueList);
    attributeList = new ArrayList();
    attributeList.add(attribute);
    action.setAttributes(attributeList);
    //set Action in Request
    request.setAction(action);
    //Enviornment, our PDP does not use environment now
    Environment environment = ContextFactory.getInstance().createEnvironment();
    request.setEnvironment(environment);
    return request;
}
Also used : Action(com.sun.identity.xacml.context.Action) Attribute(com.sun.identity.xacml.context.Attribute) Request(com.sun.identity.xacml.context.Request) ArrayList(java.util.ArrayList) Resource(com.sun.identity.xacml.context.Resource) Environment(com.sun.identity.xacml.context.Environment) ArrayList(java.util.ArrayList) List(java.util.List) URI(java.net.URI) Subject(com.sun.identity.xacml.context.Subject)

Example 5 with Request

use of com.sun.identity.xacml.context.Request in project OpenAM by OpenRock.

the class XACMLRequestProcessorTest method testProcessRequest.

@Test(groups = { "xacml" })
@Parameters({ "pdp.entityId", "pep.entityId", "login.id", "login.password", "subject.id", "subject.id.datatype", "subject.category", "resource.id", "resource.id.datatype", "resource.servicename", "resource.servicename.datatype", "action.id", "action.id.datatype" })
public void testProcessRequest(String pdpEntityId, String pepEntityId, String loginId, String loginPassword, String subjectId, String subjectIdType, String subjectCategory, String resourceId, String resourceIdType, String serviceName, String serviceNameType, String actionId, String actionIdType) throws XACMLException, SAML2Exception, URISyntaxException, Exception {
    if ((subjectId == null) || (subjectId.length() == 0)) {
        SSOToken ssoToken = TokenUtils.getSessionToken("/", loginId, loginPassword);
        subjectId = ssoToken.getTokenID().toString();
        subjectIdType = XACMLConstants.OPENSSO_SESSION_ID;
    }
    Request xacmlRequest = createSampleXacmlRequest(subjectId, subjectIdType, subjectCategory, resourceId, resourceIdType, serviceName, serviceNameType, actionId, actionIdType);
    log(Level.INFO, "testProcessRequest():xacmlRequest:\n", xacmlRequest.toXMLString(true, true));
    Response xacmlResponse = XACMLRequestProcessor.getInstance().processRequest(xacmlRequest, pdpEntityId, pepEntityId);
    log(Level.INFO, "testProcessRequest():xacmlResponse:\n", xacmlResponse.toXMLString(true, true));
}
Also used : Response(com.sun.identity.xacml.context.Response) SSOToken(com.iplanet.sso.SSOToken) Request(com.sun.identity.xacml.context.Request) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test)

Aggregations

Request (com.sun.identity.xacml.context.Request)6 Attribute (com.sun.identity.xacml.context.Attribute)4 Resource (com.sun.identity.xacml.context.Resource)4 Response (com.sun.identity.xacml.context.Response)4 URI (java.net.URI)4 ArrayList (java.util.ArrayList)4 Action (com.sun.identity.xacml.context.Action)3 Environment (com.sun.identity.xacml.context.Environment)3 Subject (com.sun.identity.xacml.context.Subject)3 List (java.util.List)3 SSOToken (com.iplanet.sso.SSOToken)2 XACMLException (com.sun.identity.xacml.common.XACMLException)2 Decision (com.sun.identity.xacml.context.Decision)2 Result (com.sun.identity.xacml.context.Result)2 SSOException (com.iplanet.sso.SSOException)1 PolicyEvaluator (com.sun.identity.policy.PolicyEvaluator)1 PolicyException (com.sun.identity.policy.PolicyException)1 ResourceResult (com.sun.identity.policy.ResourceResult)1 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)1 Status (com.sun.identity.xacml.context.Status)1