Example 1 with Request
use of com.sun.identity.xacml.context.Request in project OpenAM by OpenRock.
the class XACMLRequestProcessorTest method createSampleXacmlRequest.
private Request createSampleXacmlRequest(String subjectId, String subjectIdType, String subjectCategory, String resourceId, String resourceIdType, String serviceName, String serviceNameType, String actionId, String actionIdType) throws XACMLException, URISyntaxException {
Request request = ContextFactory.getInstance().createRequest();
//Subject1, access-subject
Subject subject1 = ContextFactory.getInstance().createSubject();
//supported category for id
//urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
subject1.setSubjectCategory(new URI(subjectCategory));
Attribute attribute = ContextFactory.getInstance().createAttribute();
//key attribute id
//urn:oasis:names:tc:xacml:1.0:subject:subject-id
attribute.setAttributeId(new URI(XACMLConstants.SUBJECT_ID));
//supported data type for id
//urn:oasis:names:tc:xacml:1.0:data-type:x500Name
//urn:sun:names:xacml:2.0:data-type:opensso-session-id
//urn:sun:names:xacml:2.0:data-type:openfm-sp-nameid
attribute.setDataType(new URI(subjectIdType));
attribute.setIssuer("sampleIssuer1");
//set values
List<String> valueList = new ArrayList<String>();
valueList.add(subjectId);
attribute.setAttributeStringValues(valueList);
List<Attribute> attributeList = new ArrayList<Attribute>();
attributeList.add(attribute);
subject1.setAttributes(attributeList);
//Subject2, intermediary-subject
Subject subject2 = ContextFactory.getInstance().createSubject();
subject2.setSubjectCategory(new URI(XACMLConstants.INTERMEDIARY_SUBJECT));
attribute = ContextFactory.getInstance().createAttribute();
attribute.setAttributeId(new URI(XACMLConstants.SUBJECT_ID));
//supported data type for id
//urn:oasis:names:tc:xacml:1.0:data-type:x500Name
//urn:sun:names:xacml:2.0:data-type:opensso-session-id
//urn:sun:names:xacml:2.0:data-type:openfm-sp-nameid
attribute.setDataType(new URI(subjectIdType));
attribute.setIssuer("sampleIssuer2");
//set values
valueList = new ArrayList<String>();
valueList.add(subjectId);
attribute.setAttributeStringValues(valueList);
attributeList = new ArrayList<Attribute>();
attributeList.add(attribute);
subject2.setAttributes(attributeList);
//set subjects in request
List<Subject> subjectList = new ArrayList<Subject>();
subjectList.add(subject1);
subjectList.add(subject2);
request.setSubjects(subjectList);
//Resource
Resource resource = ContextFactory.getInstance().createResource();
//resoruce-id attribute
attribute = ContextFactory.getInstance().createAttribute();
//key attribute id
//urn:oasis:names:tc:xacml:1.0:resource:resource-id
attribute.setAttributeId(new URI(XACMLConstants.RESOURCE_ID));
//supported data type
//http://www.w3.org/2001/XMLSchema#string
attribute.setDataType(new URI(resourceIdType));
attribute.setIssuer("sampleIssuer3");
//set values
valueList = new ArrayList<String>();
valueList.add(resourceId);
attribute.setAttributeStringValues(valueList);
attributeList = new ArrayList<Attribute>();
attributeList.add(attribute);
//serviceName attribute
attribute = ContextFactory.getInstance().createAttribute();
//additional attribute id
//urn:sun:names:xacml:2.0:resource:target-service
attribute.setAttributeId(new URI(XACMLConstants.TARGET_SERVICE));
//supported data type
//http://www.w3.org/2001/XMLSchema#string
attribute.setDataType(new URI(serviceNameType));
attribute.setIssuer("sampleIssuer3");
//set values
valueList = new ArrayList<String>();
valueList.add(serviceName);
attribute.setAttributeStringValues(valueList);
attributeList.add(attribute);
resource.setAttributes(attributeList);
List<Resource> resourceList = new ArrayList<Resource>();
resourceList.add(resource);
request.setResources(resourceList);
//Action
Action action = ContextFactory.getInstance().createAction();
attribute = ContextFactory.getInstance().createAttribute();
//key attribute id
//urn:oasis:names:tc:xacml:1.0:action:action-id
attribute.setAttributeId(new URI(XACMLConstants.ACTION_ID));
//supported data type
//http://www.w3.org/2001/XMLSchema#string
attribute.setDataType(new URI(actionIdType));
attribute.setIssuer("sampleIssuer5");
valueList = new ArrayList<String>();
valueList.add(actionId);
attribute.setAttributeStringValues(valueList);
attributeList = new ArrayList<Attribute>();
attributeList.add(attribute);
action.setAttributes(attributeList);
request.setAction(action);
//Enviornment
Environment environment = ContextFactory.getInstance().createEnvironment();
request.setEnvironment(environment);
return request;
}
Also used :
Action(com.sun.identity.xacml.context.Action)
Attribute(com.sun.identity.xacml.context.Attribute)
Request(com.sun.identity.xacml.context.Request)
ArrayList(java.util.ArrayList)
Resource(com.sun.identity.xacml.context.Resource)
URI(java.net.URI)
Subject(com.sun.identity.xacml.context.Subject)
Environment(com.sun.identity.xacml.context.Environment)
Example 2 with Request
use of com.sun.identity.xacml.context.Request in project OpenAM by OpenRock.
the class XACMLClientSample method testProcessRequest.
private void testProcessRequest(String pdpEntityId, String pepEntityId, String subjectId, String subjectIdType, String subjectCategory, String resourceId, String resourceIdType, String serviceName, String serviceNameType, String actionId, String actionIdType) throws XACMLException, SAML2Exception, URISyntaxException, Exception {
Request xacmlRequest = createSampleXacmlRequest(subjectId, subjectIdType, subjectCategory, resourceId, resourceIdType, serviceName, serviceNameType, actionId, actionIdType);
System.out.println("\ntestProcessRequest():xacmlRequest:\n" + xacmlRequest.toXMLString(true, true));
Response xacmlResponse = XACMLRequestProcessor.getInstance().processRequest(xacmlRequest, pdpEntityId, pepEntityId);
System.out.println("testProcessRequest():xacmlResponse:\n" + xacmlResponse.toXMLString(true, true));
}Example 3 with Request
use of com.sun.identity.xacml.context.Request in project OpenAM by OpenRock.
the class XACMLAuthzDecisionQueryHandler method handleQuery.
/**
* Processes an XACMLAuthzDecisionQuery and retruns a SAML2 Response.
*
* @param pdpEntityId EntityID of PDP
* @param pepEntityId EntityID of PEP
* @param samlpRequest SAML2 Request, an XAMLAuthzDecisionQuery
* @param soapMessage SOAPMessage that carried the SAML2 Request
* @return SAML2 Response with an XAMLAuthzDecisionStatement
* @exception SAML2Exception if the query can not be handled
*/
public com.sun.identity.saml2.protocol.Response handleQuery(String pdpEntityId, String pepEntityId, RequestAbstract samlpRequest, SOAPMessage soapMessage) throws SAML2Exception {
//TODO: logging, i18n
//TODO: long term, allow different mapper impls for different
//combination of pdp, pep
SubjectMapper subjectMapper = new FMSubjectMapper();
subjectMapper.initialize(pdpEntityId, pepEntityId, null);
ResourceMapper resourceMapper = new FMResourceMapper();
resourceMapper.initialize(pdpEntityId, pepEntityId, null);
ActionMapper actionMapper = new FMActionMapper();
actionMapper.initialize(pdpEntityId, pepEntityId, null);
EnvironmentMapper environmentMapper = new FMEnvironmentMapper();
environmentMapper.initialize(pdpEntityId, pepEntityId, null);
ResultMapper resultMapper = new FMResultMapper();
resultMapper.initialize(pdpEntityId, pepEntityId, null);
boolean evaluationFailed = false;
String statusCodeValue = null;
if (XACMLSDKUtils.debug.messageEnabled()) {
XACMLSDKUtils.debug.message("XACMLAuthzDecisionQueryHandler.handleQuery(), entering" + ":pdpEntityId=" + pdpEntityId + ":pepEntityId=" + pepEntityId + ":samlpRequest=\n" + samlpRequest.toXMLString(true, true) + ":soapMessage=\n" + soapMessage);
}
Request xacmlRequest = ((XACMLAuthzDecisionQuery) samlpRequest).getRequest();
boolean returnContext = ((XACMLAuthzDecisionQuery) samlpRequest).getReturnContext();
SSOToken ssoToken = null;
String resourceName = null;
String serviceName = null;
String actionName = null;
Map environment = null;
boolean booleanDecision = false;
try {
//get native sso token
ssoToken = (SSOToken) subjectMapper.mapToNativeSubject(xacmlRequest.getSubjects());
if (ssoToken == null) {
//TODO: log message and fill missing attribute details
statusCodeValue = XACMLConstants.STATUS_CODE_MISSING_ATTRIBUTE;
evaluationFailed = true;
} else {
if (XACMLSDKUtils.debug.messageEnabled()) {
XACMLSDKUtils.debug.message("XACMLAuthzDecisionQueryHandler.handleQuery()," + "created ssoToken");
}
}
if (ssoToken != null) {
//get native service name, resource name
List resources = xacmlRequest.getResources();
Resource resource = null;
if (!resources.isEmpty()) {
//We deal with only one resource for now
resource = (Resource) resources.get(0);
}
if (resource != null) {
String[] resourceService = resourceMapper.mapToNativeResource(resource);
if (resourceService != null) {
if (resourceService.length > 0) {
resourceName = resourceService[0];
}
if (resourceService.length > 1) {
serviceName = resourceService[1];
}
}
}
if (resourceName == null) {
//TODO: log message and fill missing attribute details
statusCodeValue = XACMLConstants.STATUS_CODE_MISSING_ATTRIBUTE;
evaluationFailed = true;
}
if (serviceName == null) {
//TODO: log message and fill missing attribute details
throw new SAML2Exception(XACMLSDKUtils.xacmlResourceBundle.getString("missing_attribute"));
}
}
if (serviceName != null) {
//get native action name
if (serviceName != null) {
actionName = actionMapper.mapToNativeAction(xacmlRequest.getAction(), serviceName);
}
if (actionName == null) {
//TODO: log message and fill missing attribute details
statusCodeValue = XACMLConstants.STATUS_CODE_MISSING_ATTRIBUTE;
evaluationFailed = true;
}
}
//get environment map
/*
environment = environmentMapper.mapToNativeEnvironment(
xacmlRequest.getEnvironment(),
xacmlRequest.getSubjects());
*/
} catch (XACMLException xe) {
statusCodeValue = XACMLConstants.STATUS_CODE_MISSING_ATTRIBUTE;
evaluationFailed = true;
if (XACMLSDKUtils.debug.warningEnabled()) {
XACMLSDKUtils.debug.warning("XACMLAuthzDecisionQueryHandler.handleQuery()," + "caught exception", xe);
}
}
//get native policy deicison using native policy evaluator
if (!evaluationFailed) {
try {
PolicyEvaluator pe = new PolicyEvaluator(serviceName);
booleanDecision = pe.isAllowed(ssoToken, resourceName, actionName, environment);
} catch (SSOException ssoe) {
if (XACMLSDKUtils.debug.warningEnabled()) {
XACMLSDKUtils.debug.warning("XACMLAuthzDecisionQueryHandler.handleQuery()," + "caught exception", ssoe);
}
evaluationFailed = true;
} catch (PolicyException pe) {
if (XACMLSDKUtils.debug.warningEnabled()) {
XACMLSDKUtils.debug.warning("XACMLAuthzDecisionQueryHandler.handleQuery()," + "caught exception", pe);
}
evaluationFailed = true;
}
}
//decision: Indeterminate, Deny, Permit, NotApplicable
//status code: missing_attribute, syntax_error, processing_error, ok
Decision decision = ContextFactory.getInstance().createDecision();
Status status = ContextFactory.getInstance().createStatus();
StatusCode code = ContextFactory.getInstance().createStatusCode();
StatusMessage message = ContextFactory.getInstance().createStatusMessage();
StatusDetail detail = ContextFactory.getInstance().createStatusDetail();
detail.getElement().insertBefore(detail.getElement().cloneNode(true), null);
if (evaluationFailed) {
decision.setValue(XACMLConstants.INDETERMINATE);
if (statusCodeValue == null) {
statusCodeValue = XACMLConstants.STATUS_CODE_PROCESSING_ERROR;
}
code.setValue(statusCodeValue);
//TODO: i18n
message.setValue("processing_error");
} else if (booleanDecision) {
decision.setValue(XACMLConstants.PERMIT);
code.setValue(XACMLConstants.STATUS_CODE_OK);
//TODO: i18n
message.setValue("ok");
} else {
decision.setValue(XACMLConstants.DENY);
code.setValue(XACMLConstants.STATUS_CODE_OK);
//TODO: i18n
message.setValue("ok");
}
Result result = ContextFactory.getInstance().createResult();
String resourceId = resourceName;
List resources = xacmlRequest.getResources();
Resource resource = null;
if (!resources.isEmpty()) {
//We deal with only one resource for now
resource = (Resource) resources.get(0);
if (resource != null) {
List attributes = resource.getAttributes();
if (attributes != null) {
for (int count = 0; count < attributes.size(); count++) {
Attribute attr = (Attribute) attributes.get(count);
if (attr != null) {
URI tmpURI = attr.getAttributeId();
if (tmpURI.toString().equals(XACMLConstants.RESOURCE_ID)) {
Element element = (Element) attr.getAttributeValues().get(0);
resourceId = XMLUtils.getElementValue(element);
break;
}
}
}
}
}
}
result.setResourceId(resourceId);
result.setDecision(decision);
status.setStatusCode(code);
status.setStatusMessage(message);
status.setStatusDetail(detail);
result.setStatus(status);
Response response = ContextFactory.getInstance().createResponse();
response.addResult(result);
XACMLAuthzDecisionStatement statement = ContextFactory.getInstance().createXACMLAuthzDecisionStatement();
statement.setResponse(response);
if (returnContext) {
statement.setRequest(xacmlRequest);
}
com.sun.identity.saml2.protocol.Response samlpResponse = createSamlpResponse(statement, status.getStatusCode().getValue());
if (XACMLSDKUtils.debug.messageEnabled()) {
XACMLSDKUtils.debug.message("XACMLAuthzDecisionQueryHandler.handleQuery(), returning" + ":samlResponse=\n" + samlpResponse.toXMLString(true, true));
}
return samlpResponse;
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
Attribute(com.sun.identity.xacml.context.Attribute)
Element(org.w3c.dom.Element)
SSOException(com.iplanet.sso.SSOException)
StatusCode(com.sun.identity.xacml.context.StatusCode)
URI(java.net.URI)
Result(com.sun.identity.xacml.context.Result)
ResourceResult(com.sun.identity.policy.ResourceResult)
ActionMapper(com.sun.identity.xacml.spi.ActionMapper)
XACMLAuthzDecisionStatement(com.sun.identity.xacml.saml2.XACMLAuthzDecisionStatement)
PolicyEvaluator(com.sun.identity.policy.PolicyEvaluator)
SubjectMapper(com.sun.identity.xacml.spi.SubjectMapper)
PolicyException(com.sun.identity.policy.PolicyException)
ResourceMapper(com.sun.identity.xacml.spi.ResourceMapper)
ArrayList(java.util.ArrayList)
List(java.util.List)
Status(com.sun.identity.xacml.context.Status)
Request(com.sun.identity.xacml.context.Request)
Resource(com.sun.identity.xacml.context.Resource)
EnvironmentMapper(com.sun.identity.xacml.spi.EnvironmentMapper)
Decision(com.sun.identity.xacml.context.Decision)
XACMLException(com.sun.identity.xacml.common.XACMLException)
StatusMessage(com.sun.identity.xacml.context.StatusMessage)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Response(com.sun.identity.xacml.context.Response)
ResultMapper(com.sun.identity.xacml.spi.ResultMapper)
StatusDetail(com.sun.identity.xacml.context.StatusDetail)
XACMLAuthzDecisionQuery(com.sun.identity.xacml.saml2.XACMLAuthzDecisionQuery)
Map(java.util.Map)
Example 4 with Request
use of com.sun.identity.xacml.context.Request in project OpenAM by OpenRock.
the class XACMLClientSample method createSampleXacmlRequest.
private Request createSampleXacmlRequest(String subjectId, String subjectIdType, String subjectCategory, String resourceId, String resourceIdType, String serviceName, String serviceNameType, String actionId, String actionIdType) throws XACMLException, URISyntaxException {
Request request = ContextFactory.getInstance().createRequest();
//Subject
Subject subject = ContextFactory.getInstance().createSubject();
subject.setSubjectCategory(new URI(subjectCategory));
//set subject id
Attribute attribute = ContextFactory.getInstance().createAttribute();
attribute.setAttributeId(new URI(XACMLConstants.SUBJECT_ID));
attribute.setDataType(new URI(subjectIdType));
List valueList = new ArrayList();
valueList.add(subjectId);
attribute.setAttributeStringValues(valueList);
List attributeList = new ArrayList();
attributeList.add(attribute);
subject.setAttributes(attributeList);
//set Subject in Request
List subjectList = new ArrayList();
subjectList.add(subject);
request.setSubjects(subjectList);
//Resource
Resource resource = ContextFactory.getInstance().createResource();
//set resource id
attribute = ContextFactory.getInstance().createAttribute();
attribute.setAttributeId(new URI(XACMLConstants.RESOURCE_ID));
attribute.setDataType(new URI(resourceIdType));
valueList = new ArrayList();
valueList.add(resourceId);
attribute.setAttributeStringValues(valueList);
attributeList = new ArrayList();
attributeList.add(attribute);
//set serviceName
attribute = ContextFactory.getInstance().createAttribute();
attribute.setAttributeId(new URI(XACMLConstants.TARGET_SERVICE));
attribute.setDataType(new URI(serviceNameType));
valueList = new ArrayList();
valueList.add(serviceName);
attribute.setAttributeStringValues(valueList);
attributeList.add(attribute);
resource.setAttributes(attributeList);
//set Resource in Request
List resourceList = new ArrayList();
resourceList.add(resource);
request.setResources(resourceList);
//Action
Action action = ContextFactory.getInstance().createAction();
attribute = ContextFactory.getInstance().createAttribute();
attribute.setAttributeId(new URI(XACMLConstants.ACTION_ID));
attribute.setDataType(new URI(actionIdType));
//set actionId
valueList = new ArrayList();
valueList.add(actionId);
attribute.setAttributeStringValues(valueList);
attributeList = new ArrayList();
attributeList.add(attribute);
action.setAttributes(attributeList);
//set Action in Request
request.setAction(action);
//Enviornment, our PDP does not use environment now
Environment environment = ContextFactory.getInstance().createEnvironment();
request.setEnvironment(environment);
return request;
}
Also used :
Action(com.sun.identity.xacml.context.Action)
Attribute(com.sun.identity.xacml.context.Attribute)
Request(com.sun.identity.xacml.context.Request)
ArrayList(java.util.ArrayList)
Resource(com.sun.identity.xacml.context.Resource)
Environment(com.sun.identity.xacml.context.Environment)
ArrayList(java.util.ArrayList)
List(java.util.List)
URI(java.net.URI)
Subject(com.sun.identity.xacml.context.Subject)
Example 5 with Request
use of com.sun.identity.xacml.context.Request in project OpenAM by OpenRock.
the class XACMLRequestProcessorTest method testProcessRequest.
@Test(groups = { "xacml" })
@Parameters({ "pdp.entityId", "pep.entityId", "login.id", "login.password", "subject.id", "subject.id.datatype", "subject.category", "resource.id", "resource.id.datatype", "resource.servicename", "resource.servicename.datatype", "action.id", "action.id.datatype" })
public void testProcessRequest(String pdpEntityId, String pepEntityId, String loginId, String loginPassword, String subjectId, String subjectIdType, String subjectCategory, String resourceId, String resourceIdType, String serviceName, String serviceNameType, String actionId, String actionIdType) throws XACMLException, SAML2Exception, URISyntaxException, Exception {
if ((subjectId == null) || (subjectId.length() == 0)) {
SSOToken ssoToken = TokenUtils.getSessionToken("/", loginId, loginPassword);
subjectId = ssoToken.getTokenID().toString();
subjectIdType = XACMLConstants.OPENSSO_SESSION_ID;
}
Request xacmlRequest = createSampleXacmlRequest(subjectId, subjectIdType, subjectCategory, resourceId, resourceIdType, serviceName, serviceNameType, actionId, actionIdType);
log(Level.INFO, "testProcessRequest():xacmlRequest:\n", xacmlRequest.toXMLString(true, true));
Response xacmlResponse = XACMLRequestProcessor.getInstance().processRequest(xacmlRequest, pdpEntityId, pepEntityId);
log(Level.INFO, "testProcessRequest():xacmlResponse:\n", xacmlResponse.toXMLString(true, true));
}
Also used :
Response(com.sun.identity.xacml.context.Response)
SSOToken(com.iplanet.sso.SSOToken)
Request(com.sun.identity.xacml.context.Request)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
Aggregations
Request (com.sun.identity.xacml.context.Request)6
Attribute (com.sun.identity.xacml.context.Attribute)4
Resource (com.sun.identity.xacml.context.Resource)4
Response (com.sun.identity.xacml.context.Response)4
URI (java.net.URI)4
ArrayList (java.util.ArrayList)4
Action (com.sun.identity.xacml.context.Action)3
Environment (com.sun.identity.xacml.context.Environment)3
Subject (com.sun.identity.xacml.context.Subject)3
List (java.util.List)3
SSOToken (com.iplanet.sso.SSOToken)2
XACMLException (com.sun.identity.xacml.common.XACMLException)2
Decision (com.sun.identity.xacml.context.Decision)2
Result (com.sun.identity.xacml.context.Result)2
SSOException (com.iplanet.sso.SSOException)1
PolicyEvaluator (com.sun.identity.policy.PolicyEvaluator)1
PolicyException (com.sun.identity.policy.PolicyException)1
ResourceResult (com.sun.identity.policy.ResourceResult)1
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)1
Status (com.sun.identity.xacml.context.Status)1
