use of oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeType in project ddf by codice.
the class XacmlClientTest method testWrapperpoliciesdirectorypolicyadded.
@Test
public void testWrapperpoliciesdirectorypolicyadded() throws Exception {
LOGGER.debug("\n\n\n##### testXACMLWrapper_policies_directory_policy_added");
File policyDir = folder.newFolder("tempDir");
XacmlClient.defaultPollingIntervalInSeconds = 1;
// Perform Test
XacmlClient pdp = new XacmlClient(policyDir.getCanonicalPath(), new XmlParser(), mock(SecurityLogger.class));
File srcFile = new File(projectHome + File.separator + RELATIVE_POLICIES_DIR + File.separator + POLICY_FILE);
FileUtils.copyFileToDirectory(srcFile, policyDir);
Thread.sleep(2000);
RequestType xacmlRequestType = new RequestType();
xacmlRequestType.setCombinedDecision(false);
xacmlRequestType.setReturnPolicyIdList(false);
AttributesType actionAttributes = new AttributesType();
actionAttributes.setCategory(ACTION_CATEGORY);
AttributeType actionAttribute = new AttributeType();
actionAttribute.setAttributeId(ACTION_ID);
actionAttribute.setIncludeInResult(false);
AttributeValueType actionValue = new AttributeValueType();
actionValue.setDataType(STRING_DATA_TYPE);
actionValue.getContent().add(QUERY_ACTION);
actionAttribute.getAttributeValue().add(actionValue);
actionAttributes.getAttribute().add(actionAttribute);
AttributesType subjectAttributes = new AttributesType();
subjectAttributes.setCategory(SUBJECT_CATEGORY);
AttributeType subjectAttribute = new AttributeType();
subjectAttribute.setAttributeId(SUBJECT_ID);
subjectAttribute.setIncludeInResult(false);
AttributeValueType subjectValue = new AttributeValueType();
subjectValue.setDataType(STRING_DATA_TYPE);
subjectValue.getContent().add(TEST_USER_1);
subjectAttribute.getAttributeValue().add(subjectValue);
subjectAttributes.getAttribute().add(subjectAttribute);
AttributeType roleAttribute = new AttributeType();
roleAttribute.setAttributeId(ROLE_CLAIM);
roleAttribute.setIncludeInResult(false);
AttributeValueType roleValue = new AttributeValueType();
roleValue.setDataType(STRING_DATA_TYPE);
roleValue.getContent().add(ROLE);
roleAttribute.getAttributeValue().add(roleValue);
subjectAttributes.getAttribute().add(roleAttribute);
AttributesType categoryAttributes = new AttributesType();
categoryAttributes.setCategory(PERMISSIONS_CATEGORY);
AttributeType citizenshipAttribute = new AttributeType();
citizenshipAttribute.setAttributeId(CITIZENSHIP_ATTRIBUTE);
citizenshipAttribute.setIncludeInResult(false);
AttributeValueType citizenshipValue = new AttributeValueType();
citizenshipValue.setDataType(STRING_DATA_TYPE);
citizenshipValue.getContent().add(US_COUNTRY);
citizenshipAttribute.getAttributeValue().add(citizenshipValue);
categoryAttributes.getAttribute().add(citizenshipAttribute);
xacmlRequestType.getAttributes().add(actionAttributes);
xacmlRequestType.getAttributes().add(subjectAttributes);
xacmlRequestType.getAttributes().add(categoryAttributes);
// Perform Test
ResponseType xacmlResponse = pdp.evaluate(xacmlRequestType);
// Verify - The policy was loaded to allow a permit decision
JAXBContext jaxbContext = JAXBContext.newInstance(ResponseType.class);
Marshaller marshaller = jaxbContext.createMarshaller();
ObjectFactory objectFactory = new ObjectFactory();
Writer writer = new StringWriter();
marshaller.marshal(objectFactory.createResponse(xacmlResponse), writer);
LOGGER.debug("\nXACML 3.0 Response:\n{}", writer.toString());
assertEquals(xacmlResponse.getResult().get(0).getDecision(), DecisionType.PERMIT);
FileUtils.deleteDirectory(policyDir);
}
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeType in project ddf by codice.
the class XacmlPdp method createXACMLRequest.
protected RequestType createXACMLRequest(String subject, AuthorizationInfo info, CollectionPermission permission) {
LOGGER.debug("Creating XACML request for subject: {} and metacard permissions {}", subject, permission);
RequestType xacmlRequestType = new RequestType();
xacmlRequestType.setCombinedDecision(false);
xacmlRequestType.setReturnPolicyIdList(false);
// Adding filter action
AttributesType actionAttributes = new AttributesType();
actionAttributes.setCategory(ACTION_CATEGORY);
AttributeType actionAttribute = new AttributeType();
actionAttribute.setAttributeId(ACTION_ID);
actionAttribute.setIncludeInResult(false);
AttributeValueType actionValue = new AttributeValueType();
actionValue.setDataType(STRING_DATA_TYPE);
LOGGER.trace("Adding action: {} for subject: {}", FILTER_ACTION, subject);
actionValue.getContent().add(permission.getAction());
actionAttribute.getAttributeValue().add(actionValue);
actionAttributes.getAttribute().add(actionAttribute);
xacmlRequestType.getAttributes().add(actionAttributes);
// Adding permissions for the calling subject
AttributesType subjectAttributes = createSubjectAttributes(subject, info);
xacmlRequestType.getAttributes().add(subjectAttributes);
// Adding permissions for the resource
AttributesType metadataAttributes = new AttributesType();
metadataAttributes.setCategory(RESOURCE_CATEGORY);
AttributesType environmentAttributesType = new AttributesType();
environmentAttributesType.setCategory(ENVIRONMENT_CATEGORY);
if (!CollectionUtils.isEmpty(environmentAttributes)) {
for (String envAttr : environmentAttributes) {
String[] attr = envAttr.split("=");
if (attr.length == 2) {
AttributeType attributeType = new AttributeType();
attributeType.setAttributeId(attr[0].trim());
String[] attrVals = attr[1].split(",");
for (String attrVal : attrVals) {
AttributeValueType attributeValueType = new AttributeValueType();
attributeValueType.setDataType(STRING_DATA_TYPE);
attributeValueType.getContent().add(attrVal.trim());
attributeType.getAttributeValue().add(attributeValueType);
}
environmentAttributesType.getAttribute().add(attributeType);
}
}
}
if (permission instanceof KeyValueCollectionPermission) {
List<KeyValuePermission> tmpList = ((KeyValueCollectionPermission) permission).getKeyValuePermissionList();
for (KeyValuePermission curPermission : tmpList) {
AttributeType resourceAttribute = new AttributeType();
resourceAttribute.setAttributeId(curPermission.getKey());
resourceAttribute.setIncludeInResult(false);
if (!curPermission.getValues().isEmpty()) {
for (String curPermValue : curPermission.getValues()) {
AttributeValueType resourceAttributeValue = new AttributeValueType();
resourceAttributeValue.setDataType(getXacmlDataType(curPermValue));
LOGGER.trace("Adding permission: {}:{} for incoming resource", new Object[] { curPermission.getKey(), curPermValue });
resourceAttributeValue.getContent().add(curPermValue);
resourceAttribute.getAttributeValue().add(resourceAttributeValue);
}
metadataAttributes.getAttribute().add(resourceAttribute);
}
}
xacmlRequestType.getAttributes().add(metadataAttributes);
if (!CollectionUtils.isEmpty(environmentAttributes)) {
xacmlRequestType.getAttributes().add(environmentAttributesType);
}
} else {
LOGGER.warn("Permission on the resource need to be of type KeyValueCollectionPermission, cannot process this resource.");
}
return xacmlRequestType;
}
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeType in project ddf by codice.
the class XacmlPdp method createSubjectAttributes.
private AttributesType createSubjectAttributes(String subject, AuthorizationInfo info) {
AttributesType subjectAttributes = new AttributesType();
subjectAttributes.setCategory(ACCESS_SUBJECT_CATEGORY);
AttributeType subjectAttribute = new AttributeType();
subjectAttribute.setAttributeId(SUBJECT_ID);
subjectAttribute.setIncludeInResult(false);
AttributeValueType subjectValue = new AttributeValueType();
subjectValue.setDataType(STRING_DATA_TYPE);
LOGGER.debug("Adding subject: {}", subject);
subjectValue.getContent().add(subject);
subjectAttribute.getAttributeValue().add(subjectValue);
subjectAttributes.getAttribute().add(subjectAttribute);
AttributeType roleAttribute = new AttributeType();
roleAttribute.setAttributeId(ROLE_CLAIM);
roleAttribute.setIncludeInResult(false);
if (!info.getRoles().isEmpty()) {
for (String curRole : info.getRoles()) {
AttributeValueType roleValue = new AttributeValueType();
roleValue.setDataType(STRING_DATA_TYPE);
LOGGER.trace("Adding role: {} for subject: {}", curRole, subject);
roleValue.getContent().add(curRole);
roleAttribute.getAttributeValue().add(roleValue);
}
subjectAttributes.getAttribute().add(roleAttribute);
}
for (Permission curPermission : info.getObjectPermissions()) {
if (curPermission instanceof KeyValuePermission) {
AttributeType subjAttr = new AttributeType();
subjAttr.setAttributeId(((KeyValuePermission) curPermission).getKey());
subjAttr.setIncludeInResult(false);
if (!((KeyValuePermission) curPermission).getValues().isEmpty()) {
for (String curPermValue : ((KeyValuePermission) curPermission).getValues()) {
AttributeValueType subjAttrValue = new AttributeValueType();
subjAttrValue.setDataType(getXacmlDataType(curPermValue));
LOGGER.trace("Adding permission: {}:{} for subject: {}", ((KeyValuePermission) curPermission).getKey(), curPermValue, subject);
subjAttrValue.getContent().add(curPermValue);
subjAttr.getAttributeValue().add(subjAttrValue);
}
subjectAttributes.getAttribute().add(subjAttr);
}
} else {
LOGGER.warn("Permissions for subject were not of type KeyValuePermission, cannot add any subject permissions to the request.");
}
}
return subjectAttributes;
}
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeType in project ddf by codice.
the class XacmlClientTest method testEvaluateroleuseractionquerycitizenshipCA.
@Test
public void testEvaluateroleuseractionquerycitizenshipCA() throws Exception {
LOGGER.debug("\n\n\n##### testEvaluate_role_user_action_query_citizenship_CA");
final String country = "CA";
testSetup();
RequestType xacmlRequestType = new RequestType();
xacmlRequestType.setCombinedDecision(false);
xacmlRequestType.setReturnPolicyIdList(false);
AttributesType actionAttributes = new AttributesType();
actionAttributes.setCategory(ACTION_CATEGORY);
AttributeType actionAttribute = new AttributeType();
actionAttribute.setAttributeId(ACTION_ID);
actionAttribute.setIncludeInResult(false);
AttributeValueType actionValue = new AttributeValueType();
actionValue.setDataType(STRING_DATA_TYPE);
actionValue.getContent().add(QUERY_ACTION);
actionAttribute.getAttributeValue().add(actionValue);
actionAttributes.getAttribute().add(actionAttribute);
AttributesType subjectAttributes = new AttributesType();
subjectAttributes.setCategory(SUBJECT_CATEGORY);
AttributeType subjectAttribute = new AttributeType();
subjectAttribute.setAttributeId(SUBJECT_ID);
subjectAttribute.setIncludeInResult(false);
AttributeValueType subjectValue = new AttributeValueType();
subjectValue.setDataType(STRING_DATA_TYPE);
subjectValue.getContent().add(TEST_USER_2);
subjectAttribute.getAttributeValue().add(subjectValue);
subjectAttributes.getAttribute().add(subjectAttribute);
AttributeType roleAttribute = new AttributeType();
roleAttribute.setAttributeId(ROLE_CLAIM);
roleAttribute.setIncludeInResult(false);
AttributeValueType roleValue = new AttributeValueType();
roleValue.setDataType(STRING_DATA_TYPE);
roleValue.getContent().add(ROLE);
roleAttribute.getAttributeValue().add(roleValue);
subjectAttributes.getAttribute().add(roleAttribute);
AttributesType categoryAttributes = new AttributesType();
categoryAttributes.setCategory(PERMISSIONS_CATEGORY);
AttributeType citizenshipAttribute = new AttributeType();
citizenshipAttribute.setAttributeId(CITIZENSHIP_ATTRIBUTE);
citizenshipAttribute.setIncludeInResult(false);
AttributeValueType citizenshipValue = new AttributeValueType();
citizenshipValue.setDataType(STRING_DATA_TYPE);
citizenshipValue.getContent().add(country);
citizenshipAttribute.getAttributeValue().add(citizenshipValue);
categoryAttributes.getAttribute().add(citizenshipAttribute);
xacmlRequestType.getAttributes().add(actionAttributes);
xacmlRequestType.getAttributes().add(subjectAttributes);
xacmlRequestType.getAttributes().add(categoryAttributes);
XacmlClient pdp = new XacmlClient(tempDir.getCanonicalPath(), new XmlParser(), mock(SecurityLogger.class));
// Perform Test
ResponseType xacmlResponse = pdp.evaluate(xacmlRequestType);
// Verify
JAXBContext jaxbContext = JAXBContext.newInstance(ResponseType.class);
Marshaller marshaller = jaxbContext.createMarshaller();
ObjectFactory objectFactory = new ObjectFactory();
Writer writer = new StringWriter();
marshaller.marshal(objectFactory.createResponse(xacmlResponse), writer);
LOGGER.debug("\nXACML 3.0 Response:\n{}", writer.toString());
assertEquals(xacmlResponse.getResult().get(0).getDecision(), DecisionType.DENY);
}
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeType in project ddf by codice.
the class XacmlClientTest method testEvaluateroleuseractionquerycitizenshipUS.
@Test
public void testEvaluateroleuseractionquerycitizenshipUS() throws Exception {
LOGGER.debug("\n\n\n##### testEvaluate_role_user_action_query_citizenship_US");
// Setup
File destDir = folder.newFolder(TEMP_DIR_NAME);
LOGGER.debug("Making directory: {}", destDir.getPath());
if (destDir.mkdir()) {
File srcFile = new File(projectHome + File.separator + RELATIVE_POLICIES_DIR + File.separator + POLICY_FILE);
FileUtils.copyFileToDirectory(srcFile, destDir);
RequestType xacmlRequestType = new RequestType();
xacmlRequestType.setCombinedDecision(false);
xacmlRequestType.setReturnPolicyIdList(false);
AttributesType actionAttributes = new AttributesType();
actionAttributes.setCategory(ACTION_CATEGORY);
AttributeType actionAttribute = new AttributeType();
actionAttribute.setAttributeId(ACTION_ID);
actionAttribute.setIncludeInResult(false);
AttributeValueType actionValue = new AttributeValueType();
actionValue.setDataType(STRING_DATA_TYPE);
actionValue.getContent().add(QUERY_ACTION);
actionAttribute.getAttributeValue().add(actionValue);
actionAttributes.getAttribute().add(actionAttribute);
AttributesType subjectAttributes = new AttributesType();
subjectAttributes.setCategory(SUBJECT_CATEGORY);
AttributeType subjectAttribute = new AttributeType();
subjectAttribute.setAttributeId(SUBJECT_ID);
subjectAttribute.setIncludeInResult(false);
AttributeValueType subjectValue = new AttributeValueType();
subjectValue.setDataType(STRING_DATA_TYPE);
subjectValue.getContent().add(TEST_USER_1);
subjectAttribute.getAttributeValue().add(subjectValue);
subjectAttributes.getAttribute().add(subjectAttribute);
AttributeType roleAttribute = new AttributeType();
roleAttribute.setAttributeId(ROLE_CLAIM);
roleAttribute.setIncludeInResult(false);
AttributeValueType roleValue = new AttributeValueType();
roleValue.setDataType(STRING_DATA_TYPE);
roleValue.getContent().add(ROLE);
roleAttribute.getAttributeValue().add(roleValue);
subjectAttributes.getAttribute().add(roleAttribute);
AttributesType categoryAttributes = new AttributesType();
categoryAttributes.setCategory(PERMISSIONS_CATEGORY);
AttributeType citizenshipAttribute = new AttributeType();
citizenshipAttribute.setAttributeId(CITIZENSHIP_ATTRIBUTE);
citizenshipAttribute.setIncludeInResult(false);
AttributeValueType citizenshipValue = new AttributeValueType();
citizenshipValue.setDataType(STRING_DATA_TYPE);
citizenshipValue.getContent().add(US_COUNTRY);
citizenshipAttribute.getAttributeValue().add(citizenshipValue);
categoryAttributes.getAttribute().add(citizenshipAttribute);
xacmlRequestType.getAttributes().add(actionAttributes);
xacmlRequestType.getAttributes().add(subjectAttributes);
xacmlRequestType.getAttributes().add(categoryAttributes);
XacmlClient pdp = new XacmlClient(destDir.getCanonicalPath(), new XmlParser(), mock(SecurityLogger.class));
// Perform Test
ResponseType xacmlResponse = pdp.evaluate(xacmlRequestType);
// Verify
JAXBContext jaxbContext = JAXBContext.newInstance(ResponseType.class);
Marshaller marshaller = jaxbContext.createMarshaller();
ObjectFactory objectFactory = new ObjectFactory();
Writer writer = new StringWriter();
marshaller.marshal(objectFactory.createResponse(xacmlResponse), writer);
LOGGER.debug("\nXACML 3.0 Response:\n{}", writer.toString());
assertEquals(xacmlResponse.getResult().get(0).getDecision(), DecisionType.PERMIT);
// Cleanup
LOGGER.debug("Deleting directory: {}", destDir);
FileUtils.deleteDirectory(destDir);
} else {
LOGGER.debug("Could not create directory: {}", destDir);
}
}
Aggregations