use of oasis.names.tc.xacml._3_0.core.schema.wd_17.Attributes in project carbon-identity-framework by wso2.
the class JSONRequestParser method parse.
/**
* Static method that will convert a XACML JSON Request to a <code>{@link RequestCtx}</code> instance
*
* @param jsonRequest <code>String</code> with JSON request
* @return <code>{@link RequestCtx}</code> instance that can be used to evaluate on Balana
* @throws JsonParseException <code>{@link JsonParseException}</code>
* @throws RequestParseException <code>{@link RequestParseException}</code>
* @throws UnknownIdentifierException <code>{@link UnknownIdentifierException}</code>
*/
public static RequestCtx parse(String jsonRequest) throws JsonParseException, RequestParseException, UnknownIdentifierException {
JsonObject requestObject = null;
Set<Attributes> categories = new HashSet<>();
boolean returnPolicyIdList = false;
boolean combinedDecision = false;
MultiRequests multiRequests = null;
RequestDefaults requestDefaults = null;
try {
requestObject = gson.fromJson(jsonRequest, JsonObject.class);
requestObject = requestObject.get("Request").getAsJsonObject();
} catch (Exception e) {
throw new JsonParseException("Error in JSON Request String");
}
Set<Map.Entry<String, JsonElement>> jsonAttributes = requestObject.entrySet();
for (Map.Entry<String, JsonElement> jsonAttribute : jsonAttributes) {
if (jsonAttribute.getValue().isJsonPrimitive()) {
switch(jsonAttribute.getKey()) {
case XACMLConstants.RETURN_POLICY_LIST:
if (jsonAttribute.getValue().getAsBoolean() == true) {
returnPolicyIdList = true;
}
break;
case XACMLConstants.COMBINE_DECISION:
if (jsonAttribute.getValue().getAsBoolean() == true) {
combinedDecision = true;
}
break;
case EntitlementEndpointConstants.XPATH_VERSION:
String xPathVersion = jsonAttribute.getValue().getAsString();
requestDefaults = new RequestDefaults(xPathVersion);
break;
}
} else if (!jsonAttribute.getValue().isJsonNull()) {
JsonObject jsonCategory = null;
if (jsonAttribute.getValue().isJsonObject()) {
jsonCategory = jsonAttribute.getValue().getAsJsonObject();
jsonAttributeSeperator(jsonAttribute, jsonCategory, categories);
} else if (jsonAttribute.getValue().isJsonArray()) {
for (JsonElement jsonElement : jsonAttribute.getValue().getAsJsonArray()) {
jsonCategory = jsonElement.getAsJsonObject();
jsonAttributeSeperator(jsonAttribute, jsonCategory, categories);
}
} else if (EntitlementEndpointConstants.MULTI_REQUESTS.equals(jsonAttribute.getKey())) {
Set<Map.Entry<String, JsonElement>> jsonRequestReferences = jsonCategory.entrySet();
Set<RequestReference> requestReferences = new HashSet<>();
if (jsonRequestReferences.isEmpty()) {
throw new RequestParseException("MultiRequest should contain at least one Reference Request");
}
for (Map.Entry<String, JsonElement> jsonRequstReference : jsonRequestReferences) {
requestReferences.add(jsonObjectToRequestReference(jsonRequstReference.getValue().getAsJsonObject()));
}
multiRequests = new MultiRequests(requestReferences);
}
}
}
return new RequestCtx(null, categories, returnPolicyIdList, combinedDecision, multiRequests, requestDefaults);
}
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.Attributes in project carbon-identity-framework by wso2.
the class JSONResponseWriter method abstractResultToJSONObject.
/**
* Private method to convert a given Balana <code>{@link AbstractResult}</code> to a <code>{@link JsonObject}</code>
*
* @param result <code>{@link AbstractResult}</code>
* @return <code>{@link JsonObject}</code>
* @throws ResponseWriteException <code>{@link ResponseWriteException}</code>
*/
private static JsonObject abstractResultToJSONObject(AbstractResult result) throws ResponseWriteException {
JsonObject jsonResult = new JsonObject();
// Decision property is mandatory, if not set throw error
if (result.getDecision() == -1) {
throw new ResponseWriteException(40031, "XACML Result should contain the Decision");
}
jsonResult.addProperty(EntitlementEndpointConstants.DECISION, AbstractResult.DECISIONS[result.getDecision()]);
// If Status object is present, convert it
if (result.getStatus() != null) {
jsonResult.add(EntitlementEndpointConstants.STATUS, statusToJSONObject(result.getStatus()));
}
// If Obligations are present
if (result.getObligations() != null && !result.getObligations().isEmpty()) {
// can only get ObligationResult objects from balana
JsonArray obligations = new JsonArray();
for (ObligationResult obligation : result.getObligations()) {
if (obligation instanceof Obligation) {
obligations.add(obligationToJsonObject((Obligation) obligation));
} else {
obligations.add(new JsonPrimitive(obligation.encode()));
}
}
jsonResult.add(EntitlementEndpointConstants.OBLIGATIONS, obligations);
}
// Do the same with attributes
if (result.getAdvices() != null && !result.getAdvices().isEmpty()) {
// can only get ObligationResult objects from balana
JsonArray advices = new JsonArray();
for (Advice advice : result.getAdvices()) {
advices.add(adviceToJsonObject(advice));
}
jsonResult.add(EntitlementEndpointConstants.ASSOCIATED_ADVICE, advices);
}
// If includeInResponse=true, other attributes will be populated from here with the decision.
if (((Result) result).getAttributes() != null && !((Result) result).getAttributes().isEmpty()) {
Set<Attributes> attributes = ((Result) result).getAttributes();
for (Attributes attribute : attributes) {
switch(attribute.getCategory().toString()) {
case EntitlementEndpointConstants.CATEGORY_ACTION_URI:
jsonResult.add(EntitlementEndpointConstants.CATEGORY_ACTION, getJsonObject(attribute));
break;
case EntitlementEndpointConstants.CATEGORY_RESOURCE_URI:
jsonResult.add(EntitlementEndpointConstants.CATEGORY_RESOURCE, getJsonObject(attribute));
break;
case EntitlementEndpointConstants.CATEGORY_ACCESS_SUBJECT_URI:
jsonResult.add(EntitlementEndpointConstants.CATEGORY_ACCESS_SUBJECT, getJsonObject(attribute));
break;
case EntitlementEndpointConstants.CATEGORY_ENVIRONMENT_URI:
jsonResult.add(EntitlementEndpointConstants.CATEGORY_ENVIRONMENT, getJsonObject(attribute));
break;
case EntitlementEndpointConstants.CATEGORY_RECIPIENT_SUBJECT_URI:
jsonResult.add(EntitlementEndpointConstants.CATEGORY_RECIPIENT_SUBJECT, getJsonObject(attribute));
break;
case EntitlementEndpointConstants.CATEGORY_INTERMEDIARY_SUBJECT_URI:
jsonResult.add(EntitlementEndpointConstants.CATEGORY_INTERMEDIARY_SUBJECT, getJsonObject(attribute));
break;
case EntitlementEndpointConstants.CATEGORY_CODEBASE_URI:
jsonResult.add(EntitlementEndpointConstants.CATEGORY_CODEBASE, getJsonObject(attribute));
break;
case EntitlementEndpointConstants.CATEGORY_REQUESTING_MACHINE_URI:
jsonResult.add(EntitlementEndpointConstants.CATEGORY_REQUESTING_MACHINE, getJsonObject(attribute));
break;
default:
jsonResult.add(attribute.getCategory().toString(), getJsonObject(attribute));
break;
}
}
}
return jsonResult;
}
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.Attributes in project omegat by omegat-org.
the class XMLUtils method convertAttributes.
/**
* Converts attributes from org.xml.sax package to OmegaT's.
*/
public static Attributes convertAttributes(org.xml.sax.Attributes attributes) {
Attributes res = new Attributes();
if (attributes == null) {
return res;
}
for (int i = 0; i < attributes.getLength(); i++) {
String name = StringUtil.makeValidXML(attributes.getQName(i));
String value = StringUtil.makeValidXML(attributes.getValue(i));
Attribute attr = new Attribute(name, value);
res.add(attr);
}
return res;
}
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.Attributes in project certmgr by hdecarne.
the class StoreController method updateDetailsViewHelper.
private void updateDetailsViewHelper(TreeItem<AttributeModel> parentItem, Attributes attribute, boolean expand) {
TreeItem<AttributeModel> attributeItem = new TreeItem<>(new AttributeModel(attribute));
List<Attributes> attributeChildren = attribute.children();
int childCount = attributeChildren.size();
int childIndex = 0;
for (Attributes child : attributeChildren) {
if (childIndex >= DETAILS_VIEW_ATTRIBUTE_LIMIT) {
attributeItem.getChildren().add(new TreeItem<>(new AttributeModel(StoreI18N.strTextDetailsOmitted(childCount - childIndex))));
break;
}
updateDetailsViewHelper(attributeItem, child, false);
childIndex++;
}
parentItem.getChildren().add(attributeItem);
attributeItem.setExpanded(expand);
}
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.Attributes in project core by authzforce.
the class SingleDecisionXacmlJaxbRequestPreprocessor method process.
@Override
public List<IndividualXacmlJaxbRequest> process(final List<Attributes> attributesList, final SingleCategoryXacmlAttributesParser<Attributes> xacmlAttrsParser, final boolean isApplicablePolicyIdListReturned, final boolean combinedDecision, final Optional<XPathCompilerProxy> xPathCompiler, final Map<String, String> namespaceURIsByPrefix) throws IndeterminateEvaluationException {
final Map<AttributeFqn, AttributeBag<?>> namedAttributes = HashCollections.newUpdatableMap(attributesList.size());
final Map<String, XdmNode> extraContentsByCategory = HashCollections.newUpdatableMap(attributesList.size());
/*
* attributesToIncludeInResult.size() <= attributesList.size()
*/
final List<Attributes> attributesToIncludeInResult = new ArrayList<>(attributesList.size());
for (final Attributes jaxbAttributes : attributesList) {
final SingleCategoryAttributes<?, Attributes> categorySpecificAttributes = xacmlAttrsParser.parseAttributes(jaxbAttributes, xPathCompiler);
if (categorySpecificAttributes == null) {
// skip this empty Attributes
continue;
}
final String categoryId = categorySpecificAttributes.getCategoryId();
final XdmNode newContentNode = categorySpecificAttributes.getExtraContent();
if (newContentNode != null) {
final XdmNode duplicate = extraContentsByCategory.putIfAbsent(categoryId, newContentNode);
/*
* No support for Multiple Decision Profile -> no support for repeated categories as specified in Multiple Decision Profile. So we must check duplicate attribute categories.
*/
if (duplicate != null) {
throw new IndeterminateEvaluationException("Unsupported repetition of Attributes[@Category='" + categoryId + "'] (feature 'urn:oasis:names:tc:xacml:3.0:profile:multiple:repeated-attribute-categories' is not supported)", XacmlStatusCode.SYNTAX_ERROR.value());
}
}
/*
* Convert growable (therefore mutable) bag of attribute values to immutable ones. Indeed, we must guarantee that attribute values remain constant during the evaluation of the request, as
* mandated by the XACML spec, section 7.3.5: <p> <i>
* "Regardless of any dynamic modifications of the request context during policy evaluation, the PDP SHALL behave as if each bag of attribute values is fully populated in the context before it is first tested, and is thereafter immutable during evaluation. (That is, every subsequent test of that attribute shall use the same bag of values that was initially tested.)"
* </i></p>
*/
for (final Entry<AttributeFqn, AttributeBag<?>> attrEntry : categorySpecificAttributes) {
namedAttributes.put(attrEntry.getKey(), attrEntry.getValue());
}
final Attributes catSpecificAttrsToIncludeInResult = categorySpecificAttributes.getAttributesToIncludeInResult();
if (catSpecificAttrsToIncludeInResult != null) {
attributesToIncludeInResult.add(catSpecificAttrsToIncludeInResult);
}
}
return Collections.singletonList(new IndividualXacmlJaxbRequest(reqFactory.getInstance(namedAttributes, extraContentsByCategory, isApplicablePolicyIdListReturned), ImmutableList.copyOf(attributesToIncludeInResult)));
}
Aggregations