Search in sources :

Example 1 with AttributesType

use of oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributesType in project ddf by codice.

the class XacmlPdpTest method testEnvironmentVariables.

@Test
public void testEnvironmentVariables() {
    RequestType request = testRealm.createXACMLRequest(USER_NAME, generateSubjectInfo(TEST_COUNTRY), new KeyValueCollectionPermissionImpl(QUERY_ACTION));
    List<AttributesType> attributes = request.getAttributes();
    AttributesType environmentAttributes = null;
    for (AttributesType attribute : attributes) {
        if (attribute.getCategory().equals(ENVIRONMENT_CATEGORY)) {
            environmentAttributes = attribute;
        }
    }
    assertNotNull(environmentAttributes);
    assertThat(environmentAttributes.getAttribute().get(0).getAttributeId(), is("item0"));
    assertThat(environmentAttributes.getAttribute().get(0).getAttributeValue().size(), is(1));
    assertThat(environmentAttributes.getAttribute().get(1).getAttributeId(), is("item1"));
    assertThat(environmentAttributes.getAttribute().get(1).getAttributeValue().size(), is(2));
    assertThat(environmentAttributes.getAttribute().get(2).getAttributeId(), is("item2"));
    assertThat(environmentAttributes.getAttribute().get(2).getAttributeValue().size(), is(3));
}
Also used : AttributesType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributesType) KeyValueCollectionPermissionImpl(ddf.security.permission.impl.KeyValueCollectionPermissionImpl) RequestType(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType) Test(org.junit.Test)

Example 2 with AttributesType

use of oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributesType in project ddf by codice.

the class XacmlClientTest method testWrapperpoliciesdirectorypolicyadded.

@Test
public void testWrapperpoliciesdirectorypolicyadded() throws Exception {
    LOGGER.debug("\n\n\n##### testXACMLWrapper_policies_directory_policy_added");
    File policyDir = folder.newFolder("tempDir");
    XacmlClient.defaultPollingIntervalInSeconds = 1;
    // Perform Test
    XacmlClient pdp = new XacmlClient(policyDir.getCanonicalPath(), new XmlParser(), mock(SecurityLogger.class));
    File srcFile = new File(projectHome + File.separator + RELATIVE_POLICIES_DIR + File.separator + POLICY_FILE);
    FileUtils.copyFileToDirectory(srcFile, policyDir);
    Thread.sleep(2000);
    RequestType xacmlRequestType = new RequestType();
    xacmlRequestType.setCombinedDecision(false);
    xacmlRequestType.setReturnPolicyIdList(false);
    AttributesType actionAttributes = new AttributesType();
    actionAttributes.setCategory(ACTION_CATEGORY);
    AttributeType actionAttribute = new AttributeType();
    actionAttribute.setAttributeId(ACTION_ID);
    actionAttribute.setIncludeInResult(false);
    AttributeValueType actionValue = new AttributeValueType();
    actionValue.setDataType(STRING_DATA_TYPE);
    actionValue.getContent().add(QUERY_ACTION);
    actionAttribute.getAttributeValue().add(actionValue);
    actionAttributes.getAttribute().add(actionAttribute);
    AttributesType subjectAttributes = new AttributesType();
    subjectAttributes.setCategory(SUBJECT_CATEGORY);
    AttributeType subjectAttribute = new AttributeType();
    subjectAttribute.setAttributeId(SUBJECT_ID);
    subjectAttribute.setIncludeInResult(false);
    AttributeValueType subjectValue = new AttributeValueType();
    subjectValue.setDataType(STRING_DATA_TYPE);
    subjectValue.getContent().add(TEST_USER_1);
    subjectAttribute.getAttributeValue().add(subjectValue);
    subjectAttributes.getAttribute().add(subjectAttribute);
    AttributeType roleAttribute = new AttributeType();
    roleAttribute.setAttributeId(ROLE_CLAIM);
    roleAttribute.setIncludeInResult(false);
    AttributeValueType roleValue = new AttributeValueType();
    roleValue.setDataType(STRING_DATA_TYPE);
    roleValue.getContent().add(ROLE);
    roleAttribute.getAttributeValue().add(roleValue);
    subjectAttributes.getAttribute().add(roleAttribute);
    AttributesType categoryAttributes = new AttributesType();
    categoryAttributes.setCategory(PERMISSIONS_CATEGORY);
    AttributeType citizenshipAttribute = new AttributeType();
    citizenshipAttribute.setAttributeId(CITIZENSHIP_ATTRIBUTE);
    citizenshipAttribute.setIncludeInResult(false);
    AttributeValueType citizenshipValue = new AttributeValueType();
    citizenshipValue.setDataType(STRING_DATA_TYPE);
    citizenshipValue.getContent().add(US_COUNTRY);
    citizenshipAttribute.getAttributeValue().add(citizenshipValue);
    categoryAttributes.getAttribute().add(citizenshipAttribute);
    xacmlRequestType.getAttributes().add(actionAttributes);
    xacmlRequestType.getAttributes().add(subjectAttributes);
    xacmlRequestType.getAttributes().add(categoryAttributes);
    // Perform Test
    ResponseType xacmlResponse = pdp.evaluate(xacmlRequestType);
    // Verify - The policy was loaded to allow a permit decision
    JAXBContext jaxbContext = JAXBContext.newInstance(ResponseType.class);
    Marshaller marshaller = jaxbContext.createMarshaller();
    ObjectFactory objectFactory = new ObjectFactory();
    Writer writer = new StringWriter();
    marshaller.marshal(objectFactory.createResponse(xacmlResponse), writer);
    LOGGER.debug("\nXACML 3.0 Response:\n{}", writer.toString());
    assertEquals(xacmlResponse.getResult().get(0).getDecision(), DecisionType.PERMIT);
    FileUtils.deleteDirectory(policyDir);
}
Also used : XmlParser(org.codice.ddf.parser.xml.XmlParser) Marshaller(javax.xml.bind.Marshaller) AttributeValueType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType) JAXBContext(javax.xml.bind.JAXBContext) ResponseType(oasis.names.tc.xacml._3_0.core.schema.wd_17.ResponseType) ObjectFactory(oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory) StringWriter(java.io.StringWriter) AttributeType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeType) AttributesType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributesType) File(java.io.File) StringWriter(java.io.StringWriter) Writer(java.io.Writer) SecurityLogger(ddf.security.audit.SecurityLogger) RequestType(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType) Test(org.junit.Test)

Example 3 with AttributesType

use of oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributesType in project ddf by codice.

the class XacmlPdp method createXACMLRequest.

protected RequestType createXACMLRequest(String subject, AuthorizationInfo info, CollectionPermission permission) {
    LOGGER.debug("Creating XACML request for subject: {} and metacard permissions {}", subject, permission);
    RequestType xacmlRequestType = new RequestType();
    xacmlRequestType.setCombinedDecision(false);
    xacmlRequestType.setReturnPolicyIdList(false);
    // Adding filter action
    AttributesType actionAttributes = new AttributesType();
    actionAttributes.setCategory(ACTION_CATEGORY);
    AttributeType actionAttribute = new AttributeType();
    actionAttribute.setAttributeId(ACTION_ID);
    actionAttribute.setIncludeInResult(false);
    AttributeValueType actionValue = new AttributeValueType();
    actionValue.setDataType(STRING_DATA_TYPE);
    LOGGER.trace("Adding action: {} for subject: {}", FILTER_ACTION, subject);
    actionValue.getContent().add(permission.getAction());
    actionAttribute.getAttributeValue().add(actionValue);
    actionAttributes.getAttribute().add(actionAttribute);
    xacmlRequestType.getAttributes().add(actionAttributes);
    // Adding permissions for the calling subject
    AttributesType subjectAttributes = createSubjectAttributes(subject, info);
    xacmlRequestType.getAttributes().add(subjectAttributes);
    // Adding permissions for the resource
    AttributesType metadataAttributes = new AttributesType();
    metadataAttributes.setCategory(RESOURCE_CATEGORY);
    AttributesType environmentAttributesType = new AttributesType();
    environmentAttributesType.setCategory(ENVIRONMENT_CATEGORY);
    if (!CollectionUtils.isEmpty(environmentAttributes)) {
        for (String envAttr : environmentAttributes) {
            String[] attr = envAttr.split("=");
            if (attr.length == 2) {
                AttributeType attributeType = new AttributeType();
                attributeType.setAttributeId(attr[0].trim());
                String[] attrVals = attr[1].split(",");
                for (String attrVal : attrVals) {
                    AttributeValueType attributeValueType = new AttributeValueType();
                    attributeValueType.setDataType(STRING_DATA_TYPE);
                    attributeValueType.getContent().add(attrVal.trim());
                    attributeType.getAttributeValue().add(attributeValueType);
                }
                environmentAttributesType.getAttribute().add(attributeType);
            }
        }
    }
    if (permission instanceof KeyValueCollectionPermission) {
        List<KeyValuePermission> tmpList = ((KeyValueCollectionPermission) permission).getKeyValuePermissionList();
        for (KeyValuePermission curPermission : tmpList) {
            AttributeType resourceAttribute = new AttributeType();
            resourceAttribute.setAttributeId(curPermission.getKey());
            resourceAttribute.setIncludeInResult(false);
            if (!curPermission.getValues().isEmpty()) {
                for (String curPermValue : curPermission.getValues()) {
                    AttributeValueType resourceAttributeValue = new AttributeValueType();
                    resourceAttributeValue.setDataType(getXacmlDataType(curPermValue));
                    LOGGER.trace("Adding permission: {}:{} for incoming resource", new Object[] { curPermission.getKey(), curPermValue });
                    resourceAttributeValue.getContent().add(curPermValue);
                    resourceAttribute.getAttributeValue().add(resourceAttributeValue);
                }
                metadataAttributes.getAttribute().add(resourceAttribute);
            }
        }
        xacmlRequestType.getAttributes().add(metadataAttributes);
        if (!CollectionUtils.isEmpty(environmentAttributes)) {
            xacmlRequestType.getAttributes().add(environmentAttributesType);
        }
    } else {
        LOGGER.warn("Permission on the resource need to be of type KeyValueCollectionPermission, cannot process this resource.");
    }
    return xacmlRequestType;
}
Also used : KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) AttributeValueType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType) AttributeType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeType) AttributesType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributesType) KeyValuePermission(ddf.security.permission.KeyValuePermission) RequestType(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)

Example 4 with AttributesType

use of oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributesType in project ddf by codice.

the class XacmlPdp method createSubjectAttributes.

private AttributesType createSubjectAttributes(String subject, AuthorizationInfo info) {
    AttributesType subjectAttributes = new AttributesType();
    subjectAttributes.setCategory(ACCESS_SUBJECT_CATEGORY);
    AttributeType subjectAttribute = new AttributeType();
    subjectAttribute.setAttributeId(SUBJECT_ID);
    subjectAttribute.setIncludeInResult(false);
    AttributeValueType subjectValue = new AttributeValueType();
    subjectValue.setDataType(STRING_DATA_TYPE);
    LOGGER.debug("Adding subject: {}", subject);
    subjectValue.getContent().add(subject);
    subjectAttribute.getAttributeValue().add(subjectValue);
    subjectAttributes.getAttribute().add(subjectAttribute);
    AttributeType roleAttribute = new AttributeType();
    roleAttribute.setAttributeId(ROLE_CLAIM);
    roleAttribute.setIncludeInResult(false);
    if (!info.getRoles().isEmpty()) {
        for (String curRole : info.getRoles()) {
            AttributeValueType roleValue = new AttributeValueType();
            roleValue.setDataType(STRING_DATA_TYPE);
            LOGGER.trace("Adding role: {} for subject: {}", curRole, subject);
            roleValue.getContent().add(curRole);
            roleAttribute.getAttributeValue().add(roleValue);
        }
        subjectAttributes.getAttribute().add(roleAttribute);
    }
    for (Permission curPermission : info.getObjectPermissions()) {
        if (curPermission instanceof KeyValuePermission) {
            AttributeType subjAttr = new AttributeType();
            subjAttr.setAttributeId(((KeyValuePermission) curPermission).getKey());
            subjAttr.setIncludeInResult(false);
            if (!((KeyValuePermission) curPermission).getValues().isEmpty()) {
                for (String curPermValue : ((KeyValuePermission) curPermission).getValues()) {
                    AttributeValueType subjAttrValue = new AttributeValueType();
                    subjAttrValue.setDataType(getXacmlDataType(curPermValue));
                    LOGGER.trace("Adding permission: {}:{} for subject: {}", ((KeyValuePermission) curPermission).getKey(), curPermValue, subject);
                    subjAttrValue.getContent().add(curPermValue);
                    subjAttr.getAttributeValue().add(subjAttrValue);
                }
                subjectAttributes.getAttribute().add(subjAttr);
            }
        } else {
            LOGGER.warn("Permissions for subject were not of type KeyValuePermission, cannot add any subject permissions to the request.");
        }
    }
    return subjectAttributes;
}
Also used : AttributeValueType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType) AttributeType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeType) AttributesType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributesType) CollectionPermission(ddf.security.permission.CollectionPermission) KeyValuePermission(ddf.security.permission.KeyValuePermission) Permission(org.apache.shiro.authz.Permission) KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) KeyValuePermission(ddf.security.permission.KeyValuePermission)

Example 5 with AttributesType

use of oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributesType in project ddf by codice.

the class XacmlClientTest method testEvaluateroleuseractionquerycitizenshipCA.

@Test
public void testEvaluateroleuseractionquerycitizenshipCA() throws Exception {
    LOGGER.debug("\n\n\n##### testEvaluate_role_user_action_query_citizenship_CA");
    final String country = "CA";
    testSetup();
    RequestType xacmlRequestType = new RequestType();
    xacmlRequestType.setCombinedDecision(false);
    xacmlRequestType.setReturnPolicyIdList(false);
    AttributesType actionAttributes = new AttributesType();
    actionAttributes.setCategory(ACTION_CATEGORY);
    AttributeType actionAttribute = new AttributeType();
    actionAttribute.setAttributeId(ACTION_ID);
    actionAttribute.setIncludeInResult(false);
    AttributeValueType actionValue = new AttributeValueType();
    actionValue.setDataType(STRING_DATA_TYPE);
    actionValue.getContent().add(QUERY_ACTION);
    actionAttribute.getAttributeValue().add(actionValue);
    actionAttributes.getAttribute().add(actionAttribute);
    AttributesType subjectAttributes = new AttributesType();
    subjectAttributes.setCategory(SUBJECT_CATEGORY);
    AttributeType subjectAttribute = new AttributeType();
    subjectAttribute.setAttributeId(SUBJECT_ID);
    subjectAttribute.setIncludeInResult(false);
    AttributeValueType subjectValue = new AttributeValueType();
    subjectValue.setDataType(STRING_DATA_TYPE);
    subjectValue.getContent().add(TEST_USER_2);
    subjectAttribute.getAttributeValue().add(subjectValue);
    subjectAttributes.getAttribute().add(subjectAttribute);
    AttributeType roleAttribute = new AttributeType();
    roleAttribute.setAttributeId(ROLE_CLAIM);
    roleAttribute.setIncludeInResult(false);
    AttributeValueType roleValue = new AttributeValueType();
    roleValue.setDataType(STRING_DATA_TYPE);
    roleValue.getContent().add(ROLE);
    roleAttribute.getAttributeValue().add(roleValue);
    subjectAttributes.getAttribute().add(roleAttribute);
    AttributesType categoryAttributes = new AttributesType();
    categoryAttributes.setCategory(PERMISSIONS_CATEGORY);
    AttributeType citizenshipAttribute = new AttributeType();
    citizenshipAttribute.setAttributeId(CITIZENSHIP_ATTRIBUTE);
    citizenshipAttribute.setIncludeInResult(false);
    AttributeValueType citizenshipValue = new AttributeValueType();
    citizenshipValue.setDataType(STRING_DATA_TYPE);
    citizenshipValue.getContent().add(country);
    citizenshipAttribute.getAttributeValue().add(citizenshipValue);
    categoryAttributes.getAttribute().add(citizenshipAttribute);
    xacmlRequestType.getAttributes().add(actionAttributes);
    xacmlRequestType.getAttributes().add(subjectAttributes);
    xacmlRequestType.getAttributes().add(categoryAttributes);
    XacmlClient pdp = new XacmlClient(tempDir.getCanonicalPath(), new XmlParser(), mock(SecurityLogger.class));
    // Perform Test
    ResponseType xacmlResponse = pdp.evaluate(xacmlRequestType);
    // Verify
    JAXBContext jaxbContext = JAXBContext.newInstance(ResponseType.class);
    Marshaller marshaller = jaxbContext.createMarshaller();
    ObjectFactory objectFactory = new ObjectFactory();
    Writer writer = new StringWriter();
    marshaller.marshal(objectFactory.createResponse(xacmlResponse), writer);
    LOGGER.debug("\nXACML 3.0 Response:\n{}", writer.toString());
    assertEquals(xacmlResponse.getResult().get(0).getDecision(), DecisionType.DENY);
}
Also used : XmlParser(org.codice.ddf.parser.xml.XmlParser) Marshaller(javax.xml.bind.Marshaller) AttributeValueType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType) JAXBContext(javax.xml.bind.JAXBContext) ResponseType(oasis.names.tc.xacml._3_0.core.schema.wd_17.ResponseType) ObjectFactory(oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory) StringWriter(java.io.StringWriter) AttributeType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeType) AttributesType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributesType) StringWriter(java.io.StringWriter) Writer(java.io.Writer) RequestType(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType) SecurityLogger(ddf.security.audit.SecurityLogger) Test(org.junit.Test)

Aggregations

AttributesType (oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributesType)7 AttributeType (oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeType)6 AttributeValueType (oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType)6 RequestType (oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)6 Test (org.junit.Test)5 SecurityLogger (ddf.security.audit.SecurityLogger)4 File (java.io.File)3 StringWriter (java.io.StringWriter)3 Writer (java.io.Writer)3 JAXBContext (javax.xml.bind.JAXBContext)3 Marshaller (javax.xml.bind.Marshaller)3 ObjectFactory (oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory)3 ResponseType (oasis.names.tc.xacml._3_0.core.schema.wd_17.ResponseType)3 XmlParser (org.codice.ddf.parser.xml.XmlParser)3 KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)2 KeyValuePermission (ddf.security.permission.KeyValuePermission)2 CollectionPermission (ddf.security.permission.CollectionPermission)1 KeyValueCollectionPermissionImpl (ddf.security.permission.impl.KeyValueCollectionPermissionImpl)1 Permission (org.apache.shiro.authz.Permission)1