Example 1 with RequestType
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType in project ddf by codice.
the class XacmlClientTest method testWrapperpoliciesdirectorypolicyadded.
@Test
public void testWrapperpoliciesdirectorypolicyadded() throws Exception {
LOGGER.debug("\n\n\n##### testXACMLWrapper_policies_directory_policy_added");
File policyDir = folder.newFolder("tempDir");
XacmlClient.defaultPollingIntervalInSeconds = 1;
// Perform Test
XacmlClient pdp = new XacmlClient(policyDir.getCanonicalPath(), new XmlParser());
File srcFile = new File(projectHome + File.separator + RELATIVE_POLICIES_DIR + File.separator + POLICY_FILE);
FileUtils.copyFileToDirectory(srcFile, policyDir);
Thread.sleep(2000);
RequestType xacmlRequestType = new RequestType();
xacmlRequestType.setCombinedDecision(false);
xacmlRequestType.setReturnPolicyIdList(false);
AttributesType actionAttributes = new AttributesType();
actionAttributes.setCategory(ACTION_CATEGORY);
AttributeType actionAttribute = new AttributeType();
actionAttribute.setAttributeId(ACTION_ID);
actionAttribute.setIncludeInResult(false);
AttributeValueType actionValue = new AttributeValueType();
actionValue.setDataType(STRING_DATA_TYPE);
actionValue.getContent().add(QUERY_ACTION);
actionAttribute.getAttributeValue().add(actionValue);
actionAttributes.getAttribute().add(actionAttribute);
AttributesType subjectAttributes = new AttributesType();
subjectAttributes.setCategory(SUBJECT_CATEGORY);
AttributeType subjectAttribute = new AttributeType();
subjectAttribute.setAttributeId(SUBJECT_ID);
subjectAttribute.setIncludeInResult(false);
AttributeValueType subjectValue = new AttributeValueType();
subjectValue.setDataType(STRING_DATA_TYPE);
subjectValue.getContent().add(TEST_USER_1);
subjectAttribute.getAttributeValue().add(subjectValue);
subjectAttributes.getAttribute().add(subjectAttribute);
AttributeType roleAttribute = new AttributeType();
roleAttribute.setAttributeId(ROLE_CLAIM);
roleAttribute.setIncludeInResult(false);
AttributeValueType roleValue = new AttributeValueType();
roleValue.setDataType(STRING_DATA_TYPE);
roleValue.getContent().add(ROLE);
roleAttribute.getAttributeValue().add(roleValue);
subjectAttributes.getAttribute().add(roleAttribute);
AttributesType categoryAttributes = new AttributesType();
categoryAttributes.setCategory(PERMISSIONS_CATEGORY);
AttributeType citizenshipAttribute = new AttributeType();
citizenshipAttribute.setAttributeId(CITIZENSHIP_ATTRIBUTE);
citizenshipAttribute.setIncludeInResult(false);
AttributeValueType citizenshipValue = new AttributeValueType();
citizenshipValue.setDataType(STRING_DATA_TYPE);
citizenshipValue.getContent().add(US_COUNTRY);
citizenshipAttribute.getAttributeValue().add(citizenshipValue);
categoryAttributes.getAttribute().add(citizenshipAttribute);
xacmlRequestType.getAttributes().add(actionAttributes);
xacmlRequestType.getAttributes().add(subjectAttributes);
xacmlRequestType.getAttributes().add(categoryAttributes);
// Perform Test
ResponseType xacmlResponse = pdp.evaluate(xacmlRequestType);
// Verify - The policy was loaded to allow a permit decision
JAXBContext jaxbContext = JAXBContext.newInstance(ResponseType.class);
Marshaller marshaller = jaxbContext.createMarshaller();
ObjectFactory objectFactory = new ObjectFactory();
Writer writer = new StringWriter();
marshaller.marshal(objectFactory.createResponse(xacmlResponse), writer);
LOGGER.debug("\nXACML 3.0 Response:\n{}", writer.toString());
assertEquals(xacmlResponse.getResult().get(0).getDecision(), DecisionType.PERMIT);
FileUtils.deleteDirectory(policyDir);
}
Also used :
XmlParser(org.codice.ddf.parser.xml.XmlParser)
Marshaller(javax.xml.bind.Marshaller)
AttributeValueType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType)
JAXBContext(javax.xml.bind.JAXBContext)
ResponseType(oasis.names.tc.xacml._3_0.core.schema.wd_17.ResponseType)
ObjectFactory(oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory)
StringWriter(java.io.StringWriter)
AttributeType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeType)
AttributesType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributesType)
File(java.io.File)
StringWriter(java.io.StringWriter)
Writer(java.io.Writer)
RequestType(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)
Test(org.junit.Test)
Example 2 with RequestType
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType in project ddf by codice.
the class XacmlPdp method createXACMLRequest.
protected RequestType createXACMLRequest(String subject, AuthorizationInfo info, CollectionPermission permission) {
LOGGER.debug("Creating XACML request for subject: {} and metacard permissions {}", subject, permission);
RequestType xacmlRequestType = new RequestType();
xacmlRequestType.setCombinedDecision(false);
xacmlRequestType.setReturnPolicyIdList(false);
// Adding filter action
AttributesType actionAttributes = new AttributesType();
actionAttributes.setCategory(XACMLConstants.ACTION_CATEGORY);
AttributeType actionAttribute = new AttributeType();
actionAttribute.setAttributeId(XACMLConstants.ACTION_ID);
actionAttribute.setIncludeInResult(false);
AttributeValueType actionValue = new AttributeValueType();
actionValue.setDataType(XACMLConstants.STRING_DATA_TYPE);
LOGGER.trace("Adding action: {} for subject: {}", XACMLConstants.FILTER_ACTION, subject);
actionValue.getContent().add(permission.getAction());
actionAttribute.getAttributeValue().add(actionValue);
actionAttributes.getAttribute().add(actionAttribute);
xacmlRequestType.getAttributes().add(actionAttributes);
// Adding permissions for the calling subject
AttributesType subjectAttributes = createSubjectAttributes(subject, info);
xacmlRequestType.getAttributes().add(subjectAttributes);
// Adding permissions for the resource
AttributesType metadataAttributes = new AttributesType();
metadataAttributes.setCategory(XACMLConstants.RESOURCE_CATEGORY);
AttributesType environmentAttributesType = new AttributesType();
environmentAttributesType.setCategory(XACMLConstants.ENVIRONMENT_CATEGORY);
if (!CollectionUtils.isEmpty(environmentAttributes)) {
for (String envAttr : environmentAttributes) {
String[] attr = envAttr.split("=");
if (attr.length == 2) {
AttributeType attributeType = new AttributeType();
attributeType.setAttributeId(attr[0].trim());
String[] attrVals = attr[1].split(",");
for (String attrVal : attrVals) {
AttributeValueType attributeValueType = new AttributeValueType();
attributeValueType.setDataType(XACMLConstants.STRING_DATA_TYPE);
attributeValueType.getContent().add(attrVal.trim());
attributeType.getAttributeValue().add(attributeValueType);
}
environmentAttributesType.getAttribute().add(attributeType);
}
}
}
if (permission instanceof KeyValueCollectionPermission) {
List<KeyValuePermission> tmpList = ((KeyValueCollectionPermission) permission).getKeyValuePermissionList();
for (KeyValuePermission curPermission : tmpList) {
AttributeType resourceAttribute = new AttributeType();
resourceAttribute.setAttributeId(curPermission.getKey());
resourceAttribute.setIncludeInResult(false);
if (curPermission.getValues().size() > 0) {
for (String curPermValue : curPermission.getValues()) {
AttributeValueType resourceAttributeValue = new AttributeValueType();
resourceAttributeValue.setDataType(getXacmlDataType(curPermValue));
LOGGER.trace("Adding permission: {}:{} for incoming resource", new Object[] { curPermission.getKey(), curPermValue });
resourceAttributeValue.getContent().add(curPermValue);
resourceAttribute.getAttributeValue().add(resourceAttributeValue);
}
metadataAttributes.getAttribute().add(resourceAttribute);
}
}
xacmlRequestType.getAttributes().add(metadataAttributes);
if (!CollectionUtils.isEmpty(environmentAttributes)) {
xacmlRequestType.getAttributes().add(environmentAttributesType);
}
} else {
LOGGER.warn("Permission on the resource need to be of type KeyValueCollectionPermission, cannot process this resource.");
}
return xacmlRequestType;
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
AttributeValueType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType)
AttributeType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeType)
AttributesType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributesType)
KeyValuePermission(ddf.security.permission.KeyValuePermission)
RequestType(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)
Example 3 with RequestType
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType in project ddf by codice.
the class XacmlClient method marshal.
/**
* Marshalls the XACML request to a string.
*
* @param xacmlRequestType The XACML request to marshal.
* @return A string representation of the XACML request.
*/
private String marshal(RequestType xacmlRequestType) throws PdpException {
if (null == parser) {
throw new IllegalStateException("XMLParser must be configured.");
}
String xacmlRequest = null;
try {
List<String> ctxPath = new ArrayList<>(1);
ctxPath.add(ResponseType.class.getPackage().getName());
ParserConfigurator configurator = parser.configureParser(ctxPath, XacmlClient.class.getClassLoader());
configurator.addProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
ByteArrayOutputStream os = new ByteArrayOutputStream();
ObjectFactory objectFactory = new ObjectFactory();
parser.marshal(configurator, objectFactory.createRequest(xacmlRequestType), os);
xacmlRequest = os.toString("UTF-8");
} catch (ParserException | UnsupportedEncodingException e) {
String message = "Unable to marshal XACML request.";
LOGGER.info(message, e);
throw new PdpException(message, e);
}
LOGGER.debug("\nXACML 3.0 Request:\n{}", xacmlRequest);
return xacmlRequest;
}
Also used :
ParserConfigurator(org.codice.ddf.parser.ParserConfigurator)
ParserException(org.codice.ddf.parser.ParserException)
ObjectFactory(oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory)
ArrayList(java.util.ArrayList)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
Example 4 with RequestType
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType in project ddf by codice.
the class XacmlPdpTest method testActionBadCountry.
@Test
public void testActionBadCountry() {
RequestType request = testRealm.createXACMLRequest(USER_NAME, generateSubjectInfo("CAN"), new KeyValueCollectionPermission(QUERY_ACTION));
assertFalse(testRealm.isPermitted(request));
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
RequestType(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)
Test(org.junit.Test)
Example 5 with RequestType
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType in project ddf by codice.
the class XacmlPdpTest method testActionBadAction.
@Test
public void testActionBadAction() {
RequestType request = testRealm.createXACMLRequest(USER_NAME, generateSubjectInfo(TEST_COUNTRY), new KeyValueCollectionPermission("bad"));
assertFalse(testRealm.isPermitted(request));
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
RequestType(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)
Test(org.junit.Test)
Aggregations
RequestType (oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)14
Test (org.junit.Test)12
KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)9
AttributesType (oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributesType)6
AttributeType (oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeType)5
AttributeValueType (oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType)5
ArrayList (java.util.ArrayList)4
ObjectFactory (oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory)4
ResponseType (oasis.names.tc.xacml._3_0.core.schema.wd_17.ResponseType)4
File (java.io.File)3
StringWriter (java.io.StringWriter)3
Writer (java.io.Writer)3
HashMap (java.util.HashMap)3
List (java.util.List)3
JAXBContext (javax.xml.bind.JAXBContext)3
Marshaller (javax.xml.bind.Marshaller)3
XmlParser (org.codice.ddf.parser.xml.XmlParser)3
KeyValuePermission (ddf.security.permission.KeyValuePermission)2
PdpException (ddf.security.pdp.realm.xacml.processor.PdpException)1
CollectionPermission (ddf.security.permission.CollectionPermission)1
