use of oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType in project ddf by codice.
the class XacmlPdpTest method testEnvironmentVariables.
@Test
public void testEnvironmentVariables() {
RequestType request = testRealm.createXACMLRequest(USER_NAME, generateSubjectInfo(TEST_COUNTRY), new KeyValueCollectionPermission(QUERY_ACTION));
List<AttributesType> attributes = request.getAttributes();
AttributesType environmentAttributes = null;
for (AttributesType attribute : attributes) {
if (attribute.getCategory().equals(XACMLConstants.ENVIRONMENT_CATEGORY)) {
environmentAttributes = attribute;
}
}
assertNotNull(environmentAttributes);
assertThat(environmentAttributes.getAttribute().get(0).getAttributeId(), is("item0"));
assertThat(environmentAttributes.getAttribute().get(0).getAttributeValue().size(), is(1));
assertThat(environmentAttributes.getAttribute().get(1).getAttributeId(), is("item1"));
assertThat(environmentAttributes.getAttribute().get(1).getAttributeValue().size(), is(2));
assertThat(environmentAttributes.getAttribute().get(2).getAttributeId(), is("item2"));
assertThat(environmentAttributes.getAttribute().get(2).getAttributeValue().size(), is(3));
}
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType in project ddf by codice.
the class XacmlPdpTest method testResourceIsNotPermitted.
@Test
public void testResourceIsNotPermitted() {
HashMap<String, List<String>> security = new HashMap<String, List<String>>();
security.put(RESOURCE_ACCESS, Arrays.asList(ACCESS_TYPE_A, ACCESS_TYPE_B, ACCESS_TYPE_C));
KeyValueCollectionPermission resourcePermissions = new KeyValueCollectionPermission(CollectionPermission.READ_ACTION, security);
RequestType request = testRealm.createXACMLRequest(USER_NAME, generateSubjectInfo(TEST_COUNTRY), resourcePermissions);
assertFalse(testRealm.isPermitted(request));
}
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType in project ddf by codice.
the class XacmlPdp method isPermitted.
public boolean isPermitted(String primaryPrincipal, AuthorizationInfo info, KeyValueCollectionPermission curPermission) {
boolean curResponse;
LOGGER.debug("Checking if {} has access for action {}", primaryPrincipal, curPermission.getAction());
SecurityLogger.audit("Checking if [" + primaryPrincipal + "] has access for action " + curPermission.getAction());
if (CollectionUtils.isEmpty(info.getObjectPermissions()) && CollectionUtils.isEmpty(info.getStringPermissions()) && CollectionUtils.isEmpty(info.getRoles()) && !CollectionUtils.isEmpty(curPermission.getKeyValuePermissionList())) {
return false;
}
if ((!CollectionUtils.isEmpty(info.getObjectPermissions()) || !CollectionUtils.isEmpty(info.getStringPermissions()) || !CollectionUtils.isEmpty(info.getRoles())) && CollectionUtils.isEmpty(curPermission.getKeyValuePermissionList())) {
return true;
}
LOGGER.debug("Received authZ info, creating XACML request.");
RequestType curRequest = createXACMLRequest(primaryPrincipal, info, curPermission);
LOGGER.debug("Created XACML request, calling PDP.");
curResponse = isPermitted(curRequest);
return curResponse;
}
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType in project ddf by codice.
the class XacmlPdp method isPermitted.
protected boolean isPermitted(RequestType xacmlRequest) {
boolean permitted;
ResponseType xacmlResponse;
try {
LOGGER.debug("Calling PDP to evaluate XACML request.");
xacmlResponse = pdp.evaluate(xacmlRequest);
LOGGER.debug("Received response from PDP.");
permitted = xacmlResponse != null && xacmlResponse.getResult().get(0).getDecision() == DecisionType.PERMIT;
LOGGER.debug("Permitted: {}", permitted);
} catch (PdpException e) {
LOGGER.debug(e.getMessage(), e);
permitted = false;
}
return permitted;
}
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType in project ddf by codice.
the class XacmlPdpTest method testResourceIsPermitted.
@Test
public void testResourceIsPermitted() {
HashMap<String, List<String>> security = new HashMap<String, List<String>>();
security.put(RESOURCE_ACCESS, Arrays.asList(ACCESS_TYPE_A));
KeyValueCollectionPermission resourcePermissions = new KeyValueCollectionPermission(CollectionPermission.READ_ACTION, security);
RequestType request = testRealm.createXACMLRequest(USER_NAME, generateSubjectInfo(TEST_COUNTRY), resourcePermissions);
assertTrue(testRealm.isPermitted(request));
}
Aggregations