Example 6 with RequestType
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType in project ddf by codice.
the class XacmlPdpTest method testEnvironmentVariables.
@Test
public void testEnvironmentVariables() {
RequestType request = testRealm.createXACMLRequest(USER_NAME, generateSubjectInfo(TEST_COUNTRY), new KeyValueCollectionPermission(QUERY_ACTION));
List<AttributesType> attributes = request.getAttributes();
AttributesType environmentAttributes = null;
for (AttributesType attribute : attributes) {
if (attribute.getCategory().equals(XACMLConstants.ENVIRONMENT_CATEGORY)) {
environmentAttributes = attribute;
}
}
assertNotNull(environmentAttributes);
assertThat(environmentAttributes.getAttribute().get(0).getAttributeId(), is("item0"));
assertThat(environmentAttributes.getAttribute().get(0).getAttributeValue().size(), is(1));
assertThat(environmentAttributes.getAttribute().get(1).getAttributeId(), is("item1"));
assertThat(environmentAttributes.getAttribute().get(1).getAttributeValue().size(), is(2));
assertThat(environmentAttributes.getAttribute().get(2).getAttributeId(), is("item2"));
assertThat(environmentAttributes.getAttribute().get(2).getAttributeValue().size(), is(3));
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
AttributesType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributesType)
RequestType(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)
Test(org.junit.Test)
Example 7 with RequestType
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType in project ddf by codice.
the class XacmlPdpTest method testResourceIsNotPermitted.
@Test
public void testResourceIsNotPermitted() {
HashMap<String, List<String>> security = new HashMap<String, List<String>>();
security.put(RESOURCE_ACCESS, Arrays.asList(ACCESS_TYPE_A, ACCESS_TYPE_B, ACCESS_TYPE_C));
KeyValueCollectionPermission resourcePermissions = new KeyValueCollectionPermission(CollectionPermission.READ_ACTION, security);
RequestType request = testRealm.createXACMLRequest(USER_NAME, generateSubjectInfo(TEST_COUNTRY), resourcePermissions);
assertFalse(testRealm.isPermitted(request));
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
List(java.util.List)
RequestType(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)
Test(org.junit.Test)
Example 8 with RequestType
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType in project ddf by codice.
the class XacmlPdp method isPermitted.
public boolean isPermitted(String primaryPrincipal, AuthorizationInfo info, KeyValueCollectionPermission curPermission) {
boolean curResponse;
LOGGER.debug("Checking if {} has access for action {}", primaryPrincipal, curPermission.getAction());
SecurityLogger.audit("Checking if [" + primaryPrincipal + "] has access for action " + curPermission.getAction());
if (CollectionUtils.isEmpty(info.getObjectPermissions()) && CollectionUtils.isEmpty(info.getStringPermissions()) && CollectionUtils.isEmpty(info.getRoles()) && !CollectionUtils.isEmpty(curPermission.getKeyValuePermissionList())) {
return false;
}
if ((!CollectionUtils.isEmpty(info.getObjectPermissions()) || !CollectionUtils.isEmpty(info.getStringPermissions()) || !CollectionUtils.isEmpty(info.getRoles())) && CollectionUtils.isEmpty(curPermission.getKeyValuePermissionList())) {
return true;
}
LOGGER.debug("Received authZ info, creating XACML request.");
RequestType curRequest = createXACMLRequest(primaryPrincipal, info, curPermission);
LOGGER.debug("Created XACML request, calling PDP.");
curResponse = isPermitted(curRequest);
return curResponse;
}
Also used :
RequestType(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)
Example 9 with RequestType
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType in project ddf by codice.
the class XacmlPdp method isPermitted.
protected boolean isPermitted(RequestType xacmlRequest) {
boolean permitted;
ResponseType xacmlResponse;
try {
LOGGER.debug("Calling PDP to evaluate XACML request.");
xacmlResponse = pdp.evaluate(xacmlRequest);
LOGGER.debug("Received response from PDP.");
permitted = xacmlResponse != null && xacmlResponse.getResult().get(0).getDecision() == DecisionType.PERMIT;
LOGGER.debug("Permitted: {}", permitted);
} catch (PdpException e) {
LOGGER.debug(e.getMessage(), e);
permitted = false;
}
return permitted;
}
Also used :
ResponseType(oasis.names.tc.xacml._3_0.core.schema.wd_17.ResponseType)
PdpException(ddf.security.pdp.realm.xacml.processor.PdpException)
Example 10 with RequestType
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType in project ddf by codice.
the class XacmlPdpTest method testResourceIsPermitted.
@Test
public void testResourceIsPermitted() {
HashMap<String, List<String>> security = new HashMap<String, List<String>>();
security.put(RESOURCE_ACCESS, Arrays.asList(ACCESS_TYPE_A));
KeyValueCollectionPermission resourcePermissions = new KeyValueCollectionPermission(CollectionPermission.READ_ACTION, security);
RequestType request = testRealm.createXACMLRequest(USER_NAME, generateSubjectInfo(TEST_COUNTRY), resourcePermissions);
assertTrue(testRealm.isPermitted(request));
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
List(java.util.List)
RequestType(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)
Test(org.junit.Test)
Aggregations
RequestType (oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)14
Test (org.junit.Test)12
KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)9
AttributesType (oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributesType)6
AttributeType (oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeType)5
AttributeValueType (oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType)5
ArrayList (java.util.ArrayList)4
ObjectFactory (oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory)4
ResponseType (oasis.names.tc.xacml._3_0.core.schema.wd_17.ResponseType)4
File (java.io.File)3
StringWriter (java.io.StringWriter)3
Writer (java.io.Writer)3
HashMap (java.util.HashMap)3
List (java.util.List)3
JAXBContext (javax.xml.bind.JAXBContext)3
Marshaller (javax.xml.bind.Marshaller)3
XmlParser (org.codice.ddf.parser.xml.XmlParser)3
KeyValuePermission (ddf.security.permission.KeyValuePermission)2
PdpException (ddf.security.pdp.realm.xacml.processor.PdpException)1
CollectionPermission (ddf.security.permission.CollectionPermission)1
