Example 11 with RequestType
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType in project ddf by codice.
the class XacmlClientTest method testEvaluateroleuseractionquerycitizenshipUS.
@Test
public void testEvaluateroleuseractionquerycitizenshipUS() throws Exception {
LOGGER.debug("\n\n\n##### testEvaluate_role_user_action_query_citizenship_US");
// Setup
File destDir = folder.newFolder(TEMP_DIR_NAME);
LOGGER.debug("Making directory: {}", destDir.getPath());
if (destDir.mkdir()) {
File srcFile = new File(projectHome + File.separator + RELATIVE_POLICIES_DIR + File.separator + POLICY_FILE);
FileUtils.copyFileToDirectory(srcFile, destDir);
RequestType xacmlRequestType = new RequestType();
xacmlRequestType.setCombinedDecision(false);
xacmlRequestType.setReturnPolicyIdList(false);
AttributesType actionAttributes = new AttributesType();
actionAttributes.setCategory(ACTION_CATEGORY);
AttributeType actionAttribute = new AttributeType();
actionAttribute.setAttributeId(ACTION_ID);
actionAttribute.setIncludeInResult(false);
AttributeValueType actionValue = new AttributeValueType();
actionValue.setDataType(STRING_DATA_TYPE);
actionValue.getContent().add(QUERY_ACTION);
actionAttribute.getAttributeValue().add(actionValue);
actionAttributes.getAttribute().add(actionAttribute);
AttributesType subjectAttributes = new AttributesType();
subjectAttributes.setCategory(SUBJECT_CATEGORY);
AttributeType subjectAttribute = new AttributeType();
subjectAttribute.setAttributeId(SUBJECT_ID);
subjectAttribute.setIncludeInResult(false);
AttributeValueType subjectValue = new AttributeValueType();
subjectValue.setDataType(STRING_DATA_TYPE);
subjectValue.getContent().add(TEST_USER_1);
subjectAttribute.getAttributeValue().add(subjectValue);
subjectAttributes.getAttribute().add(subjectAttribute);
AttributeType roleAttribute = new AttributeType();
roleAttribute.setAttributeId(ROLE_CLAIM);
roleAttribute.setIncludeInResult(false);
AttributeValueType roleValue = new AttributeValueType();
roleValue.setDataType(STRING_DATA_TYPE);
roleValue.getContent().add(ROLE);
roleAttribute.getAttributeValue().add(roleValue);
subjectAttributes.getAttribute().add(roleAttribute);
AttributesType categoryAttributes = new AttributesType();
categoryAttributes.setCategory(PERMISSIONS_CATEGORY);
AttributeType citizenshipAttribute = new AttributeType();
citizenshipAttribute.setAttributeId(CITIZENSHIP_ATTRIBUTE);
citizenshipAttribute.setIncludeInResult(false);
AttributeValueType citizenshipValue = new AttributeValueType();
citizenshipValue.setDataType(STRING_DATA_TYPE);
citizenshipValue.getContent().add(US_COUNTRY);
citizenshipAttribute.getAttributeValue().add(citizenshipValue);
categoryAttributes.getAttribute().add(citizenshipAttribute);
xacmlRequestType.getAttributes().add(actionAttributes);
xacmlRequestType.getAttributes().add(subjectAttributes);
xacmlRequestType.getAttributes().add(categoryAttributes);
XacmlClient pdp = new XacmlClient(destDir.getCanonicalPath(), new XmlParser());
// Perform Test
ResponseType xacmlResponse = pdp.evaluate(xacmlRequestType);
// Verify
JAXBContext jaxbContext = JAXBContext.newInstance(ResponseType.class);
Marshaller marshaller = jaxbContext.createMarshaller();
ObjectFactory objectFactory = new ObjectFactory();
Writer writer = new StringWriter();
marshaller.marshal(objectFactory.createResponse(xacmlResponse), writer);
LOGGER.debug("\nXACML 3.0 Response:\n{}", writer.toString());
assertEquals(xacmlResponse.getResult().get(0).getDecision(), DecisionType.PERMIT);
// Cleanup
LOGGER.debug("Deleting directory: {}", destDir);
FileUtils.deleteDirectory(destDir);
} else {
LOGGER.debug("Could not create directory: {}", destDir);
}
}
Also used :
XmlParser(org.codice.ddf.parser.xml.XmlParser)
Marshaller(javax.xml.bind.Marshaller)
AttributeValueType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType)
JAXBContext(javax.xml.bind.JAXBContext)
ResponseType(oasis.names.tc.xacml._3_0.core.schema.wd_17.ResponseType)
ObjectFactory(oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory)
StringWriter(java.io.StringWriter)
AttributeType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeType)
AttributesType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributesType)
File(java.io.File)
StringWriter(java.io.StringWriter)
Writer(java.io.Writer)
RequestType(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)
Test(org.junit.Test)
Example 12 with RequestType
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType in project ddf by codice.
the class XacmlPdpTest method testActionGoodCountry.
@Test
public void testActionGoodCountry() {
RequestType request = testRealm.createXACMLRequest(USER_NAME, generateSubjectInfo(TEST_COUNTRY), new KeyValueCollectionPermission(QUERY_ACTION));
assertTrue(testRealm.isPermitted(request));
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
RequestType(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)
Test(org.junit.Test)
Example 13 with RequestType
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType in project ddf by codice.
the class XacmlPdpTest method testActionGoodSiteName.
@Test
public void testActionGoodSiteName() {
SimpleAuthorizationInfo blankUserInfo = new SimpleAuthorizationInfo(new HashSet<String>());
blankUserInfo.setObjectPermissions(new HashSet<Permission>());
RequestType request = testRealm.createXACMLRequest(USER_NAME, blankUserInfo, new KeyValueCollectionPermission(SITE_NAME_ACTION));
assertTrue(testRealm.isPermitted(request));
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo)
CollectionPermission(ddf.security.permission.CollectionPermission)
KeyValuePermission(ddf.security.permission.KeyValuePermission)
Permission(org.apache.shiro.authz.Permission)
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
RequestType(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)
Test(org.junit.Test)
Example 14 with RequestType
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType in project ddf by codice.
the class XacmlPdpTest method testSameAccessRedaction.
@Test
public void testSameAccessRedaction() throws PdpException {
HashMap<String, List<String>> security = new HashMap<String, List<String>>();
security.put(RESOURCE_ACCESS, Arrays.asList(ACCESS_TYPE_A, ACCESS_TYPE_B));
KeyValueCollectionPermission resourcePermissions = new KeyValueCollectionPermission(CollectionPermission.READ_ACTION, security);
RequestType request = testRealm.createXACMLRequest(USER_NAME, generateSubjectInfo(TEST_COUNTRY), resourcePermissions);
assertTrue(testRealm.isPermitted(request));
}
Also used :
KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
List(java.util.List)
RequestType(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)
Test(org.junit.Test)
Example 15 with RequestType
use of oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType in project ddf by codice.
the class XacmlPdp method isPermitted.
public boolean isPermitted(String primaryPrincipal, AuthorizationInfo info, KeyValueCollectionPermission curPermission) {
boolean curResponse;
LOGGER.debug("Checking if {} has access for action {}", primaryPrincipal, curPermission.getAction());
SecurityLogger.audit("Checking if [" + primaryPrincipal + "] has access for action " + curPermission.getAction());
if (CollectionUtils.isEmpty(info.getObjectPermissions()) && CollectionUtils.isEmpty(info.getStringPermissions()) && CollectionUtils.isEmpty(info.getRoles()) && !CollectionUtils.isEmpty(curPermission.getKeyValuePermissionList())) {
return false;
}
if ((!CollectionUtils.isEmpty(info.getObjectPermissions()) || !CollectionUtils.isEmpty(info.getStringPermissions()) || !CollectionUtils.isEmpty(info.getRoles())) && CollectionUtils.isEmpty(curPermission.getKeyValuePermissionList())) {
return true;
}
LOGGER.debug("Received authZ info, creating XACML request.");
RequestType curRequest = createXACMLRequest(primaryPrincipal, info, curPermission);
LOGGER.debug("Created XACML request, calling PDP.");
curResponse = isPermitted(curRequest);
return curResponse;
}
Also used :
RequestType(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)
Aggregations
RequestType (oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType)14
Test (org.junit.Test)12
KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)9
AttributesType (oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributesType)6
AttributeType (oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeType)5
AttributeValueType (oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType)5
ArrayList (java.util.ArrayList)4
ObjectFactory (oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory)4
ResponseType (oasis.names.tc.xacml._3_0.core.schema.wd_17.ResponseType)4
File (java.io.File)3
StringWriter (java.io.StringWriter)3
Writer (java.io.Writer)3
HashMap (java.util.HashMap)3
List (java.util.List)3
JAXBContext (javax.xml.bind.JAXBContext)3
Marshaller (javax.xml.bind.Marshaller)3
XmlParser (org.codice.ddf.parser.xml.XmlParser)3
KeyValuePermission (ddf.security.permission.KeyValuePermission)2
PdpException (ddf.security.pdp.realm.xacml.processor.PdpException)1
CollectionPermission (ddf.security.permission.CollectionPermission)1
