Examples with ContextAttributeMapping org.codice.ddf.security.policy.context.attributes.ContextAttributeMapping used on opensource projects

Example 1 with ContextAttributeMapping

use of org.codice.ddf.security.policy.context.attributes.ContextAttributeMapping in project ddf by codice.

the class PolicyManager method setPolicyStore.

private void setPolicyStore(Map<String, String> allContextsToRealms, Map<String, List<String>> allContextsToAuths, Map<String, List<ContextAttributeMapping>> allContextsToAttrs) {
    //add default context values if they do not exist
    if (allContextsToRealms.get("/") == null) {
        allContextsToRealms.put("/", DEFAULT_REALM_CONTEXT_VALUE);
    }
    if (allContextsToAttrs.get("/") == null) {
        allContextsToAttrs.put("/", new ArrayList<ContextAttributeMapping>());
    }
    if (allContextsToAuths.get("/") == null) {
        allContextsToAuths.put("/", new ArrayList<String>());
    }
    //gather all given context paths
    Set<String> allContextPaths = new HashSet<>();
    allContextPaths.addAll(allContextsToRealms.keySet());
    allContextPaths.addAll(allContextsToAuths.keySet());
    allContextPaths.addAll(allContextsToAttrs.keySet());
    Map<String, ContextPolicy> newPolicyStore = new HashMap<>();
    newPolicyStore.put("/", defaultPolicy);
    //resolve all realms, authorization types & required attributes
    for (String path : allContextPaths) {
        String contextRealm = getContextRealm(path, allContextsToRealms);
        List<String> contextAuthTypes = getContextAuthTypes(path, allContextsToAuths);
        List<ContextAttributeMapping> contextReqAttrs = getContextReqAttrs(path, allContextsToAttrs);
        newPolicyStore.put(path, new Policy(path, contextRealm, contextAuthTypes, contextReqAttrs));
    }
    policyStore = newPolicyStore;
}

Example 2 with ContextAttributeMapping

use of org.codice.ddf.security.policy.context.attributes.ContextAttributeMapping in project ddf by codice.

the class Policy method toString.

@Override
public String toString() {
    StringBuilder sb = new StringBuilder();
    sb.append("Context Path: ");
    sb.append(contextPath);
    sb.append(", Authentication Methods: ");
    sb.append(Arrays.toString(authenticationMethods.toArray()));
    sb.append(", AttributeMapping: ");
    for (ContextAttributeMapping attriMap : attributeMappings) {
        sb.append(attriMap.toString());
    }
    return sb.toString();
}

Example 3 with ContextAttributeMapping

use of org.codice.ddf.security.policy.context.attributes.ContextAttributeMapping in project ddf by codice.

the class PolicyManager method setPolicies.

/**
 * Initializes the policy store. This method will be called every time the policy attributes
 * change. This will happen after the component has been initialized (see {@link #configure()} and
 * when an update is made to the {@code org.codice.ddf.security.policy.context.impl.PolicyManager}
 * configuration pid. <br>
 * See https://osgi.org/javadoc/r6/cmpn/org/osgi/service/cm/ManagedService.html for more details
 * on how and when this method may be called.
 *
 * @param properties map of properties to use to initialize the policy store. Since there is no
 *     configuration file bound to these properties by default, this map may be {@code null}.
 */
public void setPolicies(Map<String, Object> properties) {
    if (properties == null) {
        LOGGER.debug("setPolicies() called with null properties map. " + "Policy store should have already been initialized so ignoring.");
        LOGGER.debug("Policy Store already contains {} items", policyStore.size());
        return;
    }
    LOGGER.debug("setPolicies called: {}", properties);
    Map<String, ContextPolicy> originalPolicyStore = getPolicyStore();
    setGuestAccess((boolean) properties.get(GUEST_ACCESS));
    setSessionAccess((boolean) properties.get(SESSION_ACCESS));
    String webAuthTypes = (String) properties.get(WEB_AUTH_TYPES);
    String endpointAuthTypes = (String) properties.get(ENDPOINT_AUTH_TYPES);
    String[] attrContexts = (String[]) properties.get(REQ_ATTRS);
    String[] whiteList = (String[]) properties.get(WHITE_LIST);
    if (whiteList != null) {
        setWhiteListContexts(Arrays.asList(whiteList));
    }
    if (webAuthTypes != null && endpointAuthTypes != null && attrContexts != null) {
        Map<String, List<ContextAttributeMapping>> contextToAttr = new HashMap<>();
        List<String> attrContextList = new ArrayList<>();
        Collections.addAll(attrContextList, attrContexts);
        for (String attr : attrContextList) {
            int index = attr.indexOf('=');
            if (index < 1) {
                throw new IllegalArgumentException("Invalid attribute context: " + attr);
            }
            String context = attr.substring(0, index);
            String value = attr.substring(index + 1);
            if (StringUtils.isNotEmpty(context) && value != null) {
                if (value.startsWith("{") && value.endsWith("}")) {
                    if (value.length() == 2) {
                        value = "";
                    } else {
                        value = value.substring(1, value.length() - 1);
                    }
                }
                String[] attributes = value.split(";");
                List<ContextAttributeMapping> attrMaps = new ArrayList<>();
                for (String attribute : attributes) {
                    String[] parts = attribute.split("=");
                    if (parts.length == 2) {
                        attrMaps.add(new DefaultContextAttributeMapping(context, parts[0], parts[1]));
                    }
                }
                contextToAttr.put(context, attrMaps);
            }
        }
        this.contextToAttr = contextToAttr;
        if (contextToAuthFile == null) {
            Map<String, List<String>> contextToAuthMap = new HashMap<>();
            contextToAuthMap.put(ROOT_CONTEXT, Arrays.asList(webAuthTypes.split("\\|")));
            contextToAuthMap.put(SERVICES_CONTEXT, Arrays.asList(endpointAuthTypes.split("\\|")));
            contextToAuthConfig = contextToAuthMap;
            setPolicyStore(contextToAuthMap, contextToAttr);
        } else {
            setPolicyStore(contextToAuthFile, contextToAttr);
        }
    }
    LOGGER.debug("Policy store initialized, now contains {} entries", policyStore.size());
    securityLogger.audit("Policy store changed from:\n{} \nto:\n{}", originalPolicyStore, getPolicyStore());
}

Example 4 with ContextAttributeMapping

use of org.codice.ddf.security.policy.context.attributes.ContextAttributeMapping in project ddf by codice.

the class PolicyManager method setPolicyStore.

private void setPolicyStore(Map<String, List<String>> allContextsToAuths, Map<String, List<ContextAttributeMapping>> allContextsToAttrs) {
    // add default context values if they do not exist
    if (allContextsToAttrs.get(ROOT_CONTEXT) == null) {
        allContextsToAttrs.put(ROOT_CONTEXT, new ArrayList<>());
    }
    if (allContextsToAuths.get(ROOT_CONTEXT) == null) {
        allContextsToAuths.put(ROOT_CONTEXT, new ArrayList<>());
    }
    // gather all given context paths
    Set<String> allContextPaths = new HashSet<>();
    allContextPaths.addAll(allContextsToAuths.keySet());
    allContextPaths.addAll(allContextsToAttrs.keySet());
    Map<String, ContextPolicy> newPolicyStore = new HashMap<>();
    newPolicyStore.put(ROOT_CONTEXT, defaultPolicy);
    // resolve all authorization types & required attributes
    for (String path : allContextPaths) {
        List<String> contextAuthTypes = getContextAuthTypes(path, allContextsToAuths);
        List<ContextAttributeMapping> contextReqAttrs = getContextReqAttrs(path, allContextsToAttrs);
        newPolicyStore.put(path, new Policy(path, contextAuthTypes, contextReqAttrs));
    }
    policyStore = newPolicyStore;
}

Example 5 with ContextAttributeMapping

use of org.codice.ddf.security.policy.context.attributes.ContextAttributeMapping in project ddf by codice.

the class PolicyManager method copyContextPolicy.

/**
 * Duplicates the given context policy
 *
 * @param contextPolicy
 * @return copy of contextPolicy
 */
public ContextPolicy copyContextPolicy(ContextPolicy contextPolicy) {
    Collection<ContextAttributeMapping> copiedContextAttributes = new ArrayList<>();
    Collection<String> copiedAuthenticationMethods = new ArrayList<>();
    copiedAuthenticationMethods.addAll(contextPolicy.getAuthenticationMethods());
    copiedContextAttributes.addAll(contextPolicy.getAllowedAttributes().stream().map(contextAttribute -> new DefaultContextAttributeMapping(contextAttribute.getContext(), contextAttribute.getAttributeName(), contextAttribute.getAttributeValue())).collect(Collectors.toList()));
    return new Policy(contextPolicy.getContextPath(), copiedAuthenticationMethods, copiedContextAttributes);
}