use of org.jboss.security.xacml.core.model.policy.ConditionType in project opencast by opencast.
the class XACMLUtils method getXacml.
/**
* Builds an xml string containing the xacml for the mediapackage.
*
* @param mediapackage
* the mediapackage
* @param accessControlList
* the tuples of roles to actions
* @return
* @throws JAXBException
*/
public static String getXacml(MediaPackage mediapackage, AccessControlList accessControlList) throws JAXBException {
ObjectFactory jbossXacmlObjectFactory = new ObjectFactory();
PolicyType policy = new PolicyType();
policy.setPolicyId(mediapackage.getIdentifier().toString());
policy.setVersion("2.0");
policy.setRuleCombiningAlgId(XACMLUtils.RULE_COMBINING_ALG);
// TODO: Add target/resources to rule
TargetType policyTarget = new TargetType();
ResourcesType resources = new ResourcesType();
ResourceType resource = new ResourceType();
ResourceMatchType resourceMatch = new ResourceMatchType();
resourceMatch.setMatchId(XACMLUtils.XACML_STRING_EQUAL);
AttributeValueType resourceAttributeValue = new AttributeValueType();
resourceAttributeValue.setDataType(XACMLUtils.W3C_STRING);
resourceAttributeValue.getContent().add(mediapackage.getIdentifier().toString());
AttributeDesignatorType resourceDesignator = new AttributeDesignatorType();
resourceDesignator.setAttributeId(XACMLUtils.RESOURCE_IDENTIFIER);
resourceDesignator.setDataType(XACMLUtils.W3C_STRING);
// now go back up the tree
resourceMatch.setResourceAttributeDesignator(resourceDesignator);
resourceMatch.setAttributeValue(resourceAttributeValue);
resource.getResourceMatch().add(resourceMatch);
resources.getResource().add(resource);
policyTarget.setResources(resources);
policy.setTarget(policyTarget);
// Loop over roleActions and add a rule for each
for (AccessControlEntry ace : accessControlList.getEntries()) {
boolean allow = ace.isAllow();
RuleType rule = new RuleType();
rule.setRuleId(ace.getRole() + "_" + ace.getAction() + (allow ? "_Permit" : "_Deny"));
if (allow) {
rule.setEffect(EffectType.PERMIT);
} else {
rule.setEffect(EffectType.DENY);
}
TargetType target = new TargetType();
ActionsType actions = new ActionsType();
ActionType action = new ActionType();
ActionMatchType actionMatch = new ActionMatchType();
actionMatch.setMatchId(XACMLUtils.XACML_STRING_EQUAL);
AttributeValueType attributeValue = new AttributeValueType();
attributeValue.setDataType(XACMLUtils.W3C_STRING);
attributeValue.getContent().add(ace.getAction());
AttributeDesignatorType designator = new AttributeDesignatorType();
designator.setAttributeId(XACMLUtils.ACTION_IDENTIFIER);
designator.setDataType(XACMLUtils.W3C_STRING);
// now go back up the tree
actionMatch.setActionAttributeDesignator(designator);
actionMatch.setAttributeValue(attributeValue);
action.getActionMatch().add(actionMatch);
actions.getAction().add(action);
target.setActions(actions);
rule.setTarget(target);
ConditionType condition = new ConditionType();
ApplyType apply = new ApplyType();
apply.setFunctionId(XACMLUtils.XACML_STRING_IS_IN);
AttributeValueType conditionAttributeValue = new AttributeValueType();
conditionAttributeValue.setDataType(XACMLUtils.W3C_STRING);
conditionAttributeValue.getContent().add(ace.getRole());
SubjectAttributeDesignatorType subjectDesignator = new SubjectAttributeDesignatorType();
subjectDesignator.setDataType(XACMLUtils.W3C_STRING);
subjectDesignator.setAttributeId(XACMLUtils.SUBJECT_ROLE_IDENTIFIER);
apply.getExpression().add(jbossXacmlObjectFactory.createAttributeValue(conditionAttributeValue));
apply.getExpression().add(jbossXacmlObjectFactory.createSubjectAttributeDesignator(subjectDesignator));
condition.setExpression(jbossXacmlObjectFactory.createApply(apply));
rule.setCondition(condition);
policy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
}
// Add the global deny rule
RuleType deny = new RuleType();
deny.setEffect(EffectType.DENY);
deny.setRuleId("DenyRule");
policy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(deny);
// serialize to xml
StringWriter writer = new StringWriter();
XACMLUtils.jBossXacmlJaxbContext.createMarshaller().marshal(jbossXacmlObjectFactory.createPolicy(policy), writer);
return writer.getBuffer().toString();
}
Aggregations