Search in sources :

Example 1 with SubjectAttributeDesignatorType

use of org.jboss.security.xacml.core.model.policy.SubjectAttributeDesignatorType in project opencast by opencast.

the class XACMLUtils method getXacml.

/**
 * Builds an xml string containing the xacml for the mediapackage.
 *
 * @param mediapackage
 *          the mediapackage
 * @param accessControlList
 *          the tuples of roles to actions
 * @return
 * @throws JAXBException
 */
public static String getXacml(MediaPackage mediapackage, AccessControlList accessControlList) throws JAXBException {
    ObjectFactory jbossXacmlObjectFactory = new ObjectFactory();
    PolicyType policy = new PolicyType();
    policy.setPolicyId(mediapackage.getIdentifier().toString());
    policy.setVersion("2.0");
    policy.setRuleCombiningAlgId(XACMLUtils.RULE_COMBINING_ALG);
    // TODO: Add target/resources to rule
    TargetType policyTarget = new TargetType();
    ResourcesType resources = new ResourcesType();
    ResourceType resource = new ResourceType();
    ResourceMatchType resourceMatch = new ResourceMatchType();
    resourceMatch.setMatchId(XACMLUtils.XACML_STRING_EQUAL);
    AttributeValueType resourceAttributeValue = new AttributeValueType();
    resourceAttributeValue.setDataType(XACMLUtils.W3C_STRING);
    resourceAttributeValue.getContent().add(mediapackage.getIdentifier().toString());
    AttributeDesignatorType resourceDesignator = new AttributeDesignatorType();
    resourceDesignator.setAttributeId(XACMLUtils.RESOURCE_IDENTIFIER);
    resourceDesignator.setDataType(XACMLUtils.W3C_STRING);
    // now go back up the tree
    resourceMatch.setResourceAttributeDesignator(resourceDesignator);
    resourceMatch.setAttributeValue(resourceAttributeValue);
    resource.getResourceMatch().add(resourceMatch);
    resources.getResource().add(resource);
    policyTarget.setResources(resources);
    policy.setTarget(policyTarget);
    // Loop over roleActions and add a rule for each
    for (AccessControlEntry ace : accessControlList.getEntries()) {
        boolean allow = ace.isAllow();
        RuleType rule = new RuleType();
        rule.setRuleId(ace.getRole() + "_" + ace.getAction() + (allow ? "_Permit" : "_Deny"));
        if (allow) {
            rule.setEffect(EffectType.PERMIT);
        } else {
            rule.setEffect(EffectType.DENY);
        }
        TargetType target = new TargetType();
        ActionsType actions = new ActionsType();
        ActionType action = new ActionType();
        ActionMatchType actionMatch = new ActionMatchType();
        actionMatch.setMatchId(XACMLUtils.XACML_STRING_EQUAL);
        AttributeValueType attributeValue = new AttributeValueType();
        attributeValue.setDataType(XACMLUtils.W3C_STRING);
        attributeValue.getContent().add(ace.getAction());
        AttributeDesignatorType designator = new AttributeDesignatorType();
        designator.setAttributeId(XACMLUtils.ACTION_IDENTIFIER);
        designator.setDataType(XACMLUtils.W3C_STRING);
        // now go back up the tree
        actionMatch.setActionAttributeDesignator(designator);
        actionMatch.setAttributeValue(attributeValue);
        action.getActionMatch().add(actionMatch);
        actions.getAction().add(action);
        target.setActions(actions);
        rule.setTarget(target);
        ConditionType condition = new ConditionType();
        ApplyType apply = new ApplyType();
        apply.setFunctionId(XACMLUtils.XACML_STRING_IS_IN);
        AttributeValueType conditionAttributeValue = new AttributeValueType();
        conditionAttributeValue.setDataType(XACMLUtils.W3C_STRING);
        conditionAttributeValue.getContent().add(ace.getRole());
        SubjectAttributeDesignatorType subjectDesignator = new SubjectAttributeDesignatorType();
        subjectDesignator.setDataType(XACMLUtils.W3C_STRING);
        subjectDesignator.setAttributeId(XACMLUtils.SUBJECT_ROLE_IDENTIFIER);
        apply.getExpression().add(jbossXacmlObjectFactory.createAttributeValue(conditionAttributeValue));
        apply.getExpression().add(jbossXacmlObjectFactory.createSubjectAttributeDesignator(subjectDesignator));
        condition.setExpression(jbossXacmlObjectFactory.createApply(apply));
        rule.setCondition(condition);
        policy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
    }
    // Add the global deny rule
    RuleType deny = new RuleType();
    deny.setEffect(EffectType.DENY);
    deny.setRuleId("DenyRule");
    policy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(deny);
    // serialize to xml
    StringWriter writer = new StringWriter();
    XACMLUtils.jBossXacmlJaxbContext.createMarshaller().marshal(jbossXacmlObjectFactory.createPolicy(policy), writer);
    return writer.getBuffer().toString();
}
Also used : PolicyType(org.jboss.security.xacml.core.model.policy.PolicyType) ActionType(org.jboss.security.xacml.core.model.policy.ActionType) AttributeValueType(org.jboss.security.xacml.core.model.policy.AttributeValueType) AccessControlEntry(org.opencastproject.security.api.AccessControlEntry) ResourceType(org.jboss.security.xacml.core.model.policy.ResourceType) RuleType(org.jboss.security.xacml.core.model.policy.RuleType) SubjectAttributeDesignatorType(org.jboss.security.xacml.core.model.policy.SubjectAttributeDesignatorType) ActionsType(org.jboss.security.xacml.core.model.policy.ActionsType) ResourcesType(org.jboss.security.xacml.core.model.policy.ResourcesType) ApplyType(org.jboss.security.xacml.core.model.policy.ApplyType) ActionMatchType(org.jboss.security.xacml.core.model.policy.ActionMatchType) ObjectFactory(org.jboss.security.xacml.core.model.policy.ObjectFactory) AttributeDesignatorType(org.jboss.security.xacml.core.model.policy.AttributeDesignatorType) SubjectAttributeDesignatorType(org.jboss.security.xacml.core.model.policy.SubjectAttributeDesignatorType) StringWriter(java.io.StringWriter) ResourceMatchType(org.jboss.security.xacml.core.model.policy.ResourceMatchType) TargetType(org.jboss.security.xacml.core.model.policy.TargetType) ConditionType(org.jboss.security.xacml.core.model.policy.ConditionType)

Aggregations

StringWriter (java.io.StringWriter)1 ActionMatchType (org.jboss.security.xacml.core.model.policy.ActionMatchType)1 ActionType (org.jboss.security.xacml.core.model.policy.ActionType)1 ActionsType (org.jboss.security.xacml.core.model.policy.ActionsType)1 ApplyType (org.jboss.security.xacml.core.model.policy.ApplyType)1 AttributeDesignatorType (org.jboss.security.xacml.core.model.policy.AttributeDesignatorType)1 AttributeValueType (org.jboss.security.xacml.core.model.policy.AttributeValueType)1 ConditionType (org.jboss.security.xacml.core.model.policy.ConditionType)1 ObjectFactory (org.jboss.security.xacml.core.model.policy.ObjectFactory)1 PolicyType (org.jboss.security.xacml.core.model.policy.PolicyType)1 ResourceMatchType (org.jboss.security.xacml.core.model.policy.ResourceMatchType)1 ResourceType (org.jboss.security.xacml.core.model.policy.ResourceType)1 ResourcesType (org.jboss.security.xacml.core.model.policy.ResourcesType)1 RuleType (org.jboss.security.xacml.core.model.policy.RuleType)1 SubjectAttributeDesignatorType (org.jboss.security.xacml.core.model.policy.SubjectAttributeDesignatorType)1 TargetType (org.jboss.security.xacml.core.model.policy.TargetType)1 AccessControlEntry (org.opencastproject.security.api.AccessControlEntry)1