Example 11 with RequestType
use of org.opensaml.xacml.ctx.RequestType in project cxf by apache.
the class XACMLRequestBuilderTest method testAction.
@org.junit.Test
public void testAction() throws Exception {
// Mock up a request
Principal principal = new Principal() {
public String getName() {
return "alice";
}
};
String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
MessageImpl msg = new MessageImpl();
msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
String resourceURL = "https://localhost:8080/doubleit";
msg.put(Message.REQUEST_URI, resourceURL);
DefaultXACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
RequestType request = builder.createRequest(principal, Collections.singletonList("manager"), msg);
assertNotNull(request);
String action = request.getAction().getAttributes().get(0).getAttributeValues().get(0).getValue();
assertEquals("execute", action);
builder.setAction("write");
request = builder.createRequest(principal, Collections.singletonList("manager"), msg);
assertNotNull(request);
action = request.getAction().getAttributes().get(0).getAttributeValues().get(0).getValue();
assertEquals("write", action);
}
Also used :
MessageImpl(org.apache.cxf.message.MessageImpl)
Principal(java.security.Principal)
RequestType(org.opensaml.xacml.ctx.RequestType)
Example 12 with RequestType
use of org.opensaml.xacml.ctx.RequestType in project cxf by apache.
the class XACMLRequestBuilderTest method testSOAPResource.
@org.junit.Test
public void testSOAPResource() throws Exception {
// Mock up a request
Principal principal = new Principal() {
public String getName() {
return "alice";
}
};
String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
MessageImpl msg = new MessageImpl();
msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
String resourceURL = "https://localhost:8080/doubleit";
msg.put(Message.REQUEST_URL, resourceURL);
XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
RequestType request = builder.createRequest(principal, Collections.singletonList("manager"), msg);
assertNotNull(request);
List<ResourceType> resources = request.getResources();
assertNotNull(resources);
assertEquals(1, resources.size());
ResourceType resource = resources.get(0);
assertEquals(4, resource.getAttributes().size());
boolean resourceIdSatisfied = false;
boolean soapServiceSatisfied = false;
boolean soapOperationSatisfied = false;
boolean resourceURISatisfied = false;
for (AttributeType attribute : resource.getAttributes()) {
String attributeValue = attribute.getAttributeValues().get(0).getValue();
if (XACMLConstants.RESOURCE_ID.equals(attribute.getAttributeId()) && "{http://www.example.org/contract/DoubleIt}DoubleItService#DoubleIt".equals(attributeValue)) {
resourceIdSatisfied = true;
} else if (XACMLConstants.RESOURCE_WSDL_SERVICE_ID.equals(attribute.getAttributeId()) && service.equals(attributeValue)) {
soapServiceSatisfied = true;
} else if (XACMLConstants.RESOURCE_WSDL_OPERATION_ID.equals(attribute.getAttributeId()) && operation.equals(attributeValue)) {
soapOperationSatisfied = true;
} else if (XACMLConstants.RESOURCE_WSDL_ENDPOINT.equals(attribute.getAttributeId()) && resourceURL.equals(attributeValue)) {
resourceURISatisfied = true;
}
}
assertTrue(resourceIdSatisfied && soapServiceSatisfied && soapOperationSatisfied && resourceURISatisfied);
}
Also used :
AttributeType(org.opensaml.xacml.ctx.AttributeType)
ResourceType(org.opensaml.xacml.ctx.ResourceType)
MessageImpl(org.apache.cxf.message.MessageImpl)
Principal(java.security.Principal)
RequestType(org.opensaml.xacml.ctx.RequestType)
Example 13 with RequestType
use of org.opensaml.xacml.ctx.RequestType in project cxf by apache.
the class XACMLRequestBuilderTest method testXACMLRequestBuilder.
@org.junit.Test
public void testXACMLRequestBuilder() throws Exception {
// Mock up a request
Principal principal = new Principal() {
public String getName() {
return "alice";
}
};
String operation = "{http://www.example.org/contract/DoubleIt}DoubleIt";
MessageImpl msg = new MessageImpl();
msg.put(Message.WSDL_OPERATION, QName.valueOf(operation));
String service = "{http://www.example.org/contract/DoubleIt}DoubleItService";
msg.put(Message.WSDL_SERVICE, QName.valueOf(service));
String resourceURL = "https://localhost:8080/doubleit";
msg.put(Message.REQUEST_URI, resourceURL);
XACMLRequestBuilder builder = new DefaultXACMLRequestBuilder();
RequestType request = builder.createRequest(principal, Collections.singletonList("manager"), msg);
assertNotNull(request);
}
Also used :
MessageImpl(org.apache.cxf.message.MessageImpl)
Principal(java.security.Principal)
RequestType(org.opensaml.xacml.ctx.RequestType)
Example 14 with RequestType
use of org.opensaml.xacml.ctx.RequestType in project cxf by apache.
the class AbstractXACMLAuthorizingInterceptor method authorize.
/**
* Perform a (remote) authorization decision and return a boolean depending on the result
*/
protected boolean authorize(Principal principal, List<String> roles, Message message) throws Exception {
RequestType request = requestBuilder.createRequest(principal, roles, message);
if (LOG.isLoggable(Level.FINE)) {
Document doc = DOMUtils.createDocument();
Element requestElement = OpenSAMLUtil.toDom(request, doc);
LOG.log(Level.FINE, DOM2Writer.nodeToString(requestElement));
}
ResponseType response = performRequest(request, message);
List<ResultType> results = response.getResults();
if (results == null) {
return false;
}
for (ResultType result : results) {
// Handle any Obligations returned by the PDP
handleObligations(request, principal, message, result);
DECISION decision = result.getDecision() != null ? result.getDecision().getDecision() : DECISION.Deny;
String code = "";
String statusMessage = "";
if (result.getStatus() != null) {
StatusType status = result.getStatus();
code = status.getStatusCode() != null ? status.getStatusCode().getValue() : "";
statusMessage = status.getStatusMessage() != null ? status.getStatusMessage().getValue() : "";
}
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("XACML authorization result: " + decision + ", code: " + code + ", message: " + statusMessage);
}
return decision == DECISION.Permit;
}
return false;
}
Also used :
DECISION(org.opensaml.xacml.ctx.DecisionType.DECISION)
StatusType(org.opensaml.xacml.ctx.StatusType)
Element(org.w3c.dom.Element)
ResultType(org.opensaml.xacml.ctx.ResultType)
Document(org.w3c.dom.Document)
RequestType(org.opensaml.xacml.ctx.RequestType)
ResponseType(org.opensaml.xacml.ctx.ResponseType)
Aggregations
RequestType (org.opensaml.xacml.ctx.RequestType)14
Principal (java.security.Principal)7
MessageImpl (org.apache.cxf.message.MessageImpl)7
AttributeType (org.opensaml.xacml.ctx.AttributeType)7
ResourceType (org.opensaml.xacml.ctx.ResourceType)7
Document (org.w3c.dom.Document)5
Element (org.w3c.dom.Element)5
ArrayList (java.util.ArrayList)3
ActionType (org.opensaml.xacml.ctx.ActionType)3
AttributeValueType (org.opensaml.xacml.ctx.AttributeValueType)3
SubjectType (org.opensaml.xacml.ctx.SubjectType)3
ResponseType (org.opensaml.xacml.ctx.ResponseType)2
ResultType (org.opensaml.xacml.ctx.ResultType)2
StatusType (org.opensaml.xacml.ctx.StatusType)2
POST (javax.ws.rs.POST)1
Transformer (javax.xml.transform.Transformer)1
DOMResult (javax.xml.transform.dom.DOMResult)1
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)1
DateTime (org.joda.time.DateTime)1
XMLObjectBuilderFactory (org.opensaml.core.xml.XMLObjectBuilderFactory)1
