Search in sources :

Example 1 with SubjectType

use of org.opensaml.xacml.ctx.SubjectType in project cxf by apache.

the class SamlRequestComponentBuilderTest method testCreateXACMLSamlAuthzQueryRequest.

@org.junit.Test
public void testCreateXACMLSamlAuthzQueryRequest() throws Exception {
    Document doc = docBuilder.newDocument();
    // 
    // Create XACML request
    // 
    // Subject
    AttributeValueType subjectIdAttributeValue = RequestComponentBuilder.createAttributeValueType("alice-user@apache.org");
    AttributeType subjectIdAttribute = RequestComponentBuilder.createAttributeType(XACMLConstants.SUBJECT_ID, XACMLConstants.RFC_822_NAME, null, Collections.singletonList(subjectIdAttributeValue));
    AttributeValueType subjectGroupAttributeValue = RequestComponentBuilder.createAttributeValueType("manager");
    AttributeType subjectGroupAttribute = RequestComponentBuilder.createAttributeType(XACMLConstants.SUBJECT_ROLE, XACMLConstants.XS_ANY_URI, "admin-user@apache.org", Collections.singletonList(subjectGroupAttributeValue));
    List<AttributeType> attributes = new ArrayList<>();
    attributes.add(subjectIdAttribute);
    attributes.add(subjectGroupAttribute);
    SubjectType subject = RequestComponentBuilder.createSubjectType(attributes, null);
    // Resource
    AttributeValueType resourceAttributeValue = RequestComponentBuilder.createAttributeValueType("{http://www.example.org/contract/DoubleIt}DoubleIt");
    AttributeType resourceAttribute = RequestComponentBuilder.createAttributeType(XACMLConstants.RESOURCE_ID, XACMLConstants.XS_STRING, null, Collections.singletonList(resourceAttributeValue));
    attributes.clear();
    attributes.add(resourceAttribute);
    ResourceType resource = RequestComponentBuilder.createResourceType(attributes, null);
    // Action
    AttributeValueType actionAttributeValue = RequestComponentBuilder.createAttributeValueType("execute");
    AttributeType actionAttribute = RequestComponentBuilder.createAttributeType(XACMLConstants.ACTION_ID, XACMLConstants.XS_STRING, null, Collections.singletonList(actionAttributeValue));
    attributes.clear();
    attributes.add(actionAttribute);
    ActionType action = RequestComponentBuilder.createActionType(attributes);
    // Request
    RequestType request = RequestComponentBuilder.createRequestType(Collections.singletonList(subject), Collections.singletonList(resource), action, null);
    // 
    // Create SAML wrapper
    // 
    XACMLAuthzDecisionQueryType authzQuery = SamlRequestComponentBuilder.createAuthzDecisionQuery("Issuer", request, SAMLProfileConstants.SAML20XACML20P_NS);
    Element policyElement = OpenSAMLUtil.toDom(authzQuery, doc);
    // String outputString = DOM2Writer.nodeToString(policyElement);
    assertNotNull(policyElement);
}
Also used : SubjectType(org.opensaml.xacml.ctx.SubjectType) ActionType(org.opensaml.xacml.ctx.ActionType) XACMLAuthzDecisionQueryType(org.opensaml.xacml.profile.saml.XACMLAuthzDecisionQueryType) AttributeValueType(org.opensaml.xacml.ctx.AttributeValueType) AttributeType(org.opensaml.xacml.ctx.AttributeType) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) ResourceType(org.opensaml.xacml.ctx.ResourceType) Document(org.w3c.dom.Document) RequestType(org.opensaml.xacml.ctx.RequestType)

Example 2 with SubjectType

use of org.opensaml.xacml.ctx.SubjectType in project cxf by apache.

the class DefaultXACMLRequestBuilder method createRequest.

/**
 * Create an XACML Request given a Principal, list of roles and Message.
 */
public RequestType createRequest(Principal principal, List<String> roles, Message message) throws Exception {
    CXFMessageParser messageParser = new CXFMessageParser(message);
    String issuer = messageParser.getIssuer();
    String actionToUse = messageParser.getAction(action);
    SubjectType subjectType = createSubjectType(principal, roles, issuer);
    ResourceType resourceType = createResourceType(messageParser);
    AttributeType actionAttribute = createAttribute(XACMLConstants.ACTION_ID, XACMLConstants.XS_STRING, null, actionToUse);
    ActionType actionType = RequestComponentBuilder.createActionType(Collections.singletonList(actionAttribute));
    return RequestComponentBuilder.createRequestType(Collections.singletonList(subjectType), Collections.singletonList(resourceType), actionType, createEnvironmentType());
}
Also used : CXFMessageParser(org.apache.cxf.rt.security.saml.xacml.CXFMessageParser) SubjectType(org.opensaml.xacml.ctx.SubjectType) ActionType(org.opensaml.xacml.ctx.ActionType) AttributeType(org.opensaml.xacml.ctx.AttributeType) ResourceType(org.opensaml.xacml.ctx.ResourceType)

Example 3 with SubjectType

use of org.opensaml.xacml.ctx.SubjectType in project cxf by apache.

the class RequestComponentBuilderTest method testEnvironment.

@org.junit.Test
public void testEnvironment() throws Exception {
    Document doc = docBuilder.newDocument();
    // Subject
    AttributeValueType subjectIdAttributeValue = RequestComponentBuilder.createAttributeValueType("alice-user@apache.org");
    AttributeType subjectIdAttribute = RequestComponentBuilder.createAttributeType(XACMLConstants.SUBJECT_ID, XACMLConstants.RFC_822_NAME, null, Collections.singletonList(subjectIdAttributeValue));
    List<AttributeType> attributes = new ArrayList<>();
    attributes.add(subjectIdAttribute);
    SubjectType subject = RequestComponentBuilder.createSubjectType(attributes, null);
    // Resource
    AttributeValueType resourceAttributeValue = RequestComponentBuilder.createAttributeValueType("{http://www.example.org/contract/DoubleIt}DoubleIt");
    AttributeType resourceAttribute = RequestComponentBuilder.createAttributeType(XACMLConstants.RESOURCE_ID, XACMLConstants.XS_STRING, null, Collections.singletonList(resourceAttributeValue));
    attributes.clear();
    attributes.add(resourceAttribute);
    ResourceType resource = RequestComponentBuilder.createResourceType(attributes, null);
    // Action
    AttributeValueType actionAttributeValue = RequestComponentBuilder.createAttributeValueType("execute");
    AttributeType actionAttribute = RequestComponentBuilder.createAttributeType(XACMLConstants.ACTION_ID, XACMLConstants.XS_STRING, null, Collections.singletonList(actionAttributeValue));
    attributes.clear();
    attributes.add(actionAttribute);
    ActionType action = RequestComponentBuilder.createActionType(attributes);
    // Environment
    DateTime dateTime = new DateTime();
    AttributeValueType environmentAttributeValue = RequestComponentBuilder.createAttributeValueType(dateTime.toString());
    AttributeType environmentAttribute = RequestComponentBuilder.createAttributeType(XACMLConstants.CURRENT_DATETIME, XACMLConstants.XS_DATETIME, null, Collections.singletonList(environmentAttributeValue));
    attributes.clear();
    attributes.add(environmentAttribute);
    EnvironmentType environmentType = RequestComponentBuilder.createEnvironmentType(attributes);
    // Request
    RequestType request = RequestComponentBuilder.createRequestType(Collections.singletonList(subject), Collections.singletonList(resource), action, environmentType);
    Element policyElement = OpenSAMLUtil.toDom(request, doc);
    // String outputString = DOM2Writer.nodeToString(policyElement);
    assertNotNull(policyElement);
}
Also used : SubjectType(org.opensaml.xacml.ctx.SubjectType) ActionType(org.opensaml.xacml.ctx.ActionType) EnvironmentType(org.opensaml.xacml.ctx.EnvironmentType) AttributeValueType(org.opensaml.xacml.ctx.AttributeValueType) AttributeType(org.opensaml.xacml.ctx.AttributeType) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) ResourceType(org.opensaml.xacml.ctx.ResourceType) Document(org.w3c.dom.Document) DateTime(org.joda.time.DateTime) RequestType(org.opensaml.xacml.ctx.RequestType)

Example 4 with SubjectType

use of org.opensaml.xacml.ctx.SubjectType in project cxf by apache.

the class RequestComponentBuilderTest method testCreateXACMLRequest.

@org.junit.Test
public void testCreateXACMLRequest() throws Exception {
    Document doc = docBuilder.newDocument();
    // Subject
    AttributeValueType subjectIdAttributeValue = RequestComponentBuilder.createAttributeValueType("alice-user@apache.org");
    AttributeType subjectIdAttribute = RequestComponentBuilder.createAttributeType(XACMLConstants.SUBJECT_ID, XACMLConstants.RFC_822_NAME, null, Collections.singletonList(subjectIdAttributeValue));
    AttributeValueType subjectGroupAttributeValue = RequestComponentBuilder.createAttributeValueType("manager");
    AttributeType subjectGroupAttribute = RequestComponentBuilder.createAttributeType(XACMLConstants.SUBJECT_ROLE, XACMLConstants.XS_ANY_URI, "admin-user@apache.org", Collections.singletonList(subjectGroupAttributeValue));
    List<AttributeType> attributes = new ArrayList<>();
    attributes.add(subjectIdAttribute);
    attributes.add(subjectGroupAttribute);
    SubjectType subject = RequestComponentBuilder.createSubjectType(attributes, null);
    // Resource
    AttributeValueType resourceAttributeValue = RequestComponentBuilder.createAttributeValueType("{http://www.example.org/contract/DoubleIt}DoubleIt");
    AttributeType resourceAttribute = RequestComponentBuilder.createAttributeType(XACMLConstants.RESOURCE_ID, XACMLConstants.XS_STRING, null, Collections.singletonList(resourceAttributeValue));
    attributes.clear();
    attributes.add(resourceAttribute);
    ResourceType resource = RequestComponentBuilder.createResourceType(attributes, null);
    // Action
    AttributeValueType actionAttributeValue = RequestComponentBuilder.createAttributeValueType("execute");
    AttributeType actionAttribute = RequestComponentBuilder.createAttributeType(XACMLConstants.ACTION_ID, XACMLConstants.XS_STRING, null, Collections.singletonList(actionAttributeValue));
    attributes.clear();
    attributes.add(actionAttribute);
    ActionType action = RequestComponentBuilder.createActionType(attributes);
    // Request
    RequestType request = RequestComponentBuilder.createRequestType(Collections.singletonList(subject), Collections.singletonList(resource), action, null);
    Element policyElement = OpenSAMLUtil.toDom(request, doc);
    // String outputString = DOM2Writer.nodeToString(policyElement);
    assertNotNull(policyElement);
}
Also used : SubjectType(org.opensaml.xacml.ctx.SubjectType) ActionType(org.opensaml.xacml.ctx.ActionType) AttributeValueType(org.opensaml.xacml.ctx.AttributeValueType) AttributeType(org.opensaml.xacml.ctx.AttributeType) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) ResourceType(org.opensaml.xacml.ctx.ResourceType) Document(org.w3c.dom.Document) RequestType(org.opensaml.xacml.ctx.RequestType)

Example 5 with SubjectType

use of org.opensaml.xacml.ctx.SubjectType in project cxf by apache.

the class RequestComponentBuilder method createSubjectType.

@SuppressWarnings("unchecked")
public static SubjectType createSubjectType(List<AttributeType> attributes, String subjectCategory) {
    if (subjectTypeBuilder == null) {
        subjectTypeBuilder = (XACMLObjectBuilder<SubjectType>) builderFactory.getBuilder(SubjectType.DEFAULT_ELEMENT_NAME);
    }
    SubjectType subject = subjectTypeBuilder.buildObject();
    if (attributes != null) {
        subject.getAttributes().addAll(attributes);
    }
    subject.setSubjectCategory(subjectCategory);
    return subject;
}
Also used : SubjectType(org.opensaml.xacml.ctx.SubjectType)

Aggregations

SubjectType (org.opensaml.xacml.ctx.SubjectType)5 ActionType (org.opensaml.xacml.ctx.ActionType)4 AttributeType (org.opensaml.xacml.ctx.AttributeType)4 ResourceType (org.opensaml.xacml.ctx.ResourceType)4 ArrayList (java.util.ArrayList)3 AttributeValueType (org.opensaml.xacml.ctx.AttributeValueType)3 RequestType (org.opensaml.xacml.ctx.RequestType)3 Document (org.w3c.dom.Document)3 Element (org.w3c.dom.Element)3 CXFMessageParser (org.apache.cxf.rt.security.saml.xacml.CXFMessageParser)1 DateTime (org.joda.time.DateTime)1 EnvironmentType (org.opensaml.xacml.ctx.EnvironmentType)1 XACMLAuthzDecisionQueryType (org.opensaml.xacml.profile.saml.XACMLAuthzDecisionQueryType)1