Example 1 with AbstractRequestCtx
use of org.wso2.balana.ctx.AbstractRequestCtx in project carbon-identity-framework by wso2.
the class EntitlementEngine method evaluate.
/**
* Evaluates the given XACML request and returns the Response that the EntitlementEngine will
* hand back to the PEP. PEP needs construct the XACML request before sending it to the
* EntitlementEngine
*
* @param xacmlRequest XACML request as String
* @return XACML response as String
* @throws org.wso2.balana.ParsingException throws
* @throws org.wso2.carbon.identity.entitlement.EntitlementException throws
*/
public String evaluate(String xacmlRequest) throws EntitlementException, ParsingException {
if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_REQUEST)) {
log.debug("XACML Request : " + xacmlRequest);
}
String xacmlResponse;
if ((xacmlResponse = (String) getFromCache(xacmlRequest, false)) != null) {
if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_RESPONSE)) {
log.debug("XACML Response : " + xacmlResponse);
}
return xacmlResponse;
}
Map<PIPExtension, Properties> extensions = EntitlementServiceComponent.getEntitlementConfig().getExtensions();
if (extensions != null && !extensions.isEmpty()) {
PolicyRequestBuilder policyRequestBuilder = new PolicyRequestBuilder();
Element xacmlRequestElement = policyRequestBuilder.getXacmlRequest(xacmlRequest);
AbstractRequestCtx requestCtx = RequestCtxFactory.getFactory().getRequestCtx(xacmlRequestElement);
Set<PIPExtension> pipExtensions = extensions.keySet();
for (PIPExtension pipExtension : pipExtensions) {
pipExtension.update(requestCtx);
}
ResponseCtx responseCtx = pdp.evaluate(requestCtx);
xacmlResponse = responseCtx.encode();
} else {
xacmlResponse = pdp.evaluate(xacmlRequest);
}
addToCache(xacmlRequest, xacmlResponse, false);
if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_RESPONSE)) {
log.debug("XACML Response : " + xacmlResponse);
}
return xacmlResponse;
}
Also used :
AbstractRequestCtx(org.wso2.balana.ctx.AbstractRequestCtx)
PIPExtension(org.wso2.carbon.identity.entitlement.pip.PIPExtension)
Element(org.w3c.dom.Element)
Properties(java.util.Properties)
ResponseCtx(org.wso2.balana.ctx.ResponseCtx)
PolicyRequestBuilder(org.wso2.carbon.identity.entitlement.policy.PolicyRequestBuilder)
Example 2 with AbstractRequestCtx
use of org.wso2.balana.ctx.AbstractRequestCtx in project carbon-identity-framework by wso2.
the class PolicySearch method getResponse.
/**
* Helper method to get XACML decision
*
* @param requestAttributes XACML request attributes
* @return whether permit or deny
*/
private boolean getResponse(List<AttributeDTO> requestAttributes) {
ResponseCtx responseCtx;
AbstractRequestCtx requestCtx = EntitlementUtil.createRequestContext(requestAttributes);
responseCtx = EntitlementEngine.getInstance().evaluateByContext(requestCtx);
if (responseCtx != null) {
Set<AbstractResult> results = responseCtx.getResults();
for (AbstractResult result : results) {
if (result.getDecision() == AbstractResult.DECISION_PERMIT) {
return true;
}
}
}
return false;
}
Also used :
AbstractRequestCtx(org.wso2.balana.ctx.AbstractRequestCtx)
AbstractResult(org.wso2.balana.ctx.AbstractResult)
ResponseCtx(org.wso2.balana.ctx.ResponseCtx)
Example 3 with AbstractRequestCtx
use of org.wso2.balana.ctx.AbstractRequestCtx in project carbon-identity-framework by wso2.
the class EntitlementEngine method evaluateReturnResponseCtx.
/**
* Evaluates the given XACML request and returns the ResponseCtx Response that the EntitlementEngine will
* hand back to the PEP. PEP needs construct the XACML request before sending it to the
* EntitlementEngine
*
* @param xacmlRequest XACML request as String
* @return ResponseCtx response
* @throws org.wso2.balana.ParsingException throws
* @throws org.wso2.carbon.identity.entitlement.EntitlementException throws
* @throws javax.xml.parsers.ParserConfigurationException throws
* @throws org.xml.sax.SAXException throws
* @throws java.io.IOException throws
*/
public ResponseCtx evaluateReturnResponseCtx(String xacmlRequest) throws EntitlementException, ParsingException, ParserConfigurationException, SAXException, IOException {
if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_REQUEST)) {
log.debug("XACML Request : " + xacmlRequest);
}
String xacmlResponse;
ResponseCtx responseCtx;
if ((xacmlResponse = (String) getFromCache(xacmlRequest, false)) != null) {
if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_RESPONSE)) {
log.debug("XACML Response : " + xacmlResponse);
}
DocumentBuilderFactory documentBuilderFactory = IdentityUtil.getSecuredDocumentBuilderFactory();
Element node = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(xacmlResponse.getBytes())).getDocumentElement();
return (ResponseCtx.getInstance(node));
}
Map<PIPExtension, Properties> extensions = EntitlementServiceComponent.getEntitlementConfig().getExtensions();
if (extensions != null && !extensions.isEmpty()) {
PolicyRequestBuilder policyRequestBuilder = new PolicyRequestBuilder();
Element xacmlRequestElement = policyRequestBuilder.getXacmlRequest(xacmlRequest);
AbstractRequestCtx requestCtx = RequestCtxFactory.getFactory().getRequestCtx(xacmlRequestElement);
Set<PIPExtension> pipExtensions = extensions.keySet();
for (PIPExtension pipExtension : pipExtensions) {
pipExtension.update(requestCtx);
}
responseCtx = pdp.evaluate(requestCtx);
} else {
responseCtx = pdp.evaluateReturnResponseCtx(xacmlRequest);
}
xacmlResponse = responseCtx.encode();
addToCache(xacmlRequest, xacmlResponse, false);
if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_RESPONSE)) {
log.debug("XACML Response : " + xacmlResponse);
}
return responseCtx;
}
Also used :
DocumentBuilderFactory(javax.xml.parsers.DocumentBuilderFactory)
AbstractRequestCtx(org.wso2.balana.ctx.AbstractRequestCtx)
ByteArrayInputStream(java.io.ByteArrayInputStream)
PIPExtension(org.wso2.carbon.identity.entitlement.pip.PIPExtension)
Element(org.w3c.dom.Element)
Properties(java.util.Properties)
ResponseCtx(org.wso2.balana.ctx.ResponseCtx)
PolicyRequestBuilder(org.wso2.carbon.identity.entitlement.policy.PolicyRequestBuilder)
Example 4 with AbstractRequestCtx
use of org.wso2.balana.ctx.AbstractRequestCtx in project carbon-identity-framework by wso2.
the class EntitlementEngine method evaluate.
/**
* Evaluates the given XACML request and returns the Response
*
* @param requestCtx Balana Object model for request
* @param xacmlRequest Balana Object model for request
* @return ResponseCtx Balana Object model for response
*/
public ResponseCtx evaluate(AbstractRequestCtx requestCtx, String xacmlRequest) {
if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_REQUEST)) {
log.debug("XACML Request : " + xacmlRequest);
}
ResponseCtx xacmlResponse;
if ((xacmlResponse = (ResponseCtx) getFromCache(xacmlRequest, false)) != null) {
if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_RESPONSE)) {
log.debug("XACML Response : " + xacmlResponse);
}
return xacmlResponse;
}
xacmlResponse = pdp.evaluate(requestCtx);
addToCache(xacmlRequest, xacmlResponse, false);
if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_RESPONSE)) {
log.debug("XACML Response : " + xacmlResponse);
}
return xacmlResponse;
}
Also used :
ResponseCtx(org.wso2.balana.ctx.ResponseCtx)
Aggregations
ResponseCtx (org.wso2.balana.ctx.ResponseCtx)4
AbstractRequestCtx (org.wso2.balana.ctx.AbstractRequestCtx)3
Properties (java.util.Properties)2
Element (org.w3c.dom.Element)2
PIPExtension (org.wso2.carbon.identity.entitlement.pip.PIPExtension)2
PolicyRequestBuilder (org.wso2.carbon.identity.entitlement.policy.PolicyRequestBuilder)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
DocumentBuilderFactory (javax.xml.parsers.DocumentBuilderFactory)1
AbstractResult (org.wso2.balana.ctx.AbstractResult)1
