Search in sources :

Example 1 with AbstractResult

use of org.wso2.balana.ctx.AbstractResult in project carbon-identity-framework by wso2.

the class JSONResponseWriter method abstractResultToJSONObject.

/**
 * Private method to convert a given Balana <code>{@link AbstractResult}</code> to a <code>{@link JsonObject}</code>
 *
 * @param result <code>{@link AbstractResult}</code>
 * @return <code>{@link JsonObject}</code>
 * @throws ResponseWriteException <code>{@link ResponseWriteException}</code>
 */
private static JsonObject abstractResultToJSONObject(AbstractResult result) throws ResponseWriteException {
    JsonObject jsonResult = new JsonObject();
    // Decision property is mandatory, if not set throw error
    if (result.getDecision() == -1) {
        throw new ResponseWriteException(40031, "XACML Result should contain the Decision");
    }
    jsonResult.addProperty(EntitlementEndpointConstants.DECISION, AbstractResult.DECISIONS[result.getDecision()]);
    // If Status object is present, convert it
    if (result.getStatus() != null) {
        jsonResult.add(EntitlementEndpointConstants.STATUS, statusToJSONObject(result.getStatus()));
    }
    // If Obligations are present
    if (result.getObligations() != null && !result.getObligations().isEmpty()) {
        // can only get ObligationResult objects from balana
        JsonArray obligations = new JsonArray();
        for (ObligationResult obligation : result.getObligations()) {
            if (obligation instanceof Obligation) {
                obligations.add(obligationToJsonObject((Obligation) obligation));
            } else {
                obligations.add(new JsonPrimitive(obligation.encode()));
            }
        }
        jsonResult.add(EntitlementEndpointConstants.OBLIGATIONS, obligations);
    }
    // Do the same with attributes
    if (result.getAdvices() != null && !result.getAdvices().isEmpty()) {
        // can only get ObligationResult objects from balana
        JsonArray advices = new JsonArray();
        for (Advice advice : result.getAdvices()) {
            advices.add(adviceToJsonObject(advice));
        }
        jsonResult.add(EntitlementEndpointConstants.ASSOCIATED_ADVICE, advices);
    }
    // If includeInResponse=true, other attributes will be populated from here with the decision.
    if (((Result) result).getAttributes() != null && !((Result) result).getAttributes().isEmpty()) {
        Set<Attributes> attributes = ((Result) result).getAttributes();
        for (Attributes attribute : attributes) {
            switch(attribute.getCategory().toString()) {
                case EntitlementEndpointConstants.CATEGORY_ACTION_URI:
                    jsonResult.add(EntitlementEndpointConstants.CATEGORY_ACTION, getJsonObject(attribute));
                    break;
                case EntitlementEndpointConstants.CATEGORY_RESOURCE_URI:
                    jsonResult.add(EntitlementEndpointConstants.CATEGORY_RESOURCE, getJsonObject(attribute));
                    break;
                case EntitlementEndpointConstants.CATEGORY_ACCESS_SUBJECT_URI:
                    jsonResult.add(EntitlementEndpointConstants.CATEGORY_ACCESS_SUBJECT, getJsonObject(attribute));
                    break;
                case EntitlementEndpointConstants.CATEGORY_ENVIRONMENT_URI:
                    jsonResult.add(EntitlementEndpointConstants.CATEGORY_ENVIRONMENT, getJsonObject(attribute));
                    break;
                case EntitlementEndpointConstants.CATEGORY_RECIPIENT_SUBJECT_URI:
                    jsonResult.add(EntitlementEndpointConstants.CATEGORY_RECIPIENT_SUBJECT, getJsonObject(attribute));
                    break;
                case EntitlementEndpointConstants.CATEGORY_INTERMEDIARY_SUBJECT_URI:
                    jsonResult.add(EntitlementEndpointConstants.CATEGORY_INTERMEDIARY_SUBJECT, getJsonObject(attribute));
                    break;
                case EntitlementEndpointConstants.CATEGORY_CODEBASE_URI:
                    jsonResult.add(EntitlementEndpointConstants.CATEGORY_CODEBASE, getJsonObject(attribute));
                    break;
                case EntitlementEndpointConstants.CATEGORY_REQUESTING_MACHINE_URI:
                    jsonResult.add(EntitlementEndpointConstants.CATEGORY_REQUESTING_MACHINE, getJsonObject(attribute));
                    break;
                default:
                    jsonResult.add(attribute.getCategory().toString(), getJsonObject(attribute));
                    break;
            }
        }
    }
    return jsonResult;
}
Also used : JsonArray(com.google.gson.JsonArray) Obligation(org.wso2.balana.xacml3.Obligation) ResponseWriteException(org.wso2.carbon.identity.entitlement.endpoint.exception.ResponseWriteException) JsonPrimitive(com.google.gson.JsonPrimitive) ObligationResult(org.wso2.balana.ObligationResult) Attributes(org.wso2.balana.xacml3.Attributes) JsonObject(com.google.gson.JsonObject) Advice(org.wso2.balana.xacml3.Advice) AbstractResult(org.wso2.balana.ctx.AbstractResult) ObligationResult(org.wso2.balana.ObligationResult) Result(org.wso2.balana.ctx.xacml3.Result)

Example 2 with AbstractResult

use of org.wso2.balana.ctx.AbstractResult in project carbon-identity-framework by wso2.

the class TestJSONResponseWriter method testWriteWithObligations.

@Test
public void testWriteWithObligations() throws URISyntaxException {
    List<AttributeAssignment> assignments = new ArrayList<>();
    String content = "Error: Channel request is not WEB.";
    URI type = new URI("http://www.w3.org/2001/XMLSchema#string");
    URI attributeId = new URI("urn:oasis:names:tc:xacml:3.0:example:attribute:text");
    AttributeAssignment attributeAssignment = new AttributeAssignment(attributeId, type, null, content, null);
    assignments.add(attributeAssignment);
    List<ObligationResult> obligationResults = new ArrayList<>();
    ObligationResult obligationResult = new Obligation(assignments, new URI("channel_ko"));
    obligationResults.add(obligationResult);
    List<String> codes = new ArrayList<>();
    codes.add("urn:oasis:names:tc:xacml:1.0:status:ok");
    AbstractResult abstractResult = new Result(1, new Status(codes), obligationResults, null, null);
    ResponseCtx responseCtx = new ResponseCtx(abstractResult);
    JSONResponseWriter jsonResponseWriter = new JSONResponseWriter();
    try {
        JsonObject jsonObject = jsonResponseWriter.write(responseCtx);
        assertNotNull("Failed to build the XACML json response", jsonObject.toString());
        assertFalse("Failed to build the XACML json response", jsonObject.entrySet().isEmpty());
        for (Map.Entry<String, JsonElement> jsonElementEntry : jsonObject.entrySet()) {
            if (jsonElementEntry.getKey().equals("Response")) {
                JsonArray jsonArray = (JsonArray) jsonElementEntry.getValue();
                assertEquals("Failed to build the XACML json response with correct evaluation", jsonArray.get(0).getAsJsonObject().get("Decision").getAsString(), "Deny");
            }
        }
    } catch (ResponseWriteException e) {
        assertNull("Failed to build the XACML response", e);
    }
}
Also used : AttributeAssignment(org.wso2.balana.ctx.AttributeAssignment) Status(org.wso2.balana.ctx.Status) Obligation(org.wso2.balana.xacml3.Obligation) ResponseWriteException(org.wso2.carbon.identity.entitlement.endpoint.exception.ResponseWriteException) ArrayList(java.util.ArrayList) JsonObject(com.google.gson.JsonObject) URI(java.net.URI) ResponseCtx(org.wso2.balana.ctx.ResponseCtx) AbstractResult(org.wso2.balana.ctx.AbstractResult) ObligationResult(org.wso2.balana.ObligationResult) Result(org.wso2.balana.ctx.xacml3.Result) JsonArray(com.google.gson.JsonArray) ObligationResult(org.wso2.balana.ObligationResult) JsonElement(com.google.gson.JsonElement) AbstractResult(org.wso2.balana.ctx.AbstractResult) Map(java.util.Map) Test(org.testng.annotations.Test)

Example 3 with AbstractResult

use of org.wso2.balana.ctx.AbstractResult in project carbon-identity-framework by wso2.

the class PolicySearch method getResponse.

/**
 * Helper method to get XACML decision
 *
 * @param requestAttributes XACML request attributes
 * @return whether permit or deny
 */
private boolean getResponse(List<AttributeDTO> requestAttributes) {
    ResponseCtx responseCtx;
    AbstractRequestCtx requestCtx = EntitlementUtil.createRequestContext(requestAttributes);
    responseCtx = EntitlementEngine.getInstance().evaluateByContext(requestCtx);
    if (responseCtx != null) {
        Set<AbstractResult> results = responseCtx.getResults();
        for (AbstractResult result : results) {
            if (result.getDecision() == AbstractResult.DECISION_PERMIT) {
                return true;
            }
        }
    }
    return false;
}
Also used : AbstractRequestCtx(org.wso2.balana.ctx.AbstractRequestCtx) AbstractResult(org.wso2.balana.ctx.AbstractResult) ResponseCtx(org.wso2.balana.ctx.ResponseCtx)

Example 4 with AbstractResult

use of org.wso2.balana.ctx.AbstractResult in project carbon-identity-framework by wso2.

the class JSONResponseWriter method write.

/**
 * Returns <code>JsonObject</code> created by parsing the contents of a given
 * Balana <code>{@link ResponseCtx}</code>
 *
 * @param response <code>{@link ResponseCtx}</code>
 * @return <code>{@link JsonObject}</code> with parsed properties
 * @throws ResponseWriteException <code>{@link ResponseWriteException}</code>
 */
public static JsonObject write(ResponseCtx response) throws ResponseWriteException {
    JsonObject responseWrap = new JsonObject();
    // JsonObject jsonResponse = new JsonObject();
    JsonArray results = new JsonArray();
    Properties properties = EntitlementUtil.getPropertiesFromEntitlementConfig();
    if (properties != null) {
        if (Boolean.parseBoolean(properties.getProperty(PDPConstants.XACML_JSON_SHORT_FORM_ENABLED))) {
            xacmlJSONProfileShortFormEnable = true;
        }
    }
    // There should be at least 1 request
    if (response.getResults().size() < 1) {
        throw new ResponseWriteException(40032, "XACML response should contain at least 1 Result");
    }
    for (AbstractResult result : response.getResults()) {
        /* AbstractResult type does not contain PolicyIdentifierList, as per XACML 3.0, the PolicyIdentifier is
            optional. Hence, Result type is not used. */
        results.add(abstractResultToJSONObject(result));
    }
    responseWrap.add(EntitlementEndpointConstants.RESPONSE, results);
    return responseWrap;
}
Also used : JsonArray(com.google.gson.JsonArray) ResponseWriteException(org.wso2.carbon.identity.entitlement.endpoint.exception.ResponseWriteException) JsonObject(com.google.gson.JsonObject) Properties(java.util.Properties) AbstractResult(org.wso2.balana.ctx.AbstractResult)

Example 5 with AbstractResult

use of org.wso2.balana.ctx.AbstractResult in project carbon-identity-framework by wso2.

the class TestJSONResponseWriter method testWriteWithAdvices.

@Test
public void testWriteWithAdvices() throws URISyntaxException {
    List<AttributeAssignment> assignments = new ArrayList<>();
    String content = "Error: Channel request is not WEB.";
    URI type = new URI("http://www.w3.org/2001/XMLSchema#string");
    URI attributeId = new URI("urn:oasis:names:tc:xacml:3.0:example:attribute:text");
    AttributeAssignment attributeAssignment = new AttributeAssignment(attributeId, type, null, content, null);
    assignments.add(attributeAssignment);
    List<Advice> adviceResults = new ArrayList<>();
    Advice adviceResult = new Advice(new URI("channel_ko"), assignments);
    adviceResults.add(adviceResult);
    List<String> codes = new ArrayList<>();
    codes.add("urn:oasis:names:tc:xacml:1.0:status:ok");
    AbstractResult abstractResult = new Result(1, new Status(codes), null, adviceResults, null);
    ResponseCtx responseCtx = new ResponseCtx(abstractResult);
    JSONResponseWriter jsonResponseWriter = new JSONResponseWriter();
    try {
        JsonObject jsonObject = jsonResponseWriter.write(responseCtx);
        assertNotNull("Failed to build the XACML json response", jsonObject.toString());
        assertFalse("Failed to build the XACML json response", jsonObject.entrySet().isEmpty());
        for (Map.Entry<String, JsonElement> jsonElementEntry : jsonObject.entrySet()) {
            if (jsonElementEntry.getKey().equals("Response")) {
                JsonArray jsonArray = (JsonArray) jsonElementEntry.getValue();
                assertEquals("Failed to build the XACML json response with correct evaluation", jsonArray.get(0).getAsJsonObject().get("Decision").getAsString(), "Deny");
            }
        }
    } catch (ResponseWriteException e) {
        assertNull("Failed to build the XACML json response", e);
    }
}
Also used : AttributeAssignment(org.wso2.balana.ctx.AttributeAssignment) Status(org.wso2.balana.ctx.Status) ResponseWriteException(org.wso2.carbon.identity.entitlement.endpoint.exception.ResponseWriteException) ArrayList(java.util.ArrayList) JsonObject(com.google.gson.JsonObject) URI(java.net.URI) ResponseCtx(org.wso2.balana.ctx.ResponseCtx) AbstractResult(org.wso2.balana.ctx.AbstractResult) ObligationResult(org.wso2.balana.ObligationResult) Result(org.wso2.balana.ctx.xacml3.Result) JsonArray(com.google.gson.JsonArray) JsonElement(com.google.gson.JsonElement) Advice(org.wso2.balana.xacml3.Advice) AbstractResult(org.wso2.balana.ctx.AbstractResult) Map(java.util.Map) Test(org.testng.annotations.Test)

Aggregations

AbstractResult (org.wso2.balana.ctx.AbstractResult)5 JsonArray (com.google.gson.JsonArray)4 JsonObject (com.google.gson.JsonObject)4 ResponseWriteException (org.wso2.carbon.identity.entitlement.endpoint.exception.ResponseWriteException)4 ObligationResult (org.wso2.balana.ObligationResult)3 ResponseCtx (org.wso2.balana.ctx.ResponseCtx)3 Result (org.wso2.balana.ctx.xacml3.Result)3 JsonElement (com.google.gson.JsonElement)2 URI (java.net.URI)2 ArrayList (java.util.ArrayList)2 Map (java.util.Map)2 Test (org.testng.annotations.Test)2 AttributeAssignment (org.wso2.balana.ctx.AttributeAssignment)2 Status (org.wso2.balana.ctx.Status)2 Advice (org.wso2.balana.xacml3.Advice)2 Obligation (org.wso2.balana.xacml3.Obligation)2 JsonPrimitive (com.google.gson.JsonPrimitive)1 Properties (java.util.Properties)1 AbstractRequestCtx (org.wso2.balana.ctx.AbstractRequestCtx)1 Attributes (org.wso2.balana.xacml3.Attributes)1