use of org.wso2.balana.ctx.AbstractResult in project carbon-identity-framework by wso2.
the class JSONResponseWriter method abstractResultToJSONObject.
/**
* Private method to convert a given Balana <code>{@link AbstractResult}</code> to a <code>{@link JsonObject}</code>
*
* @param result <code>{@link AbstractResult}</code>
* @return <code>{@link JsonObject}</code>
* @throws ResponseWriteException <code>{@link ResponseWriteException}</code>
*/
private static JsonObject abstractResultToJSONObject(AbstractResult result) throws ResponseWriteException {
JsonObject jsonResult = new JsonObject();
// Decision property is mandatory, if not set throw error
if (result.getDecision() == -1) {
throw new ResponseWriteException(40031, "XACML Result should contain the Decision");
}
jsonResult.addProperty(EntitlementEndpointConstants.DECISION, AbstractResult.DECISIONS[result.getDecision()]);
// If Status object is present, convert it
if (result.getStatus() != null) {
jsonResult.add(EntitlementEndpointConstants.STATUS, statusToJSONObject(result.getStatus()));
}
// If Obligations are present
if (result.getObligations() != null && !result.getObligations().isEmpty()) {
// can only get ObligationResult objects from balana
JsonArray obligations = new JsonArray();
for (ObligationResult obligation : result.getObligations()) {
if (obligation instanceof Obligation) {
obligations.add(obligationToJsonObject((Obligation) obligation));
} else {
obligations.add(new JsonPrimitive(obligation.encode()));
}
}
jsonResult.add(EntitlementEndpointConstants.OBLIGATIONS, obligations);
}
// Do the same with attributes
if (result.getAdvices() != null && !result.getAdvices().isEmpty()) {
// can only get ObligationResult objects from balana
JsonArray advices = new JsonArray();
for (Advice advice : result.getAdvices()) {
advices.add(adviceToJsonObject(advice));
}
jsonResult.add(EntitlementEndpointConstants.ASSOCIATED_ADVICE, advices);
}
// If includeInResponse=true, other attributes will be populated from here with the decision.
if (((Result) result).getAttributes() != null && !((Result) result).getAttributes().isEmpty()) {
Set<Attributes> attributes = ((Result) result).getAttributes();
for (Attributes attribute : attributes) {
switch(attribute.getCategory().toString()) {
case EntitlementEndpointConstants.CATEGORY_ACTION_URI:
jsonResult.add(EntitlementEndpointConstants.CATEGORY_ACTION, getJsonObject(attribute));
break;
case EntitlementEndpointConstants.CATEGORY_RESOURCE_URI:
jsonResult.add(EntitlementEndpointConstants.CATEGORY_RESOURCE, getJsonObject(attribute));
break;
case EntitlementEndpointConstants.CATEGORY_ACCESS_SUBJECT_URI:
jsonResult.add(EntitlementEndpointConstants.CATEGORY_ACCESS_SUBJECT, getJsonObject(attribute));
break;
case EntitlementEndpointConstants.CATEGORY_ENVIRONMENT_URI:
jsonResult.add(EntitlementEndpointConstants.CATEGORY_ENVIRONMENT, getJsonObject(attribute));
break;
case EntitlementEndpointConstants.CATEGORY_RECIPIENT_SUBJECT_URI:
jsonResult.add(EntitlementEndpointConstants.CATEGORY_RECIPIENT_SUBJECT, getJsonObject(attribute));
break;
case EntitlementEndpointConstants.CATEGORY_INTERMEDIARY_SUBJECT_URI:
jsonResult.add(EntitlementEndpointConstants.CATEGORY_INTERMEDIARY_SUBJECT, getJsonObject(attribute));
break;
case EntitlementEndpointConstants.CATEGORY_CODEBASE_URI:
jsonResult.add(EntitlementEndpointConstants.CATEGORY_CODEBASE, getJsonObject(attribute));
break;
case EntitlementEndpointConstants.CATEGORY_REQUESTING_MACHINE_URI:
jsonResult.add(EntitlementEndpointConstants.CATEGORY_REQUESTING_MACHINE, getJsonObject(attribute));
break;
default:
jsonResult.add(attribute.getCategory().toString(), getJsonObject(attribute));
break;
}
}
}
return jsonResult;
}
use of org.wso2.balana.ctx.AbstractResult in project carbon-identity-framework by wso2.
the class TestJSONResponseWriter method testWriteWithObligations.
@Test
public void testWriteWithObligations() throws URISyntaxException {
List<AttributeAssignment> assignments = new ArrayList<>();
String content = "Error: Channel request is not WEB.";
URI type = new URI("http://www.w3.org/2001/XMLSchema#string");
URI attributeId = new URI("urn:oasis:names:tc:xacml:3.0:example:attribute:text");
AttributeAssignment attributeAssignment = new AttributeAssignment(attributeId, type, null, content, null);
assignments.add(attributeAssignment);
List<ObligationResult> obligationResults = new ArrayList<>();
ObligationResult obligationResult = new Obligation(assignments, new URI("channel_ko"));
obligationResults.add(obligationResult);
List<String> codes = new ArrayList<>();
codes.add("urn:oasis:names:tc:xacml:1.0:status:ok");
AbstractResult abstractResult = new Result(1, new Status(codes), obligationResults, null, null);
ResponseCtx responseCtx = new ResponseCtx(abstractResult);
JSONResponseWriter jsonResponseWriter = new JSONResponseWriter();
try {
JsonObject jsonObject = jsonResponseWriter.write(responseCtx);
assertNotNull("Failed to build the XACML json response", jsonObject.toString());
assertFalse("Failed to build the XACML json response", jsonObject.entrySet().isEmpty());
for (Map.Entry<String, JsonElement> jsonElementEntry : jsonObject.entrySet()) {
if (jsonElementEntry.getKey().equals("Response")) {
JsonArray jsonArray = (JsonArray) jsonElementEntry.getValue();
assertEquals("Failed to build the XACML json response with correct evaluation", jsonArray.get(0).getAsJsonObject().get("Decision").getAsString(), "Deny");
}
}
} catch (ResponseWriteException e) {
assertNull("Failed to build the XACML response", e);
}
}
use of org.wso2.balana.ctx.AbstractResult in project carbon-identity-framework by wso2.
the class PolicySearch method getResponse.
/**
* Helper method to get XACML decision
*
* @param requestAttributes XACML request attributes
* @return whether permit or deny
*/
private boolean getResponse(List<AttributeDTO> requestAttributes) {
ResponseCtx responseCtx;
AbstractRequestCtx requestCtx = EntitlementUtil.createRequestContext(requestAttributes);
responseCtx = EntitlementEngine.getInstance().evaluateByContext(requestCtx);
if (responseCtx != null) {
Set<AbstractResult> results = responseCtx.getResults();
for (AbstractResult result : results) {
if (result.getDecision() == AbstractResult.DECISION_PERMIT) {
return true;
}
}
}
return false;
}
use of org.wso2.balana.ctx.AbstractResult in project carbon-identity-framework by wso2.
the class JSONResponseWriter method write.
/**
* Returns <code>JsonObject</code> created by parsing the contents of a given
* Balana <code>{@link ResponseCtx}</code>
*
* @param response <code>{@link ResponseCtx}</code>
* @return <code>{@link JsonObject}</code> with parsed properties
* @throws ResponseWriteException <code>{@link ResponseWriteException}</code>
*/
public static JsonObject write(ResponseCtx response) throws ResponseWriteException {
JsonObject responseWrap = new JsonObject();
// JsonObject jsonResponse = new JsonObject();
JsonArray results = new JsonArray();
Properties properties = EntitlementUtil.getPropertiesFromEntitlementConfig();
if (properties != null) {
if (Boolean.parseBoolean(properties.getProperty(PDPConstants.XACML_JSON_SHORT_FORM_ENABLED))) {
xacmlJSONProfileShortFormEnable = true;
}
}
// There should be at least 1 request
if (response.getResults().size() < 1) {
throw new ResponseWriteException(40032, "XACML response should contain at least 1 Result");
}
for (AbstractResult result : response.getResults()) {
/* AbstractResult type does not contain PolicyIdentifierList, as per XACML 3.0, the PolicyIdentifier is
optional. Hence, Result type is not used. */
results.add(abstractResultToJSONObject(result));
}
responseWrap.add(EntitlementEndpointConstants.RESPONSE, results);
return responseWrap;
}
use of org.wso2.balana.ctx.AbstractResult in project carbon-identity-framework by wso2.
the class TestJSONResponseWriter method testWriteWithAdvices.
@Test
public void testWriteWithAdvices() throws URISyntaxException {
List<AttributeAssignment> assignments = new ArrayList<>();
String content = "Error: Channel request is not WEB.";
URI type = new URI("http://www.w3.org/2001/XMLSchema#string");
URI attributeId = new URI("urn:oasis:names:tc:xacml:3.0:example:attribute:text");
AttributeAssignment attributeAssignment = new AttributeAssignment(attributeId, type, null, content, null);
assignments.add(attributeAssignment);
List<Advice> adviceResults = new ArrayList<>();
Advice adviceResult = new Advice(new URI("channel_ko"), assignments);
adviceResults.add(adviceResult);
List<String> codes = new ArrayList<>();
codes.add("urn:oasis:names:tc:xacml:1.0:status:ok");
AbstractResult abstractResult = new Result(1, new Status(codes), null, adviceResults, null);
ResponseCtx responseCtx = new ResponseCtx(abstractResult);
JSONResponseWriter jsonResponseWriter = new JSONResponseWriter();
try {
JsonObject jsonObject = jsonResponseWriter.write(responseCtx);
assertNotNull("Failed to build the XACML json response", jsonObject.toString());
assertFalse("Failed to build the XACML json response", jsonObject.entrySet().isEmpty());
for (Map.Entry<String, JsonElement> jsonElementEntry : jsonObject.entrySet()) {
if (jsonElementEntry.getKey().equals("Response")) {
JsonArray jsonArray = (JsonArray) jsonElementEntry.getValue();
assertEquals("Failed to build the XACML json response with correct evaluation", jsonArray.get(0).getAsJsonObject().get("Decision").getAsString(), "Deny");
}
}
} catch (ResponseWriteException e) {
assertNull("Failed to build the XACML json response", e);
}
}
Aggregations