Examples with ResponseCtx org.wso2.balana.ctx.ResponseCtx used on opensource projects

Example 1 with ResponseCtx

use of org.wso2.balana.ctx.ResponseCtx in project carbon-identity-framework by wso2.

the class EntitlementEngine method evaluate.

/**
 * Evaluates the given XACML request and returns the Response that the EntitlementEngine will
 * hand back to the PEP. PEP needs construct the XACML request before sending it to the
 * EntitlementEngine
 *
 * @param xacmlRequest XACML request as String
 * @return XACML response as String
 * @throws org.wso2.balana.ParsingException                          throws
 * @throws org.wso2.carbon.identity.entitlement.EntitlementException throws
 */
public String evaluate(String xacmlRequest) throws EntitlementException, ParsingException {
    if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_REQUEST)) {
        log.debug("XACML Request : " + xacmlRequest);
    }
    String xacmlResponse;
    if ((xacmlResponse = (String) getFromCache(xacmlRequest, false)) != null) {
        if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_RESPONSE)) {
            log.debug("XACML Response : " + xacmlResponse);
        }
        return xacmlResponse;
    }
    Map<PIPExtension, Properties> extensions = EntitlementServiceComponent.getEntitlementConfig().getExtensions();
    if (extensions != null && !extensions.isEmpty()) {
        PolicyRequestBuilder policyRequestBuilder = new PolicyRequestBuilder();
        Element xacmlRequestElement = policyRequestBuilder.getXacmlRequest(xacmlRequest);
        AbstractRequestCtx requestCtx = RequestCtxFactory.getFactory().getRequestCtx(xacmlRequestElement);
        Set<PIPExtension> pipExtensions = extensions.keySet();
        for (PIPExtension pipExtension : pipExtensions) {
            pipExtension.update(requestCtx);
        }
        ResponseCtx responseCtx = pdp.evaluate(requestCtx);
        xacmlResponse = responseCtx.encode();
    } else {
        xacmlResponse = pdp.evaluate(xacmlRequest);
    }
    addToCache(xacmlRequest, xacmlResponse, false);
    if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_RESPONSE)) {
        log.debug("XACML Response : " + xacmlResponse);
    }
    return xacmlResponse;
}

Example 2 with ResponseCtx

use of org.wso2.balana.ctx.ResponseCtx in project carbon-identity-framework by wso2.

the class TestJSONResponseWriter method testWriteWithObligations.

@Test
public void testWriteWithObligations() throws URISyntaxException {
    List<AttributeAssignment> assignments = new ArrayList<>();
    String content = "Error: Channel request is not WEB.";
    URI type = new URI("http://www.w3.org/2001/XMLSchema#string");
    URI attributeId = new URI("urn:oasis:names:tc:xacml:3.0:example:attribute:text");
    AttributeAssignment attributeAssignment = new AttributeAssignment(attributeId, type, null, content, null);
    assignments.add(attributeAssignment);
    List<ObligationResult> obligationResults = new ArrayList<>();
    ObligationResult obligationResult = new Obligation(assignments, new URI("channel_ko"));
    obligationResults.add(obligationResult);
    List<String> codes = new ArrayList<>();
    codes.add("urn:oasis:names:tc:xacml:1.0:status:ok");
    AbstractResult abstractResult = new Result(1, new Status(codes), obligationResults, null, null);
    ResponseCtx responseCtx = new ResponseCtx(abstractResult);
    JSONResponseWriter jsonResponseWriter = new JSONResponseWriter();
    try {
        JsonObject jsonObject = jsonResponseWriter.write(responseCtx);
        assertNotNull("Failed to build the XACML json response", jsonObject.toString());
        assertFalse("Failed to build the XACML json response", jsonObject.entrySet().isEmpty());
        for (Map.Entry<String, JsonElement> jsonElementEntry : jsonObject.entrySet()) {
            if (jsonElementEntry.getKey().equals("Response")) {
                JsonArray jsonArray = (JsonArray) jsonElementEntry.getValue();
                assertEquals("Failed to build the XACML json response with correct evaluation", jsonArray.get(0).getAsJsonObject().get("Decision").getAsString(), "Deny");
            }
        }
    } catch (ResponseWriteException e) {
        assertNull("Failed to build the XACML response", e);
    }
}

Example 3 with ResponseCtx

use of org.wso2.balana.ctx.ResponseCtx in project carbon-identity-framework by wso2.

the class PolicySearch method getResponse.

/**
 * Helper method to get XACML decision
 *
 * @param requestAttributes XACML request attributes
 * @return whether permit or deny
 */
private boolean getResponse(List<AttributeDTO> requestAttributes) {
    ResponseCtx responseCtx;
    AbstractRequestCtx requestCtx = EntitlementUtil.createRequestContext(requestAttributes);
    responseCtx = EntitlementEngine.getInstance().evaluateByContext(requestCtx);
    if (responseCtx != null) {
        Set<AbstractResult> results = responseCtx.getResults();
        for (AbstractResult result : results) {
            if (result.getDecision() == AbstractResult.DECISION_PERMIT) {
                return true;
            }
        }
    }
    return false;
}

Example 4 with ResponseCtx

use of org.wso2.balana.ctx.ResponseCtx in project carbon-identity-framework by wso2.

the class JSONResponseWriter method write.

/**
 * Returns <code>JsonObject</code> created by parsing the contents of a given
 * Balana <code>{@link ResponseCtx}</code>
 *
 * @param response <code>{@link ResponseCtx}</code>
 * @return <code>{@link JsonObject}</code> with parsed properties
 * @throws ResponseWriteException <code>{@link ResponseWriteException}</code>
 */
public static JsonObject write(ResponseCtx response) throws ResponseWriteException {
    JsonObject responseWrap = new JsonObject();
    // JsonObject jsonResponse = new JsonObject();
    JsonArray results = new JsonArray();
    Properties properties = EntitlementUtil.getPropertiesFromEntitlementConfig();
    if (properties != null) {
        if (Boolean.parseBoolean(properties.getProperty(PDPConstants.XACML_JSON_SHORT_FORM_ENABLED))) {
            xacmlJSONProfileShortFormEnable = true;
        }
    }
    // There should be at least 1 request
    if (response.getResults().size() < 1) {
        throw new ResponseWriteException(40032, "XACML response should contain at least 1 Result");
    }
    for (AbstractResult result : response.getResults()) {
        /* AbstractResult type does not contain PolicyIdentifierList, as per XACML 3.0, the PolicyIdentifier is
            optional. Hence, Result type is not used. */
        results.add(abstractResultToJSONObject(result));
    }
    responseWrap.add(EntitlementEndpointConstants.RESPONSE, results);
    return responseWrap;
}

Example 5 with ResponseCtx

use of org.wso2.balana.ctx.ResponseCtx in project carbon-identity-framework by wso2.

the class DecisionResource method getDecision.

/**
 * API endpoint for evaluating XACML XML policies
 *
 * @return XML Policy result String
 */
@POST
@Path("pdp")
@Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
@Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
@ApiOperation(value = "Get response by evaluating JSON/XML XACML request", response = String.class)
@ApiResponses(value = { @ApiResponse(code = 200, message = "XACML JSON/XML Response"), @ApiResponse(code = 40010, message = EntitlementEndpointConstants.ERROR_UNAUTHORIZED_MESSAGE, response = ExceptionBean.class), @ApiResponse(code = 40020, message = EntitlementEndpointConstants.ERROR_REQUEST_PARSE_MESSAGE, response = ExceptionBean.class), @ApiResponse(code = 40010, message = EntitlementEndpointConstants.ERROR_RESPONSE_READ_MESSAGE, response = ExceptionBean.class) })
public String getDecision(@ApiParam(value = "Request Media Type", required = true) @HeaderParam(EntitlementEndpointConstants.ACCEPT_HEADER) String format, @ApiParam(value = "Authentication Type", required = true) @HeaderParam(EntitlementEndpointConstants.AUTHENTICATION_TYPE_HEADER) String authMechanism, @ApiParam(value = "Add HTTP Basic Authorization", required = true) @HeaderParam(EntitlementEndpointConstants.AUTHORIZATION_HEADER) String authorization, @ApiParam(value = "Response Media Type", required = true) @HeaderParam(EntitlementEndpointConstants.CONTENT_TYPE_HEADER) String contentType, @ApiParam(value = "XACML JSON/XML Request", required = true) String xacmlRequest) throws Exception {
    if (log.isDebugEnabled()) {
        log.debug("recieved :" + xacmlRequest);
    }
    EntitlementEngine entitlementEngine = EntitlementEngine.getInstance();
    if (contentType.equals(EntitlementEndpointConstants.APPLICATION_JSON)) {
        RequestCtx requestCtx = JSONRequestParser.parse(xacmlRequest);
        ResponseCtx responseCtx = entitlementEngine.evaluate(requestCtx, xacmlRequest);
        return gson.toJson(JSONResponseWriter.write(responseCtx));
    } else {
        return entitlementEngine.evaluate(xacmlRequest);
    }
}