Examples with RequestCtx org.wso2.balana.ctx.xacml3.RequestCtx used on opensource projects

Example 1 with RequestCtx

use of org.wso2.balana.ctx.xacml3.RequestCtx in project carbon-identity-framework by wso2.

the class EntitlementEngine method evaluate.

/**
 * Evaluates the given XACML request and returns the Response that the EntitlementEngine will
 * hand back to the PEP. PEP needs construct the XACML request before sending it to the
 * EntitlementEngine
 *
 * @param xacmlRequest XACML request as String
 * @return XACML response as String
 * @throws org.wso2.balana.ParsingException                          throws
 * @throws org.wso2.carbon.identity.entitlement.EntitlementException throws
 */
public String evaluate(String xacmlRequest) throws EntitlementException, ParsingException {
    if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_REQUEST)) {
        log.debug("XACML Request : " + xacmlRequest);
    }
    String xacmlResponse;
    if ((xacmlResponse = (String) getFromCache(xacmlRequest, false)) != null) {
        if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_RESPONSE)) {
            log.debug("XACML Response : " + xacmlResponse);
        }
        return xacmlResponse;
    }
    Map<PIPExtension, Properties> extensions = EntitlementServiceComponent.getEntitlementConfig().getExtensions();
    if (extensions != null && !extensions.isEmpty()) {
        PolicyRequestBuilder policyRequestBuilder = new PolicyRequestBuilder();
        Element xacmlRequestElement = policyRequestBuilder.getXacmlRequest(xacmlRequest);
        AbstractRequestCtx requestCtx = RequestCtxFactory.getFactory().getRequestCtx(xacmlRequestElement);
        Set<PIPExtension> pipExtensions = extensions.keySet();
        for (PIPExtension pipExtension : pipExtensions) {
            pipExtension.update(requestCtx);
        }
        ResponseCtx responseCtx = pdp.evaluate(requestCtx);
        xacmlResponse = responseCtx.encode();
    } else {
        xacmlResponse = pdp.evaluate(xacmlRequest);
    }
    addToCache(xacmlRequest, xacmlResponse, false);
    if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_RESPONSE)) {
        log.debug("XACML Response : " + xacmlResponse);
    }
    return xacmlResponse;
}

Example 2 with RequestCtx

use of org.wso2.balana.ctx.xacml3.RequestCtx in project carbon-identity-framework by wso2.

the class JSONRequestParser method parse.

/**
 * Static method that will convert a XACML JSON Request to a <code>{@link RequestCtx}</code> instance
 *
 * @param jsonRequest <code>String</code> with JSON request
 * @return <code>{@link RequestCtx}</code> instance that can be used to evaluate on Balana
 * @throws JsonParseException         <code>{@link JsonParseException}</code>
 * @throws RequestParseException      <code>{@link RequestParseException}</code>
 * @throws UnknownIdentifierException <code>{@link UnknownIdentifierException}</code>
 */
public static RequestCtx parse(String jsonRequest) throws JsonParseException, RequestParseException, UnknownIdentifierException {
    JsonObject requestObject = null;
    Set<Attributes> categories = new HashSet<>();
    boolean returnPolicyIdList = false;
    boolean combinedDecision = false;
    MultiRequests multiRequests = null;
    RequestDefaults requestDefaults = null;
    try {
        requestObject = gson.fromJson(jsonRequest, JsonObject.class);
        requestObject = requestObject.get("Request").getAsJsonObject();
    } catch (Exception e) {
        throw new JsonParseException("Error in JSON Request String");
    }
    Set<Map.Entry<String, JsonElement>> jsonAttributes = requestObject.entrySet();
    for (Map.Entry<String, JsonElement> jsonAttribute : jsonAttributes) {
        if (jsonAttribute.getValue().isJsonPrimitive()) {
            switch(jsonAttribute.getKey()) {
                case XACMLConstants.RETURN_POLICY_LIST:
                    if (jsonAttribute.getValue().getAsBoolean() == true) {
                        returnPolicyIdList = true;
                    }
                    break;
                case XACMLConstants.COMBINE_DECISION:
                    if (jsonAttribute.getValue().getAsBoolean() == true) {
                        combinedDecision = true;
                    }
                    break;
                case EntitlementEndpointConstants.XPATH_VERSION:
                    String xPathVersion = jsonAttribute.getValue().getAsString();
                    requestDefaults = new RequestDefaults(xPathVersion);
                    break;
            }
        } else if (!jsonAttribute.getValue().isJsonNull()) {
            JsonObject jsonCategory = null;
            if (jsonAttribute.getValue().isJsonObject()) {
                jsonCategory = jsonAttribute.getValue().getAsJsonObject();
                jsonAttributeSeperator(jsonAttribute, jsonCategory, categories);
            } else if (jsonAttribute.getValue().isJsonArray()) {
                for (JsonElement jsonElement : jsonAttribute.getValue().getAsJsonArray()) {
                    jsonCategory = jsonElement.getAsJsonObject();
                    jsonAttributeSeperator(jsonAttribute, jsonCategory, categories);
                }
            } else if (EntitlementEndpointConstants.MULTI_REQUESTS.equals(jsonAttribute.getKey())) {
                Set<Map.Entry<String, JsonElement>> jsonRequestReferences = jsonCategory.entrySet();
                Set<RequestReference> requestReferences = new HashSet<>();
                if (jsonRequestReferences.isEmpty()) {
                    throw new RequestParseException("MultiRequest should contain at least one Reference Request");
                }
                for (Map.Entry<String, JsonElement> jsonRequstReference : jsonRequestReferences) {
                    requestReferences.add(jsonObjectToRequestReference(jsonRequstReference.getValue().getAsJsonObject()));
                }
                multiRequests = new MultiRequests(requestReferences);
            }
        }
    }
    return new RequestCtx(null, categories, returnPolicyIdList, combinedDecision, multiRequests, requestDefaults);
}

Example 3 with RequestCtx

use of org.wso2.balana.ctx.xacml3.RequestCtx in project carbon-identity-framework by wso2.

the class PolicySearch method getResponse.

/**
 * Helper method to get XACML decision
 *
 * @param requestAttributes XACML request attributes
 * @return whether permit or deny
 */
private boolean getResponse(List<AttributeDTO> requestAttributes) {
    ResponseCtx responseCtx;
    AbstractRequestCtx requestCtx = EntitlementUtil.createRequestContext(requestAttributes);
    responseCtx = EntitlementEngine.getInstance().evaluateByContext(requestCtx);
    if (responseCtx != null) {
        Set<AbstractResult> results = responseCtx.getResults();
        for (AbstractResult result : results) {
            if (result.getDecision() == AbstractResult.DECISION_PERMIT) {
                return true;
            }
        }
    }
    return false;
}

Example 4 with RequestCtx

use of org.wso2.balana.ctx.xacml3.RequestCtx in project carbon-identity-framework by wso2.

the class DecisionResource method getDecision.

/**
 * API endpoint for evaluating XACML XML policies
 *
 * @return XML Policy result String
 */
@POST
@Path("pdp")
@Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
@Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
@ApiOperation(value = "Get response by evaluating JSON/XML XACML request", response = String.class)
@ApiResponses(value = { @ApiResponse(code = 200, message = "XACML JSON/XML Response"), @ApiResponse(code = 40010, message = EntitlementEndpointConstants.ERROR_UNAUTHORIZED_MESSAGE, response = ExceptionBean.class), @ApiResponse(code = 40020, message = EntitlementEndpointConstants.ERROR_REQUEST_PARSE_MESSAGE, response = ExceptionBean.class), @ApiResponse(code = 40010, message = EntitlementEndpointConstants.ERROR_RESPONSE_READ_MESSAGE, response = ExceptionBean.class) })
public String getDecision(@ApiParam(value = "Request Media Type", required = true) @HeaderParam(EntitlementEndpointConstants.ACCEPT_HEADER) String format, @ApiParam(value = "Authentication Type", required = true) @HeaderParam(EntitlementEndpointConstants.AUTHENTICATION_TYPE_HEADER) String authMechanism, @ApiParam(value = "Add HTTP Basic Authorization", required = true) @HeaderParam(EntitlementEndpointConstants.AUTHORIZATION_HEADER) String authorization, @ApiParam(value = "Response Media Type", required = true) @HeaderParam(EntitlementEndpointConstants.CONTENT_TYPE_HEADER) String contentType, @ApiParam(value = "XACML JSON/XML Request", required = true) String xacmlRequest) throws Exception {
    if (log.isDebugEnabled()) {
        log.debug("recieved :" + xacmlRequest);
    }
    EntitlementEngine entitlementEngine = EntitlementEngine.getInstance();
    if (contentType.equals(EntitlementEndpointConstants.APPLICATION_JSON)) {
        RequestCtx requestCtx = JSONRequestParser.parse(xacmlRequest);
        ResponseCtx responseCtx = entitlementEngine.evaluate(requestCtx, xacmlRequest);
        return gson.toJson(JSONResponseWriter.write(responseCtx));
    } else {
        return entitlementEngine.evaluate(xacmlRequest);
    }
}

Example 5 with RequestCtx

use of org.wso2.balana.ctx.xacml3.RequestCtx in project carbon-identity-framework by wso2.

the class TestJSONRequestParser method testParse.

@Test
public void testParse() {
    AttributeValue attributeValue = new StringAttribute("http://127.0.0.1");
    List<AttributeValue> attributeValues = new ArrayList<>();
    attributeValues.add(attributeValue);
    Attribute attribute = new Attribute(URI.create("urn:oasis:names:tc:xacml:1.0:resource:resource-id"), null, null, null, attributeValues, false, XACMLConstants.XACML_VERSION_3_0);
    Set<Attribute> attributeSet = new HashSet<>();
    attributeSet.add(attribute);
    Attributes category = new Attributes(URI.create(EntitlementEndpointConstants.CATEGORY_RESOURCE_URI), attributeSet);
    Set<Attributes> categories = new HashSet<>();
    categories.add(category);
    RequestCtx requestCtx = new RequestCtx(categories, null);
    String jsonRequest = "{\n" + "  \"Request\":{\n" + "    \"Action\":{\n" + "      \"Attribute\":[{\n" + "        \"AttributeId\":\"urn:oasis:names:tc:xacml:1.0:action:action-id\",\n" + "        \"Value\":\"read\"\n" + "      }]\n" + "    },\n" + "    \"Resource\":{\n" + "      \"Attribute\":[{\n" + "        \"AttributeId\":\"urn:oasis:names:tc:xacml:1.0:resource:resource-id\",\n" + "        \"Value\":\"http://127.0.0.1/service/very_secure/\"\n" + "      }]\n" + "    }\n" + "  }\n" + "}";
    String jsonRequest2 = "{\"Request\":\n" + "{\n" + "\"AccessSubject\":{\n" + "            \"Content\": \"PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8Y2F0YWxvZz48Ym9vayBpZD0iYmsxMDEiPjxhdXRob3I+R2FtYmFyZGVsbGEsIE1hdHRoZXc8L2F1dGhvcj48dGl0bGU+WE1MIERldmVsb3BlcidzIEd1aWRlPC90aXRsZT48Z2VucmU+Q29tcHV0ZXI8L2dlbnJlPjxwcmljZT40NC45NTwvcHJpY2U+PHB1Ymxpc2hfZGF0ZT4yMDAwLTEwLTAxPC9wdWJsaXNoX2RhdGU+PGRlc2NyaXB0aW9uPkFuIGluLWRlcHRoIGxvb2sgYXQgY3JlYXRpbmcgYXBwbGljYXRpb25zIHdpdGggWE1MLjwvZGVzY3JpcHRpb24+PC9ib29rPjwvY2F0YWxvZz4=\"\n" + "}\n" + "}}";
    try {
        RequestCtx requestCtx1 = JSONRequestParser.parse(jsonRequest);
    } catch (Exception e) {
        log.error("Exception in JSON Parser Test");
    }
}