Example 1 with Advice
use of org.wso2.balana.xacml3.Advice in project carbon-identity-framework by wso2.
the class PolicyEditorUtil method createObligationElement.
private static ObligationElementDTO createObligationElement(ObligationDTO obligationDTO) {
String id = obligationDTO.getObligationId();
String effect = obligationDTO.getEffect();
String type = obligationDTO.getType();
if (id != null && id.trim().length() > 0 && effect != null) {
ObligationElementDTO elementDTO = new ObligationElementDTO();
elementDTO.setId(id);
elementDTO.setEffect(effect);
if ("Advice".equals(type)) {
elementDTO.setType(ObligationElementDTO.ADVICE);
} else {
elementDTO.setType(ObligationElementDTO.OBLIGATION);
}
String attributeValue = obligationDTO.getAttributeValue();
String attributeDataType = obligationDTO.getAttributeValueDataType();
String resultingAttributeId = obligationDTO.getResultAttributeId();
if (attributeValue != null && attributeValue.trim().length() > 0 && resultingAttributeId != null && resultingAttributeId.trim().length() > 0) {
AttributeAssignmentElementDTO assignmentElementDTO = new AttributeAssignmentElementDTO();
assignmentElementDTO.setAttributeId(resultingAttributeId);
if (attributeValue.contains(",")) {
String[] values = attributeValue.split(",");
ApplyElementDTO applyElementDTO = new ApplyElementDTO();
applyElementDTO.setFunctionId(processFunction("bag", attributeDataType));
for (String value : values) {
if (applyElementMap.containsKey(value)) {
applyElementDTO.setApplyElement(applyElementMap.get(value));
} else {
AttributeValueElementDTO valueElementDTO = new AttributeValueElementDTO();
valueElementDTO.setAttributeDataType(attributeDataType);
valueElementDTO.setAttributeValue(value);
applyElementDTO.setAttributeValueElementDTO(valueElementDTO);
}
}
assignmentElementDTO.setApplyElementDTO(applyElementDTO);
} else {
if (applyElementMap.containsKey(attributeValue)) {
assignmentElementDTO.setApplyElementDTO(applyElementMap.get(attributeValue));
} else {
AttributeValueElementDTO valueElementDTO = new AttributeValueElementDTO();
valueElementDTO.setAttributeDataType(attributeDataType);
valueElementDTO.setAttributeValue(attributeValue);
assignmentElementDTO.setValueElementDTO(valueElementDTO);
}
}
elementDTO.addAssignmentElementDTO(assignmentElementDTO);
}
return elementDTO;
}
return null;
}
Also used :
ApplyElementDTO(org.wso2.balana.utils.policy.dto.ApplyElementDTO)
ObligationElementDTO(org.wso2.balana.utils.policy.dto.ObligationElementDTO)
AttributeAssignmentElementDTO(org.wso2.balana.utils.policy.dto.AttributeAssignmentElementDTO)
AttributeValueElementDTO(org.wso2.balana.utils.policy.dto.AttributeValueElementDTO)
Example 2 with Advice
use of org.wso2.balana.xacml3.Advice in project carbon-identity-framework by wso2.
the class JSONResponseWriter method abstractResultToJSONObject.
/**
* Private method to convert a given Balana <code>{@link AbstractResult}</code> to a <code>{@link JsonObject}</code>
*
* @param result <code>{@link AbstractResult}</code>
* @return <code>{@link JsonObject}</code>
* @throws ResponseWriteException <code>{@link ResponseWriteException}</code>
*/
private static JsonObject abstractResultToJSONObject(AbstractResult result) throws ResponseWriteException {
JsonObject jsonResult = new JsonObject();
// Decision property is mandatory, if not set throw error
if (result.getDecision() == -1) {
throw new ResponseWriteException(40031, "XACML Result should contain the Decision");
}
jsonResult.addProperty(EntitlementEndpointConstants.DECISION, AbstractResult.DECISIONS[result.getDecision()]);
// If Status object is present, convert it
if (result.getStatus() != null) {
jsonResult.add(EntitlementEndpointConstants.STATUS, statusToJSONObject(result.getStatus()));
}
// If Obligations are present
if (result.getObligations() != null && !result.getObligations().isEmpty()) {
// can only get ObligationResult objects from balana
JsonArray obligations = new JsonArray();
for (ObligationResult obligation : result.getObligations()) {
if (obligation instanceof Obligation) {
obligations.add(obligationToJsonObject((Obligation) obligation));
} else {
obligations.add(new JsonPrimitive(obligation.encode()));
}
}
jsonResult.add(EntitlementEndpointConstants.OBLIGATIONS, obligations);
}
// Do the same with attributes
if (result.getAdvices() != null && !result.getAdvices().isEmpty()) {
// can only get ObligationResult objects from balana
JsonArray advices = new JsonArray();
for (Advice advice : result.getAdvices()) {
advices.add(adviceToJsonObject(advice));
}
jsonResult.add(EntitlementEndpointConstants.ASSOCIATED_ADVICE, advices);
}
// If includeInResponse=true, other attributes will be populated from here with the decision.
if (((Result) result).getAttributes() != null && !((Result) result).getAttributes().isEmpty()) {
Set<Attributes> attributes = ((Result) result).getAttributes();
for (Attributes attribute : attributes) {
switch(attribute.getCategory().toString()) {
case EntitlementEndpointConstants.CATEGORY_ACTION_URI:
jsonResult.add(EntitlementEndpointConstants.CATEGORY_ACTION, getJsonObject(attribute));
break;
case EntitlementEndpointConstants.CATEGORY_RESOURCE_URI:
jsonResult.add(EntitlementEndpointConstants.CATEGORY_RESOURCE, getJsonObject(attribute));
break;
case EntitlementEndpointConstants.CATEGORY_ACCESS_SUBJECT_URI:
jsonResult.add(EntitlementEndpointConstants.CATEGORY_ACCESS_SUBJECT, getJsonObject(attribute));
break;
case EntitlementEndpointConstants.CATEGORY_ENVIRONMENT_URI:
jsonResult.add(EntitlementEndpointConstants.CATEGORY_ENVIRONMENT, getJsonObject(attribute));
break;
case EntitlementEndpointConstants.CATEGORY_RECIPIENT_SUBJECT_URI:
jsonResult.add(EntitlementEndpointConstants.CATEGORY_RECIPIENT_SUBJECT, getJsonObject(attribute));
break;
case EntitlementEndpointConstants.CATEGORY_INTERMEDIARY_SUBJECT_URI:
jsonResult.add(EntitlementEndpointConstants.CATEGORY_INTERMEDIARY_SUBJECT, getJsonObject(attribute));
break;
case EntitlementEndpointConstants.CATEGORY_CODEBASE_URI:
jsonResult.add(EntitlementEndpointConstants.CATEGORY_CODEBASE, getJsonObject(attribute));
break;
case EntitlementEndpointConstants.CATEGORY_REQUESTING_MACHINE_URI:
jsonResult.add(EntitlementEndpointConstants.CATEGORY_REQUESTING_MACHINE, getJsonObject(attribute));
break;
default:
jsonResult.add(attribute.getCategory().toString(), getJsonObject(attribute));
break;
}
}
}
return jsonResult;
}
Also used :
JsonArray(com.google.gson.JsonArray)
Obligation(org.wso2.balana.xacml3.Obligation)
ResponseWriteException(org.wso2.carbon.identity.entitlement.endpoint.exception.ResponseWriteException)
JsonPrimitive(com.google.gson.JsonPrimitive)
ObligationResult(org.wso2.balana.ObligationResult)
Attributes(org.wso2.balana.xacml3.Attributes)
JsonObject(com.google.gson.JsonObject)
Advice(org.wso2.balana.xacml3.Advice)
AbstractResult(org.wso2.balana.ctx.AbstractResult)
ObligationResult(org.wso2.balana.ObligationResult)
Result(org.wso2.balana.ctx.xacml3.Result)
Example 3 with Advice
use of org.wso2.balana.xacml3.Advice in project carbon-mediation by wso2.
the class EntitlementMediator method mediate.
/**
* {@inheritDoc}
*/
public boolean mediate(MessageContext synCtx) {
if (synCtx.getEnvironment().isDebuggerEnabled()) {
if (super.divertMediationRoute(synCtx)) {
return true;
}
}
String decisionString;
String userName;
String serviceName;
String operationName;
String action;
String resourceName;
Attribute[] otherAttributes;
PEPProxy resolvedPepProxy;
if (log.isDebugEnabled()) {
log.debug("Mediation for Entitlement started");
}
resolvedPepProxy = pepProxy;
if (keyInvolved) {
try {
resolvedPepProxy = resolveEntitlementServerDynamicConfigs(synCtx);
} catch (EntitlementProxyException e) {
log.error("Error while initializing the PEP Proxy" + e);
throw new SynapseException("Error while initializing the Entitlement PEP Proxy");
}
}
try {
userName = callback.getUserName(synCtx);
serviceName = callback.findServiceName(synCtx);
operationName = callback.findOperationName(synCtx);
action = callback.findAction(synCtx);
otherAttributes = callback.findOtherAttributes(synCtx);
if (userName == null) {
throw new SynapseException("User name not provided for the Entitlement mediator - can't proceed");
}
if (operationName != null) {
resourceName = serviceName + "/" + operationName;
} else {
resourceName = serviceName;
}
if (otherAttributes == null) {
otherAttributes = new Attribute[0];
}
if (log.isDebugEnabled()) {
StringBuilder debugOtherAttributes = new StringBuilder();
debugOtherAttributes.append("Subject ID is : " + userName + " Resource ID is : " + resourceName + " Action ID is : " + action + ".");
if (otherAttributes.length > 0) {
debugOtherAttributes.append("Other attributes are ");
for (int i = 0; i < otherAttributes.length; i++) {
debugOtherAttributes.append("Attribute ID : ").append(otherAttributes[i].getId()).append(" of Category : ").append(otherAttributes[i].getCategory()).append(" of Type : ").append(otherAttributes[i].getType()).append(" and Value : ").append(otherAttributes[i].getValue());
if (i < otherAttributes.length - 2) {
debugOtherAttributes.append(", ");
} else if (i == otherAttributes.length - 2) {
debugOtherAttributes.append(" and ");
} else {
debugOtherAttributes.append(".");
}
}
}
log.debug(debugOtherAttributes);
}
// if decision cache is disabled
// Creating the XACML 3.0 Attributes to Send XACML Request
Attribute[] tempArr = new Attribute[otherAttributes.length + 3];
tempArr[0] = new Attribute("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject", "urn:oasis:names:tc:xacml:1.0:subject:subject-id", ProxyConstants.DEFAULT_DATA_TYPE, userName);
tempArr[1] = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:action", "urn:oasis:names:tc:xacml:1.0:action:action-id", ProxyConstants.DEFAULT_DATA_TYPE, action);
tempArr[2] = new Attribute("urn:oasis:names:tc:xacml:3.0:attribute-category:resource", "urn:oasis:names:tc:xacml:1.0:resource:resource-id", ProxyConstants.DEFAULT_DATA_TYPE, resourceName);
for (int i = 0; i < otherAttributes.length; i++) {
tempArr[3 + i] = otherAttributes[i];
}
decisionString = resolvedPepProxy.getDecision(tempArr);
String simpleDecision;
OMElement obligations;
OMElement advice;
if (decisionString != null) {
String nameSpace = null;
OMElement decisionElement = AXIOMUtil.stringToOM(decisionString);
OMNamespace omNamespace = decisionElement.getDefaultNamespace();
if (omNamespace != null) {
nameSpace = omNamespace.getNamespaceURI();
}
if (nameSpace == null) {
simpleDecision = decisionElement.getFirstChildWithName(new QName("Result")).getFirstChildWithName(new QName("Decision")).getText();
obligations = decisionElement.getFirstChildWithName(new QName("Result")).getFirstChildWithName(new QName("Obligations"));
advice = decisionElement.getFirstChildWithName(new QName("Result")).getFirstChildWithName(new QName("AssociatedAdvice"));
} else {
simpleDecision = decisionElement.getFirstChildWithName(new QName(nameSpace, "Result")).getFirstChildWithName(new QName(nameSpace, "Decision")).getText();
obligations = decisionElement.getFirstChildWithName(new QName(nameSpace, "Result")).getFirstChildWithName(new QName(nameSpace, "Obligations"));
advice = decisionElement.getFirstChildWithName(new QName(nameSpace, "Result")).getFirstChildWithName(new QName(nameSpace, "AssociatedAdvice"));
}
if (log.isDebugEnabled()) {
log.debug("Entitlement Decision is : " + simpleDecision);
}
} else {
// undefined decision;
throw new SynapseException("Undefined Decision is received");
}
synCtx.setProperty(ORIGINAL_ENTITLEMENT_PAYLOAD, synCtx.getEnvelope());
synCtx.setProperty(ENTITLEMENT_DECISION, simpleDecision);
synCtx.setProperty(ENTITLEMENT_ADVICE, advice);
// but here assume to be deny
if ("Permit".equals(simpleDecision) || "Deny".equals(simpleDecision)) {
MessageContext obligationsSynCtx = null;
MessageContext adviceSynCtx = null;
// 1st check for advice
if (advice != null) {
adviceSynCtx = getOMElementInserted(advice, getClonedMessageContext(synCtx));
if (adviceSeqKey != null) {
SequenceMediator sequence = (SequenceMediator) adviceSynCtx.getSequence(adviceSeqKey);
// Clear the continuation stack. So adviceSynCtx will not flow through the
// rest of the mediators place in this flow
ContinuationStackManager.clearStack(adviceSynCtx);
adviceSynCtx.getEnvironment().injectAsync(adviceSynCtx, sequence);
} else if (adviceMediator != null) {
ContinuationStackManager.addReliantContinuationState(adviceSynCtx, 0, getMediatorPosition());
adviceSynCtx.getEnvironment().injectAsync(adviceSynCtx, (SequenceMediator) adviceMediator);
}
}
if (obligations != null) {
obligationsSynCtx = getOMElementInserted(obligations, getClonedMessageContext(synCtx));
boolean result;
if (obligationsSeqKey != null) {
ContinuationStackManager.addReliantContinuationState(obligationsSynCtx, 1, getMediatorPosition());
obligationsSynCtx.setProperty(ContinuationStackManager.SKIP_CONTINUATION_STATE, true);
result = obligationsSynCtx.getSequence(obligationsSeqKey).mediate(obligationsSynCtx);
Boolean isContinuationCall = (Boolean) obligationsSynCtx.getProperty(SynapseConstants.CONTINUATION_CALL);
if (result) {
ContinuationStackManager.removeReliantContinuationState(obligationsSynCtx);
} else if (!result && isContinuationCall != null && isContinuationCall) {
// If result is false due to presence of a Call mediator, stop the flow
return false;
}
} else {
ContinuationStackManager.addReliantContinuationState(obligationsSynCtx, 2, getMediatorPosition());
result = obligationsMediator.mediate(obligationsSynCtx);
Boolean isContinuationCall = (Boolean) obligationsSynCtx.getProperty(SynapseConstants.CONTINUATION_CALL);
if (result) {
ContinuationStackManager.removeReliantContinuationState(obligationsSynCtx);
} else if (!result && isContinuationCall != null && isContinuationCall) {
// If result is false due to presence of a Call mediator, stop the flow
return false;
}
}
if (!result) {
// So message is mediated through the OnReject sequence
if (log.isDebugEnabled()) {
log.debug("Obligations are not correctly performed");
}
simpleDecision = "Deny";
}
}
}
return executeDecisionMessageFlow(synCtx, simpleDecision);
} catch (SynapseException e) {
log.error(e);
throw e;
} catch (Exception e) {
log.error("Error occurred while evaluating the policy", e);
throw new SynapseException("Error occurred while evaluating the policy");
}
}
Also used :
OMNamespace(org.apache.axiom.om.OMNamespace)
SynapseException(org.apache.synapse.SynapseException)
Attribute(org.wso2.carbon.identity.entitlement.proxy.Attribute)
QName(javax.xml.namespace.QName)
EntitlementProxyException(org.wso2.carbon.identity.entitlement.proxy.exception.EntitlementProxyException)
OMElement(org.apache.axiom.om.OMElement)
JaxenException(org.jaxen.JaxenException)
EntitlementProxyException(org.wso2.carbon.identity.entitlement.proxy.exception.EntitlementProxyException)
CryptoException(org.wso2.carbon.core.util.CryptoException)
SynapseException(org.apache.synapse.SynapseException)
MessageContext(org.apache.synapse.MessageContext)
Axis2MessageContext(org.apache.synapse.core.axis2.Axis2MessageContext)
SequenceMediator(org.apache.synapse.mediators.base.SequenceMediator)
PEPProxy(org.wso2.carbon.identity.entitlement.proxy.PEPProxy)
Example 4 with Advice
use of org.wso2.balana.xacml3.Advice in project carbon-mediation by wso2.
the class EntitlementMediator method mediate.
public boolean mediate(MessageContext synCtx, ContinuationState continuationState) {
SynapseLog synLog = getLog(synCtx);
if (synLog.isTraceOrDebugEnabled()) {
synLog.traceOrDebug("Entitlement mediator : Mediating from ContinuationState");
}
if (keyInvolved) {
try {
resolveEntitlementServerDynamicConfigs(synCtx);
} catch (EntitlementProxyException e) {
log.error("Error while initializing the PEP Proxy" + e);
throw new SynapseException("Error while initializing the Entitlement PEP Proxy");
}
}
boolean result = false;
int subBranch = ((ReliantContinuationState) continuationState).getSubBranch();
if (subBranch == 0) {
// For Advice mediator
if (!continuationState.hasChild()) {
result = ((SequenceMediator) adviceMediator).mediate(synCtx, continuationState.getPosition() + 1);
if (result) {
// Stop the flow after executing all the mediators
ContinuationStackManager.clearStack(synCtx);
return false;
}
} else {
FlowContinuableMediator mediator = (FlowContinuableMediator) ((SequenceMediator) adviceMediator).getChild(continuationState.getPosition());
result = mediator.mediate(synCtx, continuationState.getChildContState());
}
} else if (subBranch == 1 || subBranch == 2) {
// For Obligation
SequenceMediator sequenceMediator;
if (subBranch == 1) {
sequenceMediator = (SequenceMediator) synCtx.getSequence(obligationsSeqKey);
} else {
sequenceMediator = (SequenceMediator) obligationsMediator;
}
if (!continuationState.hasChild()) {
result = sequenceMediator.mediate(synCtx, continuationState.getPosition() + 1);
Boolean isContinuationCall = (Boolean) synCtx.getProperty(SynapseConstants.CONTINUATION_CALL);
if (!result && isContinuationCall != null && isContinuationCall) {
// If result is false due to presence of a Call mediator, stop the flow
return false;
} else {
ContinuationStackManager.removeReliantContinuationState(synCtx);
String decision = (String) synCtx.getProperty(ENTITLEMENT_DECISION);
if (!result) {
decision = "Deny";
}
// Set back the original payload
OMElement originalEnv = (OMElement) synCtx.getProperty(ORIGINAL_ENTITLEMENT_PAYLOAD);
try {
synCtx.setEnvelope(AXIOMUtils.getSOAPEnvFromOM(originalEnv));
} catch (AxisFault axisFault) {
handleException("Error while setting the original envelope back", synCtx);
}
result = executeDecisionMessageFlow(synCtx, decision);
if (result) {
// Just adding a dummy state back, which will be removed at the Sequence when returning.
ContinuationStackManager.addReliantContinuationState(synCtx, 1, getMediatorPosition());
}
}
} else {
FlowContinuableMediator mediator = (FlowContinuableMediator) sequenceMediator.getChild(continuationState.getPosition());
result = mediator.mediate(synCtx, continuationState.getChildContState());
}
} else if (subBranch == 3) {
// For onAcceptMediator
if (!continuationState.hasChild()) {
result = ((SequenceMediator) onAcceptMediator).mediate(synCtx, continuationState.getPosition() + 1);
} else {
FlowContinuableMediator mediator = (FlowContinuableMediator) ((SequenceMediator) onAcceptMediator).getChild(continuationState.getPosition());
result = mediator.mediate(synCtx, continuationState.getChildContState());
}
} else if (subBranch == 4) {
// For onReject Mediator
if (!continuationState.hasChild()) {
result = ((SequenceMediator) onRejectMediator).mediate(synCtx, continuationState.getPosition() + 1);
} else {
FlowContinuableMediator mediator = (FlowContinuableMediator) ((SequenceMediator) onRejectMediator).getChild(continuationState.getPosition());
result = mediator.mediate(synCtx, continuationState.getChildContState());
}
}
return result;
}
Also used :
AxisFault(org.apache.axis2.AxisFault)
ReliantContinuationState(org.apache.synapse.continuation.ReliantContinuationState)
SynapseLog(org.apache.synapse.SynapseLog)
SynapseException(org.apache.synapse.SynapseException)
FlowContinuableMediator(org.apache.synapse.mediators.FlowContinuableMediator)
EntitlementProxyException(org.wso2.carbon.identity.entitlement.proxy.exception.EntitlementProxyException)
OMElement(org.apache.axiom.om.OMElement)
SequenceMediator(org.apache.synapse.mediators.base.SequenceMediator)
Example 5 with Advice
use of org.wso2.balana.xacml3.Advice in project carbon-mediation by wso2.
the class EntitlementMediatorSerializer method serializeSpecificMediator.
/**
* {@inheritDoc}
*/
public OMElement serializeSpecificMediator(Mediator mediator) {
if (!(mediator instanceof EntitlementMediator)) {
handleException("Unsupported mediator passed in for serialization : " + mediator.getType());
}
EntitlementMediator entitlement = null;
OMElement entitlementElem = null;
entitlement = (EntitlementMediator) mediator;
entitlementElem = fac.createOMElement("entitlementService", synNS);
saveTracingState(entitlementElem, entitlement);
if (entitlement.getRemoteServiceUrl() != null && !entitlement.getRemoteServiceUrl().isEmpty()) {
entitlementElem.addAttribute(fac.createOMAttribute("remoteServiceUrl", nullNS, entitlement.getRemoteServiceUrl()));
} else if (entitlement.getRemoteServiceUrlKey() != null && !entitlement.getRemoteServiceUrlKey().isEmpty()) {
entitlementElem.addAttribute(fac.createOMAttribute("remoteServiceUrlKey", nullNS, entitlement.getRemoteServiceUrlKey()));
}
if (entitlement.getRemoteServiceUserName() != null && !entitlement.getRemoteServiceUserName().isEmpty()) {
entitlementElem.addAttribute(fac.createOMAttribute("remoteServiceUserName", nullNS, entitlement.getRemoteServiceUserName()));
} else if (entitlement.getRemoteServiceUserNameKey() != null && !entitlement.getRemoteServiceUserNameKey().isEmpty()) {
entitlementElem.addAttribute(fac.createOMAttribute("remoteServiceUserNameKey", nullNS, entitlement.getRemoteServiceUserNameKey()));
}
if (entitlement.getRemoteServicePassword() != null && !entitlement.getRemoteServicePassword().isEmpty()) {
entitlementElem.addAttribute(fac.createOMAttribute("remoteServicePassword", nullNS, entitlement.getRemoteServicePassword()));
} else if (entitlement.getRemoteServicePasswordKey() != null && !entitlement.getRemoteServicePasswordKey().isEmpty()) {
entitlementElem.addAttribute(fac.createOMAttribute("remoteServicePasswordKey", nullNS, entitlement.getRemoteServicePasswordKey()));
}
if (entitlement.getCallbackClass() != null) {
entitlementElem.addAttribute(fac.createOMAttribute("callbackClass", nullNS, entitlement.getCallbackClass()));
}
if (entitlement.getCacheType() != null) {
entitlementElem.addAttribute(fac.createOMAttribute("cacheType", nullNS, entitlement.getCacheType()));
}
if (entitlement.getInvalidationInterval() != 0) {
entitlementElem.addAttribute(fac.createOMAttribute("invalidationInterval", nullNS, Integer.toString(entitlement.getInvalidationInterval())));
}
if (entitlement.getMaxCacheEntries() != 0) {
entitlementElem.addAttribute(fac.createOMAttribute("maxCacheEntries", nullNS, Integer.toString(entitlement.getMaxCacheEntries())));
}
if (entitlement.getClient() != null) {
entitlementElem.addAttribute(fac.createOMAttribute(EntitlementConstants.CLIENT, nullNS, entitlement.getClient()));
}
if (entitlement.getThriftHost() != null) {
entitlementElem.addAttribute(fac.createOMAttribute(EntitlementConstants.THRIFT_HOST, nullNS, entitlement.getThriftHost()));
}
if (entitlement.getThriftPort() != null) {
entitlementElem.addAttribute(fac.createOMAttribute(EntitlementConstants.THRIFT_PORT, nullNS, entitlement.getThriftPort()));
}
if (entitlement.getReuseSession() != null) {
entitlementElem.addAttribute(fac.createOMAttribute(EntitlementConstants.REUSE_SESSION, nullNS, entitlement.getReuseSession()));
}
String onReject = entitlement.getOnRejectSeqKey();
if (onReject != null) {
entitlementElem.addAttribute(fac.createOMAttribute(XMLConfigConstants.ONREJECT, nullNS, onReject));
} else {
Mediator m = entitlement.getOnRejectMediator();
SequenceMediatorSerializer serializer = new SequenceMediatorSerializer();
if (m != null && m instanceof SequenceMediator) {
OMElement element = serializer.serializeAnonymousSequence(null, (SequenceMediator) m);
element.setLocalName(XMLConfigConstants.ONREJECT);
entitlementElem.addChild(element);
}
}
String onAccept = entitlement.getOnAcceptSeqKey();
if (onAccept != null) {
entitlementElem.addAttribute(fac.createOMAttribute(XMLConfigConstants.ONACCEPT, nullNS, onAccept));
} else {
Mediator m = entitlement.getOnAcceptMediator();
SequenceMediatorSerializer serializer = new SequenceMediatorSerializer();
if (m != null && m instanceof SequenceMediator) {
OMElement element = serializer.serializeAnonymousSequence(null, (SequenceMediator) m);
element.setLocalName(XMLConfigConstants.ONACCEPT);
entitlementElem.addChild(element);
}
}
String obligation = entitlement.getObligationsSeqKey();
if (obligation != null) {
entitlementElem.addAttribute(fac.createOMAttribute(EntitlementMediatorFactory.OBLIGATIONS, nullNS, obligation));
} else {
Mediator m = entitlement.getObligationsMediator();
SequenceMediatorSerializer serializer = new SequenceMediatorSerializer();
if (m != null && m instanceof SequenceMediator) {
OMElement element = serializer.serializeAnonymousSequence(null, (SequenceMediator) m);
element.setLocalName(EntitlementMediatorFactory.OBLIGATIONS);
entitlementElem.addChild(element);
}
}
String advice = entitlement.getAdviceSeqKey();
if (advice != null) {
entitlementElem.addAttribute(fac.createOMAttribute(EntitlementMediatorFactory.ADVICE, nullNS, advice));
} else {
Mediator m = entitlement.getAdviceMediator();
SequenceMediatorSerializer serializer = new SequenceMediatorSerializer();
if (m != null && m instanceof SequenceMediator) {
OMElement element = serializer.serializeAnonymousSequence(null, (SequenceMediator) m);
element.setLocalName(EntitlementMediatorFactory.ADVICE);
entitlementElem.addChild(element);
}
}
serializeComments(entitlementElem, entitlement.getCommentsList());
return entitlementElem;
}
Also used :
OMElement(org.apache.axiom.om.OMElement)
Mediator(org.apache.synapse.Mediator)
SequenceMediator(org.apache.synapse.mediators.base.SequenceMediator)
EntitlementMediator(org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator)
SequenceMediatorSerializer(org.apache.synapse.config.xml.SequenceMediatorSerializer)
SequenceMediator(org.apache.synapse.mediators.base.SequenceMediator)
EntitlementMediator(org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator)
Aggregations
OMElement (org.apache.axiom.om.OMElement)6
JsonArray (com.google.gson.JsonArray)3
JsonObject (com.google.gson.JsonObject)3
QName (javax.xml.namespace.QName)3
SequenceMediator (org.apache.synapse.mediators.base.SequenceMediator)3
ArrayList (java.util.ArrayList)2
Map (java.util.Map)2
OMAttribute (org.apache.axiom.om.OMAttribute)2
SynapseException (org.apache.synapse.SynapseException)2
ObligationResult (org.wso2.balana.ObligationResult)2
AbstractResult (org.wso2.balana.ctx.AbstractResult)2
AttributeAssignment (org.wso2.balana.ctx.AttributeAssignment)2
Result (org.wso2.balana.ctx.xacml3.Result)2
ApplyElementDTO (org.wso2.balana.utils.policy.dto.ApplyElementDTO)2
AttributeAssignmentElementDTO (org.wso2.balana.utils.policy.dto.AttributeAssignmentElementDTO)2
AttributeValueElementDTO (org.wso2.balana.utils.policy.dto.AttributeValueElementDTO)2
ObligationElementDTO (org.wso2.balana.utils.policy.dto.ObligationElementDTO)2
Advice (org.wso2.balana.xacml3.Advice)2
ResponseWriteException (org.wso2.carbon.identity.entitlement.endpoint.exception.ResponseWriteException)2
EntitlementMediator (org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator)2
