Example 1 with RequestDefaults
use of org.wso2.balana.xacml3.RequestDefaults in project carbon-identity-framework by wso2.
the class JSONRequestParser method parse.
/**
* Static method that will convert a XACML JSON Request to a <code>{@link RequestCtx}</code> instance
*
* @param jsonRequest <code>String</code> with JSON request
* @return <code>{@link RequestCtx}</code> instance that can be used to evaluate on Balana
* @throws JsonParseException <code>{@link JsonParseException}</code>
* @throws RequestParseException <code>{@link RequestParseException}</code>
* @throws UnknownIdentifierException <code>{@link UnknownIdentifierException}</code>
*/
public static RequestCtx parse(String jsonRequest) throws JsonParseException, RequestParseException, UnknownIdentifierException {
JsonObject requestObject = null;
Set<Attributes> categories = new HashSet<>();
boolean returnPolicyIdList = false;
boolean combinedDecision = false;
MultiRequests multiRequests = null;
RequestDefaults requestDefaults = null;
try {
requestObject = gson.fromJson(jsonRequest, JsonObject.class);
requestObject = requestObject.get("Request").getAsJsonObject();
} catch (Exception e) {
throw new JsonParseException("Error in JSON Request String");
}
Set<Map.Entry<String, JsonElement>> jsonAttributes = requestObject.entrySet();
for (Map.Entry<String, JsonElement> jsonAttribute : jsonAttributes) {
if (jsonAttribute.getValue().isJsonPrimitive()) {
switch(jsonAttribute.getKey()) {
case XACMLConstants.RETURN_POLICY_LIST:
if (jsonAttribute.getValue().getAsBoolean() == true) {
returnPolicyIdList = true;
}
break;
case XACMLConstants.COMBINE_DECISION:
if (jsonAttribute.getValue().getAsBoolean() == true) {
combinedDecision = true;
}
break;
case EntitlementEndpointConstants.XPATH_VERSION:
String xPathVersion = jsonAttribute.getValue().getAsString();
requestDefaults = new RequestDefaults(xPathVersion);
break;
}
} else if (!jsonAttribute.getValue().isJsonNull()) {
JsonObject jsonCategory = null;
if (jsonAttribute.getValue().isJsonObject()) {
jsonCategory = jsonAttribute.getValue().getAsJsonObject();
jsonAttributeSeperator(jsonAttribute, jsonCategory, categories);
} else if (jsonAttribute.getValue().isJsonArray()) {
for (JsonElement jsonElement : jsonAttribute.getValue().getAsJsonArray()) {
jsonCategory = jsonElement.getAsJsonObject();
jsonAttributeSeperator(jsonAttribute, jsonCategory, categories);
}
} else if (EntitlementEndpointConstants.MULTI_REQUESTS.equals(jsonAttribute.getKey())) {
Set<Map.Entry<String, JsonElement>> jsonRequestReferences = jsonCategory.entrySet();
Set<RequestReference> requestReferences = new HashSet<>();
if (jsonRequestReferences.isEmpty()) {
throw new RequestParseException("MultiRequest should contain at least one Reference Request");
}
for (Map.Entry<String, JsonElement> jsonRequstReference : jsonRequestReferences) {
requestReferences.add(jsonObjectToRequestReference(jsonRequstReference.getValue().getAsJsonObject()));
}
multiRequests = new MultiRequests(requestReferences);
}
}
}
return new RequestCtx(null, categories, returnPolicyIdList, combinedDecision, multiRequests, requestDefaults);
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
Attributes(org.wso2.balana.xacml3.Attributes)
JsonObject(com.google.gson.JsonObject)
MultiRequests(org.wso2.balana.xacml3.MultiRequests)
RequestDefaults(org.wso2.balana.xacml3.RequestDefaults)
JsonParseException(com.google.gson.JsonParseException)
JsonParseException(com.google.gson.JsonParseException)
RequestParseException(org.wso2.carbon.identity.entitlement.endpoint.exception.RequestParseException)
UnknownIdentifierException(org.wso2.balana.UnknownIdentifierException)
RequestParseException(org.wso2.carbon.identity.entitlement.endpoint.exception.RequestParseException)
JsonElement(com.google.gson.JsonElement)
Map(java.util.Map)
HashSet(java.util.HashSet)
RequestCtx(org.wso2.balana.ctx.xacml3.RequestCtx)
Example 2 with RequestDefaults
use of org.wso2.balana.xacml3.RequestDefaults in project core-pdp-api by authzforce.
the class BaseXacmlJaxbRequestPreprocessor method process.
@Override
public final List<IndividualXacmlJaxbRequest> process(final Request jaxbRequest, final Map<String, String> namespaceURIsByPrefix) throws IndeterminateEvaluationException {
if (jaxbRequest == null) {
throw NULL_REQUEST_EXCEPTION;
}
/*
* No support for MultiRequests (ยง2.4 of Multiple Decision Profile).
*/
if (jaxbRequest.getMultiRequests() != null) {
/*
* According to 7.19.1 Unsupported functionality, return Indeterminate with syntax-error code for unsupported element
*/
throw UNSUPPORTED_MULTI_REQUESTS_EXCEPTION;
}
/*
* No support for CombinedDecision = true if no decisionCombiner defined. (The use of the CombinedDecision attribute is specified in Multiple Decision Profile.)
*/
if (jaxbRequest.isCombinedDecision() && !this.isCombinedDecisionSupported) {
/*
* According to XACML core spec, 5.42, <i>If the PDP does not implement the relevant functionality in [Multiple Decision Profile], then the PDP must return an Indeterminate with a status
* code of urn:oasis:names:tc:xacml:1.0:status:processing-error if it receives a request with this attribute set to "true"</i>.
*/
throw UNSUPPORTED_COMBINED_DECISION_EXCEPTION;
}
final RequestDefaults jaxbReqDefaults = jaxbRequest.getRequestDefaults();
final Optional<XPathCompilerProxy> xPathCompiler;
final Map<String, String> newNsPrefixToUriMap;
if (jaxbReqDefaults == null) {
xPathCompiler = Optional.empty();
newNsPrefixToUriMap = namespaceURIsByPrefix;
} else {
try {
final XPathVersion xPathVersion = XPathVersion.fromURI(jaxbReqDefaults.getXPathVersion());
xPathCompiler = Optional.of(new BasicImmutableXPathCompilerProxy(xPathVersion, namespaceURIsByPrefix));
/*
namespaceURIsByPrefix already held by xPathCompiler and retrievable from it with getDeclaredNamespacePrefixToUriMap().
*/
newNsPrefixToUriMap = Map.of();
} catch (IllegalArgumentException e) {
throw new IllegalArgumentException("Invalid/unsupported XPathVersion in Request/RequestDefaults", e);
}
}
final SingleCategoryXacmlAttributesParser<Attributes> xacmlAttrsParser = xacmlAttrsParserFactory.getInstance();
return process(jaxbRequest.getAttributes(), xacmlAttrsParser, jaxbRequest.isReturnPolicyIdList(), jaxbRequest.isCombinedDecision(), xPathCompiler, newNsPrefixToUriMap);
}
Also used :
BasicImmutableXPathCompilerProxy(org.ow2.authzforce.core.pdp.api.expression.BasicImmutableXPathCompilerProxy)
BasicImmutableXPathCompilerProxy(org.ow2.authzforce.core.pdp.api.expression.BasicImmutableXPathCompilerProxy)
XPathCompilerProxy(org.ow2.authzforce.core.pdp.api.expression.XPathCompilerProxy)
Attributes(oasis.names.tc.xacml._3_0.core.schema.wd_17.Attributes)
RequestDefaults(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestDefaults)
XPathVersion(org.ow2.authzforce.xacml.identifiers.XPathVersion)
Aggregations
JsonElement (com.google.gson.JsonElement)1
JsonObject (com.google.gson.JsonObject)1
JsonParseException (com.google.gson.JsonParseException)1
HashSet (java.util.HashSet)1
Map (java.util.Map)1
Set (java.util.Set)1
Attributes (oasis.names.tc.xacml._3_0.core.schema.wd_17.Attributes)1
RequestDefaults (oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestDefaults)1
BasicImmutableXPathCompilerProxy (org.ow2.authzforce.core.pdp.api.expression.BasicImmutableXPathCompilerProxy)1
XPathCompilerProxy (org.ow2.authzforce.core.pdp.api.expression.XPathCompilerProxy)1
XPathVersion (org.ow2.authzforce.xacml.identifiers.XPathVersion)1
UnknownIdentifierException (org.wso2.balana.UnknownIdentifierException)1
RequestCtx (org.wso2.balana.ctx.xacml3.RequestCtx)1
Attributes (org.wso2.balana.xacml3.Attributes)1
MultiRequests (org.wso2.balana.xacml3.MultiRequests)1
RequestDefaults (org.wso2.balana.xacml3.RequestDefaults)1
RequestParseException (org.wso2.carbon.identity.entitlement.endpoint.exception.RequestParseException)1
