Example 1 with EntitledResultSetDTO
use of org.wso2.carbon.identity.entitlement.dto.EntitledResultSetDTO in project carbon-identity-framework by wso2.
the class DecisionResource method getAllEntitlements.
/**
* API endpoint for returning all entitlements for a given set of parameters
*
* @return AllEntitlementResponseModel object
*/
@POST
@Path("entitlements-all")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@ApiOperation(value = "Get all entitlements for a given set of parameters", response = AllEntitlementsResponseModel.class)
@ApiResponses(value = { @ApiResponse(code = 200, message = "All Entitlements response", response = AllEntitlementsResponseModel.class), @ApiResponse(code = 40010, message = EntitlementEndpointConstants.ERROR_UNAUTHORIZED_MESSAGE, response = ExceptionBean.class), @ApiResponse(code = 40020, message = EntitlementEndpointConstants.ERROR_REQUEST_PARSE_MESSAGE, response = ExceptionBean.class), @ApiResponse(code = 40010, message = EntitlementEndpointConstants.ERROR_RESPONSE_READ_MESSAGE, response = ExceptionBean.class) })
public AllEntitlementsResponseModel getAllEntitlements(@ApiParam(value = "Request Media Type", required = true) @HeaderParam(EntitlementEndpointConstants.ACCEPT_HEADER) String format, @ApiParam(value = "Authentication Type", required = true) @HeaderParam(EntitlementEndpointConstants.AUTHENTICATION_TYPE_HEADER) String authMechanism, @ApiParam(value = "Add HTTP Basic Authorization", required = true) @HeaderParam(EntitlementEndpointConstants.AUTHORIZATION_HEADER) String authorization, @ApiParam(value = "Response Media Type", required = true) @HeaderParam(EntitlementEndpointConstants.CONTENT_TYPE_HEADER) String contentType, @ApiParam(value = "All Entitlements Model", required = true) AllEntitlementsRequestModel request) {
PolicySearch policySearch = EntitlementEngine.getInstance().getPolicySearch();
EntitledResultSetDTO resultSet = policySearch.getEntitledAttributes(request.getIdentifier(), request.getGivenAttributes());
AllEntitlementsResponseModel response = new AllEntitlementsResponseModel();
response.setEntitledResultSetDTO(resultSet);
return response;
}
Also used :
AllEntitlementsResponseModel(org.wso2.carbon.identity.entitlement.endpoint.resources.models.AllEntitlementsResponseModel)
PolicySearch(org.wso2.carbon.identity.entitlement.policy.search.PolicySearch)
EntitledResultSetDTO(org.wso2.carbon.identity.entitlement.dto.EntitledResultSetDTO)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Produces(javax.ws.rs.Produces)
Consumes(javax.ws.rs.Consumes)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 2 with EntitledResultSetDTO
use of org.wso2.carbon.identity.entitlement.dto.EntitledResultSetDTO in project carbon-identity-framework by wso2.
the class DecisionResource method getEntitledAttributes.
/**
* API endpoint for returning entitled attributes for a give set of parameters
*
* @return EntitledAttributesResponse object
*/
@POST
@Path("entitled-attribs")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@ApiOperation(value = "Get entitled attributes for a given set of parameters", response = EntitledAttributesResponseModel.class)
@ApiResponses(value = { @ApiResponse(code = 200, message = "Entitled Attributes response", response = EntitledAttributesResponseModel.class), @ApiResponse(code = 40010, message = EntitlementEndpointConstants.ERROR_UNAUTHORIZED_MESSAGE, response = ExceptionBean.class), @ApiResponse(code = 40020, message = EntitlementEndpointConstants.ERROR_REQUEST_PARSE_MESSAGE, response = ExceptionBean.class), @ApiResponse(code = 40010, message = EntitlementEndpointConstants.ERROR_RESPONSE_READ_MESSAGE, response = ExceptionBean.class) })
public EntitledAttributesResponseModel getEntitledAttributes(@ApiParam(value = "Request Media Type", required = true) @HeaderParam(EntitlementEndpointConstants.ACCEPT_HEADER) String format, @ApiParam(value = "Authentication Type", required = true) @HeaderParam(EntitlementEndpointConstants.AUTHENTICATION_TYPE_HEADER) String authMechanism, @ApiParam(value = "Add HTTP Basic Authorization", required = true) @HeaderParam(EntitlementEndpointConstants.AUTHORIZATION_HEADER) String authorization, @ApiParam(value = "Response Media Type", required = true) @HeaderParam(EntitlementEndpointConstants.CONTENT_TYPE_HEADER) String contentType, @ApiParam(value = "Entitled Attributes Model", required = true) EntitledAttributesRequestModel request) throws Exception {
if (request.getSubjectName() == null) {
log.error("Invalid input data - either the user name or role name should be non-null");
throw new RequestParseException(40022, "Invalid input data - either the user name or role name should be non-null");
}
PolicySearch policySearch = EntitlementEngine.getInstance().getPolicySearch();
EntitledResultSetDTO resultsSet = policySearch.getEntitledAttributes(request.getSubjectName(), request.getResourceName(), request.getSubjectId(), request.getAction(), request.isEnableChildSearch());
EntitledAttributesResponseModel response = new EntitledAttributesResponseModel();
response.setEntitledResultSetDTO(resultsSet);
return response;
}
Also used :
RequestParseException(org.wso2.carbon.identity.entitlement.endpoint.exception.RequestParseException)
EntitledAttributesResponseModel(org.wso2.carbon.identity.entitlement.endpoint.resources.models.EntitledAttributesResponseModel)
PolicySearch(org.wso2.carbon.identity.entitlement.policy.search.PolicySearch)
EntitledResultSetDTO(org.wso2.carbon.identity.entitlement.dto.EntitledResultSetDTO)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Produces(javax.ws.rs.Produces)
Consumes(javax.ws.rs.Consumes)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 3 with EntitledResultSetDTO
use of org.wso2.carbon.identity.entitlement.dto.EntitledResultSetDTO in project carbon-identity-framework by wso2.
the class PolicySearch method getEntitledAttributes.
/**
* gets all entitled attributes for given set of attributes
* this an universal method to do policy search and find entitlement attributes
*
* @param identifier identifier to separate out the attributes that is used for search
* this is not required and can be null
* @param givenAttributes user provided attributes
* @return all the attributes that is entitled
*/
public EntitledResultSetDTO getEntitledAttributes(String identifier, AttributeDTO[] givenAttributes) {
String cacheKey = "";
if (cachingEnable) {
int hashCode = 0;
for (AttributeDTO dto : givenAttributes) {
hashCode = hashCode + (31 * dto.hashCode());
}
cacheKey = identifier + hashCode;
SearchResult searchResult = policySearchCache.getFromCache(cacheKey);
if (searchResult != null) {
if (log.isDebugEnabled()) {
log.debug("PDP Search Cache Hit");
}
return searchResult.getResultSetDTO();
} else {
if (log.isDebugEnabled()) {
log.debug("PDP Search Cache Miss");
}
}
}
EntitledResultSetDTO result = new EntitledResultSetDTO();
Set<EntitledAttributesDTO> resultAttributes = new HashSet<EntitledAttributesDTO>();
Set<AttributeDTO> attributeDTOs = new HashSet<AttributeDTO>(Arrays.asList(givenAttributes));
for (PolicyFinderModule finderModule : finderModules) {
Map<String, Set<AttributeDTO>> attributesMap = finderModule.getSearchAttributes(identifier, attributeDTOs);
int supportedSearchScheme = finderModule.getSupportedSearchAttributesScheme();
Set<List<AttributeDTO>> requestSet = getPossibleRequests(attributesMap, supportedSearchScheme);
if (requestSet == null) {
log.error("Invalid Search scheme in policy finder : " + finderModule.getModuleName());
} else {
for (List<AttributeDTO> attributeDTOList : requestSet) {
if (getResponse(attributeDTOList)) {
EntitledAttributesDTO dto = new EntitledAttributesDTO();
dto.setAttributeDTOs(attributeDTOList.toArray(new AttributeDTO[attributeDTOList.size()]));
resultAttributes.add(dto);
}
}
}
}
result.setAdvanceResult(true);
result.setEntitledAttributesDTOs(resultAttributes.toArray(new EntitledAttributesDTO[resultAttributes.size()]));
if (cachingEnable) {
SearchResult searchResult = new SearchResult();
searchResult.setResultSetDTO(result);
policySearchCache.addToCache(cacheKey, searchResult);
if (log.isDebugEnabled()) {
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
log.debug("PDP Decision Cache Updated for tenantId " + tenantId);
}
}
return result;
}
Also used :
EntitledAttributesDTO(org.wso2.carbon.identity.entitlement.dto.EntitledAttributesDTO)
Set(java.util.Set)
HashSet(java.util.HashSet)
AttributeDTO(org.wso2.carbon.identity.entitlement.dto.AttributeDTO)
PolicyFinderModule(org.wso2.carbon.identity.entitlement.policy.finder.PolicyFinderModule)
ArrayList(java.util.ArrayList)
List(java.util.List)
EntitledResultSetDTO(org.wso2.carbon.identity.entitlement.dto.EntitledResultSetDTO)
HashSet(java.util.HashSet)
Example 4 with EntitledResultSetDTO
use of org.wso2.carbon.identity.entitlement.dto.EntitledResultSetDTO in project carbon-identity-framework by wso2.
the class PolicySearch method getEntitledAttributes.
/**
* This returns resource name as the list of the entitled attributes for given
* user or role and action, after evaluating the all the active policies in the PDP
*
* @param subjectName subject name
* @param resourceName resource name
* @param subjectId subject attribute Id
* @param action Action Name
* @param enableChildSearch whether search is done for the child resources under the given resource name
* @return entitled resource id set
* @throws EntitlementException throws
*/
public EntitledResultSetDTO getEntitledAttributes(String subjectName, String resourceName, String subjectId, String action, boolean enableChildSearch) throws EntitlementException {
String cacheKey = "";
if (cachingEnable) {
cacheKey = (subjectId != null ? subjectId : "") + (subjectName != null ? subjectName : "") + (resourceName != null ? resourceName : "") + (action != null ? action : "") + enableChildSearch;
SearchResult searchResult = policySearchCache.getFromCache(cacheKey);
if (searchResult != null) {
return searchResult.getResultSetDTO();
}
}
AttributeDTO subjectAttributeDTO;
boolean hierarchicalResource = false;
EntitledResultSetDTO resultSetDTO = new EntitledResultSetDTO();
Set<EntitledAttributesDTO> resultSet = new HashSet<EntitledAttributesDTO>();
if (subjectName != null && subjectName.trim().length() > 0) {
subjectAttributeDTO = new AttributeDTO();
subjectAttributeDTO.setCategory(PDPConstants.SUBJECT_CATEGORY_URI);
subjectAttributeDTO.setAttributeValue(subjectName);
subjectAttributeDTO.setAttributeDataType(PDPConstants.STRING_DATA_TYPE);
if (subjectId != null && subjectId.trim().length() > 0) {
subjectAttributeDTO.setAttributeId(subjectId);
} else {
subjectAttributeDTO.setAttributeId(PDPConstants.SUBJECT_ID_DEFAULT);
}
} else {
throw new EntitlementException("Error : subject value can not be null");
}
if (getResponse(Arrays.asList(subjectAttributeDTO))) {
EntitledAttributesDTO dto = new EntitledAttributesDTO();
dto.setAllActions(true);
dto.setAllResources(true);
EntitledResultSetDTO setDTO = new EntitledResultSetDTO();
setDTO.setEntitledAttributesDTOs(new EntitledAttributesDTO[] { dto });
return setDTO;
}
for (PolicyFinderModule module : finderModules) {
if (module.isDefaultCategoriesSupported() && PolicyFinderModule.COMBINATIONS_BY_CATEGORY_AND_PARAMETER == module.getSupportedSearchAttributesScheme()) {
Map<String, Set<AttributeDTO>> requestMap = module.getSearchAttributes(null, new HashSet<AttributeDTO>(Arrays.asList(subjectAttributeDTO)));
for (Map.Entry<String, Set<AttributeDTO>> entry : requestMap.entrySet()) {
Set<AttributeDTO> attributeDTOs = entry.getValue();
if (attributeDTOs != null) {
Set<AttributeDTO> actions = new HashSet<AttributeDTO>();
Set<AttributeDTO> resources = new HashSet<AttributeDTO>();
Set<AttributeDTO> requestAttributes = new HashSet<AttributeDTO>();
if (resourceName != null && resourceName.trim().length() > 0) {
AttributeDTO resourceAttribute = new AttributeDTO();
resourceAttribute.setAttributeValue(resourceName);
resourceAttribute.setAttributeDataType(PDPConstants.STRING_DATA_TYPE);
resourceAttribute.setAttributeId(PDPConstants.RESOURCE_ID_DEFAULT);
resourceAttribute.setCategory(PDPConstants.RESOURCE_CATEGORY_URI);
resources.add(resourceAttribute);
hierarchicalResource = true;
}
AttributeDTO resourceScopeAttribute = new AttributeDTO();
resourceScopeAttribute.setAttributeValue(PDPConstants.RESOURCE_DESCENDANTS);
resourceScopeAttribute.setAttributeDataType(PDPConstants.STRING_DATA_TYPE);
resourceScopeAttribute.setAttributeId(PDPConstants.RESOURCE_SCOPE_ID);
resourceScopeAttribute.setCategory(PDPConstants.RESOURCE_CATEGORY_URI);
for (AttributeDTO attributeDTO : attributeDTOs) {
if (PDPConstants.ENVIRONMENT_CATEGORY_URI.equals(attributeDTO.getCategory()) || PDPConstants.ENVIRONMENT_ELEMENT.equals(attributeDTO.getCategory())) {
requestAttributes.add(attributeDTO);
attributeDTO.setAttributeId(PDPConstants.ENVIRONMENT_ID_DEFAULT);
requestAttributes.add(attributeDTO);
} else if (PDPConstants.ACTION_CATEGORY_URI.equals(attributeDTO.getCategory()) || PDPConstants.ACTION_ELEMENT.equals(attributeDTO.getCategory())) {
if (action != null && action.trim().length() > 0) {
attributeDTO.setAttributeValue(action);
}
actions.add(attributeDTO);
attributeDTO.setAttributeId(PDPConstants.ACTION_ID_DEFAULT);
actions.add(attributeDTO);
} else if ((PDPConstants.RESOURCE_CATEGORY_URI.equals(attributeDTO.getCategory()) || PDPConstants.RESOURCE_ELEMENT.equals(attributeDTO.getCategory())) && !hierarchicalResource) {
attributeDTO.setAttributeId(PDPConstants.RESOURCE_ID_DEFAULT);
resources.add(attributeDTO);
}
}
if (resultSetDTO.getMessage() == null) {
List<String> entitledActions = new ArrayList<String>();
for (AttributeDTO actionDTO : actions) {
List<AttributeDTO> currentRequestAttributes = new ArrayList<AttributeDTO>();
currentRequestAttributes.add(subjectAttributeDTO);
currentRequestAttributes.add(actionDTO);
if (getResponse(currentRequestAttributes)) {
EntitledAttributesDTO dto = new EntitledAttributesDTO();
dto.setAllResources(true);
dto.setAction(actionDTO.getAttributeValue());
resultSet.add(dto);
entitledActions.add(actionDTO.getAttributeValue());
}
}
for (AttributeDTO resource : resources) {
if (PDPConstants.RESOURCE_CATEGORY_URI.equals(resource.getCategory()) || PDPConstants.RESOURCE_ELEMENT.equals(resource.getCategory())) {
boolean allActionsAllowed = false;
int noOfRequests = 1;
if (enableChildSearch) {
noOfRequests = 0;
}
while (noOfRequests < 2) {
List<AttributeDTO> currentRequestAttributes = new ArrayList<AttributeDTO>();
for (AttributeDTO dto : requestAttributes) {
currentRequestAttributes.add(dto);
}
if (noOfRequests < 1) {
currentRequestAttributes.add(resourceScopeAttribute);
}
currentRequestAttributes.add(subjectAttributeDTO);
currentRequestAttributes.add(resource);
if (getResponse(currentRequestAttributes)) {
EntitledAttributesDTO dto = new EntitledAttributesDTO();
dto.setResourceName(resource.getAttributeValue());
dto.setAllActions(true);
resultSet.add(dto);
allActionsAllowed = true;
}
noOfRequests++;
}
if (allActionsAllowed) {
continue;
}
for (AttributeDTO actionAttributeDTO : actions) {
if (entitledActions.contains(actionAttributeDTO.getAttributeValue())) {
continue;
}
noOfRequests = 1;
if (enableChildSearch) {
noOfRequests = 0;
}
while (noOfRequests < 2) {
List<AttributeDTO> currentRequestAttributes = new ArrayList<AttributeDTO>();
for (AttributeDTO dto : requestAttributes) {
currentRequestAttributes.add(dto);
}
if (noOfRequests < 1) {
currentRequestAttributes.add(resourceScopeAttribute);
}
currentRequestAttributes.add(subjectAttributeDTO);
currentRequestAttributes.add(resource);
currentRequestAttributes.add(actionAttributeDTO);
if (getResponse(currentRequestAttributes)) {
EntitledAttributesDTO dto = new EntitledAttributesDTO();
dto.setResourceName(resource.getAttributeValue());
dto.setAction(actionAttributeDTO.getAttributeValue());
resultSet.add(dto);
}
noOfRequests++;
}
}
}
}
}
}
}
}
}
resultSetDTO.setEntitledAttributesDTOs(resultSet.toArray(new EntitledAttributesDTO[resultSet.size()]));
if (cachingEnable) {
SearchResult result = new SearchResult();
result.setResultSetDTO(resultSetDTO);
policySearchCache.addToCache(cacheKey, result);
if (log.isDebugEnabled()) {
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
log.debug("PDP Decision Cache Updated for tenantId " + tenantId);
}
}
return resultSetDTO;
}
Also used :
EntitledAttributesDTO(org.wso2.carbon.identity.entitlement.dto.EntitledAttributesDTO)
Set(java.util.Set)
HashSet(java.util.HashSet)
ArrayList(java.util.ArrayList)
AttributeDTO(org.wso2.carbon.identity.entitlement.dto.AttributeDTO)
EntitlementException(org.wso2.carbon.identity.entitlement.EntitlementException)
PolicyFinderModule(org.wso2.carbon.identity.entitlement.policy.finder.PolicyFinderModule)
EntitledResultSetDTO(org.wso2.carbon.identity.entitlement.dto.EntitledResultSetDTO)
HashMap(java.util.HashMap)
Map(java.util.Map)
HashSet(java.util.HashSet)
Aggregations
EntitledResultSetDTO (org.wso2.carbon.identity.entitlement.dto.EntitledResultSetDTO)4
ApiOperation (io.swagger.annotations.ApiOperation)2
ApiResponses (io.swagger.annotations.ApiResponses)2
ArrayList (java.util.ArrayList)2
HashSet (java.util.HashSet)2
Set (java.util.Set)2
Consumes (javax.ws.rs.Consumes)2
POST (javax.ws.rs.POST)2
Path (javax.ws.rs.Path)2
Produces (javax.ws.rs.Produces)2
AttributeDTO (org.wso2.carbon.identity.entitlement.dto.AttributeDTO)2
EntitledAttributesDTO (org.wso2.carbon.identity.entitlement.dto.EntitledAttributesDTO)2
PolicyFinderModule (org.wso2.carbon.identity.entitlement.policy.finder.PolicyFinderModule)2
PolicySearch (org.wso2.carbon.identity.entitlement.policy.search.PolicySearch)2
HashMap (java.util.HashMap)1
List (java.util.List)1
Map (java.util.Map)1
EntitlementException (org.wso2.carbon.identity.entitlement.EntitlementException)1
RequestParseException (org.wso2.carbon.identity.entitlement.endpoint.exception.RequestParseException)1
AllEntitlementsResponseModel (org.wso2.carbon.identity.entitlement.endpoint.resources.models.AllEntitlementsResponseModel)1
