Search in sources :

Example 1 with EntitledResultSetDTO

use of org.wso2.carbon.identity.entitlement.dto.EntitledResultSetDTO in project carbon-identity-framework by wso2.

the class DecisionResource method getAllEntitlements.

/**
 * API endpoint for returning all entitlements for a given set of parameters
 *
 * @return AllEntitlementResponseModel object
 */
@POST
@Path("entitlements-all")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@ApiOperation(value = "Get all entitlements for a given set of parameters", response = AllEntitlementsResponseModel.class)
@ApiResponses(value = { @ApiResponse(code = 200, message = "All Entitlements response", response = AllEntitlementsResponseModel.class), @ApiResponse(code = 40010, message = EntitlementEndpointConstants.ERROR_UNAUTHORIZED_MESSAGE, response = ExceptionBean.class), @ApiResponse(code = 40020, message = EntitlementEndpointConstants.ERROR_REQUEST_PARSE_MESSAGE, response = ExceptionBean.class), @ApiResponse(code = 40010, message = EntitlementEndpointConstants.ERROR_RESPONSE_READ_MESSAGE, response = ExceptionBean.class) })
public AllEntitlementsResponseModel getAllEntitlements(@ApiParam(value = "Request Media Type", required = true) @HeaderParam(EntitlementEndpointConstants.ACCEPT_HEADER) String format, @ApiParam(value = "Authentication Type", required = true) @HeaderParam(EntitlementEndpointConstants.AUTHENTICATION_TYPE_HEADER) String authMechanism, @ApiParam(value = "Add HTTP Basic Authorization", required = true) @HeaderParam(EntitlementEndpointConstants.AUTHORIZATION_HEADER) String authorization, @ApiParam(value = "Response Media Type", required = true) @HeaderParam(EntitlementEndpointConstants.CONTENT_TYPE_HEADER) String contentType, @ApiParam(value = "All Entitlements Model", required = true) AllEntitlementsRequestModel request) {
    PolicySearch policySearch = EntitlementEngine.getInstance().getPolicySearch();
    EntitledResultSetDTO resultSet = policySearch.getEntitledAttributes(request.getIdentifier(), request.getGivenAttributes());
    AllEntitlementsResponseModel response = new AllEntitlementsResponseModel();
    response.setEntitledResultSetDTO(resultSet);
    return response;
}
Also used : AllEntitlementsResponseModel(org.wso2.carbon.identity.entitlement.endpoint.resources.models.AllEntitlementsResponseModel) PolicySearch(org.wso2.carbon.identity.entitlement.policy.search.PolicySearch) EntitledResultSetDTO(org.wso2.carbon.identity.entitlement.dto.EntitledResultSetDTO) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces) Consumes(javax.ws.rs.Consumes) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Example 2 with EntitledResultSetDTO

use of org.wso2.carbon.identity.entitlement.dto.EntitledResultSetDTO in project carbon-identity-framework by wso2.

the class DecisionResource method getEntitledAttributes.

/**
 * API endpoint for returning entitled attributes for a give set of parameters
 *
 * @return EntitledAttributesResponse object
 */
@POST
@Path("entitled-attribs")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@ApiOperation(value = "Get entitled attributes for a given set of parameters", response = EntitledAttributesResponseModel.class)
@ApiResponses(value = { @ApiResponse(code = 200, message = "Entitled Attributes response", response = EntitledAttributesResponseModel.class), @ApiResponse(code = 40010, message = EntitlementEndpointConstants.ERROR_UNAUTHORIZED_MESSAGE, response = ExceptionBean.class), @ApiResponse(code = 40020, message = EntitlementEndpointConstants.ERROR_REQUEST_PARSE_MESSAGE, response = ExceptionBean.class), @ApiResponse(code = 40010, message = EntitlementEndpointConstants.ERROR_RESPONSE_READ_MESSAGE, response = ExceptionBean.class) })
public EntitledAttributesResponseModel getEntitledAttributes(@ApiParam(value = "Request Media Type", required = true) @HeaderParam(EntitlementEndpointConstants.ACCEPT_HEADER) String format, @ApiParam(value = "Authentication Type", required = true) @HeaderParam(EntitlementEndpointConstants.AUTHENTICATION_TYPE_HEADER) String authMechanism, @ApiParam(value = "Add HTTP Basic Authorization", required = true) @HeaderParam(EntitlementEndpointConstants.AUTHORIZATION_HEADER) String authorization, @ApiParam(value = "Response Media Type", required = true) @HeaderParam(EntitlementEndpointConstants.CONTENT_TYPE_HEADER) String contentType, @ApiParam(value = "Entitled Attributes Model", required = true) EntitledAttributesRequestModel request) throws Exception {
    if (request.getSubjectName() == null) {
        log.error("Invalid input data - either the user name or role name should be non-null");
        throw new RequestParseException(40022, "Invalid input data - either the user name or role name should be non-null");
    }
    PolicySearch policySearch = EntitlementEngine.getInstance().getPolicySearch();
    EntitledResultSetDTO resultsSet = policySearch.getEntitledAttributes(request.getSubjectName(), request.getResourceName(), request.getSubjectId(), request.getAction(), request.isEnableChildSearch());
    EntitledAttributesResponseModel response = new EntitledAttributesResponseModel();
    response.setEntitledResultSetDTO(resultsSet);
    return response;
}
Also used : RequestParseException(org.wso2.carbon.identity.entitlement.endpoint.exception.RequestParseException) EntitledAttributesResponseModel(org.wso2.carbon.identity.entitlement.endpoint.resources.models.EntitledAttributesResponseModel) PolicySearch(org.wso2.carbon.identity.entitlement.policy.search.PolicySearch) EntitledResultSetDTO(org.wso2.carbon.identity.entitlement.dto.EntitledResultSetDTO) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces) Consumes(javax.ws.rs.Consumes) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Example 3 with EntitledResultSetDTO

use of org.wso2.carbon.identity.entitlement.dto.EntitledResultSetDTO in project carbon-identity-framework by wso2.

the class PolicySearch method getEntitledAttributes.

/**
 * gets all entitled attributes for given set of attributes
 * this an universal method to do policy search and find entitlement attributes
 *
 * @param identifier      identifier to separate out the attributes that is used for search
 *                        this is not required and can be null
 * @param givenAttributes user provided attributes
 * @return all the attributes that is entitled
 */
public EntitledResultSetDTO getEntitledAttributes(String identifier, AttributeDTO[] givenAttributes) {
    String cacheKey = "";
    if (cachingEnable) {
        int hashCode = 0;
        for (AttributeDTO dto : givenAttributes) {
            hashCode = hashCode + (31 * dto.hashCode());
        }
        cacheKey = identifier + hashCode;
        SearchResult searchResult = policySearchCache.getFromCache(cacheKey);
        if (searchResult != null) {
            if (log.isDebugEnabled()) {
                log.debug("PDP Search Cache Hit");
            }
            return searchResult.getResultSetDTO();
        } else {
            if (log.isDebugEnabled()) {
                log.debug("PDP Search Cache Miss");
            }
        }
    }
    EntitledResultSetDTO result = new EntitledResultSetDTO();
    Set<EntitledAttributesDTO> resultAttributes = new HashSet<EntitledAttributesDTO>();
    Set<AttributeDTO> attributeDTOs = new HashSet<AttributeDTO>(Arrays.asList(givenAttributes));
    for (PolicyFinderModule finderModule : finderModules) {
        Map<String, Set<AttributeDTO>> attributesMap = finderModule.getSearchAttributes(identifier, attributeDTOs);
        int supportedSearchScheme = finderModule.getSupportedSearchAttributesScheme();
        Set<List<AttributeDTO>> requestSet = getPossibleRequests(attributesMap, supportedSearchScheme);
        if (requestSet == null) {
            log.error("Invalid Search scheme in policy finder : " + finderModule.getModuleName());
        } else {
            for (List<AttributeDTO> attributeDTOList : requestSet) {
                if (getResponse(attributeDTOList)) {
                    EntitledAttributesDTO dto = new EntitledAttributesDTO();
                    dto.setAttributeDTOs(attributeDTOList.toArray(new AttributeDTO[attributeDTOList.size()]));
                    resultAttributes.add(dto);
                }
            }
        }
    }
    result.setAdvanceResult(true);
    result.setEntitledAttributesDTOs(resultAttributes.toArray(new EntitledAttributesDTO[resultAttributes.size()]));
    if (cachingEnable) {
        SearchResult searchResult = new SearchResult();
        searchResult.setResultSetDTO(result);
        policySearchCache.addToCache(cacheKey, searchResult);
        if (log.isDebugEnabled()) {
            int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
            log.debug("PDP Decision Cache Updated for tenantId " + tenantId);
        }
    }
    return result;
}
Also used : EntitledAttributesDTO(org.wso2.carbon.identity.entitlement.dto.EntitledAttributesDTO) Set(java.util.Set) HashSet(java.util.HashSet) AttributeDTO(org.wso2.carbon.identity.entitlement.dto.AttributeDTO) PolicyFinderModule(org.wso2.carbon.identity.entitlement.policy.finder.PolicyFinderModule) ArrayList(java.util.ArrayList) List(java.util.List) EntitledResultSetDTO(org.wso2.carbon.identity.entitlement.dto.EntitledResultSetDTO) HashSet(java.util.HashSet)

Example 4 with EntitledResultSetDTO

use of org.wso2.carbon.identity.entitlement.dto.EntitledResultSetDTO in project carbon-identity-framework by wso2.

the class PolicySearch method getEntitledAttributes.

/**
 * This returns resource name as the list of the entitled attributes for given
 * user or role and action, after evaluating the all the active policies in the PDP
 *
 * @param subjectName       subject name
 * @param resourceName      resource name
 * @param subjectId         subject attribute Id
 * @param action            Action Name
 * @param enableChildSearch whether search is done for the child resources under the given  resource name
 * @return entitled resource id set
 * @throws EntitlementException throws
 */
public EntitledResultSetDTO getEntitledAttributes(String subjectName, String resourceName, String subjectId, String action, boolean enableChildSearch) throws EntitlementException {
    String cacheKey = "";
    if (cachingEnable) {
        cacheKey = (subjectId != null ? subjectId : "") + (subjectName != null ? subjectName : "") + (resourceName != null ? resourceName : "") + (action != null ? action : "") + enableChildSearch;
        SearchResult searchResult = policySearchCache.getFromCache(cacheKey);
        if (searchResult != null) {
            return searchResult.getResultSetDTO();
        }
    }
    AttributeDTO subjectAttributeDTO;
    boolean hierarchicalResource = false;
    EntitledResultSetDTO resultSetDTO = new EntitledResultSetDTO();
    Set<EntitledAttributesDTO> resultSet = new HashSet<EntitledAttributesDTO>();
    if (subjectName != null && subjectName.trim().length() > 0) {
        subjectAttributeDTO = new AttributeDTO();
        subjectAttributeDTO.setCategory(PDPConstants.SUBJECT_CATEGORY_URI);
        subjectAttributeDTO.setAttributeValue(subjectName);
        subjectAttributeDTO.setAttributeDataType(PDPConstants.STRING_DATA_TYPE);
        if (subjectId != null && subjectId.trim().length() > 0) {
            subjectAttributeDTO.setAttributeId(subjectId);
        } else {
            subjectAttributeDTO.setAttributeId(PDPConstants.SUBJECT_ID_DEFAULT);
        }
    } else {
        throw new EntitlementException("Error : subject value can not be null");
    }
    if (getResponse(Arrays.asList(subjectAttributeDTO))) {
        EntitledAttributesDTO dto = new EntitledAttributesDTO();
        dto.setAllActions(true);
        dto.setAllResources(true);
        EntitledResultSetDTO setDTO = new EntitledResultSetDTO();
        setDTO.setEntitledAttributesDTOs(new EntitledAttributesDTO[] { dto });
        return setDTO;
    }
    for (PolicyFinderModule module : finderModules) {
        if (module.isDefaultCategoriesSupported() && PolicyFinderModule.COMBINATIONS_BY_CATEGORY_AND_PARAMETER == module.getSupportedSearchAttributesScheme()) {
            Map<String, Set<AttributeDTO>> requestMap = module.getSearchAttributes(null, new HashSet<AttributeDTO>(Arrays.asList(subjectAttributeDTO)));
            for (Map.Entry<String, Set<AttributeDTO>> entry : requestMap.entrySet()) {
                Set<AttributeDTO> attributeDTOs = entry.getValue();
                if (attributeDTOs != null) {
                    Set<AttributeDTO> actions = new HashSet<AttributeDTO>();
                    Set<AttributeDTO> resources = new HashSet<AttributeDTO>();
                    Set<AttributeDTO> requestAttributes = new HashSet<AttributeDTO>();
                    if (resourceName != null && resourceName.trim().length() > 0) {
                        AttributeDTO resourceAttribute = new AttributeDTO();
                        resourceAttribute.setAttributeValue(resourceName);
                        resourceAttribute.setAttributeDataType(PDPConstants.STRING_DATA_TYPE);
                        resourceAttribute.setAttributeId(PDPConstants.RESOURCE_ID_DEFAULT);
                        resourceAttribute.setCategory(PDPConstants.RESOURCE_CATEGORY_URI);
                        resources.add(resourceAttribute);
                        hierarchicalResource = true;
                    }
                    AttributeDTO resourceScopeAttribute = new AttributeDTO();
                    resourceScopeAttribute.setAttributeValue(PDPConstants.RESOURCE_DESCENDANTS);
                    resourceScopeAttribute.setAttributeDataType(PDPConstants.STRING_DATA_TYPE);
                    resourceScopeAttribute.setAttributeId(PDPConstants.RESOURCE_SCOPE_ID);
                    resourceScopeAttribute.setCategory(PDPConstants.RESOURCE_CATEGORY_URI);
                    for (AttributeDTO attributeDTO : attributeDTOs) {
                        if (PDPConstants.ENVIRONMENT_CATEGORY_URI.equals(attributeDTO.getCategory()) || PDPConstants.ENVIRONMENT_ELEMENT.equals(attributeDTO.getCategory())) {
                            requestAttributes.add(attributeDTO);
                            attributeDTO.setAttributeId(PDPConstants.ENVIRONMENT_ID_DEFAULT);
                            requestAttributes.add(attributeDTO);
                        } else if (PDPConstants.ACTION_CATEGORY_URI.equals(attributeDTO.getCategory()) || PDPConstants.ACTION_ELEMENT.equals(attributeDTO.getCategory())) {
                            if (action != null && action.trim().length() > 0) {
                                attributeDTO.setAttributeValue(action);
                            }
                            actions.add(attributeDTO);
                            attributeDTO.setAttributeId(PDPConstants.ACTION_ID_DEFAULT);
                            actions.add(attributeDTO);
                        } else if ((PDPConstants.RESOURCE_CATEGORY_URI.equals(attributeDTO.getCategory()) || PDPConstants.RESOURCE_ELEMENT.equals(attributeDTO.getCategory())) && !hierarchicalResource) {
                            attributeDTO.setAttributeId(PDPConstants.RESOURCE_ID_DEFAULT);
                            resources.add(attributeDTO);
                        }
                    }
                    if (resultSetDTO.getMessage() == null) {
                        List<String> entitledActions = new ArrayList<String>();
                        for (AttributeDTO actionDTO : actions) {
                            List<AttributeDTO> currentRequestAttributes = new ArrayList<AttributeDTO>();
                            currentRequestAttributes.add(subjectAttributeDTO);
                            currentRequestAttributes.add(actionDTO);
                            if (getResponse(currentRequestAttributes)) {
                                EntitledAttributesDTO dto = new EntitledAttributesDTO();
                                dto.setAllResources(true);
                                dto.setAction(actionDTO.getAttributeValue());
                                resultSet.add(dto);
                                entitledActions.add(actionDTO.getAttributeValue());
                            }
                        }
                        for (AttributeDTO resource : resources) {
                            if (PDPConstants.RESOURCE_CATEGORY_URI.equals(resource.getCategory()) || PDPConstants.RESOURCE_ELEMENT.equals(resource.getCategory())) {
                                boolean allActionsAllowed = false;
                                int noOfRequests = 1;
                                if (enableChildSearch) {
                                    noOfRequests = 0;
                                }
                                while (noOfRequests < 2) {
                                    List<AttributeDTO> currentRequestAttributes = new ArrayList<AttributeDTO>();
                                    for (AttributeDTO dto : requestAttributes) {
                                        currentRequestAttributes.add(dto);
                                    }
                                    if (noOfRequests < 1) {
                                        currentRequestAttributes.add(resourceScopeAttribute);
                                    }
                                    currentRequestAttributes.add(subjectAttributeDTO);
                                    currentRequestAttributes.add(resource);
                                    if (getResponse(currentRequestAttributes)) {
                                        EntitledAttributesDTO dto = new EntitledAttributesDTO();
                                        dto.setResourceName(resource.getAttributeValue());
                                        dto.setAllActions(true);
                                        resultSet.add(dto);
                                        allActionsAllowed = true;
                                    }
                                    noOfRequests++;
                                }
                                if (allActionsAllowed) {
                                    continue;
                                }
                                for (AttributeDTO actionAttributeDTO : actions) {
                                    if (entitledActions.contains(actionAttributeDTO.getAttributeValue())) {
                                        continue;
                                    }
                                    noOfRequests = 1;
                                    if (enableChildSearch) {
                                        noOfRequests = 0;
                                    }
                                    while (noOfRequests < 2) {
                                        List<AttributeDTO> currentRequestAttributes = new ArrayList<AttributeDTO>();
                                        for (AttributeDTO dto : requestAttributes) {
                                            currentRequestAttributes.add(dto);
                                        }
                                        if (noOfRequests < 1) {
                                            currentRequestAttributes.add(resourceScopeAttribute);
                                        }
                                        currentRequestAttributes.add(subjectAttributeDTO);
                                        currentRequestAttributes.add(resource);
                                        currentRequestAttributes.add(actionAttributeDTO);
                                        if (getResponse(currentRequestAttributes)) {
                                            EntitledAttributesDTO dto = new EntitledAttributesDTO();
                                            dto.setResourceName(resource.getAttributeValue());
                                            dto.setAction(actionAttributeDTO.getAttributeValue());
                                            resultSet.add(dto);
                                        }
                                        noOfRequests++;
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }
    resultSetDTO.setEntitledAttributesDTOs(resultSet.toArray(new EntitledAttributesDTO[resultSet.size()]));
    if (cachingEnable) {
        SearchResult result = new SearchResult();
        result.setResultSetDTO(resultSetDTO);
        policySearchCache.addToCache(cacheKey, result);
        if (log.isDebugEnabled()) {
            int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
            log.debug("PDP Decision Cache Updated for tenantId " + tenantId);
        }
    }
    return resultSetDTO;
}
Also used : EntitledAttributesDTO(org.wso2.carbon.identity.entitlement.dto.EntitledAttributesDTO) Set(java.util.Set) HashSet(java.util.HashSet) ArrayList(java.util.ArrayList) AttributeDTO(org.wso2.carbon.identity.entitlement.dto.AttributeDTO) EntitlementException(org.wso2.carbon.identity.entitlement.EntitlementException) PolicyFinderModule(org.wso2.carbon.identity.entitlement.policy.finder.PolicyFinderModule) EntitledResultSetDTO(org.wso2.carbon.identity.entitlement.dto.EntitledResultSetDTO) HashMap(java.util.HashMap) Map(java.util.Map) HashSet(java.util.HashSet)

Aggregations

EntitledResultSetDTO (org.wso2.carbon.identity.entitlement.dto.EntitledResultSetDTO)4 ApiOperation (io.swagger.annotations.ApiOperation)2 ApiResponses (io.swagger.annotations.ApiResponses)2 ArrayList (java.util.ArrayList)2 HashSet (java.util.HashSet)2 Set (java.util.Set)2 Consumes (javax.ws.rs.Consumes)2 POST (javax.ws.rs.POST)2 Path (javax.ws.rs.Path)2 Produces (javax.ws.rs.Produces)2 AttributeDTO (org.wso2.carbon.identity.entitlement.dto.AttributeDTO)2 EntitledAttributesDTO (org.wso2.carbon.identity.entitlement.dto.EntitledAttributesDTO)2 PolicyFinderModule (org.wso2.carbon.identity.entitlement.policy.finder.PolicyFinderModule)2 PolicySearch (org.wso2.carbon.identity.entitlement.policy.search.PolicySearch)2 HashMap (java.util.HashMap)1 List (java.util.List)1 Map (java.util.Map)1 EntitlementException (org.wso2.carbon.identity.entitlement.EntitlementException)1 RequestParseException (org.wso2.carbon.identity.entitlement.endpoint.exception.RequestParseException)1 AllEntitlementsResponseModel (org.wso2.carbon.identity.entitlement.endpoint.resources.models.AllEntitlementsResponseModel)1