Examples with EntitlementEngine org.wso2.carbon.identity.entitlement.pdp.EntitlementEngine used on opensource projects

Example 1 with EntitlementEngine

use of org.wso2.carbon.identity.entitlement.pdp.EntitlementEngine in project carbon-identity-framework by wso2.

the class EntitlementEngine method evaluate.

/**
 * Evaluates the given XACML request and returns the Response that the EntitlementEngine will
 * hand back to the PEP. PEP needs construct the XACML request before sending it to the
 * EntitlementEngine
 *
 * @param xacmlRequest XACML request as String
 * @return XACML response as String
 * @throws org.wso2.balana.ParsingException                          throws
 * @throws org.wso2.carbon.identity.entitlement.EntitlementException throws
 */
public String evaluate(String xacmlRequest) throws EntitlementException, ParsingException {
    if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_REQUEST)) {
        log.debug("XACML Request : " + xacmlRequest);
    }
    String xacmlResponse;
    if ((xacmlResponse = (String) getFromCache(xacmlRequest, false)) != null) {
        if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_RESPONSE)) {
            log.debug("XACML Response : " + xacmlResponse);
        }
        return xacmlResponse;
    }
    Map<PIPExtension, Properties> extensions = EntitlementServiceComponent.getEntitlementConfig().getExtensions();
    if (extensions != null && !extensions.isEmpty()) {
        PolicyRequestBuilder policyRequestBuilder = new PolicyRequestBuilder();
        Element xacmlRequestElement = policyRequestBuilder.getXacmlRequest(xacmlRequest);
        AbstractRequestCtx requestCtx = RequestCtxFactory.getFactory().getRequestCtx(xacmlRequestElement);
        Set<PIPExtension> pipExtensions = extensions.keySet();
        for (PIPExtension pipExtension : pipExtensions) {
            pipExtension.update(requestCtx);
        }
        ResponseCtx responseCtx = pdp.evaluate(requestCtx);
        xacmlResponse = responseCtx.encode();
    } else {
        xacmlResponse = pdp.evaluate(xacmlRequest);
    }
    addToCache(xacmlRequest, xacmlResponse, false);
    if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_RESPONSE)) {
        log.debug("XACML Response : " + xacmlResponse);
    }
    return xacmlResponse;
}

Example 2 with EntitlementEngine

use of org.wso2.carbon.identity.entitlement.pdp.EntitlementEngine in project carbon-identity-framework by wso2.

the class EntitlementEngineCache method getEntitlementCache.

private Cache<Integer, EntitlementEngine> getEntitlementCache() {
    Cache<Integer, EntitlementEngine> cache;
    CacheManager cacheManager = Caching.getCacheManagerFactory().getCacheManager(ENTITLEMENT_ENGINE_CACHE_MANAGER);
    if (cacheManager != null) {
        if (cacheBuilder == null) {
            Properties properties = EntitlementServiceComponent.getEntitlementConfig().getEngineProperties();
            String engineCachingInterval = properties.getProperty(PDPConstants.ENTITLEMENT_ENGINE_CACHING_INTERVAL);
            long entitlementEngineCachingInterval = DEFAULT_ENTITLEMENT_ENGINE_CACHING_INTERVAL;
            if (engineCachingInterval != null) {
                try {
                    entitlementEngineCachingInterval = Long.parseLong(engineCachingInterval);
                } catch (NumberFormatException e) {
                    log.warn("Invalid value for " + PDPConstants.ENTITLEMENT_ENGINE_CACHING_INTERVAL + ". Using " + "default value " + entitlementEngineCachingInterval + " seconds.");
                }
            } else {
                if (log.isDebugEnabled()) {
                    log.debug(PDPConstants.ENTITLEMENT_ENGINE_CACHING_INTERVAL + " not set. Using default value " + entitlementEngineCachingInterval + " seconds.");
                }
            }
            cacheManager.removeCache(ENTITLEMENT_ENGINE_CACHE);
            cacheBuilder = cacheManager.<Integer, EntitlementEngine>createCacheBuilder(ENTITLEMENT_ENGINE_CACHE).setExpiry(CacheConfiguration.ExpiryType.ACCESSED, new CacheConfiguration.Duration(TimeUnit.SECONDS, entitlementEngineCachingInterval)).setExpiry(CacheConfiguration.ExpiryType.MODIFIED, new CacheConfiguration.Duration(TimeUnit.SECONDS, entitlementEngineCachingInterval));
            cache = cacheBuilder.build();
        } else {
            cache = cacheManager.getCache(ENTITLEMENT_ENGINE_CACHE);
        }
    } else {
        cache = Caching.getCacheManager().getCache(ENTITLEMENT_ENGINE_CACHE);
    }
    if (log.isDebugEnabled()) {
        log.debug("created authorization cache : " + cache);
    }
    return cache;
}

Example 3 with EntitlementEngine

use of org.wso2.carbon.identity.entitlement.pdp.EntitlementEngine in project carbon-identity-framework by wso2.

the class EntitlementEngineCache method put.

public void put(int key, EntitlementEngine engine) {
    try {
        PrivilegedCarbonContext.startTenantFlow();
        PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
        carbonContext.setTenantId(MultitenantConstants.SUPER_TENANT_ID);
        carbonContext.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
        getEntitlementCache().put(key, engine);
        if (log.isDebugEnabled()) {
            log.debug("Cache : " + ENTITLEMENT_ENGINE_CACHE + " is populated with new entry " + "with tenantId : " + key);
        }
    } finally {
        PrivilegedCarbonContext.endTenantFlow();
    }
}

Example 4 with EntitlementEngine

use of org.wso2.carbon.identity.entitlement.pdp.EntitlementEngine in project carbon-identity-framework by wso2.

the class EntitlementEngineCache method get.

public EntitlementEngine get(int key) {
    try {
        PrivilegedCarbonContext.startTenantFlow();
        PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
        carbonContext.setTenantId(MultitenantConstants.SUPER_TENANT_ID);
        carbonContext.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
        EntitlementEngine entitlementEngine = getEntitlementCache().get(key);
        if (entitlementEngine != null) {
            if (log.isDebugEnabled()) {
                log.debug("Cache : " + ENTITLEMENT_ENGINE_CACHE + "  is HIT " + "for tenantId : " + key);
            }
        } else {
            if (log.isDebugEnabled()) {
                log.debug("Cache : " + ENTITLEMENT_ENGINE_CACHE + "  is MISSED " + "for tenantId : " + key);
            }
        }
        return entitlementEngine;
    } finally {
        PrivilegedCarbonContext.endTenantFlow();
    }
}

Example 5 with EntitlementEngine

use of org.wso2.carbon.identity.entitlement.pdp.EntitlementEngine in project carbon-identity-framework by wso2.

the class EntitlementAdminService method doTestRequestForGivenPolicies.

/**
 * Tests engine of PAP policy store
 *
 * @param xacmlRequest
 * @param policies     policy ids that is evaluated
 * @return
 * @throws EntitlementException
 */
public String doTestRequestForGivenPolicies(String xacmlRequest, String[] policies) throws EntitlementException {
    EntitlementEngine engine = EntitlementEngine.getInstance();
    PAPPolicyFinder papPolicyFinder = (PAPPolicyFinder) engine.getPapPolicyFinder().getModules().iterator().next();
    papPolicyFinder.setPolicyIds(Arrays.asList(policies));
    String response = EntitlementEngine.getInstance().test(xacmlRequest);
    papPolicyFinder.initPolicyIds();
    return response;
}