Example 1 with EntitlementServiceException
use of org.wso2.carbon.identity.entitlement.stub.EntitlementServiceException in project airavata by apache.
the class DefaultXACMLPEP method getAuthorizationDecision.
/**
* Send the XACML authorization request to XAML PDP and return the authorization decision.
*
* @param authzToken
* @param metaData
* @return
*/
public boolean getAuthorizationDecision(AuthzToken authzToken, Map<String, String> metaData) throws AiravataSecurityException {
String decision;
try {
String subject = authzToken.getClaimsMap().get(Constants.USER_NAME);
// FIXME hacky way to fix OpenID -> CILogon issue in WSO2 IS
if (subject.startsWith("http://")) {
subject = subject.substring(6);
}
String action = "/airavata/" + metaData.get(Constants.API_METHOD_NAME);
String decisionString = entitlementServiceStub.getDecisionByAttributes(subject, null, action, null);
// parse the XML decision string and obtain the decision
decision = parseDecisionString(decisionString);
if (Constants.PERMIT.equals(decision)) {
return true;
} else {
logger.error("Authorization decision is: " + decision);
return false;
}
} catch (RemoteException e) {
logger.error(e.getMessage(), e);
throw new AiravataSecurityException("Error in authorizing the user.");
} catch (EntitlementServiceException e) {
logger.error(e.getMessage(), e);
throw new AiravataSecurityException("Error in authorizing the user.");
}
}
Also used :
EntitlementServiceException(org.wso2.carbon.identity.entitlement.stub.EntitlementServiceException)
RemoteException(java.rmi.RemoteException)
AiravataSecurityException(org.apache.airavata.security.AiravataSecurityException)
Aggregations
RemoteException (java.rmi.RemoteException)1
AiravataSecurityException (org.apache.airavata.security.AiravataSecurityException)1
EntitlementServiceException (org.wso2.carbon.identity.entitlement.stub.EntitlementServiceException)1
