Java Code Examples for org.wso2.balana.ctx.EvaluationCtx#getAttribute()
The following examples show how to use
org.wso2.balana.ctx.EvaluationCtx#getAttribute() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: SampleAttributeFinderModule.java From balana with Apache License 2.0 | 6 votes |
|
@Override
public EvaluationResult findAttribute(URI attributeType, URI attributeId, String issuer,
URI category, EvaluationCtx context) {
String roleName = null;
List<AttributeValue> attributeValues = new ArrayList<AttributeValue>();
EvaluationResult result = context.getAttribute(attributeType, defaultSubjectId, issuer, category);
if(result != null && result.getAttributeValue() != null && result.getAttributeValue().isBag()){
BagAttribute bagAttribute = (BagAttribute) result.getAttributeValue();
if(bagAttribute.size() > 0){
String userName = ((AttributeValue) bagAttribute.iterator().next()).encode();
roleName = findRole(userName);
}
}
if (roleName != null) {
attributeValues.add(new StringAttribute(roleName));
}
return new EvaluationResult(new BagAttribute(attributeType, attributeValues));
}
Example 2
| Source File: SampleAttributeFinderModule.java From balana with Apache License 2.0 | 6 votes |
|
@Override
public EvaluationResult findAttribute(URI attributeType, URI attributeId, String issuer,
URI category, EvaluationCtx context) {
String roleName = null;
List<AttributeValue> attributeValues = new ArrayList<AttributeValue>();
EvaluationResult result = context.getAttribute(attributeType, defaultSubjectId, issuer, category);
if(result != null && result.getAttributeValue() != null && result.getAttributeValue().isBag()){
BagAttribute bagAttribute = (BagAttribute) result.getAttributeValue();
if(bagAttribute.size() > 0){
String userName = ((AttributeValue) bagAttribute.iterator().next()).encode();
roleName = findRole(userName);
}
}
if (roleName != null) {
attributeValues.add(new StringAttribute(roleName));
}
return new EvaluationResult(new BagAttribute(attributeType, attributeValues));
}
Example 3
| Source File: SampleAttributeFinderModule.java From balana with Apache License 2.0 | 6 votes |
|
@Override
public EvaluationResult findAttribute(URI attributeType, URI attributeId, String issuer,
URI category, EvaluationCtx context) {
String roleName = null;
List<AttributeValue> attributeValues = new ArrayList<AttributeValue>();
EvaluationResult result = context.getAttribute(attributeType, defaultSubjectId, issuer, category);
if(result != null && result.getAttributeValue() != null && result.getAttributeValue().isBag()){
BagAttribute bagAttribute = (BagAttribute) result.getAttributeValue();
if(bagAttribute.size() > 0){
String userName = ((AttributeValue) bagAttribute.iterator().next()).encode();
roleName = findRole(userName);
}
}
if (roleName != null) {
attributeValues.add(new StringAttribute(roleName));
}
return new EvaluationResult(new BagAttribute(attributeType, attributeValues));
}
Example 4
| Source File: SampleAttributeFinderModule.java From balana with Apache License 2.0 | 6 votes |
|
@Override
public EvaluationResult findAttribute(URI attributeType, URI attributeId, String issuer,
URI category, EvaluationCtx context) {
String roleName = null;
List<AttributeValue> attributeValues = new ArrayList<AttributeValue>();
EvaluationResult result = context.getAttribute(attributeType, defaultSubjectId, issuer, category);
if(result != null && result.getAttributeValue() != null && result.getAttributeValue().isBag()){
BagAttribute bagAttribute = (BagAttribute) result.getAttributeValue();
if(bagAttribute.size() > 0){
String userName = ((AttributeValue) bagAttribute.iterator().next()).encode();
roleName = findRole(userName);
}
}
if (roleName != null) {
attributeValues.add(new StringAttribute(roleName));
}
return new EvaluationResult(new BagAttribute(attributeType, attributeValues));
}
Example 5
| Source File: DefaultAttributeFinder.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
/**
* This method is introduced in order to check whether the user is local or federated. If it is a
* federated user, obtaining user attributes from userstore will be prevented.
*
* @param attributeType The type of the required attribute.
* @param attributeId The unique id of the required attribute.
* @param category The category of the required attribute.
* @param issuer The attribute issuer.
* @param evaluationCtx The evaluation context object.
* @return return the set of values for the required attribute.
* @throws Exception throws if fails.
*/
@Override
public Set<String> getAttributeValues(URI attributeType, URI attributeId, URI category,
String issuer, EvaluationCtx evaluationCtx) throws Exception {
Set<String> values = null;
EvaluationResult userType = evaluationCtx.getAttribute(new URI(StringAttribute.identifier), new URI(
PDPConstants.USER_TYPE_ID), issuer, new URI(PDPConstants.USER_CATEGORY));
String userTypeId = null;
if (userType != null && userType.getAttributeValue() != null && userType.getAttributeValue().isBag()) {
BagAttribute bagAttribute = (BagAttribute) userType.getAttributeValue();
if (bagAttribute.size() > 0) {
userTypeId = ((AttributeValue) bagAttribute.iterator().next()).encode();
if (log.isDebugEnabled()) {
log.debug(String.format("The user type of the user is %s", userTypeId));
}
}
}
if (!StringUtils.equalsIgnoreCase(userTypeId, FEDERATED_USER_DOMAIN)) {
// If the user is not a federated user, user attributes should be be populated from local userstore.
values = super.getAttributeValues(attributeType, attributeId, category, issuer, evaluationCtx);
} else if (mapFederatedUsersToLocal) {
// If the user is federated and the MapFederatedToLocal config is enabled, then populate user attributes
// from userstore.
values = super.getAttributeValues(attributeType, attributeId, category, issuer, evaluationCtx);
}
return values;
}
Example 6
| Source File: AttributeSelector.java From balana with Apache License 2.0 | 5 votes |
|
/**
* Invokes the <code>AttributeFinder</code> used by the given <code>EvaluationCtx</code> to try
* to resolve an attribute value. If the selector is defined with MustBePresent as true, then
* failure to find a matching value will result in Indeterminate, otherwise it will result in an
* empty bag. To support the basic selector functionality defined in the XACML specification,
* use a finder that has only the <code>SelectorModule</code> as a module that supports selector
* finding.
*
* @param context representation of the request to search
*
* @return a result containing a bag either empty because no values were found or containing at
* least one value, or status associated with an Indeterminate result
*/
public EvaluationResult evaluate(EvaluationCtx context) {
// query the context
EvaluationResult result = context.getAttribute(contextPath, type, null, null, xpathVersion);
// see if we got anything
if (!result.indeterminate()) {
BagAttribute bag = (BagAttribute) (result.getAttributeValue());
// see if it's an empty bag
if (bag.isEmpty()) {
// see if this is an error or not
if (mustBePresent) {
// this is an error
if (logger.isDebugEnabled()) {
logger.debug("AttributeSelector failed to resolve a "
+ "value for a required attribute: " + contextPath);
}
ArrayList code = new ArrayList();
code.add(Status.STATUS_MISSING_ATTRIBUTE);
String message = "couldn't resolve XPath expression " + contextPath
+ " for type " + type.toString();
return new EvaluationResult(new Status(code, message));
} else {
// return the empty bag
return result;
}
} else {
// return the values
return result;
}
} else {
// return the error
return result;
}
}
Example 7
| Source File: AttributeSelector.java From balana with Apache License 2.0 | 5 votes |
|
/**
* Invokes the <code>AttributeFinder</code> used by the given <code>EvaluationCtx</code> to try
* to resolve an attribute value. If the selector is defined with MustBePresent as true, then
* failure to find a matching value will result in Indeterminate, otherwise it will result in an
* empty bag. To support the basic selector functionality defined in the XACML specification,
* use a finder that has only the <code>SelectorModule</code> as a module that supports selector
* finding.
*
* @param context representation of the request to search
*
* @return a result containing a bag either empty because no values were found or containing at
* least one value, or status associated with an Indeterminate result
*/
public EvaluationResult evaluate(EvaluationCtx context) {
// query the context
EvaluationResult result = context.getAttribute(path, type, category,
contextSelectorId, xpathVersion);
// see if we got anything
if (!result.indeterminate()) {
BagAttribute bag = (BagAttribute) (result.getAttributeValue());
// see if it's an empty bag
if (bag.isEmpty()) {
// see if this is an error or not
if (mustBePresent) {
// this is an error
if (logger.isDebugEnabled()) {
logger.debug("AttributeSelector failed to resolve a "
+ "value for a required attribute: " + path);
}
ArrayList<String> code = new ArrayList<String>();
code.add(Status.STATUS_MISSING_ATTRIBUTE);
String message = "couldn't resolve XPath expression " + path
+ " for type " + type.toString();
return new EvaluationResult(new Status(code, message));
} else {
// return the empty bag
return result;
}
} else {
// return the values
return result;
}
} else {
// return the error
return result;
}
}
Example 8
| Source File: AbstractPIPResourceFinder.java From carbon-identity-framework with Apache License 2.0 | 4 votes |
|
@Override
public Set<String> findDescendantResources(String parentResourceId, EvaluationCtx context)
throws Exception {
EvaluationResult environment;
String environmentId = null;
Set<String> resourceNames = null;
NodeList children = context.getRequestRoot().getChildNodes();
for (int i = 0; i < children.getLength(); i++) {
Node child = children.item(i);
if (child != null) {
if (PDPConstants.ENVIRONMENT_ELEMENT.equals(child.getLocalName())) {
if (child.getChildNodes() != null && child.getChildNodes().getLength() > 0) {
environment = context.getAttribute(new URI(StringAttribute.identifier),
new URI(PDPConstants.ENVIRONMENT_ID_DEFAULT), null,
new URI(XACMLConstants.ENT_CATEGORY));
if (environment != null && environment.getAttributeValue() != null &&
environment.getAttributeValue().isBag()) {
BagAttribute attr = (BagAttribute) environment.getAttributeValue();
environmentId = ((AttributeValue) attr.iterator().next()).encode();
}
}
}
}
}
if (isAbstractResourceCacheEnabled) {
IdentityCacheKey cacheKey;
String key = PDPConstants.RESOURCE_DESCENDANTS + parentResourceId +
(environmentId != null ? environmentId : "");
tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
cacheKey = new IdentityCacheKey(tenantId, key);
IdentityCacheEntry cacheEntry = (IdentityCacheEntry) abstractResourceCache.getValueFromCache(cacheKey);
if (cacheEntry != null) {
String[] values = cacheEntry.getCacheEntryArray();
resourceNames = new HashSet<String>(Arrays.asList(values));
if (log.isDebugEnabled()) {
log.debug("Carbon Resource Cache Hit");
}
}
if (resourceNames != null) {
resourceNames = findDescendantResources(parentResourceId, environmentId);
if (log.isDebugEnabled()) {
log.debug("Carbon Resource Cache Miss");
}
if (resourceNames != null && !resourceNames.isEmpty()) {
cacheEntry = new IdentityCacheEntry(resourceNames.toArray(new String[resourceNames.size()]));
abstractResourceCache.addToCache(cacheKey, cacheEntry);
}
}
} else {
resourceNames = findDescendantResources(parentResourceId, environmentId);
}
return resourceNames;
}
Example 9
| Source File: AbstractPIPResourceFinder.java From carbon-identity with Apache License 2.0 | 4 votes |
|
@Override
public Set<String> findDescendantResources(String parentResourceId, EvaluationCtx context)
throws Exception {
EvaluationResult environment;
String environmentId = null;
Set<String> resourceNames = null;
NodeList children = context.getRequestRoot().getChildNodes();
for (int i = 0; i < children.getLength(); i++) {
Node child = children.item(i);
if (child != null) {
if (PDPConstants.ENVIRONMENT_ELEMENT.equals(child.getLocalName())) {
if (child.getChildNodes() != null && child.getChildNodes().getLength() > 0) {
environment = context.getAttribute(new URI(StringAttribute.identifier),
new URI(PDPConstants.ENVIRONMENT_ID_DEFAULT), null,
new URI(XACMLConstants.ENT_CATEGORY));
if (environment != null && environment.getAttributeValue() != null &&
environment.getAttributeValue().isBag()) {
BagAttribute attr = (BagAttribute) environment.getAttributeValue();
environmentId = ((AttributeValue) attr.iterator().next()).encode();
}
}
}
}
}
if (isAbstractResourceCacheEnabled) {
IdentityCacheKey cacheKey;
String key = PDPConstants.RESOURCE_DESCENDANTS + parentResourceId +
(environmentId != null ? environmentId : "");
tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
cacheKey = new IdentityCacheKey(tenantId, key);
IdentityCacheEntry cacheEntry = (IdentityCacheEntry) abstractResourceCache.getValueFromCache(cacheKey);
if (cacheEntry != null) {
String[] values = cacheEntry.getCacheEntryArray();
resourceNames = new HashSet<String>(Arrays.asList(values));
if (log.isDebugEnabled()) {
log.debug("Carbon Resource Cache Hit");
}
}
if (resourceNames != null) {
resourceNames = findDescendantResources(parentResourceId, environmentId);
if (log.isDebugEnabled()) {
log.debug("Carbon Resource Cache Miss");
}
if (resourceNames != null && !resourceNames.isEmpty()) {
cacheEntry = new IdentityCacheEntry(resourceNames.toArray(new String[resourceNames.size()]));
abstractResourceCache.addToCache(cacheKey, cacheEntry);
}
}
} else {
resourceNames = findDescendantResources(parentResourceId, environmentId);
}
return resourceNames;
}
Example 10
| Source File: AttributeDesignator.java From balana with Apache License 2.0 | 4 votes |
|
/**
* Evaluates the pre-assigned meta-data against the given context, trying to find some matching
* values.
*
* @param context the representation of the request
* @return a result containing a bag either empty because no values were found or containing at
* least one value, or status associated with an Indeterminate result
*/
public EvaluationResult evaluate(EvaluationCtx context) {
EvaluationResult result = null;
// look in attribute values
result = context.getAttribute(type, id, issuer, category);
// if the lookup was indeterminate, then we return immediately
if (result.indeterminate()){
return result;
}
BagAttribute bag = (BagAttribute) (result.getAttributeValue());
if (bag.isEmpty()) {
// if it's empty, this may be an error
if (mustBePresent) {
if (logger.isDebugEnabled()) {
logger.debug("AttributeDesignator failed to resolve a "
+ "value for a required attribute: " + id.toString());
}
ArrayList<String> code = new ArrayList<String>();
code.add(Status.STATUS_MISSING_ATTRIBUTE);
ArrayList<MissingAttributeDetail> missingAttributes = new ArrayList<MissingAttributeDetail>();
MissingAttributeDetail missingAttribute = new MissingAttributeDetail(id, type,
category, issuer, null, XACMLConstants.XACML_VERSION_3_0);
missingAttributes.add(missingAttribute);
StatusDetail detail = new StatusDetail(missingAttributes);
String message = "Couldn't find AttributeDesignator attribute";
// Note that there is a bug in the XACML spec. You can't
// specify an identifier without specifying acceptable
// values. Until this is fixed, this code will only
// return the status code, and not any hints about what
// was missing
/*
* List attrs = new ArrayList(); attrs.add(new Attribute(id, ((issuer == null) ?
* null : issuer.toString()), null, null)); StatusDetail detail = new
* StatusDetail(attrs);
*/
return new EvaluationResult(new Status(code, message, detail));
}
}
// if we got here the bag wasn't empty, or mustBePresent was false,
// so we just return the result
return result;
}
