org.wso2.balana.ctx.AbstractRequestCtx Java Examples
The following examples show how to use
org.wso2.balana.ctx.AbstractRequestCtx.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: EntitlementEngine.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
|
/**
* Evaluates the given XACML request and returns the Response
*
* @param requestCtx Balana Object model for request
* @param xacmlRequest Balana Object model for request
* @return ResponseCtx Balana Object model for response
*/
public ResponseCtx evaluate(AbstractRequestCtx requestCtx, String xacmlRequest) {
if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_REQUEST)) {
log.debug("XACML Request : " + xacmlRequest);
}
ResponseCtx xacmlResponse;
if ((xacmlResponse = (ResponseCtx) getFromCache(xacmlRequest, false)) != null) {
if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_RESPONSE)) {
log.debug("XACML Response : " + xacmlResponse);
}
return xacmlResponse;
}
xacmlResponse = pdp.evaluate(requestCtx);
addToCache(xacmlRequest, xacmlResponse, false);
if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_RESPONSE)) {
log.debug("XACML Response : " + xacmlResponse);
}
return xacmlResponse;
}
Example #2
| Source File: PolicySearch.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
|
/**
* Helper method to get XACML decision
*
* @param requestAttributes XACML request attributes
* @return whether permit or deny
*/
private boolean getResponse(List<AttributeDTO> requestAttributes) {
ResponseCtx responseCtx;
AbstractRequestCtx requestCtx = EntitlementUtil.createRequestContext(requestAttributes);
responseCtx = EntitlementEngine.getInstance().evaluateByContext(requestCtx);
if (responseCtx != null) {
Set<AbstractResult> results = responseCtx.getResults();
for (AbstractResult result : results) {
if (result.getDecision() == AbstractResult.DECISION_PERMIT) {
return true;
}
}
}
return false;
}
Example #3
| Source File: PolicySearch.java From carbon-identity with Apache License 2.0 | 6 votes |
|
/**
* Helper method to get XACML decision
*
* @param requestAttributes XACML request attributes
* @return whether permit or deny
*/
private boolean getResponse(List<AttributeDTO> requestAttributes) {
ResponseCtx responseCtx;
AbstractRequestCtx requestCtx = EntitlementUtil.createRequestContext(requestAttributes);
responseCtx = EntitlementEngine.getInstance().evaluateByContext(requestCtx);
if (responseCtx != null) {
Set<AbstractResult> results = responseCtx.getResults();
for (AbstractResult result : results) {
if (result.getDecision() == AbstractResult.DECISION_PERMIT) {
return true;
}
}
}
return false;
}
Example #4
| Source File: EntitlementUtil.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
/**
* This creates the XACML 3.0 Request context from AttributeDTO object model
*
* @param attributeDTOs AttributeDTO objects as List
* @return DOM element as XACML request
* @throws EntitlementException throws, if fails
*/
public static AbstractRequestCtx createRequestContext(List<AttributeDTO> attributeDTOs) {
Set<Attributes> attributesSet = new HashSet<Attributes>();
for (AttributeDTO DTO : attributeDTOs) {
Attributes attributes = getAttributes(DTO);
if (attributes != null) {
attributesSet.add(attributes);
}
}
return new org.wso2.balana.ctx.xacml3.RequestCtx(attributesSet, null);
}
Example #5
| Source File: BalanaPRP.java From mobi with GNU Affero General Public License v3.0 | 5 votes |
|
@Override
public List<BalanaPolicy> findPolicies(Request request) throws ProcessingException, PolicySyntaxException {
try {
AbstractRequestCtx requestCtx = RequestCtxFactory.getFactory().getRequestCtx(request.toString());
EvaluationCtx context = EvaluationCtxFactory.getFactory().getEvaluationCtx(requestCtx, config);
return findMatchingPolicies(context);
} catch (ParsingException e) {
throw new MobiException(e);
}
}
Example #6
| Source File: EntitlementUtil.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* This creates the XACML 3.0 Request context from AttributeDTO object model
*
* @param attributeDTOs AttributeDTO objects as List
* @return DOM element as XACML request
* @throws EntitlementException throws, if fails
*/
public static AbstractRequestCtx createRequestContext(List<AttributeDTO> attributeDTOs) {
Set<Attributes> attributesSet = new HashSet<Attributes>();
for (AttributeDTO DTO : attributeDTOs) {
Attributes attributes = getAttributes(DTO);
if (attributes != null) {
attributesSet.add(attributes);
}
}
return new org.wso2.balana.ctx.xacml3.RequestCtx(attributesSet, null);
}
Example #7
| Source File: EntitlementEngine.java From carbon-identity-framework with Apache License 2.0 | 4 votes |
|
/**
* Evaluates the given XACML request and returns the Response that the EntitlementEngine will
* hand back to the PEP. PEP needs construct the XACML request before sending it to the
* EntitlementEngine
*
* @param xacmlRequest XACML request as String
* @return XACML response as String
* @throws org.wso2.balana.ParsingException throws
* @throws org.wso2.carbon.identity.entitlement.EntitlementException throws
*/
public String evaluate(String xacmlRequest) throws EntitlementException, ParsingException {
if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_REQUEST)) {
log.debug("XACML Request : " + xacmlRequest);
}
String xacmlResponse;
if ((xacmlResponse = (String) getFromCache(xacmlRequest, false)) != null) {
if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_RESPONSE)) {
log.debug("XACML Response : " + xacmlResponse);
}
return xacmlResponse;
}
Map<PIPExtension, Properties> extensions = EntitlementServiceComponent.getEntitlementConfig()
.getExtensions();
if (extensions != null && !extensions.isEmpty()) {
PolicyRequestBuilder policyRequestBuilder = new PolicyRequestBuilder();
Element xacmlRequestElement = policyRequestBuilder.getXacmlRequest(xacmlRequest);
AbstractRequestCtx requestCtx = RequestCtxFactory.getFactory().
getRequestCtx(xacmlRequestElement);
Set<PIPExtension> pipExtensions = extensions.keySet();
for (PIPExtension pipExtension : pipExtensions) {
pipExtension.update(requestCtx);
}
ResponseCtx responseCtx = pdp.evaluate(requestCtx);
xacmlResponse = responseCtx.encode();
} else {
xacmlResponse = pdp.evaluate(xacmlRequest);
}
addToCache(xacmlRequest, xacmlResponse, false);
if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_RESPONSE)) {
log.debug("XACML Response : " + xacmlResponse);
}
return xacmlResponse;
}
Example #8
| Source File: EntitlementEngine.java From carbon-identity-framework with Apache License 2.0 | 4 votes |
|
/**
* Evaluates the given XACML request and returns the ResponseCtx Response that the EntitlementEngine will
* hand back to the PEP. PEP needs construct the XACML request before sending it to the
* EntitlementEngine
*
* @param xacmlRequest XACML request as String
* @return ResponseCtx response
* @throws org.wso2.balana.ParsingException throws
* @throws org.wso2.carbon.identity.entitlement.EntitlementException throws
* @throws javax.xml.parsers.ParserConfigurationException throws
* @throws org.xml.sax.SAXException throws
* @throws java.io.IOException throws
*/
public ResponseCtx evaluateReturnResponseCtx(String xacmlRequest) throws EntitlementException, ParsingException,
ParserConfigurationException, SAXException, IOException {
if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_REQUEST)) {
log.debug("XACML Request : " + xacmlRequest);
}
String xacmlResponse;
ResponseCtx responseCtx;
if ((xacmlResponse = (String) getFromCache(xacmlRequest, false)) != null) {
if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_RESPONSE)) {
log.debug("XACML Response : " + xacmlResponse);
}
DocumentBuilderFactory documentBuilderFactory = IdentityUtil.getSecuredDocumentBuilderFactory();
Element node = documentBuilderFactory.newDocumentBuilder().parse
(new ByteArrayInputStream(xacmlResponse.getBytes())).getDocumentElement();
return (ResponseCtx.getInstance(node));
}
Map<PIPExtension, Properties> extensions = EntitlementServiceComponent.getEntitlementConfig()
.getExtensions();
if (extensions != null && !extensions.isEmpty()) {
PolicyRequestBuilder policyRequestBuilder = new PolicyRequestBuilder();
Element xacmlRequestElement = policyRequestBuilder.getXacmlRequest(xacmlRequest);
AbstractRequestCtx requestCtx = RequestCtxFactory.getFactory().
getRequestCtx(xacmlRequestElement);
Set<PIPExtension> pipExtensions = extensions.keySet();
for (PIPExtension pipExtension : pipExtensions) {
pipExtension.update(requestCtx);
}
responseCtx = pdp.evaluate(requestCtx);
} else {
responseCtx = pdp.evaluateReturnResponseCtx(xacmlRequest);
}
xacmlResponse = responseCtx.encode();
addToCache(xacmlRequest, xacmlResponse, false);
if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_RESPONSE)) {
log.debug("XACML Response : " + xacmlResponse);
}
return responseCtx;
}
Example #9
| Source File: BalanaRequest.java From mobi with GNU Affero General Public License v3.0 | 4 votes |
|
public BalanaRequest(AbstractRequestCtx context, ValueFactory vf, JAXBContext jaxbContext) {
subjectCategory = vf.createIRI(SUBJECT_CATEGORY);
resourceCategory = vf.createIRI(RESOURCE_CATEGORY);
actionCategory = vf.createIRI(ACTION_CATEGORY);
requestTimeAttribute = vf.createIRI(CURRENT_DATETIME);
this.jaxbContext = jaxbContext;
of = new ObjectFactory();
ByteArrayOutputStream out = new ByteArrayOutputStream();
context.encode(out);
try {
Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
JAXBElement<RequestType> requestType = unmarshaller.unmarshal(new StreamSource(
new ByteArrayInputStream(out.toByteArray())), RequestType.class);
this.requestType = requestType.getValue();
} catch (JAXBException e) {
throw new MobiException(e);
}
subjectAttrs = new HashMap<>();
resourceAttrs = new HashMap<>();
actionAttrs = new HashMap<>();
context.getAttributesSet().forEach(attributes -> {
Set<Attribute> attributeSet = attributes.getAttributes();
switch (attributes.getCategory().toString()) {
case SUBJECT_CATEGORY:
attributeSet.forEach(attribute -> {
if (attribute.getId().toString().equals(XACML.SUBJECT_ID)) {
this.subjectId = vf.createIRI(attribute.getValue().encode());
} else {
this.subjectAttrs.put(attribute.getId().toString(), getLiteral(attribute.getValue(), vf));
}
});
if (this.subjectId == null) {
throw new IllegalArgumentException("No Subject ID passed in Request");
}
break;
case XACML.RESOURCE_CATEGORY:
attributeSet.forEach(attribute -> {
if (attribute.getId().toString().equals(XACML.RESOURCE_ID)) {
this.resourceId = vf.createIRI(attribute.getValue().encode());
} else {
this.resourceAttrs.put(attribute.getId().toString(), getLiteral(attribute.getValue(), vf));
}
});
if (this.resourceId == null) {
throw new IllegalArgumentException("No Resource ID passed in the request");
}
break;
case XACML.ACTION_CATEGORY:
attributeSet.forEach(attribute -> {
if (attribute.getId().toString().equals(XACML.ACTION_ID)) {
this.actionId = vf.createIRI(attribute.getValue().encode());
} else {
this.actionAttrs.put(attribute.getId().toString(), getLiteral(attribute.getValue(), vf));
}
});
if (this.actionId == null) {
throw new IllegalArgumentException("No Action ID passed in the request");
}
break;
case XACML.ENVIRONMENT_CATEGORY:
attributeSet.forEach(attribute -> {
if (attribute.getId().toString().equals(XACML.CURRENT_DATETIME)) {
this.requestTime = OffsetDateTime.parse(attribute.getValue().encode());
}
});
if (this.requestTime == null) {
throw new IllegalArgumentException("No Environment Current Date Time passed in the request");
}
break;
default:
throw new IllegalArgumentException("Unsupported category in request");
}
});
}
Example #10
| Source File: EntitlementEngine.java From carbon-identity with Apache License 2.0 | 4 votes |
|
/**
* Evaluates the given XACML request and returns the Response that the EntitlementEngine will
* hand back to the PEP. PEP needs construct the XACML request before sending it to the
* EntitlementEngine
*
* @param xacmlRequest XACML request as String
* @return XACML response as String
* @throws org.wso2.balana.ParsingException throws
* @throws org.wso2.carbon.identity.entitlement.EntitlementException throws
*/
public String evaluate(String xacmlRequest) throws EntitlementException, ParsingException {
if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_REQUEST)) {
log.debug("XACML Request : " + xacmlRequest);
}
String xacmlResponse;
if ((xacmlResponse = getFromCache(xacmlRequest, false)) != null) {
if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_RESPONSE)) {
log.debug("XACML Response : " + xacmlResponse);
}
return xacmlResponse;
}
Map<PIPExtension, Properties> extensions = EntitlementServiceComponent.getEntitlementConfig()
.getExtensions();
if (extensions != null && !extensions.isEmpty()) {
PolicyRequestBuilder policyRequestBuilder = new PolicyRequestBuilder();
Element xacmlRequestElement = policyRequestBuilder.getXacmlRequest(xacmlRequest);
AbstractRequestCtx requestCtx = RequestCtxFactory.getFactory().
getRequestCtx(xacmlRequestElement);
Set<PIPExtension> pipExtensions = extensions.keySet();
for (PIPExtension pipExtension : pipExtensions) {
pipExtension.update(requestCtx);
}
ResponseCtx responseCtx = pdp.evaluate(requestCtx);
xacmlResponse = responseCtx.encode();
} else {
xacmlResponse = pdp.evaluate(xacmlRequest);
}
addToCache(xacmlRequest, xacmlResponse, false);
if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.XACML_RESPONSE)) {
log.debug("XACML Response : " + xacmlResponse);
}
return xacmlResponse;
}
Example #11
| Source File: EntitlementEngine.java From carbon-identity-framework with Apache License 2.0 | 2 votes |
|
/**
* Evaluates XACML request directly. This is used by advance search module.
* Therefore caching and logging has not be implemented for this
*
* @param requestCtx Balana Object model for request
* @return ResponseCtx Balana Object model for response
*/
public ResponseCtx evaluateByContext(AbstractRequestCtx requestCtx) {
return pdp.evaluate(requestCtx);
}
Example #12
| Source File: PIPExtension.java From carbon-identity-framework with Apache License 2.0 | 2 votes |
|
/** * Gives a handle to the XACML request built. Can be used to carry out custom checks or updates * before sending to the PDP. * * @param request Incoming XACML request. */ public void update(AbstractRequestCtx request);
Example #13
| Source File: EntitlementEngine.java From carbon-identity with Apache License 2.0 | 2 votes |
|
/**
* Evaluates XACML request directly. This is used by advance search module.
* Therefore caching and logging has not be implemented for this
*
* @param requestCtx Balana Object model for request
* @return ResponseCtx Balana Object model for response
*/
public ResponseCtx evaluateByContext(AbstractRequestCtx requestCtx) {
return pdp.evaluate(requestCtx);
}
Example #14
| Source File: PIPExtension.java From carbon-identity with Apache License 2.0 | 2 votes |
|
/** * Gives a handle to the XACML request built. Can be used to carry out custom checks or updates * before sending to the PDP. * * @param request Incoming XACML request. */ public void update(AbstractRequestCtx request);
