org.wso2.balana.attr.AttributeValue Java Examples

The following examples show how to use org.wso2.balana.attr.AttributeValue. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ResourceFinder.java    From balana with Apache License 2.0 6 votes vote down vote up
/**
 * Finds Resource Ids using the Children scope, and returns all resolved identifiers as well as
 * any errors that occurred. If no modules can handle the given Resource Id, then an empty
 * result is returned.
 * 
 * @deprecated As of version 1.2, replaced by
 *             {@link #findChildResources(AttributeValue,EvaluationCtx)}. This version does not
 *             provide the evaluation context to the modules, and will be removed in a future
 *             release.
 * 
 * @param parentResourceId the root of the resources
 * 
 * @return the result of looking for child resources
 */
public ResourceFinderResult findChildResources(AttributeValue parentResourceId) {
    Iterator it = childModules.iterator();

    while (it.hasNext()) {
        ResourceFinderModule module = (ResourceFinderModule) (it.next());

        // ask the module to find the resources
        ResourceFinderResult result = module.findChildResources(parentResourceId);

        // if we found something, then always return that result
        if (!result.isEmpty())
            return result;
    }

    // no modules applied, so we return an empty result
    logger.info("No ResourceFinderModule existed to handle the " + "children of "
            + parentResourceId.encode());

    return new ResourceFinderResult();
}
 
Example #2
Source File: MobiAttributeFinder.java    From mobi with GNU Affero General Public License v3.0 6 votes vote down vote up
@Override
public EvaluationResult findAttribute(URI attributeType, URI attributeId, String issuer, URI category,
                                      EvaluationCtx context) {
    if (!categoryIds.contains(category.toString())) {
        return new EvaluationResult(new Status(Collections.singletonList(Status.STATUS_PROCESSING_ERROR),
                "Unsupported category"));
    }

    BasicAttributeDesignator designator = new BasicAttributeDesignator(vf.createIRI(attributeId.toString()),
            vf.createIRI(category.toString()), vf.createIRI(attributeType.toString()));
    List<Literal> values = pip.findAttribute(designator, new BalanaRequest(context.getRequestCtx(), vf, jaxbContext));
    List<AttributeValue> attributeValues = new ArrayList<>();
    values.stream()
            .map(this::getAttributeValue)
            .forEach(attributeValues::add);

    return new EvaluationResult(new BagAttribute(attributeType, attributeValues));
}
 
Example #3
Source File: MobiAttributeFinder.java    From mobi with GNU Affero General Public License v3.0 6 votes vote down vote up
private AttributeValue getAttributeValue(Literal literal) {
    IRI datatype = literal.getDatatype();
    switch (datatype.stringValue()) {
        case "http://www.w3.org/2001/XMLSchema#string":
            return new StringAttribute(literal.stringValue());
        case "http://www.w3.org/2001/XMLSchema#boolean":
            return BooleanAttribute.getInstance(literal.booleanValue());
        case "http://www.w3.org/2001/XMLSchema#double":
            return new DoubleAttribute(literal.doubleValue());
        case "http://www.w3.org/2001/XMLSchema#integer":
            return new IntegerAttribute(literal.longValue());
        case "http://www.w3.org/2001/XMLSchema#anyURI":
            try {
                return new AnyURIAttribute(new URI(literal.stringValue()));
            } catch (URISyntaxException e) {
                throw new ProcessingException("Not a valid URI");
            }
        case "https://www.w3.org/2001/XMLSchema#dateTime":
            return new DateTimeAttribute(new Date(literal.dateTimeValue().toInstant().toEpochMilli()));
        default:
            throw new ProcessingException("Datatype " + datatype + " is not supported");
    }
}
 
Example #4
Source File: SampleAttributeFinderModule.java    From balana with Apache License 2.0 6 votes vote down vote up
@Override
public EvaluationResult findAttribute(URI attributeType, URI attributeId, String issuer,
                                                        URI category, EvaluationCtx context) {
    String roleName = null;
    List<AttributeValue> attributeValues = new ArrayList<AttributeValue>();

    EvaluationResult result = context.getAttribute(attributeType, defaultSubjectId, issuer, category);
    if(result != null && result.getAttributeValue() != null && result.getAttributeValue().isBag()){
        BagAttribute bagAttribute = (BagAttribute) result.getAttributeValue();
        if(bagAttribute.size() > 0){
            String userName = ((AttributeValue) bagAttribute.iterator().next()).encode();
            roleName = findRole(userName);
        }
    }

    if (roleName != null) {
        attributeValues.add(new StringAttribute(roleName));
    }

    return new EvaluationResult(new BagAttribute(attributeType, attributeValues));
}
 
Example #5
Source File: SampleAttributeFinderModule.java    From balana with Apache License 2.0 6 votes vote down vote up
@Override
public EvaluationResult findAttribute(URI attributeType, URI attributeId, String issuer,
                                      URI category, EvaluationCtx context) {
    String roleName = null;
    List<AttributeValue> attributeValues = new ArrayList<AttributeValue>();
    EvaluationResult result = context.getAttribute(attributeType, defaultSubjectId, issuer, category);

    if(result != null && result.getAttributeValue() != null && result.getAttributeValue().isBag()){

        BagAttribute bagAttribute = (BagAttribute) result.getAttributeValue();
        if(bagAttribute.size() > 0){
            String userName = ((AttributeValue) bagAttribute.iterator().next()).encode();
            roleName = findRole(userName);
        }
    }
    if (roleName != null) {
        attributeValues.add(new StringAttribute(roleName));
    }
    return new EvaluationResult(new BagAttribute(attributeType, attributeValues));
}
 
Example #6
Source File: SampleAttributeFinderModule.java    From balana with Apache License 2.0 6 votes vote down vote up
@Override
public EvaluationResult findAttribute(URI attributeType, URI attributeId, String issuer,
                                                        URI category, EvaluationCtx context) {
    String roleName = null;
    List<AttributeValue> attributeValues = new ArrayList<AttributeValue>();

    EvaluationResult result = context.getAttribute(attributeType, defaultSubjectId, issuer, category);
    if(result != null && result.getAttributeValue() != null && result.getAttributeValue().isBag()){
        BagAttribute bagAttribute = (BagAttribute) result.getAttributeValue();
        if(bagAttribute.size() > 0){
            String userName = ((AttributeValue) bagAttribute.iterator().next()).encode();
            roleName = findRole(userName);
        }
    }

    if (roleName != null) {
        attributeValues.add(new StringAttribute(roleName));
    }

    return new EvaluationResult(new BagAttribute(attributeType, attributeValues));
}
 
Example #7
Source File: SampleAttributeFinderModule.java    From balana with Apache License 2.0 6 votes vote down vote up
@Override
public EvaluationResult findAttribute(URI attributeType, URI attributeId, String issuer,
                                                        URI category, EvaluationCtx context) {
    String roleName = null;
    List<AttributeValue> attributeValues = new ArrayList<AttributeValue>();

    EvaluationResult result = context.getAttribute(attributeType, defaultSubjectId, issuer, category);
    if(result != null && result.getAttributeValue() != null && result.getAttributeValue().isBag()){
        BagAttribute bagAttribute = (BagAttribute) result.getAttributeValue();
        if(bagAttribute.size() > 0){
            String userName = ((AttributeValue) bagAttribute.iterator().next()).encode();
            roleName = findRole(userName);
        }
    }

    if (roleName != null) {
        attributeValues.add(new StringAttribute(roleName));
    }

    return new EvaluationResult(new BagAttribute(attributeType, attributeValues));
}
 
Example #8
Source File: TestResourceFinderModule.java    From balana with Apache License 2.0 6 votes vote down vote up
/**
 * Finds the children resources associated with the given root,
 * assuming the hierarchy is one that this module handles.
 *
 * @param root the root resource in the hierarchy
 * @param context the evaluation's context
 *
 * @return the resource hierarchy
 */
public ResourceFinderResult findChildResources(AttributeValue root,
                                               EvaluationCtx context) {
    // make sure we can handle this hierarchy
    if (! requestApplies(root))
        return new ResourceFinderResult();

    // add the root to the set of resolved resources
    HashSet set = new HashSet();
    set.add(root);

    // add the other resources, which are defined by the conformance tests
    try {
        set.add(new AnyURIAttribute(new URI("urn:root:child1")));
        set.add(new AnyURIAttribute(new URI("urn:root:child2")));
    } catch (URISyntaxException urise) {
        // this will never happen
    }

    return new ResourceFinderResult(set);
}
 
Example #9
Source File: ConditionBagFunction.java    From balana with Apache License 2.0 6 votes vote down vote up
/**
 * Evaluate the function, using the specified parameters.
 * 
 * @param inputs a <code>List</code> of <code>Evaluatable</code> objects representing the
 *            arguments passed to the function
 * @param context an <code>EvaluationCtx</code> so that the <code>Evaluatable</code> objects can
 *            be evaluated
 * @return an <code>EvaluationResult</code> representing the function's result
 */
public EvaluationResult evaluate(List inputs, EvaluationCtx context) {

    // Evaluate the arguments
    AttributeValue[] argValues = new AttributeValue[inputs.size()];
    EvaluationResult result = evalArgs(inputs, context, argValues);
    if (result != null)
        return result;

    // *-is-in takes a bag and an element of baseType and
    // returns a single boolean value
    AttributeValue item = (AttributeValue) (argValues[0]);
    BagAttribute bag = (BagAttribute) (argValues[1]);

    return new EvaluationResult(BooleanAttribute.getInstance(bag.contains(item)));
}
 
Example #10
Source File: HigherOrderFunction.java    From balana with Apache License 2.0 6 votes vote down vote up
/**
 * Private helper for the all-of-any and any-of-all functions
 */
private EvaluationResult allAnyHelper(BagAttribute anyBag, BagAttribute allBag,
		Function function, EvaluationCtx context, boolean argumentsAreSwapped) {
	Iterator it = allBag.iterator();

	while (it.hasNext()) {
		AttributeValue value = (AttributeValue) (it.next());
		EvaluationResult result = any(value, anyBag, function, context, argumentsAreSwapped);

		if (result.indeterminate())
			return result;

		if (!((BooleanAttribute) (result.getAttributeValue())).getValue())
			return result;
	}

	return new EvaluationResult(BooleanAttribute.getTrueInstance());
}
 
Example #11
Source File: ResourceFinder.java    From balana with Apache License 2.0 6 votes vote down vote up
/**
 * Finds Resource Ids using the Children scope, and returns all resolved identifiers as well as
 * any errors that occurred. If no modules can handle the given Resource Id, then an empty
 * result is returned.
 * 
 * @param parentResourceId the root of the resources
 * @param context the representation of the request data
 * 
 * @return the result of looking for child resources
 */
public ResourceFinderResult findChildResources(AttributeValue parentResourceId,
        EvaluationCtx context) {
    Iterator it = childModules.iterator();

    while (it.hasNext()) {
        ResourceFinderModule module = (ResourceFinderModule) (it.next());

        // ask the module to find the resources
        ResourceFinderResult result = module.findChildResources(parentResourceId, context);

        // if we found something, then always return that result
        if (!result.isEmpty())
            return result;
    }

    // no modules applied, so we return an empty result
    logger.info("No ResourceFinderModule existed to handle the " + "children of "
            + parentResourceId.encode());

    return new ResourceFinderResult();
}
 
Example #12
Source File: ResourceFinder.java    From balana with Apache License 2.0 6 votes vote down vote up
/**
 * Finds Resource Ids using the Descendants scope, and returns all resolved identifiers as well
 * as any errors that occurred. If no modules can handle the given Resource Id, then an empty
 * result is returned.
 * 
 * @param parentResourceId the root of the resources
 * @param context the representation of the request data
 * 
 * @return the result of looking for descendant resources
 */
public ResourceFinderResult findDescendantResources(AttributeValue parentResourceId,
        EvaluationCtx context) {
    Iterator it = descendantModules.iterator();

    while (it.hasNext()) {
        ResourceFinderModule module = (ResourceFinderModule) (it.next());

        // ask the module to find the resources
        ResourceFinderResult result = module.findDescendantResources(parentResourceId, context);

        // if we found something, then always return that result
        if (!result.isEmpty())
            return result;
    }

    // no modules applied, so we return an empty result
    logger.info("No ResourceFinderModule existed to handle the " + "descendants of "
            + parentResourceId.encode());

    return new ResourceFinderResult();
}
 
Example #13
Source File: XACML3HigherOrderFunction.java    From balana with Apache License 2.0 6 votes vote down vote up
private EvaluationResult getEvaluationResult(EvaluationCtx context, Function function, AttributeValue val1,
                                             AttributeValue val2, boolean isAllFunction) {

    List<Evaluatable> params = new ArrayList<>();
    params.add(val1);
    params.add(val2);
    EvaluationResult result = function.evaluate(params, context);

    if (result.indeterminate()) {
        return result;
    }

    BooleanAttribute bool = (BooleanAttribute) (result.getAttributeValue());
    if (bool.getValue() != isAllFunction) {
        return result;
    }
    return null;
}
 
Example #14
Source File: StringFunction.java    From balana with Apache License 2.0 6 votes vote down vote up
/**
 * Evaluate the function, using the specified parameters.
 * 
 * @param inputs a <code>List</code> of <code>Evaluatable</code> objects representing the
 *            arguments passed to the function
 * @param context an <code>EvaluationCtx</code> so that the <code>Evaluatable</code> objects can
 *            be evaluated
 * @return an <code>EvaluationResult</code> representing the function's result
 */
public EvaluationResult evaluate(List<Evaluatable> inputs, EvaluationCtx context) {
	// Evaluate the arguments
	AttributeValue[] argValues = new AttributeValue[inputs.size()];
	EvaluationResult result = evalArgs(inputs, context, argValues);
	if (result != null)
		return result;

	switch (getFunctionId()) {
	case ID_STRING_CONCATENATE:
		String str = ((StringAttribute) argValues[0]).getValue();
		StringBuffer buffer = new StringBuffer(str);
		for (int i = 1; i < argValues.length; i++) {
			buffer.append(((StringAttribute) (argValues[i])).getValue());
		}
		result = new EvaluationResult(new StringAttribute(buffer.toString()));
		break;
	}

	return result;
}
 
Example #15
Source File: FunctionBase.java    From balana with Apache License 2.0 6 votes vote down vote up
/**
 * Evaluates each of the parameters, in order, filling in the argument array with the resulting
 * values. If any error occurs, this method returns the error, otherwise null is returned,
 * signalling that evaluation was successful for all inputs, and the resulting argument list can
 * be used.
 * 
 * @param params a <code>List</code> of <code>Evaluatable</code> objects representing the
 *            parameters to evaluate
 * @param context the representation of the request
 * @param args an array as long as the params <code>List</code> that will, on return, contain
 *            the <code>AttributeValue</code>s generated from evaluating all parameters
 * 
 * @return <code>null</code> if no errors were encountered, otherwise an
 *         <code>EvaluationResult</code> representing the error
 */
protected EvaluationResult evalArgs(List<Evaluatable> params, EvaluationCtx context, AttributeValue[] args) {
    Iterator it = params.iterator();
    int index = 0;

    while (it.hasNext()) {
        // get and evaluate the next parameter
        Evaluatable eval = (Evaluatable) (it.next());
        EvaluationResult result = eval.evaluate(context);

        // If there was an error, pass it back...
        if (result.indeterminate()){
            return result;
        }
        // ...otherwise save it and keep going
        args[index++] = result.getAttributeValue();
    }

    // if no error occurred then we got here, so we return no errors
    return null;
}
 
Example #16
Source File: JSONRequestParser.java    From carbon-identity-framework with Apache License 2.0 6 votes vote down vote up
/**
 * Private methods constructing a Balana <code>{@link AttributeValue}</code> from given parameters
 *
 * @param value          <code>String</code> with the actual value of the Attribute
 * @param dataType       <code>URI</code> of the DataType of the value
 * @param parentDataType <code>URI</code> of the DataType of <code>{@link Attribute}</code> this belongs to
 * @return <code>{@link AttributeValue}</code>
 * @throws UnknownIdentifierException
 */
private static AttributeValue getAttributeValue(String value, URI dataType, URI parentDataType)
        throws UnknownIdentifierException {
    URI type = dataType;
    AttributeValue attributeValue = null;

    //check if dataType attribute is set, if not use the parent data type
    if (dataType == null) {
        type = parentDataType;
    }

    try {
        attributeValue = Balana.getInstance().getAttributeFactory().createValue(type, value);
    } catch (Exception e) {
        throw new UnknownIdentifierException();
    }
    return attributeValue;
}
 
Example #17
Source File: CombinerParameter.java    From balana with Apache License 2.0 6 votes vote down vote up
/**
 * Returns a new instance of the <code>CombinerParameter</code> class based on a DOM node. The
 * node must be the root of an XML CombinerParameterType.
 * 
 * @param root the DOM root of a CombinerParameterType XML type
 * 
 * @throws ParsingException if the CombinerParameterType is invalid
 * @return an instance of <code>CombinerParameter</code>
 */
public static CombinerParameter getInstance(Node root) throws ParsingException {
    // get the name, which is a required attribute
    String name = root.getAttributes().getNamedItem("ParameterName").getNodeValue();

    // get the attribute value, the only child of this element
    AttributeFactory attrFactory = Balana.getInstance().getAttributeFactory();
    AttributeValue value = null;

    try {
        value = attrFactory.createValue(root.getFirstChild());
    } catch (UnknownIdentifierException uie) {
        throw new ParsingException(uie.getMessage(), uie);
    }

    return new CombinerParameter(name, value);
}
 
Example #18
Source File: NotFunction.java    From balana with Apache License 2.0 5 votes vote down vote up
/**
 * Evaluate the function, using the specified parameters.
 * 
 * @param inputs a <code>List</code> of <code>Evaluatable</code> objects representing the
 *            arguments passed to the function
 * @param context an <code>EvaluationCtx</code> so that the <code>Evaluatable</code> objects can
 *            be evaluated
 * @return an <code>EvaluationResult</code> representing the function's result
 */
public EvaluationResult evaluate(List inputs, EvaluationCtx context) {

    // Evaluate the arguments
    AttributeValue[] argValues = new AttributeValue[inputs.size()];
    EvaluationResult result = evalArgs(inputs, context, argValues);
    if (result != null)
        return result;

    // Now that we have a real value, perform the not operation.
    boolean arg = ((BooleanAttribute) argValues[0]).getValue();
    return EvaluationResult.getInstance(!arg);
}
 
Example #19
Source File: TestResourceFinderModule.java    From balana with Apache License 2.0 5 votes vote down vote up
/**
 * Private helper method that checks if the given resource is the root
 * of a hierarchy that we know how to handle.
 */
private boolean requestApplies(AttributeValue root) {
    // make sure the resource-id is a URI
    if (! root.getType().toString().equals(AnyURIAttribute.identifier))
        return false;

    // make sure that the root is urn:root
    if (! ((AnyURIAttribute)root).getValue().toString().equals("urn:root"))
        return false;

    return true;
}
 
Example #20
Source File: XACML2EvaluationCtx.java    From balana with Apache License 2.0 5 votes vote down vote up
private MultipleCtxResult processHierarchicalAttributes(XACML2EvaluationCtx evaluationCtx) {

        ResourceFinderResult resourceResult = null;
        Set<EvaluationCtx> children = new HashSet<EvaluationCtx>();
        AttributeValue resourceId = evaluationCtx.getResourceId();
        int resourceScope = evaluationCtx.getResourceScope();

        if(resourceId != null){
            if(resourceScope == XACMLConstants.SCOPE_CHILDREN){
                resourceResult = evaluationCtx.getPdpConfig().getResourceFinder().
                                                findChildResources(resourceId, evaluationCtx);
            } else if(resourceScope == XACMLConstants.SCOPE_DESCENDANTS) {
                resourceResult = evaluationCtx.getPdpConfig().getResourceFinder().
                                                findDescendantResources(resourceId, evaluationCtx);
            } else {
                logger.error("Unknown scope type: " );
                //TODO
            }
        } else {
             logger.error("ResourceId Attribute is NULL: " );
            // TODO
        }

        if(resourceResult == null || resourceResult.isEmpty()){
            logger.error("Resource Finder result is NULL: " );
            // TODO
        } else {
            for (AttributeValue resource : resourceResult.getResources()) {
                evaluationCtx.setResourceId(resource, attributesSet);
                children.add(evaluationCtx);
            }
        }

        return new MultipleCtxResult(children, null, false);

    }
 
Example #21
Source File: Attribute.java    From balana with Apache License 2.0 5 votes vote down vote up
/**
 * a <code>AttributeValue</code>  of this attribute,
 * or null if no value was included
 *
 * @return the attribute' s value or null
 */
public AttributeValue getValue() {

    if(attributeValues != null){
        return attributeValues.get(0);
    }
    return null;
}
 
Example #22
Source File: RoundFunction.java    From balana with Apache License 2.0 5 votes vote down vote up
/**
 * Evaluate the function, using the specified parameters.
 * 
 * @param inputs a <code>List</code> of <code>Evaluatable</code> objects representing the
 *            arguments passed to the function
 * @param context an <code>EvaluationCtx</code> so that the <code>Evaluatable</code> objects can
 *            be evaluated
 * @return an <code>EvaluationResult</code> representing the function's result
 */
public EvaluationResult evaluate(List inputs, EvaluationCtx context) {

    // Evaluate the arguments
    AttributeValue[] argValues = new AttributeValue[inputs.size()];
    EvaluationResult result = evalArgs(inputs, context, argValues);
    if (result != null)
        return result;

    // Now that we have real values, perform the round operation
    double arg = ((DoubleAttribute) argValues[0]).getValue();
    BigDecimal roundValue = new BigDecimal(arg);

    return new EvaluationResult(new DoubleAttribute(roundValue.setScale(0, RoundingMode.HALF_EVEN).doubleValue()));
}
 
Example #23
Source File: URLStringCatFunction.java    From balana with Apache License 2.0 5 votes vote down vote up
/**
 * Evaluates the function given the input data. This function expects an
 * <code>AnyURIAttribute</code> followed by one or more <code>StringAttribute</code>s, and
 * returns an <code>AnyURIAttribute</code>.
 * 
 * @param inputs the input agrument list
 * @param context the representation of the request
 * 
 * @return the result of evaluation
 */
public EvaluationResult evaluate(List inputs, EvaluationCtx context) {
	// Evaluate the arguments
	AttributeValue[] argValues = new AttributeValue[inputs.size()];
	EvaluationResult result = evalArgs(inputs, context, argValues);
	if (result != null)
		return result;

	// the first argument is always a URI
	String str = ((AnyURIAttribute) (argValues[0])).getValue().toString();

	// the remaining arguments are strings
	StringBuffer buffer = new StringBuffer(str);
	for (int i = 1; i < argValues.length; i++) {
		buffer.append(((StringAttribute) (argValues[i])).getValue());
	}

	// finally, try to convert the string back to a URI
	try {
		return new EvaluationResult(new AnyURIAttribute(new URI(str)));
	} catch (URISyntaxException use) {
		List code = new ArrayList();
		code.add(Status.STATUS_PROCESSING_ERROR);
		String message = NAME_URI_STRING_CONCATENATE + " didn't produce" + " a valid URI: "
				+ str;

		return new EvaluationResult(new Status(code, message));
	}
}
 
Example #24
Source File: XACML2EvaluationCtx.java    From balana with Apache License 2.0 5 votes vote down vote up
/**
 * Changes the value of the resource-id attribute in this context. This is useful when you have
 * multiple resources (ie, a scope other than IMMEDIATE), and you need to keep changing only the
 * resource-id to evaluate the different effective requests.
 *
 * @param resourceId the new resource-id value
 */
public void setResourceId(AttributeValue resourceId, Set<Attributes> attributesSet) {
    this.resourceId = resourceId;

    // there will always be exactly one value for this attribute
    Set attrSet = (Set) (resourceMap.get(XACMLConstants.RESOURCE_ID));
    Attribute attr = (Attribute) (attrSet.iterator().next());

    // remove the old value...
    attrSet.remove(attr);

    // ...and insert the new value
    attrSet.add(new Attribute(attr.getId(), attr.getIssuer(), attr.getIssueInstant(),
            resourceId,XACMLConstants.XACML_VERSION_2_0));
}
 
Example #25
Source File: DefaultAttributeFinder.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
/**
 * This method is introduced in order to check whether the user is local or federated. If it is a
 * federated user, obtaining user attributes from userstore will be prevented.
 *
 * @param attributeType The type of the required attribute.
 * @param attributeId   The unique id of the required attribute.
 * @param category      The category of the required attribute.
 * @param issuer        The attribute issuer.
 * @param evaluationCtx The evaluation context object.
 * @return return the set of values for the required attribute.
 * @throws Exception throws if fails.
 */
@Override
public Set<String> getAttributeValues(URI attributeType, URI attributeId, URI category,
                                      String issuer, EvaluationCtx evaluationCtx) throws Exception {

    Set<String> values = null;
    EvaluationResult userType = evaluationCtx.getAttribute(new URI(StringAttribute.identifier), new URI(
            PDPConstants.USER_TYPE_ID), issuer, new URI(PDPConstants.USER_CATEGORY));
    String userTypeId = null;
    if (userType != null && userType.getAttributeValue() != null && userType.getAttributeValue().isBag()) {
        BagAttribute bagAttribute = (BagAttribute) userType.getAttributeValue();
        if (bagAttribute.size() > 0) {
            userTypeId = ((AttributeValue) bagAttribute.iterator().next()).encode();
            if (log.isDebugEnabled()) {
                log.debug(String.format("The user type of the user is %s", userTypeId));
            }
        }
    }

    if (!StringUtils.equalsIgnoreCase(userTypeId, FEDERATED_USER_DOMAIN)) {
        // If the user is not a federated user, user attributes should be be populated from local userstore.
        values = super.getAttributeValues(attributeType, attributeId, category, issuer, evaluationCtx);
    } else if (mapFederatedUsersToLocal) {
        // If the user is federated and the MapFederatedToLocal config is enabled, then populate user attributes
        // from userstore.
        values = super.getAttributeValues(attributeType, attributeId, category, issuer, evaluationCtx);
    }
    return values;
}
 
Example #26
Source File: EntitlementUtil.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
public static Attributes getAttributes(AttributeDTO attributeDataDTO) {

        try {
            AttributeValue value = Balana.getInstance().getAttributeFactory().
                    createValue(new URI(attributeDataDTO.getAttributeDataType()),
                            attributeDataDTO.getAttributeValue());
            Attribute attribute = new Attribute(new URI(attributeDataDTO.getAttributeId()),
                    null, null, value, XACMLConstants.XACML_VERSION_3_0);
            Set<Attribute> set = new HashSet<Attribute>();
            set.add(attribute);
            String category = attributeDataDTO.getCategory();
            // We are only creating XACML 3.0 requests Therefore covert order XACML categories to new uris
            if (PDPConstants.SUBJECT_ELEMENT.equals(category)) {
                category = PDPConstants.SUBJECT_CATEGORY_URI;
            } else if (PDPConstants.RESOURCE_ELEMENT.equals(category)) {
                category = PDPConstants.RESOURCE_CATEGORY_URI;
            } else if (PDPConstants.ACTION_ELEMENT.equals(category)) {
                category = PDPConstants.ACTION_CATEGORY_URI;
            } else if (PDPConstants.ENVIRONMENT_ELEMENT.equals(category)) {
                category = PDPConstants.ENVIRONMENT_CATEGORY_URI;
            }
            return new Attributes(new URI(category), set);
        } catch (Exception e) {
            log.debug(e);
            //ignore and return null;
        }

        return null;
    }
 
Example #27
Source File: LogicalFunction.java    From balana with Apache License 2.0 5 votes vote down vote up
/**
 * Evaluate the function, using the specified parameters.
 * 
 * @param inputs a <code>List</code> of <code>Evaluatable</code> objects representing the
 *            arguments passed to the function
 * @param context an <code>EvaluationCtx</code> so that the <code>Evaluatable</code> objects can
 *            be evaluated
 * @return an <code>EvaluationResult</code> representing the function's result
 */
public EvaluationResult evaluate(List inputs, EvaluationCtx context) {

    // Evaluate the arguments one by one. As soon as we can
    // return a result, do so. Return Indeterminate if any argument
    // evaluated is indeterminate.
    Iterator it = inputs.iterator();
    while (it.hasNext()) {
        Evaluatable eval = (Evaluatable) (it.next());

        // Evaluate the argument
        EvaluationResult result = eval.evaluate(context);
        if (result.indeterminate())
            return result;

        AttributeValue value = result.getAttributeValue();
        boolean argBooleanValue = ((BooleanAttribute) value).getValue();

        switch (getFunctionId()) {
        case ID_OR:
            if (argBooleanValue)
                return EvaluationResult.getTrueInstance();
            break;
        case ID_AND:
            if (!argBooleanValue)
                return EvaluationResult.getFalseInstance();
            break;
        }
    }

    if (getFunctionId() == ID_OR)
        return EvaluationResult.getFalseInstance();
    else
        return EvaluationResult.getTrueInstance();
}
 
Example #28
Source File: CurrentEnvModule.java    From balana with Apache License 2.0 5 votes vote down vote up
/**
 * Private helper that makes a bag containing only the given attribute.
 */
private EvaluationResult makeBag(AttributeValue attribute) {
    List<AttributeValue> set = new ArrayList<AttributeValue>();
    set.add(attribute);

    BagAttribute bag = new BagAttribute(attribute.getType(), set);

    return new EvaluationResult(bag);
}
 
Example #29
Source File: XPathAttributeProxy.java    From balana with Apache License 2.0 5 votes vote down vote up
public AttributeValue getInstance(String value, String[] params) throws Exception {
    //only one parameter is needed which is called XPathcategory
    String xPathCategory = null;
    if(params != null){
        xPathCategory = params[0];
    }
    return XPathAttribute.getInstance(value, xPathCategory);    
}
 
Example #30
Source File: Attribute.java    From balana with Apache License 2.0 5 votes vote down vote up
/**
 * Encodes this <code>Attribute</code> into its XML form and writes this out to the provided
 * <code>StringBuilder<code>
 *
 * @param builder string stream into which the XML-encoded data is written
 */
public void encode(StringBuilder builder) {

    builder.append("<Attribute AttributeId=\"").append(id.toString()).append("\"");

    if((xacmlVersion == XACMLConstants.XACML_VERSION_3_0)){
        builder.append(" IncludeInResult=\"").append(includeInResult).append("\"");
    } else {
        builder.append(" DataType=\"").append(type.toString()).append("\"");
        if (issueInstant != null){
            builder.append(" IssueInstant=\"").append(issueInstant.encode()).append("\"");
        }
    }

    if (issuer != null) {
        builder.append(" Issuer=\"").append(issuer).append("\"");
    }

    builder.append(">\n");

    if(attributeValues != null && attributeValues.size() > 0){
        for(AttributeValue value : attributeValues){
            value.encode(builder);
        }
    }

    builder.append("</Attribute>\n");
}