Java Code Examples for org.wso2.balana.ctx.AbstractResult#getStatus()

The following examples show how to use org.wso2.balana.ctx.AbstractResult#getStatus() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.

Example 1

Source File: JSONResponseWriter.java From carbon-identity-framework with Apache License 2.0

4 votes

/**
 * Private method to convert a given Balana <code>{@link AbstractResult}</code> to a <code>{@link JsonObject}</code>
 *
 * @param result <code>{@link AbstractResult}</code>
 * @return <code>{@link JsonObject}</code>
 * @throws ResponseWriteException <code>{@link ResponseWriteException}</code>
 */
private static JsonObject abstractResultToJSONObject(AbstractResult result) throws ResponseWriteException {

    JsonObject jsonResult = new JsonObject();

    //Decision property is mandatory, if not set throw error
    if (result.getDecision() == -1) {
        throw new ResponseWriteException(40031, "XACML Result should contain the Decision");
    }
    jsonResult.addProperty(EntitlementEndpointConstants.DECISION,
            AbstractResult.DECISIONS[result.getDecision()]);

    //If Status object is present, convert it
    if (result.getStatus() != null) {
        jsonResult.add(EntitlementEndpointConstants.STATUS, statusToJSONObject(result.getStatus()));
    }

    //If Obligations are present
    if (result.getObligations() != null && !result.getObligations().isEmpty()) {
        //can only get ObligationResult objects from balana
        JsonArray obligations = new JsonArray();
        for (ObligationResult obligation : result.getObligations()) {
            if (obligation instanceof Obligation) {
                obligations.add(obligationToJsonObject((Obligation) obligation));
            } else {
                obligations.add(new JsonPrimitive(obligation.encode()));
            }
        }

        jsonResult.add(EntitlementEndpointConstants.OBLIGATIONS, obligations);
    }

    // Do the same with attributes
    if (result.getAdvices() != null && !result.getAdvices().isEmpty()) {
        //can only get ObligationResult objects from balana
        JsonArray advices = new JsonArray();
        for (Advice advice : result.getAdvices()) {
            advices.add(adviceToJsonObject(advice));
        }

        jsonResult.add(EntitlementEndpointConstants.ASSOCIATED_ADVICE, advices);
    }

    // If includeInResponse=true, other attributes will be populated from here with the decision.
    if (((Result) result).getAttributes() != null && !((Result) result).getAttributes().isEmpty()) {
        Set<Attributes> attributes = ((Result) result).getAttributes();

        for (Attributes attribute : attributes) {

            switch (attribute.getCategory().toString()) {
                case EntitlementEndpointConstants.CATEGORY_ACTION_URI:
                    jsonResult.add(EntitlementEndpointConstants.CATEGORY_ACTION, getJsonObject(attribute));
                    break;

                case EntitlementEndpointConstants.CATEGORY_RESOURCE_URI:
                    jsonResult.add(EntitlementEndpointConstants.CATEGORY_RESOURCE, getJsonObject(attribute));
                    break;

                case EntitlementEndpointConstants.CATEGORY_ACCESS_SUBJECT_URI:
                    jsonResult.add(EntitlementEndpointConstants.CATEGORY_ACCESS_SUBJECT, getJsonObject(attribute));
                    break;

                case EntitlementEndpointConstants.CATEGORY_ENVIRONMENT_URI:
                    jsonResult.add(EntitlementEndpointConstants.CATEGORY_ENVIRONMENT, getJsonObject(attribute));
                    break;

                case EntitlementEndpointConstants.CATEGORY_RECIPIENT_SUBJECT_URI:
                    jsonResult.add(EntitlementEndpointConstants.CATEGORY_RECIPIENT_SUBJECT,
                            getJsonObject(attribute));
                    break;

                case EntitlementEndpointConstants.CATEGORY_INTERMEDIARY_SUBJECT_URI:
                    jsonResult.add(EntitlementEndpointConstants.CATEGORY_INTERMEDIARY_SUBJECT,
                            getJsonObject(attribute));
                    break;

                case EntitlementEndpointConstants.CATEGORY_CODEBASE_URI:
                    jsonResult.add(EntitlementEndpointConstants.CATEGORY_CODEBASE, getJsonObject(attribute));
                    break;

                case EntitlementEndpointConstants.CATEGORY_REQUESTING_MACHINE_URI:
                    jsonResult.add(EntitlementEndpointConstants.CATEGORY_REQUESTING_MACHINE,
                            getJsonObject(attribute));
                    break;

                default:
                    jsonResult.add(attribute.getCategory().toString(), getJsonObject(attribute));
                    break;
            }
        }
    }

    return jsonResult;
}

Example 2

Source File: PermitOverridesPolicyAlg.java From balana with Apache License 2.0

4 votes

/**
 * Applies the combining rule to the set of policies based on the evaluation context.
 * 
 * @param context the context from the request
 * @param parameters a (possibly empty) non-null <code>List</code> of
 *            <code>CombinerParameter<code>s
 * @param policyElements the policies to combine
 *
 * @return the result of running the combining algorithm
 */
public AbstractResult combine(EvaluationCtx context, List parameters, List policyElements) {
    boolean atLeastOneError = false;
    boolean atLeastOneDeny = false;
    List<ObligationResult> denyObligations = new ArrayList<ObligationResult>();
    List<Advice> denyAdvices = new ArrayList<Advice>();
    Status firstIndeterminateStatus = null;
    Iterator it = policyElements.iterator();

    while (it.hasNext()) {
        AbstractPolicy policy = ((PolicyCombinerElement) (it.next())).getPolicy();

        // make sure that the policy matches the context
        MatchResult match = policy.match(context);

        if (match.getResult() == MatchResult.INDETERMINATE) {
            atLeastOneError = true;

            // keep track of the first error, regardless of cause
            if (firstIndeterminateStatus == null){
                firstIndeterminateStatus = match.getStatus();
            }
        } else if (match.getResult() == MatchResult.MATCH) {
            // now we evaluate the policy
            AbstractResult result = policy.evaluate(context);
            int effect = result.getDecision();

            // this is a little different from DenyOverrides...

            if (effect == Result.DECISION_PERMIT)
                return result;

            if (effect == Result.DECISION_DENY) {
                atLeastOneDeny = true;
                denyAdvices.addAll(result.getAdvices());
                denyObligations.addAll(result.getObligations());
            } else if (effect == AbstractResult.DECISION_INDETERMINATE ||
                effect == AbstractResult.DECISION_INDETERMINATE_DENY ||
                effect == AbstractResult.DECISION_INDETERMINATE_PERMIT ||
                effect == AbstractResult.DECISION_INDETERMINATE_DENY_OR_PERMIT) {
                
                atLeastOneError = true;
                // keep track of the first error, regardless of cause
                if (firstIndeterminateStatus == null)
                    firstIndeterminateStatus = result.getStatus();
            }
        }
    }

    // if we got a DENY, return it
    if (atLeastOneDeny){
        return ResultFactory.getFactory().getResult(Result.DECISION_DENY, denyObligations,
                                                                        denyAdvices, context);
    }
    // if we got an INDETERMINATE, return it
    if (atLeastOneError){
        return ResultFactory.getFactory().getResult(Result.DECISION_INDETERMINATE,
                firstIndeterminateStatus, context);
    }

    // if we got here, then nothing applied to us
    //return new Result(Result.DECISION_NOT_APPLICABLE, context.getResourceId().encode());
    return ResultFactory.getFactory().getResult(Result.DECISION_NOT_APPLICABLE, context);
}