001/** 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: AuthorizationDecisionQuery.java,v 1.2 2008/06/25 05:47:36 qcheng Exp $ 026 * 027 */ 028 029 030 031package com.sun.identity.saml.protocol; 032 033import com.sun.identity.saml.assertion.Action; 034import com.sun.identity.saml.assertion.Evidence; 035import com.sun.identity.saml.assertion.Subject; 036 037import com.sun.identity.saml.common.SAMLConstants; 038import com.sun.identity.saml.common.SAMLException; 039import com.sun.identity.saml.common.SAMLRequesterException; 040import com.sun.identity.saml.common.SAMLUtils; 041 042import java.util.ArrayList; 043import java.util.Collections; 044import java.util.Iterator; 045import java.util.List; 046 047import org.w3c.dom.Element; 048import org.w3c.dom.Node; 049import org.w3c.dom.NodeList; 050 051/** 052 * This concrete class extends from the abstract base class 053 * <code>SubjectQuery</code>. 054 * It represents the query for an authorization decision assertion. It 055 * corresponds to the <code><samlp:AuthorizationDecisionQueryType></code> 056 * in the SAML protocol schema. 057 * 058 * @supported.all.api 059 */ 060public class AuthorizationDecisionQuery extends SubjectQuery { 061 062 protected String resource = null; 063 protected List actions = Collections.EMPTY_LIST; 064 protected Evidence evidence = null; 065 066 /** 067 * Default Constructor 068 */ 069 protected AuthorizationDecisionQuery() { 070 } 071 072 /** 073 * This constructor is used to build an Authorization Decision Query from 074 * a DOM tree that was built from the XML string. 075 * 076 * @param element the DOM tree element which contains an Authorization 077 * Decision Query. 078 * @exception SAMLException when an error occurs. 079 */ 080 public AuthorizationDecisionQuery(Element element) 081 throws SAMLException { 082 // make sure the input is not null 083 if (element == null) { 084 SAMLUtils.debug.message("AuthorizationDecisionQuery: null input."); 085 throw new SAMLRequesterException( 086 SAMLUtils.bundle.getString("nullInput")); 087 } 088 089 // make sure it's an AuthorizationDecisionQuery 090 boolean valid = SAMLUtils.checkQuery(element, 091 "AuthorizationDecisionQuery"); 092 if (!valid) { 093 SAMLUtils.debug.message("AuthorizationDecisionQuery: wrong inout."); 094 throw new SAMLRequesterException( 095 SAMLUtils.bundle.getString("wrongInput")); 096 } 097 098 // getting the resource 099 resource = element.getAttribute("Resource"); 100 if ((resource == null) || (resource.length() == 0)) { 101 if (SAMLUtils.debug.messageEnabled()) { 102 SAMLUtils.debug.message("AuthorizationDecisionQuery: " 103 + "Missing attribute Resource."); 104 } 105 throw new SAMLRequesterException( 106 SAMLUtils.bundle.getString("missingAttribute")); 107 } 108 109 // TODO not checking the sequence. 110 111 NodeList nl = element.getChildNodes(); 112 Node child; 113 String childName; 114 int length = nl.getLength(); 115 // loop through all the children including TEXT and COMMENT 116 for (int k = 0; k < length; k++) { 117 child = nl.item(k); 118 if ((childName = child.getLocalName()) != null) { 119 if (childName.equals("Subject")) { 120 if (subject != null) { 121 if (SAMLUtils.debug.messageEnabled()) { 122 SAMLUtils.debug.message("AuthorizationDecisionQuery" 123 + ": contained more than one <Subject>"); 124 } 125 throw new SAMLRequesterException( 126 SAMLUtils.bundle.getString("moreElement")); 127 } 128 subject = new Subject((Element) child); 129 } else if (childName.equals("Action")) { 130 if (actions == Collections.EMPTY_LIST) { 131 actions = new ArrayList(); 132 } 133 actions.add(new Action((Element) child)); 134 } else if (childName.equals("Evidence")) { 135 if (evidence != null) { 136 if (SAMLUtils.debug.messageEnabled()) { 137 SAMLUtils.debug.message("AuthorizationDecisionQuery" 138 + ": contained more than one <Evidence>"); 139 } 140 throw new SAMLRequesterException( 141 SAMLUtils.bundle.getString("moreElement")); 142 } 143 evidence = new Evidence((Element) child); 144 } else { 145 if (SAMLUtils.debug.messageEnabled()) { 146 SAMLUtils.debug.message("AuthorizationDecisionQuery: " 147 + "included wrong element:" + childName); 148 } 149 throw new SAMLRequesterException( 150 SAMLUtils.bundle.getString("wrongInput")); 151 } 152 } // end childName != null 153 } // end for loop 154 155 // make sure there is one Subject 156 if (subject == null) { 157 if (SAMLUtils.debug.messageEnabled()) { 158 SAMLUtils.debug.message("AuthorizationDecisionQuery: missing " 159 + "<Subject>"); 160 } 161 throw new SAMLRequesterException( 162 SAMLUtils.bundle.getString("missingElement")); 163 } 164 165 // make sure there is at least one Action 166 if (actions == Collections.EMPTY_LIST) { 167 if (SAMLUtils.debug.messageEnabled()) { 168 SAMLUtils.debug.message("AuthorizationDecisionQuery: missing" 169 + " <Action>"); 170 } 171 throw new SAMLRequesterException( 172 SAMLUtils.bundle.getString("missingElement")); 173 } 174 } 175 176 private void buildAuthZQuery(Subject theSubject, 177 List theActions, 178 Evidence theEvidence, 179 String theResource) 180 throws SAMLException { 181 if (theSubject == null) { 182 if (SAMLUtils.debug.messageEnabled()) { 183 SAMLUtils.debug.message("AuthorizationDecisionQuery: " 184 + "input <Subject> is null."); 185 } 186 throw new SAMLRequesterException( 187 SAMLUtils.bundle.getString("nullInput")); 188 } 189 this.subject = theSubject; 190 191 int length; 192 Object temp = null; 193 if ((theActions != null) && 194 ((length = theActions.size()) != 0)) { 195 for (int i = 0; i < length; i++) { 196 temp = theActions.get(i); 197 if (!(temp instanceof Action)) { 198 if (SAMLUtils.debug.messageEnabled()) { 199 SAMLUtils.debug.message("AuthorizationDecisionQuery: " 200 + "Wrong input for Action."); 201 } 202 throw new SAMLRequesterException( 203 SAMLUtils.bundle.getString("wrongInput")); 204 } 205 } 206 this.actions = theActions; 207 } 208 if (actions == Collections.EMPTY_LIST) { 209 if (SAMLUtils.debug.messageEnabled()) { 210 SAMLUtils.debug.message("AuthorizationDecisionQuery: " 211 + "missing <Action> in input."); 212 } 213 throw new SAMLRequesterException( 214 SAMLUtils.bundle.getString("missingElement")); 215 } 216 217 evidence = theEvidence; 218 219 if ((theResource == null) || (theResource.length() == 0)) { 220 if (SAMLUtils.debug.messageEnabled()) { 221 SAMLUtils.debug.message("AuthorizationDecisionQuery: " 222 + "Missing attribute Resource."); 223 } 224 throw new SAMLRequesterException( 225 SAMLUtils.bundle.getString("missingAttribute")); 226 } 227 this.resource = theResource; 228 } 229 230 /** 231 * Constructor 232 * 233 * @param theSubject The subject of the query. 234 * @param theActions The List of Actions of the query. 235 * @param theEvidence The evidence of the query. It could be null when 236 * there is no Evidence in the query. 237 * @param theResource A string representing the resource of the query. 238 * @exception SAMLException when an error occurs. 239 */ 240 public AuthorizationDecisionQuery(Subject theSubject, 241 List theActions, 242 Evidence theEvidence, 243 String theResource) 244 throws SAMLException 245 { 246 buildAuthZQuery(theSubject, theActions, theEvidence, theResource); 247 } 248 249 /** 250 * Constructor 251 * 252 * @param theSubject The subject of the query. 253 * @param theActions The List of Actions of the query. 254 * @param theResource A string representing the resource of the query. 255 * @exception SAMLException when an error occurs. 256 */ 257 public AuthorizationDecisionQuery(Subject theSubject, 258 List theActions, 259 String theResource) 260 throws SAMLException { 261 buildAuthZQuery(theSubject, theActions, null, theResource); 262 } 263 264 /** 265 * Returns the List of Actions. 266 * @return The Actions included in the query. 267 */ 268 public List getAction() { 269 return actions; 270 } 271 272 /** 273 * Returns the <code>Evidence</code> 274 * 275 * @return the Evidence in the query. A null is returned 276 * if there is no Evidence in the query. 277 */ 278 public Evidence getEvidence() { 279 return evidence; 280 } 281 282 /** 283 * Accessor for the Resource 284 * 285 * @return A string representing the resource. 286 */ 287 public String getResource() { 288 return resource; 289 } 290 291 /** 292 * Returns the type of the query. 293 * 294 * @return an integer which is Query.AUTHORIZATION_DECISION_QUERY. 295 */ 296 public int getQueryType() { 297 return Query.AUTHORIZATION_DECISION_QUERY; 298 } 299 300 /** 301 * This method translates the <code>AuthorizationDecisionQuery</code> to an 302 * XML document String based on the <code>AuthorizationDecisionQuery</code> 303 * schema. 304 * 305 * @return An XML String representing the 306 * <code>AuthorizationDecisionQuery</code>. 307 */ 308 public String toString() { 309 return this.toString(true, false); 310 } 311 312 /** 313 * Create a String representation of the 314 * <code>samlp:AuthorizationDecisionQuery</code> element. 315 * 316 * @param includeNS Determines whether or not the namespace qualifier 317 * is prepended to the Element when converted 318 * @param declareNS Determines whether or not the namespace is declared 319 * within the Element. 320 * @return A string containing the valid XML for this element 321 */ 322 public String toString(boolean includeNS, boolean declareNS) { 323 StringBuffer xml = new StringBuffer(200); 324 String prefix = ""; 325 String uri = ""; 326 if (includeNS) { 327 prefix = SAMLConstants.PROTOCOL_PREFIX; 328 } 329 if (declareNS) { 330 uri = SAMLConstants.PROTOCOL_NAMESPACE_STRING; 331 } 332 xml.append("<").append(prefix).append("AuthorizationDecisionQuery"). 333 append(uri).append(" Resource=\"").append(resource). 334 append("\">\n"). 335 append(subject.toString(true, true)); 336 337 Iterator iterator = actions.iterator(); 338 while (iterator.hasNext()) { 339 xml.append(((Action) iterator.next()).toString(true, true)); 340 } 341 342 if (evidence != null) { 343 xml.append(evidence.toString(true, true)); 344 } 345 xml.append("</").append(prefix).append("AuthorizationDecisionQuery>\n"); 346 return xml.toString(); 347 } 348}