001/**
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: XACMLQueryUtil.java,v 1.1 2009/09/22 22:50:14 madan_ranganath Exp $
026 *
027 */
028
029/*
030 * Portions copyright 2013 ForgeRock, Inc.
031 */
032
033package com.sun.identity.saml2.profile;
034
035import java.net.URI;
036import java.net.URISyntaxException;
037import java.util.ArrayList;
038import java.util.List;
039import javax.servlet.http.HttpServletRequest;
040
041import com.sun.identity.plugin.session.SessionException;
042import com.sun.identity.plugin.session.SessionManager;
043import com.sun.identity.plugin.session.SessionProvider;
044import com.sun.identity.saml2.common.SAML2Exception;
045import com.sun.identity.saml2.common.SAML2Utils;
046import com.sun.identity.xacml.client.XACMLRequestProcessor;
047import com.sun.identity.xacml.common.XACMLConstants;
048import com.sun.identity.xacml.common.XACMLException;
049import com.sun.identity.xacml.context.Action;
050import com.sun.identity.xacml.context.Attribute;
051import com.sun.identity.xacml.context.ContextFactory;
052import com.sun.identity.xacml.context.Decision;
053import com.sun.identity.xacml.context.Environment;
054import com.sun.identity.xacml.context.Request;
055import com.sun.identity.xacml.context.Resource;
056import com.sun.identity.xacml.context.Response;
057import com.sun.identity.xacml.context.Result;
058import com.sun.identity.xacml.context.Subject;
059
060/**
061 * This class provides methods to send or process <code>AttributeQuery</code>.
062 *
063 * @supported.api
064 */
065
066public class XACMLQueryUtil {
067
068    static SessionProvider sessionProvider = null;
069
070    static {
071        try {
072            sessionProvider = SessionManager.getProvider();
073        } catch (SessionException se) {
074            SAML2Utils.debug.error("Error retrieving session provider.", se);
075        }
076    }
077
078    private XACMLQueryUtil() {
079    }
080
081    /**
082     * Sends the XACML query to specifiied PDP, gets the policy decision
083     * and sends it back to the Fedlet
084     *
085     * @param request HTTP Servlet Request
086     * @param pepEntityID PEP entity ID
087     * @param pdpEntityID PDP entity ID
088     * @param nameIDValue  NameID value 
089     * @param serviceName  Service Name
090     * @param resource  Resource URL
091     * @param action  Action
092     *
093     * @return the <code>String</code> object
094     * @exception SAML2Exception if the operation is not successful
095     *
096     * @supported.api
097     */
098
099    public static String getPolicyDecisionForFedlet(HttpServletRequest request,
100                                                    String pepEntityID,
101                                                    String pdpEntityID,
102                                                    String nameIDValue,
103                                                    String serviceName,
104                                                    String resource,
105                                                    String action)
106                                                    throws SAML2Exception {
107        Request Xrequest = ContextFactory.getInstance().createRequest();
108        Response xacmlResponse=null;
109
110        try {            
111            //Subject
112            Subject subject = ContextFactory.getInstance().createSubject();
113            subject.setSubjectCategory(new URI(XACMLConstants.ACCESS_SUBJECT));
114
115                //set subject id
116            Attribute attribute = ContextFactory.getInstance().createAttribute();
117            attribute.setAttributeId(new URI(XACMLConstants.SUBJECT_ID));
118            attribute.setDataType(new URI(XACMLConstants.SAML2_NAMEID));
119            List valueList = new ArrayList();
120            valueList.add(nameIDValue);
121            attribute.setAttributeStringValues(valueList);
122            List attributeList = new ArrayList();
123            attributeList.add(attribute);
124            subject.setAttributes(attributeList);
125
126            // Set Subject in Request
127            List subjectList = new ArrayList();
128            subjectList.add(subject);
129            Xrequest.setSubjects(subjectList);
130
131            // Resource
132            Resource xacml_resource =
133                                 ContextFactory.getInstance().createResource();
134
135            // Set resource id
136            attribute = ContextFactory.getInstance().createAttribute();
137            attribute.setAttributeId(new URI(XACMLConstants.RESOURCE_ID));
138            attribute.setDataType( new URI(XACMLConstants.XS_STRING));
139            valueList = new ArrayList();
140            valueList.add(resource);
141            attribute.setAttributeStringValues(valueList);
142            attributeList = new ArrayList();
143            attributeList.add(attribute);
144
145            // Set serviceName
146            attribute = ContextFactory.getInstance().createAttribute();
147            attribute.setAttributeId(new URI(XACMLConstants.TARGET_SERVICE));
148            attribute.setDataType(new URI(XACMLConstants.XS_STRING));
149            valueList = new ArrayList();
150            valueList.add(serviceName);
151            attribute.setAttributeStringValues(valueList);
152            attributeList.add(attribute);
153            xacml_resource.setAttributes(attributeList);
154
155            // Set Resource in Request
156            List resourceList = new ArrayList();
157            resourceList.add(xacml_resource);
158            Xrequest.setResources(resourceList);
159
160            // Action
161            Action xacml_action = ContextFactory.getInstance().createAction();
162            attribute = ContextFactory.getInstance().createAttribute();
163            attribute.setAttributeId(new URI(XACMLConstants.ACTION_ID));
164            attribute.setDataType(new URI(XACMLConstants.XS_STRING));
165
166            // Set actionID
167            valueList = new ArrayList();
168            valueList.add(action);
169            attribute.setAttributeStringValues(valueList);
170            attributeList = new ArrayList();
171            attributeList.add(attribute);
172            xacml_action.setAttributes(attributeList);
173
174            // Set Action in Request
175            Xrequest.setAction(xacml_action);
176
177            Environment environment =
178                    ContextFactory.getInstance().createEnvironment();
179            Xrequest.setEnvironment(environment);
180
181            xacmlResponse =
182                    XACMLRequestProcessor.getInstance().processRequest(
183                                         Xrequest, pdpEntityID, pepEntityID);
184            if (xacmlResponse != null) {
185                List results = xacmlResponse.getResults();
186                if (results.size() > 0) {
187                    Result policy_result = (Result)results.get(0);
188                    if (policy_result != null) {
189                        Decision decision =
190                                (Decision)policy_result.getDecision();
191                        if (decision != null) {
192                            String policy_decision = decision.getValue();
193                            if (policy_decision != null) {
194                                return policy_decision;
195                            }
196                        }
197                    }
198                }
199            }
200        } catch (URISyntaxException uriexp){
201            if (SAML2Utils.debug.messageEnabled()) {
202                SAML2Utils.debug.message("XACMLQueryUtil." +
203                   "getPolicyDecisionForFedlet: " +
204                   "URI Exception while sending the XACML Request");
205            }
206        } catch (XACMLException xacmlexp){
207            if (SAML2Utils.debug.messageEnabled()) {
208                SAML2Utils.debug.message("XACMLQueryUtil." +
209                   "getPolicyDecisionForFedlet: " +
210                   "Error while processing the XACML Response");
211            }
212        }
213        return null;
214    }
215}
216
217