001/** 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: XACMLRequestProcessor.java,v 1.4 2009/09/22 23:00:34 madan_ranganath Exp $ 026 * 027 */ 028 029package com.sun.identity.xacml.client; 030 031import java.util.Date; 032import java.util.List; 033 034import com.sun.identity.saml2.assertion.AssertionFactory; 035import com.sun.identity.saml2.assertion.Assertion; 036import com.sun.identity.saml2.assertion.Issuer; 037import com.sun.identity.saml2.common.SAML2Constants; 038import com.sun.identity.saml2.common.SAML2Exception; 039import com.sun.identity.saml2.common.SAML2Utils; 040import com.sun.identity.saml2.soapbinding.QueryClient; 041 042import com.sun.identity.xacml.common.XACMLException; 043 044import com.sun.identity.xacml.common.XACMLException; 045import com.sun.identity.xacml.common.XACMLSDKUtils; 046import com.sun.identity.xacml.context.ContextFactory; 047import com.sun.identity.xacml.context.Request; 048import com.sun.identity.xacml.context.Response; 049import com.sun.identity.xacml.saml2.XACMLAuthzDecisionQuery; 050import com.sun.identity.xacml.saml2.XACMLAuthzDecisionStatement; 051 052/** 053 * This class provides the public API to process XACML context Request. 054 * This class accepts XACML context Request to get authorization decision, 055 * posts the request to PDP using SAML2 profile, gets SAML Response back, 056 * extacts XACML context Response from the XACMLAuthzDecisionStatement 057 * returned in SAML Response and returns the XACML context Response. 058 * XACML context Response includes the xacml context Result with 059 * the XACML context authorization Decision 060 * 061 * @supported.all.api 062 * 063 */ 064public class XACMLRequestProcessor { 065 066 private XACMLRequestProcessor() { 067 } 068 069 /** 070 * Returns an instance of <code>XACMLRequestProcessor</code> 071 * @exception if can not return an instance of 072 * <code>XACMLRequestProcessor</code> 073 */ 074 public static XACMLRequestProcessor getInstance() throws XACMLException { 075 return new XACMLRequestProcessor(); 076 } 077 078 /** 079 * Processes an XACML context Request and returns an XACML context 080 * Response. 081 * 082 * @param xacmlRequest XACML context Request. This describes the 083 * Resource(s), Subject(s), Action, Environment of the request 084 * and corresponds to XACML context schema element Request. 085 * One would contruct this Request object using XACML client SDK. 086 * 087 * @param pdpEntityId EntityID of PDP 088 * @param pepEntityId EntityID of PEP 089 * @return XACML context Response. This corresponds to 090 * XACML context schema element Response 091 * @exception XACMLException if request could not be processed 092 */ 093 public Response processRequest(Request xacmlRequest, 094 String pdpEntityId, String pepEntityId) 095 throws XACMLException, SAML2Exception { 096 097 if (XACMLSDKUtils.debug.messageEnabled()) { 098 XACMLSDKUtils.debug.message( 099 "XACMLRequestProcessor.processRequest(), entering" 100 + ":pdpEntityId=" + pdpEntityId 101 + ":pepEntityId=" + pepEntityId 102 + ":xacmlRequest=\n" 103 + xacmlRequest.toXMLString(true, true)); 104 } 105 XACMLAuthzDecisionQuery samlpQuery 106 = createXACMLAuthzDecisionQuery(xacmlRequest); 107 108 //set InputContextOnly 109 samlpQuery.setInputContextOnly(true); 110 111 //set ReturnContext 112 samlpQuery.setReturnContext(true); 113 114 if (XACMLSDKUtils.debug.messageEnabled()) { 115 XACMLSDKUtils.debug.message( 116 "XACMLRequestProcessor.processRequest()," 117 + "samlpQuery=\n" + samlpQuery.toXMLString(true, true)); 118 } 119 120 com.sun.identity.saml2.protocol.Response samlpResponse 121 = QueryClient.processXACMLQuery(samlpQuery, 122 pepEntityId, pdpEntityId); 123 124 if (XACMLSDKUtils.debug.messageEnabled()) { 125 XACMLSDKUtils.debug.message( 126 "XACMLRequestProcessor.processRequest()," 127 + ":samlpResponse=\n" 128 + samlpResponse.toXMLString(true, true)); 129 } 130 131 Response xacmlResponse = null; 132 List assertions = samlpResponse.getAssertion(); 133 if (assertions != null) { 134 Assertion assertion = (Assertion)(assertions.get(0)); 135 if (assertion != null) { 136 List statements = assertion.getStatements(); 137 if (statements.size() > 0) { 138 String statementString = (String)(statements.get(0)); 139 if (statementString != null) { 140 XACMLAuthzDecisionStatement statement = 141 ContextFactory.getInstance() 142 .createXACMLAuthzDecisionStatement(statementString); 143 if (XACMLSDKUtils.debug.messageEnabled()) { 144 XACMLSDKUtils.debug.message( 145 "XACMLRequestProcessor.processRequest()," 146 + ":xacmlAuthzDecisionStatement=\n" 147 + statement.toXMLString(true, true)); 148 } 149 if (statement != null) { 150 xacmlResponse = statement.getResponse(); 151 if (xacmlResponse != null) { 152 if (XACMLSDKUtils.debug.messageEnabled()) { 153 XACMLSDKUtils.debug.message( 154 "XACMLRequestProcessor.processRequest()" + 155 ",returning :xacmlResponse=\n" + 156 xacmlResponse.toXMLString(true, true)); 157 } 158 return xacmlResponse; 159 } 160 } 161 } 162 } 163 } 164 } 165 return null; 166 } 167 168 //TODO: clean up and fix 169 private XACMLAuthzDecisionQuery createXACMLAuthzDecisionQuery( 170 Request xacmlRequest) 171 throws XACMLException, SAML2Exception { 172 XACMLAuthzDecisionQuery query 173 = ContextFactory.getInstance().createXACMLAuthzDecisionQuery(); 174 query.setID("query-1"); 175 query.setVersion("2.0"); 176 query.setIssueInstant(new Date()); 177 query.setDestination("destination-uri"); 178 query.setConsent("consent-uri"); 179 180 Issuer issuer = AssertionFactory.getInstance().createIssuer(); 181 issuer.setValue("issuer-1"); 182 issuer.setNameQualifier("name-qualifier"); 183 //issuer.setSPProvidedID("sp-provided-id"); 184 issuer.setSPNameQualifier("sp-name-qualifier"); 185 issuer.setSPNameQualifier("sp-name-qualifier"); 186 issuer.setFormat("format"); 187 query.setIssuer(issuer); 188 189 query.setRequest(xacmlRequest); 190 191 return query; 192 } 193}
Copyright © 2010-2017, ForgeRock All Rights Reserved.