001/**
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: AuthorizationDecisionQuery.java,v 1.2 2008/06/25 05:47:36 qcheng Exp $
026 *
027 */
028
029
030
031package com.sun.identity.saml.protocol;
032
033import com.sun.identity.saml.assertion.Action;
034import com.sun.identity.saml.assertion.Evidence;
035import com.sun.identity.saml.assertion.Subject;
036
037import com.sun.identity.saml.common.SAMLConstants;
038import com.sun.identity.saml.common.SAMLException;
039import com.sun.identity.saml.common.SAMLRequesterException;
040import com.sun.identity.saml.common.SAMLUtils;
041
042import java.util.ArrayList;
043import java.util.Collections;
044import java.util.Iterator;
045import java.util.List;
046
047import org.w3c.dom.Element;
048import org.w3c.dom.Node;
049import org.w3c.dom.NodeList;
050
051/**
052 * This concrete class extends from the abstract base class
053 * <code>SubjectQuery</code>.
054 * It represents the query for an authorization decision assertion. It 
055 * corresponds to the <code>&lt;samlp:AuthorizationDecisionQueryType&gt;</code>
056 * in the SAML protocol schema.
057 *
058 * @supported.all.api
059 */
060public class AuthorizationDecisionQuery extends SubjectQuery {
061
062    protected String resource = null;
063    protected List actions = Collections.EMPTY_LIST;
064    protected Evidence evidence = null;
065
066    /**
067     * Default Constructor
068    */
069    protected AuthorizationDecisionQuery() {
070    }
071
072    /**
073     * This constructor is used to build an Authorization Decision Query from
074     * a DOM tree that was built from the XML string.
075     *
076     * @param element the DOM tree element which contains an Authorization
077     *          Decision Query.
078     * @exception SAMLException when an error occurs.
079     */
080    public AuthorizationDecisionQuery(Element element) 
081                                        throws SAMLException {
082        // make sure the input is not null
083        if (element == null) {
084            SAMLUtils.debug.message("AuthorizationDecisionQuery: null input.");
085            throw new SAMLRequesterException(
086                        SAMLUtils.bundle.getString("nullInput"));
087        }
088
089        // make sure it's an AuthorizationDecisionQuery
090        boolean valid = SAMLUtils.checkQuery(element,
091                                        "AuthorizationDecisionQuery");
092        if (!valid) {
093            SAMLUtils.debug.message("AuthorizationDecisionQuery: wrong inout.");
094            throw new SAMLRequesterException(
095                SAMLUtils.bundle.getString("wrongInput"));
096        }
097
098        // getting the resource
099        resource = element.getAttribute("Resource");
100        if ((resource == null) || (resource.length() == 0)) {
101            if (SAMLUtils.debug.messageEnabled()) {
102                SAMLUtils.debug.message("AuthorizationDecisionQuery: "
103                        + "Missing attribute Resource.");
104            }
105            throw new SAMLRequesterException(
106                        SAMLUtils.bundle.getString("missingAttribute"));
107        }
108
109        // TODO not checking the sequence.
110
111        NodeList nl = element.getChildNodes();
112        Node child;
113        String childName;
114        int length = nl.getLength();
115        // loop through all the children including TEXT and COMMENT
116        for (int k = 0; k < length; k++) {
117            child = nl.item(k);
118            if ((childName = child.getLocalName()) != null) {
119                if (childName.equals("Subject")) {
120                    if (subject != null) {
121                        if (SAMLUtils.debug.messageEnabled()) {
122                            SAMLUtils.debug.message("AuthorizationDecisionQuery"
123                                + ": contained more than one <Subject>");
124                        }
125                        throw new SAMLRequesterException(
126                            SAMLUtils.bundle.getString("moreElement"));
127                    }
128                    subject = new Subject((Element) child);
129                } else if (childName.equals("Action")) {
130                    if (actions == Collections.EMPTY_LIST) {
131                        actions = new ArrayList();
132                    }
133                    actions.add(new Action((Element) child));
134                } else if (childName.equals("Evidence")) {
135                    if (evidence != null) {
136                        if (SAMLUtils.debug.messageEnabled()) {
137                            SAMLUtils.debug.message("AuthorizationDecisionQuery"
138                                + ": contained more than one <Evidence>");
139                        }
140                        throw new SAMLRequesterException(
141                            SAMLUtils.bundle.getString("moreElement"));
142                    }
143                    evidence = new Evidence((Element) child);
144                } else {
145                    if (SAMLUtils.debug.messageEnabled()) {
146                        SAMLUtils.debug.message("AuthorizationDecisionQuery: "
147                                + "included wrong element:" + childName);
148                    }
149                    throw new SAMLRequesterException(
150                        SAMLUtils.bundle.getString("wrongInput"));
151                }
152            } // end childName != null
153        } // end for loop
154
155        // make sure there is one Subject
156        if (subject == null) {
157            if (SAMLUtils.debug.messageEnabled()) {
158                SAMLUtils.debug.message("AuthorizationDecisionQuery: missing "
159                        + "<Subject>");
160            }
161            throw new SAMLRequesterException(
162                SAMLUtils.bundle.getString("missingElement"));
163        }
164
165        // make sure there is at least one Action
166        if (actions == Collections.EMPTY_LIST) {
167            if (SAMLUtils.debug.messageEnabled()) {
168                SAMLUtils.debug.message("AuthorizationDecisionQuery: missing"
169                    + " <Action>");
170            }
171            throw new SAMLRequesterException(
172                SAMLUtils.bundle.getString("missingElement"));
173        }
174    }
175 
176    private void buildAuthZQuery(Subject theSubject,
177                                List theActions,
178                                Evidence theEvidence,
179                                String theResource)
180                                throws SAMLException {
181        if (theSubject == null) {
182            if (SAMLUtils.debug.messageEnabled()) {
183                SAMLUtils.debug.message("AuthorizationDecisionQuery: "
184                        + "input <Subject> is null.");
185            }
186            throw new SAMLRequesterException(
187                        SAMLUtils.bundle.getString("nullInput"));
188        }
189        this.subject = theSubject;
190
191        int length;
192        Object temp = null;
193        if ((theActions != null) &&
194            ((length = theActions.size()) != 0)) {
195            for (int i = 0; i < length; i++) {
196                temp = theActions.get(i);
197                if (!(temp instanceof Action)) {
198                    if (SAMLUtils.debug.messageEnabled()) {
199                        SAMLUtils.debug.message("AuthorizationDecisionQuery: "
200                            + "Wrong input for Action.");
201                    }
202                    throw new SAMLRequesterException(
203                        SAMLUtils.bundle.getString("wrongInput"));
204                }
205            }
206            this.actions = theActions;
207        }
208        if (actions == Collections.EMPTY_LIST) {
209            if (SAMLUtils.debug.messageEnabled()) {
210                SAMLUtils.debug.message("AuthorizationDecisionQuery: "
211                        + "missing <Action> in input.");
212            }
213            throw new SAMLRequesterException(
214                        SAMLUtils.bundle.getString("missingElement"));
215        }
216
217        evidence = theEvidence;
218
219        if ((theResource == null) || (theResource.length() == 0)) {
220            if (SAMLUtils.debug.messageEnabled()) {
221                SAMLUtils.debug.message("AuthorizationDecisionQuery: "
222                        + "Missing attribute Resource.");
223            }
224            throw new SAMLRequesterException(
225                        SAMLUtils.bundle.getString("missingAttribute"));
226        }
227        this.resource = theResource;
228    }
229
230    /** 
231     * Constructor
232     *
233     * @param theSubject The subject of the query.
234     * @param theActions The List of Actions of the query.
235     * @param theEvidence The evidence of the query. It could be null when
236     *          there is no Evidence in the query.
237     * @param theResource A string representing the resource of the query.
238     * @exception SAMLException when an error occurs.
239     */
240    public AuthorizationDecisionQuery(Subject theSubject,
241                                List theActions,
242                                Evidence theEvidence,
243                                String theResource) 
244                                throws SAMLException
245    {
246        buildAuthZQuery(theSubject, theActions, theEvidence, theResource);
247    }
248   
249    /**
250     * Constructor
251     *
252     * @param theSubject The subject of the query.
253     * @param theActions The List of Actions of the query.
254     * @param theResource A string representing the resource of the query.
255     * @exception SAMLException when an error occurs.
256     */       
257    public AuthorizationDecisionQuery(Subject theSubject,
258                                List theActions,
259                                String theResource) 
260                                throws SAMLException {
261        buildAuthZQuery(theSubject, theActions, null, theResource);
262    }
263
264    /**
265     * Returns the List of Actions.
266     * @return The Actions included in the query.
267     */
268    public List  getAction() {
269        return actions;
270    }
271  
272    /** 
273     * Returns the <code>Evidence</code>
274     *
275     * @return the Evidence in the query. A null is returned 
276     *         if there is no Evidence in the query.
277     */                   
278    public Evidence  getEvidence() {
279        return evidence;
280    }
281
282    /**
283     * Accessor for the Resource
284     *
285     * @return A string representing the resource.
286     */
287    public String getResource() {
288        return resource;
289    }
290
291    /**
292     * Returns the type of the query.
293     *
294     * @return an integer which is Query.AUTHORIZATION_DECISION_QUERY.
295     */
296    public int getQueryType() {
297        return Query.AUTHORIZATION_DECISION_QUERY;
298    }
299
300    /**
301     * This method translates the <code>AuthorizationDecisionQuery</code> to an
302     * XML document String based on the <code>AuthorizationDecisionQuery</code>
303     * schema.
304     *
305     * @return An XML String representing the
306     *         <code>AuthorizationDecisionQuery</code>.
307     */
308    public String toString() {
309        return this.toString(true, false);
310    }
311
312    /**
313     * Create a String representation of the
314     * <code>samlp:AuthorizationDecisionQuery</code> element.
315     *
316     * @param includeNS Determines whether or not the namespace qualifier
317     *        is prepended to the Element when converted
318     * @param declareNS Determines whether or not the namespace is declared
319     *        within the Element.
320     * @return A string containing the valid XML for this element
321     */
322    public String toString(boolean includeNS, boolean declareNS) {
323        StringBuffer xml = new StringBuffer(200);
324        String prefix = "";
325        String uri = "";
326        if (includeNS) {
327            prefix = SAMLConstants.PROTOCOL_PREFIX;
328        }
329        if (declareNS) {
330            uri = SAMLConstants.PROTOCOL_NAMESPACE_STRING;
331        }
332        xml.append("<").append(prefix).append("AuthorizationDecisionQuery").
333                append(uri).append(" Resource=\"").append(resource).
334                append("\">\n").
335                append(subject.toString(true, true));
336
337        Iterator iterator = actions.iterator();
338        while (iterator.hasNext()) {
339            xml.append(((Action) iterator.next()).toString(true, true));
340        }
341
342        if (evidence != null) {
343            xml.append(evidence.toString(true, true));
344        }
345        xml.append("</").append(prefix).append("AuthorizationDecisionQuery>\n");
346        return xml.toString();
347    }
348}




























































Copyright © 2010-2017, ForgeRock All Rights Reserved.