001/** 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: XACMLQueryUtil.java,v 1.1 2009/09/22 22:50:14 madan_ranganath Exp $ 026 * 027 */ 028 029/* 030 * Portions copyright 2013 ForgeRock, Inc. 031 */ 032 033package com.sun.identity.saml2.profile; 034 035import java.net.URI; 036import java.net.URISyntaxException; 037import java.util.ArrayList; 038import java.util.List; 039import javax.servlet.http.HttpServletRequest; 040 041import com.sun.identity.plugin.session.SessionException; 042import com.sun.identity.plugin.session.SessionManager; 043import com.sun.identity.plugin.session.SessionProvider; 044import com.sun.identity.saml2.common.SAML2Exception; 045import com.sun.identity.saml2.common.SAML2Utils; 046import com.sun.identity.xacml.client.XACMLRequestProcessor; 047import com.sun.identity.xacml.common.XACMLConstants; 048import com.sun.identity.xacml.common.XACMLException; 049import com.sun.identity.xacml.context.Action; 050import com.sun.identity.xacml.context.Attribute; 051import com.sun.identity.xacml.context.ContextFactory; 052import com.sun.identity.xacml.context.Decision; 053import com.sun.identity.xacml.context.Environment; 054import com.sun.identity.xacml.context.Request; 055import com.sun.identity.xacml.context.Resource; 056import com.sun.identity.xacml.context.Response; 057import com.sun.identity.xacml.context.Result; 058import com.sun.identity.xacml.context.Subject; 059 060/** 061 * This class provides methods to send or process <code>AttributeQuery</code>. 062 * 063 * @supported.api 064 */ 065 066public class XACMLQueryUtil { 067 068 static SessionProvider sessionProvider = null; 069 070 static { 071 try { 072 sessionProvider = SessionManager.getProvider(); 073 } catch (SessionException se) { 074 SAML2Utils.debug.error("Error retrieving session provider.", se); 075 } 076 } 077 078 private XACMLQueryUtil() { 079 } 080 081 /** 082 * Sends the XACML query to specifiied PDP, gets the policy decision 083 * and sends it back to the Fedlet 084 * 085 * @param request HTTP Servlet Request 086 * @param pepEntityID PEP entity ID 087 * @param pdpEntityID PDP entity ID 088 * @param nameIDValue NameID value 089 * @param serviceName Service Name 090 * @param resource Resource URL 091 * @param action Action 092 * 093 * @return the <code>String</code> object 094 * @exception SAML2Exception if the operation is not successful 095 * 096 * @supported.api 097 */ 098 099 public static String getPolicyDecisionForFedlet(HttpServletRequest request, 100 String pepEntityID, 101 String pdpEntityID, 102 String nameIDValue, 103 String serviceName, 104 String resource, 105 String action) 106 throws SAML2Exception { 107 Request Xrequest = ContextFactory.getInstance().createRequest(); 108 Response xacmlResponse=null; 109 110 try { 111 //Subject 112 Subject subject = ContextFactory.getInstance().createSubject(); 113 subject.setSubjectCategory(new URI(XACMLConstants.ACCESS_SUBJECT)); 114 115 //set subject id 116 Attribute attribute = ContextFactory.getInstance().createAttribute(); 117 attribute.setAttributeId(new URI(XACMLConstants.SUBJECT_ID)); 118 attribute.setDataType(new URI(XACMLConstants.SAML2_NAMEID)); 119 List valueList = new ArrayList(); 120 valueList.add(nameIDValue); 121 attribute.setAttributeStringValues(valueList); 122 List attributeList = new ArrayList(); 123 attributeList.add(attribute); 124 subject.setAttributes(attributeList); 125 126 // Set Subject in Request 127 List subjectList = new ArrayList(); 128 subjectList.add(subject); 129 Xrequest.setSubjects(subjectList); 130 131 // Resource 132 Resource xacml_resource = 133 ContextFactory.getInstance().createResource(); 134 135 // Set resource id 136 attribute = ContextFactory.getInstance().createAttribute(); 137 attribute.setAttributeId(new URI(XACMLConstants.RESOURCE_ID)); 138 attribute.setDataType( new URI(XACMLConstants.XS_STRING)); 139 valueList = new ArrayList(); 140 valueList.add(resource); 141 attribute.setAttributeStringValues(valueList); 142 attributeList = new ArrayList(); 143 attributeList.add(attribute); 144 145 // Set serviceName 146 attribute = ContextFactory.getInstance().createAttribute(); 147 attribute.setAttributeId(new URI(XACMLConstants.TARGET_SERVICE)); 148 attribute.setDataType(new URI(XACMLConstants.XS_STRING)); 149 valueList = new ArrayList(); 150 valueList.add(serviceName); 151 attribute.setAttributeStringValues(valueList); 152 attributeList.add(attribute); 153 xacml_resource.setAttributes(attributeList); 154 155 // Set Resource in Request 156 List resourceList = new ArrayList(); 157 resourceList.add(xacml_resource); 158 Xrequest.setResources(resourceList); 159 160 // Action 161 Action xacml_action = ContextFactory.getInstance().createAction(); 162 attribute = ContextFactory.getInstance().createAttribute(); 163 attribute.setAttributeId(new URI(XACMLConstants.ACTION_ID)); 164 attribute.setDataType(new URI(XACMLConstants.XS_STRING)); 165 166 // Set actionID 167 valueList = new ArrayList(); 168 valueList.add(action); 169 attribute.setAttributeStringValues(valueList); 170 attributeList = new ArrayList(); 171 attributeList.add(attribute); 172 xacml_action.setAttributes(attributeList); 173 174 // Set Action in Request 175 Xrequest.setAction(xacml_action); 176 177 Environment environment = 178 ContextFactory.getInstance().createEnvironment(); 179 Xrequest.setEnvironment(environment); 180 181 xacmlResponse = 182 XACMLRequestProcessor.getInstance().processRequest( 183 Xrequest, pdpEntityID, pepEntityID); 184 if (xacmlResponse != null) { 185 List results = xacmlResponse.getResults(); 186 if (results.size() > 0) { 187 Result policy_result = (Result)results.get(0); 188 if (policy_result != null) { 189 Decision decision = 190 (Decision)policy_result.getDecision(); 191 if (decision != null) { 192 String policy_decision = decision.getValue(); 193 if (policy_decision != null) { 194 return policy_decision; 195 } 196 } 197 } 198 } 199 } 200 } catch (URISyntaxException uriexp){ 201 if (SAML2Utils.debug.messageEnabled()) { 202 SAML2Utils.debug.message("XACMLQueryUtil." + 203 "getPolicyDecisionForFedlet: " + 204 "URI Exception while sending the XACML Request"); 205 } 206 } catch (XACMLException xacmlexp){ 207 if (SAML2Utils.debug.messageEnabled()) { 208 SAML2Utils.debug.message("XACMLQueryUtil." + 209 "getPolicyDecisionForFedlet: " + 210 "Error while processing the XACML Response"); 211 } 212 } 213 return null; 214 } 215} 216 217