Esempio n. 1
0
  public static void addSamplePolicies(Registry registry) {

    File policyFolder =
        new File(
            CarbonUtils.getCarbonHome()
                + File.separator
                + "repository"
                + File.separator
                + "resources"
                + File.separator
                + "security"
                + File.separator
                + "policies"
                + File.separator
                + "xacml"
                + File.separator
                + "default");

    if (policyFolder.exists()) {
      for (File policyFile : policyFolder.listFiles()) {
        if (policyFile.isFile()) {
          PolicyDTO policyDTO = new PolicyDTO();
          try {
            policyDTO.setPolicy(FileUtils.readFileToString(policyFile));
            EntitlementUtil.addFilesystemPolicy(policyDTO, registry, false);
          } catch (Exception e) {
            // log and ignore
            log.error("Error while adding sample XACML policies", e);
          }
        }
      }
    }
  }
 @Override
 public boolean overrideDefaultCache() {
   Properties properties =
       EntitlementServiceComponent.getEntitlementConfig().getEngineProperties();
   if ("true".equals(properties.getProperty(PDPConstants.RESOURCE_CACHING))) {
     abstractResourceCache =
         EntitlementUtil.getCommonCache(PDPConstants.PIP_ABSTRACT_RESOURCE_CACHE);
     isAbstractResourceCacheEnabled = true;
     return true;
   } else {
     return false;
   }
 }
  /*
   * (non-Javadoc)
   *
   * @see org.wso2.balana.finder.AttributeFinderModule#findAttribute(java.net.URI, java.net.URI,
   * java.net.URI, java.net.URI, org.wso2.balana.EvaluationCtx, int)
   */
  public EvaluationResult findAttribute(
      URI attributeType, URI attributeId, String issuer, URI category, EvaluationCtx context) {

    List<AttributeValue> attrBag = new ArrayList<AttributeValue>();
    // Get the list of attribute finders who are registered with this particular attribute.
    List<PIPAttributeFinder> finders = attrFinders.get(attributeId.toString());

    if (finders == null || finders.size() == 0) {
      //          there is a API for refresh attribute finder so remove this
      //			try {
      //				refreshAttributeFindersForNewAttributeId();
      //			} catch (Exception e) {
      //				log.warn("Error while refreshing attribute finders");
      //			}
      finders = attrFinders.get(attributeId.toString());
      if (finders == null || finders.size() == 0) {
        log.info("No attribute designators defined for the attribute " + attributeId.toString());
        return new EvaluationResult(BagAttribute.createEmptyBag(attributeType));
      }
    }

    try {

      for (Iterator iterator = finders.iterator(); iterator.hasNext(); ) {
        PIPAttributeFinder pipAttributeFinder = (PIPAttributeFinder) iterator.next();
        if (log.isDebugEnabled()) {
          log.debug(
              String.format(
                  "Finding attributes with the PIP attribute handler %1$s",
                  pipAttributeFinder.getClass()));
        }

        Set<String> attrs = null;
        String key = null;

        if (attributeFinderCache != null && !pipAttributeFinder.overrideDefaultCache()) {

          key =
              attributeType.toString()
                  + attributeId.toString()
                  + category.toString()
                  + encodeContext(context);

          if (issuer != null) {
            key += issuer;
          }

          if (key != null) {
            attrs = attributeFinderCache.getFromCache(tenantId, key);
          }
        }

        if (attrs == null) {
          if (log.isDebugEnabled()) {
            log.debug("Carbon Attribute Cache Miss");
          }
          attrs =
              pipAttributeFinder.getAttributeValues(
                  attributeType, attributeId, category, issuer, context);
          if (attributeFinderCache != null
              && key != null
              && !pipAttributeFinder.overrideDefaultCache()) {
            attributeFinderCache.addToCache(tenantId, key, attrs);
          }
        } else {
          if (log.isDebugEnabled()) {
            log.debug("Carbon Attribute Cache Hit");
          }
        }

        if (attrs != null) {
          for (Iterator iterAttr = attrs.iterator(); iterAttr.hasNext(); ) {
            final String attr = (String) iterAttr.next();
            AttributeValue attribute =
                EntitlementUtil.getAttributeValue(attr, attributeType.toString());
            attrBag.add(attribute);
          }
        }
      }
    } catch (ParsingException e) {
      log.error("Error while parsing attribute values from EvaluationCtx : " + e);
      ArrayList<String> code = new ArrayList<String>();
      code.add(Status.STATUS_MISSING_ATTRIBUTE);
      Status status =
          new Status(
              code, "Error while parsing attribute values from EvaluationCtx : " + e.getMessage());
      return new EvaluationResult(status);
    } catch (ParseException e) {
      e.printStackTrace();
      log.error("Error while parsing attribute values from EvaluationCtx : " + e);
      ArrayList<String> code = new ArrayList<String>();
      code.add(Status.STATUS_MISSING_ATTRIBUTE);
      Status status =
          new Status(
              code, "Error while parsing attribute values from EvaluationCtx : " + e.getMessage());
      return new EvaluationResult(status);
    } catch (URISyntaxException e) {
      log.error("Error while parsing attribute values from EvaluationCtx : " + e);
      ArrayList<String> code = new ArrayList<String>();
      code.add(Status.STATUS_MISSING_ATTRIBUTE);
      Status status =
          new Status(
              code, "Error while parsing attribute values from EvaluationCtx :" + e.getMessage());
      return new EvaluationResult(status);
    } catch (Exception e) {
      log.error("Error while retrieving attribute values from PIP  attribute finder : " + e);
      ArrayList<String> code = new ArrayList<String>();
      code.add(Status.STATUS_MISSING_ATTRIBUTE);
      Status status =
          new Status(
              code,
              "Error while retrieving attribute values from PIP"
                  + " attribute finder : "
                  + e.getMessage());
      return new EvaluationResult(status);
    }
    return new EvaluationResult(new BagAttribute(attributeType, attrBag));
  }