protected RequestType createRedactXACMLRequest( String subject, AuthorizationInfo info, CollectionPermission permission) { logger.debug( "Creating XACML request for subject: {} and metacard permissions {}", subject, permission); RequestType xacmlRequestType = new RequestType(); xacmlRequestType.setCombinedDecision(false); xacmlRequestType.setReturnPolicyIdList(false); // Adding filter action AttributesType actionAttributes = new AttributesType(); actionAttributes.setCategory(XACMLConstants.ACTION_CATEGORY); AttributeType actionAttribute = new AttributeType(); actionAttribute.setAttributeId(XACMLConstants.ACTION_ID); actionAttribute.setIncludeInResult(false); AttributeValueType actionValue = new AttributeValueType(); actionValue.setDataType(XACMLConstants.STRING_DATA_TYPE); logger.trace("Adding action: {} for subject: {}", XACMLConstants.FILTER_ACTION, subject); actionValue.getContent().add(XACMLConstants.FILTER_ACTION); actionAttribute.getAttributeValue().add(actionValue); actionAttributes.getAttribute().add(actionAttribute); xacmlRequestType.getAttributes().add(actionAttributes); // Adding permissions for the calling subject AttributesType subjectAttributes = createSubjectAttributes(subject, info); xacmlRequestType.getAttributes().add(subjectAttributes); // Adding permissions for the resource AttributesType metadataAttributes = new AttributesType(); metadataAttributes.setCategory(XACMLConstants.RESOURCE_CATEGORY); if (permission instanceof KeyValueCollectionPermission) { List<KeyValuePermission> tmpList = ((KeyValueCollectionPermission) permission).getKeyValuePermissionList(); for (KeyValuePermission curPermission : tmpList) { for (String curPermValue : ((KeyValuePermission) curPermission).getValues()) { AttributeType resourceAttribute = new AttributeType(); AttributeValueType resourceAttributeValue = new AttributeValueType(); resourceAttribute.setAttributeId(((KeyValuePermission) curPermission).getKey()); resourceAttribute.setIncludeInResult(false); resourceAttributeValue.setDataType(XACMLConstants.STRING_DATA_TYPE); logger.trace( "Adding permission: {}:{} for incoming resource", new Object[] {((KeyValuePermission) curPermission).getKey(), curPermValue}); resourceAttributeValue.getContent().add(curPermValue); resourceAttribute.getAttributeValue().add(resourceAttributeValue); metadataAttributes.getAttribute().add(resourceAttribute); } } xacmlRequestType.getAttributes().add(metadataAttributes); } else { logger.warn( "Permission on the resource need to be of type KeyValueCollectionPermission, cannot process this resource."); } return xacmlRequestType; }
protected RequestType createActionXACMLRequest( String subject, AuthorizationInfo info, String action) { logger.debug("Creating XACML request for subject: {} with action: {}", subject, action); RequestType xacmlRequestType = new RequestType(); xacmlRequestType.setCombinedDecision(false); xacmlRequestType.setReturnPolicyIdList(false); AttributesType actionAttributes = new AttributesType(); actionAttributes.setCategory(XACMLConstants.ACTION_CATEGORY); AttributeType actionAttribute = new AttributeType(); actionAttribute.setAttributeId(XACMLConstants.ACTION_ID); actionAttribute.setIncludeInResult(false); AttributeValueType actionValue = new AttributeValueType(); actionValue.setDataType(XACMLConstants.STRING_DATA_TYPE); logger.trace("Adding action: {} for subject: {}", action, subject); actionValue.getContent().add(action); actionAttribute.getAttributeValue().add(actionValue); actionAttributes.getAttribute().add(actionAttribute); xacmlRequestType.getAttributes().add(actionAttributes); // Adding permissions for the calling subject AttributesType subjectAttributes = createSubjectAttributes(subject, info); xacmlRequestType.getAttributes().add(subjectAttributes); logger.debug( "Successfully created XACML request for subject: {} with action: {}", subject, action); return xacmlRequestType; }
private AttributesType createSubjectAttributes(String subject, AuthorizationInfo info) { AttributesType subjectAttributes = new AttributesType(); subjectAttributes.setCategory(XACMLConstants.ACCESS_SUBJECT_CATEGORY); AttributeType subjectAttribute = new AttributeType(); subjectAttribute.setAttributeId(XACMLConstants.SUBJECT_ID); subjectAttribute.setIncludeInResult(false); AttributeValueType subjectValue = new AttributeValueType(); subjectValue.setDataType(XACMLConstants.STRING_DATA_TYPE); logger.debug("Adding subject: {}", subject); subjectValue.getContent().add(subject); subjectAttribute.getAttributeValue().add(subjectValue); subjectAttributes.getAttribute().add(subjectAttribute); for (String curRole : info.getRoles()) { AttributeType roleAttribute = new AttributeType(); roleAttribute.setAttributeId(XACMLConstants.ROLE_CLAIM); roleAttribute.setIncludeInResult(false); AttributeValueType roleValue = new AttributeValueType(); roleValue.setDataType(XACMLConstants.STRING_DATA_TYPE); logger.trace("Adding role: {} for subject: {}", curRole, subject); roleValue.getContent().add(curRole); roleAttribute.getAttributeValue().add(roleValue); subjectAttributes.getAttribute().add(roleAttribute); } for (Permission curPermission : info.getObjectPermissions()) { if (curPermission instanceof KeyValuePermission) { for (String curPermValue : ((KeyValuePermission) curPermission).getValues()) { AttributeType subjAttr = new AttributeType(); AttributeValueType subjAttrValue = new AttributeValueType(); subjAttr.setAttributeId(((KeyValuePermission) curPermission).getKey()); subjAttr.setIncludeInResult(false); subjAttrValue.setDataType(XACMLConstants.STRING_DATA_TYPE); logger.trace( "Adding permission: {}:{} for subject: {}", new Object[] {((KeyValuePermission) curPermission).getKey(), curPermValue, subject}); subjAttrValue.getContent().add(curPermValue); subjAttr.getAttributeValue().add(subjAttrValue); subjectAttributes.getAttribute().add(subjAttr); } } else { logger.warn( "Permissions for subject were not of type KeyValuePermission, cannot add any subject permissions to the request."); } } return subjectAttributes; }