protected RequestType createActionXACMLRequest( String subject, AuthorizationInfo info, String action) { logger.debug("Creating XACML request for subject: {} with action: {}", subject, action); RequestType xacmlRequestType = new RequestType(); xacmlRequestType.setCombinedDecision(false); xacmlRequestType.setReturnPolicyIdList(false); AttributesType actionAttributes = new AttributesType(); actionAttributes.setCategory(XACMLConstants.ACTION_CATEGORY); AttributeType actionAttribute = new AttributeType(); actionAttribute.setAttributeId(XACMLConstants.ACTION_ID); actionAttribute.setIncludeInResult(false); AttributeValueType actionValue = new AttributeValueType(); actionValue.setDataType(XACMLConstants.STRING_DATA_TYPE); logger.trace("Adding action: {} for subject: {}", action, subject); actionValue.getContent().add(action); actionAttribute.getAttributeValue().add(actionValue); actionAttributes.getAttribute().add(actionAttribute); xacmlRequestType.getAttributes().add(actionAttributes); // Adding permissions for the calling subject AttributesType subjectAttributes = createSubjectAttributes(subject, info); xacmlRequestType.getAttributes().add(subjectAttributes); logger.debug( "Successfully created XACML request for subject: {} with action: {}", subject, action); return xacmlRequestType; }
protected RequestType createRedactXACMLRequest( String subject, AuthorizationInfo info, CollectionPermission permission) { logger.debug( "Creating XACML request for subject: {} and metacard permissions {}", subject, permission); RequestType xacmlRequestType = new RequestType(); xacmlRequestType.setCombinedDecision(false); xacmlRequestType.setReturnPolicyIdList(false); // Adding filter action AttributesType actionAttributes = new AttributesType(); actionAttributes.setCategory(XACMLConstants.ACTION_CATEGORY); AttributeType actionAttribute = new AttributeType(); actionAttribute.setAttributeId(XACMLConstants.ACTION_ID); actionAttribute.setIncludeInResult(false); AttributeValueType actionValue = new AttributeValueType(); actionValue.setDataType(XACMLConstants.STRING_DATA_TYPE); logger.trace("Adding action: {} for subject: {}", XACMLConstants.FILTER_ACTION, subject); actionValue.getContent().add(XACMLConstants.FILTER_ACTION); actionAttribute.getAttributeValue().add(actionValue); actionAttributes.getAttribute().add(actionAttribute); xacmlRequestType.getAttributes().add(actionAttributes); // Adding permissions for the calling subject AttributesType subjectAttributes = createSubjectAttributes(subject, info); xacmlRequestType.getAttributes().add(subjectAttributes); // Adding permissions for the resource AttributesType metadataAttributes = new AttributesType(); metadataAttributes.setCategory(XACMLConstants.RESOURCE_CATEGORY); if (permission instanceof KeyValueCollectionPermission) { List<KeyValuePermission> tmpList = ((KeyValueCollectionPermission) permission).getKeyValuePermissionList(); for (KeyValuePermission curPermission : tmpList) { for (String curPermValue : ((KeyValuePermission) curPermission).getValues()) { AttributeType resourceAttribute = new AttributeType(); AttributeValueType resourceAttributeValue = new AttributeValueType(); resourceAttribute.setAttributeId(((KeyValuePermission) curPermission).getKey()); resourceAttribute.setIncludeInResult(false); resourceAttributeValue.setDataType(XACMLConstants.STRING_DATA_TYPE); logger.trace( "Adding permission: {}:{} for incoming resource", new Object[] {((KeyValuePermission) curPermission).getKey(), curPermValue}); resourceAttributeValue.getContent().add(curPermValue); resourceAttribute.getAttributeValue().add(resourceAttributeValue); metadataAttributes.getAttribute().add(resourceAttribute); } } xacmlRequestType.getAttributes().add(metadataAttributes); } else { logger.warn( "Permission on the resource need to be of type KeyValueCollectionPermission, cannot process this resource."); } return xacmlRequestType; }