@Override
public String getDecision(Attribute[] attributes, String appId) throws Exception {
String xacmlRequest = XACMLRequetBuilder.buildXACML3Request(attributes);
EntitlementThriftClient.Client client = getThriftClient();
Authenticator authenticator = getAuthenticator(serverUrl, userName, password);
return getDecision(xacmlRequest, client, authenticator);
}
@Override
public boolean subjectCanActOnResource(
String subjectType,
String alias,
String actionId,
String resourceId,
Attribute[] attributes,
String domainId,
String appId)
throws Exception {
Attribute[] attrs = new Attribute[attributes.length + 4];
attrs[0] =
new Attribute(
URN_OASIS_NAMES_TC_XACML_1_0_SUBJECT_CATEGORY_ACCESS_SUBJECT,
subjectType,
ProxyConstants.DEFAULT_DATA_TYPE,
alias);
for (int i = 0; i < attributes.length; i++) {
attrs[i + 1] =
new Attribute(
URN_OASIS_NAMES_TC_XACML_1_0_SUBJECT_CATEGORY_ACCESS_SUBJECT,
attributes[i].getType(),
attributes[i].getId(),
attributes[i].getValue());
}
attrs[attrs.length - 3] =
new Attribute(
URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_ACTION,
URN_OASIS_NAMES_TC_XACML_1_0_ACTION_ACTION_ID,
ProxyConstants.DEFAULT_DATA_TYPE,
actionId);
attrs[attrs.length - 2] =
new Attribute(
URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_RESOURCE,
URN_OASIS_NAMES_TC_XACML_1_0_RESOURCE_RESOURCE_ID,
ProxyConstants.DEFAULT_DATA_TYPE,
resourceId);
attrs[attrs.length - 1] =
new Attribute(
URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_ENVIRONMENT,
URN_OASIS_NAMES_TC_XACML_1_0_ENVIRONMENT_ENVIRONMENT_ID,
ProxyConstants.DEFAULT_DATA_TYPE,
domainId);
String xacmlRequest = XACMLRequetBuilder.buildXACML3Request(attrs);
EntitlementThriftClient.Client client = getThriftClient();
Authenticator authenticator = getAuthenticator(serverUrl, userName, password);
return (getDecision(xacmlRequest, client, authenticator)).contains("Permit");
}
@Override
public boolean subjectCanActOnResource(
String subjectType,
String alias,
String actionId,
String resourceId,
String domainId,
String appId)
throws Exception {
Attribute subjectAttribute =
new Attribute(
URN_OASIS_NAMES_TC_XACML_1_0_SUBJECT_CATEGORY_ACCESS_SUBJECT,
subjectType,
ProxyConstants.DEFAULT_DATA_TYPE,
alias);
Attribute actionAttribute =
new Attribute(
URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_ACTION,
URN_OASIS_NAMES_TC_XACML_1_0_ACTION_ACTION_ID,
ProxyConstants.DEFAULT_DATA_TYPE,
actionId);
Attribute resourceAttribute =
new Attribute(
URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_RESOURCE,
URN_OASIS_NAMES_TC_XACML_1_0_RESOURCE_RESOURCE_ID,
ProxyConstants.DEFAULT_DATA_TYPE,
resourceId);
Attribute environmentAttribute =
new Attribute(
URN_OASIS_NAMES_TC_XACML_3_0_ATTRIBUTE_CATEGORY_ENVIRONMENT,
URN_OASIS_NAMES_TC_XACML_1_0_ENVIRONMENT_ENVIRONMENT_ID,
ProxyConstants.DEFAULT_DATA_TYPE,
domainId);
Attribute[] tempArr = {
subjectAttribute, actionAttribute, resourceAttribute, environmentAttribute
};
String xacmlRequest = XACMLRequetBuilder.buildXACML3Request(tempArr);
EntitlementThriftClient.Client client = getThriftClient();
Authenticator authenticator = getAuthenticator(serverUrl, userName, password);
return (getDecision(xacmlRequest, client, authenticator)).contains("Permit");
}