samlauthorizationdecisionstatement.java

开放源代码的基于SAML的单点登录系统

/* 
 * The OpenSAML License, Version 1. 
 * Copyright (c) 2003
 * University Corporation for Advanced Internet Development, Inc. 
 * All rights reserved
 * 
 * 
 * Redistribution and use in source and binary forms, with or without 
 * modification, are permitted provided that the following conditions are met:
 * 
 * Redistributions of source code must retain the above copyright notice, this 
 * list of conditions and the following disclaimer.
 * 
 * Redistributions in binary form must reproduce the above copyright notice, 
 * this list of conditions and the following disclaimer in the documentation 
 * and/or other materials provided with the distribution, if any, must include 
 * the following acknowledgment: "This product includes software developed by 
 * the University Corporation for Advanced Internet Development 
 * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement 
 * may appear in the software itself, if and wherever such third-party 
 * acknowledgments normally appear.
 * 
 * Neither the name of OpenSAML nor the names of its contributors, nor 
 * Internet2, nor the University Corporation for Advanced Internet Development, 
 * Inc., nor UCAID may be used to endorse or promote products derived from this 
 * software without specific prior written permission. For written permission, 
 * please contact opensaml@opensaml.org
 * 
 * Products derived from this software may not be called OpenSAML, Internet2, 
 * UCAID, or the University Corporation for Advanced Internet Development, nor 
 * may OpenSAML appear in their name, without prior written permission of the 
 * University Corporation for Advanced Internet Development.
 * 
 * 
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
 * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
 * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK 
 * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. 
 * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY 
 * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, 
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

package org.opensaml;

import java.io.InputStream;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;

import org.apache.log4j.NDC;
import org.w3c.dom.*;

/**
 * Represents a SAML authorization decision statement.
 *
 * @author      Helen Rehn, Scott Cantor
 * @created     September 23, 2002
 */

public class SAMLAuthorizationDecisionStatement extends SAMLSubjectStatement implements Cloneable {
    
    protected String resource = null;
    protected String decision = null;
    protected ArrayList actions = new ArrayList();
    protected ArrayList evidence = new ArrayList();
   
    /**
     *  Default constructor
     */
    public SAMLAuthorizationDecisionStatement() {
    }
    
    /**
     *  Builds an AuthorizationDecisionStatement out of its component parts
     *
     * @param  subject     subject of the statement       
     * @param  resource    URI of the resource being accessed at the time of 
     *                           the statement
     * @param  actions     specific actions the decision applies to, must be SAMLAction objects
     * @param  evidence    evidence which may be considered, must be String or SAMLAssertion objects
     * @exception  SAMLException  Raised if an AuthorizationDecisionStatement
     *             cannot be constructed from the supplied information
     */
    public SAMLAuthorizationDecisionStatement(SAMLSubject subject, String resource, String decision,
					                           Collection actions, Collection evidence) throws SAMLException {
        super(subject);
        
        this.resource = resource;
        this.decision = decision;        
        this.actions.addAll(actions);
        if (evidence != null)
            this.evidence.addAll(evidence);
    }
    
    /**
     *  Reconstructs a statement from a DOM tree
     *
     * @param  e                  The root of a DOM tree
     * @exception  SAMLException  Thrown if the object cannot be constructed
     */
    public SAMLAuthorizationDecisionStatement(Element e) throws SAMLException {
        fromDOM(e);
    }

    /**
     *  Reconstructs a statement from a stream
     *
     * @param  in                   A stream containing XML
     * @exception  SAMLException  Raised if an exception occurs while constructing
     *                              the object.
     */
    public SAMLAuthorizationDecisionStatement(InputStream in) throws SAMLException {
        fromDOM(fromStream(in));
    }
    
    /**
     * @see org.opensaml.SAMLObject#fromDOM(org.w3c.dom.Element)
     */
    public void fromDOM(Element e) throws SAMLException {
        super.fromDOM(e);
        
        if (config.getBooleanProperty("org.opensaml.strict-dom-checking") && !XML.isElementNamed(e,XML.SAML_NS,"AuthorizationDecisionStatement"))
        {
            QName q = QName.getQNameAttribute(e, XML.XSI_NS, "type");
            if (!XML.isElementNamed(e,XML.SAML_NS,"Statement") || !XML.isElementNamed(e,XML.SAML_NS,"SubjectStatement") ||
                q == null || !XML.SAML_NS.equals(q.getNamespaceURI()) || !"AuthorizationDecisionStatementType".equals(q.getLocalName()))
                throw new MalformedException(SAMLException.REQUESTER, "SAMLAuthorizationDecisionStatement.fromDOM() requires saml:AuthorizationDecisionStatement at root");
        }

        resource = e.getAttributeNS(null, "Resource");
        decision = e.getAttributeNS(null, "Decision");

        Element n = XML.getFirstChildElement(e, XML.SAML_NS, "Action");
        while (n != null) {
            actions.add(new SAMLAction(n));
            n = XML.getNextSiblingElement(n, XML.SAML_NS, "Action");
        }

        n = XML.getFirstChildElement(e, XML.SAML_NS, "Evidence");
        if (n != null) {
            Element n2 = XML.getFirstChildElement(n);
            while (n2 != null) {
                if (XML.isElementNamed(n2, XML.SAML_NS, "Assertion"))
                    evidence.add(new SAMLAssertion(n2));
                else if (XML.isElementNamed(n2, XML.SAML_NS, "AssertionIDReference"))
                    evidence.add(n2.getFirstChild().getNodeValue());
                n2 = XML.getNextSiblingElement(n2);
            }
        }
        
        checkValidity();
    }
    
    /**
     *  Gets the resource URI inside the statement
     *
     * @return    the resource URI
     */
    public String getResource() {
        return resource;
    }
    
    /**
     *  Sets the resource URI inside the statement
     * 
     * @param   resource    The resource URI
     */
    public void setResource(String resource) {
        if (XML.isEmpty(resource))
            throw new IllegalArgumentException("resource cannot be null");
        this.resource = resource;
        if (root != null) {
            ((Element)root).getAttributeNodeNS(null,"Resource").setNodeValue(resource);
        }
    }

    /**
     * Gets the decision from inside the statement
     *
     * @return    The decision
     */
    public String getDecision() {
        return decision;
    }

    /**
     *  Sets the decision inside the statement
     * 
     * @param   decision    The decision
     */
    public void setDecision(String decision) {
        if (XML.isEmpty(decision))
            throw new IllegalArgumentException("decision cannot be null");
        this.decision = decision;
        if (root != null) {
            ((Element)root).getAttributeNodeNS(null,"Decision").setNodeValue(decision);
        }
    }
    
    /**
     * Gets the actions inside the statement
     *
     * @return    An iterator over the actions
     */
    public Iterator getActions() {
        return actions.iterator();
    }

    /**
     *  Sets the actions to include in the statement