📄 contexthandler.java
字号:
/*
* Copyright (c) 2006, University of Kent
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* 1. Neither the name of the University of Kent nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 2. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED.
*
* 3. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* 4. YOU AGREE THAT THE EXCLUSIONS IN PARAGRAPHS 2 AND 3 ABOVE ARE REASONABLE
* IN THE CIRCUMSTANCES. IN PARTICULAR, YOU ACKNOWLEDGE (1) THAT THIS
* SOFTWARE HAS BEEN MADE AVAILABLE TO YOU FREE OF CHARGE, (2) THAT THIS
* SOFTWARE IS NOT "PRODUCT" QUALITY, BUT HAS BEEN PRODUCED BY A RESEARCH
* GROUP WHO DESIRE TO MAKE THIS SOFTWARE FREELY AVAILABLE TO PEOPLE WHO WISH
* TO USE IT, AND (3) THAT BECAUSE THIS SOFTWARE IS NOT OF "PRODUCT" QUALITY
* IT IS INEVITABLE THAT THERE WILL BE BUGS AND ERRORS, AND POSSIBLY MORE
* SERIOUS FAULTS, IN THIS SOFTWARE.
*
* 5. This license is governed, except to the extent that local laws
* necessarily apply, by the laws of England and Wales.
*/
/*
*
* Created on 24 August 2006, 11:45
*
* To change this template, choose Tools | Template Manager
* and open the template in the editor.
*/
package uk.ac.kent.dpa.coord.context.handler;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.w3c.dom.*;
import javax.xml.parsers.*;
import java.util.*;
import uk.ac.kent.dpa.custom.authz.util.Attribute;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import uk.ac.kent.dpa.coord.clients.CoordClientException;
import uk.ac.kent.dpa.coord.clients.CoordClientObject;
import issrg.web.service.EncodeXML;
/**
*
* @author ls97
*/
public class ContextHandler {
private Element requestCtx;
private CoordClientObject coord;
/** Creates a new instance of CoordinateService
* userIn, user's request
* reqIn, requested service
* authIn, authorisation service
* coordIn, coordination database service
* credIn, credential verification service
*/
static Log logger = LogFactory.getLog(ContextHandler.class.getName());
public ContextHandler(Element reqIn,String coordIn) throws ContextHandlerException {
try {
this.coord=new CoordClientObject(coordIn);
} catch (CoordClientException ce) {
throw new ContextHandlerException("coordination database service is not available");
}
this.requestCtx=reqIn;
logger.info("the coordination context handler is constructed");
}
public CoordClientObject getCoordService() {
return this.coord;
}
/*
public boolean execute() throws ContextHandlerException {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setValidating(false);
Document doc = null;
String[] lockNames=null;
CoordClientObject coord=null;
try {
AuthzClientObject pdp = new AuthzClientObject(this.authzService);
coord = new CoordClientObject(this.coordinationDatabaseService);
// get the all attributes involved in the policy
System.out.println();
System.out.println();
System.out.println("### user's request ###");
System.out.println(new EncodeXML().encode(this.userRequest,0));
System.out.println();
System.out.println();
System.out.println("to get attributes from the current policies");
Element attributes = pdp.getAttributes();
ArrayList definingAttributes = this.getDefiningAttributes(attributes, coord, pdp);
Element secondary = this.getAttributes(definingAttributes);
Element[] allAttributes = new Element[2];
allAttributes[0] = attributes;
allAttributes[1] = secondary;
System.out.println("*** the primary attributes ***");
System.out.println(new EncodeXML().encode(attributes,0));
System.out.println("*** the secondary attributes ***");
System.out.println(new EncodeXML().encode(secondary,0));
System.out.println();
System.out.println();
//validate user's credentials if the CVS is available
Element subCreds=null;
Element tarCreds=null;
if (this.credentialService!=null) {
CVSClientObject cvs = new CVSClientObject(this.credentialService);
subCreds= cvs.getCredsS(this.subject);
tarCreds= cvs.getCredsT(this.target);
}
//create request context
System.out.println("to create request context");
Element preReqCtx1 = this.createRequestContext(pdp.getName(),allAttributes,this.userRequest,subCreds,tarCreds,coord);
String[] coordAttrs = this.getCoordinationNames(attributes,coord);
int num = coordAttrs.length;
int [] lockTypes = new int[num];
lockNames = new String[num];
//lockTypes[0]=0;
//lockNames[0]=coord.getCoordTableName();
for (int i=0; i<num; i++) {
lockTypes[i]=1;
lockNames[i]=coordAttrs[i];
}
if (num>0) {
coord.lockCoordAttrs(lockNames,lockTypes);
}
Element coordAttrVals = this.getCoordinationAttributes(attributes,preReqCtx1,coord);
Element reqCtx = this.merge(preReqCtx1,coordAttrVals);
System.out.println("*** the request context ***");
System.out.println(new EncodeXML().encode(reqCtx,0));
System.out.println();
System.out.println();
//make the authorisation decision
while (true) {
Element response = pdp.decision(reqCtx);
String decision = this.getDecision(response);
if (decision==null) throw new ContextHandlerException("authorisation failed");
if (decision.equals("Permit")) {
Element chronicle = pdp.getChronicle();
Element obligations = this.getObligations(response);
String oblId = this.getObligationId(obligations);
String chronicleVal = new String("before-request");//this.getChronicle(chronicle,oblId);
Element evaluations=coord.obligationEngine(obligations,reqCtx);
this.enforceObligations(evaluations,coord,reqCtx);
coord.unlockCoordAttrs(lockNames);
return true;
} else if (decision.equals("NotApplicable")) {
coord.unlockCoordAttrs(lockNames);
return false;
} else if (decision.equals("Indeterminate")) {
coord.unlockCoordAttrs(lockNames);
return false;
} else {
coord.unlockCoordAttrs(lockNames);
throw new ContextHandlerException("unknown decision");
}
}
} catch (AuthzClientException ae) {
try {coord.unlockCoordAttrs(lockNames);} catch (CoordClientException ce1) {};
throw new ContextHandlerException("XACML PDP service error:"+ae);
} catch (CoordClientException ce) {
try {coord.unlockCoordAttrs(lockNames);} catch (CoordClientException ce1) {};
throw new ContextHandlerException("coordination database service error:"+ce);
} catch (CVSClientException ve) {
try {coord.unlockCoordAttrs(lockNames);} catch (CoordClientException ce1) {};
throw new ContextHandlerException("credentials verification service error:"+ve);
} catch (Exception e) {
try {coord.unlockCoordAttrs(lockNames);} catch (CoordClientException c1e) {};
throw new ContextHandlerException("requested service error:"+e);
}
}
private Element createRequestContext(Element[] attrs, Element usersreq, CoordClientObject coord)
throws ContextHandlerException {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setValidating(false);
Document doc = null;
try {
doc = factory.newDocumentBuilder().newDocument();
} catch (ParserConfigurationException pe) {
throw new ContextHandlerException("XML parser error:"+pe);
}
Element request = doc.createElement("Request");
request.setAttribute("xmlns","urn:oasis:names:tc:xacml:1.0:context");
request.setAttribute("xmlns:xsi","http://www.w3.org/2001/XMLSchema-instance");
Element subject = doc.createElement("Subject");
Element resource = doc.createElement("Resource");
Element action = doc.createElement("Action");
Element environment = doc.createElement("Environment");
if (attrs==null) {
request.appendChild(subject);
request.appendChild(resource);
request.appendChild(action);
request.appendChild(environment);
return request;
}
boolean resourceId = false;
if (flag.equals("XACML")) {
resourceId=true;
}
for (int l=0; l<attrs.length; l++) {
NodeList list = attrs[l].getChildNodes();
for (int i=0; i<list.getLength(); i++) {
Node attr = list.item(i);
if (Text.class.isAssignableFrom(attr.getClass())) continue;
String id = ((Element)attr).getAttribute("AttributeId");
String dataType = ((Element)attr).getAttribute("DataType");
String type = ((Element)attr).getAttribute("Type");
if (type.equals("Subject")) {
ArrayList values = this.getSubject(id,subAttr);
for (Iterator j=values.iterator();j.hasNext();) {
String value = (String)j.next();
Element attrNode = doc.createElement("Attribute");
attrNode.setAttribute("AttributeId",id);
attrNode.setAttribute("DataType",dataType);
Element attrValNode = doc.createElement("AttributeValue");
Text text = doc.createTextNode(value);
attrValNode.appendChild(text);
attrNode.appendChild(attrValNode);
subject.appendChild(attrNode);
}
} else if (type.equals("Resource")) {
ArrayList values = new ArrayList();
if (resourceId) {
values = this.getResource("urn:oasis:names:tc:xacml:1.0:resource:resource-id",tarAttr);
for (Iterator j=values.iterator();j.hasNext();) {
String value = (String)j.next();
Element attrNode = doc.createElement("Attribute");
attrNode.setAttribute("AttributeId","urn:oasis:names:tc:xacml:1.0:resource:resource-id");
attrNode.setAttribute("DataType","http://www.w3.org/2001/XMLSchema#string");
Element attrValNode = doc.createElement("AttributeValue");
Text text = doc.createTextNode(value);
attrValNode.appendChild(text);
attrNode.appendChild(attrValNode);
resource.appendChild(attrNode);
}
resourceId=false;
}
values = this.getResource(id,tarAttr);
for (Iterator j=values.iterator();j.hasNext();) {
String value = (String)j.next();
Element attrNode = doc.createElement("Attribute");
attrNode.setAttribute("AttributeId",id);
attrNode.setAttribute("DataType",dataType);
Element attrValNode = doc.createElement("AttributeValue");
Text text = doc.createTextNode(value);
attrValNode.appendChild(text);
attrNode.appendChild(attrValNode);
resource.appendChild(attrNode);
}
} else if (type.equals("Action")) {
ArrayList values = this.getAction(id,usersreq);
for (Iterator j=values.iterator();j.hasNext();) {
String value = (String)j.next();
Element attrNode = doc.createElement("Attribute");
attrNode.setAttribute("AttributeId",id);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -