📄 xacmlpdp.java
字号:
}
}
}
}
}
return attributes;
}
public HashSet getSubject(NodeList list) throws AuthorizationException {
HashSet subjects = new HashSet();
HashSet attributes = this.getAttributes(list);
if (!attributes.isEmpty()) {
com.sun.xacml.ctx.Subject subject = new com.sun.xacml.ctx.Subject(attributes);
subjects.add(subject);
}
return subjects;
}
public HashSet getResource(NodeList list) throws AuthorizationException {
HashSet attributes = this.getAttributes(list);
return attributes;
}
public HashSet getAction(NodeList list) throws AuthorizationException {
return this.getResource(list);
}
public HashSet getEnvironment(NodeList list) throws AuthorizationException {
return this.getResource(list);
}
public Element getResponse() {
return this.response;
}
public String [] getPolicyNames(){
return new String[0];
}
public Node getPolicy(Node query) throws InvalidPolicyException {
return null;
}
/**
* The standard PDP method; returns null, since the behaviour was
* not defined by GT4 at the time of writing.
*/
public Node setPolicy(Node policy) throws InvalidPolicyException {
return null;
}
/**
* The standard PDP method; deinitialises the PDP.
*/
public void close(){
this.xacmlPDP=null;
}
public Element getAttributes() throws InitializeException {
logger.debug("to catch attributes in these policies");
Element attrs = null;
ArrayList attributes = new ArrayList();
this.policies = new Element[this.files.length];
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setValidating(false);
Document doc = null;
try {
doc = factory.newDocumentBuilder().newDocument();
} catch (ParserConfigurationException pe) {
throw new InitializeException("XML parser error:"+pe);
}
for (int j=0; j<this.files.length; j++) {
BasicDom dom = new BasicDom(files[j]);
Document doc1 = dom.getXMLDocument();
this.policies[j] = doc1.getDocumentElement();
Node ele = this.policies[j];
this.extract(ele,attributes);
}
ArrayList apps = this.getAssignmentApplys();
for (Iterator i=apps.iterator();i.hasNext();) {
Element app = (Element)i.next();
this.extract(app,attributes);
}
attrs = doc.createElement("Attributes");
for (Iterator i=attributes.iterator();i.hasNext();) {
uk.ac.kent.dpa.custom.authz.util.Attribute attribute = (uk.ac.kent.dpa.custom.authz.util.Attribute)i.next();
Element attr = doc.createElement("Attribute");
attr.setAttribute("AttributeId",attribute.getName());
attr.setAttribute("DataType",attribute.getDataType());
if (attribute.getType()==uk.ac.kent.dpa.custom.authz.util.Attribute.SUBJECT) attr.setAttribute("Type","Subject");
else if (attribute.getType()==uk.ac.kent.dpa.custom.authz.util.Attribute.RESOURCE) attr.setAttribute("Type","Resource");
else if (attribute.getType()==uk.ac.kent.dpa.custom.authz.util.Attribute.ACTION) attr.setAttribute("Type","Action");
else if (attribute.getType()==uk.ac.kent.dpa.custom.authz.util.Attribute.ENVIRONMENT) attr.setAttribute("Type","Environment");
else throw new InitializeException("invalid attribute type");
attrs.appendChild(attr);
}
return attrs;
}
private void extract(Node ele, ArrayList attributes) {
if (ele==null) return;
if (!Text.class.isAssignableFrom(ele.getClass())) {
if (ele.getNodeName().equals("SubjectAttributeDesignator")) {
String name = ((Element)ele).getAttribute("AttributeId");
String dataType = ((Element)ele).getAttribute("DataType");
int type = uk.ac.kent.dpa.custom.authz.util.Attribute.SUBJECT;
if (!this.exist(attributes,name,type)) {
uk.ac.kent.dpa.custom.authz.util.Attribute attr = new uk.ac.kent.dpa.custom.authz.util.Attribute(name,dataType,type);
attributes.add(attr);
}
} else if (ele.getNodeName().equals("ActionAttributeDesignator")) {
String name = ((Element)ele).getAttribute("AttributeId");
String dataType = ((Element)ele).getAttribute("DataType");
int type = uk.ac.kent.dpa.custom.authz.util.Attribute.ACTION;
if (!this.exist(attributes,name,type)) {
uk.ac.kent.dpa.custom.authz.util.Attribute attr = new uk.ac.kent.dpa.custom.authz.util.Attribute(name,dataType,type);
attributes.add(attr);
}
} else if (ele.getNodeName().equals("ResourceAttributeDesignator")) {
String name = ((Element)ele).getAttribute("AttributeId");
String dataType = ((Element)ele).getAttribute("DataType");
int type = uk.ac.kent.dpa.custom.authz.util.Attribute.RESOURCE;
if (!this.exist(attributes,name,type)) {
uk.ac.kent.dpa.custom.authz.util.Attribute attr = new uk.ac.kent.dpa.custom.authz.util.Attribute(name,dataType,type);
attributes.add(attr);
}
} else if (ele.getNodeName().equals("EnvironmentAttributeDesignator")) {
String name = ((Element)ele).getAttribute("AttributeId");
String dataType = ((Element)ele).getAttribute("DataType");
int type = uk.ac.kent.dpa.custom.authz.util.Attribute.ENVIRONMENT;
if (!this.exist(attributes,name,type)) {
uk.ac.kent.dpa.custom.authz.util.Attribute attr = new uk.ac.kent.dpa.custom.authz.util.Attribute(name,dataType,type);
attributes.add(attr);
}
}
}
NodeList children = ele.getChildNodes();
for (int i=0;i<children.getLength();i++) {
Node node = children.item(i);
this.extract(node,attributes);
}
}
private boolean exist(ArrayList list, String name, int type) {
for (Iterator i=list.iterator(); i.hasNext();) {
uk.ac.kent.dpa.custom.authz.util.Attribute attr = (uk.ac.kent.dpa.custom.authz.util.Attribute)i.next();
if (attr.getName().equals(name) && attr.getType()==type) return true;
}
return false;
}
private ArrayList getAssignmentApplys() throws InitializeException {
Element[] obls = this.getObligations();
ArrayList applys = new ArrayList();
for (int k=0; k<obls.length; k++) {
Element obligations = obls[k];
if (obligations==null) continue;
NodeList list = obligations.getChildNodes();
for (int i=0; i<list.getLength(); i++) {
Node node = list.item(i);
if (node.getNodeName().equals("Obligation")) {
NodeList assigns = node.getChildNodes();
for (int j=0; j<assigns.getLength(); j++) {
Node assign = assigns.item(j);
if (assign.getNodeName().equals("AttributeAssignment")) {
NodeList texts = assign.getChildNodes();
if (texts.getLength()!=1) throw new InitializeException("invalid AttributeAssigment");
Node text = texts.item(0);
if (Text.class.isAssignableFrom(text.getClass())) {
Text t = (Text)text;
String str = t.getNodeValue();
XMLParser parser = new XMLParser(str);
try {
Element e = parser.getXmlElement();
applys.add(e);
} catch (AuthzException ae) {
throw new InitializeException("error:"+ae);
}
}
}
}
}
}
}
return applys;
}
private Element[] getObligations() {
Element[] obls = new Element[this.files.length];
for (int i=0; i<this.files.length; i++) {
obls[i]=null;
Element root = this.policies[i];
NodeList children = root.getChildNodes();
for (int j=0; j<children.getLength(); j++) {
Node node = children.item(j);
if (node.getNodeName().equals("Obligations")) obls[i]=(Element)node;
}
}
return obls;
}
public ResponseCtx evaluate(javax.security.auth.Subject peerSubject,
String operation)
throws IOException, ParsingException, URISyntaxException, Exception {
HashSet subjects = new HashSet();
HashSet resources = new HashSet();
HashSet actions = new HashSet();
HashSet environment = new HashSet();
// Create PDP request Subject attributes
String subjectStr = AuthUtil.getIdentity(peerSubject);
Attribute subjectAttribute = createAttribute
("urn:oasis:names:tc:xacml:1.0:subject:subject-id",
"http://www.w3.org/2001/XMLSchema#string",
subjectStr);
HashSet attributes = new HashSet();
attributes.add(subjectAttribute);
com.sun.xacml.ctx.Subject subject = new com.sun.xacml.ctx.Subject(attributes);
subjects.add(subject);
// Create PDP request Resource attributes
Attribute resourceAttribute = createAttribute
("urn:oasis:names:tc:xacml:1.0:resource:resource-id",
"http://www.w3.org/2001/XMLSchema#string",
"Service");
resources.add(resourceAttribute);
// Create PDP request Action attributes
Attribute actionAttribute = createAttribute
("urn:oasis:names:tc:xacml:1.0:action:action-id",
"http://www.w3.org/2001/XMLSchema#string",
operation);
actions.add(actionAttribute);
/* Create PDP request Environment attributes. Environment attributes
are passed through the public credentials of the peer subject object
*/
environment.addAll(peerSubject.getPublicCredentials(Attribute.class));
RequestCtx request = new RequestCtx(subjects, resources, actions,
environment);
// evaluate the request
ResponseCtx res = null;
for (int i=0; i<this.files.length; i++) {
res = this.xacmlPDP[i].evaluate(request);
String dec = this.getDecision(res);
if (dec.equals("Permit")) return res;
}
return res;
}
private Attribute createAttribute(String id, String type,
Object value)
throws URISyntaxException, UnknownIdentifierException,
ParsingException {
URI idURI = new URI(id);
URI typeURI = new URI(type);
AttributeValue attributeValue =
AttributeFactory.createAttribute(typeURI, value.toString());
return new Attribute(idURI, null, null, attributeValue);
}
private String getDecision(com.sun.xacml.ctx.ResponseCtx response) throws AuthorizationException {
Set results = response.getResults();
if (results.size()!=1) throw new AuthorizationException("invalid decision result");
for (Iterator i=results.iterator();i.hasNext();) {
com.sun.xacml.ctx.Result result = (com.sun.xacml.ctx.Result)i.next();
if (result.getDecision()==0) return new String("Permit");
else if (result.getDecision()==1) return new String("Deny");
else if (result.getDecision()==2) return new String("Indeterminate");
else if (result.getDecision()==3) return new String("NotApplicable");
else throw new AuthorizationException("unknown decision");
}
return null;
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -