📄 permiswebservice.java
字号:
/**
* This method returns the time encoded as a string.
*
* @param timeString - the time to set; the format is the same as the string representation of time in the policy, e.g. "2005-09-25T23:59:59"
* @return the Date representing the specified time.
*/
public Date toTime(String timeString) throws IllegalArgumentException{
int [] t = new Time(timeString).getEvaluationTime();
Calendar c = new GregorianCalendar();
c.set(t[0], t[1], t[2], t[3], t[4], t[5]);
return c.getTime();
}
/**
* This method sets the current time. Initially the time is set to
* the time of the application startup.
*
* @param time - the time to set.
*/
public void setTime(Date time){
this.time=time;
}
private byte[][] getUniqueValues(byte[][] valueIn) {
ArrayList result = new ArrayList();
result.add(valueIn[0]);
for (int i=1; i<valueIn.length; i++) {
boolean found = false;
for (Iterator j=result.iterator();j.hasNext();) {
byte[] node = (byte[])j.next();
boolean equal = false;
if (node.length==valueIn[i].length) {
equal=true;
for (int k=0; k<node.length; k++) {
if (node[k]!=valueIn[i][k]) equal=false;
if (!equal) break;
}
if (equal) found= true;
if (found) break;
}
}
if (!found) result.add(valueIn[i]);
}
byte[][] fr = new byte[result.size()][];
fr = (byte[][])result.toArray(fr);
return fr;
}
private void addAttributeCertificates(String dn, byte[][] acIn, String method, String address, int port, String baseDN) throws Exception {
if (acIn.length==0) return;
byte[][] ac = this.getUniqueValues(acIn);
if (method==null) method="ldap";
if (!method.equals("ldap")) return;
LDAPConnection ldap = new LDAPConnection();
ldap.connect(address,port>0?port:389);
ldap.bind("cn=root,dc=issrg,dc=uok","secret");
LDAPEntry foundEntry = null;
dn +=","+baseDN;
try {
foundEntry = ldap.read(dn);
} catch (LDAPException ee) {
int code = ee.getLDAPResultCode();
if (code==ee.NO_SUCH_OBJECT) throw new Exception("no account");
else throw new Exception("LDAP failure: "+ee);
}
LDAPAttributeSet set = foundEntry.getAttributeSet();
boolean exist = false;
for (int i=0;i<set.size();i++) {
LDAPAttribute att = set.elementAt(i);
if (att.getName().equals("attributeCertificateAttribute")) {
exist = true;
for (int k=0; k<ac.length; k++) {
Enumeration values = att.getByteValues();
boolean found = false;
while (values.hasMoreElements()) {
byte[] value = (byte[])values.nextElement();
boolean eq = false;
if (value.length==ac[k].length) {
eq = true;
for (int j=0;j<ac[k].length;j++) {
if (ac[k][j]!=value[j]) {
eq = false;
break;
}
}
if (eq) found = true;
}
if (found) break;
}
if (!found) {
LDAPAttribute attr = new LDAPAttribute("attributeCertificateAttribute",ac[k]);
LDAPModification singleChange = new LDAPModification( LDAPModification.ADD, attr);
ldap.modify(dn, singleChange );
}
}
}
}
if (!exist) {
for (int k=0; k<ac.length; k++) {
LDAPAttribute attr = new LDAPAttribute("attributeCertificateAttribute",ac[k]);
LDAPModification singleChange = new LDAPModification( LDAPModification.ADD, attr);
ldap.modify(dn, singleChange );
}
}
}
private ArrayList getAttributeCertificates(String dn, String method, String address, int port, String baseDN) throws Exception {
ArrayList result=null;
if (method==null) method="ldap";
if (!method.equals("ldap")) return null;
LDAPConnection ldap = new LDAPConnection();
ldap.connect(address,port>0?port:389);
ldap.bind("cn=root,dc=issrg,dc=uok","secret");
LDAPEntry foundEntry = null;
dn +=","+baseDN;
try {
foundEntry = ldap.read(dn);
} catch (LDAPException ee) {
return null;
}
LDAPAttributeSet set = foundEntry.getAttributeSet();
for (int i=0;i<set.size();i++) {
LDAPAttribute att = set.elementAt(i);
if (att.getName().equals("attributeCertificateAttribute")) {
result = new ArrayList();
Enumeration enums = att.getByteValues();
while (enums.hasMoreElements()) {
byte[] ac = (byte[])enums.nextElement();
Binary cert = new Binary(ac);
result.add(cert);
}
}
}
return result;
}
/**
* This method is used to get all of the environmental attributes in the current policy
* @return an <Attributes> element. For example,
* <Attributes xmlns="urn:oasis:names:tc:xacml:1.0:context">
* <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:environment:balance.student[id(S)]"
* DataType="http://www.w3.org/2001/XMLSchema#integer"/>
* <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:environment:balance.staff[id(S)]"
* DataType="http://www.w3.org/2001/XMLSchema#integer"/>
* </Attributes>
*/
public Element getAttributes() throws PermisWebServiceException {
Element attribute = this.doc.createElement("Attributes");
attribute.setAttribute("xmlns","urn:oasis:names:tc:xacml:1.0:context");
logger.debug("to get environmental attributes in the policy");
EnvironmentNode [] nodes = this.pba.getEnvAttributes();
ArrayList list = new ArrayList();
for (int i=0; i<nodes.length; i++) {
EnvironmentNode node = nodes[i];
Map map = node.getAttributes();
String name = (String)map.get(node.PARAMETER_ATTRIBUTE);
if (list.contains(name)) continue;
list.add(name);
String type = node.getType();
type = type.toLowerCase();
Element attr = this.doc.createElement("Attribute");
attr.setAttribute("AttributeId",name);
attr.setAttribute("DataType","http://www.w3.org/2001/XMLSchema#"+type);
attribute.appendChild(attr);
}
return attribute;
}
/**
* This method provides an XACML interface to call PERMIS PDP for authz decisions
* @param reqCtx, which is an XACML request context
* @return an XACML response context in the form of XML Element
*/
public Element decision(Element reqCtx) throws PermisWebServiceException {
Date date = new Date();
long start = date.getTime();
Subject subject = null;
PermisTarget target = null;
Action act = null;
Hashtable env = null;
String policy = this.pba.getPolicyFinder().getPolicyOID();
Element response = this.doc.createElement("Response");
Element result = this.doc.createElement("Result");
result.setAttribute("ResourceId",this.getId(reqCtx,"Resource"));
Element status = this.doc.createElement("Status");
Element statuscode = this.doc.createElement("StatusCode");
Element decision = this.doc.createElement("Decision");
if (policy==null) {
Text text = this.doc.createTextNode("NotApplicable");
decision.appendChild(text);
result.appendChild(decision);
statuscode.setAttribute("Value","urn:oasis:names:tc:xacml:1.0:status:ok");
status.appendChild(statuscode);
result.appendChild(status);
response.appendChild(result);
date = new Date();
long end = date.getTime();
end = end - start;
logger.info("this decision is made in "+end+" milliseconds");
return response;
};
String textCode = null;
String statusCode = null;
try {
subject = this.createSubject(reqCtx,policy);//this.createSubject(reqCtx);//
if (subject!=null) logger.debug("the credentails are "+subject.exportCreds().toString());
if (subject!=null) logger.info("Permis subject is created");
target = this.createTarget(reqCtx);
if (target!=null) logger.debug("the target is "+target.getName());
if (target!=null) logger.info("Permis target is created");
act = this.createAction(reqCtx);
if (act!=null) logger.info("Permis action is created");
env = this.createEnvironment(reqCtx);
if (env!=null) logger.info("Permis environment is created");
if (target!=null) result.setAttribute("ResourceId",target.getName());
Response res = this.pba.response(subject,act,target,env);
logger.info("Permis authorisation decision is made");
if (res.isAuthorised()) {
textCode = "Permit";
statusCode = "urn:oasis:names:tc:xacml:1.0:status:ok";
Text text = this.doc.createTextNode(textCode);
text.setNodeValue(textCode);
decision.appendChild(text);
result.appendChild(decision);
statuscode.setAttribute("Value",statusCode);
status.appendChild(statuscode);
result.appendChild(status);
Obligations obls = res.getObligations();
if (obls!=null) {
String obligations = obls.toString();
Text obl = this.doc.createTextNode(obligations);
result.appendChild(obl);
}
} else {
textCode = "Deny";
statusCode = "urn:oasis:names:tc:xacml:1.0:status:ok";
Text text = this.doc.createTextNode(textCode);
decision.appendChild(text);
result.appendChild(decision);
statuscode.setAttribute("Value",statusCode);
status.appendChild(statuscode);
result.appendChild(status);
}
} catch (PbaException pe) {
logger.debug(pe.getMessage());
if (pe.getMessage().equals("Target is out of target domain")) {
textCode = "NotApplicable";
statusCode = "urn:oasis:names:tc:xacml:1.0:status:ok";
} else if (pe.getMessage().equals("Subject, Action and Target should not be null")) {
textCode = "Indeterminate";
statusCode = "urn:oasis:names:tc:xacml:1.0:status:missing-attribute";
} else if (pe.getMessage().equals("Cannot use the subject: created by a different object")) {
textCode = "Indeterminate";
statusCode = "urn:oasis:names:tc:xacml:1.0:status:processing-error";
} else if (pe.getMessage().equals("Unacceptable Action for this policy")) {
textCode = "NotApplicable";
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -