- public XacmlAdminAuthorization() {
- PDPEngineFactory pdpEngineFactory = null;
- try {
- pdpEngineFactory = PDPEngineFactory.newInstance();
- if (pdpEngineFactory == null) {
- logger.error("Failed to create PDP Engine Factory");
- PolicyLogger.error("Failed to create PDP Engine Factory");
- }
- this.pdpEngine = pdpEngineFactory.newEngine();
- } catch (FactoryException e) {
- logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception create PDP Engine: " + e.getLocalizedMessage());
- PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XacmlAdminAuthorization", "Exception create PDP Engine");
- }
- }
-
- public boolean isAuthorized(String userid, AdminAction action, AdminResource resource) {
- logger.info("authorize: " + userid + " to " + action + " with " + resource);
- if (this.pdpEngine == null) {
- logger.warn("no pdp engine available to authorize");
- return false;
- }
- Request request;
- try {
- request = RequestParser.parseRequest(new AuthorizationRequest(userid, action.toString(), resource.toString()));
- } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) {
- logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to create request: " + e.getLocalizedMessage());
- PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XacmlAdminAuthorization", "Failed to create request");
- return false;
- }
- if (request == null) {
- logger.error("Failed to parse request.");
- PolicyLogger.error("Failed to parse request");
- return false;
- }
- logger.info("Request: " + request);
- //
- // Ask the engine
- //
- try {
- Response response = this.pdpEngine.decide(request);
- if (response == null) {
- logger.error("Null response from PDP decide");
- PolicyLogger.error("Null response from PDP decide");
- }
- //
- // Should only be one result
- //
- if(response != null){
- for (Result result : response.getResults()) {
- Decision decision = result.getDecision();
- logger.info("Decision: " + decision);
- if (decision.equals(Decision.PERMIT)) {
- return true;
- }
- }
- }
- } catch (PDPException e) {
- logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "PDP Decide failed: " + e.getLocalizedMessage());
- PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XacmlAdminAuthorization", "PDP Decide failed");
- }
- return false;
- }