-
- @XACMLRequest(ReturnPolicyIdList=true)
- public class AuthorizationRequest {
-
- @XACMLSubject(includeInResults=true)
- String userID;
-
- @XACMLAction()
- String action;
-
- @XACMLResource()
- String resource;
-
- public AuthorizationRequest(String userId, String action, String resource) {
- this.userID = userId;
- this.action = action;
- this.resource = resource;
- }
-
- public String getUserID() {
- return userID;
- }
-
- public void setUserID(String userID) {
- this.userID = userID;
- }
-
- public String getAction() {
- return action;
- }
-
- public void setAction(String action) {
- this.action = action;
- }
-
- public String getResource() {
- return resource;
- }
-
- public void setResource(String resource) {
- this.resource = resource;
- }
- }
-
- //
- // The PDP Engine
- //
- protected PDPEngine pdpEngine;
-
- public XacmlAdminAuthorization() {
- PDPEngineFactory pdpEngineFactory = null;
- try {
- pdpEngineFactory = PDPEngineFactory.newInstance();
- if (pdpEngineFactory == null) {
- logger.error("Failed to create PDP Engine Factory");
- PolicyLogger.error("Failed to create PDP Engine Factory");
- }
- this.pdpEngine = pdpEngineFactory.newEngine();
- } catch (FactoryException e) {
- logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception create PDP Engine: " + e.getLocalizedMessage());
- PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XacmlAdminAuthorization", "Exception create PDP Engine");
- }
- }
-
- public boolean isAuthorized(String userid, AdminAction action, AdminResource resource) {
- logger.info("authorize: " + userid + " to " + action + " with " + resource);
- if (this.pdpEngine == null) {
- logger.warn("no pdp engine available to authorize");
- return false;
- }
- Request request;
- try {
- request = RequestParser.parseRequest(new AuthorizationRequest(userid, action.toString(), resource.toString()));
- } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) {
- logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to create request: " + e.getLocalizedMessage());
- PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XacmlAdminAuthorization", "Failed to create request");
- return false;
- }
- if (request == null) {
- logger.error("Failed to parse request.");
- PolicyLogger.error("Failed to parse request");
- return false;
- }
- logger.info("Request: " + request);
- //
- // Ask the engine
- //
- try {
- Response response = this.pdpEngine.decide(request);
- if (response == null) {
- logger.error("Null response from PDP decide");
- PolicyLogger.error("Null response from PDP decide");
- }
- //
- // Should only be one result
- //
- if(response != null){
- for (Result result : response.getResults()) {
- Decision decision = result.getDecision();
- logger.info("Decision: " + decision);
- if (decision.equals(Decision.PERMIT)) {
- return true;
- }
- }
- }
- } catch (PDPException e) {
- logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "PDP Decide failed: " + e.getLocalizedMessage());
- PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XacmlAdminAuthorization", "PDP Decide failed");
- }
- return false;
- }