while (resIterator.hasNext()) { PDPResponse response = resIterator.next(); if (!response.isPermit()) { nodesToRemove.add(member);
Target t = requestForResponse.getTarget(); String id = (String) allIds.getItem(t.getResourceId()).getAppItem(); if (!response.isPermit()) { notAllowedIds.add(id);
if (!response.isPermit()) {
Target t = requestForResponse.getTarget(); String id = (String) allIds.getItem(t.getResourceId()).getAppItem(); if (!response.isPermit()) { notAllowedIds.add(id);
Target t = requestForResponse.getTarget(); String id = (String) allIds.getItem(t.getResourceId()).getAppItem(); if (response.isPermit()) { allowedIds.add(id);
if (!response.isPermit() || !offeringData.getObservedProperties().contains(node.getTextContent()))
if (!response.isPermit() || !offeringData.getProcedures().contains(node.getTextContent())) {
if (!response.isPermit()) {
if (!response.isPermit()) { Target t = requestForResponse.getTarget(); String id = (String) targetItems.getItem(t.getResourceId()).getAppItem();
PDPResponse response = (PDPResponse) resIterator.next(); PDPRequest requestForResponse = response.getRequest(); if (!response.isPermit()) { Target t = requestForResponse.getTarget();
while (resIterator.hasNext()) { PDPResponse response = resIterator.next(); if (!response.isPermit()) { throw new EnforcementServiceException("Access to sensor description denied!");
if (!response.isPermit()) { Target t = requestForResponse.getTarget(); Node processNode = (Node) allIds.getItem(t.getResourceId()).getAppItem();
PDPResponse response = (PDPResponse) resIterator.next(); PDPRequest requestForResponse = response.getRequest(); if (response.isPermit()) { Target t = requestForResponse.getTarget(); String layerName = (String) availableLayers.getItem(t.getResource()).getAppItem();
if (response.isPermit()) {
PDPResponse response = (PDPResponse) resIterator.next(); if (!response.isPermit()) { throw new EnforcementServiceException("Not allowed"); } else if (response.hasObligations()) {
if (!pdpresponse.isPermit()) { Target t = requestForResponse.getTarget(); String id = (String) allProcessIdentifiers.getItem(t.getResourceId()).getAppItem();
PDPResponse pdpresponse = resIterator.next(); if (!pdpresponse.isPermit()) {
PDPResponse response = (PDPResponse) resIterator.next(); PDPRequest requestForResponse = response.getRequest(); if (!response.isPermit()) { Target t = requestForResponse.getTarget(); String targetResource = t.getResource();
public SecuredServiceRequest doRequest(Subject subject, InterceptorRequest request) throws InterceptorException, EnforcementServiceException { LOG.debug("intercepting request"); SecuredServiceRequest req = request.getRequest(); PDPRequestCollection reqCollection = new PDPRequestCollection(); Target tTarget = new Target(subject, request.getRequest().getForward().getServiceEndpoint(), "*", "target:service"); PDPRequest pdprequest = new PDPRequest(tTarget); reqCollection.add(pdprequest); // Query PDP PDPResponseCollection resCollection = null; try { resCollection = getDecisionService().request(reqCollection); } catch (DecisionProcessingException e) { throw new InterceptorException("Error during pdp request:", e); } // Process PDP response and cut off every layer that is not allowed to // be accessed by GetMap Iterator resIterator = resCollection.iterator(); while (resIterator.hasNext()) { PDPResponse response = (PDPResponse) resIterator.next(); if (!response.isPermit()) { // Improve ExceptionHandling ! throw new EnforcementServiceException("Access to service denied"); } } return req; }
protected boolean isAccessPermitted( final WebSecurityProcessingContext securityCtx, final WebContext webCtx) { String resourceId = buildResourceId(webCtx); String actionId = buildActionId(webCtx.getRequest().getMethod()); Target target = buildPolicyTarget(securityCtx.getSubject(), resourceId, actionId); try { PDPResponseCollection respcol = m_decisionService.request(new PDPRequestCollection().add(new PDPRequest(target))); PDPResponse decision = (PDPResponse) respcol.iterator().next(); if (decision.isPermit()) { Collection<Obligation> obligations = decision.getObligations(); // we store the obligations ot fulfil in the context // TODO: create an obligation processor interface or the like? securityCtx.setSharedProcessingState("url.processing.obligations", obligations); return true; } return false; } catch (Throwable ex) { throw new WebSecurityProcessingException("error during policy decision processing of ressourceId <" + resourceId + "> action <" + actionId + "> blocking access!" + ex, ex); } }