throw new IllegalStateException("PDP is null"); ResponseContext response = pdp.evaluate(requestCtx); result = response.getDecision() == XACMLConstants.DECISION_PERMIT ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
/** * * @param ejbName * @param methodName * @param principal * @param callerRoles * @return * @throws Exception */ public RequestContext createXACMLRequest(String ejbName, String methodName, Principal principal, RoleGroup callerRoles) throws Exception { String action = methodName; //Create an action type ActionType actionType = getActionType( action ); RequestContext requestCtx = this.getRequestContext(ejbName, actionType, principal, callerRoles); if(PicketBoxLogger.LOGGER.isDebugEnabled()) { ByteArrayOutputStream baos = new ByteArrayOutputStream(); requestCtx.marshall(baos); PicketBoxLogger.LOGGER.debug(new String(baos.toByteArray())); } return requestCtx; }
requestContext.setRequest(requestType); } catch (IOException e) { throw new ProcessingException(e); ResponseContext responseContext = pdp.evaluate(requestContext); ResultType resultType = responseContext.getResult(); responseType.getResult().add(resultType);
requestType.setEnvironment(environmentType); requestCtx.setRequest(requestType); requestCtx.marshall(baos); log.trace(new String(baos.toByteArray()));
private RequestContext getRequestContext( String ejbName, ActionType actionType, Principal principal, RoleGroup callerRoles ) throws IOException { if(principal == null) throw PicketBoxMessages.MESSAGES.invalidNullArgument("principal"); RequestContext requestCtx = RequestResponseContextFactory.createRequestCtx(); //Create a subject type SubjectType subject = this.getSubjectType( principal, callerRoles ); //Create a resource type ResourceType resourceType = getResourceType( ejbName ); //Create an Environment Type (Optional) EnvironmentType environmentType = getEnvironmentType(); //Create a Request Type RequestType requestType = getRequestType( subject, resourceType, actionType, environmentType ); requestCtx.setRequest( requestType ); return requestCtx; }
pdp.setPolicies(policies); pdp.setLocators(plset);
try requestContext.setRequest(requestType); ResponseContext responseContext = pdp.evaluate(requestContext); ResultType resultType = responseContext.getResult(); responseType.getResult().add(resultType);
ResponseContext response = pdp.evaluate(requestCtx); result = response.getDecision() == XACMLConstants.DECISION_PERMIT ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
requestType.setEnvironment(environmentType); requestCtx.setRequest(requestType); requestCtx.marshall(baos); log.trace(new String(baos.toByteArray()));
pdp.setPolicies(policies); pdp.setLocators(plset);
requestCtx.marshall(baos); PicketBoxLogger.LOGGER.debug(new String(baos.toByteArray()));
requestContext.setRequest(requestType); } catch (IOException e) { throw new ProcessingException(e); ResponseContext responseContext = pdp.evaluate(requestContext); ResultType resultType = responseContext.getResult(); responseType.getResult().add(resultType);
/** * Process the ejb request * @param callerRoles * @return */ private int process(RoleGroup callerRoles) { int result = AuthorizationContext.DENY; EJBXACMLUtil util = new EJBXACMLUtil(); try { RequestContext requestCtx = util.createXACMLRequest(this.ejbName, this.ejbMethod, this.ejbPrincipal, callerRoles); PolicyDecisionPoint pdp = util.getPDP(policyRegistration, this.policyContextID); if(pdp == null) throw PicketBoxMessages.MESSAGES.invalidNullProperty("PDP"); ResponseContext response = pdp.evaluate(requestCtx); result = response.getDecision() == XACMLConstants.DECISION_PERMIT ? AuthorizationContext.PERMIT : AuthorizationContext.DENY; } catch(Exception e) { PicketBoxLogger.LOGGER.debugIgnoredException(e); result = AuthorizationContext.DENY; } return result; }
requestType.setEnvironment(environmentType); requestCtx.setRequest(requestType); requestCtx.marshall(baos); PicketBoxLogger.LOGGER.debug(new String(baos.toByteArray()));
requestContext.setRequest(requestType); } catch (IOException e) { throw new ProcessingException(e); ResponseContext responseContext = pdp.evaluate(requestContext); ResultType resultType = responseContext.getResult(); responseType.getResult().add(resultType);
ResponseContext response = pdp.evaluate(requestCtx); result = response.getDecision() == XACMLConstants.DECISION_PERMIT ? AuthorizationContext.PERMIT : AuthorizationContext.DENY;
try requestContext.setRequest(requestType); ResponseContext responseContext = pdp.evaluate(requestContext); ResultType resultType = responseContext.getResult(); responseType.getResult().add(resultType);