private PDPResponse lookUp(final PDPRequest req) { if (m_stopped || m_maxCacheTime < 0) { // cache disabled return null; } String key = getCacheKey(req); CacheEntry cacheEntry = null; synchronized (m_lock) { cacheEntry = m_decisionCache.get(key); } long now = System.currentTimeMillis(); PDPResponse resp = null; if (cacheEntry != null && cacheEntry.getInserted() > (now - m_maxCacheTime) && (resp = cacheEntry.getResponse()) != null) { if (LOG.isTraceEnabled()) { LOG.trace("cache hit for <" + req + "> --return--> <" + resp + ">"); } m_hitCount.incrementAndGet(); // return copy to ensure that the request object is the input param! return new PDPResponse(resp.getDecision(), req, resp.getObligations()); } m_missCount.incrementAndGet(); return null; }
PDPResponse response = resIterator.next(); PDPRequest requestForResponse = response.getRequest(); Target t = requestForResponse.getTarget(); String id = (String) allIds.getItem(t.getResourceId()).getAppItem(); if (!response.isPermit()) { notAllowedIds.add(id);
/** * @param decision by the PEP * @param request the original request * @param obligations by the PEP * @throws IllegalArgumentException if descision out of range * @throws NullPointerException if request or obligation are null */ public PDPResponse(final int decision, final PDPRequest request, final Collection<Obligation> obligations) throws IllegalArgumentException, NullPointerException { checkDecision(decision); if (request == null) { throw new NullPointerException("request must not be null"); } if (obligations == null) { throw new NullPointerException("obligations must not be null"); } this.m_decision = decision; this.m_request = request; this.m_obligations.addAll(obligations); }
public String toString() { final StringBuffer sb = new StringBuffer(); sb.append("org.n52.security.decision.PDPResponse"); sb.append("{decision=").append(getDecision()); sb.append(", obligations=").append(getObligations()); sb.append(", request=").append(getRequest()); sb.append('}'); return sb.toString(); }
/** * Check for open(unanswered) requests and the filling of the allResponse map. * * @param lastResponse * the last response of a single decision service. * @param allResponses * a insertion-ordered map of request to responses. * @return all open (undefined) requests. */ private PDPRequestCollection findOpenRequests(final PDPResponseCollection lastResponse, final Map<PDPRequest,PDPResponse> allResponses) { PDPRequestCollection reqcol = new PDPRequestCollection(); for (Iterator<PDPResponse> respIt = lastResponse.iterator(); respIt.hasNext();) { PDPResponse resp = respIt.next(); if (resp.isUndefined()) { reqcol.add(resp.getRequest()); } allResponses.put(resp.getRequest(), resp); } return reqcol; }
PDPResponse response = resIterator.next(); PDPRequest requestForResponse = response.getRequest(); Target t = requestForResponse.getTarget(); String id = (String) allIds.getItem(t.getResourceId()).getAppItem(); if (response.isPermit()) { if (response.hasObligations() && response.getDecision() == PDPResponse.DECISION_PERMIT) { NodeList validGmlIdNl = ctx.findIn(nl) PDPResponse response = resIterator.next(); PDPRequest requestForResponse = response.getRequest(); Target t = requestForResponse.getTarget(); String reponseElemId = (String) allIds.getItem(t.getResourceId()).getAppItem(); if (response.isPermit()) { if (response.hasObligations() && response.getDecision() == PDPResponse.DECISION_PERMIT) { if (!checkPositionWithObligation(response, elem)) { elem.getParentNode().removeChild(elem);
PDPRequest requestForResponse = response.getRequest(); if (!response.isPermit()) { Target t = requestForResponse.getTarget(); String targetResource = t.getResource(); TargetItem responseItem = itemsCollection.getItem(targetResource); lManipulator.trimQueryLayer((String) responseItem.getAppItem()); } else if (response.hasObligations()) { Target t = requestForResponse.getTarget(); String targetResource = t.getResource(); TargetItem responseItem = itemsCollection.getItem(targetResource); lManipulator.handleObligations(response.getObligations(), (String) responseItem.getAppItem());
if (response.hasObligations() && response.getDecision() == PDPResponse.DECISION_PERMIT) { for (Obligation obligation : response.getObligations()) {
String resource = response.getRequest().getTarget().getResourceId(); if (!response.hasObligations()) { continue; for (Obligation obligation : response.getObligations()) { if (obligation.getId().equals(SOSInterceptorGlobals.OBLIGATION_BBOX)) { srs =
/** * @see org.n52.security.decision.DecisionService#request(PDPRequestCollection) */ public PDPResponseCollection request(final PDPRequestCollection reqCol) throws DecisionProcessingException { PDPResponseCollection respCol = new PDPResponseCollection(); Iterator itreq = reqCol.iterator(); while (itreq.hasNext()) { PDPRequest pdpRequest = (PDPRequest) itreq.next(); if (LOG.isDebugEnabled()) { LOG.debug("pdp request <" + pdpRequest + "> is permitted"); } respCol.add(new PDPResponse(PDPResponse.DECISION_PERMIT, pdpRequest)); } return respCol; } }
protected boolean isAccessPermitted( final WebSecurityProcessingContext securityCtx, final WebContext webCtx) { String resourceId = buildResourceId(webCtx); String actionId = buildActionId(webCtx.getRequest().getMethod()); Target target = buildPolicyTarget(securityCtx.getSubject(), resourceId, actionId); try { PDPResponseCollection respcol = m_decisionService.request(new PDPRequestCollection().add(new PDPRequest(target))); PDPResponse decision = (PDPResponse) respcol.iterator().next(); if (decision.isPermit()) { Collection<Obligation> obligations = decision.getObligations(); // we store the obligations ot fulfil in the context // TODO: create an obligation processor interface or the like? securityCtx.setSharedProcessingState("url.processing.obligations", obligations); return true; } return false; } catch (Throwable ex) { throw new WebSecurityProcessingException("error during policy decision processing of ressourceId <" + resourceId + "> action <" + actionId + "> blocking access!" + ex, ex); } }
while (resIterator.hasNext()) { PDPResponse response = resIterator.next(); if (!response.isPermit()) { nodesToRemove.add(member);
private void handleObligations(PDPResponse response) throws EnforcementServiceException { Collection lObligations = response.getObligations();
while (resIterator.hasNext()) { PDPResponse response = resIterator.next(); if (response.hasObligations()) { for (Obligation obligation : response.getObligations()) { if (obligation.getId().equals(SOSInterceptorGlobals.OBLIGATION_TIME)) { obligationBeginDate =
PDPResponse response = (PDPResponse) resIterator.next(); if (!response.isPermit()) { throw new EnforcementServiceException("Not allowed"); } else if (response.hasObligations()) { if (!isXMLRequest) { throw new EnforcementServiceException("Obligations via HTTP-Get are not supported");
/** * Responsible for storing new found responses in the cache. * * @param lastResponse * @param allRequestsLookup */ private void putInCache(final PDPResponseCollection responseCol, final Map<PDPRequest, PDPResponse> allRequestsLookup) { for (Iterator<PDPResponse> resIt = responseCol.iterator(); resIt.hasNext();) { PDPResponse resp = resIt.next(); // put in cache... store(resp.getRequest(), resp); allRequestsLookup.put(resp.getRequest(), resp); } }
PDPResponse response = resIterator.next(); PDPRequest requestForResponse = response.getRequest(); Target t = requestForResponse.getTarget(); String id = (String) allIds.getItem(t.getResourceId()).getAppItem(); if (response.isPermit()) { if (response.hasObligations() && response.getDecision() == PDPResponse.DECISION_PERMIT) { NodeList validGmlIdNl = ctxResponse PDPRequest requestForResponse = response.getRequest(); Target t = requestForResponse.getTarget(); String reponseElemId = (String) allIds.getItem(t.getResourceId()).getAppItem(); if (response.isPermit()) { if (response.hasObligations() && response.getDecision() == PDPResponse.DECISION_PERMIT) { if (!checkPositionWithObligation(response, foiChild)) { member.getParentNode().removeChild(member); PDPRequest requestForResponse = response.getRequest(); Target t = requestForResponse.getTarget(); String reponseElemId = (String) allIds.getItem(t.getResourceId()).getAppItem(); if (!response.isPermit()) { member.getParentNode().removeChild(member);
if (response.hasObligations() && response.getDecision() == PDPResponse.DECISION_PERMIT) { for (Obligation obligation : response.getObligations()) {
String resource = (String) allIds.getItem(response.getRequest().getTarget().getResourceId()).getAppItem(); if (!response.hasObligations()) { continue; for (Obligation obligation : response.getObligations()) { if (obligation.getId().equals(SOSInterceptorGlobals.OBLIGATION_TIME)) { beginDate =
public PDPResponseCollection request(PDPRequestCollection pdpReqCol) throws DecisionProcessingException { PDPResponseCollection resColl = new PDPResponseCollection(); LOG.info("PDP performs request"); Iterator it = pdpReqCol.iterator(); // iterate through request collection while (it.hasNext()) { PDPRequest request = (PDPRequest) it.next(); // only one target imaginable Target target = request.getTarget(); if (LOG.isDebugEnabled()) { LOG.debug(request); } int lPermission = permissionExists(target) ? PDPResponse.DECISION_PERMIT : PDPResponse.DECISION_DENY; PDPResponse response = new PDPResponse(lPermission, request); if (LOG.isDebugEnabled()) { LOG.debug(response); } resColl.add(response); } return resColl; }