private void store(final PDPRequest request, final PDPResponse resp) { if (m_stopped || m_maxCacheTime < 0) { return; } // store copy to ensure no memory leeks because of pdp responses/requests! CacheEntry entry = new CacheEntry(new PDPResponse(resp.getDecision(), new PDPRequest(new Target()), resp.getObligations())); String key = getCacheKey(request); synchronized (m_lock) { int size = m_decisionCache.size(); if (size > m_maxEntries) { // don't insert if limit is exceeded! return; } m_decisionCache.put(key, entry); } }
PDPRequest request = new PDPRequest(target); reqCollection.add(request);
PDPRequest request = new PDPRequest(target); reqCollection.add(request); ids.addItem(new TargetItem(prop, resourceId));
PDPRequest request = new PDPRequest(target); reqCollection.add(request); ids.addItem(new TargetItem(prop, resourceId));
PDPRequest request = new PDPRequest(target); reqCollection.add(request);
PDPRequest pdpRequest = new PDPRequest(target); reqCollection.add(pdpRequest);
for (TargetItem item : allIds.getItems()) { Target target = new Target(subject, item.getTargetId(), actionId); PDPRequest request = new PDPRequest(target); reqCollection.add(request);
PDPRequest request = new PDPRequest(target); reqCollection.add(request);
TargetItem item = (TargetItem) iterator.next(); Target tTarget = new Target(pSubject, (String) item.getTargetId(), actionId); PDPRequest request = new PDPRequest(tTarget); reqCollection.add(request);
reqCollection = new PDPRequestCollection(); Target target = new Target(subject, resourceId, actionId); PDPRequest request = new PDPRequest(target); reqCollection.add(request);
PDPRequest request = new PDPRequest(target); reqCollection.add(request);
PDPRequest pdpRequest = new PDPRequest(target); reqCollection.add(pdpRequest);
PDPRequest request = new PDPRequest(target); reqCollection.add(request);
itemsCollection.addItem(item); Target tTarget = new Target(pSubject, resourceId, actionId); PDPRequest request = new PDPRequest(tTarget); reqCollection.add(request);
for (TargetItem item : allProcessIdentifiers.getItems()) { Target target = new Target(subject, item.getTargetId(), actionId); PDPRequest pdprequest = new PDPRequest(target); reqCollection.add(pdprequest);
public SecuredServiceRequest doRequest(Subject subject, InterceptorRequest request) throws InterceptorException, EnforcementServiceException { LOG.debug("intercepting request"); SecuredServiceRequest req = request.getRequest(); PDPRequestCollection reqCollection = new PDPRequestCollection(); Target tTarget = new Target(subject, request.getRequest().getForward().getServiceEndpoint(), "*", "target:service"); PDPRequest pdprequest = new PDPRequest(tTarget); reqCollection.add(pdprequest); // Query PDP PDPResponseCollection resCollection = null; try { resCollection = getDecisionService().request(reqCollection); } catch (DecisionProcessingException e) { throw new InterceptorException("Error during pdp request:", e); } // Process PDP response and cut off every layer that is not allowed to // be accessed by GetMap Iterator resIterator = resCollection.iterator(); while (resIterator.hasNext()) { PDPResponse response = (PDPResponse) resIterator.next(); if (!response.isPermit()) { // Improve ExceptionHandling ! throw new EnforcementServiceException("Access to service denied"); } } return req; }
/** * Get the policy decision from PDP for target ids * * @param subject * the authentication information * @param allIds * targets to check * @param actionId * Operation id * @return policy decision from PDP */ private PDPResponseCollection getPolicyDecisionFromPDP(Subject subject, TargetItemCollection allIds, String actionId) { // Request a policy-decision for every id from the pdp PDPRequestCollection reqCollection = new PDPRequestCollection(); for (TargetItem item : allIds.getItems()) { Target target = new Target(subject, (String) item.getTargetId(), actionId); PDPRequest request = new PDPRequest(target); reqCollection.add(request); } return getDecisionService().request(reqCollection); }
/** * Get the policy decision from PDP for target ids * * @param subject * the authentication information * @param allIds * targets to check * @param actionId * Operation id * @return policy decision from PDP */ private PDPResponseCollection getPolicyDecisionFromPDP(Subject subject, TargetItemCollection allIds, String actionId) { // Request a policy-decision for every id from the pdp PDPRequestCollection reqCollection = new PDPRequestCollection(); for (TargetItem item : allIds.getItems()) { Target target = new Target(subject, (String) item.getTargetId(), actionId); PDPRequest request = new PDPRequest(target); reqCollection.add(request); } return getDecisionService().request(reqCollection); } }
/** * Get the policy decision from PDP for target ids * * @param subject * the authentication information * @param allIds * targets to check * @param actionId * Operation id * @return policy decision from PDP */ private PDPResponseCollection getPolicyDecisionFromPDP(Subject subject, TargetItemCollection allIds, String actionId) { // Request a policy-decision for every id from the pdp PDPRequestCollection reqCollection = new PDPRequestCollection(); for (TargetItem item : allIds.getItems()) { Target target = new Target(subject, (String) item.getTargetId(), actionId); PDPRequest request = new PDPRequest(target); reqCollection.add(request); } return getDecisionService().request(reqCollection); }
protected boolean isAccessPermitted( final WebSecurityProcessingContext securityCtx, final WebContext webCtx) { String resourceId = buildResourceId(webCtx); String actionId = buildActionId(webCtx.getRequest().getMethod()); Target target = buildPolicyTarget(securityCtx.getSubject(), resourceId, actionId); try { PDPResponseCollection respcol = m_decisionService.request(new PDPRequestCollection().add(new PDPRequest(target))); PDPResponse decision = (PDPResponse) respcol.iterator().next(); if (decision.isPermit()) { Collection<Obligation> obligations = decision.getObligations(); // we store the obligations ot fulfil in the context // TODO: create an obligation processor interface or the like? securityCtx.setSharedProcessingState("url.processing.obligations", obligations); return true; } return false; } catch (Throwable ex) { throw new WebSecurityProcessingException("error during policy decision processing of ressourceId <" + resourceId + "> action <" + actionId + "> blocking access!" + ex, ex); } }