public PDPRequestCollection(final PDPRequest pdpRequest) { this.add(pdpRequest); }
private PDPRequestCollection findNonCachedRequests(final PDPRequestCollection reqInCol, final Map<PDPRequest, PDPResponse> allRequestsLookup) { PDPRequestCollection reqcol = new PDPRequestCollection(); for (Iterator<PDPRequest> reqIt = reqInCol.iterator(); reqIt.hasNext();) { PDPRequest req = reqIt.next(); // here check for cache PDPResponse resp = lookUp(req); // if not in cache... if (resp == null) { reqcol.add(req); } // also add with null to ensure correct order! allRequestsLookup.put(req, resp); } return reqcol; }
/** * Check for open(unanswered) requests and the filling of the allResponse map. * * @param lastResponse * the last response of a single decision service. * @param allResponses * a insertion-ordered map of request to responses. * @return all open (undefined) requests. */ private PDPRequestCollection findOpenRequests(final PDPResponseCollection lastResponse, final Map<PDPRequest,PDPResponse> allResponses) { PDPRequestCollection reqcol = new PDPRequestCollection(); for (Iterator<PDPResponse> respIt = lastResponse.iterator(); respIt.hasNext();) { PDPResponse resp = respIt.next(); if (resp.isUndefined()) { reqcol.add(resp.getRequest()); } allResponses.put(resp.getRequest(), resp); } return reqcol; }
reqCollection.add(request);
reqCollection.add(request); ids.addItem(new TargetItem(prop, resourceId));
reqCollection.add(request); ids.addItem(new TargetItem(prop, resourceId));
reqCollection.add(pdpRequest);
reqCollection.add(request);
Target target = new Target(subject, resourceId, actionId); PDPRequest request = new PDPRequest(target); reqCollection.add(request);
Target tTarget = new Target(pSubject, (String) item.getTargetId(), actionId); PDPRequest request = new PDPRequest(tTarget); reqCollection.add(request);
Target target = new Target(subject, resourceId, actionId); PDPRequest request = new PDPRequest(target); reqCollection.add(request);
Target target = new Target(subject, resourceId, actionId); PDPRequest pdpRequest = new PDPRequest(target); reqCollection.add(pdpRequest);
Target target = new Target(subject, resourceId, actionId); PDPRequest request = new PDPRequest(target); reqCollection.add(request);
Target tTarget = new Target(pSubject, resourceId, actionId); PDPRequest request = new PDPRequest(tTarget); reqCollection.add(request);
Target target = new Target(subject, item.getTargetId(), actionId); PDPRequest pdprequest = new PDPRequest(target); reqCollection.add(pdprequest);
public SecuredServiceRequest doRequest(Subject subject, InterceptorRequest request) throws InterceptorException, EnforcementServiceException { LOG.debug("intercepting request"); SecuredServiceRequest req = request.getRequest(); PDPRequestCollection reqCollection = new PDPRequestCollection(); Target tTarget = new Target(subject, request.getRequest().getForward().getServiceEndpoint(), "*", "target:service"); PDPRequest pdprequest = new PDPRequest(tTarget); reqCollection.add(pdprequest); // Query PDP PDPResponseCollection resCollection = null; try { resCollection = getDecisionService().request(reqCollection); } catch (DecisionProcessingException e) { throw new InterceptorException("Error during pdp request:", e); } // Process PDP response and cut off every layer that is not allowed to // be accessed by GetMap Iterator resIterator = resCollection.iterator(); while (resIterator.hasNext()) { PDPResponse response = (PDPResponse) resIterator.next(); if (!response.isPermit()) { // Improve ExceptionHandling ! throw new EnforcementServiceException("Access to service denied"); } } return req; }
/** * Get the policy decision from PDP for target ids * * @param subject * the authentication information * @param allIds * targets to check * @param actionId * Operation id * @return policy decision from PDP */ private PDPResponseCollection getPolicyDecisionFromPDP(Subject subject, TargetItemCollection allIds, String actionId) { // Request a policy-decision for every id from the pdp PDPRequestCollection reqCollection = new PDPRequestCollection(); for (TargetItem item : allIds.getItems()) { Target target = new Target(subject, (String) item.getTargetId(), actionId); PDPRequest request = new PDPRequest(target); reqCollection.add(request); } return getDecisionService().request(reqCollection); }
/** * Get the policy decision from PDP for target ids * * @param subject * the authentication information * @param allIds * targets to check * @param actionId * Operation id * @return policy decision from PDP */ private PDPResponseCollection getPolicyDecisionFromPDP(Subject subject, TargetItemCollection allIds, String actionId) { // Request a policy-decision for every id from the pdp PDPRequestCollection reqCollection = new PDPRequestCollection(); for (TargetItem item : allIds.getItems()) { Target target = new Target(subject, (String) item.getTargetId(), actionId); PDPRequest request = new PDPRequest(target); reqCollection.add(request); } return getDecisionService().request(reqCollection); } }
/** * Get the policy decision from PDP for target ids * * @param subject * the authentication information * @param allIds * targets to check * @param actionId * Operation id * @return policy decision from PDP */ private PDPResponseCollection getPolicyDecisionFromPDP(Subject subject, TargetItemCollection allIds, String actionId) { // Request a policy-decision for every id from the pdp PDPRequestCollection reqCollection = new PDPRequestCollection(); for (TargetItem item : allIds.getItems()) { Target target = new Target(subject, (String) item.getTargetId(), actionId); PDPRequest request = new PDPRequest(target); reqCollection.add(request); } return getDecisionService().request(reqCollection); }
protected boolean isAccessPermitted( final WebSecurityProcessingContext securityCtx, final WebContext webCtx) { String resourceId = buildResourceId(webCtx); String actionId = buildActionId(webCtx.getRequest().getMethod()); Target target = buildPolicyTarget(securityCtx.getSubject(), resourceId, actionId); try { PDPResponseCollection respcol = m_decisionService.request(new PDPRequestCollection().add(new PDPRequest(target))); PDPResponse decision = (PDPResponse) respcol.iterator().next(); if (decision.isPermit()) { Collection<Obligation> obligations = decision.getObligations(); // we store the obligations ot fulfil in the context // TODO: create an obligation processor interface or the like? securityCtx.setSharedProcessingState("url.processing.obligations", obligations); return true; } return false; } catch (Throwable ex) { throw new WebSecurityProcessingException("error during policy decision processing of ressourceId <" + resourceId + "> action <" + actionId + "> blocking access!" + ex, ex); } }