/** * Responsible for storing new found responses in the cache. * * @param lastResponse * @param allRequestsLookup */ private void putInCache(final PDPResponseCollection responseCol, final Map<PDPRequest, PDPResponse> allRequestsLookup) { for (Iterator<PDPResponse> resIt = responseCol.iterator(); resIt.hasNext();) { PDPResponse resp = resIt.next(); // put in cache... store(resp.getRequest(), resp); allRequestsLookup.put(resp.getRequest(), resp); } }
/** * Check for open(unanswered) requests and the filling of the allResponse map. * * @param lastResponse * the last response of a single decision service. * @param allResponses * a insertion-ordered map of request to responses. * @return all open (undefined) requests. */ private PDPRequestCollection findOpenRequests(final PDPResponseCollection lastResponse, final Map<PDPRequest,PDPResponse> allResponses) { PDPRequestCollection reqcol = new PDPRequestCollection(); for (Iterator<PDPResponse> respIt = lastResponse.iterator(); respIt.hasNext();) { PDPResponse resp = respIt.next(); if (resp.isUndefined()) { reqcol.add(resp.getRequest()); } allResponses.put(resp.getRequest(), resp); } return reqcol; }
PDPResponseCollection resCollection = getPolicyDecisionFromPDP(subject, allIds, actionId); Iterator<PDPResponse> resIterator = resCollection.iterator(); while (resIterator.hasNext()) { PDPResponse response = resIterator.next();
Iterator<PDPResponse> resIterator = resCollection.iterator(); Set<String> notAllowedIds = new HashSet<String>(); while (resIterator.hasNext()) {
Iterator<PDPResponse> resIterator = resCollection.iterator();
Iterator<PDPResponse> resIterator = resCollection.iterator(); Set<String> allowedIds = new HashSet<String>(); while (resIterator.hasNext()) {
Iterator<PDPResponse> resIterator = resCollection.iterator();
Iterator<PDPResponse> resIterator = resCollection.iterator(); while (resIterator.hasNext()) { PDPResponse response = resIterator.next();
Iterator resIterator = resCollection.iterator(); while (resIterator.hasNext()) { PDPResponse response = (PDPResponse) resIterator.next();
Iterator<PDPResponse> resIterator = resCollection.iterator(); while (resIterator.hasNext()) { PDPResponse response = resIterator.next();
Iterator<PDPResponse> resIterator = resCollection.iterator();
Iterator resIterator = resCollection.iterator();
Iterator<PDPResponse> resIterator = resCollection.iterator();
Iterator<PDPResponse> resIterator = resCollection.iterator();
Iterator<PDPResponse> resIterator = resCollection.iterator();
Iterator resIterator = resCollection.iterator(); while (resIterator.hasNext()) { PDPResponse response = (PDPResponse) resIterator.next();
Iterator<PDPResponse> resIterator = resCollection.iterator();
Iterator resIterator = resCollection.iterator(); while (resIterator.hasNext()) { PDPResponse response = (PDPResponse) resIterator.next();
public SecuredServiceRequest doRequest(Subject subject, InterceptorRequest request) throws InterceptorException, EnforcementServiceException { LOG.debug("intercepting request"); SecuredServiceRequest req = request.getRequest(); PDPRequestCollection reqCollection = new PDPRequestCollection(); Target tTarget = new Target(subject, request.getRequest().getForward().getServiceEndpoint(), "*", "target:service"); PDPRequest pdprequest = new PDPRequest(tTarget); reqCollection.add(pdprequest); // Query PDP PDPResponseCollection resCollection = null; try { resCollection = getDecisionService().request(reqCollection); } catch (DecisionProcessingException e) { throw new InterceptorException("Error during pdp request:", e); } // Process PDP response and cut off every layer that is not allowed to // be accessed by GetMap Iterator resIterator = resCollection.iterator(); while (resIterator.hasNext()) { PDPResponse response = (PDPResponse) resIterator.next(); if (!response.isPermit()) { // Improve ExceptionHandling ! throw new EnforcementServiceException("Access to service denied"); } } return req; }
protected boolean isAccessPermitted( final WebSecurityProcessingContext securityCtx, final WebContext webCtx) { String resourceId = buildResourceId(webCtx); String actionId = buildActionId(webCtx.getRequest().getMethod()); Target target = buildPolicyTarget(securityCtx.getSubject(), resourceId, actionId); try { PDPResponseCollection respcol = m_decisionService.request(new PDPRequestCollection().add(new PDPRequest(target))); PDPResponse decision = (PDPResponse) respcol.iterator().next(); if (decision.isPermit()) { Collection<Obligation> obligations = decision.getObligations(); // we store the obligations ot fulfil in the context // TODO: create an obligation processor interface or the like? securityCtx.setSharedProcessingState("url.processing.obligations", obligations); return true; } return false; } catch (Throwable ex) { throw new WebSecurityProcessingException("error during policy decision processing of ressourceId <" + resourceId + "> action <" + actionId + "> blocking access!" + ex, ex); } }