/components/entitlement/org.wso2.carbon.identity.entitlement.ui/src/main/java/org/wso2/carbon/identity/entitlement/ui/util/PolicyEditorUtil.java
Java | 2959 lines | 2051 code | 447 blank | 461 comment | 746 complexity | e4b6f0779032c6e417550d9aed8b6459 MD5 | raw file
Possible License(s): Apache-2.0
Large files files are truncated, but you can click here to view the full file
- /*
- * Copyright (c) WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
- *
- * WSO2 Inc. licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except
- * in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
- package org.wso2.carbon.identity.entitlement.ui.util;
- import org.apache.axiom.om.OMElement;
- import org.apache.axiom.om.util.AXIOMUtil;
- import org.apache.commons.logging.Log;
- import org.apache.commons.logging.LogFactory;
- import org.w3c.dom.Document;
- import org.w3c.dom.Element;
- import org.wso2.balana.utils.Constants.PolicyConstants;
- import org.wso2.balana.utils.exception.PolicyBuilderException;
- import org.wso2.balana.utils.policy.PolicyBuilder;
- import org.wso2.balana.utils.policy.dto.*;
- import org.wso2.carbon.identity.entitlement.common.EntitlementConstants;
- import org.wso2.carbon.identity.entitlement.common.PolicyEditorEngine;
- import org.wso2.carbon.identity.entitlement.common.PolicyEditorException;
- import org.wso2.carbon.identity.entitlement.common.dto.PolicyEditorDataHolder;
- import org.wso2.carbon.identity.entitlement.ui.EntitlementPolicyConstants;
- import org.wso2.carbon.identity.entitlement.ui.EntitlementPolicyCreationException;
- import org.wso2.carbon.identity.entitlement.ui.PolicyEditorConstants;
- import org.wso2.carbon.identity.entitlement.ui.dto.*;
- import javax.xml.namespace.QName;
- import javax.xml.stream.XMLStreamException;
- import java.util.*;
- /**
- * Util class that helps to create the XACML policy which is defined by the XACML basic policy editor
- */
- public class PolicyEditorUtil {
- private static Log log = LogFactory.getLog(PolicyEditorUtil.class);
- /**
- * map of apply element w.r.t identifier
- */
- private static Map<String, ApplyElementDTO> applyElementMap = new HashMap<String, ApplyElementDTO>();
- /**
- * Create XACML policy with the simplest input attributes
- *
- * @param policyEditorDTO
- * @return
- * @throws PolicyEditorException
- */
- public static String createSOAPolicy(SimplePolicyEditorDTO policyEditorDTO) throws PolicyEditorException {
- BasicPolicyDTO basicPolicyDTO = new BasicPolicyDTO();
- BasicTargetDTO basicTargetDTO = null;
- List<BasicRuleDTO> ruleElementDTOs = new ArrayList<BasicRuleDTO>();
- PolicyEditorDataHolder holder = PolicyEditorEngine.getInstance().
- getPolicyEditorData(EntitlementConstants.PolicyEditor.RBAC);
- //create policy element
- basicPolicyDTO.setPolicyId(policyEditorDTO.getPolicyId());
- // setting rule combining algorithm
- basicPolicyDTO.setRuleAlgorithm(PolicyConstants.RuleCombiningAlog.FIRST_APPLICABLE_ID);
- basicPolicyDTO.setDescription(policyEditorDTO.getDescription());
- if (PolicyEditorConstants.SOA_CATEGORY_USER.equals(policyEditorDTO.getAppliedCategory())) {
- if (policyEditorDTO.getUserAttributeValue() != null &&
- !PolicyEditorConstants.FunctionIdentifier.ANY.
- equals(policyEditorDTO.getUserAttributeValue().trim())) {
- basicTargetDTO = new BasicTargetDTO();
- String selectedDataType = null;
- if (policyEditorDTO.getUserAttributeId() == null) {
- basicTargetDTO.setSubjectId(PolicyEditorConstants.SUBJECT_ID_DEFAULT);
- } else {
- basicTargetDTO.setSubjectId(holder.getAttributeIdUri(policyEditorDTO.getUserAttributeId()));
- if ((selectedDataType = holder.getDataTypeUriForAttribute(policyEditorDTO.getUserAttributeId())) != null) {
- basicTargetDTO.setSubjectDataType(selectedDataType);
- }
- }
- if (basicTargetDTO.getSubjectDataType() == null) {
- basicTargetDTO.setSubjectDataType(PolicyConstants.DataType.STRING);
- }
- String function = findFunction(policyEditorDTO.getUserAttributeValue(),
- basicTargetDTO.getSubjectDataType());
- String value = findAttributeValue(policyEditorDTO.getUserAttributeValue());
- basicTargetDTO.setSubjectList(value);
- basicTargetDTO.setFunctionOnSubjects(function);
- }
- List<SimplePolicyEditorElementDTO> elementDTOs = policyEditorDTO.getSimplePolicyEditorElementDTOs();
- if (elementDTOs != null) {
- int ruleNo = 1;
- for (SimplePolicyEditorElementDTO dto : elementDTOs) {
- BasicRuleDTO ruleElementDTO = new BasicRuleDTO();
- if (dto.getResourceValue() != null && dto.getResourceValue().trim().length() > 0 &&
- !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getResourceValue().trim())) {
- addResourceElement(ruleElementDTO, dto);
- }
- if (dto.getActionValue() != null && dto.getActionValue().trim().length() > 0 &&
- !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getActionValue().trim())) {
- addActionElement(ruleElementDTO, dto);
- }
- if (dto.getEnvironmentValue() != null && dto.getEnvironmentValue().trim().length() > 0 &&
- !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getEnvironmentValue().trim())) {
- addEnvironmentElement(ruleElementDTO, dto);
- }
- ruleElementDTO.setRuleEffect(PolicyEditorConstants.RULE_EFFECT_PERMIT);
- ruleElementDTO.setRuleId("Rule-" + ruleNo);
- ruleElementDTOs.add(ruleElementDTO);
- ruleNo++;
- }
- BasicRuleDTO ruleElementDTO = new BasicRuleDTO();
- ruleElementDTO.setRuleId("Deny-Rule");
- ruleElementDTO.setRuleEffect(PolicyEditorConstants.RULE_EFFECT_DENY);
- ruleElementDTOs.add(ruleElementDTO);
- }
- } else if (PolicyEditorConstants.SOA_CATEGORY_RESOURCE.equals(policyEditorDTO.getAppliedCategory())) {
- if (policyEditorDTO.getResourceValue() != null &&
- !PolicyEditorConstants.FunctionIdentifier.ANY.equals(policyEditorDTO.getResourceValue().trim())) {
- basicTargetDTO = new BasicTargetDTO();
- basicTargetDTO.setResourceId(PolicyEditorConstants.RESOURCE_ID_DEFAULT);
- basicTargetDTO.setResourceDataType(PolicyConstants.DataType.STRING);
- String function = findFunction(policyEditorDTO.getResourceValue(),
- basicTargetDTO.getResourceDataType());
- String value = findAttributeValue(policyEditorDTO.getResourceValue());
- basicTargetDTO.setResourceList(value);
- basicTargetDTO.setFunctionOnResources(function);
- }
- List<SimplePolicyEditorElementDTO> elementDTOs = policyEditorDTO.getSimplePolicyEditorElementDTOs();
- if (elementDTOs != null) {
- int ruleNo = 1;
- for (SimplePolicyEditorElementDTO dto : elementDTOs) {
- BasicRuleDTO ruleElementDTO = new BasicRuleDTO();
- if (dto.getResourceValue() != null && dto.getResourceValue().trim().length() > 0 &&
- !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getResourceValue().trim())) {
- addResourceElement(ruleElementDTO, dto);
- }
- if (dto.getUserAttributeValue() != null && dto.getUserAttributeValue().trim().length() > 0 &&
- !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getUserAttributeValue().trim())) {
- addSubjectElement(ruleElementDTO, dto);
- }
- if (dto.getActionValue() != null && dto.getActionValue().trim().length() > 0 &&
- !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getActionValue().trim())) {
- addActionElement(ruleElementDTO, dto);
- }
- if (dto.getEnvironmentValue() != null && dto.getEnvironmentValue().trim().length() > 0 &&
- !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getEnvironmentValue().trim())) {
- addEnvironmentElement(ruleElementDTO, dto);
- }
- ruleElementDTO.setRuleEffect(PolicyEditorConstants.RULE_EFFECT_PERMIT);
- ruleElementDTO.setRuleId("Rule-" + ruleNo);
- ruleElementDTOs.add(ruleElementDTO);
- ruleNo++;
- }
- BasicRuleDTO ruleElementDTO = new BasicRuleDTO();
- ruleElementDTO.setRuleId("Deny-Rule");
- ruleElementDTO.setRuleEffect(PolicyEditorConstants.RULE_EFFECT_DENY);
- ruleElementDTOs.add(ruleElementDTO);
- }
- } else if (PolicyEditorConstants.SOA_CATEGORY_ACTION.equals(policyEditorDTO.getAppliedCategory())) {
- if (policyEditorDTO.getActionValue() != null &&
- !PolicyEditorConstants.FunctionIdentifier.ANY.equals(policyEditorDTO.getActionValue().trim())) {
- basicTargetDTO = new BasicTargetDTO();
- basicTargetDTO.setActionId(PolicyEditorConstants.ACTION_ID_DEFAULT);
- basicTargetDTO.setActionDataType(PolicyConstants.DataType.STRING);
- String function = findFunction(policyEditorDTO.getActionValue(),
- basicTargetDTO.getActionDataType());
- String value = findAttributeValue(policyEditorDTO.getActionValue());
- basicTargetDTO.setActionList(value);
- basicTargetDTO.setFunctionOnActions(function);
- }
- List<SimplePolicyEditorElementDTO> elementDTOs = policyEditorDTO.getSimplePolicyEditorElementDTOs();
- if (elementDTOs != null) {
- int ruleNo = 1;
- for (SimplePolicyEditorElementDTO dto : elementDTOs) {
- BasicRuleDTO ruleElementDTO = new BasicRuleDTO();
- if (dto.getResourceValue() != null && dto.getResourceValue().trim().length() > 0 &&
- !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getResourceValue().trim())) {
- addResourceElement(ruleElementDTO, dto);
- }
- if (dto.getUserAttributeValue() != null && dto.getUserAttributeValue().trim().length() > 0 &&
- !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getUserAttributeValue().trim())) {
- addSubjectElement(ruleElementDTO, dto);
- }
- if (dto.getEnvironmentValue() != null && dto.getEnvironmentValue().trim().length() > 0 &&
- !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getEnvironmentValue().trim())) {
- addEnvironmentElement(ruleElementDTO, dto);
- }
- ruleElementDTO.setRuleEffect(PolicyEditorConstants.RULE_EFFECT_PERMIT);
- ruleElementDTO.setRuleId("Rule-" + ruleNo);
- ruleElementDTOs.add(ruleElementDTO);
- ruleNo++;
- }
- BasicRuleDTO ruleElementDTO = new BasicRuleDTO();
- ruleElementDTO.setRuleId("Deny-Rule");
- ruleElementDTO.setRuleEffect(PolicyEditorConstants.RULE_EFFECT_DENY);
- ruleElementDTOs.add(ruleElementDTO);
- }
- } else if (PolicyEditorConstants.SOA_CATEGORY_ENVIRONMENT.equals(policyEditorDTO.getAppliedCategory())) {
- if (policyEditorDTO.getEnvironmentValue() != null &&
- !PolicyEditorConstants.FunctionIdentifier.ANY.equals(policyEditorDTO.getEnvironmentValue().trim())) {
- basicTargetDTO = new BasicTargetDTO();
- String selectedDataType = null;
- if (policyEditorDTO.getEnvironmentId() == null) {
- basicTargetDTO.setEnvironmentId(PolicyEditorConstants.ENVIRONMENT_ID_DEFAULT);
- } else {
- basicTargetDTO.setEnvironmentId(holder.getAttributeIdUri(policyEditorDTO.getEnvironmentId()));
- if ((selectedDataType = holder.getDataTypeUriForAttribute(policyEditorDTO.getEnvironmentId())) != null) {
- basicTargetDTO.setEnvironmentDataType(selectedDataType);
- }
- }
- if (basicTargetDTO.getEnvironmentDataType() == null) {
- basicTargetDTO.setEnvironmentDataType(PolicyConstants.DataType.STRING);
- }
- String function = findFunction(policyEditorDTO.getEnvironmentValue(),
- basicTargetDTO.getEnvironmentDataType());
- String value = findAttributeValue(policyEditorDTO.getEnvironmentValue());
- basicTargetDTO.setEnvironmentList(value);
- basicTargetDTO.setFunctionOnEnvironment(function);
- }
- List<SimplePolicyEditorElementDTO> elementDTOs = policyEditorDTO.getSimplePolicyEditorElementDTOs();
- if (elementDTOs != null) {
- int ruleNo = 1;
- for (SimplePolicyEditorElementDTO dto : elementDTOs) {
- BasicRuleDTO ruleElementDTO = new BasicRuleDTO();
- if (dto.getResourceValue() != null && dto.getResourceValue().trim().length() > 0 &&
- !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getResourceValue().trim())) {
- addResourceElement(ruleElementDTO, dto);
- }
- if (dto.getUserAttributeValue() != null && dto.getUserAttributeValue().trim().length() > 0 &&
- !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getUserAttributeValue().trim())) {
- addSubjectElement(ruleElementDTO, dto);
- }
- if (dto.getActionValue() != null && dto.getActionValue().trim().length() > 0 &&
- !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getActionValue().trim())) {
- addActionElement(ruleElementDTO, dto);
- }
- ruleElementDTO.setRuleEffect(PolicyEditorConstants.RULE_EFFECT_PERMIT);
- ruleElementDTO.setRuleId("Rule-" + ruleNo);
- ruleElementDTOs.add(ruleElementDTO);
- ruleNo++;
- }
- BasicRuleDTO ruleElementDTO = new BasicRuleDTO();
- ruleElementDTO.setRuleId("Deny-Rule");
- ruleElementDTO.setRuleEffect(PolicyEditorConstants.RULE_EFFECT_DENY);
- ruleElementDTOs.add(ruleElementDTO);
- }
- }
- if (basicTargetDTO != null) {
- basicPolicyDTO.setTargetDTO(basicTargetDTO);
- }
- if (ruleElementDTOs.size() > 0) {
- basicPolicyDTO.setBasicRuleDTOs(ruleElementDTOs);
- }
- try {
- return PolicyBuilder.getInstance().build(basicPolicyDTO);
- } catch (PolicyBuilderException e) {
- log.error(e);
- throw new PolicyEditorException("Error while building policy");
- }
- }
- /**
- * Helper method to create SOA policy
- *
- * @param ruleElementDTO
- * @param editorElementDTO
- */
- private static void addResourceElement(BasicRuleDTO ruleElementDTO,
- SimplePolicyEditorElementDTO editorElementDTO) {
- ruleElementDTO.setResourceId(PolicyEditorConstants.RESOURCE_ID_DEFAULT);
- ruleElementDTO.setResourceDataType(PolicyConstants.DataType.STRING);
- String function = findFunction(editorElementDTO.getResourceValue(),
- ruleElementDTO.getResourceDataType());
- String value = findAttributeValue(editorElementDTO.getResourceValue());
- ruleElementDTO.setResourceList(value);
- ruleElementDTO.setFunctionOnResources(function);
- }
- /**
- * Helper method to create SOA policy
- *
- * @param ruleElementDTO
- * @param editorElementDTO
- */
- private static void addSubjectElement(BasicRuleDTO ruleElementDTO,
- SimplePolicyEditorElementDTO editorElementDTO) {
- String selectedDataType = null;
- PolicyEditorDataHolder holder = PolicyEditorEngine.getInstance().
- getPolicyEditorData(EntitlementConstants.PolicyEditor.RBAC);
- if (editorElementDTO.getUserAttributeId() == null) {
- ruleElementDTO.setSubjectId(PolicyEditorConstants.SUBJECT_ID_DEFAULT);
- } else {
- ruleElementDTO.setSubjectId(holder.getAttributeIdUri(editorElementDTO.getUserAttributeId()));
- if ((selectedDataType = holder.getDataTypeUriForAttribute(editorElementDTO.getUserAttributeId())) != null) {
- ruleElementDTO.setSubjectDataType(selectedDataType);
- }
- }
- if (ruleElementDTO.getSubjectDataType() == null) {
- ruleElementDTO.setSubjectDataType(PolicyConstants.DataType.STRING);
- }
- String function = findFunction(editorElementDTO.getUserAttributeValue(),
- ruleElementDTO.getSubjectDataType());
- String value = findAttributeValue(editorElementDTO.getUserAttributeValue());
- ruleElementDTO.setSubjectList(value);
- ruleElementDTO.setFunctionOnSubjects(function);
- }
- /**
- * Helper method to create SOA policy
- *
- * @param ruleElementDTO
- * @param editorElementDTO
- */
- private static void addActionElement(BasicRuleDTO ruleElementDTO,
- SimplePolicyEditorElementDTO editorElementDTO) {
- ruleElementDTO.setActionId(PolicyEditorConstants.ACTION_ID_DEFAULT);
- ruleElementDTO.setActionDataType(PolicyConstants.DataType.STRING);
- String function = findFunction(editorElementDTO.getActionValue(),
- ruleElementDTO.getActionDataType());
- String value = findAttributeValue(editorElementDTO.getActionValue());
- ruleElementDTO.setActionList(value);
- ruleElementDTO.setFunctionOnActions(function);
- }
- /**
- * Helper method to create SOA policy
- *
- * @param ruleElementDTO
- * @param editorElementDTO
- */
- private static void addEnvironmentElement(BasicRuleDTO ruleElementDTO,
- SimplePolicyEditorElementDTO editorElementDTO) {
- String selectedDataType = null;
- PolicyEditorDataHolder holder = PolicyEditorEngine.getInstance().
- getPolicyEditorData(EntitlementConstants.PolicyEditor.RBAC);
- if (editorElementDTO.getEnvironmentId() == null) {
- ruleElementDTO.setEnvironmentId(PolicyEditorConstants.ENVIRONMENT_ID_DEFAULT);
- } else {
- ruleElementDTO.setEnvironmentId(holder.getAttributeIdUri(editorElementDTO.getEnvironmentId()));
- if ((selectedDataType = holder.getDataTypeUriForAttribute(editorElementDTO.getEnvironmentId())) != null) {
- ruleElementDTO.setEnvironmentDataType(selectedDataType);
- }
- }
- if (ruleElementDTO.getEnvironmentDataType() == null) {
- ruleElementDTO.setEnvironmentDataType(PolicyConstants.DataType.STRING);
- }
- String function = findFunction(editorElementDTO.getEnvironmentValue(),
- ruleElementDTO.getEnvironmentDataType());
- String value = findAttributeValue(editorElementDTO.getEnvironmentValue());
- ruleElementDTO.setEnvironmentDataType(ruleElementDTO.getEnvironmentDataType());
- ruleElementDTO.setEnvironmentList(value);
- ruleElementDTO.setFunctionOnEnvironment(function);
- }
- /**
- * Helper method to create SOA policy
- *
- * @param value
- * @param dataType
- * @return
- */
- private static String findFunction(String value, String dataType) {
- if (value == null) {
- return PolicyConstants.Functions.FUNCTION_EQUAL;
- }
- value = value.replace(">", ">");
- value = value.replace("<", "<");
- // only time range finction are valid for following data types
- if (PolicyConstants.DataType.DATE.equals(dataType) ||
- PolicyConstants.DataType.INT.equals(dataType) ||
- PolicyConstants.DataType.TIME.equals(dataType) ||
- PolicyConstants.DataType.DATE_TIME.equals(dataType) ||
- PolicyConstants.DataType.DOUBLE.equals(dataType) ||
- PolicyConstants.DataType.STRING.equals(dataType)) {
- if (value.startsWith(PolicyEditorConstants.FunctionIdentifier.EQUAL_RANGE)) {
- if (value.contains(PolicyEditorConstants.FunctionIdentifier.RANGE_CLOSE)) {
- return PolicyConstants.Functions.FUNCTION_GREATER_EQUAL_AND_LESS;
- } else {
- return PolicyConstants.Functions.FUNCTION_GREATER_EQUAL_AND_LESS_EQUAL;
- }
- }
- if (value.startsWith(PolicyEditorConstants.FunctionIdentifier.RANGE)) {
- if (value.contains(PolicyEditorConstants.FunctionIdentifier.EQUAL_RANGE_CLOSE)) {
- return PolicyConstants.Functions.FUNCTION_GREATER_AND_LESS_EQUAL;
- } else {
- return PolicyConstants.Functions.FUNCTION_GREATER_AND_LESS;
- }
- }
- if (value.startsWith(PolicyEditorConstants.FunctionIdentifier.GREATER)) {
- return PolicyConstants.Functions.FUNCTION_GREATER;
- } else if (value.startsWith(PolicyEditorConstants.FunctionIdentifier.GREATER_EQUAL)) {
- return PolicyConstants.Functions.FUNCTION_GREATER_EQUAL;
- } else if (value.startsWith(PolicyEditorConstants.FunctionIdentifier.LESS)) {
- return PolicyConstants.Functions.FUNCTION_LESS;
- } else if (value.startsWith(PolicyEditorConstants.FunctionIdentifier.LESS_EQUAL)) {
- return PolicyConstants.Functions.FUNCTION_LESS_EQUAL;
- }
- }
- if (value.startsWith(PolicyEditorConstants.FunctionIdentifier.REGEX)) {
- return PolicyConstants.Functions.FUNCTION_EQUAL_MATCH_REGEXP;
- }
- if (value.contains(PolicyEditorConstants.FunctionIdentifier.OR)) {
- return PolicyConstants.Functions.FUNCTION_AT_LEAST_ONE;
- }
- if (value.contains(PolicyEditorConstants.FunctionIdentifier.AND)) {
- return PolicyConstants.Functions.FUNCTION_SET_EQUALS;
- }
- return PolicyConstants.Functions.FUNCTION_EQUAL;
- }
- /**
- * Helper method to create SOA policy
- *
- * @param value
- * @return
- */
- private static String findAttributeValue(String value) {
- if (value == null) {
- return null;
- }
- value = value.replace(">", ">");
- value = value.replace("<", "<");
- if (value.startsWith(PolicyEditorConstants.FunctionIdentifier.EQUAL_RANGE) ||
- value.startsWith(PolicyEditorConstants.FunctionIdentifier.RANGE) ||
- value.startsWith(PolicyEditorConstants.FunctionIdentifier.REGEX)) {
- return value.substring(1, value.length() - 1).trim();
- } else if (value.startsWith(PolicyEditorConstants.FunctionIdentifier.GREATER) ||
- value.startsWith(PolicyEditorConstants.FunctionIdentifier.LESS)) {
- return value.substring(1).trim();
- } else if (value.startsWith(PolicyEditorConstants.FunctionIdentifier.GREATER_EQUAL) ||
- value.startsWith(PolicyEditorConstants.FunctionIdentifier.LESS_EQUAL)) {
- return value.substring(2).trim();
- }
- if (value.contains(PolicyEditorConstants.FunctionIdentifier.AND)) {
- value = value.replace(PolicyEditorConstants.FunctionIdentifier.AND,
- PolicyEditorConstants.ATTRIBUTE_SEPARATOR);
- }
- if (value.contains(PolicyEditorConstants.FunctionIdentifier.OR)) {
- value = value.replace(PolicyEditorConstants.FunctionIdentifier.OR,
- PolicyEditorConstants.ATTRIBUTE_SEPARATOR);
- }
- return value.trim();
- }
- // TODO for what?
- // public static String createRules(List<SimplePolicyEditorElementDTO> elementDTOs, Document doc)
- // throws PolicyEditorException {
- //
- // List<BasicRuleDTO> ruleElementDTOs = new ArrayList<BasicRuleDTO>();
- // if(elementDTOs != null){
- // int ruleNo = 1;
- // for(SimplePolicyEditorElementDTO dto : elementDTOs){
- // BasicRuleDTO ruleElementDTO = new BasicRuleDTO();
- //
- // if(dto.getResourceValue() != null && dto.getResourceValue().trim().length() > 0 &&
- // !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getResourceValue().trim())){
- // ruleElementDTO.setResourceDataType(PolicyEditorConstants.DataType.STRING);
- // ruleElementDTO.setResourceId(PolicyEditorConstants.RESOURCE_ID_DEFAULT);
- // ruleElementDTO.setResourceList(dto.getResourceValue());
- // ruleElementDTO.setFunctionOnResources(getBasicPolicyEditorFunction(dto.
- // getFunctionOnResources()));
- // }
- //
- // if(dto.getUserAttributeValue() != null && dto.getUserAttributeValue().trim().length() > 0 &&
- // !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getUserAttributeValue().trim())){
- // ruleElementDTO.setSubjectDataType(PolicyEditorConstants.DataType.STRING);
- // ruleElementDTO.setSubjectId(dto.getUserAttributeId());
- // ruleElementDTO.setSubjectList(dto.getUserAttributeValue());
- // ruleElementDTO.setFunctionOnSubjects(getBasicPolicyEditorFunction(dto.
- // getFunctionOnUsers()));
- // }
- //
- // if(dto.getActionValue() != null && dto.getActionValue().trim().length() > 0 &&
- // !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getActionValue().trim())){
- // ruleElementDTO.setActionDataType(PolicyEditorConstants.DataType.STRING);
- // ruleElementDTO.setActionList(dto.getActionValue());
- // ruleElementDTO.setActionId(PolicyEditorConstants.ACTION_ID_DEFAULT);
- // ruleElementDTO.setFunctionOnActions(getBasicPolicyEditorFunction(dto.
- // getFunctionOnActions()));
- // }
- //
- // if(dto.getEnvironmentValue() != null && dto.getEnvironmentValue().trim().length() > 0 &&
- // !PolicyEditorConstants.FunctionIdentifier.ANY.equals(dto.getEnvironmentValue().trim())){
- // ruleElementDTO.setEnvironmentId(dto.getEnvironmentId());
- // ruleElementDTO.setEnvironmentList(dto.getEnvironmentValue());
- // ruleElementDTO.setEnvironmentDataType(PolicyEditorConstants.DataType.STRING);
- // ruleElementDTO.setFunctionOnEnvironment(getBasicPolicyEditorFunction(dto.
- // getFunctionOnEnvironments()));
- // }
- //
- // if(dto.getOperationType() != null && PolicyEditorConstants.PreFunctions.CAN_DO.
- // equals(dto.getOperationType().trim())){
- // ruleElementDTO.setRuleEffect(PolicyEditorConstants.RULE_EFFECT_PERMIT);
- // } else {
- // ruleElementDTO.setRuleEffect(PolicyEditorConstants.RULE_EFFECT_DENY);
- // }
- // ruleElementDTO.setRuleId("Rule-" + System.currentTimeMillis() + "-" + ruleNo);
- // ruleElementDTOs.add(ruleElementDTO);
- // ruleNo ++;
- // }
- // }
- //
- // if(ruleElementDTOs.size() > 0){
- // for(BasicRuleDTO dto : ruleElementDTOs){
- // Element rule = null;
- // try {
- // rule = BasicPolicyHelper.createRuleElement(dto, doc);
- // } catch (PolicyBuilderException e) {
- // throw new PolicyEditorException("Error while creating rule element");
- // }
- // doc.appendChild(rule);
- // }
- // }
- //
- // return PolicyCreatorUtil.getStringFromDocument(doc);
- // }
- /**
- * Creates DOM representation of the XACML rule element.
- *
- * @param ruleDTO RuleDTO
- * @return
- * @throws PolicyEditorException throws
- */
- public static RuleElementDTO createRuleElementDTO(RuleDTO ruleDTO) throws PolicyEditorException {
- RuleElementDTO ruleElementDTO = new RuleElementDTO();
- ruleElementDTO.setRuleId(ruleDTO.getRuleId());
- ruleElementDTO.setRuleEffect(ruleDTO.getRuleEffect());
- TargetDTO targetDTO = ruleDTO.getTargetDTO();
- List<ExtendAttributeDTO> dynamicAttributeDTOs = ruleDTO.getAttributeDTOs();
- List<ObligationDTO> obligationDTOs = ruleDTO.getObligationDTOs();
- if (dynamicAttributeDTOs != null && dynamicAttributeDTOs.size() > 0) {
- Map<String, ExtendAttributeDTO> dtoMap = new HashMap<String, ExtendAttributeDTO>();
- //1st creating map of dynamic attribute elements
- for (ExtendAttributeDTO dto : dynamicAttributeDTOs) {
- dtoMap.put("${" + dto.getId().trim() + "}", dto);
- }
- //creating map of apply element with identifier
- for (ExtendAttributeDTO dto : dynamicAttributeDTOs) {
- ApplyElementDTO applyElementDTO = createApplyElement(dto, dtoMap);
- if (applyElementDTO == null) {
- continue;
- }
- applyElementMap.put("${" + dto.getId().trim() + "}", applyElementDTO);
- }
- }
- if (targetDTO != null && targetDTO.getRowDTOList() != null && targetDTO.getRowDTOList().size() > 0) {
- TargetElementDTO targetElementDTO = createTargetElementDTO(ruleDTO.getTargetDTO());
- if (targetElementDTO != null) {
- ruleElementDTO.setTargetElementDTO(targetElementDTO);
- }
- }
- if (ruleDTO.getRowDTOList() != null && ruleDTO.getRowDTOList().size() > 0) {
- ConditionElementDT0 conditionElementDT0 = createConditionDTO(ruleDTO.getRowDTOList());
- if (conditionElementDT0 != null) {
- ruleElementDTO.setConditionElementDT0(conditionElementDT0);
- }
- }
- if (obligationDTOs != null && obligationDTOs.size() > 0) {
- for (ObligationDTO obligationDTO : obligationDTOs) {
- ObligationElementDTO elementDTO = createObligationElement(obligationDTO);
- if (elementDTO != null) {
- ruleElementDTO.addObligationElementDTO(elementDTO);
- }
- }
- }
- return ruleElementDTO;
- }
- /**
- * creates DOM representation of the XACML obligation/advice element.
- *
- * @param obligationDTOs List of ObligationDTO
- * @return
- * @throws PolicyEditorException throws
- */
- public static List<ObligationElementDTO> createObligation(List<ObligationDTO> obligationDTOs)
- throws PolicyEditorException {
- List<ObligationElementDTO> obligationElementDTOs = new ArrayList<ObligationElementDTO>();
- List<Element> returnList = new ArrayList<Element>();
- if (obligationDTOs != null) {
- for (ObligationDTO obligationDTO : obligationDTOs) {
- ObligationElementDTO elementDTO = createObligationElement(obligationDTO);
- if (elementDTO != null) {
- obligationElementDTOs.add(elementDTO);
- }
- }
- }
- return obligationElementDTOs;
- }
- /**
- * @param dynamicAttributeDTO
- * @param map
- * @return
- */
- private static ApplyElementDTO createApplyElement(ExtendAttributeDTO dynamicAttributeDTO,
- Map<String, ExtendAttributeDTO> map) {
- if (PolicyEditorConstants.DYNAMIC_SELECTOR_CATEGORY.equals(dynamicAttributeDTO.getSelector())) {
- String category = dynamicAttributeDTO.getCategory();
- String attributeId = dynamicAttributeDTO.getAttributeId();
- String attributeDataType = dynamicAttributeDTO.getDataType();
- if (category != null && category.trim().length() > 0 && attributeDataType != null &&
- attributeDataType.trim().length() > 0) {
- AttributeDesignatorDTO designatorDTO = new AttributeDesignatorDTO();
- designatorDTO.setCategory(category);
- designatorDTO.setAttributeId(attributeId);
- designatorDTO.setDataType(attributeDataType);
- designatorDTO.setMustBePresent("true");
- ApplyElementDTO applyElementDTO = new ApplyElementDTO();
- applyElementDTO.setAttributeDesignators(designatorDTO);
- applyElementDTO.setFunctionId(processFunction("bag", attributeDataType));
- return applyElementDTO;
- }
- } else {
- String function = dynamicAttributeDTO.getFunction();
- String attributeValue = dynamicAttributeDTO.getAttributeValue();
- String attributeId = dynamicAttributeDTO.getAttributeId();
- String attributeDataType = dynamicAttributeDTO.getDataType();
- if (attributeValue != null && function != null) {
- String[] values = attributeValue.split(",");
- if (values != null && values.length > 0) {
- if (function.contains("concatenate")) {
- ApplyElementDTO applyElementDTO = new ApplyElementDTO();
- applyElementDTO.setFunctionId(processFunction(function, attributeDataType, "2.0"));
- // there can be any number of inputs
- for (String value : values) {
- if (map.containsKey(value)) {
- applyElementDTO.setApplyElement(createApplyElement(map.get(value), map));
- } else {
- AttributeValueElementDTO valueElementDTO = new AttributeValueElementDTO();
- valueElementDTO.setAttributeDataType(attributeDataType);
- valueElementDTO.setAttributeValue(value);
- applyElementDTO.setAttributeValueElementDTO(valueElementDTO);
- }
- }
- return applyElementDTO;
- }
- }
- }
- }
- return null;
- }
- private static ObligationElementDTO createObligationElement(ObligationDTO obligationDTO) {
- String id = obligationDTO.getObligationId();
- String effect = obligationDTO.getEffect();
- String type = obligationDTO.getType();
- if (id != null && id.trim().length() > 0 && effect != null) {
- ObligationElementDTO elementDTO = new ObligationElementDTO();
- elementDTO.setId(id);
- elementDTO.setEffect(effect);
- if ("Advice".equals(type)) {
- elementDTO.setType(ObligationElementDTO.ADVICE);
- } else {
- elementDTO.setType(ObligationElementDTO.OBLIGATION);
- }
- String attributeValue = obligationDTO.getAttributeValue();
- String attributeDataType = obligationDTO.getAttributeValueDataType();
- String resultingAttributeId = obligationDTO.getResultAttributeId();
- if (attributeValue != null && attributeValue.trim().length() > 0 &&
- resultingAttributeId != null && resultingAttributeId.trim().length() > 0) {
- AttributeAssignmentElementDTO assignmentElementDTO = new
- AttributeAssignmentElementDTO();
- assignmentElementDTO.setAttributeId(resultingAttributeId);
- if (attributeValue.contains(",")) {
- String[] values = attributeValue.split(",");
- ApplyElementDTO applyElementDTO = new ApplyElementDTO();
- applyElementDTO.setFunctionId(processFunction("bag", attributeDataType));
- for (String value : values) {
- if (applyElementMap.containsKey(value)) {
- applyElementDTO.setApplyElement(applyElementMap.get(value));
- } else {
- AttributeValueElementDTO valueElementDTO = new AttributeValueElementDTO();
- valueElementDTO.setAttributeDataType(attributeDataType);
- valueElementDTO.setAttributeValue(value);
- applyElementDTO.setAttributeValueElementDTO(valueElementDTO);
- }
- }
- assignmentElementDTO.setApplyElementDTO(applyElementDTO);
- } else {
- if (applyElementMap.containsKey(attributeValue)) {
- assignmentElementDTO.setApplyElementDTO(applyElementMap.get(attributeValue));
- } else {
- AttributeValueElementDTO valueElementDTO = new AttributeValueElementDTO();
- valueElementDTO.setAttributeDataType(attributeDataType);
- valueElementDTO.setAttributeValue(attributeValue);
- assignmentElementDTO.setValueElementDTO(valueElementDTO);
- }
- }
- elementDTO.addAssignmentElementDTO(assignmentElementDTO);
- }
- return elementDTO;
- }
- return null;
- }
- /**
- * Creates <code>ConditionElementDT0</code> Object that represents the XACML Condition element
- *
- * @param rowDTOs
- * @return
- * @throws PolicyEditorException
- */
- public static ConditionElementDT0 createConditionDTO(List<RowDTO> rowDTOs) throws PolicyEditorException {
- ConditionElementDT0 rootApplyDTO = new ConditionElementDT0();
- ArrayList<RowDTO> temp = new ArrayList<RowDTO>();
- Set<ArrayList<RowDTO>> listSet = new HashSet<ArrayList<RowDTO>>();
- for (int i = 0; i < rowDTOs.size(); i++) {
- if (i == 0) {
- temp.add(rowDTOs.get(0));
- continue;
- }
- String combineFunction = rowDTOs.get(i - 1).getCombineFunction();
- if (PolicyEditorConstants.COMBINE_FUNCTION_AND.equals(combineFunction)) {
- temp.add(rowDTOs.get(i));
- }
- if (PolicyEditorConstants.COMBINE_FUNCTION_OR.equals(combineFunction)) {
- listSet.add(temp);
- temp = new ArrayList<RowDTO>();
- temp.add(rowDTOs.get(i));
- }
- }
- listSet.add(temp);
- if (listSet.size() > 1) {
- ApplyElementDTO orApplyDTO = new ApplyElementDTO();
- orApplyDTO.setFunctionId(processFunction("or"));
- for (ArrayList<RowDTO> rowDTOArrayList : listSet) {
- if (rowDTOArrayList.size() > 1) {
- ApplyElementDTO andApplyDTO = new ApplyElementDTO();
- andApplyDTO.setFunctionId(processFunction("and"));
- for (RowDTO rowDTO : rowDTOArrayList) {
- ApplyElementDTO applyElementDTO = createApplyElement(rowDTO);
- andApplyDTO.setApplyElement(applyElementDTO);
- }
- orApplyDTO.setApplyElement(andApplyDTO);
- } else if (rowDTOArrayList.size() == 1) {
- RowDTO rowDTO = rowDTOArrayList.get(0);
- ApplyElementDTO andApplyDTO = createApplyElement(rowDTO);
- orApplyDTO.setApplyElement(andApplyDTO);
- }
- }
- rootApplyDTO.setApplyElement(orApplyDTO);
- } else if (listSet.size() == 1) {
- ArrayList<RowDTO> rowDTOArrayList = listSet.iterator().next();
- if (rowDTOArrayList.size() > 1) {
- ApplyElementDTO andApplyDTO = new ApplyElementDTO();
- andApplyDTO.setFunctionId(processFunction("and"));
- for (RowDTO rowDTO : rowDTOArrayList) {
- ApplyElementDTO applyElementDTO = createApplyElement(rowDTO);
- andApplyDTO.setApplyElement(applyElementDTO);
- }
- rootApplyDTO.setApplyElement(andApplyDTO);
- } else if (rowDTOArrayList.size() == 1) {
- RowDTO rowDTO = rowDTOArrayList.get(0);
- ApplyElementDTO andApplyDTO = createApplyElement(rowDTO);
- rootApplyDTO.setApplyElement(andApplyDTO);
- }
- }
- return rootApplyDTO;
- }
- /**
- * Creates <code>ApplyElementDTO</code> Object that represents the XACML Apply element
- *
- * @param rowDTO
- * @return
- * @throws PolicyEditorException
- */
- public static ApplyElementDTO createApplyElement(RowDTO rowDTO) throws PolicyEditorException {
- String preFunction = rowDTO.getPreFunction();
- String function = rowDTO.getFunction();
- String dataType = rowDTO.getAttributeDataType();
- String attributeValue = rowDTO.getAttributeValue();
- if (function == null || function.trim().length() < 1) {
- throw new PolicyEditorException("Can not create Apply element:" +
- "Missing required function Id");
- }
- if (attributeValue == null || attributeValue.trim().length() < 1) {
- throw new PolicyEditorException("Can not create Apply element:" +
- "Missing required attribute value");
- }
- ApplyElementDTO applyElementDTO = null;
- AttributeDesignatorDTO designatorDTO = new AttributeDesignatorDTO();
- designatorDTO.setCategory(rowDTO.getCategory());
- designatorDTO.setAttributeId(rowDTO.getAttributeId());
- designatorDTO.setDataType(dataType);
- designatorDTO.setMustBePresent("true");
- if (rowDTO.getFunction().contains("less") || rowDTO.getFunction().contains("greater")) {
- applyElementDTO = processGreaterLessThanFunctions(function, dataType, attributeValue,
- designatorDTO);
- } else if (PolicyConstants.Functions.FUNCTION_EQUAL.equals(rowDTO.getFunction())) {
- applyElementDTO = processEqualFunctions(function, dataType, attributeValue, designatorDTO);
- } else {
- applyElementDTO = processBagFunction(function, dataType, attributeValue, designatorDTO);
- }
- if (PolicyConstants.PreFunctions.PRE_FUNCTION_NOT.equals(preFunction)) {
- ApplyElementDTO notApplyElementDTO = new ApplyElementDTO();
- notApplyElementDTO.setFunctionId(processFunction("not"));
- notApplyElementDTO.setApplyElement(applyElementDTO);
- applyElementDTO = notApplyElementDTO;
- }
- return applyElementDTO;
- }
- /**
- * Creates <code>TargetElementDTO</code> Object that represents the XACML Target element
- *
- * @param targetDTO
- * @return
- */
- public static TargetElementDTO createTargetElementDTO(TargetDTO targetDTO) {
- AllOfElementDTO allOfElementDTO = new AllOfElementDTO();
- AnyOfElementDTO anyOfElementDTO = new AnyOfElementDTO();
- TargetElementDTO targetElementDTO = new TargetElementDTO();
- List<RowDTO> rowDTOs = targetDTO.getRowDTOList();
- ArrayList<RowDTO> tempRowDTOs = new ArrayList<RowDTO>();
- // pre function processing
- for (RowDTO rowDTO : rowDTOs) {
- if (PolicyEditorConstants.PreFunctions.PRE_FUNCTION_ARE.equals(rowDTO.getPreFunction())) {
- String[] attributeValues = rowDTO.getAttributeValue().split(PolicyEditorConstants.ATTRIBUTE_SEPARATOR);
- allOfElementDTO = new AllOfElementDTO();
- for (int j = 0; j < attributeValues.length; j++) {
- RowDTO newDto = new RowDTO(rowDTO);
- newDto.setAttributeValue(attributeValues[j]);
- if (j != attributeValues.length - 1) {
- newDto.setCombineFunction(PolicyEditorConstants.COMBINE_FUNCTION_AND);
- }
- tempRowDTOs.add(newDto);
- }
- } else {
- tempRowDTOs.add(rowDTO);
- }
- }
- if (tempRowDTOs.size() > 0) {
- for (int i = 0; i < tempRowDTOs.size(); i++) {
- if (i == 0) {
- MatchElementDTO matchElementDTO = createTargetMatch(tempRowDTOs.get(0));
- if (matchElementDTO != null) {
- allOfElementDTO.addMatchElementDTO(matchElementDTO);
- }
- continue;
- }
- String combineFunction = tempRowDTOs.get(i - 1).getCombineFunction();
- if (PolicyEditorConstants.COMBINE_FUNCTION_AND.equals(combineFunction)) {
- MatchElementDTO matchElementDTO = createTargetMatch(tempRowDTOs.get(i));
- if (matchElementDTO != null) {
- allOfElementDTO.addMatchElementDTO(matchElementDTO);
- }
- }
- if (PolicyEditorConstants.COMBINE_FUNCTION_OR.equals(combineFunction)) {
- anyOfElementDTO.addAllOfElementDTO(allOfElementDTO);
- allOfElementDTO = new AllOfElementDTO();
- MatchElementDTO matchElementDTO = createTargetMatch(tempRowDTOs.get(i));
- if (matchElementDTO != null) {
- allOfElementDTO.addMatchElementDTO(matchElementDTO);
- }
- }
- }
- anyOfElementDTO.addAllOfElementDTO(allOfElementDTO);
- targetElementDTO.addAnyOfElementDTO(anyOfElementDTO);
- }
- return targetElementDTO;
- }
- /**
- * process Bag functions
- *
- * @param function
- * @param dataType
- * @param attributeValue
- * @param designatorDTO
- * @return
- */
- public static ApplyElementDTO processBagFunction(String function, String dataType,
- String attributeValue, AttributeDesignatorDTO designatorDTO) {
- if (PolicyConstants.Functions.FUNCTION_IS_IN.equals(function)) {
- ApplyElementDTO applyElementDTO = new ApplyElementDTO();
- applyElementDTO.setFunctionId(processFunction("is-in", dataType));
- if (applyElementMap.containsKey(attributeValue)) {
- applyElementDTO.setApplyElement(applyElementMap.get(attributeValue));
- } else {
- AttributeValueElementDTO valueElementDTO = new AttributeValueElementDTO();
- valueElementDTO.setAttributeDataType(dataType);
- valueElementDTO.setAttributeValue(attributeValue);
- applyElementDTO.setAttributeValueElementDTO(valueElementDTO);
- }
- applyElementDTO.setAttributeDesignators(designatorDTO);
- return applyElementDTO;
- } else if (PolicyConstants.Functions.FUNCTION_AT_LEAST_ONE.equals(function) ||
- PolicyConstants.Functions.FUNCTION_SET_EQUALS.equals(function)) {
- ApplyElementDTO applyElementDTO = new ApplyElementDTO();
- if (PolicyConstants.Functions.FUNCTION_AT_LEAST_ONE.equals(function)) {
- applyElementDTO.setFunctionId(processFunction("at-least-one-member-of", dataType));
- } else {
- applyElementDTO.setFunctionId(processFunction("set-equals", dataType));
- }
- String[] values = attributeValue.split(PolicyEditorConstants.ATTRIBUTE_SEPARATOR);
- ApplyElementDTO applyBagElementDTO = new ApplyElementDTO();
- applyBagElementDTO.setFunctionId(processFunction("bag", dataType));
- for (String value : values) {
- if (applyElementMap.containsKey(value)) {
- applyBagElementDTO.setApplyElement(applyElementMap.get(value));
- } else {
- AttributeValueElementDTO valueElementDTO = new AttributeValueElementDTO();
- valueElementDTO.setAttributeDataType(dataType);
- valueElementDTO.setAttributeValue(value);
- applyBagElementDTO.setAttributeValueElementDTO(valueElementDTO);
- }
- }
- applyElementDTO.setAttributeDesignators(designatorDTO);
- applyElementDTO.setApplyElement(applyBagElementDTO);
- return applyElementDTO;
- }
- return null;
- }
- /**
- * Process equal function
- *
- * @param function
- * @param dataType
- …
Large files files are truncated, but you can click here to view the full file