openaz-xacml-pap-admin/src/main/java/org/apache/openaz/xacml/admin/XacmlAdminAuthorization.java - incubator-retired-openaz - Git at Google

 /*
  *  Licensed to the Apache Software Foundation (ASF) under one
  *  or more contributor license agreements.  See the NOTICE file
  *  distributed with this work for additional information
  *  regarding copyright ownership.  The ASF licenses this file
  *  to you under the Apache License, Version 2.0 (the
  *  "License"); you may not use this file except in compliance
  *  with the License.  You may obtain a copy of the License at
  *
  *    http://www.apache.org/licenses/LICENSE-2.0
  *
  *  Unless required by applicable law or agreed to in writing,
  *  software distributed under the License is distributed on an
  *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  *  KIND, either express or implied.  See the License for the
  *  specific language governing permissions and limitations
  *  under the License.
  *
  */

 package org.apache.openaz.xacml.admin;

 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;

 import org.apache.openaz.xacml.std.annotations.XACMLRequest;
 import org.apache.openaz.xacml.std.annotations.RequestParser;
 import org.apache.openaz.xacml.std.annotations.XACMLSubject;
 import org.apache.openaz.xacml.std.annotations.XACMLAction;
 import org.apache.openaz.xacml.std.annotations.XACMLResource;
 import org.apache.openaz.xacml.api.DataTypeException;
 import org.apache.openaz.xacml.api.Decision;
 import org.apache.openaz.xacml.api.Request;
 import org.apache.openaz.xacml.api.Response;
 import org.apache.openaz.xacml.api.Result;
 import org.apache.openaz.xacml.api.pdp.PDPEngine;
 import org.apache.openaz.xacml.api.pdp.PDPEngineFactory;
 import org.apache.openaz.xacml.api.pdp.PDPException;
 import org.apache.openaz.xacml.util.FactoryException;

 public class XacmlAdminAuthorization {
 	private static Log logger	= LogFactory.getLog(XacmlAdminAuthorization.class);

 	public enum AdminAction {
 		ACTION_ACCESS("access"),
 		ACTION_READ("read"),
 		ACTION_WRITE("write"),
 		ACTION_ADMIN("admin");

 		String action;
 		AdminAction(String a) {
 			this.action = a;
 		}
 		public String toString() {
 			return this.action;
 		}
 	}

 	public enum AdminResource {
 		RESOURCE_APPLICATION("application"),
 		RESOURCE_POLICY_WORKSPACE("workspace"),
 		RESOURCE_POLICY_EDITOR("editor"),
 		RESOURCE_DICTIONARIES("dictionaries"),
 		RESOURCE_PDP_ADMIN("pdp_admin"),
 		RESOURCE_PIP_ADMIN("pip_admin");

 		String resource;
 		AdminResource(String r) {
 			this.resource = r;
 		}
 		public String toString() {
 			return this.resource;
 		}
 	}

 	@XACMLRequest(ReturnPolicyIdList=true)
 	public class AuthorizationRequest {

 		@XACMLSubject(includeInResults=true)
 		String	userID;

 		@XACMLAction()
 		String	action;

 		@XACMLResource()
 		String	resource;

 		public AuthorizationRequest(String userId, String action, String resource) {
 			this.userID = userId;
 			this.action = action;
 			this.resource = resource;
 		}

 		public String getUserID() {
 			return userID;
 		}

 		public void setUserID(String userID) {
 			this.userID = userID;
 		}

 		public String getAction() {
 			return action;
 		}

 		public void setAction(String action) {
 			this.action = action;
 		}

 		public String getResource() {
 			return resource;
 		}

 		public void setResource(String resource) {
 			this.resource = resource;
 		}
 	}

 	//
 	// The PDP Engine
 	//
 	protected PDPEngine pdpEngine;

 	public XacmlAdminAuthorization() {
 		PDPEngineFactory pdpEngineFactory	= null;
 		try {
 			pdpEngineFactory	= PDPEngineFactory.newInstance();
 			if (pdpEngineFactory == null) {
 				logger.error("Failed to create PDP Engine Factory");
 			}
 			this.pdpEngine = pdpEngineFactory.newEngine();
 		} catch (FactoryException e) {
 			logger.error("Exception create PDP Engine: " + e.getLocalizedMessage());
 		}
 	}

 	public boolean	isAuthorized(String userid, AdminAction action, AdminResource resource) {
 		logger.info("authorize: " + userid + " to " + action + " with " + resource);
 		if (this.pdpEngine == null) {
 			logger.warn("no pdp engine available to authorize");
 			return false;
 		}
 		Request request;
 		try {
 			request = RequestParser.parseRequest(new AuthorizationRequest(userid, action.toString(), resource.toString()));
 		} catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) {
 			logger.error("Failed to create request: " + e.getLocalizedMessage());
 			return false;
 		}
 		if (request == null) {
 			logger.error("Failed to parse request.");
 			return false;
 		}
 		logger.info("Request: " + request);
 		//
 		// Ask the engine
 		//
 		try {
 			Response response = this.pdpEngine.decide(request);
 			if (response == null) {
 				logger.error("Null response from PDP decide");
 			}
 			//
 			// Should only be one result
 			//
 			for (Result result : response.getResults()) {
 				Decision decision = result.getDecision();
 				logger.info("Decision: " + decision);
 				if (decision.equals(Decision.PERMIT)) {
 					return true;
 				}
 			}
 		} catch (PDPException e) {
 			logger.error("PDP Decide failed: " + e.getLocalizedMessage());
 		}
 		return false;
 	}
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*
	*/

	package org.apache.openaz.xacml.admin;

	import org.apache.commons.logging.Log;
	import org.apache.commons.logging.LogFactory;

	import org.apache.openaz.xacml.std.annotations.XACMLRequest;
	import org.apache.openaz.xacml.std.annotations.RequestParser;
	import org.apache.openaz.xacml.std.annotations.XACMLSubject;
	import org.apache.openaz.xacml.std.annotations.XACMLAction;
	import org.apache.openaz.xacml.std.annotations.XACMLResource;
	import org.apache.openaz.xacml.api.DataTypeException;
	import org.apache.openaz.xacml.api.Decision;
	import org.apache.openaz.xacml.api.Request;
	import org.apache.openaz.xacml.api.Response;
	import org.apache.openaz.xacml.api.Result;
	import org.apache.openaz.xacml.api.pdp.PDPEngine;
	import org.apache.openaz.xacml.api.pdp.PDPEngineFactory;
	import org.apache.openaz.xacml.api.pdp.PDPException;
	import org.apache.openaz.xacml.util.FactoryException;

	public class XacmlAdminAuthorization {
	private static Log logger = LogFactory.getLog(XacmlAdminAuthorization.class);

	public enum AdminAction {
	ACTION_ACCESS("access"),
	ACTION_READ("read"),
	ACTION_WRITE("write"),
	ACTION_ADMIN("admin");

	String action;
	AdminAction(String a) {
	this.action = a;
	}
	public String toString() {
	return this.action;
	}
	}

	public enum AdminResource {
	RESOURCE_APPLICATION("application"),
	RESOURCE_POLICY_WORKSPACE("workspace"),
	RESOURCE_POLICY_EDITOR("editor"),
	RESOURCE_DICTIONARIES("dictionaries"),
	RESOURCE_PDP_ADMIN("pdp_admin"),
	RESOURCE_PIP_ADMIN("pip_admin");

	String resource;
	AdminResource(String r) {
	this.resource = r;
	}
	public String toString() {
	return this.resource;
	}
	}

	@XACMLRequest(ReturnPolicyIdList=true)
	public class AuthorizationRequest {

	@XACMLSubject(includeInResults=true)
	String userID;

	@XACMLAction()
	String action;

	@XACMLResource()
	String resource;

	public AuthorizationRequest(String userId, String action, String resource) {
	this.userID = userId;
	this.action = action;
	this.resource = resource;
	}

	public String getUserID() {
	return userID;
	}

	public void setUserID(String userID) {
	this.userID = userID;
	}

	public String getAction() {
	return action;
	}

	public void setAction(String action) {
	this.action = action;
	}

	public String getResource() {
	return resource;
	}

	public void setResource(String resource) {
	this.resource = resource;
	}
	}

	//
	// The PDP Engine
	//
	protected PDPEngine pdpEngine;

	public XacmlAdminAuthorization() {
	PDPEngineFactory pdpEngineFactory = null;
	try {
	pdpEngineFactory = PDPEngineFactory.newInstance();
	if (pdpEngineFactory == null) {
	logger.error("Failed to create PDP Engine Factory");
	}
	this.pdpEngine = pdpEngineFactory.newEngine();
	} catch (FactoryException e) {
	logger.error("Exception create PDP Engine: " + e.getLocalizedMessage());
	}
	}

	public boolean isAuthorized(String userid, AdminAction action, AdminResource resource) {
	logger.info("authorize: " + userid + " to " + action + " with " + resource);
	if (this.pdpEngine == null) {
	logger.warn("no pdp engine available to authorize");
	return false;
	}
	Request request;
	try {
	request = RequestParser.parseRequest(new AuthorizationRequest(userid, action.toString(), resource.toString()));
	} catch (IllegalArgumentException \| IllegalAccessException \| DataTypeException e) {
	logger.error("Failed to create request: " + e.getLocalizedMessage());
	return false;
	}
	if (request == null) {
	logger.error("Failed to parse request.");
	return false;
	}
	logger.info("Request: " + request);
	//
	// Ask the engine
	//
	try {
	Response response = this.pdpEngine.decide(request);
	if (response == null) {
	logger.error("Null response from PDP decide");
	}
	//
	// Should only be one result
	//
	for (Result result : response.getResults()) {
	Decision decision = result.getDecision();
	logger.info("Decision: " + decision);
	if (decision.equals(Decision.PERMIT)) {
	return true;
	}
	}
	} catch (PDPException e) {
	logger.error("PDP Decide failed: " + e.getLocalizedMessage());
	}
	return false;
	}
	}