OpenAZPolicyDecisionPoint.java

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.coheigea.cxf.sts.xacml.pdp.xacml3;

import java.util.Properties;
import java.util.logging.Logger;

import org.apache.coheigea.cxf.sts.xacml.authorization.xacml3.PolicyDecisionPoint;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.openaz.xacml.api.Decision;
import org.apache.openaz.xacml.api.Request;
import org.apache.openaz.xacml.api.Response;
import org.apache.openaz.xacml.api.pdp.PDPEngine;
import org.apache.openaz.xacml.api.pdp.PDPEngineFactory;
import org.apache.openaz.xacml.std.StdMutableResponse;
import org.apache.openaz.xacml.std.StdMutableResult;
import org.apache.openaz.xacml.std.json.JSONRequest;
import org.apache.openaz.xacml.std.json.JSONResponse;

/**
 * A PDP implementation based on the OpenAZ PDP engine. It accepts a JSON XACML Request.
 */
public class OpenAZPolicyDecisionPoint implements PolicyDecisionPoint {
    
    private static final Logger LOG = LogUtils.getL7dLogger(OpenAZPolicyDecisionPoint.class);
    
    private final PDPEngine pdpEngine;
    
    public OpenAZPolicyDecisionPoint() throws Exception {
        // Load policies + PDP
        Properties properties = new Properties();
        properties.put("xacml.rootPolicies", "boss");
        properties.put("xacml.referencedPolicies", "doubleit");
        properties.put("boss.file", 
                       "src/test/resources/org/apache/coheigea/cxf/sts/xacml/pdp/xacml3/boss_role_policy.xml");
        properties.put("doubleit.file", 
            "src/test/resources/org/apache/coheigea/cxf/sts/xacml/pdp/xacml3/boss_permission_policy.xml");
        
        PDPEngineFactory engineFactory = PDPEngineFactory.newInstance();
        pdpEngine = engineFactory.newEngine(properties);
    }

    public String evaluate(String requestString) {
        try {
            LOG.info("XACML request: " + requestString);
            
            // Convert into a XACML Request
            Request request = JSONRequest.load(requestString);
            
            // Evaluate request
            Response response = pdpEngine.decide(request);
            
            // Convert back to Source + return
            return JSONResponse.toString(response);
        } catch (Exception ex) {
            StdMutableResponse response = new StdMutableResponse();
            StdMutableResult result = new StdMutableResult();
            result.setDecision(Decision.NOTAPPLICABLE);
            response.add(result);
            try {
                return JSONResponse.toString(response);
            } catch (Exception e) {
                throw new RuntimeException(e.getMessage());
            }
        }
    }

}