/* * Copyright (c) 2005-2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.wso2.carbon.identity.entitlement.mediator.callback; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.synapse.MessageContext; import org.apache.synapse.core.axis2.Axis2MessageContext; import org.wso2.carbon.identity.entitlement.proxy.Attribute; /** * An extension to this class can feed the Entitlement mediator with subject/resource/action and * envs. * */ public abstract class EntitlementCallbackHandler { private static final Log log = LogFactory.getLog(EntitlementCallbackHandler.class); /** * Get the user name who should be authorized against defined Entitlement policies. The default * implementation reads the subject name from the * <code>org.apache.axis2.context.MessageContext</code> as a property. The name of this property * should be set as a property defined under axis2 scope with the name xacml_subject_identifier. * If the property xacml_subject_identifier not found, then the subject name would be read from * a property defined under axis2 scope with the name xacml_subject * * @param synCtx * @return */ public String getUserName(MessageContext synCtx) { Axis2MessageContext axis2Msgcontext = null; org.apache.axis2.context.MessageContext msgContext; axis2Msgcontext = (Axis2MessageContext) synCtx; msgContext = axis2Msgcontext.getAxis2MessageContext(); String subjectIdentifier = (String) axis2Msgcontext.getProperty("xacml_subject_identifier"); if (subjectIdentifier != null) { return (String) msgContext.getProperty(subjectIdentifier); } return (String) axis2Msgcontext.getProperty("xacml_subject"); } /** * Get the name of the operation been invoked by the user. If the property xacml_use_rest * defined under axis2 scope been found - with the value "true" - the HTTP_METHOD will be picked * as the operation name. * * @param synCtx * @return */ public String findOperationName(MessageContext synCtx) { org.apache.axis2.context.MessageContext msgContext; Axis2MessageContext axis2Msgcontext = null; axis2Msgcontext = (Axis2MessageContext) synCtx; msgContext = axis2Msgcontext.getAxis2MessageContext(); String useRest = (String) msgContext.getProperty("xacml_use_rest"); if (useRest == null || "false".equals(useRest.toLowerCase())) { return msgContext.getEnvelope().getSOAPBodyFirstElementLocalName(); } else { return (String) msgContext.getProperty("HTTP_METHOD"); } } /** * Get the name the service been invoked by the user. If the property xacml_resource_prefix * defined under axis2 scope been found - the service name will be prefixed by that value. Also * if the property xacml_resource_prefix_only defined under axis2 scope been found and been set * to true - then the service name will be replaced by the value found in xacml_resource_prefix. * * @param synCtx * @return */ public String findServiceName(MessageContext synCtx) { Axis2MessageContext axis2Msgcontext = null; org.apache.axis2.context.MessageContext msgContext; axis2Msgcontext = (Axis2MessageContext) synCtx; msgContext = axis2Msgcontext.getAxis2MessageContext(); String serviceName = axis2Msgcontext.getTo().getAddress(); String resourcePrefix = (String) msgContext.getProperty("xacml_resource_prefix"); String resourcePrefixOnly = (String) msgContext .getProperty("xacml_resource_prefix_only"); if (resourcePrefix != null && resourcePrefix.trim().length() > 0) { if (resourcePrefixOnly != null && "true".equals(resourcePrefixOnly.toLowerCase())) { serviceName = resourcePrefix; } else { serviceName = resourcePrefix + serviceName; } } if (log.isDebugEnabled()) { log.debug("Service name " + serviceName); } return serviceName; } /** * If the property xacml_action defined under axis2 scope been found - then the value of that * property will be picked as the action - if not the default action is "read". * * @param synCtx * @return */ public String findAction(MessageContext synCtx) { Axis2MessageContext axis2Msgcontext = null; axis2Msgcontext = (Axis2MessageContext) synCtx; org.apache.axis2.context.MessageContext msgContext; msgContext = axis2Msgcontext.getAxis2MessageContext(); String action = (String) msgContext.getProperty("xacml_action"); String useRest = (String) msgContext.getProperty("xacml_use_rest"); if (action != null) { if (log.isDebugEnabled()) { log.debug("Action " + action); } return action; } else if (useRest != null && "true".equals(useRest.toLowerCase())) { return (String) msgContext.getProperty("HTTP_METHOD"); } else { return "read"; } } /** * Optional hook to supply additional attributes for any category * including urn:oasis:names:tc:xacml:3.0:attribute-category:environment * * @param synCtx * @return */ public Attribute[] findOtherAttributes(MessageContext synCtx) { return null; } }