Omaha #3509 Minor fixes to custom XACML policy processing
Former-commit-id: 21efa23f4c1236e874312c03a60f5c6dc2bd0c9a
This commit is contained in:
Benjamin Phillippe
parent
e9c310b4d8
commit
ca6c4093b7
2 changed files with 21 additions and 36 deletions
|
|
@ -757,7 +757,9 @@
|
|||
<bean id="VariableReferenceExpression"
|
||||
class="com.raytheon.uf.edex.registry.acp.xacml.engine.expression.impl.VariableReferenceExpression" />
|
||||
<bean id="AttributeDesignatorExpression"
|
||||
class="com.raytheon.uf.edex.registry.acp.xacml.engine.expression.impl.AttributeDesignatorExpression" />
|
||||
class="com.raytheon.uf.edex.registry.acp.xacml.engine.expression.impl.AttributeDesignatorExpression" >
|
||||
<property name="xacmlContextHandler" ref="XACMLContextHandler" />
|
||||
</bean>
|
||||
|
||||
<!-- End of Classes for XACML Expressions -->
|
||||
|
||||
|
|
|
|||
|
|
@ -21,7 +21,6 @@ package com.raytheon.uf.edex.registry.acp.xacml.interceptor;
|
|||
|
||||
import java.security.Principal;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
|
|
@ -56,10 +55,10 @@ import org.opensaml.xacml.ctx.ResponseType;
|
|||
import org.opensaml.xacml.ctx.ResultType;
|
||||
import org.opensaml.xacml.policy.ObligationType;
|
||||
import org.opensaml.xacml.policy.ObligationsType;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
|
||||
import com.raytheon.uf.common.status.IUFStatusHandler;
|
||||
import com.raytheon.uf.common.status.UFStatus;
|
||||
import com.raytheon.uf.common.util.CollectionUtil;
|
||||
import com.raytheon.uf.edex.registry.acp.xacml.XACMLPolicyAdministrator;
|
||||
import com.raytheon.uf.edex.registry.acp.xacml.XACMLPolicyDecisionPoint;
|
||||
import com.raytheon.uf.edex.registry.acp.xacml.engine.obligation.XACMLObligationEvaluator;
|
||||
|
|
@ -90,6 +89,7 @@ import com.raytheon.uf.edex.registry.ebxml.exception.EbxmlRegistryException;
|
|||
* @author bphillip
|
||||
* @version 1
|
||||
*/
|
||||
@Transactional
|
||||
public class XACMLInterceptor extends AbstractPhaseInterceptor<Message> {
|
||||
|
||||
/** The logger */
|
||||
|
|
@ -117,6 +117,10 @@ public class XACMLInterceptor extends AbstractPhaseInterceptor<Message> {
|
|||
*/
|
||||
private RegistryXACMLRequestBuilder requestBuilder;
|
||||
|
||||
public XACMLInterceptor() {
|
||||
super(Phase.PRE_INVOKE);
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructs a new XACMLInterceptor
|
||||
*
|
||||
|
|
@ -129,7 +133,7 @@ public class XACMLInterceptor extends AbstractPhaseInterceptor<Message> {
|
|||
*/
|
||||
public XACMLInterceptor(XACMLPolicyAdministrator xacmlPolicyAdmin,
|
||||
XACMLPolicyDecisionPoint pdp, RegistryObjectDao registryObjectDao) {
|
||||
super(Phase.POST_INVOKE);
|
||||
super(Phase.PRE_INVOKE);
|
||||
OpenSAMLUtil.initSamlEngine();
|
||||
this.xacmlPolicyAdmin = xacmlPolicyAdmin;
|
||||
this.pdp = pdp;
|
||||
|
|
@ -190,7 +194,9 @@ public class XACMLInterceptor extends AbstractPhaseInterceptor<Message> {
|
|||
return;
|
||||
}
|
||||
} catch (Exception e) {
|
||||
statusHandler.error("An error occurred during XACML authorization. Defaulting to Unauthorized", e);
|
||||
statusHandler
|
||||
.error("An error occurred during XACML authorization. Defaulting to Unauthorized",
|
||||
e);
|
||||
throw new AccessDeniedException("Unauthorized");
|
||||
}
|
||||
} else {
|
||||
|
|
@ -236,31 +242,6 @@ public class XACMLInterceptor extends AbstractPhaseInterceptor<Message> {
|
|||
return response;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the resources from the message and retrieves them from the registry
|
||||
* database if possible
|
||||
*
|
||||
* @param message
|
||||
* The message to get the resources from
|
||||
* @param isSoapCall
|
||||
* True if this is a SOAP call
|
||||
* @return The list of registry object resources referenced by the message
|
||||
* @throws EbxmlRegistryException
|
||||
* If errors occur while querying for the objects from the
|
||||
* registry database
|
||||
*/
|
||||
private List<RegistryObjectType> getResources(Message message,
|
||||
boolean isSoapCall) throws EbxmlRegistryException {
|
||||
List<RegistryObjectType> registryObjects = Collections.emptyList();
|
||||
|
||||
List<String> ids = getResourceIds(message, isSoapCall);
|
||||
if (!CollectionUtil.isNullOrEmpty(ids)) {
|
||||
registryObjects = registryObjectDao.getById(ids);
|
||||
}
|
||||
|
||||
return registryObjects;
|
||||
}
|
||||
|
||||
/**
|
||||
* Extracts the ids of the resources from the message
|
||||
*
|
||||
|
|
@ -272,8 +253,9 @@ public class XACMLInterceptor extends AbstractPhaseInterceptor<Message> {
|
|||
* @throws EbxmlRegistryException
|
||||
* If an invalid message is submitted
|
||||
*/
|
||||
private List<String> getResourceIds(Message message, boolean isSoapCall)
|
||||
throws EbxmlRegistryException {
|
||||
private List<RegistryObjectType> getResources(Message message,
|
||||
boolean isSoapCall) throws EbxmlRegistryException {
|
||||
List<RegistryObjectType> registryObjects = new ArrayList<RegistryObjectType>();
|
||||
List<String> ids = new ArrayList<String>();
|
||||
ObjectRefListType refList = null;
|
||||
RegistryObjectListType objList = null;
|
||||
|
|
@ -327,12 +309,13 @@ public class XACMLInterceptor extends AbstractPhaseInterceptor<Message> {
|
|||
}
|
||||
}
|
||||
if (objList != null) {
|
||||
for (RegistryObjectType regObj : objList.getRegistryObject()) {
|
||||
ids.add(regObj.getId());
|
||||
}
|
||||
registryObjects.addAll(objList.getRegistryObject());
|
||||
}
|
||||
if (!ids.isEmpty()) {
|
||||
registryObjects.addAll(registryObjectDao.getById(ids));
|
||||
}
|
||||
}
|
||||
return ids;
|
||||
return registryObjects;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue