/** * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. * * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved * * The contents of this file are subject to the terms * of the Common Development and Distribution License * (the License). You may not use this file except in * compliance with the License. * * You can obtain a copy of the License at * https://opensso.dev.java.net/public/CDDLv1.0.html or * opensso/legal/CDDLv1.0.txt * See the License for the specific language governing * permission and limitations under the License. * * When distributing Covered Code, include this CDDL * Header Notice in each file and include the License file * at opensso/legal/CDDLv1.0.txt. * If applicable, add the following below the CDDL Header, * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: AuthorizationDecisionQuery.java,v 1.2 2008/06/25 05:47:36 qcheng Exp $ * */ package com.sun.identity.saml.protocol; import com.sun.identity.saml.assertion.Action; import com.sun.identity.saml.assertion.Evidence; import com.sun.identity.saml.assertion.Subject; import com.sun.identity.saml.common.SAMLConstants; import com.sun.identity.saml.common.SAMLException; import com.sun.identity.saml.common.SAMLRequesterException; import com.sun.identity.saml.common.SAMLUtils; import java.util.ArrayList; import java.util.Collections; import java.util.Iterator; import java.util.List; import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; /** * This concrete class extends from the abstract base class * SubjectQuery. * It represents the query for an authorization decision assertion. It * corresponds to the <samlp:AuthorizationDecisionQueryType> * in the SAML protocol schema. * * @supported.all.api */ public class AuthorizationDecisionQuery extends SubjectQuery { protected String resource = null; protected List actions = Collections.EMPTY_LIST; protected Evidence evidence = null; /** * Default Constructor */ protected AuthorizationDecisionQuery() { } /** * This constructor is used to build an Authorization Decision Query from * a DOM tree that was built from the XML string. * * @param element the DOM tree element which contains an Authorization * Decision Query. * @exception SAMLException when an error occurs. */ public AuthorizationDecisionQuery(Element element) throws SAMLException { // make sure the input is not null if (element == null) { SAMLUtils.debug.message("AuthorizationDecisionQuery: null input."); throw new SAMLRequesterException( SAMLUtils.bundle.getString("nullInput")); } // make sure it's an AuthorizationDecisionQuery boolean valid = SAMLUtils.checkQuery(element, "AuthorizationDecisionQuery"); if (!valid) { SAMLUtils.debug.message("AuthorizationDecisionQuery: wrong inout."); throw new SAMLRequesterException( SAMLUtils.bundle.getString("wrongInput")); } // getting the resource resource = element.getAttribute("Resource"); if ((resource == null) || (resource.length() == 0)) { if (SAMLUtils.debug.messageEnabled()) { SAMLUtils.debug.message("AuthorizationDecisionQuery: " + "Missing attribute Resource."); } throw new SAMLRequesterException( SAMLUtils.bundle.getString("missingAttribute")); } // TODO not checking the sequence. NodeList nl = element.getChildNodes(); Node child; String childName; int length = nl.getLength(); // loop through all the children including TEXT and COMMENT for (int k = 0; k < length; k++) { child = nl.item(k); if ((childName = child.getLocalName()) != null) { if (childName.equals("Subject")) { if (subject != null) { if (SAMLUtils.debug.messageEnabled()) { SAMLUtils.debug.message("AuthorizationDecisionQuery" + ": contained more than one "); } throw new SAMLRequesterException( SAMLUtils.bundle.getString("moreElement")); } subject = new Subject((Element) child); } else if (childName.equals("Action")) { if (actions == Collections.EMPTY_LIST) { actions = new ArrayList(); } actions.add(new Action((Element) child)); } else if (childName.equals("Evidence")) { if (evidence != null) { if (SAMLUtils.debug.messageEnabled()) { SAMLUtils.debug.message("AuthorizationDecisionQuery" + ": contained more than one "); } throw new SAMLRequesterException( SAMLUtils.bundle.getString("moreElement")); } evidence = new Evidence((Element) child); } else { if (SAMLUtils.debug.messageEnabled()) { SAMLUtils.debug.message("AuthorizationDecisionQuery: " + "included wrong element:" + childName); } throw new SAMLRequesterException( SAMLUtils.bundle.getString("wrongInput")); } } // end childName != null } // end for loop // make sure there is one Subject if (subject == null) { if (SAMLUtils.debug.messageEnabled()) { SAMLUtils.debug.message("AuthorizationDecisionQuery: missing " + ""); } throw new SAMLRequesterException( SAMLUtils.bundle.getString("missingElement")); } // make sure there is at least one Action if (actions == Collections.EMPTY_LIST) { if (SAMLUtils.debug.messageEnabled()) { SAMLUtils.debug.message("AuthorizationDecisionQuery: missing" + " "); } throw new SAMLRequesterException( SAMLUtils.bundle.getString("missingElement")); } } private void buildAuthZQuery(Subject theSubject, List theActions, Evidence theEvidence, String theResource) throws SAMLException { if (theSubject == null) { if (SAMLUtils.debug.messageEnabled()) { SAMLUtils.debug.message("AuthorizationDecisionQuery: " + "input is null."); } throw new SAMLRequesterException( SAMLUtils.bundle.getString("nullInput")); } this.subject = theSubject; int length; Object temp = null; if ((theActions != null) && ((length = theActions.size()) != 0)) { for (int i = 0; i < length; i++) { temp = theActions.get(i); if (!(temp instanceof Action)) { if (SAMLUtils.debug.messageEnabled()) { SAMLUtils.debug.message("AuthorizationDecisionQuery: " + "Wrong input for Action."); } throw new SAMLRequesterException( SAMLUtils.bundle.getString("wrongInput")); } } this.actions = theActions; } if (actions == Collections.EMPTY_LIST) { if (SAMLUtils.debug.messageEnabled()) { SAMLUtils.debug.message("AuthorizationDecisionQuery: " + "missing in input."); } throw new SAMLRequesterException( SAMLUtils.bundle.getString("missingElement")); } evidence = theEvidence; if ((theResource == null) || (theResource.length() == 0)) { if (SAMLUtils.debug.messageEnabled()) { SAMLUtils.debug.message("AuthorizationDecisionQuery: " + "Missing attribute Resource."); } throw new SAMLRequesterException( SAMLUtils.bundle.getString("missingAttribute")); } this.resource = theResource; } /** * Constructor * * @param theSubject The subject of the query. * @param theActions The List of Actions of the query. * @param theEvidence The evidence of the query. It could be null when * there is no Evidence in the query. * @param theResource A string representing the resource of the query. * @exception SAMLException when an error occurs. */ public AuthorizationDecisionQuery(Subject theSubject, List theActions, Evidence theEvidence, String theResource) throws SAMLException { buildAuthZQuery(theSubject, theActions, theEvidence, theResource); } /** * Constructor * * @param theSubject The subject of the query. * @param theActions The List of Actions of the query. * @param theResource A string representing the resource of the query. * @exception SAMLException when an error occurs. */ public AuthorizationDecisionQuery(Subject theSubject, List theActions, String theResource) throws SAMLException { buildAuthZQuery(theSubject, theActions, null, theResource); } /** * Returns the List of Actions. * @return The Actions included in the query. */ public List getAction() { return actions; } /** * Returns the Evidence * * @return the Evidence in the query. A null is returned * if there is no Evidence in the query. */ public Evidence getEvidence() { return evidence; } /** * Accessor for the Resource * * @return A string representing the resource. */ public String getResource() { return resource; } /** * Returns the type of the query. * * @return an integer which is Query.AUTHORIZATION_DECISION_QUERY. */ public int getQueryType() { return Query.AUTHORIZATION_DECISION_QUERY; } /** * This method translates the AuthorizationDecisionQuery to an * XML document String based on the AuthorizationDecisionQuery * schema. * * @return An XML String representing the * AuthorizationDecisionQuery. */ public String toString() { return this.toString(true, false); } /** * Create a String representation of the * samlp:AuthorizationDecisionQuery element. * * @param includeNS Determines whether or not the namespace qualifier * is prepended to the Element when converted * @param declareNS Determines whether or not the namespace is declared * within the Element. * @return A string containing the valid XML for this element */ public String toString(boolean includeNS, boolean declareNS) { StringBuffer xml = new StringBuffer(200); String prefix = ""; String uri = ""; if (includeNS) { prefix = SAMLConstants.PROTOCOL_PREFIX; } if (declareNS) { uri = SAMLConstants.PROTOCOL_NAMESPACE_STRING; } xml.append("<").append(prefix).append("AuthorizationDecisionQuery"). append(uri).append(" Resource=\"").append(resource). append("\">\n"). append(subject.toString(true, true)); Iterator iterator = actions.iterator(); while (iterator.hasNext()) { xml.append(((Action) iterator.next()).toString(true, true)); } if (evidence != null) { xml.append(evidence.toString(true, true)); } xml.append("\n"); return xml.toString(); } }