/* * The contents of this file are subject to the terms of the Common Development and * Distribution License (the License). You may not use this file except in compliance with the * License. * * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the * specific language governing permission and limitations under the License. * * When distributing Covered Software, include this CDDL Header Notice in each file and include * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL * Header, with the fields enclosed by brackets [] replaced by your own identifying * information: "Portions copyright [year] [name of copyright owner]". * * Copyright 2014-2016 ForgeRock AS. */ package com.sun.identity.entitlement.xacml3; import static com.sun.identity.entitlement.xacml3.XACMLPrivilegeUtils.*; import static org.forgerock.openam.xacml.v3.XACMLApplicationUtils.getApplicationNameFromPolicy; import static org.forgerock.openam.xacml.v3.XACMLApplicationUtils.policyToApplication; import static org.forgerock.openam.xacml.v3.XACMLResourceTypeUtils.createResourceType; import static org.forgerock.openam.xacml.v3.XACMLResourceTypeUtils.generateResourceTypeDummyUuid; import java.io.InputStream; import java.util.HashMap; import java.util.Map; import javax.xml.bind.JAXBException; import org.forgerock.openam.entitlement.ResourceType; import org.forgerock.openam.xacml.v3.XACMLApplicationUtils; import org.forgerock.openam.xacml.v3.XACMLResourceTypeUtils; import org.json.JSONException; import com.sun.identity.entitlement.Application; import com.sun.identity.entitlement.EntitlementException; import com.sun.identity.entitlement.Privilege; import com.sun.identity.entitlement.ReferralPrivilege; import com.sun.identity.entitlement.xacml3.core.Policy; import com.sun.identity.entitlement.xacml3.core.PolicySet; /** * Facade for reading and writing XACML and translating between XACML PolicySets and AM Privilege types. */ public class XACMLReaderWriter { public static final int JSON_PARSE_ERROR = EntitlementException.JSON_PARSE_ERROR; public static final int INVALID_XML = EntitlementException.INVALID_XML; /** * Reads a sequence of XACML policies as OpenAM Privileges. * * @param xacml Non null stream to read. * @return The XACML policies translated to OpenAM privileges. * @throws EntitlementException If there was any unexpected error. */ public PrivilegeSet read(InputStream xacml) throws EntitlementException { PolicySet policySet; try { policySet = XACMLPrivilegeUtils.streamToPolicySet(xacml); } catch (JAXBException e) { throw new EntitlementException(INVALID_XML, e); } return fromXACML(policySet); } /** * Translate provided XACML PolicySet into OpenAM Privileges, ReferralPrivileges, Applications and ResourceTypes. * XACML export file doesn't map Application and Resource Type completely and hence dummy ResourceType Ids * are assigned to ResourceTypes created and same is used for linking Application, Privilege to the ResourceType. *
* * From a policySet instance: