a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster/**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * opensso/legal/CDDLv1.0.txt
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * at opensso/legal/CDDLv1.0.txt.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: AuthorizationDecisionQuery.java,v 1.2 2008/06/25 05:47:36 qcheng Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpackage com.sun.identity.saml.protocol;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.assertion.Action;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.assertion.Evidence;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.assertion.Subject;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLRequesterException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.ArrayList;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.Collections;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.Iterator;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.List;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport org.w3c.dom.Element;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport org.w3c.dom.Node;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport org.w3c.dom.NodeList;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster/**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This concrete class extends from the abstract base class
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>SubjectQuery</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * It represents the query for an authorization decision assertion. It
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * corresponds to the <code>&lt;samlp:AuthorizationDecisionQueryType&gt;</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * in the SAML protocol schema.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.all.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class AuthorizationDecisionQuery extends SubjectQuery {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected String resource = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected List actions = Collections.EMPTY_LIST;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected Evidence evidence = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Default Constructor
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected AuthorizationDecisionQuery() {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This constructor is used to build an Authorization Decision Query from
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * a DOM tree that was built from the XML string.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param element the DOM tree element which contains an Authorization
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Decision Query.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAMLException when an error occurs.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public AuthorizationDecisionQuery(Element element)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // make sure the input is not null
if (element == null) {
SAMLUtils.debug.message("AuthorizationDecisionQuery: null input.");
throw new SAMLRequesterException(
SAMLUtils.bundle.getString("nullInput"));
}
// make sure it's an AuthorizationDecisionQuery
boolean valid = SAMLUtils.checkQuery(element,
"AuthorizationDecisionQuery");
if (!valid) {
SAMLUtils.debug.message("AuthorizationDecisionQuery: wrong inout.");
throw new SAMLRequesterException(
SAMLUtils.bundle.getString("wrongInput"));
}
// getting the resource
resource = element.getAttribute("Resource");
if ((resource == null) || (resource.length() == 0)) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("AuthorizationDecisionQuery: "
+ "Missing attribute Resource.");
}
throw new SAMLRequesterException(
SAMLUtils.bundle.getString("missingAttribute"));
}
// TODO not checking the sequence.
NodeList nl = element.getChildNodes();
Node child;
String childName;
int length = nl.getLength();
// loop through all the children including TEXT and COMMENT
for (int k = 0; k < length; k++) {
child = nl.item(k);
if ((childName = child.getLocalName()) != null) {
if (childName.equals("Subject")) {
if (subject != null) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("AuthorizationDecisionQuery"
+ ": contained more than one <Subject>");
}
throw new SAMLRequesterException(
SAMLUtils.bundle.getString("moreElement"));
}
subject = new Subject((Element) child);
} else if (childName.equals("Action")) {
if (actions == Collections.EMPTY_LIST) {
actions = new ArrayList();
}
actions.add(new Action((Element) child));
} else if (childName.equals("Evidence")) {
if (evidence != null) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("AuthorizationDecisionQuery"
+ ": contained more than one <Evidence>");
}
throw new SAMLRequesterException(
SAMLUtils.bundle.getString("moreElement"));
}
evidence = new Evidence((Element) child);
} else {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("AuthorizationDecisionQuery: "
+ "included wrong element:" + childName);
}
throw new SAMLRequesterException(
SAMLUtils.bundle.getString("wrongInput"));
}
} // end childName != null
} // end for loop
// make sure there is one Subject
if (subject == null) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("AuthorizationDecisionQuery: missing "
+ "<Subject>");
}
throw new SAMLRequesterException(
SAMLUtils.bundle.getString("missingElement"));
}
// make sure there is at least one Action
if (actions == Collections.EMPTY_LIST) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("AuthorizationDecisionQuery: missing"
+ " <Action>");
}
throw new SAMLRequesterException(
SAMLUtils.bundle.getString("missingElement"));
}
}
private void buildAuthZQuery(Subject theSubject,
List theActions,
Evidence theEvidence,
String theResource)
throws SAMLException {
if (theSubject == null) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("AuthorizationDecisionQuery: "
+ "input <Subject> is null.");
}
throw new SAMLRequesterException(
SAMLUtils.bundle.getString("nullInput"));
}
this.subject = theSubject;
int length;
Object temp = null;
if ((theActions != null) &&
((length = theActions.size()) != 0)) {
for (int i = 0; i < length; i++) {
temp = theActions.get(i);
if (!(temp instanceof Action)) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("AuthorizationDecisionQuery: "
+ "Wrong input for Action.");
}
throw new SAMLRequesterException(
SAMLUtils.bundle.getString("wrongInput"));
}
}
this.actions = theActions;
}
if (actions == Collections.EMPTY_LIST) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("AuthorizationDecisionQuery: "
+ "missing <Action> in input.");
}
throw new SAMLRequesterException(
SAMLUtils.bundle.getString("missingElement"));
}
evidence = theEvidence;
if ((theResource == null) || (theResource.length() == 0)) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("AuthorizationDecisionQuery: "
+ "Missing attribute Resource.");
}
throw new SAMLRequesterException(
SAMLUtils.bundle.getString("missingAttribute"));
}
this.resource = theResource;
}
/**
* Constructor
*
* @param theSubject The subject of the query.
* @param theActions The List of Actions of the query.
* @param theEvidence The evidence of the query. It could be null when
* there is no Evidence in the query.
* @param theResource A string representing the resource of the query.
* @exception SAMLException when an error occurs.
*/
public AuthorizationDecisionQuery(Subject theSubject,
List theActions,
Evidence theEvidence,
String theResource)
throws SAMLException
{
buildAuthZQuery(theSubject, theActions, theEvidence, theResource);
}
/**
* Constructor
*
* @param theSubject The subject of the query.
* @param theActions The List of Actions of the query.
* @param theResource A string representing the resource of the query.
* @exception SAMLException when an error occurs.
*/
public AuthorizationDecisionQuery(Subject theSubject,
List theActions,
String theResource)
throws SAMLException {
buildAuthZQuery(theSubject, theActions, null, theResource);
}
/**
* Returns the List of Actions.
* @return The Actions included in the query.
*/
public List getAction() {
return actions;
}
/**
* Returns the <code>Evidence</code>
*
* @return the Evidence in the query. A null is returned
* if there is no Evidence in the query.
*/
public Evidence getEvidence() {
return evidence;
}
/**
* Accessor for the Resource
*
* @return A string representing the resource.
*/
public String getResource() {
return resource;
}
/**
* Returns the type of the query.
*
* @return an integer which is Query.AUTHORIZATION_DECISION_QUERY.
*/
public int getQueryType() {
return Query.AUTHORIZATION_DECISION_QUERY;
}
/**
* This method translates the <code>AuthorizationDecisionQuery</code> to an
* XML document String based on the <code>AuthorizationDecisionQuery</code>
* schema.
*
* @return An XML String representing the
* <code>AuthorizationDecisionQuery</code>.
*/
public String toString() {
return this.toString(true, false);
}
/**
* Create a String representation of the
* <code>samlp:AuthorizationDecisionQuery</code> element.
*
* @param includeNS Determines whether or not the namespace qualifier
* is prepended to the Element when converted
* @param declareNS Determines whether or not the namespace is declared
* within the Element.
* @return A string containing the valid XML for this element
*/
public String toString(boolean includeNS, boolean declareNS) {
StringBuffer xml = new StringBuffer(200);
String prefix = "";
String uri = "";
if (includeNS) {
prefix = SAMLConstants.PROTOCOL_PREFIX;
}
if (declareNS) {
uri = SAMLConstants.PROTOCOL_NAMESPACE_STRING;
}
xml.append("<").append(prefix).append("AuthorizationDecisionQuery").
append(uri).append(" Resource=\"").append(resource).
append("\">\n").
append(subject.toString(true, true));
Iterator iterator = actions.iterator();
while (iterator.hasNext()) {
xml.append(((Action) iterator.next()).toString(true, true));
}
if (evidence != null) {
xml.append(evidence.toString(true, true));
}
xml.append("</").append(prefix).append("AuthorizationDecisionQuery>\n");
return xml.toString();
}
}