a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: XACMLQueryUtil.java,v 1.1 2009/09/22 22:50:14 madan_ranganath Exp $
1b49125c5fbcee4ac3052f0831212bbb6feae221Mark Craig * Portions copyright 2013 ForgeRock, Inc.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionProvider;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2Exception;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2Utils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.xacml.client.XACMLRequestProcessor;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.xacml.common.XACMLConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.xacml.common.XACMLException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.xacml.context.Attribute;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.xacml.context.ContextFactory;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.xacml.context.Environment;
1b49125c5fbcee4ac3052f0831212bbb6feae221Mark Craig * This class provides methods to send or process <code>AttributeQuery</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessionProvider = SessionManager.getProvider();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.error("Error retrieving session provider.", se);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sends the XACML query to specifiied PDP, gets the policy decision
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * and sends it back to the Fedlet
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request HTTP Servlet Request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param pepEntityID PEP entity ID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param pdpEntityID PDP entity ID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param nameIDValue NameID value
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param serviceName Service Name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param resource Resource URL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param action Action
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the <code>String</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if the operation is not successful
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static String getPolicyDecisionForFedlet(HttpServletRequest request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Request Xrequest = ContextFactory.getInstance().createRequest();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Subject subject = ContextFactory.getInstance().createSubject();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster subject.setSubjectCategory(new URI(XACMLConstants.ACCESS_SUBJECT));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //set subject id
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Attribute attribute = ContextFactory.getInstance().createAttribute();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attribute.setAttributeId(new URI(XACMLConstants.SUBJECT_ID));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attribute.setDataType(new URI(XACMLConstants.SAML2_NAMEID));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Set Subject in Request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Set resource id
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attribute = ContextFactory.getInstance().createAttribute();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attribute.setAttributeId(new URI(XACMLConstants.RESOURCE_ID));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attribute.setDataType( new URI(XACMLConstants.XS_STRING));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Set serviceName
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attribute = ContextFactory.getInstance().createAttribute();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attribute.setAttributeId(new URI(XACMLConstants.TARGET_SERVICE));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attribute.setDataType(new URI(XACMLConstants.XS_STRING));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Set Resource in Request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Action xacml_action = ContextFactory.getInstance().createAction();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attribute = ContextFactory.getInstance().createAttribute();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attribute.setAttributeId(new URI(XACMLConstants.ACTION_ID));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attribute.setDataType(new URI(XACMLConstants.XS_STRING));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Set actionID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Set Action in Request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ContextFactory.getInstance().createEnvironment();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XACMLRequestProcessor.getInstance().processRequest(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "getPolicyDecisionForFedlet: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "URI Exception while sending the XACML Request");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "getPolicyDecisionForFedlet: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Error while processing the XACML Response");