/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: XACMLAuthzDecisionQueryImpl.java,v 1.4 2008/06/25 05:48:15 qcheng Exp $
*
*/
/**
* The <code>XACMLAuthzDecisionQueryImpl</code> is an impelmentation
* of <code>XACMLAuthzDecisionQuery</code> interface.
*
* The <code>XACMLAuthzDecisionQuery</code> element is a SAML Query that
* extends SAML Protocol schema type <code>RequestAbstractType</code>.
* It allows an XACML PEP to submit an XACML Request Context in a SAML
* Query along with other information. This element is an alternative to
* SAML defined <code><samlp:AuthzDecisionQuery></code> that allows an
* XACML PEP to communicate with an XACML PDP using SAML2 protocol.
* <p>
* <pre>
*<xs:element name="XACMLAuthzDecisionQuery"
* type="XACMLAuthzDecisionQueryType"/>
*<xs:complexType name="XACMLAuthzDecisionQueryType">
* <xs:complexContent>
* <xs:extension base="samlp:RequestAbstractType">
* <xs:sequence>
* <xs:element ref="xacml-context:Request"/>
* <xs:sequence>
* <xs:attribute name="InputContextOnly"
* type="boolean"
* use="optional"
* default="false"/>
* <xs:attribute name="ReturnContext"
* type="boolean"
* use="optional"
* default="false"/>
* <xs:extension>
* <xs:complexContent>
*<xs:complexType>
* </pre>
*
* Schema for Base:
* <pre>
* <complexType name="RequestAbstractType" abstract="true">
* <sequence>
* <element ref="saml:Issuer" minOccurs="0"/>
* <element ref="ds:Signature" minOccurs="0"/>
* <element ref="samlp:Extensions" minOccurs="0"/>
* <sequence>
* <attribute name="ID" type="ID" use="required"/>
* <attribute name="Version" type="string" use="required"/>
* <attribute name="IssueInstant" type="dateTime" use="required"/>
* <attribute name="Destination" type="anyURI" use="optional"/>
* <attribute name="Consent" type="anyURI" use="optional"/>
* <complexType>
* </pre>
*@supported.all.api
*/
implements XACMLAuthzDecisionQuery {
//TODO: need to reimplement toXML, toXML, process,
//makeImmutable, isMutable methods
private boolean inputContextOnly = false;
private boolean returnContext = false;
/**
* Default constructor
*/
public XACMLAuthzDecisionQueryImpl() {
isMutable = true;
}
/**
* This constructor is used to build <code>XACMLAuthzDecisionQuery</code>
* object from a block of existing XML that has already been built into a
* DOM.
*
* @param element A <code>org.w3c.dom.Element</code> representing
* DOM tree for <code>XACMLAuthzDecisionQuery</code> object
* @exception SAML2Exception if it could not process the Element
*/
if (isSigned) {
}
}
/**
* This constructor is used to build <code>XACMLAuthzDecisionQuery</code>
* object from a XML string.
*
* @param xml A <code>java.lang.String</code> representing
* an <code>XACMLAuthzDecisionQuery</code> object
* @exception XACMLException if it could not process the XML string
*/
if(isSigned) {
}
} else {
"XACMLAuthzDecisionQueryImpl.processElement(): invalid XML "
+"input");
"errorObtainingElement"));
}
}
/**
* Returns the XML attribute boolean value which governs the
* source of information that the PDP is allowed to use in
* making an authorization decision. If this attribute is "true"
* then it indiactes that the authorization decision has been made
* solely on the basis of information contained in the <code>
* XACMLAuthzDecisionQuery</code>; no external attributes have been
* used. If this value is "false" then the decision may have been made
* on the basis of external attributes not conatined in the <code>
* XACMLAuthzDecisionQuery</code>.
* @return <code>boolean</code> indicating the value
* of this attribute.
*/
public boolean getInputContextOnly() {
return inputContextOnly;
}
/**
* Sets the XML attribute boolean value which governs the
* source of information that the PDP is allowed to use in
* making an authorization decision. If this attribute is "true"
* then it indicates to the PDP that the authorization decision has to be
* made solely on the basis of information contained in the <code>
* XACMLAuthzDecisionQuery</code>; no external attributes may be
* used. If this value is "false" then the decision can be made
* on the basis of external attributes not conatined in the <code>
* XACMlAuthzDecisionQuery</code>.
* @param inputContextOnly <code>boolean</code> indicating the value
* of this attribute.
*
* @exception XACMLException if the object is immutable
* An object is considered <code>immutable</code> if <code>
* makeImmutable()</code> has been invoked on it. It can
* be determined by calling <code>isMutable</code> on the object.
*/
{
this.inputContextOnly = inputContextOnly;
}
/**
* Returns the XML attribute boolean value which provides means
* to PEP to request that an <code>xacml-context>Request</code>
* element be included in the <code>XACMlAuthzdecisionStatement</code>
* resulting from the request. It also governs the contents of that
* <code.Request</code> element. If this attribite is "true" then the
* PDP SHALL include the <code>xacml-context:Request</code> element in the
* <code>XACMLAuthzDecisionStatement</code> element in the
* <code>XACMLResponse</code>.
* The <code>xacml-context:Request</code> SHALL include all the attributes
* supplied by the PEP in the <code>AuthzDecisionQuery</code> which were
* used in making the authz decision. Other addtional attributes which may
* have been used by the PDP may be included.
* If this attribute is "false" then the PDP SHALL NOT include the
* <code>xacml-context:Request</code> element in the
* <code>XACMLAuthzDecisionStatement<code>.
*
* @return <code>boolean</code> indicating the value
* of this attribute.
*/
public boolean getReturnContext() {
return returnContext;
}
/**
* Sets the boolean value for this XML attribute
*
* @param returnContext <code>boolean</code> indicating the value
* of this attribute.
*
* @exception XACMLException if the object is immutable
* An object is considered <code>immutable</code> if <code>
* makeImmutable()</code> has been invoked on it. It can
* be determined by calling <code>isMutable</code> on the object.
*
* @see #getReturnContext()
*/
this.returnContext = returnContext;
}
/**
* Returns the <code>xacml-context:Request</code> element of this object
*
* @return the <code>xacml-context:Request</code> elements of this object
*/
return request;
}
/**
* Sets the <code>xacml-context:Request</code> element of this object
*
* @param request the <code>xacml-context:Request</code> element of this
* object.
*
* @exception XACMLException if the object is immutable
* An object is considered <code>immutable</code> if <code>
* makeImmutable()</code> has been invoked on it. It can
* be determined by calling <code>isMutable</code> on the object.
*/
throw new XACMLException(
"null_not_valid"));
}
}
/**
* Returns a string representation of this object
*
* @return a string representation of this object
* @exception XACMLException if conversion fails for any reason
*/
//top level element
return toXMLString(true, true);
}
/**
* Returns a <code>String</code> representation of this object
* @param includeNSPrefix Determines whether or not the namespace qualifier
* is prepended to the Element when converted
* @param declareNS Determines whether or not the namespace is declared
* within the Element.
* @return a string representation of this object
* @exception XACMLException if conversion fails for any reason
*/
throws XACMLException {
return signedXMLString;
}
//validateData();
if (declareNS) {
}
if (includeNSPrefix) {
}
issueInstant)));
append("\"");
}
}
try {
}
if (signatureString != null) {
}
if (extensions != null) {
}
} catch (Exception e) {
}
}
.append(">\n");
}
//TODO: fix
"XACMLAuthzDecisionQueryImpl.processElement(): "
+ "invalid root element");
"invalid_element"));
}
// First check that we're really parsing an XACMLAuthzDecisionQuery
"XACMLAuthzDecisionQueryImpl.processElement(): "
+ "invalid root element");
"missing_local_name"));
}
//TODO: check for xsi:type=
// now we get the request
//validation error, throw error
} else {
}
}
}
}
// make sure we got a request
//throw new XACMLException(
// XACMLSDKUtils.xacmlResourceBundle.getString(
// "null_not_valid"));
}
if (returnContextString != null) {
}
if (inputContextOnlyString != null) {
.booleanValue();
}
//TODO: change the baseclass impl and call super.parse...
//parse the attributes of base class RequestAbstract
for (int i = 0; i < length; i++) {
try {
} catch (ParseException pe) {
}
}
}
}
//parse the elements of base class RequestAbstract
for (int i = 0; i < length; i++) {
"ArtifactResolveImpl.parse"
+ "Element: included more than one Issuer.");
}
throw new XACMLException(
"invalid_duplicate_element"));
}
if (signatureString != null ||
extensions != null )
{
"ArtifactResolveImpl.parse"
+ "Element:wrong sequence.");
}
throw new XACMLException(
"schemaViolation"));
}
if (signatureString != null) {
"ArtifactResolveImpl.parse"
+ "Element:included more than one Signature.");
}
throw new XACMLException(
"invalid_duplicate_element"));
}
if (extensions != null ) {
"ArtifactResolveImpl.parse"
+ "Element:wrong sequence.");
}
throw new XACMLException(
"schemaViolation"));
}
isSigned = true;
if (extensions != null) {
"ArtifactResolveImpl.parse"
+ "Element:included more than one Extensions.");
}
throw new XACMLException(
"invalid_duplicate_element"));
}
//no action, it has been processd already
} else {
"XACMLAuthzDecisionQueryImpl.parseDOMElement"
+ "Element: Invalid element:" + childName);
}
throw new XACMLException(
"invalidElement"));
}
}
}
validateData();
}
/**
* Makes the object immutable
*/
public void makeImmutable() {
//TODO: fix
}
//TODO: fix or remove?
super.validateData();
}
}