a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: XACMLAuthzDecisionStatementImpl.java,v 1.4 2008/11/10 22:57:06 veiming Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.xacml.common.XACMLConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.xacml.common.XACMLException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.xacml.common.XACMLSDKUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.xacml.context.ContextFactory;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.xacml.saml2.XACMLAuthzDecisionStatement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This is the default implementation of interface <code>XACMLAuthzDecisionStatement</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <xs:element name="XACMLAuthzDecisionStatement"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * type="xacml-saml:XACMLAuthzDecisionStatementType"/>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <xs:complexType name="XACMLAuthzDecisionStatementType">
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <xs:complexContent>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <xs:extension base="saml:StatementAbstractType">
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <xs:sequence>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <xs:element ref="xacml-context:Response"/>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <xs:element ref="xacml-context:Request" minOccurs="0"/>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <xs:sequence>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <xs:extension>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <xs:complexContent>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *<xs:complexType>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Schema for the base type is
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <complexType name="StatementAbstractType">
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <complexContent>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * </restriction>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * </complexContent>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * </complexType>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructs an <code>XACMLAuthzDecisionStatement</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructs an <code>XACMLAuthzDecisionStatementImpl</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * from an XML string
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param xml string representing an
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>XACMLAuthzDecisionStatementImpl</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception XACMLException if the XML string could not be processed
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public XACMLAuthzDecisionStatementImpl(String xml)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Document document = XMLUtils.toDOMDocument(xml, XACMLSDKUtils.debug);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Element rootElement = document.getDocumentElement();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "DecisionImpl.processElement(): invalid XML input");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "errorObtainingElement"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructs an <code>XACMLAuthzDecisionStatementImpl</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * from an XML DOM element
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param element XML DOM element representing an
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>XACMLAuthzDecisionStatementImpl</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws XACMLException if the DOM element could not be processed
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public XACMLAuthzDecisionStatementImpl(org.w3c.dom.Element element)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns <code>Response</code> element of this object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the <code>Response</code> element of this object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets <code>Response</code> element of this object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response XACML context <code>Response</code> element to be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * set in this object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws XACMLException if the object is immutable and response is
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XACMLSDKUtils.xacmlResourceBundle.getString("objectImmutable"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XACMLSDKUtils.xacmlResourceBundle.getString("null_not_valid"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns <code>Request</code> element of this object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the <code>Request</code> element of this object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets <code>Request</code> element of this object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request XACML context <code>Request</code> element to be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * set in this object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws XACMLException if the object is immutable.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XACMLSDKUtils.xacmlResourceBundle.getString("objectImmutable"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns a string representation
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a string representation
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception XACMLException if conversion fails for any reason
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String toXMLString() throws XACMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //top level element, declare namespace
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return toXMLString(true, true);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns a string representation
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param includeNSPrefix Determines whether or not the namespace qualifier
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * is prepended to the Element when converted
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param declareNS Determines whether or not the namespace is declared
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * within the Element.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a string representation
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception XACMLException if conversion fails for any reason
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String toXMLString(boolean includeNSPrefix, boolean declareNS)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster xacmlSamlNsDeclaration = XACMLConstants.XACML_SAML_NS_DECLARATION;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster xacmlSamlNsPrefix = XACMLConstants.XACML_SAML_NS_PREFIX;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster .append(XACMLConstants.XSI_TYPE_XACML_AUTHZ_DECISION_STATEMENT)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster .append(XACMLConstants.XACML_SAML_NS_DECLARATION)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sb.append(response.toXMLString(includeNSPrefix, true));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sb.append(request.toXMLString(includeNSPrefix, true));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Checks if the object is mutable
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>true</code> if the object is mutable,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>false</code> otherwise
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Makes the object immutable
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private void processElement(Element element) throws XACMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "DecisionImpl.processElement(): invalid root element");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "invalid_element"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "DecisionImpl.processElement(): local name missing");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "missing_local_name"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (!elemName.equals(XACMLConstants.SAML_STATEMENT)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "DecisionImpl.processElement(): invalid local name "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "invalid_local_name"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //TODO: add a check for xsi:type
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (child.getNodeType() == Node.ELEMENT_NODE) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "ResultImpl.processElement(): invalid child element count: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "ResultImpl.processElement(): invalid child element count: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //process Response element
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Element firstChild = (Element)childElements.get(0);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String firstChildName = firstChild.getLocalName();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (firstChildName.equals(XACMLConstants.RESPONSE)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "ResultImpl.processElement(): invalid first child element: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //process Request element
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Element secondChild = (Element)childElements.get(1);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String secondChildName = secondChild.getLocalName();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (secondChildName.equals(XACMLConstants.REQUEST)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "ResultImpl.processElement(): invalid second child element: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new XACMLException(XACMLSDKUtils.xacmlResourceBundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "invalid_second_child")); //FIXME: add i18n key
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Element thirdChild = (Element)childElements.get(2);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String thirdChildName = thirdChild.getLocalName();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "ResultImpl.processElement(): invalid third child element: "