2401d3c2af505789c7c3b860a43e973f27731243jvergara<%--

2401d3c2af505789c7c3b860a43e973f27731243jvergara The contents of this file are subject to the terms

2401d3c2af505789c7c3b860a43e973f27731243jvergara of the Common Development and Distribution License

2401d3c2af505789c7c3b860a43e973f27731243jvergara (the License). You may not use this file except in

2401d3c2af505789c7c3b860a43e973f27731243jvergara compliance with the License.

2401d3c2af505789c7c3b860a43e973f27731243jvergara

2401d3c2af505789c7c3b860a43e973f27731243jvergara You can obtain a copy of the License at

2401d3c2af505789c7c3b860a43e973f27731243jvergara https://opensso.dev.java.net/public/CDDLv1.0.html or

2401d3c2af505789c7c3b860a43e973f27731243jvergara opensso/legal/CDDLv1.0.txt

8cf870d281dc8c242f083d14dfef05f24aa5fceeJnRouvignac See the License for the specific language governing

8cf870d281dc8c242f083d14dfef05f24aa5fceeJnRouvignac permission and limitations under the License.

2401d3c2af505789c7c3b860a43e973f27731243jvergara

2401d3c2af505789c7c3b860a43e973f27731243jvergara When distributing Covered Code, include this CDDL

2401d3c2af505789c7c3b860a43e973f27731243jvergara Header Notice in each file and include the License file

2401d3c2af505789c7c3b860a43e973f27731243jvergara at opensso/legal/CDDLv1.0.txt.

8cf870d281dc8c242f083d14dfef05f24aa5fceeJnRouvignac If applicable, add the following below the CDDL Header,

8cf870d281dc8c242f083d14dfef05f24aa5fceeJnRouvignac with the fields enclosed by brackets [] replaced by

8cf870d281dc8c242f083d14dfef05f24aa5fceeJnRouvignac your own identifying information:

8cf870d281dc8c242f083d14dfef05f24aa5fceeJnRouvignac "Portions Copyrighted [year] [name of copyright owner]"

2401d3c2af505789c7c3b860a43e973f27731243jvergara

2401d3c2af505789c7c3b860a43e973f27731243jvergara Copyright 2009 Sun Microsystems Inc. All Rights Reserved

2401d3c2af505789c7c3b860a43e973f27731243jvergara

2401d3c2af505789c7c3b860a43e973f27731243jvergara--%>

2401d3c2af505789c7c3b860a43e973f27731243jvergara

65e99be301d5a19db33f25841f671756e8dbb9b5ludovicp<%--

0f8553e2af5fc49a510ecfcfc93e66d06713f631ludo Portions Copyrighted 2013-2014 ForgeRock AS

2401d3c2af505789c7c3b860a43e973f27731243jvergara Portions Copyrighted 2014 Nomura Research Institute, Ltd

2401d3c2af505789c7c3b860a43e973f27731243jvergara--%>

2401d3c2af505789c7c3b860a43e973f27731243jvergara

0f8553e2af5fc49a510ecfcfc93e66d06713f631ludo<%--

27f8adec83293fb8bd3bfa37175322b0ee3bb933jvergara fedletXACMLQuery.jsp

52e2f87fad88634e1bc5e70af7fc7407d7a92097jvergara This JSP used by the Fedlet to get the Resource URL. Fedlet uses XACML

to determine whether right policy has been defined for the Resource URL

--%>

<%@ page import="com.sun.identity.shared.encode.URLEncDec" %>

<%@ page import="java.io.File" %>

<%@ page import="java.util.Set" %>

<%@ page import="com.sun.identity.cot.CircleOfTrustManager" %>

<%@ page import="org.owasp.esapi.ESAPI"%>

<script>

function checkEmptyResource() {

if (document.fedletXACMLQuery.resource.value == "") {

alert("Resource URL cannot be empty");

return false;

}

return true;

}

</script>

<%

String deployuri = request.getRequestURI();

int slashLoc = deployuri.indexOf("/", 1);

if (slashLoc != -1) {

deployuri = deployuri.substring(0, slashLoc);

}

String fedletHomeDir = System.getProperty("com.sun.identity.fedlet.home");

if ((fedletHomeDir == null) || (fedletHomeDir.trim().length() == 0)) {

if (System.getProperty("user.home").equals(File.separator)) {

fedletHomeDir = File.separator + "fedlet";

} else {

fedletHomeDir = System.getProperty("user.home") +

File.separator + "fedlet";

}

}

%>

<html>

<head>

<title>XACML Query</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" type="text/css" href="<%= deployuri %>/com_sun_web_ui/css/css_ns6up.css" />

</head>

<body>

<div class="MstDiv"><table width="100%" border="0" cellpadding="0" cellspacing="0" class="MstTblTop" title="">

<tbody><tr>

<td nowrap="nowrap">&nbsp;</td>

<td nowrap="nowrap">&nbsp;</td>

</tr></tbody></table>

<table width="100%" border="0" cellpadding="0" cellspacing="0" class="MstTblBot" title="">

<tbody><tr>

<td class="MstTdTtl" width="99%">

<div class="MstDivTtl"><img name="ProdName" src="<%= deployuri %>/console/images/PrimaryProductName.png" alt="" /></div></td><td class="MstTdLogo" width="1%"><img name="RMRealm.mhCommon.BrandLogo" src="<%= deployuri %>/com_sun_web_ui/images/other/javalogo.gif" alt="Java(TM) Logo" border="0" height="55" width="31" /></td></tr></tbody></table>

<table class="MstTblEnd" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td><img name="RMRealm.mhCommon.EndorserLogo" src="<%= deployuri %>/com_sun_web_ui/images/masthead/masthead-sunname.gif" alt="Sun(TM) Microsystems, Inc." align="right" border="0" height="10" width="108" /></td></tr></tbody></table></div><div class="SkpMedGry1"><a name="SkipAnchor2089" id="SkipAnchor2089"></a></div>

<div class="SkpMedGry1"><a href="#SkipAnchor4928"><img src="<%= deployuri %>/com_sun_web_ui/images/other/dot.gif" alt="Jump Over Tab Navigation Area. Current Selection is: Access Control" border="0" height="1" width="1" /></a></div>

<p><br>

<table border="0" width="700">

<tr>

<td colspan="2">

<%

try {

CircleOfTrustManager cotManager = new CircleOfTrustManager();

Set members = cotManager.getAllCirclesOfTrust("/");

if ((members == null) || members.isEmpty()) {

out.print("Misconfiguration - No circle of trust for root realm.");

} else {

out.print("Circle of trust names for root realm: ");

boolean isFirst = true;

for (Object member : members) {

if (isFirst) {

isFirst = false;

} else {

out.print(", ");

}

out.print(member);

}

}

} catch (Exception e) {

out.print(e.toString());

}

%>

</td>

</tr>

<tr>

<td colspan="2"> </td>

</tr>

<tr>

<td colspan="2">

<hr>

<form method=get name="fedletXACMLQuery" action=fedletXACMLResp.jsp onsubmit="return checkEmptyResource();">

<h1> XACML Query </h1>

<%

String idpEntityID = request.getParameter("idpEntityID");

if (!ESAPI.validator().isValidInput("HTTP Parameter Value: " + idpEntityID, idpEntityID,

"HTTPParameterValue", 2000, false)){

idpEntityID = "";

}

String spEntityID = request.getParameter("spEntityID");

if (!ESAPI.validator().isValidInput("HTTP Parameter Value: " + spEntityID, spEntityID,

"HTTPParameterValue", 2000, false)){

spEntityID = "";

}

String nameIDValue = request.getParameter("nameIDValue");

if (!ESAPI.validator().isValidInput("HTTP Parameter Value: " + nameIDValue, nameIDValue,

"HTTPParameterValue", 2000, false)){

nameIDValue = "";

}

String newNameIDValue = URLEncDec.encode(nameIDValue);

%>

<p>

<input type=hidden name=idpEntityID value="<%=idpEntityID%>">

<input type=hidden name=spEntityID value="<%=spEntityID%>">

<input type=hidden name=nameIDValue value="<%=newNameIDValue%>">

<h3>Resource URL</h3>

<input type=text name=resource value=<%=request.getRequestURL()%> size=120> <br>

<p> <p>

<h3>Action</h3>

<input type="radio" name="action" value="GET" checked/> GET <br>

<input type="radio" name="action" value="POST"/> POST <br>

<input type=submit>

</form>

<hr>

</td>

</tr>

<tr>

<td colspan="2"> </td>

</tr>

</table>

</body>

</html>