1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99 package org.opensciencegrid.authz.saml;
100
101
102
103 import java.io.IOException;
104
105 import java.io.InputStream;
106
107 import java.lang.reflect.Constructor;
108
109 import java.util.Collection;
110
111 import java.util.Hashtable;
112
113 import java.util.Iterator;
114
115 import java.util.ArrayList;
116
117
118
119 import org.apache.log4j.Category;
120
121 import org.apache.log4j.NDC;
122
123 import org.w3c.dom.*;
124
125
126
127 import org.opensaml.v1_0_1.*;
128
129
130
131 /***
132
133 * Basic XACMLObligation implementation that
134
135 * can hold rudimentary attribute values
136
137 * <p>
138
139 * The current implementation supports only a
140
141 * single attribute assignment per obligation object.
142
143 *
144
145 * @author Markus Lorch based on code examples from the OpenSAML project
146
147 * @created October 28, 2004
148
149 * modified January 6, 2005 - support opensaml 1.0.1, added namespaces
150
151 *
152
153 */
154
155
156
157
158
159 public class XACMLObligation extends SAMLObject implements Cloneable
160
161 {
162
163
164
165 /*** ObligationID */
166
167 protected String obligationId = null;
168
169
170
171 /*** FullFillOn Attribute */
172
173 protected String fullfillOn = null;
174
175
176
177 /*** Attribute ID */
178
179 protected String attributeId = null;
180
181
182
183 /*** Dataype of the attribute */
184
185 protected String datatype = null;
186
187
188
189 /*** Attribute Value */
190
191 protected String value = null;
192
193
194
195 /*** Logging */
196
197 static Category log = Category.getInstance("XACMLObligation");
198
199
200
201 /***
202
203 * Builds an XACML Obligation
204
205 *
206
207 * @param obligationId Name of the obligation
208
209 * @param fullfillOn the fullfillOn property ("Permit", "Deny")
210
211 * @param attributeId the attribute name
212
213 * @param dataype The schema type of attribute value
214
215 * @param value the attribute value
216
217 * @exception SAMLException Thrown if obligation cannot be built from the
218
219 * supplied information
220
221 */
222
223
224
225 public XACMLObligation(String obligationId, String fullfillOn, String attributeId, String datatype, String value)
226
227 throws SAMLException
228
229 {
230
231 if (obligationId == null || obligationId.length() == 0 )
232
233 throw new MalformedException(SAMLException.RESPONDER, "XACMLObligation() requires ObligationID");
234
235 if (fullfillOn == null || fullfillOn.length() ==0 )
236
237 throw new MalformedException(SAMLException.RESPONDER, "XACMLObligation() requires FullfillOn");
238
239 if (attributeId == null || attributeId.length() == 0 || datatype == null || datatype.length() == 0)
240
241 throw new MalformedException(SAMLException.RESPONDER, "XACMLObligation() requires AttributeID and DataType");
242
243
244
245 this.obligationId = obligationId;
246
247 this.fullfillOn = fullfillOn;
248
249 this.attributeId = attributeId;
250
251 this.datatype = datatype;
252
253 this.value = value;
254
255
256
257 }
258
259
260
261
262
263 /*** creates and empty (uninitialized) XACMLObligation objext */
264
265
266
267 public XACMLObligation() {
268
269 }
270
271
272
273
274
275 /***
276
277 * Reconstructs an XACML Obligation from a DOM tree
278
279 *
280
281 * @param e The root of a DOM tree
282
283 * @exception SAMLException Thrown if the object cannot be constructed
284
285 */
286
287
288
289 public XACMLObligation(Element e)
290
291 throws SAMLException
292
293 {
294
295 this.fromDOM(e);
296
297 }
298
299
300
301
302
303 /***
304
305 * Reconstructs an XACML Obligation from a stream
306
307 *
308
309 * @param in A stream containing XML
310
311 * @exception SAMLException Raised if an exception occurs while constructing
312
313 * the object.
314
315 */
316
317 public XACMLObligation(InputStream in)
318
319 throws SAMLException
320
321 {
322
323 this.fromDOM(fromStream(in));
324
325 }
326
327
328
329 /***
330
331 * Initialization of obligation from a DOM element.<P>
332
333 *
334
335 *
336
337 * @param e Root element of a DOM tree
338
339 * @exception SAMLException Raised if an exception occurs while constructing
340
341 * the object.
342
343 */
344
345 public void fromDOM(Element e)
346
347 throws SAMLException
348
349 {
350
351 super.fromDOM(e);
352
353
354
355
356
357 if (config.getBooleanProperty("org.opensaml.strict-dom-checking") &&
358
359 !XML.isElementNamed(e,OSGXML.SAML_EXT_NS,"XACMLObligation"))
360
361 {
362
363 throw new MalformedException(SAMLException.REQUESTER, "XACMLObligation.fromDOM() requires "
364
365 +OSGXML.SAML_EXT_NS+":XACMLObligation at root");
366
367 }
368
369
370
371 obligationId = e.getAttributeNS(null, "ObligationId");
372
373 fullfillOn = e.getAttributeNS(null, "FullfillOn");
374
375
376
377
378
379
380
381 NodeList nlist = e.getElementsByTagNameNS(OSGXML.SAML_EXT_NS, "AttributeAssignment");
382
383
384
385 if (nlist.getLength() > 0)
386
387 {
388
389 for (int i = 0; i < nlist.getLength(); i++)
390
391 {
392
393
394
395
396
397 attributeId = ((Element) nlist.item(i)).getAttribute("AttributeId");
398
399 datatype = ((Element) nlist.item(i)).getAttribute("Datatype");
400
401 value = ((Element) nlist.item(i)).getFirstChild().getNodeValue();
402
403 }
404
405 } else {
406
407 throw new MalformedException("XACMLObligation requires at least one attribute assignment");
408
409 }
410
411
412
413
414
415 log.debug("parsed obligation with id "+ obligationId + " to be fullfilled on " + fullfillOn);
416
417 log.debug("attribute id is "+attributeId+ " of datatype " + datatype);
418
419 log.debug("and attribute value is "+value);
420
421
422
423 }
424
425
426
427 /***
428
429 * Overridden method to return a DOM tree representing the attribute<P>
430
431 *
432
433 * @param doc A Document object to use in manufacturing the tree
434
435 * @return Root "Attribute" element of a DOM tree
436
437 */
438
439 public Node toDOM(Document doc) throws SAMLException
440
441 {
442
443 if ((root = super.toDOM(doc)) != null)
444
445 return root;
446
447
448
449 Element a = doc.createElementNS("opensciencegrid:authorization:saml","XACMLObligation");
450
451
452
453 a.setAttributeNS(null,"ObligationId", obligationId);
454
455 a.setAttributeNS(null,"FullfillOn", fullfillOn);
456
457
458
459 Element b = doc.createElementNS("opensciencegrid:authorization:saml","AttributeAssignment");
460
461
462
463 b.setAttributeNS(null,"AttributeId", attributeId);
464
465 b.setAttributeNS(null,"Datatype", datatype);
466
467
468
469 b.appendChild(doc.createTextNode(value));
470
471
472
473 a.appendChild(b);
474
475
476
477 return root = a;
478
479 }
480
481
482
483 /***
484
485 * Copies a SAML object such that no dependencies exist between the original
486
487 * and the copy
488
489 *
490
491 * @return The new object
492
493 * @see java.lang.Object#clone()
494
495 */
496
497 public Object clone()
498
499 throws CloneNotSupportedException
500
501 {
502
503 try {
504
505 XACMLObligation dup=new XACMLObligation(obligationId, fullfillOn, attributeId, datatype, value);
506
507 return (Object) dup;
508
509 }
510
511 catch (Exception e) {
512
513 throw new CloneNotSupportedException(e.getMessage());
514
515 }
516
517
518
519 }
520
521
522
523 public String getObligationId() {
524
525 return obligationId;
526
527 }
528
529
530
531 public String getFullfillOn() {
532
533 return fullfillOn;
534
535 }
536
537
538
539 public String getAttributeId() {
540
541 return attributeId;
542
543 }
544
545
546
547 public String getDatatype() {
548
549 return datatype;
550
551 }
552
553
554
555 public String getValue() {
556
557 return value;
558
559 }
560
561
562
563
564
565 }
566