aboutsummaryrefslogtreecommitdiffstats
path: root/tutorials/tutorial-xacml-application/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'tutorials/tutorial-xacml-application/src/main/java')
-rw-r--r--tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java58
-rw-r--r--tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java97
-rw-r--r--tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java168
3 files changed, 323 insertions, 0 deletions
diff --git a/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java b/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java
new file mode 100644
index 00000000..3c76494b
--- /dev/null
+++ b/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java
@@ -0,0 +1,58 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.tutorial.tutorial;
+
+import java.util.Arrays;
+import java.util.List;
+import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicyTypeIdentifier;
+import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator;
+import org.onap.policy.pdp.xacml.application.common.std.StdXacmlApplicationServiceProvider;
+
+public class TutorialApplication extends StdXacmlApplicationServiceProvider {
+
+ private final ToscaPolicyTypeIdentifier supportedPolicyType =
+ new ToscaPolicyTypeIdentifier("onap.policies.Authorization", "1.0.0");
+ private final TutorialTranslator translator = new TutorialTranslator();
+
+ @Override
+ public String applicationName() {
+ return "tutorial";
+ }
+
+ @Override
+ public List<String> actionDecisionsSupported() {
+ return Arrays.asList("authorize");
+ }
+
+ @Override
+ public synchronized List<ToscaPolicyTypeIdentifier> supportedPolicyTypes() {
+ return Arrays.asList(supportedPolicyType);
+ }
+
+ @Override
+ public boolean canSupportPolicyType(ToscaPolicyTypeIdentifier policyTypeId) {
+ return supportedPolicyType.equals(policyTypeId);
+ }
+
+ @Override
+ protected ToscaPolicyTranslator getTranslator(String type) {
+ return translator;
+ }
+
+}
diff --git a/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java b/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java
new file mode 100644
index 00000000..4bb94cd7
--- /dev/null
+++ b/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java
@@ -0,0 +1,97 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.tutorial.tutorial;
+
+import com.att.research.xacml.std.annotations.XACMLAction;
+import com.att.research.xacml.std.annotations.XACMLRequest;
+import com.att.research.xacml.std.annotations.XACMLResource;
+import com.att.research.xacml.std.annotations.XACMLSubject;
+import java.util.Map;
+import java.util.Map.Entry;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.ToString;
+import org.onap.policy.models.decisions.concepts.DecisionRequest;
+
+@Getter
+@Setter
+@ToString
+@XACMLRequest(ReturnPolicyIdList = true)
+public class TutorialRequest {
+ @XACMLSubject(includeInResults = true)
+ private String onapName;
+
+ @XACMLSubject(attributeId = "urn:org:onap:onap-component", includeInResults = true)
+ private String onapComponent;
+
+ @XACMLSubject(attributeId = "urn:org:onap:onap-instance", includeInResults = true)
+ private String onapInstance;
+
+ @XACMLAction()
+ private String action;
+
+ @XACMLResource(attributeId = "urn:org:onap:tutorial-user", includeInResults = true)
+ private String user;
+
+ @XACMLResource(attributeId = "urn:org:onap:tutorial-entity", includeInResults = true)
+ private String entity;
+
+ @XACMLResource(attributeId = "urn:org:onap:tutorial-permission", includeInResults = true)
+ private String permission;
+
+ /**
+ * createRequest.
+ *
+ * @param decisionRequest Incoming
+ * @return TutorialRequest object
+ */
+ public static TutorialRequest createRequest(DecisionRequest decisionRequest) {
+ //
+ // Create our object
+ //
+ TutorialRequest request = new TutorialRequest();
+ //
+ // Add the subject attributes
+ //
+ request.onapName = decisionRequest.getOnapName();
+ request.onapComponent = decisionRequest.getOnapComponent();
+ request.onapInstance = decisionRequest.getOnapInstance();
+ //
+ // Add the action attribute
+ //
+ request.action = decisionRequest.getAction();
+ //
+ // Add the resource attributes
+ //
+ Map<String, Object> resources = decisionRequest.getResource();
+ for (Entry<String, Object> entrySet : resources.entrySet()) {
+ if ("user".equals(entrySet.getKey())) {
+ request.user = entrySet.getValue().toString();
+ }
+ if ("entity".equals(entrySet.getKey())) {
+ request.entity = entrySet.getValue().toString();
+ }
+ if ("permission".equals(entrySet.getKey())) {
+ request.permission = entrySet.getValue().toString();
+ }
+ }
+
+ return request;
+ }
+}
diff --git a/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java b/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java
new file mode 100644
index 00000000..7a6b5d8a
--- /dev/null
+++ b/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java
@@ -0,0 +1,168 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.tutorial.tutorial;
+
+import com.att.research.xacml.api.DataTypeException;
+import com.att.research.xacml.api.Decision;
+import com.att.research.xacml.api.Identifier;
+import com.att.research.xacml.api.Request;
+import com.att.research.xacml.api.Response;
+import com.att.research.xacml.api.Result;
+import com.att.research.xacml.api.XACML3;
+import com.att.research.xacml.std.IdentifierImpl;
+import com.att.research.xacml.std.annotations.RequestParser;
+import java.util.List;
+import java.util.Map;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType;
+import org.onap.policy.models.decisions.concepts.DecisionRequest;
+import org.onap.policy.models.decisions.concepts.DecisionResponse;
+import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy;
+import org.onap.policy.pdp.xacml.application.common.ToscaDictionary;
+import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
+import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator;
+import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslatorUtils;
+
+public class TutorialTranslator implements ToscaPolicyTranslator {
+
+ private static final Identifier ID_TUTORIAL_USER = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-user");
+ private static final Identifier ID_TUTORIAL_ENTITY =
+ new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-entity");
+ private static final Identifier ID_TUTORIAL_PERM =
+ new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-permission");
+
+ /**
+ * Convert Policy from TOSCA to XACML.
+ */
+ @SuppressWarnings("unchecked")
+ public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException {
+ //
+ // Here is our policy with a version and default combining algo
+ //
+ PolicyType newPolicyType = new PolicyType();
+ newPolicyType.setPolicyId(toscaPolicy.getMetadata().get("policy-id"));
+ newPolicyType.setVersion(toscaPolicy.getMetadata().get("policy-version"));
+ //
+ // When choosing the rule combining algorithm, be sure to be mindful of the
+ // setting xacml.att.policyFinderFactory.combineRootPolicies in the
+ // xacml.properties file. As that choice for ALL the policies together may have
+ // an impact on the decision rendered from each individual policy.
+ //
+ // In this case, we will only produce XACML rules for permissions. If no permission
+ // combo exists, then the default is to deny.
+ //
+ newPolicyType.setRuleCombiningAlgId(XACML3.ID_RULE_DENY_UNLESS_PERMIT.stringValue());
+ //
+ // Create the target for the Policy.
+ //
+ // For simplicity, let's just match on the action "authorize" and the user
+ //
+ MatchType matchAction = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
+ XACML3.ID_FUNCTION_STRING_EQUAL, "authorize", XACML3.ID_DATATYPE_STRING,
+ XACML3.ID_ACTION_ACTION_ID, XACML3.ID_ATTRIBUTE_CATEGORY_ACTION);
+ Map<String, Object> props = toscaPolicy.getProperties();
+ String user = props.get("user").toString();
+ MatchType matchUser = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(XACML3.ID_FUNCTION_STRING_EQUAL, user,
+ XACML3.ID_DATATYPE_STRING, ID_TUTORIAL_USER, XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
+ AnyOfType anyOf = new AnyOfType();
+ //
+ // Create AllOf (AND) of just Policy Id
+ //
+ anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchAction, matchUser));
+ TargetType target = new TargetType();
+ target.getAnyOf().add(anyOf);
+ newPolicyType.setTarget(target);
+ //
+ // Now add the rule for each permission
+ //
+ int ruleNumber = 0;
+ List<Object> permissions = (List<Object>) props.get("permissions");
+ for (Object permission : permissions) {
+
+ MatchType matchEntity = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(XACML3.ID_FUNCTION_STRING_EQUAL,
+ ((Map<String, String>) permission).get("entity"), XACML3.ID_DATATYPE_STRING, ID_TUTORIAL_ENTITY,
+ XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
+
+ MatchType matchPermission = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
+ XACML3.ID_FUNCTION_STRING_EQUAL, ((Map<String, String>) permission).get("permission"),
+ XACML3.ID_DATATYPE_STRING, ID_TUTORIAL_PERM, XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
+ anyOf = new AnyOfType();
+ anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchEntity, matchPermission));
+ target = new TargetType();
+ target.getAnyOf().add(anyOf);
+
+ RuleType rule = new RuleType();
+ rule.setDescription("Default is to PERMIT if the policy matches.");
+ rule.setRuleId(newPolicyType.getPolicyId() + ":rule" + ruleNumber);
+
+ rule.setEffect(EffectType.PERMIT);
+ rule.setTarget(target);
+
+ newPolicyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
+
+ ruleNumber++;
+ }
+ return newPolicyType;
+ }
+
+ /**
+ * Convert ONAP DecisionRequest to XACML Request.
+ */
+ public Request convertRequest(DecisionRequest request) {
+ try {
+ return RequestParser.parseRequest(TutorialRequest.createRequest(request));
+ } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) {
+ // Empty
+ }
+ return null;
+ }
+
+ /**
+ * Convert XACML Response to ONAP DecisionResponse.
+ */
+ public DecisionResponse convertResponse(Response xacmlResponse) {
+ DecisionResponse decisionResponse = new DecisionResponse();
+ //
+ // Iterate through all the results
+ //
+ for (Result xacmlResult : xacmlResponse.getResults()) {
+ //
+ // Check the result
+ //
+ if (xacmlResult.getDecision() == Decision.PERMIT) {
+ //
+ // Just simply return a Permit response
+ //
+ decisionResponse.setStatus(Decision.PERMIT.toString());
+ } else {
+ //
+ // Just simply return a Deny response
+ //
+ decisionResponse.setStatus(Decision.DENY.toString());
+ }
+ }
+
+ return decisionResponse;
+ }
+
+}