Examples of org.jboss.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType

• org.picketlink.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType

  Java class for XACMLAuthzDecisionStatementType complex type.

  The following schema fragment specifies the expected content contained within this class.

   <complexType name="XACMLAuthzDecisionStatementType"> <complexContent> <extension base="{urn:oasis:names:tc:SAML:2.0:assertion}StatementAbstractType"> <sequence> <element ref="{urn:oasis:names:tc:xacml:2.0:context:schema:os}Response"/> <element ref="{urn:oasis:names:tc:xacml:2.0:context:schema:os}Request" minOccurs="0"/> </sequence> </extension> </complexContent> </complexType> 

      if(request == null)
         throw new IllegalArgumentException("request is null");
      if(responseType == null)
         throw new IllegalArgumentException("response type is null");

      StatusType statusType = responseType.getStatus();
      if(statusType == null)
         throw new IllegalArgumentException("Status Type from the IDP is null");

      String statusValue = statusType.getStatusCode().getValue();
      if(JBossSAMLURIConstants.STATUS_SUCCESS.get().equals(statusValue) == false)
         throw new SecurityException("IDP forbid the user");

      List<Object> assertions = responseType.getAssertionOrEncryptedAssertion();
      if(assertions.size() == 0)

      if(request == null)
         throw new IllegalArgumentException("request is null");
      if(responseType == null)
         throw new IllegalArgumentException("response type is null");

      StatusType statusType = responseType.getStatus();
      if(statusType == null)
         throw new IllegalArgumentException("Status Type from the IDP is null");

      String statusValue = statusType.getStatusCode().getValue();
      if(JBossSAMLURIConstants.STATUS_SUCCESS.get().equals(statusValue) == false)
         throw new SecurityException("IDP forbid the user");

      List<Object> assertions = responseType.getAssertionOrEncryptedAssertion();
      if(assertions.size() == 0)

   public static StatusType createStatusType(String statusCodeURI)
   {
      StatusCodeType sct = SAMLProtocolFactory.getObjectFactory().createStatusCodeType();
      sct.setValue(statusCodeURI);

      StatusType statusType = SAMLProtocolFactory.getObjectFactory().createStatusType();
      statusType.setStatusCode(sct);
      return statusType;
   }

     * @param response
     * @return
     */
    public static XACMLAuthzDecisionStatementType createXACMLAuthzDecisionStatementType(RequestType request,
            ResponseType response) {
        XACMLAuthzDecisionStatementType xacmlStatement = new XACMLAuthzDecisionStatementType();
        xacmlStatement.setRequest(request);
        xacmlStatement.setResponse(response);
        return xacmlStatement;
    }

        ResponseType responseType = new ResponseType();
        ResultType resultType = responseContext.getResult();
        responseType.getResult().add(resultType);

        XACMLAuthzDecisionStatementType xacmlStatement = XACMLContextFactory.createXACMLAuthzDecisionStatementType(requestType,
                responseType);

        // Place the xacml statement in an assertion
        // Then the assertion goes inside a SAML Response

            } else if (JBossSAMLConstants.STATEMENT.get().equalsIgnoreCase(tag)) {
                startElement = StaxParserUtil.getNextStartElement(xmlEventReader);

                String xsiTypeValue = StaxParserUtil.getXSITypeValue(startElement);
                if (xsiTypeValue.contains(JBossSAMLConstants.XACML_AUTHZ_DECISION_STATEMENT_TYPE.get())) {
                    XACMLAuthzDecisionStatementType authZStat = new XACMLAuthzDecisionStatementType();

                    startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
                    tag = StaxParserUtil.getStartElementName(startElement);

                    if (tag.contains(JBossSAMLConstants.RESPONSE.get())) {
                        authZStat.setResponse(getXACMLResponse(xmlEventReader));
                        startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
                        // There may be request also
                        tag = StaxParserUtil.getStartElementName(startElement);
                        if (tag.contains(JBossSAMLConstants.REQUEST.get())) {
                            authZStat.setRequest(getXACMLRequest(xmlEventReader));
                        }
                    }

                    EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
                    StaxParserUtil.validate(endElement, JBossSAMLConstants.STATEMENT.get());

        AssertionType assertion = response.getAssertions().get(0).getAssertion();
        assertEquals("ID_response-id_1", assertion.getID());
        assertEquals(XMLTimeUtil.parse("2008-03-19T22:17:13Z"), assertion.getIssueInstant());
        assertEquals("2.0", assertion.getVersion());

        XACMLAuthzDecisionStatementType xacmlStat = (XACMLAuthzDecisionStatementType) assertion.getStatements().iterator()
                .next();
        assertNotNull(xacmlStat.getRequest());
        assertNotNull(xacmlStat.getResponse());

        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        // Lets do the writing
        SAMLResponseWriter writer = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(baos));
        writer.write(response);

            SAMLResponseParser samlResponseParser = new SAMLResponseParser();
            ResponseType responseType = (ResponseType) samlResponseParser.parse(xmlEventReader);

            // ResponseType responseType = (ResponseType) response;
            AssertionType at = responseType.getAssertions().get(0).getAssertion();
            XACMLAuthzDecisionStatementType xst = (XACMLAuthzDecisionStatementType) at.getStatements().iterator().next();
            ResultType rt = xst.getResponse().getResult().get(0);
            DecisionType dt = rt.getDecision();

            return new Result(dt, null);
        } catch (IOException e) {
            throw logger.processingError(e);

        SOAPMessage soapMessage = SOAPUtil.getSOAP12Message(bis);

        soapMessage.writeTo(System.out);

        Node xacmlNode = soapMessage.getSOAPBody().getChildNodes().item(0);
        XACMLAuthzDecisionStatementType xacmlStatement = SOAPSAMLXACMLUtil.getDecisionStatement(xacmlNode);
        assertNotNull(xacmlStatement);
    }

        ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());

        SOAPMessage soapMessage = SOAPUtil.getSOAPMessage(bis);

        Node xacmlNode = soapMessage.getSOAPBody().getChildNodes().item(0);
        XACMLAuthzDecisionStatementType xacmlStatement = SOAPSAMLXACMLUtil.getDecisionStatement(xacmlNode);
        /*
         * Unmarshaller un = JAXBUtil.getUnmarshaller(SOAPSAMLXACMLUtil.getPackage()); JAXBElement<Envelope> jax =
         * (JAXBElement<Envelope>) un.unmarshal(bis); Envelope envelope = jax.getValue(); assertNotNull("Envelope is not null",
         * envelope);
         *
         * JAXBElement<ResponseType> jaxbResponseType = (JAXBElement<ResponseType>) envelope.getBody().getAny().get(0);
         * ResponseType responseType = jaxbResponseType.getValue();
         *
         * assertNotNull("ResponseType is not null", responseType); AssertionType assertion = (AssertionType)
         * responseType.getAssertionOrEncryptedAssertion().get(0); XACMLAuthzDecisionStatementType xacmlStatement =
         * (XACMLAuthzDecisionStatementType) assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().get(0);
         */

        assertNotNull("XACML Authorization Statement is not null", xacmlStatement);
        org.jboss.security.xacml.core.model.context.ResponseType xacmlResponse = xacmlStatement.getResponse();
        ResultType resultType = xacmlResponse.getResult().get(0);
        DecisionType decision = resultType.getDecision();
        assertNotNull("Decision is not null", decision);
        assertEquals(value, decision.value());
    }