Adding another method to get the complete PDP Resource List

rnavagamuwa · Mar 21, 2019 · 2f015e6 · 2f015e6
1 parent 93761b1
commit 2f015e6
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 10 deletions.
diff --git a/sample/src/main/resources/application.properties b/sample/src/main/resources/application.properties
@@ -1,6 +1,7 @@
 spring.thymeleaf.cache=false
 #logging.level.web=debug
-xacml.pdp.url=https://localhost:9443/api/identity/entitlement/decision/pdp
+xacml.pdp.url.authorize=https://localhost:9443/api/identity/entitlement/decision/pdp
+xacml.pdp.url.resourceList=https://localhost:9443/api/identity/entitlement/decision/home
 xacml.pdp.trustStore=truststore
 xacml.pdp.trustStore.password=password
 xacml.pdp.keyStore=keystore

diff --git a/sdk/src/main/java/org/wso2/spring/security/abac/AttributeHandler.java b/sdk/src/main/java/org/wso2/spring/security/abac/AttributeHandler.java
@@ -1,10 +1,15 @@
 package org.wso2.spring.security.abac;
 
+import org.json.JSONObject;
+
+import java.util.Optional;
+
 /**
  * @author Randika Navagamuwa
  */
 public interface AttributeHandler {
 
  boolean authorize(String policyRequest);
 
+ Optional<JSONObject> getApiResourceList();
 }
diff --git a/sdk/src/main/java/org/wso2/spring/security/abac/XacmlAttributeHandler.java b/sdk/src/main/java/org/wso2/spring/security/abac/XacmlAttributeHandler.java
@@ -25,6 +25,7 @@
 import java.io.InputStream;
 import java.security.KeyStore;
 import java.util.Collections;
+import java.util.Optional;
 import java.util.Properties;
 import javax.net.ssl.SSLContext;
 
@@ -34,21 +35,24 @@
 @SuppressWarnings("WeakerAccess")
 public class XacmlAttributeHandler implements AttributeHandler {
 
- private static String XACML_PDP_URL;
+ private static String XACML_PDP_AUTHORIZE_URL;
+ private static String XACML_PDP_RESOURCE_LIST_URL;
  private static String TRUST_STORE;
  private static String TRUST_STORE_PASSWORD;
  private static String KEY_STORE;
  private static String KEY_STORE_PASSWORD;
 
  private CacheManager responseCacheManager;
  private SSLContext sslContext;
+ private HttpHeaders headers;
 
  public XacmlAttributeHandler() {
 
  try {
  Properties properties = PropertiesLoaderUtils
  .loadAllProperties("application.properties");
- XACML_PDP_URL = properties.getProperty("xacml.pdp.url");
+ XACML_PDP_AUTHORIZE_URL = properties.getProperty("xacml.pdp.url.authorize");
+ XACML_PDP_RESOURCE_LIST_URL = properties.getProperty("xacml.pdp.url.resourceList");
  TRUST_STORE = properties.getProperty("xacml.pdp.trustStore");
  TRUST_STORE_PASSWORD = properties.getProperty("xacml.pdp.trustStore.password");
  KEY_STORE = properties.getProperty("xacml.pdp.keyStore");
@@ -59,7 +63,7 @@ public XacmlAttributeHandler() {
  throw new AttributeEvaluatorException("Failed to read the XACML PDP Url", e);
  }
 
- if (XACML_PDP_URL == null) {
+ if (XACML_PDP_AUTHORIZE_URL == null) {
  //todo stop the whole app
  }
 
@@ -77,6 +81,11 @@ public XacmlAttributeHandler() {
  throw new AttributeEvaluatorException("Failed to read keystore or truststore", e);
  }
 
+ this.headers = new HttpHeaders();
+ this.headers.setContentType(MediaType.APPLICATION_JSON);
+ this.headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
+ this.headers.set("WSO2-Identity-User", "admin");
+
  this.responseCacheManager = new EhCacheManager();
  }
 
@@ -94,14 +103,10 @@ public boolean authorize(String authRequest) {
  RestTemplateBuilder restTemplateBuilder = new RestTemplateBuilder().requestFactory(() ->
  new HttpComponentsClientHttpRequestFactory(client));
  RestTemplate rt = restTemplateBuilder.build();
- HttpHeaders headers = new HttpHeaders();
- headers.setContentType(MediaType.APPLICATION_JSON);
- headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
- headers.set("WSO2-Identity-User", "admin");
 
- HttpEntity<String> entity = new HttpEntity<>(authRequest, headers);
+ HttpEntity<String> entity = new HttpEntity<>(authRequest, this.headers);
 
- ResponseEntity response = rt.postForEntity(XACML_PDP_URL, entity, String.class);
+ ResponseEntity response = rt.postForEntity(XACML_PDP_AUTHORIZE_URL, entity, String.class);
  if (response.getStatusCode() != HttpStatus.OK || response.getBody() == null) {
  return false;
  }
@@ -125,6 +130,35 @@ public boolean authorize(String authRequest) {
  return true;
  }
 
+ @Override
+ public Optional<JSONObject> getApiResourceList() {
+
+ String cachedResponse = this.responseCacheManager.get(XACML_PDP_RESOURCE_LIST_URL);
+
+ if (cachedResponse == null) {
+
+ HttpClient client = HttpClients.custom()
+ .setSSLContext(sslContext)
+ .build();
+
+ RestTemplateBuilder restTemplateBuilder = new RestTemplateBuilder().requestFactory(() ->
+ new HttpComponentsClientHttpRequestFactory(client));
+ RestTemplate rt = restTemplateBuilder.build();
+
+ HttpEntity<String> entity = new HttpEntity<>(this.headers);
+
+ ResponseEntity response = rt.getForEntity(XACML_PDP_RESOURCE_LIST_URL, String.class, entity);
+
+ if (response.getStatusCode() != HttpStatus.OK || response.getBody() == null) {
+
+ return Optional.empty();
+ }
+ cachedResponse = response.getBody().toString();
+ this.responseCacheManager.putIfAbsent(XACML_PDP_RESOURCE_LIST_URL, cachedResponse);
+ }
+ return Optional.of(new JSONObject(cachedResponse));
+ }
+
  private KeyStore loadPfx(String file, char[] password) throws Exception {
 
  KeyStore keyStore = KeyStore.getInstance("JKS");