public async Task <XacmlJsonResponse> GetDecisionForRequest(XacmlJsonRequestRoot xacmlJsonRequest) { if (_pepSettings.DisablePEP) { return(new XacmlJsonResponse { Response = new List <XacmlJsonResult>() { new XacmlJsonResult { Decision = XacmlContextDecision.Permit.ToString(), } }, }); } try { XacmlContextRequest decisionRequest = XacmlJsonXmlConverter.ConvertRequest(xacmlJsonRequest.Request); decisionRequest = await Enrich(decisionRequest); Altinn.Authorization.ABAC.PolicyDecisionPoint pdp = new Altinn.Authorization.ABAC.PolicyDecisionPoint(); XacmlPolicy policy = await GetPolicyAsync(decisionRequest); XacmlContextResponse contextResponse = pdp.Authorize(decisionRequest, policy); return(XacmlJsonXmlConverter.ConvertResponse(contextResponse)); } catch { } return(null); }
public async Task <ActionResult> Post([FromBody] XacmlRequestApiModel model) { try { if (Request.ContentType.Contains("application/json")) { return(await AuthorizeJsonRequest(model)); // lgtm [cs/user-controlled-bypass] } else { return(await AuthorizeXmlRequest(model)); // lgtm [cs/user-controlled-bypass] } } catch { XacmlContextResult result = new XacmlContextResult(XacmlContextDecision.Indeterminate) { Status = new XacmlContextStatus(XacmlContextStatusCode.SyntaxError) }; XacmlContextResponse xacmlContextResponse = new XacmlContextResponse(result); if (Request.ContentType.Contains("application/json")) { XacmlJsonResponse jsonResult = XacmlJsonXmlConverter.ConvertResponse(xacmlContextResponse); return(Ok(jsonResult)); } else { return(CreateResponse(xacmlContextResponse)); } } }
public async Task <ActionResult> Post([FromBody] XacmlRequestApiModel model) { try { if (Request.ContentType.Contains("application/json")) { return(await AuthorizeJsonRequest(model)); } else { return(await AuthorizeXmlRequest(model)); } } catch (Exception ex) { _logger.LogError(ex, "// DecisionController // Decision // Unexpected Exception"); XacmlContextResult result = new XacmlContextResult(XacmlContextDecision.Indeterminate) { Status = new XacmlContextStatus(XacmlContextStatusCode.SyntaxError) }; XacmlContextResponse xacmlContextResponse = new XacmlContextResponse(result); if (Request.ContentType.Contains("application/json")) { XacmlJsonResponse jsonResult = XacmlJsonXmlConverter.ConvertResponse(xacmlContextResponse); return(Ok(jsonResult)); } else { return(CreateResponse(xacmlContextResponse)); } } }
public ActionResult Post([FromBody] XacmlRequestApiModel model) { XacmlContextRequest request = null; XacmlContextResponse xacmlContextResponse = null; try { request = ParseApiBody(model); } catch (Exception) { XacmlContextResult result = new XacmlContextResult(XacmlContextDecision.Indeterminate) { Status = new XacmlContextStatus(XacmlContextStatusCode.SyntaxError) }; xacmlContextResponse = new XacmlContextResponse(result); } if (request != null) { PolicyDecisionPoint pdp = new PolicyDecisionPoint(_contextHandler, _prp); xacmlContextResponse = pdp.Authorize(request); } string accept = HttpContext.Request.Headers["Accept"]; if (!string.IsNullOrEmpty(accept) && accept.Equals("application/json")) { XacmlJsonResponse jsonReponse = XacmlJsonXmlConverter.ConvertResponse(xacmlContextResponse); return(Ok(jsonReponse)); } StringBuilder builder = new StringBuilder(); using (XmlWriter writer = XmlWriter.Create(builder)) { XacmlSerializer.WriteContextResponse(writer, xacmlContextResponse); } string xml = builder.ToString(); return(Content(xml)); }
private XacmlContextRequest ParseApiBody(XacmlRequestApiModel model) { XacmlContextRequest request = null; if (Request.ContentType.Contains("application/json")) { XacmlJsonRequestRoot jsonRequest; jsonRequest = (XacmlJsonRequestRoot)JsonConvert.DeserializeObject(model.BodyContent, typeof(XacmlJsonRequestRoot)); request = XacmlJsonXmlConverter.ConvertRequest(jsonRequest.Request); } else if (Request.ContentType.Contains("application/xml")) { using (XmlReader reader = XmlReader.Create(new StringReader(model.BodyContent))) { request = XacmlParser.ReadContextRequest(reader); } } return(request); }
public async Task <XacmlJsonResponse> GetDecisionForRequest(XacmlJsonRequestRoot xacmlJsonRequest) { try { XacmlContextRequest decisionRequest = XacmlJsonXmlConverter.ConvertRequest(xacmlJsonRequest.Request); decisionRequest = await Enrich(decisionRequest); Altinn.Authorization.ABAC.PolicyDecisionPoint pdp = new Altinn.Authorization.ABAC.PolicyDecisionPoint(); XacmlPolicy policy = await GetPolicyAsync(decisionRequest); XacmlContextResponse contextResponse = pdp.Authorize(decisionRequest, policy); return(XacmlJsonXmlConverter.ConvertResponse(contextResponse)); } catch { } return(null); }
private async Task <XacmlJsonResponse> Authorize(XacmlJsonRequest decisionRequest) { if (decisionRequest.MultiRequests == null || decisionRequest.MultiRequests.RequestReference == null || decisionRequest.MultiRequests.RequestReference.Count < 2) { XacmlContextRequest request = XacmlJsonXmlConverter.ConvertRequest(decisionRequest); XacmlContextResponse xmlResponse = await Authorize(request); return(XacmlJsonXmlConverter.ConvertResponse(xmlResponse)); } else { XacmlJsonResponse multiResponse = new XacmlJsonResponse(); foreach (XacmlJsonRequestReference xacmlJsonRequestReference in decisionRequest.MultiRequests.RequestReference) { XacmlJsonRequest jsonMultiRequestPart = new XacmlJsonRequest(); foreach (string refer in xacmlJsonRequestReference.ReferenceId) { List <XacmlJsonCategory> resourceCategoriesPart = decisionRequest.Resource.Where(i => i.Id.Equals(refer)).ToList(); if (resourceCategoriesPart.Count > 0) { if (jsonMultiRequestPart.Resource == null) { jsonMultiRequestPart.Resource = new List <XacmlJsonCategory>(); } jsonMultiRequestPart.Resource.AddRange(resourceCategoriesPart); } List <XacmlJsonCategory> subjectCategoriesPart = decisionRequest.AccessSubject.Where(i => i.Id.Equals(refer)).ToList(); if (subjectCategoriesPart.Count > 0) { if (jsonMultiRequestPart.AccessSubject == null) { jsonMultiRequestPart.AccessSubject = new List <XacmlJsonCategory>(); } jsonMultiRequestPart.AccessSubject.AddRange(subjectCategoriesPart); } List <XacmlJsonCategory> actionCategoriesPart = decisionRequest.Action.Where(i => i.Id.Equals(refer)).ToList(); if (actionCategoriesPart.Count > 0) { if (jsonMultiRequestPart.Action == null) { jsonMultiRequestPart.Action = new List <XacmlJsonCategory>(); } jsonMultiRequestPart.Action.AddRange(actionCategoriesPart); } } XacmlContextResponse partResponse = await Authorize(XacmlJsonXmlConverter.ConvertRequest(jsonMultiRequestPart)); XacmlJsonResponse xacmlJsonResponsePart = XacmlJsonXmlConverter.ConvertResponse(partResponse); if (multiResponse.Response == null) { multiResponse.Response = new List <XacmlJsonResult>(); } multiResponse.Response.Add(xacmlJsonResponsePart.Response.First()); } return(multiResponse); } }
public async Task <XacmlJsonResponse> GetDecisionForRequest(XacmlJsonRequestRoot xacmlJsonRequest) { string jsonResponse = string.Empty; if (xacmlJsonRequest.Request.MultiRequests != null) { try { Altinn.Authorization.ABAC.PolicyDecisionPoint pdp = new Altinn.Authorization.ABAC.PolicyDecisionPoint(); XacmlJsonResponse multiResponse = new XacmlJsonResponse(); foreach (XacmlJsonRequestReference xacmlJsonRequestReference in xacmlJsonRequest.Request.MultiRequests.RequestReference) { XacmlJsonRequest jsonMultiRequestPart = new XacmlJsonRequest(); foreach (string refer in xacmlJsonRequestReference.ReferenceId) { IEnumerable <XacmlJsonCategory> resourceCategoriesPart = xacmlJsonRequest.Request.Resource.Where(i => i.Id.Equals(refer)); if (resourceCategoriesPart != null && resourceCategoriesPart.Count() > 0) { if (jsonMultiRequestPart.Resource == null) { jsonMultiRequestPart.Resource = new List <XacmlJsonCategory>(); } jsonMultiRequestPart.Resource.AddRange(resourceCategoriesPart); } IEnumerable <XacmlJsonCategory> subjectCategoriesPart = xacmlJsonRequest.Request.AccessSubject.Where(i => i.Id.Equals(refer)); if (subjectCategoriesPart != null && subjectCategoriesPart.Count() > 0) { if (jsonMultiRequestPart.AccessSubject == null) { jsonMultiRequestPart.AccessSubject = new List <XacmlJsonCategory>(); } jsonMultiRequestPart.AccessSubject.AddRange(subjectCategoriesPart); } IEnumerable <XacmlJsonCategory> actionCategoriesPart = xacmlJsonRequest.Request.Action.Where(i => i.Id.Equals(refer)); if (actionCategoriesPart != null && actionCategoriesPart.Count() > 0) { if (jsonMultiRequestPart.Action == null) { jsonMultiRequestPart.Action = new List <XacmlJsonCategory>(); } jsonMultiRequestPart.Action.AddRange(actionCategoriesPart); } } XacmlContextResponse partResponse = await Authorize(XacmlJsonXmlConverter.ConvertRequest(jsonMultiRequestPart)); XacmlJsonResponse xacmlJsonResponsePart = XacmlJsonXmlConverter.ConvertResponse(partResponse); if (multiResponse.Response == null) { multiResponse.Response = new List <XacmlJsonResult>(); } multiResponse.Response.Add(xacmlJsonResponsePart.Response.First()); } return(multiResponse); } catch { } } else if (xacmlJsonRequest.Request.AccessSubject[0].Attribute.Exists(a => (a.AttributeId == "urn:altinn:userid" && a.Value == "1")) || xacmlJsonRequest.Request.AccessSubject[0].Attribute.Exists(a => a.AttributeId == "urn:altinn:org")) { jsonResponse = File.ReadAllText("data/response_permit.json"); } else { jsonResponse = File.ReadAllText("data/response_deny.json"); } XacmlJsonResponse response = JsonConvert.DeserializeObject <XacmlJsonResponse>(jsonResponse); return(response); }