Exemplo n.º 1
0
        public async Task <ActionResult> Post([FromBody] XacmlRequestApiModel model)
        {
            try
            {
                if (Request.ContentType.Contains("application/json"))
                {
                    return(await AuthorizeJsonRequest(model));
                }
                else
                {
                    return(await AuthorizeXmlRequest(model));
                }
            }
            catch (Exception ex)
            {
                _logger.LogError(ex, "// DecisionController // Decision // Unexpected Exception");

                XacmlContextResult result = new XacmlContextResult(XacmlContextDecision.Indeterminate)
                {
                    Status = new XacmlContextStatus(XacmlContextStatusCode.SyntaxError)
                };

                XacmlContextResponse xacmlContextResponse = new XacmlContextResponse(result);

                if (Request.ContentType.Contains("application/json"))
                {
                    XacmlJsonResponse jsonResult = XacmlJsonXmlConverter.ConvertResponse(xacmlContextResponse);
                    return(Ok(jsonResult));
                }
                else
                {
                    return(CreateResponse(xacmlContextResponse));
                }
            }
        }
Exemplo n.º 2
0
        public async Task <ActionResult> Post([FromBody] XacmlRequestApiModel model)
        {
            try
            {
                if (Request.ContentType.Contains("application/json"))
                {
                    return(await AuthorizeJsonRequest(model)); // lgtm [cs/user-controlled-bypass]
                }
                else
                {
                    return(await AuthorizeXmlRequest(model)); // lgtm [cs/user-controlled-bypass]
                }
            }
            catch
            {
                XacmlContextResult result = new XacmlContextResult(XacmlContextDecision.Indeterminate)
                {
                    Status = new XacmlContextStatus(XacmlContextStatusCode.SyntaxError)
                };

                XacmlContextResponse xacmlContextResponse = new XacmlContextResponse(result);

                if (Request.ContentType.Contains("application/json"))
                {
                    XacmlJsonResponse jsonResult = XacmlJsonXmlConverter.ConvertResponse(xacmlContextResponse);
                    return(Ok(jsonResult));
                }
                else
                {
                    return(CreateResponse(xacmlContextResponse));
                }
            }
        }
Exemplo n.º 3
0
        private async Task <ActionResult> AuthorizeJsonRequest(XacmlRequestApiModel model)
        {
            XacmlJsonRequestRoot jsonRequest = (XacmlJsonRequestRoot)JsonConvert.DeserializeObject(model.BodyContent, typeof(XacmlJsonRequestRoot));

            XacmlJsonResponse jsonResponse = await Authorize(jsonRequest.Request);

            return(Ok(jsonResponse));
        }
Exemplo n.º 4
0
        private async Task <ActionResult> AuthorizeXmlRequest(XacmlRequestApiModel model)
        {
            XacmlContextRequest request;

            using (XmlReader reader = XmlReader.Create(new StringReader(model.BodyContent)))
            {
                request = XacmlParser.ReadContextRequest(reader);
            }

            XacmlContextResponse xacmlContextResponse = await Authorize(request);

            return(CreateResponse(xacmlContextResponse));
        }
Exemplo n.º 5
0
        public ActionResult Post([FromBody] XacmlRequestApiModel model)
        {
            XacmlContextRequest  request = null;
            XacmlContextResponse xacmlContextResponse = null;

            try
            {
                request = ParseApiBody(model);
            }
            catch (Exception)
            {
                XacmlContextResult result = new XacmlContextResult(XacmlContextDecision.Indeterminate)
                {
                    Status = new XacmlContextStatus(XacmlContextStatusCode.SyntaxError)
                };
                xacmlContextResponse = new XacmlContextResponse(result);
            }

            if (request != null)
            {
                PolicyDecisionPoint pdp = new PolicyDecisionPoint(_contextHandler, _prp);
                xacmlContextResponse = pdp.Authorize(request);
            }

            string accept = HttpContext.Request.Headers["Accept"];

            if (!string.IsNullOrEmpty(accept) && accept.Equals("application/json"))
            {
                XacmlJsonResponse jsonReponse = XacmlJsonXmlConverter.ConvertResponse(xacmlContextResponse);
                return(Ok(jsonReponse));
            }

            StringBuilder builder = new StringBuilder();

            using (XmlWriter writer = XmlWriter.Create(builder))
            {
                XacmlSerializer.WriteContextResponse(writer, xacmlContextResponse);
            }

            string xml = builder.ToString();

            return(Content(xml));
        }
Exemplo n.º 6
0
        private XacmlContextRequest ParseApiBody(XacmlRequestApiModel model)
        {
            XacmlContextRequest request = null;

            if (Request.ContentType.Contains("application/json"))
            {
                XacmlJsonRequestRoot jsonRequest;
                jsonRequest = (XacmlJsonRequestRoot)JsonConvert.DeserializeObject(model.BodyContent, typeof(XacmlJsonRequestRoot));
                request     = XacmlJsonXmlConverter.ConvertRequest(jsonRequest.Request);
            }
            else if (Request.ContentType.Contains("application/xml"))
            {
                using (XmlReader reader = XmlReader.Create(new StringReader(model.BodyContent)))
                {
                    request = XacmlParser.ReadContextRequest(reader);
                }
            }

            return(request);
        }
Exemplo n.º 7
0
 public async Task <ActionResult> Post([FromBody] XacmlRequestApiModel model)
 {
     try
     {
         if (Request.ContentType.Contains("application/json"))
         {
             return(await AuthorizeJsonRequest(model));
         }
         else
         {
             return(await AuthorizeXmlRequest(model));
         }
     }
     catch (Exception ex)
     {
         XacmlContextResult result = new XacmlContextResult(XacmlContextDecision.Indeterminate)
         {
             Status = new XacmlContextStatus(XacmlContextStatusCode.SyntaxError)
         };
         XacmlContextResponse xacmlContextResponse = new XacmlContextResponse(result);
         return(CreateResponse(xacmlContextResponse));
     }
 }