class Soar::Authorization::AccessManager::Provider::ServiceRegistry

Attributes

service_registry[R]

Public Class Methods

new(service_registry) click to toggle source
# File lib/soar/authorization/access_manager/provider/service_registry.rb, line 15
def initialize(service_registry)
  @service_registry = service_registry
end

Public Instance Methods

authorized?(service_identifier, resource_identifier, request) click to toggle source
# File lib/soar/authorization/access_manager/provider/service_registry.rb, line 19
def authorized?(service_identifier, resource_identifier, request)
  notifications = []
  decision = false

  begin
    if ENV['RACK_ENV'] == 'development'
      notifications << 'Authorized in development environment'
      decision = true
    end

    meta = @service_registry.services.meta_for_service(service_identifier)
    policy = meta['policy'] if meta and meta.is_a?(Hash) and meta['policy']

    if policy.nil?
      decision = true
      notifications << 'No policy associated with service'
    else
      decision, detail = ask_policy(policy, request[:authentication_identifier], service_identifier, resource_identifier, request)
      notifications.concat(detail) if not detail.empty?
      notifications << 'Policy rejected authorization request' if not decision
      notifications << 'Policy approved authorization request' if decision
    end
  rescue SoarSr::ValidationError => ex
    notifications << "AccessManager error authorizing #{service_identifier} for #{resource_identifier}: #{ex.message}"
    decision = false
  rescue Exception => ex
    notifications << "AccessManager error authorizing #{service_identifier} for #{resource_identifier}: #{ex.message}"
    decision = false
  end

  success(notifications, { 'approved' => decision } )
end

Private Instance Methods

ask_policy(policy, subject_identifier, service_identifier, resource_identifier, request) click to toggle source
# File lib/soar/authorization/access_manager/provider/service_registry.rb, line 54
def ask_policy(policy, subject_identifier, service_identifier, resource_identifier, request)
  notifications = []
  uri = find_first_uri(policy)
  if uri.nil?
    notifications << "Could not retrieve policy for service"
    return false, notifications
  end
  url = URI.parse(uri)
  params = { 
    'resource_identifier' => resource_identifier,
    'subject_identifier' => subject_identifier,
    'service_identifier' => service_identifier,
    'request' => {
      'params' => request[:params],
    },
    'flow_identifier' => request[:params]['flow_identifier'] 
  }
  res = Net::HTTP.post_form(url, params)

  result = JSON.parse(res.body)
  if result['status'] == 'error'
    notifications << 'Policy query result was not success'
    return false, notifications
  end
  return result['data']['allowed'], notifications
rescue => ex
  notifications << "Exception while asking policy #{ex.message}"
  return false, notifications
end
find_first_uri(policy) click to toggle source
# File lib/soar/authorization/access_manager/provider/service_registry.rb, line 84
def find_first_uri(policy)
  result = @service_registry.services.service_by_name(policy)
  return nil if not result['status'] == 'success'
  return nil if result['data']['services'].nil? or result['data']['services'].first.nil?
  service = result['data']['services'].first
  return nil if service[1].nil? or service[1]['uris'].nil?
  access = service[1]['uris'].first
  return nil if access.nil? or access[1].nil? or access[1]['access_point'].nil?
  access[1]['access_point']
end