...
 
Commits (31)
......@@ -2,6 +2,37 @@
All notable changes to this project are documented in this file following the [Keep a CHANGELOG](http://keepachangelog.com) conventions. This project adheres to [Semantic Versioning](http://semver.org).
## 15.3.0
### Changed
- Parent project version: 7.5.0 -> changed dependency versions:
- authzforce-ce-xmlns-model: 7.5.0
- authzforce-ce-xacml-model: 7.5.0
- authzforce-ce-pdp-ext-model: 7.5.0
- Guava: 24.1.1-jre
- Replaced dependency mailapi with javax.mail-api v1.6.0
## 15.2.0
### Added
- ExpressionFactory interface: new method `getVariableExpression(variableId)`
- Apply class: added check for VariableReference used as first arg (sub-function) to higher-order function: variables (resolved at evaluation time) are not allowed, only constant
- TimeValue class: more Javadoc giving info about underlying XmlGregorianCalendar's year/month/day fields (set to DatatypeConstants.FIELD_UNDEFINED)
- GenericAttributeProviderBasedAttributeDesignatorExpression class: moved from authzforce-ce-core-pdp-engine project
## 15.1.0
### Changed
- Parent project (authzforce-ce-parent) version: 7.3.0, which changes dependency versions:
- authzforce-ce-xmlns-model: 7.3.0
- authzforce-ce-xacml-model: 7.3.0
- authzforce-ce-pdp-ext-model: 7.3.0
- Spring: 4.3.14.RELEASE
- Saxon-HE: 9.8.0-12
### Added
- Interfaces: PolicyEvaluator has new method getEnclosedPolicies(), used to detect duplicate PolicyId/Version
## 15.0.0
### Added
- Classes from authzforce-ce-core-pdp-engine, which may be useful to PEP implementations (PEPs should not depend on authzforce-ce-core-pdp-engine except if using an embedded PDP):
......
[![Codacy Badge](https://api.codacy.com/project/badge/Grade/2804cd619dde437a883da48ad5c283bc)](https://www.codacy.com/app/coder103/authzforce-ce-core-pdp-api?utm_source=github.com&utm_medium=referral&utm_content=authzforce/core-pdp-api&utm_campaign=Badge_Grade)
[![Javadocs](http://javadoc.io/badge/org.ow2.authzforce/authzforce-ce-core-pdp-api.svg)](http://javadoc.io/doc/org.ow2.authzforce/authzforce-ce-core-pdp-api)
# AuthZForce Core PDP API
High-level API for using AuthZForce PDP engine and implementing PDP engine extensions: attribute datatypes, functions, policy/rule combining algorithms, attribute providers, policy providers, XACML Request/Result filters, etc.
# AuthzForce Core PDP API
High-level API for using AuthzForce PDP engine and implementing PDP engine extensions: attribute datatypes, functions, policy/rule combining algorithms, attribute providers, policy providers, XACML Request/Result filters, etc.
## Support
If you are experiencing any problem with this project, you may report it on the [OW2 Issue Tracker](https://jira.ow2.org/browse/AUTHZFORCE/).
If you are experiencing any problem with this project, you may report it on the github Issues.
Please include as much information as possible; the more we know, the better the chance of a quicker resolution:
* Software version
......@@ -15,5 +15,16 @@ Please include as much information as possible; the more we know, the better the
* Log output can be useful too; sometimes enabling DEBUG logging can help;
* Your code & configuration files are often useful.
If you wish to contact the developers for other reasons, use [Authzforce contact mailing list](http://scr.im/azteam).
If you wish to contact the developers for other reasons, use [AuthzForce contact mailing list](http://scr.im/azteam).
## Known issues
### Class not found: com.sun.mail.XXX
If you need to use XACML RFC822Name datatype, you need to add an actual implementation of JavaMail API as dependency (must match the version of `javax.mail-api` dependency in the [POM](pom.xml) ), such as:
```xml
<dependency>
<groupId>com.sun.mail</groupId>
<artifactId>javax.mail</artifactId>
<version>1.6.0</version>
</dependency>
```
\ No newline at end of file
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
<suppress>
<notes><![CDATA[
file name: mailapi-1.5.6.jar,
false positive reported: https://github.com/jeremylong/DependencyCheck/issues/912
]]></notes>
<cpe>cpe:/a:mail_project:mail</cpe>
<cpe>cpe:/a:sun:javamail</cpe>
<cve>CVE-2007-6059</cve>
<cve>CVE-2015-9097</cve>
</suppress>
<!--See issue #2 on Github-->
<cve>CVE-2018-8088</cve>
</suppress>
</suppressions>
\ No newline at end of file
......@@ -3,10 +3,10 @@
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-parent</artifactId>
<version>7.2.0</version>
<version>7.5.0</version>
</parent>
<artifactId>authzforce-ce-core-pdp-api</artifactId>
<version>15.0.0</version>
<version>15.3.0</version>
<name>${project.groupId}:${project.artifactId}</name>
<description>AuthzForce - Core PDP API</description>
<url>${project.url}</url>
......@@ -32,9 +32,9 @@
</dependency>
<dependency>
<!-- For validation of XACML RFC822Name (email address) -->
<groupId>com.sun.mail</groupId>
<artifactId>mailapi</artifactId>
<version>1.5.6</version>
<groupId>javax.mail</groupId>
<artifactId>javax.mail-api</artifactId>
<version>1.6.0</version>
</dependency>
<dependency>
<!-- For extra collections (Multiset class used for XACML Bags, Table class, ImmutableSet/ImmutableMap/ImmutableList), and validating IP addresses (XACML IPAdress datatype), Domain names (XACML
......@@ -87,7 +87,6 @@
</executions>
</plugin>
<plugin>
<!-- Consider combining with Red Hat Victims and OSS Index. More info on Victims vs. Dependency-check: https://bugzilla.redhat.com/show_bug.cgi?id=1388712 -->
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
......
......@@ -89,8 +89,10 @@ public interface CloseableNamedAttributeProvider extends NamedAttributeProvider,
* @param environmentProperties
* global PDP configuration environment properties
* @return a factory aware of dependencies (required attributes) possibly inferred from input {@code conf}
* @throws IllegalArgumentException
* invalid {code configuration}
*/
public abstract DependencyAwareFactory getInstance(CONF_T configuration, EnvironmentProperties environmentProperties);
public abstract DependencyAwareFactory getInstance(CONF_T configuration, EnvironmentProperties environmentProperties) throws IllegalArgumentException;
}
}
......@@ -20,16 +20,16 @@ package org.ow2.authzforce.core.pdp.api.expression;
import java.io.Closeable;
import java.util.Deque;
import org.ow2.authzforce.core.pdp.api.NamedAttributeProvider;
import org.ow2.authzforce.core.pdp.api.value.AttributeValue;
import org.ow2.authzforce.core.pdp.api.value.Datatype;
import net.sf.saxon.s9api.XPathCompiler;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.DefaultsType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.ExpressionType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.VariableDefinition;
import org.ow2.authzforce.core.pdp.api.NamedAttributeProvider;
import org.ow2.authzforce.core.pdp.api.value.AttributeValue;
import org.ow2.authzforce.core.pdp.api.value.Datatype;
/**
* Expression factory for parsing XACML {@link ExpressionType}s in policies: AttributeDesignator, AttributeSelector, Apply, etc.
* <p>
......@@ -70,7 +70,7 @@ public interface ExpressionFactory extends Closeable
ConstantExpression<? extends AttributeValue> getInstance(AttributeValueType jaxbAttrVal, XPathCompiler xPathCompiler) throws IllegalArgumentException;
/**
* Add VariableDefinition to be managed
* Add VariableDefinition (variable assignment expression)
*
* @param varDef
* VariableDefinition
......@@ -87,6 +87,14 @@ public interface ExpressionFactory extends Closeable
*/
VariableReference<?> addVariable(VariableDefinition varDef, XPathCompiler xPathCompiler, Deque<String> longestVarRefChain) throws IllegalArgumentException;
/**
* Get a given variable's assignment expression (definition)
*
* @param varId
* @return the VariableReference identified by <code>varId</code> , or null if there is no such variable.
*/
VariableReference<?> getVariableExpression(String varId);
/**
* Removes the VariableReference(Definition) from the manager
*
......
/**
* Copyright 2012-2018 Thales Services SAS.
*
* This file is part of AuthzForce CE.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.ow2.authzforce.core.pdp.api.expression;
import java.util.Optional;
import org.ow2.authzforce.core.pdp.api.AttributeFqn;
import org.ow2.authzforce.core.pdp.api.AttributeFqns;
import org.ow2.authzforce.core.pdp.api.AttributeProvider;
import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.value.AttributeValue;
import org.ow2.authzforce.core.pdp.api.value.Bag;
import org.ow2.authzforce.core.pdp.api.value.BagDatatype;
import org.ow2.authzforce.core.pdp.api.value.Bags;
import org.ow2.authzforce.core.pdp.api.value.Datatype;
import org.ow2.authzforce.xacml.identifiers.XacmlStatusCode;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
/**
* AttributeDesignator evaluator initialized with and using an {@link AttributeProvider} to retrieve the attribute value not only from the request but also possibly from extra Attribute Provider
* modules (so-called XACML PIPs) (PDP extensions)
*
* @param <AV>
* AttributeDesignator evaluation result value's primitive datatype
*
* @version $Id: $
*/
public final class GenericAttributeProviderBasedAttributeDesignatorExpression<AV extends AttributeValue> implements AttributeDesignatorExpression<AV>
{
private static final IllegalArgumentException NULL_ATTRIBUTE_PROVIDER_EXCEPTION = new IllegalArgumentException("Undefined attribute Provider");
private final AttributeFqn attrGUID;
private final BagDatatype<AV> returnType;
private final boolean mustBePresent;
private final transient Bag.Validator mustBePresentEnforcer;
private final transient AttributeProvider attrProvider;
private final transient IndeterminateEvaluationException missingAttributeForUnknownReasonException;
private final transient IndeterminateEvaluationException missingAttributeBecauseNullContextException;
// lazy initialization
private transient volatile String toString = null;
private transient volatile int hashCode = 0;
/** {@inheritDoc} */
@Override
public Optional<Bag<AV>> getValue()
{
/*
* context-dependent, therefore not constant
*/
return Optional.empty();
}
/**
* Return an instance of an AttributeDesignator based on an AttributeDesignatorType
*
* @param attrDesignator
* the AttributeDesignatorType we want to convert
* @param resultDatatype
* expected datatype of the result of evaluating this AttributeDesignator ( {@code AV is the expected type of every element in the bag})
* @param attrProvider
* Attribute Provider responsible for finding the attribute designated by this in a given evaluation context at runtime
* @throws IllegalArgumentException
* if {@code attrDesignator.getCategory() == null || attrDesignator.getAttributeId() == null}
*/
public GenericAttributeProviderBasedAttributeDesignatorExpression(final AttributeDesignatorType attrDesignator, final BagDatatype<AV> resultDatatype, final AttributeProvider attrProvider)
{
if (attrProvider == null)
{
throw NULL_ATTRIBUTE_PROVIDER_EXCEPTION;
}
this.attrProvider = attrProvider;
this.attrGUID = AttributeFqns.newInstance(attrDesignator);
this.returnType = resultDatatype;
// error messages/exceptions
final String missingAttributeMessage = this + " not found in context";
this.mustBePresent = attrDesignator.isMustBePresent();
this.mustBePresentEnforcer = mustBePresent ? new Bags.NonEmptinessValidator(missingAttributeMessage) : Bags.DUMB_VALIDATOR;
this.missingAttributeForUnknownReasonException = new IndeterminateEvaluationException(missingAttributeMessage + " for unknown reason", XacmlStatusCode.MISSING_ATTRIBUTE.value());
this.missingAttributeBecauseNullContextException = new IndeterminateEvaluationException(
"Missing Attributes/Attribute for evaluation of AttributeDesignator '" + this.attrGUID + "' because request context undefined", XacmlStatusCode.MISSING_ATTRIBUTE.value());
}
@Override
public AttributeFqn getAttributeFQN()
{
return this.attrGUID;
}
@Override
public boolean isNonEmptyBagRequired()
{
return this.mustBePresent;
}
/**
* {@inheritDoc}
*
* Evaluates the pre-assigned meta-data against the given context, trying to find some matching values.
*/
@Override
public Bag<AV> evaluate(final EvaluationContext context) throws IndeterminateEvaluationException
{
if (context == null)
{
throw missingAttributeBecauseNullContextException;
}
final Bag<AV> bag = attrProvider.get(attrGUID, this.returnType.getElementType(), context);
if (bag == null)
{
throw this.missingAttributeForUnknownReasonException;
}
mustBePresentEnforcer.validate(bag);
/*
* if we got here, it means that the bag wasn't empty, or bag was empty AND mustBePresent was false (so validate() succeeded), so we just return the result
*/
return bag;
}
/** {@inheritDoc} */
@Override
public Datatype<Bag<AV>> getReturnType()
{
return this.returnType;
}
/*
* (non-Javadoc)
*
* @see java.lang.Object#toString()
*/
/** {@inheritDoc} */
@Override
public String toString()
{
if (toString == null)
{
toString = "AttributeDesignator [" + this.attrGUID + ", dataType= " + this.returnType.getElementType() + ", mustBePresent= "
+ (mustBePresentEnforcer == Bags.DUMB_VALIDATOR ? "false" : "true") + "]";
}
return toString;
}
/** {@inheritDoc} */
@Override
public int hashCode()
{
if (hashCode == 0)
{
hashCode = this.attrGUID.hashCode();
}
return hashCode;
}
/** Equal iff the Attribute Category/Issuer/Id are equal */
@Override
public boolean equals(final Object obj)
{
if (this == obj)
{
return true;
}
if (!(obj instanceof GenericAttributeProviderBasedAttributeDesignatorExpression))
{
return false;
}
final GenericAttributeProviderBasedAttributeDesignatorExpression<?> other = (GenericAttributeProviderBasedAttributeDesignatorExpression<?>) obj;
return this.attrGUID.equals(other.attrGUID);
}
}
......@@ -19,6 +19,7 @@ package org.ow2.authzforce.core.pdp.api.func;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import org.ow2.authzforce.core.pdp.api.expression.Expression;
import org.ow2.authzforce.core.pdp.api.expression.FunctionExpression;
......@@ -100,7 +101,14 @@ public abstract class HigherOrderBagFunction<RETURN_T extends Value, SUB_RETURN_
}
else if (input0 instanceof VariableReference)
{
final Value varValue = ((VariableReference<?>) input0).getValue().get();
final Optional<? extends Value> optVal = ((VariableReference<?>) input0).getValue();
if (!optVal.isPresent())
{
throw new IllegalArgumentException(this + ": Unsupported type of first argument: " + input0
+ " cannot be evaluated to a constant (Function) value (out of context). Variable Function arg to higher-order function is not supported.");
}
final Value varValue = optVal.get();
if (!(varValue instanceof Function))
{
throw new IllegalArgumentException(this + ": Invalid type of first argument: " + varValue.getClass().getSimpleName() + ". Required: Function");
......
......@@ -22,12 +22,9 @@ import java.util.Optional;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import net.sf.saxon.Version;
import net.sf.saxon.regex.RegularExpression;
import net.sf.saxon.trans.XPathException;
import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.XmlUtils;
import org.ow2.authzforce.core.pdp.api.expression.Expression;
import org.ow2.authzforce.core.pdp.api.expression.Expressions;
import org.ow2.authzforce.core.pdp.api.value.AttributeValue;
......@@ -39,6 +36,10 @@ import org.ow2.authzforce.core.pdp.api.value.StringValue;
import org.ow2.authzforce.core.pdp.api.value.Value;
import org.ow2.authzforce.xacml.identifiers.XacmlStatusCode;
import net.sf.saxon.Version;
import net.sf.saxon.regex.RegularExpression;
import net.sf.saxon.trans.XPathException;
/**
* *-regexp-match function helper
* <p>
......@@ -48,10 +49,8 @@ import org.ow2.authzforce.xacml.identifiers.XacmlStatusCode;
* <li>{@link Pattern} matches the entire string against the pattern always, whereas <code>xf:matches</code> considers the string to match the pattern if any substring matches the pattern.</li>
* <li><code>xf:matches</code> regular expression syntax is based on XML schema which defines character class substraction using '-' character, whereas {@link Pattern} does not support this syntax but
* <code>&&[^</code> instead.</li>
* <li>
* Category escape: can be done in XML SCHEMA with: <code>[\P{X}]</code>. {@link Pattern} only supports this form: <code>[^\p{X}]</code>.</li>
* <li>
* Character classes: XML schema define categories <code>\c</code> and <code>\C</code>. {@link Pattern} does not support them.</li>
* <li>Category escape: can be done in XML SCHEMA with: <code>[\P{X}]</code>. {@link Pattern} only supports this form: <code>[^\p{X}]</code>.</li>
* <li>Character classes: XML schema define categories <code>\c</code> and <code>\C</code>. {@link Pattern} does not support them.</li>
* </ul>
* EXAMPLE: this regex from XML schema spec uses character class substraction. It is valid for <code>xf:matches</code> but does not compile with {@link Pattern}:
*
......@@ -71,7 +70,7 @@ public final class RegexpMatchFunctionHelper
private final String funcId;
private CompiledRegexMatchFunctionCall(final FirstOrderFunctionSignature<BooleanValue> functionSig, final List<Expression<?>> argExpressions, final Datatype<?>[] remainingArgTypes,
final RegularExpression compiledRegex, final Datatype<? extends SimpleValue<String>> matchedValueType, final String invalidRemainingArg1TypeMsg) throws IllegalArgumentException
final RegularExpression compiledRegex, final Datatype<? extends SimpleValue<String>> matchedValueType, final String invalidRemainingArg1TypeMsg) throws IllegalArgumentException
{
super(functionSig, argExpressions, remainingArgTypes);
this.funcId = functionSig.getName();
......@@ -136,7 +135,7 @@ public final class RegexpMatchFunctionHelper
final RegularExpression compiledRegex;
try
{
compiledRegex = Version.platform.compileRegularExpression(regex.getUnderlyingValue(), "", "XP20", null);
compiledRegex = Version.platform.compileRegularExpression(XmlUtils.SAXON_PROCESSOR.getUnderlyingConfiguration(), regex.getUnderlyingValue(), "", "XP20", null);
}
catch (final XPathException e)
{
......@@ -206,7 +205,7 @@ public final class RegexpMatchFunctionHelper
/*
* From Saxon xf:matches() implementation: Matches#evaluateItem() / evalMatches()
*/
compiledRegex = Version.platform.compileRegularExpression(regex, "", "XP20", null);
compiledRegex = Version.platform.compileRegularExpression(XmlUtils.SAXON_PROCESSOR.getUnderlyingConfiguration(), regex, "", "XP20", null);
}
catch (final XPathException e)
{
......
......@@ -21,6 +21,7 @@
package org.ow2.authzforce.core.pdp.api.policy;
import java.util.Optional;
import java.util.Set;
import org.ow2.authzforce.core.pdp.api.Decidable;
import org.ow2.authzforce.core.pdp.api.DecisionResult;
......@@ -89,6 +90,15 @@ public interface PolicyEvaluator extends Decidable
*/
PolicyVersion getPolicyVersion(EvaluationContext evaluationCtx) throws IndeterminateEvaluationException;
/**
* Get metadata about the policies enclosed in the evaluated policy (including itself), i.e. whose actual content is enclosed inside the evaluated policy (as opposed to policy references).
* <p>
* This allows to detect duplicates, i.e. when the same policy (ID and version) is re-used multiple times in the same enclosing policy.
*
* @return the set of enclosed policies, including itself. (May be empty if the policy corresponds to a XACML Policy (no child Policy(Set)s, but never null );
*/
Set<PrimaryPolicyMetadata> getEnclosedPolicies();
/**
* Get metadata about the child policy references of the evaluated policy, present iff there is any (e.g. no the case for a XACML Policy element). These metadata may depend on the evaluation
* context in case of a Policy(Set)IdReference evaluator when using dynamic aka context-dependent {@link RefPolicyProvider} that resolve policy references at evaluation time based on the context,
......
......@@ -67,4 +67,5 @@ public interface PrimaryPolicyMetadata
* @return description
*/
Optional<String> getDescription();
}
......@@ -28,4 +28,5 @@ package org.ow2.authzforce.core.pdp.api.policy;
public interface StaticTopLevelPolicyElementEvaluator extends StaticPolicyEvaluator, TopLevelPolicyElementEvaluator
{
// Merge of StaticPolicyEvaluator and TopLevelPolicyElementEvaluator
}
......@@ -46,7 +46,7 @@ public final class DnsNameWithPortRangeValue extends StringParseableValue<String
static
{
/*
* Limit repetitions in regex to mitiate Regex DoS attacks
* Limit repetitions in regex to mitigate Regex DoS attacks
*/
final String domainlabel = "\\w[[\\w|\\-]{0,1000}\\w]?";
final String toplabel = "[a-zA-Z][[\\w|\\-]{0,1000}\\w]?";
......@@ -101,7 +101,8 @@ public final class DnsNameWithPortRangeValue extends StringParseableValue<String
// there is no port/portRange, so just use the name
host = dnsName;
range = NetworkPortRange.MAX;
} else
}
else
{
// split the name and the port/portRange
host = dnsName.substring(0, portSep);
......
......@@ -24,7 +24,16 @@ import org.ow2.authzforce.core.pdp.api.XmlUtils;
/**
* Representation of an xs:time value. This class supports parsing xs:time values. All objects of this class are immutable and thread-safe.
*
* <p>
* The {@link XMLGregorianCalendar} returned by {@link #getUnderlyingValue()} have the following characteristics:
* <ul>
* <li>{@link XMLGregorianCalendar#getYear()} always returns {@link DatatypeConstants#FIELD_UNDEFINED}</li>
* <li>{@link XMLGregorianCalendar#getEon()} and {@link XMLGregorianCalendar#getEonAndYear()} always return null</li>
* <li>{@link XMLGregorianCalendar#getMonth()} always returns {@link DatatypeConstants#FIELD_UNDEFINED}</li>
* <li>{@link XMLGregorianCalendar#getDay()} always returns {@link DatatypeConstants#FIELD_UNDEFINED}</li>
* <li>{@link XMLGregorianCalendar#getYear()} always returns {@link DatatypeConstants#FIELD_UNDEFINED}</li>
* </ul>
* </p>
*
* @version $Id: $
*/
......
<?xml version="1.0"?>
<!-- Many of the options included here are defaults, and do not need to be specified in a real configuration file. They are provided for convenience of editing, so
it is easy to set up a configuration file with non-default options. For documentation on the contents of a Saxon configuration file, see http://www.saxonica.com/documentation9.6/index.html#!configuration/configuration-file -->
<!-- WARNING: 1) for AuthZForce compatibility, do not set xInclude property here (do not even set xInclude="false") This would cause an error with XACML Request Attributes/Content XML parsing: net.sf.saxon.s9api.SaxonApiException:
Selected XML parser javax.xml.bind.util.JAXBSource$1 does not recognize request for XInclude processing at net.sf.saxon.s9api.DocumentBuilder.build(DocumentBuilder.java:374) ~[Saxon-HE-9.6.0-5.jar:na]
at org.ow2.authzforce.core.XACMLParsers$FullJaxbXACMLAttributesParserFactory$FullJaxbXACMLAttributesParser.parseContent(XACMLParsers.java:909) ~[classes/:na] -->
<configuration
edition="HE"
xmlns="http://saxon.sf.net/ns/configuration"
......@@ -87,7 +92,7 @@
stylesheetParser="">
</xslt>
<xquery
version="1.1"
version="3.1"
allowUpdate="false"
errorListener="net.sf.saxon.StandardErrorListener"
moduleUriResolver="net.sf.saxon.lib.StandardModuleURIResolver"
......@@ -98,12 +103,5 @@
defaultElementNamespace=""
preserveBoundarySpace="false"
requiredContextItemType="document-node()"
emptyLeast="true" />
<!-- XSD occurrenceLimits property is not considered valid by SAXON 9.6 although it is in the doc:
http://www.saxonica.com/documentation9.6/index.html#!configuration/configuration-file/config-xsd
Bug reported here: https://saxonica.plan.io/issues/2731
-->
<xsd
occurrenceLimits="100,250"
version="1.1" />
emptyLeast="true" />
</configuration>
\ No newline at end of file