Implemented Multiple Decision Profile on XACML/JSON input

pdp-io-xacml-json/pom.xml

@@ -172,6 +172,13 @@
                            <property name="target.dir" value="${project.basedir}/target/generated-test-resources/conformance/xacml-3.0-core/mandatory" />
                         </ant>
                      </target>
+                     <target>
+                        <taskdef resource="net/sf/antcontrib/antlib.xml" />
+                        <ant antfile="${project.basedir}/src/test/resources.xacml/build.xml" inheritAll="false" inheritRefs="false">
+                           <property name="src.dir" value="${project.basedir}/src/test/resources.xacml/conformance/xacml-3.0-multiple" />
+                           <property name="target.dir" value="${project.basedir}/target/generated-test-resources/conformance/xacml-3.0-multiple" />
+                        </ant>
+                     </target>
                   </configuration>
                </execution>
             </executions>

pdp-io-xacml-json/src/test/java/org/ow2/authzforce/core/pdp/io/xacml/json/test/JsonProfileConformanceMultipleDecisionProfileTest.java

+/**
+ * Copyright 2012-2019 THALES.
+ *
+ * This file is part of AuthzForce CE.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.ow2.authzforce.core.pdp.io.xacml.json.test;
+
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.util.Iterator;
+
+import org.testng.annotations.BeforeTest;
+import org.testng.annotations.DataProvider;
+
+/**
+ * XACML Multiple Decision Profile conformance tests using JSON Profile for XACML input/output format.
+ * 
+ * @see JsonProfileConformanceV3Test
+ */
+public class JsonProfileConformanceMultipleDecisionProfileTest extends JsonProfileConformanceV3Test
+{
+
+	/**
+	 * test root directory location, where each subdirectories contains a category of tests
+	 */
+	private final static String TEST_RESOURCES_ROOT_DIRECTORY_LOCATION = "classpath:conformance/xacml-3.0-multiple";
+
+	@DataProvider
+	public static Iterator<Object[]> getTestDirectories() throws URISyntaxException, IOException
+	{
+		return params(TEST_RESOURCES_ROOT_DIRECTORY_LOCATION).iterator();
+	}
+
+	@BeforeTest
+	public void setUpTest()
+	{
+		this.setMdpEnabled(true);
+	}
+
+}
\ No newline at end of file

pdp-io-xacml-json/src/test/java/org/ow2/authzforce/core/pdp/io/xacml/json/test/JsonProfileConformanceV3Test.java

@@ -39,6 +39,7 @@ import org.json.JSONTokener;
 import org.ow2.authzforce.core.pdp.api.io.PdpEngineInoutAdapter;
 import org.ow2.authzforce.core.pdp.impl.PdpEngineConfiguration;
 import org.ow2.authzforce.core.pdp.io.xacml.json.BaseXacmlJsonResultPostprocessor;
+import org.ow2.authzforce.core.pdp.io.xacml.json.MultipleDecisionXacmlJsonRequestPreprocessor;
 import org.ow2.authzforce.core.pdp.io.xacml.json.SingleDecisionXacmlJsonRequestPreprocessor;
 import org.ow2.authzforce.core.pdp.testutil.TestUtils;
 import org.ow2.authzforce.xacml.json.model.LimitsCheckingJSONObject;
@@ -166,6 +167,16 @@ public class JsonProfileConformanceV3Test
 		return testParams;
 	}
 
+	/**
+	 * Multiple Decision Profile support activation status
+	 */
+	private boolean isMdpEnabled = false;
+
+	protected void setMdpEnabled(final boolean isEnabled)
+	{
+		this.isMdpEnabled = isEnabled;
+	}
+
 	@Test(dataProvider = "getTestDirectories")
 	public void test(final Path testDirectoryPath) throws Exception
 	{
@@ -212,7 +223,8 @@ public class JsonProfileConformanceV3Test
 		 */
 		final PdpEngineConfiguration pdpEngineConf = TestUtils.newPdpEngineConfiguration(rootPolicyFile.toUri().toURL().toString(),
 		        Files.exists(refPoliciesDir) ? refPoliciesDir.toUri().toURL().toString() : null, ENABLE_XPATH,
-		        Files.exists(attributeProviderConfFile) ? attributeProviderConfFile.toUri().toURL().toString() : null, SingleDecisionXacmlJsonRequestPreprocessor.LaxVariantFactory.ID,
+		        Files.exists(attributeProviderConfFile) ? attributeProviderConfFile.toUri().toURL().toString() : null,
+		        this.isMdpEnabled ? MultipleDecisionXacmlJsonRequestPreprocessor.LaxVariantFactory.ID : SingleDecisionXacmlJsonRequestPreprocessor.LaxVariantFactory.ID,
 		        BaseXacmlJsonResultPostprocessor.DefaultFactory.ID);
 		try (final PdpEngineInoutAdapter<JSONObject, JSONObject> pdp = PdpEngineXacmlJsonAdapters.newXacmlJsonInoutAdapter(pdpEngineConf))
 		{

pdp-io-xacml-json/src/test/resources.xacml/conformance/README.md

+See authzforce-ce-core project's folder ``pdp-testutils/src/test/resources/conformance/xacml-3.0-from-2.0-ct/README.md`` for more info.
\ No newline at end of file

pdp-io-xacml-json/src/test/resources.xacml/conformance/xacml-3.0-multiple/IIIE302/Policy.xml

+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" 
+		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+		PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIE302:policy" 
+		RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" 
+		Version="1.0" >
+    <Description>
+        Policy for Conformance Test IIIE302.
+        Purpose: test Multiple Decisions with The use of multiple instances of an Attributes element with the same category ID
+    </Description>
+    <Target/>
+    <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIE302:rule">
+        <Description>
+            Julius Hibbert can read or write Bart Simpson's medical record.
+        </Description>
+        <Target>
+            <AnyOf>
+                <AllOf>
+                    <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+                        <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+                    </Match>
+                </AllOf>
+            </AnyOf>
+            <AnyOf>
+                <AllOf>
+                    <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://medico.com/record/patient/BartSimpson</AttributeValue>
+                        <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#anyURI" MustBePresent="false"/>
+                    </Match>
+                </AllOf>
+            </AnyOf>
+            <AnyOf>
+                <AllOf>
+                    <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+                        <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+                    </Match>
+                </AllOf>
+                <AllOf>
+                    <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
+                        <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+                    </Match>
+                </AllOf>
+            </AnyOf>
+        </Target>
+    </Rule>
+</Policy>

pdp-io-xacml-json/src/test/resources.xacml/conformance/xacml-3.0-multiple/IIIE302/Request.xml

+<?xml version="1.0" encoding="utf-8"?>
+<Request  ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+    <Attribute IncludeInResult="true" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
+      <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+    </Attribute>
+  </Attributes>
+  <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+    <Attribute IncludeInResult="true" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
+      <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hilbert</AttributeValue>
+    </Attribute>
+  </Attributes>
+  <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+    <Attribute IncludeInResult="true" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id">
+      <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://medico.com/record/patient/BartSimpson</AttributeValue>
+    </Attribute>
+  </Attributes>
+  <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
+    <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id">
+      <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+    </Attribute>
+  </Attributes>
+  <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" />
+</Request>

pdp-io-xacml-json/src/test/resources.xacml/conformance/xacml-3.0-multiple/IIIE302/Response.xml

+<?xml version="1.0" encoding="UTF-8"?>
+<Response
+      xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+      >
+    <Result>
+        <Decision>Permit</Decision>
+        <Status>
+            <StatusCode
+                  Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
+        </Status>
+        <!-- FIXED original with resource and subject Attributes element reversed (not in same order as in the Request) -->
+          <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+		    <Attribute IncludeInResult="true" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
+		      <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+		    </Attribute>
+		  </Attributes>
+		  <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+		    <Attribute IncludeInResult="true" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id">
+		      <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://medico.com/record/patient/BartSimpson</AttributeValue>
+		    </Attribute>
+		  </Attributes>
+    </Result>
+    <Result>
+        <Decision>NotApplicable</Decision>
+        <Status>
+            <StatusCode
+                  Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
+        </Status>
+        <!-- FIXED original with resource and subject Attributes element reversed (not in same order as in the Request) -->
+		 <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+		   <Attribute IncludeInResult="true" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
+		     <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hilbert</AttributeValue>
+		   </Attribute>
+		 </Attributes>
+		 <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+		    <Attribute IncludeInResult="true" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id">
+		      <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://medico.com/record/patient/BartSimpson</AttributeValue>
+		    </Attribute>
+		 </Attributes>
+    </Result>
+</Response>

pdp-io-xacml-json/src/test/suites/conformance.xml

@@ -5,8 +5,8 @@
 
    <test name="XacmlJsonProfileMandatory" preserve-order="true" enabled="true">
       <classes>
-         <class name="org.ow2.authzforce.core.pdp.io.xacml.json.test.JsonProfileConformanceV3MandatoryTest">
-         </class>
+         <class name="org.ow2.authzforce.core.pdp.io.xacml.json.test.JsonProfileConformanceV3MandatoryTest" />
+         <class name="org.ow2.authzforce.core.pdp.io.xacml.json.test.JsonProfileConformanceMultipleDecisionProfileTest" />
       </classes>
    </test>
 </suite> 

pdp-testutils/src/test/resources/conformance/xacml-3.0-from-2.0-ct/README.md

 <!-- Markdown syntax -->
-This folder contains OASIS XACML Committee's 2.0 version of conformance tests upgraded to conform to the XACML 3.0 standard, including new tests for new features introducted in XACML 3.0. Most of them have been submitted to the OASIS XACML Committee in April 2014 by AT&T.
+This folder contains OASIS XACML Committee's 2.0 version of conformance tests upgraded to conform to the XACML 3.0 standard, including new tests for new features introduced in XACML 3.0. Most of them have been submitted to the OASIS XACML Committee in April 2014 by AT&T.
 The original files are available on the xacml-comment mailing list: 
 https://lists.oasis-open.org/archives/xacml-comment/201404/msg00001.html
 and on AT&T's Github repository (MIT License):