Commit 826d3997 authored by cdanger's avatar cdanger

Merge branch 'release/4.0.2'

parents a0d7da60 928236c5
......@@ -12,3 +12,5 @@
/.pmd
/.eclipse-pmd
/.pmdruleset.xml
/.README.md.html
/.CHANGELOG.md.html
# Change log
All notable changes to this project are documented in this file following the [Keep a CHANGELOG](http://keepachangelog.com) conventions.
## 4.0.2
### Fixed
- Issues reported by Codacyi (including fixed issues in upgraded dependency core-pdp-api 4.0.2)
## 4.0.0
### Changed
- Native PDP request filter IDs (values of `pdp` configuration element's `requestFilter` attribute):
......
# AuthZForce Core
[![Codacy Badge](https://api.codacy.com/project/badge/Grade/dee3e6f5cdd240fc80dfdcc1ee419ac8)](https://www.codacy.com/app/coder103/authzforce-ce-core?utm_source=github.com&utm_medium=referral&utm_content=authzforce/core&utm_campaign=Badge_Grade)
# AuthZForce PDP Core (Community Edition)
Authorization PDP (Policy Decision Point) engine implementing the [OASIS XACML v3.0](http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html).
Java projects may use AuthZForce Core to instantiate an embedded Java PDP.
......
......@@ -6,7 +6,7 @@
<version>3.3.7</version>
</parent>
<artifactId>authzforce-ce-core</artifactId>
<version>4.0.1-SNAPSHOT</version>
<version>4.0.2</version>
<name>${project.groupId}:${project.artifactId}</name>
<description>AuthZForce Community Edition - XACML-compliant Core Engine</description>
<url>https://tuleap.ow2.org/projects/authzforce</url>
......@@ -43,7 +43,7 @@
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-core-pdp-api</artifactId>
<version>4.0.0</version>
<version>4.0.2</version>
</dependency>
<!-- /Authzforce dependencies -->
......
......@@ -29,8 +29,8 @@ import java.util.List;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.expression.Expression;
import org.ow2.authzforce.core.pdp.api.func.FirstOrderFunction;
import org.ow2.authzforce.core.pdp.api.func.FirstOrderFunctionCall;
import org.ow2.authzforce.core.pdp.api.func.SingleParameterTypedFirstOrderFunction;
import org.ow2.authzforce.core.pdp.api.value.BooleanValue;
import org.ow2.authzforce.core.pdp.api.value.Datatype;
import org.ow2.authzforce.core.pdp.api.value.StandardDatatypes;
......@@ -44,7 +44,7 @@ import org.ow2.authzforce.core.pdp.api.value.StandardDatatypes;
* @author Seth Proctor
* @version $Id: $
*/
public final class NotFunction extends FirstOrderFunction.SingleParameterTyped<BooleanValue, BooleanValue>
public final class NotFunction extends SingleParameterTypedFirstOrderFunction<BooleanValue, BooleanValue>
{
/**
......
/**
*
* Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
*
* 1. Redistribution of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
*
* 2. Redistribution in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or
* other materials provided with the distribution.
*
* Neither the name of Sun Microsystems, Inc. or the names of contributors may be used to endorse or promote products derived from this software without
* specific prior written permission.
*
* This software is provided "AS IS," without a warranty of any kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED
* WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") AND ITS LICENSORS
* SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL
* SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
* CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGES.
*
* You acknowledge that this software is not designed or intended for use in the design, construction, operation or maintenance of any nuclear facility.
*/
package com.sun.xacml;
import java.util.Objects;
/**
* This class represents a port range as specified in the <code>dnsName</code> and <code>ipAddress</code> datatypes. The range may have upper and lower bounds, be specified by a single port number, or
* may be unbound.
*
* @version $Id: $
*/
public final class PortRange
{
/**
* Constant used to specify that the range is unbound on one side.
*/
private static final int UNBOUND = -1;
// the port bound values
private final int lowerBound;
private final int upperBound;
/**
* Default constructor used to represent an unbound range. This is typically used when an address has no port information.
*/
public PortRange()
{
this(UNBOUND, UNBOUND);
}
/**
* Creates a <code>PortRange</code> with upper and lower bounds. Either of the parameters may have the value <code>UNBOUND</code> meaning that there is no bound at the respective end.
*
* @param lowerBound
* the lower-bound port number or <code>UNBOUND</code>
* @param upperBound
* the upper-bound port number or <code>UNBOUND</code>
*/
private PortRange(int lowerBound, int upperBound)
{
this.lowerBound = lowerBound;
this.upperBound = upperBound;
}
/**
* Creates an instance of <code>PortRange</code> based on the given value.
*
* @param value
* a <code>String</code> representing the range
* @return a new <code>PortRange</code>
* @throws java.lang.NumberFormatException
* if a port value isn't an integer
*/
public static PortRange getInstance(String value)
{
int lowerBound = UNBOUND;
int upperBound = UNBOUND;
// first off, make sure there's actually content here
if (value.length() == 0 || value.equals("-"))
{
return new PortRange();
}
// there's content, so figure where the '-' is, if at all
int dashPos = value.indexOf('-');
if (dashPos == -1)
{
// there's no dash, so it's just a single number
lowerBound = upperBound = Integer.parseInt(value);
} else if (dashPos == 0)
{
// it starts with a dash, so it's just upper-range bound
upperBound = Integer.parseInt(value.substring(1));
} else
{
// it's a number followed by a dash, so get the lower-bound...
lowerBound = Integer.parseInt(value.substring(0, dashPos));
int len = value.length();
// ... and see if there is a second port number
if (dashPos != len - 1)
{
// the dash wasn't at the end, so there's an upper-bound
upperBound = Integer.parseInt(value.substring(dashPos + 1, len));
}
}
return new PortRange(lowerBound, upperBound);
}
/**
* Returns the lower-bound port value. If the range is not lower-bound, then this returns <code>UNBOUND</code>. If the range is actually a single port number, then this returns the same value as
* <code>getUpperBound</code>.
*
* @return the upper-bound
*/
public int getLowerBound()
{
return lowerBound;
}
/**
* Returns the upper-bound port value. If the range is not upper-bound, then this returns <code>UNBOUND</code>. If the range is actually a single port number, then this returns the same value as
* <code>getLowerBound</code>.
*
* @return the upper-bound
*/
public int getUpperBound()
{
return upperBound;
}
/**
* Returns whether the range is bounded by a lower port number.
*
* @return true if lower-bounded, false otherwise
*/
public boolean isLowerBounded()
{
return lowerBound != UNBOUND;
}
/**
* Returns whether the range is bounded by an upper port number.
*
* @return true if upper-bounded, false otherwise
*/
public boolean isUpperBounded()
{
return upperBound != UNBOUND;
}
/**
* Returns whether the range is actually a single port number.
*
* @return true if the range is a single port number, false otherwise
*/
public boolean isSinglePort()
{
return lowerBound == upperBound && lowerBound != UNBOUND;
}
/**
* Returns whether the range is unbound, which means that it specifies no port number or range. This is typically used with addresses that include no port information.
*
* @return true if the range is unbound, false otherwise
*/
public boolean isUnbound()
{
return lowerBound == UNBOUND && upperBound == UNBOUND;
}
private transient volatile int hashCode = 0; // Effective Java - Item 9
/** {@inheritDoc} */
@Override
public int hashCode()
{
if (hashCode == 0)
{
hashCode = Objects.hash(lowerBound, upperBound);
}
return hashCode;
}
/**
* {@inheritDoc}
*
* Returns true if the input is an instance of this class and if its value equals the value contained in this class.
*/
@Override
public boolean equals(Object o)
{
if (this == o)
{
return true;
}
if (!(o instanceof PortRange))
{
return false;
}
final PortRange other = (PortRange) o;
return lowerBound == other.lowerBound && upperBound == other.upperBound;
}
/**
* <p>
* encode
* </p>
*
* @return encoded port range
*/
public String encode()
{
if (isUnbound())
return "";
if (isSinglePort())
return Integer.toString(lowerBound, 10);
if (!isLowerBounded())
return "-" + Integer.toString(upperBound, 10);
if (!isUpperBounded())
return Integer.toString(lowerBound, 10) + "-";
return Integer.toString(lowerBound, 10) + "-" + Integer.toString(upperBound, 10);
}
}
......@@ -31,11 +31,11 @@ import java.util.Locale;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.expression.Expression;
import org.ow2.authzforce.core.pdp.api.func.BaseFunctionSet;
import org.ow2.authzforce.core.pdp.api.func.FirstOrderFunction;
import org.ow2.authzforce.core.pdp.api.func.FirstOrderFunctionCall;
import org.ow2.authzforce.core.pdp.api.func.FirstOrderFunctionCall.EagerSinglePrimitiveTypeEval;
import org.ow2.authzforce.core.pdp.api.func.FunctionSet;
import org.ow2.authzforce.core.pdp.api.func.FunctionSignature;
import org.ow2.authzforce.core.pdp.api.func.SingleParameterTypedFirstOrderFunction;
import org.ow2.authzforce.core.pdp.api.func.SingleParameterTypedFirstOrderFunctionSignature;
import org.ow2.authzforce.core.pdp.api.value.Datatype;
import org.ow2.authzforce.core.pdp.api.value.StandardDatatypes;
import org.ow2.authzforce.core.pdp.api.value.StringValue;
......@@ -48,7 +48,7 @@ import org.ow2.authzforce.core.pdp.api.value.StringValue;
* @author Seth Proctor
* @version $Id: $
*/
public final class StringNormalizeFunction extends FirstOrderFunction.SingleParameterTyped<StringValue, StringValue>
public final class StringNormalizeFunction extends SingleParameterTypedFirstOrderFunction<StringValue, StringValue>
{
/**
......@@ -70,9 +70,9 @@ public final class StringNormalizeFunction extends FirstOrderFunction.SinglePara
{
private final StringNormalizer strNormalizer;
private final FunctionSignature.SingleParameterTyped<StringValue, StringValue> funcSig;
private final SingleParameterTypedFirstOrderFunctionSignature<StringValue, StringValue> funcSig;
public CallFactory(FunctionSignature.SingleParameterTyped<StringValue, StringValue> functionSignature, StringNormalizer stringNormalizer)
public CallFactory(SingleParameterTypedFirstOrderFunctionSignature<StringValue, StringValue> functionSignature, StringNormalizer stringNormalizer)
{
this.funcSig = functionSignature;
this.strNormalizer = stringNormalizer;
......
......@@ -31,9 +31,9 @@ import java.util.TimeZone;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.expression.Expression;
import org.ow2.authzforce.core.pdp.api.func.FirstOrderFunction;
import org.ow2.authzforce.core.pdp.api.func.FirstOrderFunctionCall;
import org.ow2.authzforce.core.pdp.api.func.FunctionSignature;
import org.ow2.authzforce.core.pdp.api.func.SingleParameterTypedFirstOrderFunction;
import org.ow2.authzforce.core.pdp.api.func.SingleParameterTypedFirstOrderFunctionSignature;
import org.ow2.authzforce.core.pdp.api.value.BooleanValue;
import org.ow2.authzforce.core.pdp.api.value.Datatype;
import org.ow2.authzforce.core.pdp.api.value.StandardDatatypes;
......@@ -50,7 +50,7 @@ import org.ow2.authzforce.core.pdp.api.value.TimeValue;
* @author seth proctor
* @version $Id: $
*/
public final class TimeInRangeFunction extends FirstOrderFunction.SingleParameterTyped<BooleanValue, TimeValue>
public final class TimeInRangeFunction extends SingleParameterTypedFirstOrderFunction<BooleanValue, TimeValue>
{
/**
......@@ -180,7 +180,7 @@ public final class TimeInRangeFunction extends FirstOrderFunction.SingleParamete
return !calCheckedWhetherInRange.after(endCal);
}
private Call(FunctionSignature.SingleParameterTyped<BooleanValue, TimeValue> functionSignature, List<Expression<?>> argExpressions, Datatype<?>... remainingArgTypes)
private Call(SingleParameterTypedFirstOrderFunctionSignature<BooleanValue, TimeValue> functionSignature, List<Expression<?>> argExpressions, Datatype<?>... remainingArgTypes)
{
super(functionSignature, argExpressions, remainingArgTypes);
}
......
......@@ -81,6 +81,8 @@ public final class BaseDecisionResult implements DecisionResult
// initialized non-null
private final List<JAXBElement<IdReferenceType>> applicablePolicyIdList;
private transient volatile int hashCode = 0;
private BaseDecisionResult(DecisionType decision, DecisionType extendedIndeterminate, Status status, PepActions pepActions, List<JAXBElement<IdReferenceType>> policyIdentifierList)
{
if (decision == null)
......@@ -175,8 +177,6 @@ public final class BaseDecisionResult implements DecisionResult
this(algResult.getDecision(), algResult.getExtendedIndeterminate(), algResult.getStatus(), pepActions, applicablePolicyIdList);
}
private transient volatile int hashCode = 0;
/** {@inheritDoc} */
@Override
public int hashCode()
......@@ -228,18 +228,8 @@ public final class BaseDecisionResult implements DecisionResult
// this.getObligations() derived from this.pepActions
// pepActions never null
if (!this.pepActions.equals(other.getPepActions()))
{
return false;
}
// applicablePolicyIdList never null
if (!this.applicablePolicyIdList.equals(other.getApplicablePolicyIdList()))
{
return false;
}
return true;
return this.pepActions.equals(other.getPepActions()) && this.applicablePolicyIdList.equals(other.getApplicablePolicyIdList());
}
/**
......
......@@ -87,6 +87,8 @@ public final class BasePepActions implements PepActions
private final List<Obligation> obligationList;
private final List<Advice> adviceList;
private transient volatile int hashCode = 0;
/**
* Instantiates PEP action set from obligations/advice
*
......@@ -123,8 +125,6 @@ public final class BasePepActions implements PepActions
return Collections.unmodifiableList(adviceList);
}
private transient volatile int hashCode = 0;
/** {@inheritDoc} */
@Override
public int hashCode()
......
......@@ -72,6 +72,50 @@ import org.slf4j.LoggerFactory;
*/
public class PDPImpl implements CloseablePDP
{
private static final IllegalArgumentException ILLEGAL_ARGUMENT_EXCEPTION = new IllegalArgumentException("No input Individual Decision Request");
// the logger we'll use for all messages
private static final Logger LOGGER = LoggerFactory.getLogger(PDPImpl.class);
/**
* Indeterminate response iff CombinedDecision element not supported because the request parser does not support any scheme from MultipleDecisionProfile section 2.
*/
private static final Response UNSUPPORTED_COMBINED_DECISION_RESPONSE = new Response(Collections.<Result> singletonList(new Result(DecisionType.INDETERMINATE, new StatusHelper(
StatusHelper.STATUS_SYNTAX_ERROR, "Unsupported feature: CombinedDecision='true'"), null, null, null, null)));
private static final AttributeGUID ENVIRONMENT_CURRENT_TIME_ATTRIBUTE_GUID = new AttributeGUID(XACMLCategory.XACML_3_0_ENVIRONMENT_CATEGORY_ENVIRONMENT.value(), null,
XACMLAttributeId.XACML_1_0_ENVIRONMENT_CURRENT_TIME.value());
private static final AttributeGUID ENVIRONMENT_CURRENT_DATE_ATTRIBUTE_GUID = new AttributeGUID(XACMLCategory.XACML_3_0_ENVIRONMENT_CATEGORY_ENVIRONMENT.value(), null,
XACMLAttributeId.XACML_1_0_ENVIRONMENT_CURRENT_DATE.value());
private static final AttributeGUID ENVIRONMENT_CURRENT_DATETIME_ATTRIBUTE_GUID = new AttributeGUID(XACMLCategory.XACML_3_0_ENVIRONMENT_CATEGORY_ENVIRONMENT.value(), null,
XACMLAttributeId.XACML_1_0_ENVIRONMENT_CURRENT_DATETIME.value());
private static final DecisionResultFilter DEFAULT_RESULT_FILTER = new DecisionResultFilter()
{
private static final String ID = "urn:ow2:authzforce:feature:pdp:result-filter:default";
@Override
public String getId()
{
return ID;
}
@Override
public List<Result> filter(List<Result> results)
{
return results;
}
@Override
public boolean supportsMultipleDecisionCombining()
{
return false;
}
};
private static class NonCachingIndividualDecisionRequestEvaluator extends IndividualDecisionRequestEvaluator
{
private NonCachingIndividualDecisionRequestEvaluator(RootPolicyEvaluator rootPolicyEvaluator)
......@@ -171,50 +215,6 @@ public class PDPImpl implements CloseablePDP
}
}
private static final IllegalArgumentException ILLEGAL_ARGUMENT_EXCEPTION = new IllegalArgumentException("No input Individual Decision Request");
// the logger we'll use for all messages
private static final Logger LOGGER = LoggerFactory.getLogger(PDPImpl.class);
/**
* Indeterminate response iff CombinedDecision element not supported because the request parser does not support any scheme from MultipleDecisionProfile section 2.
*/
private static final Response UNSUPPORTED_COMBINED_DECISION_RESPONSE = new Response(Collections.<Result> singletonList(new Result(DecisionType.INDETERMINATE, new StatusHelper(
StatusHelper.STATUS_SYNTAX_ERROR, "Unsupported feature: CombinedDecision='true'"), null, null, null, null)));
private static final AttributeGUID ENVIRONMENT_CURRENT_TIME_ATTRIBUTE_GUID = new AttributeGUID(XACMLCategory.XACML_3_0_ENVIRONMENT_CATEGORY_ENVIRONMENT.value(), null,
XACMLAttributeId.XACML_1_0_ENVIRONMENT_CURRENT_TIME.value());
private static final AttributeGUID ENVIRONMENT_CURRENT_DATE_ATTRIBUTE_GUID = new AttributeGUID(XACMLCategory.XACML_3_0_ENVIRONMENT_CATEGORY_ENVIRONMENT.value(), null,
XACMLAttributeId.XACML_1_0_ENVIRONMENT_CURRENT_DATE.value());
private static final AttributeGUID ENVIRONMENT_CURRENT_DATETIME_ATTRIBUTE_GUID = new AttributeGUID(XACMLCategory.XACML_3_0_ENVIRONMENT_CATEGORY_ENVIRONMENT.value(), null,
XACMLAttributeId.XACML_1_0_ENVIRONMENT_CURRENT_DATETIME.value());
private static final DecisionResultFilter DEFAULT_RESULT_FILTER = new DecisionResultFilter()
{
private static final String ID = "urn:ow2:authzforce:feature:pdp:result-filter:default";
@Override
public String getId()
{
return ID;
}
@Override
public List<Result> filter(List<Result> results)
{
return results;
}
@Override
public boolean supportsMultipleDecisionCombining()
{
return false;
}
};
private final RootPolicyEvaluator rootPolicyEvaluator;
private final DecisionCache decisionCache;
private final RequestFilter reqFilter;
......
......@@ -143,7 +143,8 @@ public class SchemaHandler
*/
private static class OASISCatalogManager
{
private static final IllegalArgumentException ERROR_CREATING_CATALOG_RESOLVER_EXCEPTION = new IllegalArgumentException("Error creating org.apache.xml.resolver.tools.CatalogResolver for OASIS CatalogManager");
private static final IllegalArgumentException ERROR_CREATING_CATALOG_RESOLVER_EXCEPTION = new IllegalArgumentException(
"Error creating org.apache.xml.resolver.tools.CatalogResolver for OASIS CatalogManager");
private final static Logger _LOGGER = LoggerFactory.getLogger(OASISCatalogManager.class);
......@@ -430,13 +431,6 @@ public class SchemaHandler
private Schema schema;
private String catalogLocation;
/**
* Default empty constructor, needed for instantiation by Spring framework
*/
public SchemaHandler()
{
}
/**
* Sets (Spring-supported) locations to XML schema files
*
......
......@@ -41,6 +41,13 @@ import org.ow2.authzforce.core.pdp.impl.BaseDecisionResult;
*/
public final class DenyOverridesAlg extends BaseCombiningAlg<Decidable>
{
/**
* The standard URIs used to identify this algorithm
*/
private static final String[] SUPPORTED_IDENTIFIERS = { "urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides",
"urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides", "urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:ordered-deny-overrides",
"urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:ordered-deny-overrides" };
private static class Evaluator implements CombiningAlg.Evaluator
{
......@@ -155,11 +162,10 @@ public final class DenyOverridesAlg extends BaseCombiningAlg<Decidable>
}
}
/**
* The standard URIs used to identify this algorithm
*/
static final String[] SUPPORTED_IDENTIFIERS = { "urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides", "urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides",
"urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:ordered-deny-overrides", "urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:ordered-deny-overrides" };
private DenyOverridesAlg(String algId)
{
super(algId, Decidable.class);
}
/**
* Supported algorithms
......@@ -176,11 +182,6 @@ public final class DenyOverridesAlg extends BaseCombiningAlg<Decidable>
SET = new CombiningAlgSet(algSet);
}
private DenyOverridesAlg(String algId)
{
super(algId, Decidable.class);
}
/** {@inheritDoc} */
@Override
public CombiningAlg.Evaluator getInstance(List<CombiningAlgParameter<? extends Decidable>> params, List<? extends Decidable> combinedElements) throws UnsupportedOperationException,
......
......@@ -38,6 +38,11 @@ import org.ow2.authzforce.core.pdp.impl.BaseDecisionResult;
*/
public final class DenyUnlessPermitAlg extends BaseCombiningAlg<Decidable>
{
/**
* The standard URIs used to identify this algorithm; first one is for policy combinging, second one for rule combining.
*/
private static final String[] SUPPORTED_IDENTIFIERS = { "urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-unless-permit",
"urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-unless-permit" };
private static class Evaluator implements CombiningAlg.Evaluator
{
......@@ -73,7 +78,7 @@ public final class DenyUnlessPermitAlg extends BaseCombiningAlg<Decidable>
}
break;
default:
continue;
break;
}
}
......@@ -90,20 +95,14 @@ public final class DenyUnlessPermitAlg extends BaseCombiningAlg<Decidable>
return new Evaluator(combinedElements);
}
/**
* The standard URIs used to identify this algorithm; first one is for policy combinging, second one for rule combining.
*/
static final String[] SUPPORTED_IDENTIFIERS = { "urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-unless-permit",
"urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-unless-permit" };
private DenyUnlessPermitAlg(String algId)
{
super(algId, Decidable.class);
}
/**
* Supported algorithms
*/
public static final CombiningAlgSet SET = new CombiningAlgSet(new DenyUnlessPermitAlg(SUPPORTED_IDENTIFIERS[0]), new DenyUnlessPermitAlg(SUPPORTED_IDENTIFIERS[1]));
private DenyUnlessPermitAlg(String algId)
{
super(algId, Decidable.class);
}
}
......@@ -38,6 +38,12 @@ import org.ow2.authzforce.core.pdp.impl.BaseDecisionResult;
*/
public final class FirstApplicableAlg extends BaseCombiningAlg<Decidable>
{
/**
* The standard URIs used to identify this algorithm
*/
private static final String[] SUPPORTED_IDENTIFIERS = { "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:first-applicable",
"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable" };
private static class Evaluator implements CombiningAlg.Evaluator
{
......@@ -80,20 +86,14 @@ public final class FirstApplicableAlg extends BaseCombiningAlg<Decidable>
return new Evaluator(combinedElements);
}
/**
* The standard URIs used to identify this algorithm
*/
static final String[] SUPPORTED_IDENTIFIERS = { "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:first-applicable",
"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable" };
private FirstApplicableAlg(String algId)
{
super(algId, Decidable.class);
}
/**
* Supported algorithms
*/
public static final CombiningAlgSet SET = new CombiningAlgSet(new FirstApplicableAlg(SUPPORTED_IDENTIFIERS[0]), new FirstApplicableAlg(SUPPORTED_IDENTIFIERS[1]));
private FirstApplicableAlg(String algId)
{
super(algId, Decidable.class);
}
}
......@@ -41,8 +41,9 @@ public final class LegacyDenyOverridesAlg extends BaseCombiningAlg<Decidable>
/**
* The standard URIs used to identify this algorithm
*/
static final String[] SUPPORTED_IDENTIFIERS = { "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides", "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides",
"urn:oasis:names:tc:xacml:1.1:policy-combining-algorithm:ordered-deny-overrides", "urn:oasis:names:tc:xacml:1.1:rule-combining-algorithm:ordered-deny-overrides" };
private static final String[] SUPPORTED_IDENTIFIERS = { "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides",
"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides", "urn:oasis:names:tc:xacml:1.1:policy-combining-algorithm:ordered-deny-overrides",
"urn:oasis:names:tc:xacml:1.1:rule-combining-algorithm:ordered-deny-overrides" };
/**
* Supported algorithms
......
......@@ -41,7 +41,7 @@ public final class LegacyPermitOverridesAlg extends BaseCombiningAlg<Decidable>
/**
* The standard URIs used to identify this algorithm
*/
static final String[] SUPPORTED_IDENTIFIERS = { "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides",
private static final String[] SUPPORTED_IDENTIFIERS = { "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides",
"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides", "urn:oasis:names:tc:xacml:1.1:policy-combining-algorithm:ordered-permit-overrides",
"urn:oasis:names:tc:xacml:1.1:rule-combining-algorithm:ordered-permit-overrides" };
......