Commit 8878b003 authored by cdanger's avatar cdanger
Browse files

Merge branch 'release/13.1.0'

parents ca792600 11a7eb78
language: java
jdk:
- openjdk8
after_success:
- bash <(curl -s https://codecov.io/bash)
......@@ -6,6 +6,25 @@ All notable changes to this project are documented in this file following the [K
- Issues reported on [OW2's JIRA](https://jira.ow2.org/browse/AUTHZFORCE/) are referenced in the form of `[JIRA-N]`, where N is the issue number.
- Issues reported on [OW2's GitLab](https://gitlab.ow2.org/authzforce/core/issues) are referenced in the form of `[GL-N]`, where N is the issue number.
## 13.1.0
### Changed
- Maven parent project version: 7.3.0
- Maven dependencies:
- authzforce-ce-core-pdp-api: 15.1.0
- Spring: 4.3.14.RELEASE
- logback-classic: 1.2.3
- authzforce-ce-xacml-json-model: 2.0.0
### Fixed
- Fixed #13: changed pdp-testutils module's dependencies:
- mongo-java-driver: 2.14.12 -> 3.5.0
- jongo: 1.3.0 -> 1.4.0
### Added
- PDP configuration schema (`pdp.xsd`) / StaticRefPolicyProvider XML type:
- Added support for recursive directory searching of policies, e.g. pattern '.../*/*.xml' for searching on two directory levels
- Added option to ignore old versions (keep only the latest) when multiple versions of same policy ID found: `ignoreOldVersions=true`
## 13.0.0
### Changed
......
......@@ -3,7 +3,7 @@
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-core</artifactId>
<version>13.0.0</version>
<version>13.1.0</version>
<relativePath>..</relativePath>
</parent>
<artifactId>authzforce-ce-core-pdp-cli</artifactId>
......@@ -30,12 +30,12 @@
<dependency>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-core-pdp-engine</artifactId>
<version>13.0.0</version>
<version>13.1.0</version>
</dependency>
<dependency>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-core-pdp-io-xacml-json</artifactId>
<version>13.0.0</version>
<version>13.1.0</version>
</dependency>
<dependency>
<groupId>org.testng</groupId>
......@@ -46,7 +46,7 @@
<dependency>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-core-pdp-testutils</artifactId>
<version>13.0.0</version>
<version>13.1.0</version>
<scope>test</scope>
</dependency>
</dependencies>
......
......@@ -27,9 +27,6 @@ import java.util.concurrent.Callable;
import javax.xml.bind.Marshaller;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Request;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Response;
import org.json.JSONObject;
import org.json.JSONTokener;
import org.ow2.authzforce.core.pdp.api.DecisionRequestPreprocessor;
......@@ -44,8 +41,10 @@ import org.ow2.authzforce.core.pdp.io.xacml.json.BaseXacmlJsonResultPostprocesso
import org.ow2.authzforce.core.pdp.io.xacml.json.IndividualXacmlJsonRequest;
import org.ow2.authzforce.core.pdp.io.xacml.json.SingleDecisionXacmlJsonRequestPreprocessor;
import org.ow2.authzforce.xacml.Xacml3JaxbHelper;
import org.ow2.authzforce.xacml.json.model.Xacml3JsonUtils;
import org.ow2.authzforce.xacml.json.model.XacmlJsonUtils;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Request;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Response;
import picocli.CommandLine;
import picocli.CommandLine.Command;
import picocli.CommandLine.Option;
......@@ -68,23 +67,25 @@ public final class PdpCommandLineCallable implements Callable<Void>
/*
* WARNING: do not make picocli-annoated fields final here! Known issue: https://github.com/remkop/picocli/issues/68. Planned to be fixed in release 2.1.0.
*/
@Option(names = { "-t", "--type" }, description = "Type of XACML request/response: 'XACML_XML' for XACML 3.0/XML (XACML core specification), 'XACML_JSON' for XACML 3.0/JSON (JSON Profile of XACML 3.0)")
private RequestType requestType = RequestType.XACML_XML;
@Option(names = { "-t",
"--type" }, description = "Type of XACML request/response: 'XACML_XML' for XACML 3.0/XML (XACML core specification), 'XACML_JSON' for XACML 3.0/JSON (JSON Profile of XACML 3.0)")
private final RequestType requestType = RequestType.XACML_XML;
@Parameters(index = "0", description = "Path to PDP configuration file, valid against schema located at https://github.com/authzforce/core/blob/release-X.Y.Z/pdp-engine/src/main/resources/pdp.xsd (X.Y.Z is the version provided by -v option)")
private File confFile;
@Option(names = { "-c", "--catalog" }, description = "Path to XML catalog for resolving schemas used in extensions XSD specified by -e option, required only if -e specified")
private String catalogLocation = null;
private final String catalogLocation = null;
@Option(names = { "-e", "--extensions" }, description = "Path to extensions XSD (contains XSD namespace imports for all extensions used in the PDP configuration), required only if using any extension in the PDP configuration file")
private String extensionXsdLocation = null;
@Option(names = { "-e",
"--extensions" }, description = "Path to extensions XSD (contains XSD namespace imports for all extensions used in the PDP configuration), required only if using any extension in the PDP configuration file")
private final String extensionXsdLocation = null;
@Parameters(index = "1", description = "XACML Request (format determined by -t option)")
private File reqFile;
@Option(names = { "-p", "--prettyprint" }, description = "Pretty-print output with line feeds and indentation")
private boolean formattedOutput = false;
private final boolean formattedOutput = false;
@Override
public Void call() throws Exception
......@@ -104,17 +105,17 @@ public final class PdpCommandLineCallable implements Callable<Void>
throw new IllegalArgumentException("Invalid XACML JSON Request file: " + reqFile + ". Expected root key: \"Request\"");
}
Xacml3JsonUtils.REQUEST_SCHEMA.validate(jsonRequest);
XacmlJsonUtils.REQUEST_SCHEMA.validate(jsonRequest);
}
final DecisionResultPostprocessor<IndividualXacmlJsonRequest, JSONObject> defaultResultPostproc = new BaseXacmlJsonResultPostprocessor(
configuration.getClientRequestErrorVerbosityLevel());
configuration.getClientRequestErrorVerbosityLevel());
final DecisionRequestPreprocessor<JSONObject, IndividualXacmlJsonRequest> defaultReqPreproc = SingleDecisionXacmlJsonRequestPreprocessor.LaxVariantFactory.INSTANCE.getInstance(
configuration.getAttributeValueFactoryRegistry(), configuration.isStrictAttributeIssuerMatchEnabled(), configuration.isXpathEnabled(), XmlUtils.SAXON_PROCESSOR,
defaultResultPostproc.getFeatures());
configuration.getAttributeValueFactoryRegistry(), configuration.isStrictAttributeIssuerMatchEnabled(), configuration.isXpathEnabled(), XmlUtils.SAXON_PROCESSOR,
defaultResultPostproc.getFeatures());
final PdpEngineInoutAdapter<JSONObject, JSONObject> jsonPdpEngineAdapter = PdpEngineAdapters.newInoutAdapter(JSONObject.class, JSONObject.class, configuration, defaultReqPreproc,
defaultResultPostproc);
defaultResultPostproc);
final JSONObject jsonResponse = jsonPdpEngineAdapter.evaluate(jsonRequest);
System.out.println(jsonResponse.toString(formattedOutput ? 4 : 0));
break;
......
......@@ -3,7 +3,7 @@
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-core</artifactId>
<version>13.0.0</version>
<version>13.1.0</version>
<relativePath>..</relativePath>
</parent>
<artifactId>authzforce-ce-core-pdp-engine</artifactId>
......
This diff is collapsed.
......@@ -35,7 +35,6 @@
preEvaluateDoc="false"
serializerFactory=""
errorListener="net.sf.saxon.lib.StandardErrorListener"
traceListener="net.sf.saxon.trace.XSLTTraceListener"
usePiDisableOutputEscaping="false"
validationWarnings="true" />
<serialization
......@@ -92,7 +91,7 @@
stylesheetParser="">
</xslt>
<xquery
version="1.1"
version="3.1"
allowUpdate="false"
errorListener="net.sf.saxon.StandardErrorListener"
moduleUriResolver="net.sf.saxon.lib.StandardModuleURIResolver"
......@@ -103,12 +102,5 @@
defaultElementNamespace=""
preserveBoundarySpace="false"
requiredContextItemType="document-node()"
emptyLeast="true" />
<!-- XSD occurrenceLimits property is not considered valid by SAXON 9.6 although it is in the doc:
http://www.saxonica.com/documentation9.6/index.html#!configuration/configuration-file/config-xsd
Bug reported here: https://saxonica.plan.io/issues/2731
-->
<xsd
version="1.1" />
emptyLeast="true" />
</configuration>
\ No newline at end of file
......@@ -3,7 +3,7 @@
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-core</artifactId>
<version>13.0.0</version>
<version>13.1.0</version>
<relativePath>..</relativePath>
</parent>
<artifactId>authzforce-ce-core-pdp-io-xacml-json</artifactId>
......@@ -21,7 +21,7 @@
<dependency>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-xacml-json-model</artifactId>
<version>1.1.0</version>
<version>2.0.0</version>
</dependency>
<dependency>
<groupId>org.ow2.authzforce</groupId>
......@@ -41,7 +41,7 @@
<dependency>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-core-pdp-testutils</artifactId>
<version>13.0.0</version>
<version>13.1.0</version>
<scope>test</scope>
</dependency>
</dependencies>
......
......@@ -44,7 +44,7 @@ import org.ow2.authzforce.core.pdp.io.xacml.json.XacmlJsonParsingUtils.ContentSk
import org.ow2.authzforce.core.pdp.io.xacml.json.XacmlJsonParsingUtils.FullXacmlJsonAttributesParserFactory;
import org.ow2.authzforce.core.pdp.io.xacml.json.XacmlJsonParsingUtils.NamedXacmlJsonAttributeParser;
import org.ow2.authzforce.xacml.identifiers.XacmlStatusCode;
import org.ow2.authzforce.xacml.json.model.Xacml3JsonUtils;
import org.ow2.authzforce.xacml.json.model.XacmlJsonUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
......@@ -208,7 +208,7 @@ public abstract class BaseXacmlJsonRequestPreprocessor implements DecisionReques
try
{
Xacml3JsonUtils.REQUEST_SCHEMA.validate(request);
XacmlJsonUtils.REQUEST_SCHEMA.validate(request);
}
catch (final ValidationException e)
{
......
......@@ -21,7 +21,6 @@ import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
......@@ -43,7 +42,7 @@ import org.ow2.authzforce.core.pdp.io.xacml.json.BaseXacmlJsonResultPostprocesso
import org.ow2.authzforce.core.pdp.io.xacml.json.SingleDecisionXacmlJsonRequestPreprocessor;
import org.ow2.authzforce.core.pdp.testutil.TestUtils;
import org.ow2.authzforce.xacml.json.model.LimitsCheckingJSONObject;
import org.ow2.authzforce.xacml.json.model.Xacml3JsonUtils;
import org.ow2.authzforce.xacml.json.model.XacmlJsonUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.ResourceUtils;
......@@ -132,11 +131,11 @@ public class JsonProfileConformanceV3Test
}
// normalize responses for comparison
final JSONObject normalizedExpectedResponse = Xacml3JsonUtils.canonicalizeResponse(expectedResponse);
final JSONObject normalizedActualResponse = Xacml3JsonUtils.canonicalizeResponse(actualResponseFromPDP);
final JSONObject normalizedExpectedResponse = XacmlJsonUtils.canonicalizeResponse(expectedResponse);
final JSONObject normalizedActualResponse = XacmlJsonUtils.canonicalizeResponse(actualResponseFromPDP);
Assert.assertTrue(normalizedActualResponse.similar(normalizedExpectedResponse),
"Test '" + testId + "' (StatusMessage/StatusDetail/nested StatusCode elements removed/ignored for comparison): expected: <" + normalizedExpectedResponse + "> ; actual: <"
+ normalizedActualResponse + ">");
"Test '" + testId + "' (StatusMessage/StatusDetail/nested StatusCode elements removed/ignored for comparison): expected: <" + normalizedExpectedResponse + "> ; actual: <"
+ normalizedActualResponse + ">");
}
public static Collection<Object[]> params(final String testResourcesRootDirectory) throws URISyntaxException, IOException
......@@ -176,7 +175,7 @@ public class JsonProfileConformanceV3Test
// Response file
final Path expectedRespFile = testDirectoryPath.resolve(EXPECTED_RESPONSE_FILENAME_SUFFIX);
final JSONObject expectedResponse;
try (final BufferedReader reader = new BufferedReader(new InputStreamReader(new FileInputStream(expectedRespFile.toFile()), StandardCharsets.UTF_8)))
try (final BufferedReader reader = Files.newBufferedReader(expectedRespFile, StandardCharsets.UTF_8))
{
expectedResponse = new LimitsCheckingJSONObject(reader, MAX_JSON_STRING_LENGTH, MAX_JSON_CHILDREN_COUNT, MAX_JSON_DEPTH);
if (!expectedResponse.has("Response"))
......@@ -184,7 +183,7 @@ public class JsonProfileConformanceV3Test
throw new IllegalArgumentException("Invalid XACML JSON Response file: " + expectedRespFile + ". Expected root key: \"Response\"");
}
Xacml3JsonUtils.RESPONSE_SCHEMA.validate(expectedResponse);
XacmlJsonUtils.RESPONSE_SCHEMA.validate(expectedResponse);
}
// Request file
......@@ -198,7 +197,7 @@ public class JsonProfileConformanceV3Test
throw new IllegalArgumentException("Invalid XACML JSON Request file: " + reqFile + ". Expected root key: \"Request\"");
}
Xacml3JsonUtils.REQUEST_SCHEMA.validate(jsonRequest);
XacmlJsonUtils.REQUEST_SCHEMA.validate(jsonRequest);
}
final Path rootPolicyFile = testDirectoryPath.resolve(ROOT_POLICY_FILENAME_SUFFIX);
......@@ -212,9 +211,9 @@ public class JsonProfileConformanceV3Test
* policies) at the moment. If some day, JSON Profile addresses policy format too, then we should do like in ConformanceV3fromV2 class from pdp-testutils package (policy syntax validation).
*/
final PdpEngineConfiguration pdpEngineConf = TestUtils.newPdpEngineConfiguration(rootPolicyFile.toUri().toURL().toString(),
Files.exists(refPoliciesDir) ? refPoliciesDir.toUri().toURL().toString() : null, ENABLE_XPATH,
Files.exists(attributeProviderConfFile) ? attributeProviderConfFile.toUri().toURL().toString() : null, SingleDecisionXacmlJsonRequestPreprocessor.LaxVariantFactory.ID,
BaseXacmlJsonResultPostprocessor.DefaultFactory.ID);
Files.exists(refPoliciesDir) ? refPoliciesDir.toUri().toURL().toString() : null, ENABLE_XPATH,
Files.exists(attributeProviderConfFile) ? attributeProviderConfFile.toUri().toURL().toString() : null, SingleDecisionXacmlJsonRequestPreprocessor.LaxVariantFactory.ID,
BaseXacmlJsonResultPostprocessor.DefaultFactory.ID);
try (final PdpEngineInoutAdapter<JSONObject, JSONObject> pdp = PdpEngineXacmlJsonAdapters.newXacmlJsonInoutAdapter(pdpEngineConf))
{
// this is an evaluation test with request/response (not a policy syntax check)
......
......@@ -3,7 +3,7 @@
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-core</artifactId>
<version>13.0.0</version>
<version>13.1.0</version>
<relativePath>..</relativePath>
</parent>
<artifactId>authzforce-ce-core-pdp-testutils</artifactId>
......@@ -23,32 +23,19 @@
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-core-pdp-engine</artifactId>
<version>13.0.0</version>
<version>13.1.0</version>
</dependency>
<dependency>
<groupId>org.mongodb</groupId>
<artifactId>mongo-java-driver</artifactId>
<!-- See this issue for compatibility with Jongo: https://github.com/bguerout/jongo/issues/254 -->
<version>2.14.2</version>
<!-- Version must match the one defined in Jongo's pom.xml -->
<version>3.5.0</version>
</dependency>
<!-- Jongo 1.3.0 depends on Jackson-databind 2.7.3 which is affected by CVE:
https://nvd.nist.gov/vuln/detail/CVE-2018-5968
The issue and pull request has been submitted to Jongo project:
https://github.com/bguerout/jongo/issues/327
Also affected by CVE: https://nvd.nist.gov/vuln/detail/CVE-2018-7489
TODO: fix again in jongo dependencies
-->
<!-- So let's force upgrade to 2.9.5 to fix it -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.9.5</version>
</dependency>
<dependency>
<groupId>org.jongo</groupId>
<artifactId>jongo</artifactId>
<version>1.3.0</version>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>junit</groupId>
......
......@@ -22,7 +22,6 @@ package org.ow2.authzforce.core.pdp.testutil.ext;
import java.io.IOException;
import java.io.StringReader;
import java.net.UnknownHostException;
import java.util.Deque;
import java.util.Map;
import java.util.Optional;
......@@ -89,11 +88,11 @@ public final class MongoDbRefPolicyProvider extends BaseStaticRefPolicyProvider
private final CombiningAlgRegistry combiningAlgRegistry;
private MongoDbRefPolicyProvider(final String id, final ServerAddress serverAddress, final String dbName, final String collectionName, final XmlnsFilteringParserFactory xacmlParserFactory,
final ExpressionFactory expressionFactory, final CombiningAlgRegistry combiningAlgRegistry, final int maxPolicySetRefDepth)
final ExpressionFactory expressionFactory, final CombiningAlgRegistry combiningAlgRegistry, final int maxPolicySetRefDepth)
{
super(maxPolicySetRefDepth);
assert id != null && !id.isEmpty() && dbName != null && !dbName.isEmpty() && collectionName != null && !collectionName.isEmpty() && xacmlParserFactory != null && expressionFactory != null
&& combiningAlgRegistry != null;
&& combiningAlgRegistry != null;
this.id = id;
this.dbClient = new MongoClient(serverAddress);
......@@ -116,13 +115,15 @@ public final class MongoDbRefPolicyProvider extends BaseStaticRefPolicyProvider
private static final IllegalArgumentException NULL_CONF_ARGUMENT_EXCEPTION = new IllegalArgumentException("PolicyProvider configuration undefined");
@Override
public Class<MongoDBBasedPolicyProvider> getJaxbClass() {
public Class<MongoDBBasedPolicyProvider> getJaxbClass()
{
return MongoDBBasedPolicyProvider.class;
}
@Override
public CloseableRefPolicyProvider getInstance(final MongoDBBasedPolicyProvider conf, final XmlnsFilteringParserFactory xmlParserFactory, final int maxPolicySetRefDepth,
final ExpressionFactory expressionFactory, final CombiningAlgRegistry combiningAlgRegistry, final EnvironmentProperties environmentProperties) throws IllegalArgumentException {
final ExpressionFactory expressionFactory, final CombiningAlgRegistry combiningAlgRegistry, final EnvironmentProperties environmentProperties) throws IllegalArgumentException
{
if (conf == null)
{
throw NULL_CONF_ARGUMENT_EXCEPTION;
......@@ -143,22 +144,16 @@ public final class MongoDbRefPolicyProvider extends BaseStaticRefPolicyProvider
throw ILLEGAL_COMBINING_ALG_REGISTRY_ARGUMENT_EXCEPTION;
}
final ServerAddress serverAddress;
try
{
serverAddress = new ServerAddress(conf.getServerHost(), conf.getServerPort());
} catch (final UnknownHostException e)
{
throw new IllegalArgumentException("Invalid database server host", e);
}
final ServerAddress serverAddress = new ServerAddress(conf.getServerHost(), conf.getServerPort());
return new MongoDbRefPolicyProvider(conf.getId(), serverAddress, conf.getDbName(), conf.getCollectionName(), xmlParserFactory, expressionFactory, combiningAlgRegistry,
maxPolicySetRefDepth);
maxPolicySetRefDepth);
}
}
@Override
public void close() throws IOException {
public void close() throws IOException
{
this.dbClient.close();
}
......@@ -177,7 +172,8 @@ public final class MongoDbRefPolicyProvider extends BaseStaticRefPolicyProvider
}
private PolicyQueryResult getJaxbPolicyElement(final String policyTypeId, final String policyId, final Optional<PolicyVersionPatterns> policyPolicyVersionPatterns)
throws IndeterminateEvaluationException {
throws IndeterminateEvaluationException
{
final Optional<PolicyVersionPattern> versionPattern;
if (policyPolicyVersionPatterns.isPresent())
{
......@@ -199,7 +195,8 @@ public final class MongoDbRefPolicyProvider extends BaseStaticRefPolicyProvider
}
versionPattern = nonNullPolicyPolicyVersionPatterns.getVersionPattern();
} else
}
else
{
versionPattern = Optional.empty();
}
......@@ -216,7 +213,8 @@ public final class MongoDbRefPolicyProvider extends BaseStaticRefPolicyProvider
if (versionLiteral != null)
{
policyPOJO = policyCollection.findOne("{type: #, id: #, version: #}", policyTypeId, policyId, versionLiteral.toString()).as(PolicyPojo.class);
} else
}
else
{
/*
* versionPattern is not a literal/constant version (contains wildcard '*' or '+') -> convert to PCRE regex for MongoDB server-side evaluation
......@@ -224,7 +222,8 @@ public final class MongoDbRefPolicyProvider extends BaseStaticRefPolicyProvider
final String regex = "^" + nonNullVersionPattern.toRegex() + "$";
policyPOJO = policyCollection.findOne("{type: #, id: #, version: { $regex: # }}", policyTypeId, policyId, regex).as(PolicyPojo.class);
}
} else
}
else
{
// no version pattern specified
policyPOJO = policyCollection.findOne("{type: #, id: #}", policyTypeId, policyId).as(PolicyPojo.class);
......@@ -239,7 +238,8 @@ public final class MongoDbRefPolicyProvider extends BaseStaticRefPolicyProvider
try
{
xacmlParser = xacmlParserFactory.getInstance();
} catch (final JAXBException e)
}
catch (final JAXBException e)
{
throw new IndeterminateEvaluationException("PolicyProvider " + id + ": Failed to create JAXB unmarshaller for XACML Policy(Set)", XacmlStatusCode.PROCESSING_ERROR.value(), e);
}
......@@ -252,18 +252,20 @@ public final class MongoDbRefPolicyProvider extends BaseStaticRefPolicyProvider
* TODO: support more efficient formats of XML content, e.g. gzipped XML, Fast Infoset, EXI.
*/
resultJaxbObj = xacmlParser.parse(xmlInputSrc);
} catch (final JAXBException e)
}
catch (final JAXBException e)
{
throw new IndeterminateEvaluationException(
"PolicyProvider " + id + ": failed to parse Policy(Set) XML document from 'content' value of the policy document " + policyPOJO + " retrieved from database",
XacmlStatusCode.PROCESSING_ERROR.value(), e);
"PolicyProvider " + id + ": failed to parse Policy(Set) XML document from 'content' value of the policy document " + policyPOJO + " retrieved from database",
XacmlStatusCode.PROCESSING_ERROR.value(), e);
}
return new PolicyQueryResult(policyPOJO, resultJaxbObj, xacmlParser.getNamespacePrefixUriMap());
}
@Override
public StaticTopLevelPolicyElementEvaluator getPolicy(final String policyId, final Optional<PolicyVersionPatterns> policyPolicyVersionPatterns) throws IndeterminateEvaluationException {
public StaticTopLevelPolicyElementEvaluator getPolicy(final String policyId, final Optional<PolicyVersionPatterns> policyPolicyVersionPatterns) throws IndeterminateEvaluationException
{
/*
* TODO: use a policy cache and check it before requesting the database.
*/
......@@ -279,8 +281,8 @@ public final class MongoDbRefPolicyProvider extends BaseStaticRefPolicyProvider
if (!(jaxbPolicyOrPolicySetObj instanceof Policy))
{
throw new IndeterminateEvaluationException("PolicyProvider " + id + ": 'content' of the policy document " + policyPOJO
+ " retrieved from database is not consistent with its 'type' (expected: Policy). Actual content type: " + jaxbPolicyOrPolicySetObj.getClass() + " (corrupted database?).",
XacmlStatusCode.PROCESSING_ERROR.value());
+ " retrieved from database is not consistent with its 'type' (expected: Policy). Actual content type: " + jaxbPolicyOrPolicySetObj.getClass() + " (corrupted database?).",
XacmlStatusCode.PROCESSING_ERROR.value());
}
final Policy jaxbPolicy = (Policy) jaxbPolicyOrPolicySetObj;
......@@ -288,20 +290,21 @@ public final class MongoDbRefPolicyProvider extends BaseStaticRefPolicyProvider
if (!contentPolicyId.equals(policyPOJO.getId()))
{
throw new IndeterminateEvaluationException("PolicyProvider " + id + ": PolicyId in 'content' of the policy document " + policyPOJO
+ " retrieved from database is not consistent with 'id'. Actual PolicyId: " + contentPolicyId + " (corrupted database?).", XacmlStatusCode.PROCESSING_ERROR.value());
+ " retrieved from database is not consistent with 'id'. Actual PolicyId: " + contentPolicyId + " (corrupted database?).", XacmlStatusCode.PROCESSING_ERROR.value());
}
final String contentPolicyVersion = jaxbPolicy.getVersion();
if (!contentPolicyVersion.equals(policyPOJO.getVersion()))
{
throw new IndeterminateEvaluationException("PolicyProvider " + id + ": Version in 'content' of the policy document " + policyPOJO
+ " retrieved from database is not consistent with 'version'. Actual Version: " + contentPolicyVersion + " (corrupted database?).", XacmlStatusCode.PROCESSING_ERROR.value());
+ " retrieved from database is not consistent with 'version'. Actual Version: " + contentPolicyVersion + " (corrupted database?).", XacmlStatusCode.PROCESSING_ERROR.value());
}
try
{
return PolicyEvaluators.getInstance(jaxbPolicy, null, nsPrefixUriMap, expressionFactory, combiningAlgRegistry);
} catch (final IllegalArgumentException e)
}
catch (final IllegalArgumentException e)
{
throw new IllegalArgumentException("Invalid Policy in 'content' of the policy document " + policyPOJO + " retrieved from database", e);
}
......@@ -309,7 +312,8 @@ public final class MongoDbRefPolicyProvider extends BaseStaticRefPolicyProvider
@Override
public StaticTopLevelPolicyElementEvaluator getPolicySet(final String policyId, final Optional<PolicyVersionPatterns> policyPolicyVersionPatterns, final Deque<String> policySetRefChain)
throws IndeterminateEvaluationException {
throws IndeterminateEvaluationException
{
/**
* TODO: use a policy cache and check it before requesting the database. If we found a matching policy in cache, and it is a policyset, we would check the depth of policy references as well:
* <p>
......@@ -327,8 +331,8 @@ public final class MongoDbRefPolicyProvider extends BaseStaticRefPolicyProvider
if (!(jaxbPolicyOrPolicySetObj instanceof PolicySet))
{
throw new IndeterminateEvaluationException("PolicyProvider " + id + ": 'content' of the policy document " + policyPOJO
+ " retrieved from database is not consistent with 'type' (expected: PolicySet). Actual content type: " + jaxbPolicyOrPolicySetObj.getClass() + " (corrupted database?).",
XacmlStatusCode.PROCESSING_ERROR.value());
+ " retrieved from database is not consistent with 'type' (expected: PolicySet). Actual content type: " + jaxbPolicyOrPolicySetObj.getClass() + " (corrupted database?).",
XacmlStatusCode.PROCESSING_ERROR.value());
}
final PolicySet jaxbPolicySet = (PolicySet) jaxbPolicyOrPolicySetObj;
......@@ -336,20 +340,21 @@ public final class MongoDbRefPolicyProvider extends BaseStaticRefPolicyProvider
if (!contentPolicyId.equals(policyPOJO.getId()))
{
throw new IndeterminateEvaluationException("PolicyProvider " + id + ": PolicyId in 'content' of the policy document " + policyPOJO
+ " retrieved from database is not consistent with 'id'. Actual PolicyId: " + contentPolicyId + " (corrupted database?).", XacmlStatusCode.PROCESSING_ERROR.value());
+ " retrieved from database is not consistent with 'id'. Actual PolicyId: " + contentPolicyId + " (corrupted database?).", XacmlStatusCode.PROCESSING_ERROR.value());
}
final String contentPolicyVersion = jaxbPolicySet.getVersion();
if (!contentPolicyVersion.equals(policyPOJO.getVersion()))
{
throw new IndeterminateEvaluationException("PolicyProvider " + id + ": Version in 'content' of the policy document " + policyPOJO
+ " retrieved from database is not consistent with 'version'. Actual Version: " + contentPolicyVersion + " (corrupted database?).", XacmlStatusCode.PROCESSING_ERROR.value());
+ " retrieved from database is not consistent with 'version'. Actual Version: " + contentPolicyVersion + " (corrupted database?).", XacmlStatusCode.PROCESSING_ERROR.value());
}
try
{
return PolicyEvaluators.getInstanceStatic(jaxbPolicySet, null, nsPrefixUriMap, expressionFactory, combiningAlgRegistry, this, policySetRefChain);
} catch (final IllegalArgumentException e)
}
catch (final IllegalArgumentException e)
{
throw new IndeterminateEvaluationException("Invalid PolicySet in 'content' of the policy document " + policyPOJO + " retrieved from database", XacmlStatusCode.PROCESSING_ERROR.value(), e);
}
......
......@@ -3,10 +3,10 @@
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-parent</artifactId>
<version>7.2.0</version>
<version>7.3.0</version>
</parent>
<artifactId>authzforce-ce-core</artifactId>
<version>13.0.0</version>
<version>13.1.0</version>