Commit a0527011 authored by cdanger's avatar cdanger

- com.sun.xacml.NotFunction -> org.ow2....LogicalNotFunction

- Upgraded dependency version for core-pdp-api: change DecisionResult
and EvaluationContext interface to provided attributes used in
evaluation and pass them to DecisionCache; also FunctionSet and
CombiningAlgSet removed 
parent 6aa7d024
......@@ -43,7 +43,7 @@
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-core-pdp-api</artifactId>
<version>5.0.0</version>
<version>5.0.1-SNAPSHOT</version>
</dependency>
<!-- /Authzforce dependencies -->
......
......@@ -20,6 +20,7 @@ package org.ow2.authzforce.core.pdp.impl;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Map.Entry;
......@@ -75,6 +76,12 @@ public class IndividualDecisionRequestContext implements EvaluationContext
*/
private final Map<AttributeSelectorId, Bag<?>> attributeSelectorResults;
// null if returning the used attributes was not requested in the constructor parameters
private final Set<AttributeGUID> usedNamedAttributeIdSet;
// null if returning the used attributes was not requested in the constructor parameters
private final Set<AttributeSelectorId> usedAttributeSelectorIdSet;
/**
* Constructs a new <code>IndividualDecisionRequestContext</code> based on the given request attributes and extra contents with support for XPath evaluation against Content element in Attributes
*
......@@ -85,13 +92,26 @@ public class IndividualDecisionRequestContext implements EvaluationContext
* extra contents by attribute category (equivalent to XACML Attributes/Content elements); null iff no Content in the attribute category.
* @param returnApplicablePolicyIdList
* true iff list of IDs of policies matched during evaluation must be returned
* @param returnUsedAttributes
* true iff the list of attributes used during evaluation may be requested by
*/
public IndividualDecisionRequestContext(Map<AttributeGUID, Bag<?>> namedAttributeMap, Map<String, XdmNode> extraContentsByAttributeCategory, boolean returnApplicablePolicyIdList)
public IndividualDecisionRequestContext(final Map<AttributeGUID, Bag<?>> namedAttributeMap, final Map<String, XdmNode> extraContentsByAttributeCategory,
final boolean returnApplicablePolicyIdList, final boolean returnUsedAttributes)
{
this.namedAttributes = namedAttributeMap == null ? new HashMap<AttributeGUID, Bag<?>>() : namedAttributeMap;
this.extraContentsByAttributeCategory = extraContentsByAttributeCategory;
this.attributeSelectorResults = extraContentsByAttributeCategory == null ? null : new HashMap<AttributeSelectorId, Bag<?>>();
this.isApplicablePolicyIdListReturned = returnApplicablePolicyIdList;
this.usedNamedAttributeIdSet = returnUsedAttributes ? new HashSet<AttributeGUID>() : null;
if (extraContentsByAttributeCategory == null)
{
this.attributeSelectorResults = null;
this.usedAttributeSelectorIdSet = returnUsedAttributes ? Collections.<AttributeSelectorId> emptySet() : null;
} else
{
this.attributeSelectorResults = new HashMap<>();
this.usedAttributeSelectorIdSet = returnUsedAttributes ? new HashSet<AttributeSelectorId>() : null;
}
}
/**
......@@ -99,16 +119,23 @@ public class IndividualDecisionRequestContext implements EvaluationContext
*
* @param individualDecisionReq
* individual decision request
* @param returnUsedAttributes
* true iff the list of attributes used during evaluation may be requested by
*/
public IndividualDecisionRequestContext(IndividualDecisionRequest individualDecisionReq)
public IndividualDecisionRequestContext(final IndividualDecisionRequest individualDecisionReq, final boolean returnUsedAttributes)
{
this(individualDecisionReq.getNamedAttributes(), individualDecisionReq.getExtraContentsByCategory(), individualDecisionReq.isApplicablePolicyIdentifiersReturned());
this(individualDecisionReq.getNamedAttributes(), individualDecisionReq.getExtraContentsByCategory(), individualDecisionReq.isApplicablePolicyIdListReturned(), returnUsedAttributes);
}
/** {@inheritDoc} */
@Override
public <AV extends AttributeValue> Bag<AV> getAttributeDesignatorResult(AttributeGUID attributeGUID, Datatype<AV> attributeDatatype) throws IndeterminateEvaluationException
public <AV extends AttributeValue> Bag<AV> getAttributeDesignatorResult(final AttributeGUID attributeGUID, final Datatype<AV> attributeDatatype) throws IndeterminateEvaluationException
{
if (usedNamedAttributeIdSet != null)
{
this.usedNamedAttributeIdSet.add(attributeGUID);
}
final Bag<?> bagResult = namedAttributes.get(attributeGUID);
if (bagResult == null)
{
......@@ -133,35 +160,35 @@ public class IndividualDecisionRequestContext implements EvaluationContext
/** {@inheritDoc} */
@Override
public boolean putAttributeDesignatorResultIfAbsent(AttributeGUID attributeGUID, Bag<?> result)
public boolean putAttributeDesignatorResultIfAbsent(final AttributeGUID id, final Bag<?> result)
{
if (namedAttributes.containsKey(attributeGUID))
if (namedAttributes.containsKey(id))
{
/*
* This should never happen, as getAttributeDesignatorResult() should have been called first (for same id) and returned this oldResult, and no further call to
* putAttributeDesignatorResultIfAbsent() in this case. In any case, we do not support setting a different result for same id (but different datatype URI/datatype class) in the same
* context
*/
LOGGER.warn("Attempt to override value of AttributeDesignator {} already set in evaluation context. Overriding value: {}", attributeGUID, result);
LOGGER.warn("Attempt to override value of AttributeDesignator {} already set in evaluation context. Overriding value: {}", id, result);
return false;
}
/*
* Attribute value cannot change during evaluation context, so if old value already there, put it back
*/
return namedAttributes.put(attributeGUID, result) == null;
return namedAttributes.put(id, result) == null;
}
/** {@inheritDoc} */
@Override
public XdmNode getAttributesContent(String category)
public XdmNode getAttributesContent(final String category)
{
return extraContentsByAttributeCategory == null ? null : extraContentsByAttributeCategory.get(category);
}
/** {@inheritDoc} */
@Override
public <V extends Value> V getVariableValue(String variableId, Datatype<V> expectedDatatype) throws IndeterminateEvaluationException
public <V extends Value> V getVariableValue(final String variableId, final Datatype<V> expectedDatatype) throws IndeterminateEvaluationException
{
final Value val = varValsById.get(variableId);
if (val == null)
......@@ -172,7 +199,7 @@ public class IndividualDecisionRequestContext implements EvaluationContext
try
{
return expectedDatatype.cast(val);
} catch (ClassCastException e)
} catch (final ClassCastException e)
{
throw new IndeterminateEvaluationException("Datatype of variable '" + variableId + "' in context does not match expected datatype: " + expectedDatatype,
StatusHelper.STATUS_PROCESSING_ERROR, e);
......@@ -181,7 +208,7 @@ public class IndividualDecisionRequestContext implements EvaluationContext
/** {@inheritDoc} */
@Override
public boolean putVariableIfAbsent(String variableId, Value value)
public boolean putVariableIfAbsent(final String variableId, final Value value)
{
if (varValsById.containsKey(variableId))
{
......@@ -194,15 +221,20 @@ public class IndividualDecisionRequestContext implements EvaluationContext
/** {@inheritDoc} */
@Override
public Value removeVariable(String variableId)
public Value removeVariable(final String variableId)
{
return varValsById.remove(variableId);
}
/** {@inheritDoc} */
@Override
public <AV extends AttributeValue> Bag<AV> getAttributeSelectorResult(AttributeSelectorId id, Datatype<AV> datatype) throws IndeterminateEvaluationException
public <AV extends AttributeValue> Bag<AV> getAttributeSelectorResult(final AttributeSelectorId id, final Datatype<AV> datatype) throws IndeterminateEvaluationException
{
if (usedAttributeSelectorIdSet != null)
{
this.usedAttributeSelectorIdSet.add(id);
}
if (attributeSelectorResults == null)
{
throw UNSUPPORTED_ATTRIBUTE_SELECTOR_EXCEPTION;
......@@ -232,7 +264,7 @@ public class IndividualDecisionRequestContext implements EvaluationContext
/** {@inheritDoc} */
@Override
public boolean putAttributeSelectorResultIfAbsent(AttributeSelectorId id, Bag<?> result) throws IndeterminateEvaluationException
public boolean putAttributeSelectorResultIfAbsent(final AttributeSelectorId id, final Bag<?> result) throws IndeterminateEvaluationException
{
if (attributeSelectorResults == null)
{
......@@ -250,28 +282,28 @@ public class IndividualDecisionRequestContext implements EvaluationContext
/** {@inheritDoc} */
@Override
public Object getOther(String key)
public Object getOther(final String key)
{
return updatableProperties.get(key);
}
/** {@inheritDoc} */
@Override
public boolean containsKey(String key)
public boolean containsKey(final String key)
{
return updatableProperties.containsKey(key);
}
/** {@inheritDoc} */
@Override
public void putOther(String key, Object val)
public void putOther(final String key, final Object val)
{
updatableProperties.put(key, val);
}
/** {@inheritDoc} */
@Override
public Object remove(String key)
public Object remove(final String key)
{
return updatableProperties.remove(key);
}
......@@ -290,4 +322,16 @@ public class IndividualDecisionRequestContext implements EvaluationContext
{
return isApplicablePolicyIdListReturned;
}
@Override
public Set<AttributeGUID> getUsedNamedAttributes()
{
return this.usedNamedAttributeIdSet;
}
@Override
public Set<AttributeSelectorId> getUsedExtraAttributeContents()
{
return this.usedAttributeSelectorIdSet;
}
}
......@@ -22,15 +22,6 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.xml.bind.JAXBElement;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Advice;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AssociatedAdvice;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.DecisionType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.IdReferenceType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Obligation;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Obligations;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyIdentifierList;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Result;
import org.ow2.authzforce.core.pdp.api.AttributeGUID;
......@@ -47,9 +38,6 @@ import org.ow2.authzforce.core.pdp.impl.policy.RootPolicyEvaluator;
*/
public abstract class IndividualDecisionRequestEvaluator
{
private static final Result PERMIT = new Result(DecisionType.PERMIT, null, null, null, null, null);
private static final Result DENY = new Result(DecisionType.DENY, null, null, null, null, null);
private final RootPolicyEvaluator rootPolicyEvaluator;
/**
......@@ -58,7 +46,7 @@ public abstract class IndividualDecisionRequestEvaluator
* @param rootPolicyEvaluator
* root policy evaluator that this request evaluator uses to evaluate individual decision request
*/
protected IndividualDecisionRequestEvaluator(RootPolicyEvaluator rootPolicyEvaluator)
protected IndividualDecisionRequestEvaluator(final RootPolicyEvaluator rootPolicyEvaluator)
{
assert rootPolicyEvaluator != null;
this.rootPolicyEvaluator = rootPolicyEvaluator;
......@@ -73,9 +61,11 @@ public abstract class IndividualDecisionRequestEvaluator
* a {@link org.ow2.authzforce.core.pdp.api.IndividualDecisionRequest} object.
* @param pdpIssuedAttributes
* a {@link java.util.Map} object.
* @param returnUsedAttributes
* true iff the list of attributes used for evaluation must be included in the result
* @return a {@link oasis.names.tc.xacml._3_0.core.schema.wd_17.Result} object.
*/
protected final Result evaluate(IndividualDecisionRequest request, Map<AttributeGUID, Bag<?>> pdpIssuedAttributes)
protected final DecisionResult evaluate(final IndividualDecisionRequest request, final Map<AttributeGUID, Bag<?>> pdpIssuedAttributes, final boolean returnUsedAttributes)
{
assert request != null;
......@@ -90,25 +80,9 @@ public abstract class IndividualDecisionRequestEvaluator
pdpEnhancedNamedAttributes.putAll(reqNamedAttributes);
}
final EvaluationContext ctx = new IndividualDecisionRequestContext(pdpEnhancedNamedAttributes, request.getExtraContentsByCategory(), request.isApplicablePolicyIdentifiersReturned());
final DecisionResult result = rootPolicyEvaluator.findAndEvaluate(ctx);
if (result == BaseDecisionResult.PERMIT)
{
return PERMIT;
}
if (result == BaseDecisionResult.DENY)
{
return DENY;
}
final List<Obligation> obligationList = result.getPepActions().getObligations();
final List<Advice> adviceList = result.getPepActions().getAdvices();
final List<JAXBElement<IdReferenceType>> applicablePolicyIdList = result.getApplicablePolicyIdList();
return new Result(result.getDecision(), result.getStatus(), obligationList == null || obligationList.isEmpty() ? null : new Obligations(obligationList), adviceList == null
|| adviceList.isEmpty() ? null : new AssociatedAdvice(adviceList), request.getReturnedAttributes(), applicablePolicyIdList == null || applicablePolicyIdList.isEmpty() ? null
: new PolicyIdentifierList(applicablePolicyIdList));
final EvaluationContext ctx = new IndividualDecisionRequestContext(pdpEnhancedNamedAttributes, request.getExtraContentsByCategory(), request.isApplicablePolicyIdListReturned(),
returnUsedAttributes);
return rootPolicyEvaluator.findAndEvaluate(ctx);
}
/**
......@@ -122,5 +96,6 @@ public abstract class IndividualDecisionRequestEvaluator
* a {@link java.util.Map} object.
* @return a {@link java.util.List} object.
*/
protected abstract List<Result> evaluate(List<? extends IndividualDecisionRequest> individualDecisionRequests, Map<AttributeGUID, Bag<?>> pdpIssuedAttributes);
protected abstract <INDIVIDUAL_DECISION_REQ_T extends IndividualDecisionRequest> List<Result> evaluate(List<INDIVIDUAL_DECISION_REQ_T> individualDecisionRequests,
Map<AttributeGUID, Bag<?>> pdpIssuedAttributes);
}
......@@ -52,7 +52,7 @@ public class MutableIndividualDecisionRequest implements IndividualDecisionReque
* @param returnPolicyIdList
* equivalent of XACML ReturnPolicyIdList
*/
public MutableIndividualDecisionRequest(boolean returnPolicyIdList)
public MutableIndividualDecisionRequest(final boolean returnPolicyIdList)
{
// these maps/lists may be updated later by put(...) method defined in this class
namedAttributes = new HashMap<>();
......@@ -67,7 +67,7 @@ public class MutableIndividualDecisionRequest implements IndividualDecisionReque
* @param baseRequest
* replicated existing request. Further changes to it are not reflected back to this new instance.
*/
public MutableIndividualDecisionRequest(IndividualDecisionRequest baseRequest)
public MutableIndividualDecisionRequest(final IndividualDecisionRequest baseRequest)
{
// these maps/lists may be updated later by put(...) method defined in this class
final Map<AttributeGUID, Bag<?>> baseNamedAttributes = baseRequest.getNamedAttributes();
......@@ -76,7 +76,7 @@ public class MutableIndividualDecisionRequest implements IndividualDecisionReque
namedAttributes = baseNamedAttributes == null ? new HashMap<AttributeGUID, Bag<?>>() : new HashMap<>(baseNamedAttributes);
extraContentsByCategory = baseExtraContentsByCategory == null ? new HashMap<String, XdmNode>() : new HashMap<>(baseExtraContentsByCategory);
attributesToIncludeInResult = baseReturnedAttributes == null ? new ArrayList<Attributes>() : new ArrayList<>(baseRequest.getReturnedAttributes());
returnApplicablePolicyIdList = baseRequest.isApplicablePolicyIdentifiersReturned();
returnApplicablePolicyIdList = baseRequest.isApplicablePolicyIdListReturned();
}
/**
......@@ -89,7 +89,7 @@ public class MutableIndividualDecisionRequest implements IndividualDecisionReque
* @throws java.lang.IllegalArgumentException
* if {@code categoryName} or {@code attributes} is null
*/
public void put(String categoryName, SingleCategoryAttributes<?> categorySpecificAttributes) throws IllegalArgumentException
public void put(final String categoryName, final SingleCategoryAttributes<?> categorySpecificAttributes) throws IllegalArgumentException
{
if (categoryName == null)
{
......@@ -159,7 +159,7 @@ public class MutableIndividualDecisionRequest implements IndividualDecisionReque
/** {@inheritDoc} */
@Override
public boolean isApplicablePolicyIdentifiersReturned()
public boolean isApplicablePolicyIdListReturned()
{
return returnApplicablePolicyIdList;
}
......
......@@ -38,6 +38,7 @@ import oasis.names.tc.xacml._3_0.core.schema.wd_17.Result;
import org.ow2.authzforce.core.pdp.api.AttributeGUID;
import org.ow2.authzforce.core.pdp.api.CloseablePDP;
import org.ow2.authzforce.core.pdp.api.DecisionCache;
import org.ow2.authzforce.core.pdp.api.DecisionResult;
import org.ow2.authzforce.core.pdp.api.DecisionResultFilter;
import org.ow2.authzforce.core.pdp.api.EnvironmentProperties;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
......@@ -103,7 +104,7 @@ public class PDPImpl implements CloseablePDP
}
@Override
public List<Result> filter(List<Result> results)
public List<Result> filter(final List<Result> results)
{
return results;
}
......@@ -118,13 +119,14 @@ public class PDPImpl implements CloseablePDP
private static class NonCachingIndividualDecisionRequestEvaluator extends IndividualDecisionRequestEvaluator
{
private NonCachingIndividualDecisionRequestEvaluator(RootPolicyEvaluator rootPolicyEvaluator)
private NonCachingIndividualDecisionRequestEvaluator(final RootPolicyEvaluator rootPolicyEvaluator)
{
super(rootPolicyEvaluator);
}
@Override
protected List<Result> evaluate(List<? extends IndividualDecisionRequest> individualDecisionRequests, Map<AttributeGUID, Bag<?>> pdpIssuedAttributes)
protected <INDIVIDUAL_DECISION_REQ_T extends IndividualDecisionRequest> List<Result> evaluate(final List<INDIVIDUAL_DECISION_REQ_T> individualDecisionRequests,
final Map<AttributeGUID, Bag<?>> pdpIssuedAttributes)
{
final List<Result> results = new ArrayList<>(individualDecisionRequests.size());
for (final IndividualDecisionRequest individuaDecisionRequest : individualDecisionRequests)
......@@ -134,8 +136,8 @@ public class PDPImpl implements CloseablePDP
throw new RuntimeException("One of the individual decision requests returned by the request filter is invalid (null).");
}
final Result result = evaluate(individuaDecisionRequest, pdpIssuedAttributes);
results.add(result);
final DecisionResult decisionResult = evaluate(individuaDecisionRequest, pdpIssuedAttributes, false);
results.add(decisionResult.toXACMLResult(individuaDecisionRequest.getReturnedAttributes()));
}
return results;
......@@ -153,7 +155,7 @@ public class PDPImpl implements CloseablePDP
private final DecisionCache decisionCache;
private CachingIndividualRequestEvaluator(RootPolicyEvaluator rootPolicyEvaluator, DecisionCache decisionCache)
private CachingIndividualRequestEvaluator(final RootPolicyEvaluator rootPolicyEvaluator, final DecisionCache decisionCache)
{
super(rootPolicyEvaluator);
assert decisionCache != null;
......@@ -161,9 +163,10 @@ public class PDPImpl implements CloseablePDP
}
@Override
public final List<Result> evaluate(List<? extends IndividualDecisionRequest> individualDecisionRequests, Map<AttributeGUID, Bag<?>> pdpIssuedAttributes)
public final <INDIVIDUAL_DECISION_REQ_T extends IndividualDecisionRequest> List<Result> evaluate(final List<INDIVIDUAL_DECISION_REQ_T> individualDecisionRequests,
final Map<AttributeGUID, Bag<?>> pdpIssuedAttributes)
{
final Map<IndividualDecisionRequest, Result> cachedResultsByRequest = decisionCache.getAll(individualDecisionRequests);
final Map<INDIVIDUAL_DECISION_REQ_T, DecisionResult> cachedResultsByRequest = decisionCache.getAll(individualDecisionRequests);
if (cachedResultsByRequest == null)
{
// error, return indeterminate result as only result
......@@ -184,30 +187,30 @@ public class PDPImpl implements CloseablePDP
return Collections.singletonList(INVALID_DECISION_CACHE_RESULT);
}
final Set<Entry<IndividualDecisionRequest, Result>> cachedRequestResultEntries = cachedResultsByRequest.entrySet();
final Set<Entry<INDIVIDUAL_DECISION_REQ_T, DecisionResult>> cachedRequestResultEntries = cachedResultsByRequest.entrySet();
final List<Result> results = new ArrayList<>(cachedRequestResultEntries.size());
final Map<IndividualDecisionRequest, Result> newResultsByRequest = new HashMap<>();
for (final Entry<IndividualDecisionRequest, Result> cachedRequestResultPair : cachedRequestResultEntries)
final Map<INDIVIDUAL_DECISION_REQ_T, DecisionResult> newResultsByRequest = new HashMap<>();
for (final Entry<INDIVIDUAL_DECISION_REQ_T, DecisionResult> cachedRequestResultPair : cachedRequestResultEntries)
{
final Result finalResult;
final Result cachedResult = cachedRequestResultPair.getValue();
final DecisionResult finalResult;
final INDIVIDUAL_DECISION_REQ_T individuaDecisionRequest = cachedRequestResultPair.getKey();
final DecisionResult cachedResult = cachedRequestResultPair.getValue();
if (cachedResult == null)
{
// result not in cache -> evaluate request
final IndividualDecisionRequest individuaDecisionRequest = cachedRequestResultPair.getKey();
if (individuaDecisionRequest == null)
{
throw new RuntimeException("One of the entry keys (individual decision request) returned by the decision cache implementation '" + decisionCache + "' is invalid (null).");
}
finalResult = super.evaluate(individuaDecisionRequest, pdpIssuedAttributes);
finalResult = evaluate(individuaDecisionRequest, pdpIssuedAttributes, true);
newResultsByRequest.put(individuaDecisionRequest, finalResult);
} else
{
finalResult = cachedResult;
}
results.add(finalResult);
results.add(finalResult.toXACMLResult(individuaDecisionRequest.getReturnedAttributes()));
}
decisionCache.putAll(newResultsByRequest);
......@@ -265,10 +268,11 @@ public class PDPImpl implements CloseablePDP
* error closing the root policy Provider when static resolution is to be used; or error closing the attribute Provider modules created from {@code jaxbAttributeProviderConfs}, when
* and before an {@link IllegalArgumentException} is raised
*/
public PDPImpl(DatatypeFactoryRegistry attributeFactory, FunctionRegistry functionRegistry, List<AbstractAttributeProvider> jaxbAttributeProviderConfs, int maxVariableReferenceDepth,
boolean enableXPath, CombiningAlgRegistry combiningAlgRegistry, AbstractPolicyProvider jaxbRootPolicyProviderConf, AbstractPolicyProvider jaxbRefPolicyProviderConf,
int maxPolicySetRefDepth, String requestFilterId, boolean strictAttributeIssuerMatch, DecisionResultFilter decisionResultFilter, AbstractDecisionCache jaxbDecisionCacheConf,
EnvironmentProperties environmentProperties) throws IllegalArgumentException, IOException
public PDPImpl(final DatatypeFactoryRegistry attributeFactory, final FunctionRegistry functionRegistry, final List<AbstractAttributeProvider> jaxbAttributeProviderConfs,
final int maxVariableReferenceDepth, final boolean enableXPath, final CombiningAlgRegistry combiningAlgRegistry, final AbstractPolicyProvider jaxbRootPolicyProviderConf,
final AbstractPolicyProvider jaxbRefPolicyProviderConf, final int maxPolicySetRefDepth, final String requestFilterId, final boolean strictAttributeIssuerMatch,
final DecisionResultFilter decisionResultFilter, final AbstractDecisionCache jaxbDecisionCacheConf, final EnvironmentProperties environmentProperties) throws IllegalArgumentException,
IOException
{
final RequestFilter.Factory requestFilterFactory = requestFilterId == null ? DefaultRequestFilter.LaxFilterFactory.INSTANCE : PdpExtensionLoader.getExtension(RequestFilter.Factory.class,
requestFilterId);
......@@ -306,7 +310,7 @@ public class PDPImpl implements CloseablePDP
/** {@inheritDoc} */
@Override
public List<Result> evaluate(List<? extends IndividualDecisionRequest> individualDecisionRequests)
public <R extends IndividualDecisionRequest> List<Result> evaluate(final List<R> individualDecisionRequests)
{
if (individualDecisionRequests == null)
{
......@@ -336,7 +340,7 @@ public class PDPImpl implements CloseablePDP
/** {@inheritDoc} */
@Override
public Response evaluate(Request request, Map<String, String> namespaceURIsByPrefix)
public Response evaluate(final Request request, final Map<String, String> namespaceURIsByPrefix)
{
if (request == null)
{
......@@ -363,7 +367,7 @@ public class PDPImpl implements CloseablePDP
try
{
individualDecisionRequests = reqFilter.filter(request, namespaceURIsByPrefix);
} catch (IndeterminateEvaluationException e)
} catch (final IndeterminateEvaluationException e)
{
LOGGER.info("Invalid or unsupported input XACML Request syntax", e);
return new Response(Collections.<Result> singletonList(new Result(DecisionType.INDETERMINATE, e.getStatus(), null, null, null, null)));
......@@ -386,7 +390,7 @@ public class PDPImpl implements CloseablePDP
/** {@inheritDoc} */
@Override
public Response evaluate(Request request)
public Response evaluate(final Request request)
{
return evaluate(request, null);
}
......
......@@ -65,7 +65,7 @@ public final class PdpBean implements PDP
* @throws java.lang.IllegalArgumentException
* if there is an unresolvable placeholder in {@code filePath}
*/
public void setConfigFile(String filePath) throws IllegalArgumentException
public void setConfigFile(final String filePath) throws IllegalArgumentException
{
confLocation = SystemPropertyUtils.resolvePlaceholders(filePath);
init();
......@@ -80,7 +80,7 @@ public final class PdpBean implements PDP
* @throws java.lang.IllegalArgumentException
* if there is an unresolvable placeholder in {@code filePath}
*/
public void setSchemaFile(String filePath) throws IllegalArgumentException
public void setSchemaFile(final String filePath) throws IllegalArgumentException
{
extSchemaLocation = SystemPropertyUtils.resolvePlaceholders(filePath);
init();
......@@ -95,7 +95,7 @@ public final class PdpBean implements PDP
* @throws java.lang.IllegalArgumentException
* if there is an unresolvable placeholder in {@code filePath}
*/
public void setCatalogFile(String filePath) throws IllegalArgumentException
public void setCatalogFile(final String filePath) throws IllegalArgumentException
{
catalogLocation = SystemPropertyUtils.resolvePlaceholders(filePath);
init();
......@@ -122,7 +122,7 @@ public final class PdpBean implements PDP
/** {@inheritDoc} */
@Override
public Response evaluate(Request request)
public Response evaluate(final Request request)
{
return evaluate(request, null);
}
......@@ -152,7 +152,7 @@ public final class PdpBean implements PDP
/** {@inheritDoc} */
@Override
public List<Result> evaluate(List<? extends IndividualDecisionRequest> individualDecisionRequests)
public <INDIVIDUAL_DECISION_REQUEST_T extends IndividualDecisionRequest> List<Result> evaluate(final List<INDIVIDUAL_DECISION_REQUEST_T> individualDecisionRequests)
{
checkInit();
return pdp.evaluate(individualDecisionRequests);
......@@ -160,7 +160,7 @@ public final class PdpBean implements PDP
/** {@inheritDoc} */
@Override
public Response evaluate(Request request, Map<String, String> namespaceURIsByPrefix)
public Response evaluate(final Request request, final Map<String, String> namespaceURIsByPrefix)
{
checkInit();
return pdp.evaluate(request, namespaceURIsByPrefix);
......
......@@ -36,7 +36,6 @@ import org.ow2.authzforce.core.pdp.api.combining.CombiningAlg;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgRegistry;
import org.ow2.authzforce.core.pdp.api.func.FirstOrderFunction;
import org.ow2.authzforce.core.pdp.api.func.Function;
import org.ow2.authzforce.core.pdp.api.func.FunctionSet;
import org.ow2.authzforce.core.pdp.api.value.Datatype;
import org.ow2.authzforce.core.pdp.api.value.DatatypeFactory;
import org.ow2.authzforce.core.pdp.api.value.DatatypeFactoryRegistry;
......@@ -75,7 +74,7 @@ public class PdpConfigurationParser
* @throws java.lang.IllegalArgumentException
* Invalid PDP configuration at {@code confLocation}
*/
public static PDPImpl getPDP(String confLocation) throws IOException, IllegalArgumentException
public static PDPImpl getPDP(final String confLocation) throws IOException, IllegalArgumentException
{
return getPDP(confLocation, null, null);
}
......@@ -127,7 +126,7 @@ public class PdpConfigurationParser
* @throws java.lang.IllegalArgumentException
* Invalid PDP configuration at {@code confLocation}
*/
public static PDPImpl getPDP(String confLocation, String catalogLocation, String extensionXsdLocation) throws IOException, IllegalArgumentException
public static PDPImpl getPDP(final String confLocation, final String catalogLocation, final String extensionXsdLocation) throws IOException, IllegalArgumentException
{
return getPDP(confLocation, new PdpModelHandler(catalogLocation, extensionXsdLocation));
}
......@@ -179,7 +178,7 @@ public class PdpConfigurationParser
* @throws java.lang.IllegalArgumentException
* Invalid PDP configuration at {@code confLocation}
*/
public static PDPImpl getPDP(File confFile, String catalogLocation, String extensionXsdLocation) throws IOException, IllegalArgumentException
public static PDPImpl getPDP(final File confFile, final String catalogLocation, final String extensionXsdLocation) throws IOException, IllegalArgumentException
{
return getPDP(confFile, new PdpModelHandler(catalogLocation, extensionXsdLocation));
}
......@@ -202,13 +201,13 @@ public class PdpConfigurationParser
* @throws java.lang.IllegalArgumentException
* Invalid PDP configuration at {@code confLocation}
*/
public static PDPImpl getPDP(String confLocation, PdpModelHandler modelHandler) throws IOException, IllegalArgumentException
public static PDPImpl getPDP(final String confLocation, final PdpModelHandler modelHandler) throws IOException, IllegalArgumentException
{
File confFile = null;
try
{
confFile = ResourceUtils.getFile(confLocation);
} catch (FileNotFoundException e)
} catch (final FileNotFoundException e)
{
throw new IllegalArgumentException("Invalid PDP configuration location: " + confLocation, e);
}
......@@ -233,7 +232,7 @@ public class PdpConfigurationParser
* @throws java.lang.IllegalArgumentException
* Invalid PDP configuration in {@code confFile}
*/
public static PDPImpl getPDP(File confFile, PdpModelHandler modelHandler) throws IOException, IllegalArgumentException
public static PDPImpl getPDP(final File confFile, final PdpModelHandler modelHandler) throws IOException, IllegalArgumentException
{
if (confFile == null || !confFile.exists())
{
......@@ -251,7 +250,7 @@ public class PdpConfigurationParser
try
{
pdpJaxbConf = modelHandler.unmarshal(new StreamSource(confFile), Pdp.class);
} catch (JAXBException e)
} catch (final JAXBException e)
{
throw new IllegalArgumentException("Invalid PDP configuration file", e);
}
......@@ -278,7 +277,7 @@ public class PdpConfigurationParser
* @throws java.io.IOException
* if any error occurred closing already created {@link Closeable} modules (policy Providers, attribute Providers, decision cache)
*/
public static PDPImpl getPDP(Pdp pdpJaxbConf, EnvironmentProperties envProps) throws IllegalArgumentException, IOException
public static PDPImpl getPDP(final Pdp pdpJaxbConf, final EnvironmentProperties envProps) throws IllegalArgumentException, IOException
{
/*
* Initialize all parameters of ExpressionFactoryImpl: attribute datatype factories, functions, etc.
......@@ -308,20 +307,6 @@ public class PdpConfigurationParser
functionRegistry.addFunction(function);
}
for (final String funcSetId : pdpJaxbConf.getFunctionSets())
{
final FunctionSet functionSet = PdpExtensionLoader.getExtension(FunctionSet.class, funcSetId);
for (final Function<?> function : functionSet.getSupportedFunctions())
{
if (!enableXPath && isXpathBased(function))
{
throw new IllegalArgumentException("XPath-based function not allowed (because configuration parameter 'enableXPath' = false): " + function);
}
functionRegistry.addFunction(function);
}
}
// Combining Algorithms
final CombiningAlgRegistry combiningAlgRegistry = new BaseCombiningAlgRegistry(pdpJaxbConf.isUseStandardCombiningAlgorithms() ? StandardCombiningAlgRegistry.INSTANCE : null);
for (final String algId : pdpJaxbConf.getCombiningAlgorithms())
......@@ -330,7 +315,7 @@ public class PdpConfigurationParser
try
{
alg = PdpExtensionLoader.getExtension(CombiningAlg.class, algId);
} catch (IllegalArgumentException e)
} catch (final IllegalArgumentException e)
{
throw new IllegalArgumentException("Unsupported combining algorithm: " + algId, e);
}
......@@ -350,7 +335,7 @@ public class PdpConfigurationParser
try
{
maxVarRefDepth = bigMaxVarRefDepth == null ? -1 : org.ow2.authzforce.core.pdp.api.value.IntegerValue.intValueExact(bigMaxVarRefDepth);
} catch (ArithmeticException e)
} catch (final ArithmeticException e)
{
throw new IllegalArgumentException("Invalid maxVariableRefDepth: " + bigMaxVarRefDepth, e);
}
......@@ -360,7 +345,7 @@ public class PdpConfigurationParser