Commit a06326ee authored by cdanger's avatar cdanger
Browse files

Merge branch 'release/6.1.0'

parents 48179e21 9f6e1f73
......@@ -2,6 +2,17 @@
All notable changes to this project are documented in this file following the [Keep a CHANGELOG](http://keepachangelog.com) conventions.
## 6.1.0
### Changed
- Parent project version: 4.0.0 -> 4.1.1 => Changed dependency versions:
- Spring 4.3.4 -> 4.3.5,
- Saxon-HE 9.7.0-11 -> 9.7.0-14
- authzforce-ce-core-pdp-api dependency version: 8.0.0 -> 8.2.0
### Fixed
- Security issues reported by Find Security Bugs plugin
## 6.0.0
### Added
- Extension mechanism to switch HashMap/HashSet implementation; default implementation is based on native JRE and Guava.
......@@ -25,6 +36,7 @@ All notable changes to this project are documented in this file following the [K
- OW2 #AUTHZFORCE-23: enforcement of RuleId/PolicyId/PolicySetId uniqueness:
- PolicyId (resp. PolicySetId) should be unique across all policies loaded by PDP so that PolicyIdReferences (resp. PolicySetIdReferences) in Responses' PolicyIdentifierList are absolute references to applicable policies (no ambiguity).
- [RuleId should be unique within a policy](https://lists.oasis-open.org/archives/xacml/201310/msg00025.html) -> A rule is globally uniquely identified by the parent PolicyId and the RuleId.
- OW2 #AUTHZFORCE-25: NullPointerException when parsing Apply expressions using invalid/unsupported Function ID
## 5.0.2
......
<?xml version="1.0"?>
<!--
This file contains some false positive bugs detected by Findbugs. Their
false positive nature has been analyzed individually and they have been
put here to instruct Findbugs to ignore them.
-->
<FindBugsFilter>
<Match>
<!-- CRLF injection in logs is considered fixed in the logger configuration, e.g. logback.xml.
More info: https://github.com/find-sec-bugs/find-sec-bugs/issues/240
-->
<Bug pattern="CRLF_INJECTION_LOGS" />
</Match>
</FindBugsFilter>
\ No newline at end of file
......@@ -3,10 +3,10 @@
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-parent</artifactId>
<version>4.0.0</version>
<version>4.1.1</version>
</parent>
<artifactId>authzforce-ce-core</artifactId>
<version>6.0.0</version>
<version>6.1.0</version>
<name>${project.groupId}:${project.artifactId}</name>
<description>AuthZForce Community Edition - XACML-compliant Core Engine</description>
<url>https://tuleap.ow2.org/projects/authzforce</url>
......@@ -42,7 +42,7 @@
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-core-pdp-api</artifactId>
<version>8.0.0</version>
<version>8.2.0</version>
</dependency>
<!-- /Authzforce dependencies -->
......@@ -102,6 +102,9 @@
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<configuration>
<excludeFilterFile>findbugs-exclude-filter.xml</excludeFilterFile>
</configuration>
<executions>
<execution>
<phase>verify</phase>
......
/**
* Copyright (C) 2012-2016 Thales Services SAS.
* Copyright (C) 2012-2017 Thales Services SAS.
*
* This file is part of AuthZForce CE.
*
......
/**
* Copyright (C) 2012-2016 Thales Services SAS.
* Copyright (C) 2012-2017 Thales Services SAS.
*
* This file is part of AuthZForce CE.
*
......
/**
* Copyright (C) 2012-2016 Thales Services SAS.
* Copyright (C) 2012-2017 Thales Services SAS.
*
* This file is part of AuthZForce CE.
*
......
/**
* Copyright (C) 2012-2016 Thales Services SAS.
* Copyright (C) 2012-2017 Thales Services SAS.
*
* This file is part of AuthZForce CE.
*
......
/**
* Copyright (C) 2012-2016 Thales Services SAS.
* Copyright (C) 2012-2017 Thales Services SAS.
*
* This file is part of AuthZForce CE.
*
......
/**
* Copyright (C) 2012-2016 Thales Services SAS.
* Copyright (C) 2012-2017 Thales Services SAS.
*
* This file is part of AuthZForce CE.
*
......@@ -190,13 +190,13 @@ public final class CloseableAttributeProvider extends ModularAttributeProvider i
for (final AttributeDesignatorType attrDesignator : moduleAdapter.getProvidedAttributes())
{
final AttributeGUID attrGUID = new AttributeGUID(attrDesignator);
if (modulesByAttributeId.containsKey(attrGUID))
final AttributeProviderModule duplicate = modulesByAttributeId.putIfAbsent(attrGUID, moduleAdapter.getAdaptedModule());
if (duplicate != null)
{
moduleAdapter.close();
throw new IllegalArgumentException("Conflict: " + moduleAdapter + " providing the same AttributeDesignator (" + attrGUID + ") as another already registered.");
}
modulesByAttributeId.put(attrGUID, moduleAdapter.getAdaptedModule());
}
}
catch (final IllegalArgumentException e)
......
/**
* Copyright (C) 2012-2016 Thales Services SAS.
* Copyright (C) 2012-2017 Thales Services SAS.
*
* This file is part of AuthZForce CE.
*
......
/**
* Copyright (C) 2012-2016 Thales Services SAS.
* Copyright (C) 2012-2017 Thales Services SAS.
*
* This file is part of AuthZForce CE.
*
......@@ -137,11 +137,11 @@ public final class DefaultRequestFilter extends BaseRequestFilter
final XdmNode newContentNode = categorySpecificAttributes.getExtraContent();
if (newContentNode != null)
{
final XdmNode oldContentNode = extraContentsByCategory.put(categoryName, newContentNode);
final XdmNode duplicate = extraContentsByCategory.putIfAbsent(categoryName, newContentNode);
/*
* No support for Multiple Decision Profile -> no support for repeated categories as specified in Multiple Decision Profile. So we must check duplicate attribute categories.
*/
if (oldContentNode != null)
if (duplicate != null)
{
throw new IndeterminateEvaluationException("Unsupported repetition of Attributes[@Category='" + categoryName
+ "'] (feature 'urn:oasis:names:tc:xacml:3.0:profile:multiple:repeated-attribute-categories' is not supported)", StatusHelper.STATUS_SYNTAX_ERROR);
......
/**
* Copyright (C) 2012-2016 Thales Services SAS.
* Copyright (C) 2012-2017 Thales Services SAS.
*
* This file is part of AuthZForce CE.
*
......
/**
* Copyright (C) 2012-2016 Thales Services SAS.
* Copyright (C) 2012-2017 Thales Services SAS.
*
* This file is part of AuthZForce CE.
*
......@@ -161,7 +161,8 @@ public final class IndividualDecisionRequestContext implements EvaluationContext
@Override
public boolean putAttributeDesignatorResultIfAbsent(final AttributeGUID id, final Bag<?> result)
{
if (namedAttributes.containsKey(id))
final Bag<?> duplicate = namedAttributes.putIfAbsent(id, result);
if (duplicate != null)
{
/*
* This should never happen, as getAttributeDesignatorResult() should have been called first (for same id) and returned this oldResult, and no further call to
......@@ -175,7 +176,7 @@ public final class IndividualDecisionRequestContext implements EvaluationContext
/*
* Attribute value cannot change during evaluation context, so if old value already there, put it back
*/
return namedAttributes.put(id, result) == null;
return true;
}
/** {@inheritDoc} */
......@@ -210,13 +211,13 @@ public final class IndividualDecisionRequestContext implements EvaluationContext
@Override
public boolean putVariableIfAbsent(final String variableId, final Value value)
{
if (varValsById.containsKey(variableId))
if (varValsById.putIfAbsent(variableId, value) != null)
{
LOGGER.error("Attempt to override value of Variable '{}' already set in evaluation context. Overriding value: {}", variableId, value);
return false;
}
return varValsById.put(variableId, value) == null;
return true;
}
/** {@inheritDoc} */
......@@ -257,13 +258,13 @@ public final class IndividualDecisionRequestContext implements EvaluationContext
@Override
public boolean putAttributeSelectorResultIfAbsent(final AttributeSelectorId id, final Bag<?> result) throws IndeterminateEvaluationException
{
if (attributeSelectorResults.containsKey(id))
if (attributeSelectorResults.putIfAbsent(id, result) != null)
{
LOGGER.error("Attempt to override value of AttributeSelector {} already set in evaluation context. Overriding value: {}", id, result);
return false;
}
return attributeSelectorResults.put(id, result) == null;
return true;
}
/** {@inheritDoc} */
......
/**
* Copyright (C) 2012-2016 Thales Services SAS.
* Copyright (C) 2012-2017 Thales Services SAS.
*
* This file is part of AuthZForce CE.
*
......
/**
* Copyright (C) 2012-2016 Thales Services SAS.
* Copyright (C) 2012-2017 Thales Services SAS.
*
* This file is part of AuthZForce CE.
*
......@@ -86,7 +86,7 @@ public final class MatchEvaluator
final FunctionExpression matchFunction = expFactory.getFunction(matchId);
if (matchFunction == null)
{
throw new IllegalArgumentException("Unsupported function for MatchId: " + matchId);
throw new IllegalArgumentException("Unsupported function for MatchId: '" + matchId + "'");
}
// next, get the designator or selector being used, and the attribute
......
/**
* Copyright (C) 2012-2016 Thales Services SAS.
* Copyright (C) 2012-2017 Thales Services SAS.
*
* This file is part of AuthZForce CE.
*
......
/**
* Copyright (C) 2012-2016 Thales Services SAS.
* Copyright (C) 2012-2017 Thales Services SAS.
*
* This file is part of AuthZForce CE.
*
......
/**
* Copyright (C) 2012-2016 Thales Services SAS.
* Copyright (C) 2012-2017 Thales Services SAS.
*
* This file is part of AuthZForce CE.
*
......@@ -109,8 +109,8 @@ public final class MutableIndividualDecisionRequest implements IndividualDecisio
final XdmNode newContentNode = categorySpecificAttributes.getExtraContent();
if (newContentNode != null)
{
final XdmNode oldContentNode = extraContentsByCategory.put(categoryName, newContentNode);
if (oldContentNode != null)
final XdmNode duplicate = extraContentsByCategory.putIfAbsent(categoryName, newContentNode);
if (duplicate != null)
{
throw new IllegalArgumentException("Duplicate Attributes[@Category] in Individual Decision Request (not allowed): " + categoryName);
}
......
/**
* Copyright (C) 2012-2016 Thales Services SAS.
* Copyright (C) 2012-2017 Thales Services SAS.
*
* This file is part of AuthZForce CE.
*
......
/**
* Copyright (C) 2012-2016 Thales Services SAS.
* Copyright (C) 2012-2017 Thales Services SAS.
*
* This file is part of AuthZForce CE.
*
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment