Commit aa856904 authored by cdanger's avatar cdanger

- Upgraded authzforce-ce-core-pdp-api dependency: 16.0.0

	- Changed PolicyProvider API. See CHANGELOG on core-pdp-api repository.
- Fixed #38 (GitHub)
	- Removed CoreRootPolicyProvider
	- Replaced CoreRefBasedRootPolicyProvider with CoreStaticPolicyProvider
parent 3bd192a8
......@@ -131,7 +131,7 @@ Then instantiate a PDP engine configuration with method [PdpEngineConfiguration#
```xml
<?xml version="1.0" encoding="UTF-8"?>
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/6.0" version="6.0.0">
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/7.0" version="7.0.0">
<rootPolicyProvider id="rootPolicyProvider" xsi:type="StaticRootPolicyProvider" policyLocation="${PARENT_DIR}/policy.xml" />
</pdp>
```
......
<?xml version="1.0" encoding="UTF-8"?>
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/6.0" version="6.0.0">
<rootPolicyProvider id="rootPolicyProvider" xsi:type="StaticRootPolicyProvider" policyLocation="${PARENT_DIR}/IIA001/Policy.xml" />
<ioProcChain>
<requestPreproc>urn:ow2:authzforce:feature:pdp:request-preproc:xacml-json:default-lax</requestPreproc>
<resultPostproc>urn:ow2:authzforce:feature:pdp:result-postproc:xacml-json:default</resultPostproc>
</ioProcChain>
<pdp
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://authzforce.github.io/core/xmlns/pdp/7.0"
version="7.0.0">
<policyProvider
id="rootPolicyProvider"
xsi:type="StaticPolicyProvider">
<policyLocation>${PARENT_DIR}/IIA001/Policy.xml</policyLocation>
</policyProvider>
<rootPolicyRef>urn:oasis:names:tc:xacml:2.0:conformance-test:IIA1:policy</rootPolicyRef>
<ioProcChain>
<requestPreproc>urn:ow2:authzforce:feature:pdp:request-preproc:xacml-json:default-lax</requestPreproc>
<resultPostproc>urn:ow2:authzforce:feature:pdp:result-postproc:xacml-json:default</resultPostproc>
</ioProcChain>
</pdp>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<project
xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.ow2.authzforce</groupId>
......
......@@ -42,7 +42,7 @@ import com.google.common.collect.ListMultimap;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
/**
* AttributeProvider that tries to resolve attributes in current request context first, else delegates to {@link DesignatedAttributeProvider}s.
* AttributeProvider that tries to resolve attributes in current request context first, else delegates to {@link NamedAttributeProvider}s.
*
* @version $Id: $
*/
......@@ -97,7 +97,8 @@ public class ModularAttributeProvider implements AttributeProvider
if (selectedAttributeSupport == null)
{
designatorModsByAttrId = attributeProviderModulesByAttributeId;
} else
}
else
{
final ListMultimap<AttributeFqn, NamedAttributeProvider> mutableModsByAttrIdMap = ArrayListMultimap.create(selectedAttributeSupport.size(), 1);
for (final AttributeDesignatorType requiredAttr : selectedAttributeSupport)
......@@ -206,7 +207,8 @@ public class ModularAttributeProvider implements AttributeProvider
LOGGER.debug("Values of attribute {}, type={} returned by attribute Provider module #{} (cached in context): {}", attributeFqn, datatype, attrProviders, result);
issuedToNonIssuedAttributeCopyMode.process(attributeFqn, result, context);
return result;
} catch (final IndeterminateEvaluationException e)
}
catch (final IndeterminateEvaluationException e)
{
/*
* This error does not necessarily matter, it depends on whether the attribute is required, i.e. MustBePresent=true for AttributeDesignator/Selector So we let
......@@ -248,7 +250,8 @@ public class ModularAttributeProvider implements AttributeProvider
*/
context.putNamedAttributeValueIfAbsent(attributeFqn, result);
return result;
} catch (final UnsupportedOperationException e)
}
catch (final UnsupportedOperationException e)
{
/*
* Should not happen, this is highly unexpected and should be considered a fatal error (it means the AttributeProvider does not respect its contract)
......
......@@ -32,8 +32,7 @@ import org.ow2.authzforce.core.pdp.api.JaxbBoundPdpExtension;
import org.ow2.authzforce.core.pdp.api.PdpExtension;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlg;
import org.ow2.authzforce.core.pdp.api.func.Function;
import org.ow2.authzforce.core.pdp.api.policy.CloseableRefPolicyProvider;
import org.ow2.authzforce.core.pdp.api.policy.RootPolicyProvider;
import org.ow2.authzforce.core.pdp.api.policy.CloseablePolicyProvider;
import org.ow2.authzforce.core.pdp.api.value.AttributeValueFactory;
import org.ow2.authzforce.xmlns.pdp.ext.AbstractAttributeProvider;
import org.ow2.authzforce.xmlns.pdp.ext.AbstractDecisionCache;
......@@ -97,7 +96,8 @@ public final class PdpExtensions
}
isValidExt = true;
} else
}
else
{
for (final Class<? extends PdpExtension> extClass : NON_JAXB_BOUND_EXTENSION_CLASSES)
{
......@@ -229,7 +229,7 @@ public final class PdpExtensions
* @throws java.lang.IllegalArgumentException
* if there is no extension of type {@link org.ow2.authzforce.core.pdp.api.policy.CloseableRefPolicyProvider.Factory} supporting {@code jaxbPdpExtensionClass}
*/
public static <REF_POLICY_PROVIDER_CONF extends AbstractPolicyProvider> CloseableRefPolicyProvider.Factory<REF_POLICY_PROVIDER_CONF> getRefPolicyProviderFactory(
public static <REF_POLICY_PROVIDER_CONF extends AbstractPolicyProvider> CloseablePolicyProvider.Factory<REF_POLICY_PROVIDER_CONF> getRefPolicyProviderFactory(
final Class<REF_POLICY_PROVIDER_CONF> jaxbConfClass) throws IllegalArgumentException
{
final JaxbBoundPdpExtension<REF_POLICY_PROVIDER_CONF> ext = (JaxbBoundPdpExtension<REF_POLICY_PROVIDER_CONF>) JAXB_BOUND_EXTENSIONS_BY_JAXB_CLASS.get(jaxbConfClass);
......@@ -238,43 +238,43 @@ public final class PdpExtensions
throw new IllegalArgumentException("No PDP extension found supporting JAXB (configuration) type: " + jaxbConfClass + ". Expected types: " + JAXB_BOUND_EXTENSIONS_BY_JAXB_CLASS.keySet());
}
if (!(ext instanceof CloseableRefPolicyProvider.Factory))
if (!(ext instanceof CloseablePolicyProvider.Factory))
{
throw new IllegalArgumentException(
"No PDP extension of type " + CloseableRefPolicyProvider.Factory.class + " (Reference-based Policy Provider factory) supporting JAXB/XML (configuration) type: " + jaxbConfClass);
"No PDP extension of type " + CloseablePolicyProvider.Factory.class + " (Reference-based Policy Provider factory) supporting JAXB/XML (configuration) type: " + jaxbConfClass);
}
return (CloseableRefPolicyProvider.Factory<REF_POLICY_PROVIDER_CONF>) ext;
return (CloseablePolicyProvider.Factory<REF_POLICY_PROVIDER_CONF>) ext;
}
/**
* Create RootPolicyProvider
* Create PolicyProvider
*
* @param jaxbConfClass
* XML-schema-derived type of policy provider configuration
*
* @return Root Policy Provider
* @return Policy Provider
* @throws java.lang.IllegalArgumentException
* if there is no extension of type {@link org.ow2.authzforce.core.pdp.api.policy.RootPolicyProvider.Factory} supporting {@code jaxbPdpExtensionClass} or invalid
* if there is no extension of type {@link org.ow2.authzforce.core.pdp.api.policy.CloseablePolicyProvider.Factory} supporting {@code jaxbPdpExtensionClass} or invalid
* {@code jaxbRootPolicyProviderConf}
*/
public static <ROOT_POLICY_PROVIDER_CONF extends AbstractPolicyProvider> RootPolicyProvider.Factory<ROOT_POLICY_PROVIDER_CONF> getRootPolicyProviderFactory(
final Class<ROOT_POLICY_PROVIDER_CONF> jaxbConfClass) throws IllegalArgumentException
public static <POLICY_PROVIDER_CONF extends AbstractPolicyProvider> CloseablePolicyProvider.Factory<POLICY_PROVIDER_CONF> getRootPolicyProviderFactory(
final Class<POLICY_PROVIDER_CONF> jaxbConfClass) throws IllegalArgumentException
{
final JaxbBoundPdpExtension<ROOT_POLICY_PROVIDER_CONF> ext = (JaxbBoundPdpExtension<ROOT_POLICY_PROVIDER_CONF>) JAXB_BOUND_EXTENSIONS_BY_JAXB_CLASS.get(jaxbConfClass);
final JaxbBoundPdpExtension<POLICY_PROVIDER_CONF> ext = (JaxbBoundPdpExtension<POLICY_PROVIDER_CONF>) JAXB_BOUND_EXTENSIONS_BY_JAXB_CLASS.get(jaxbConfClass);
if (ext == null)
{
throw new IllegalArgumentException("No PDP extension found supporting JAXB (configuration) type: " + jaxbConfClass + ". Expected types: " + JAXB_BOUND_EXTENSIONS_BY_JAXB_CLASS.keySet());
}
if (!(ext instanceof RootPolicyProvider.Factory))
if (!(ext instanceof CloseablePolicyProvider.Factory))
{
throw new IllegalArgumentException(
"No PDP extension of type " + RootPolicyProvider.Factory.class + " (Root Policy Provider factory) supporting JAXB/XML (configuration) type: " + jaxbConfClass);
"No PDP extension of type " + CloseablePolicyProvider.Factory.class + " (Policy Provider factory) supporting JAXB/XML (configuration) type: " + jaxbConfClass);
}
return (RootPolicyProvider.Factory<ROOT_POLICY_PROVIDER_CONF>) ext;
return (CloseablePolicyProvider.Factory<POLICY_PROVIDER_CONF>) ext;
}
/**
......
......@@ -56,12 +56,8 @@ public final class PepActionExpression
/**
* Constructor that takes all the data associated with an PEP action (obligation/advice) expression.
*
* @param pepActionFactory
* PEP action factory
* @param pepActionId
* the obligation's id
* @param appliesTo
* the type of decision to which the PEP action applies (ObligationExpression's FulfillOn / AdviceExpression's AppliesTo)
* @param isMandatory
* true iff the PEP action is mandatory (XACML Obligation, as opposed to Advice)
* @param jaxbAssignmentExps
......@@ -84,7 +80,8 @@ public final class PepActionExpression
if (jaxbAssignmentExps == null || jaxbAssignmentExps.isEmpty())
{
this.evaluatableAttributeAssignmentExpressions = Collections.emptyList();
} else
}
else
{
this.evaluatableAttributeAssignmentExpressions = new ArrayList<>(jaxbAssignmentExps.size());
for (final AttributeAssignmentExpression jaxbAttrAssignExp : jaxbAssignmentExps)
......@@ -93,7 +90,8 @@ public final class PepActionExpression
try
{
attrAssignExp = new AttributeAssignmentExpressionEvaluator(jaxbAttrAssignExp, xPathCompiler, expFactory);
} catch (final IllegalArgumentException e)
}
catch (final IllegalArgumentException e)
{
throw new IllegalArgumentException("Invalid " + toString + ": Invalid AttributeAssignmentExpression[@AttributeId=" + jaxbAttrAssignExp.getAttributeId() + "]", e);
}
......@@ -142,7 +140,8 @@ public final class PepActionExpression
{
attrAssignsFromExpr = attrAssignmentExpr.evaluate(context);
LOGGER.debug("{}/{} -> {}", this, attrAssignmentExpr, attrAssignsFromExpr);
} catch (final IndeterminateEvaluationException e)
}
catch (final IndeterminateEvaluationException e)
{
throw new IndeterminateEvaluationException(this + ": Error evaluating " + attrAssignmentExpr, e.getStatusCode(), e);
}
......
/**
* Copyright 2012-2019 THALES.
*
* This file is part of AuthzForce CE.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.ow2.authzforce.core.pdp.impl.policy;
import java.util.Optional;
import org.ow2.authzforce.core.pdp.api.EnvironmentProperties;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.XmlUtils.XmlnsFilteringParserFactory;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgRegistry;
import org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory;
import org.ow2.authzforce.core.pdp.api.policy.CloseableRefPolicyProvider;
import org.ow2.authzforce.core.pdp.api.policy.PolicyVersionPatterns;
import org.ow2.authzforce.core.pdp.api.policy.RootPolicyProvider;
import org.ow2.authzforce.core.pdp.api.policy.StaticRefPolicyProvider;
import org.ow2.authzforce.core.pdp.api.policy.StaticRootPolicyProvider;
import org.ow2.authzforce.core.pdp.api.policy.StaticTopLevelPolicyElementEvaluator;
import org.ow2.authzforce.core.pdp.api.policy.TopLevelPolicyElementType;
import org.ow2.authzforce.core.xmlns.pdp.StaticRefBasedRootPolicyProvider;
import com.google.common.base.Preconditions;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.IdReferenceType;
/**
* This Root policy provider retrieves the root policy from a {@link CloseableRefPolicyProvider} statically (once and for all), based on a XACML PolicySetIdReference.
*/
public class CoreRefBasedRootPolicyProvider implements StaticRootPolicyProvider
{
private static final String NULL_REF_POLICY_PROVIDER_CONF_MESSAGE = "Undefined refPolicyProvider. Root policy provider '" + CoreRefBasedRootPolicyProvider.class
+ "' requires a refPolicyProvider.";
private static final String ILLEGAL_XML_CONF_ARG_MESSAGE = "Undefined XML/JAXB configuration";
private static final String ILLEGAL_XACML_POLICY_REF_ARG_MESSAGE = "Undefined XACML PolicySetIdReference";
/**
* Provider factory
*
*/
public static class Factory extends RootPolicyProvider.Factory<StaticRefBasedRootPolicyProvider>
{
@Override
public Class<StaticRefBasedRootPolicyProvider> getJaxbClass() {
return StaticRefBasedRootPolicyProvider.class;
}
@Override
public RootPolicyProvider getInstance(final StaticRefBasedRootPolicyProvider jaxbConf, final XmlnsFilteringParserFactory xacmlParserFactory, final ExpressionFactory expressionFactory,
final CombiningAlgRegistry combiningAlgRegistry, final Optional<CloseableRefPolicyProvider> optionalRefPolicyProvider, final EnvironmentProperties environmentProperties) {
Preconditions.checkNotNull(jaxbConf, ILLEGAL_XML_CONF_ARG_MESSAGE);
Preconditions.checkArgument(optionalRefPolicyProvider.isPresent(), NULL_REF_POLICY_PROVIDER_CONF_MESSAGE);
return new CoreRefBasedRootPolicyProvider(jaxbConf.getPolicyRef(), optionalRefPolicyProvider.get());
}
}
private final StaticTopLevelPolicyElementEvaluator rootPolicy;
/**
* Creates instance with the root PolicySet retrieved from the refPolicyprovider once and for all
*
* @param policyRef
* Policy(Set)Id reference to be resolved by the {@code refPolicyProvider}
* @param refPolicyProvider
* (mandatory) Policy-by-reference Provider used by this Root Policy Provider to resolve policy references, if not null. If null, policy references are not supported.
* @throws IllegalArgumentException
* if {@code policyRef} is null/invalid, or if {@code refPolicyProvider == null || !(refPolicyProvider instanceof StaticRefPolicyProvider)} or no PolicySet matching {@code policyRef}
* could be resolved by the refPolicyProvider
*/
public CoreRefBasedRootPolicyProvider(final IdReferenceType policyRef, final CloseableRefPolicyProvider refPolicyProvider) throws IllegalArgumentException
{
Preconditions.checkNotNull(policyRef, ILLEGAL_XACML_POLICY_REF_ARG_MESSAGE);
Preconditions.checkNotNull(refPolicyProvider, NULL_REF_POLICY_PROVIDER_CONF_MESSAGE);
Preconditions.checkArgument(refPolicyProvider instanceof StaticRefPolicyProvider,
"RefPolicyProvider arg '" + refPolicyProvider + "' incompatible with " + CoreRefBasedRootPolicyProvider.class + ". Expected: instance of " + StaticRefPolicyProvider.class
+ ". Make sure the PDP extension of type " + CloseableRefPolicyProvider.Factory.class + " corresponding to the refPolicyProvider in PDP configuration can create instances of "
+ StaticRefPolicyProvider.class);
final String policySetId = policyRef.getValue();
final PolicyVersionPatterns PolicyVersionPatterns = new PolicyVersionPatterns(policyRef.getVersion(), policyRef.getEarliestVersion(), policyRef.getLatestVersion());
try
{
rootPolicy = ((StaticRefPolicyProvider) refPolicyProvider).get(TopLevelPolicyElementType.POLICY_SET, policySetId, Optional.of(PolicyVersionPatterns), null);
} catch (final IndeterminateEvaluationException e)
{
throw new IllegalArgumentException("Failed to find a root PolicySet with id = '" + policySetId + "', " + PolicyVersionPatterns, e);
}
if (rootPolicy == null)
{
throw new IllegalArgumentException("No policy found by the refPolicyProvider for the specified PolicySetIdReference: PolicySetId = '" + policySetId + "'; " + PolicyVersionPatterns);
}
}
@Override
public StaticTopLevelPolicyElementEvaluator getPolicy() {
return rootPolicy;
}
@Override
public void close() {
// Nothing to close - erase exception from the close() signature
}
}
......@@ -18,16 +18,21 @@
package org.ow2.authzforce.core.pdp.impl.policy;
import java.io.IOException;
import java.util.Optional;
import org.ow2.authzforce.core.pdp.api.DecisionResult;
import org.ow2.authzforce.core.pdp.api.DecisionResults;
import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory;
import org.ow2.authzforce.core.pdp.api.policy.CloseablePolicyProvider;
import org.ow2.authzforce.core.pdp.api.policy.CloseableStaticPolicyProvider;
import org.ow2.authzforce.core.pdp.api.policy.PolicyEvaluator;
import org.ow2.authzforce.core.pdp.api.policy.RootPolicyProvider;
import org.ow2.authzforce.core.pdp.api.policy.StaticRootPolicyProvider;
import org.ow2.authzforce.core.pdp.api.policy.PolicyVersionPatterns;
import org.ow2.authzforce.core.pdp.api.policy.StaticPolicyProvider;
import org.ow2.authzforce.core.pdp.api.policy.StaticTopLevelPolicyElementEvaluator;
import org.ow2.authzforce.core.pdp.api.policy.TopLevelPolicyElementEvaluator;
import org.ow2.authzforce.core.pdp.api.policy.TopLevelPolicyElementType;
import org.ow2.authzforce.xacml.identifiers.XacmlStatusCode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
......@@ -40,6 +45,25 @@ import org.slf4j.LoggerFactory;
*/
public final class RootPolicyEvaluators
{
private static <PE extends TopLevelPolicyElementEvaluator> PE getRootPolicyEvaluator(final CloseablePolicyProvider<PE> rootPolicyProvider,
final Optional<TopLevelPolicyElementType> rootPolicyElementType, final String rootPolicyId, final Optional<PolicyVersionPatterns> optRootPolicyVersionPatterns,
final EvaluationContext context, final Logger logger) throws IllegalArgumentException, IndeterminateEvaluationException
{
if (rootPolicyElementType.isPresent())
{
return rootPolicyProvider.get(rootPolicyElementType.get(), rootPolicyId, optRootPolicyVersionPatterns, null, context);
}
final PE xacmlPolicyEvaluator = rootPolicyProvider.get(TopLevelPolicyElementType.POLICY, rootPolicyId, optRootPolicyVersionPatterns, null, context);
if (xacmlPolicyEvaluator != null)
{
logger.debug("Root policy element type undefined. Searched for XACML Policy first and found.");
return xacmlPolicyEvaluator;
}
logger.debug("Root policy element type undefined. Searched for XACML Policy, not found. Searching for XACML PolicySet...");
return rootPolicyProvider.get(TopLevelPolicyElementType.POLICY_SET, rootPolicyId, optRootPolicyVersionPatterns, null, context);
}
/**
* Root Policy Evaluator base implementation.
......@@ -51,7 +75,11 @@ public final class RootPolicyEvaluators
private static final Logger LOGGER = LoggerFactory.getLogger(Base.class);
private final RootPolicyProvider rootPolicyProvider;
private final CloseablePolicyProvider<?> rootPolicyProvider;
private final Optional<TopLevelPolicyElementType> rootPolicyElementType;
private final String rootPolicyId;
private final Optional<PolicyVersionPatterns> optRootPolicyVersionPatterns;
private transient final ExpressionFactory expressionFactory;
......@@ -66,29 +94,39 @@ public final class RootPolicyEvaluators
* @param xacmlExpressionFactory
* XACML expression factory
*
* @param rootPolicyProvider
* @param policyProvider
* Root Policy Provider - mandatory
* @param rootPolicyElementType
* type of root policy element (XACML Policy or XACML PolicySet)
* @param rootPolicyId
* root Policy(Set) ID
* @param optRootPolicyVersionPatterns
* root policy version patterns to be matched
*
* @throws java.lang.IllegalArgumentException
* If {@code expressionFactory == null || rootPolicyProvider == null}
*/
public Base(final ExpressionFactory xacmlExpressionFactory, final RootPolicyProvider rootPolicyProvider) throws IllegalArgumentException
public Base(final CloseablePolicyProvider<?> policyProvider, final Optional<TopLevelPolicyElementType> rootPolicyElementType, final String rootPolicyId,
final Optional<PolicyVersionPatterns> optRootPolicyVersionPatterns, final ExpressionFactory xacmlExpressionFactory) throws IllegalArgumentException
{
if (xacmlExpressionFactory == null)
{
throw NULL_EXPRESSIONFACTORY_ARGUMENT_EXCEPTION;
}
if (rootPolicyProvider == null)
if (policyProvider == null)
{
throw NULL_ROOTPOLICYPROVIDER_ARGUMENT_EXCEPTION;
}
this.rootPolicyProvider = policyProvider;
this.isRootPolicyProviderStatic = rootPolicyProvider instanceof StaticPolicyProvider;
this.rootPolicyElementType = rootPolicyElementType;
this.rootPolicyId = rootPolicyId;
this.optRootPolicyVersionPatterns = optRootPolicyVersionPatterns;
// Initialize ExpressionFactory
this.expressionFactory = xacmlExpressionFactory;
this.rootPolicyProvider = rootPolicyProvider;
this.isRootPolicyProviderStatic = rootPolicyProvider instanceof StaticRootPolicyProvider;
}
@Override
......@@ -101,10 +139,10 @@ public final class RootPolicyEvaluators
@Override
public DecisionResult findAndEvaluate(final EvaluationContext context)
{
final PolicyEvaluator policy;
final PolicyEvaluator policyEvaluator;
try
{
policy = rootPolicyProvider.getPolicy(context);
policyEvaluator = getRootPolicyEvaluator(this.rootPolicyProvider, this.rootPolicyElementType, this.rootPolicyId, this.optRootPolicyVersionPatterns, context, LOGGER);
}
catch (final IndeterminateEvaluationException e)
{
......@@ -117,12 +155,12 @@ public final class RootPolicyEvaluators
return DecisionResults.newIndeterminate(null, new IndeterminateEvaluationException(e.getMessage(), XacmlStatusCode.PROCESSING_ERROR.value()), null);
}
if (policy == null)
if (policyEvaluator == null)
{
return DecisionResults.SIMPLE_NOT_APPLICABLE;
}
return policy.evaluate(context, true);
return policyEvaluator.evaluate(context, true);
}
@Override
......@@ -138,18 +176,21 @@ public final class RootPolicyEvaluators
*
* @return static view of this policy evaluator; or null if none could be created because the internal root policy provider depends on the evaluation context to find the root policy (no static
* resolution is possible). If not null, this evaluator's policy provider responsible for finding the policy in {@link #findAndEvaluate(EvaluationContext)} is closed (calling
* {@link RootPolicyProvider#close()} and therefore not useable anymore. The resulting static view must be used instead.
* {@link CloseableStaticPolicyProvider#close()} and therefore not useable anymore. The resulting static view must be used instead.
* @throws IOException
* error closing the evaluator's policy provider responsible for finding the policy in {@link #findAndEvaluate(EvaluationContext)}
* @throws IndeterminateEvaluationException
* if error resolving the policy
*/
public RootPolicyEvaluator toStatic() throws IOException
public RootPolicyEvaluator toStatic() throws IOException, IndeterminateEvaluationException
{
/*
* If staticView not yet initialized and root policy provider is actually static (in which case staticView can be initialized)
*/
if (staticView == null && isRootPolicyProviderStatic)
{
staticView = new StaticView((StaticRootPolicyProvider) rootPolicyProvider, this.expressionFactory);
staticView = new StaticView((CloseableStaticPolicyProvider) rootPolicyProvider, this.rootPolicyElementType, this.rootPolicyId, this.optRootPolicyVersionPatterns,
this.expressionFactory);
}
return staticView;
......@@ -164,18 +205,26 @@ public final class RootPolicyEvaluators
*/
static class StaticView implements RootPolicyEvaluator
{
private static final Logger LOGGER = LoggerFactory.getLogger(StaticView.class);
private final StaticTopLevelPolicyElementEvaluator staticRootPolicyEvaluator;
private final ExpressionFactory expressionFactory;
private transient final FlattenedPolicyTree staticApplicablePolicies;
private StaticView(final StaticRootPolicyProvider staticProvider, final ExpressionFactory expressionFactoryForClosing) throws IOException
private StaticView(final CloseableStaticPolicyProvider staticPolicyProvider, final Optional<TopLevelPolicyElementType> rootPolicyElementType, final String rootPolicyId,
final Optional<PolicyVersionPatterns> optRootPolicyVersionPatterns, final ExpressionFactory expressionFactoryForClosing) throws IOException, IndeterminateEvaluationException
{
assert staticProvider != null && expressionFactoryForClosing != null;
assert staticPolicyProvider != null && expressionFactoryForClosing != null;
this.expressionFactory = expressionFactoryForClosing;
this.staticRootPolicyEvaluator = staticProvider.getPolicy();
this.staticRootPolicyEvaluator = getRootPolicyEvaluator(staticPolicyProvider, rootPolicyElementType, rootPolicyId, optRootPolicyVersionPatterns, null, LOGGER);
if (this.staticRootPolicyEvaluator == null)
{
throw new IllegalArgumentException("No such " + (rootPolicyElementType.isPresent() ? rootPolicyElementType.get() : "Policy(Set)") + " found: ID = '" + rootPolicyId + "'"
+ (optRootPolicyVersionPatterns.isPresent() ? ", version pattern = " + optRootPolicyVersionPatterns.get() : ""));
}
this.staticApplicablePolicies = new FlattenedPolicyTree(staticRootPolicyEvaluator.getPrimaryPolicyMetadata(), staticRootPolicyEvaluator.getPolicyRefsMetadata());
staticProvider.close();
staticPolicyProvider.close();
}
@Override
......
org.ow2.authzforce.core.pdp.impl.policy.CoreRootPolicyProvider$Factory
org.ow2.authzforce.core.pdp.impl.policy.CoreRefPolicyProvider$Factory
org.ow2.authzforce.core.pdp.impl.policy.CoreRefBasedRootPolicyProvider$Factory
org.ow2.authzforce.core.pdp.impl.policy.CoreStaticPolicyProvider$Factory
org.ow2.authzforce.core.pdp.impl.io.SingleDecisionXacmlJaxbRequestPreprocessor$LaxVariantFactory
org.ow2.authzforce.core.pdp.impl.io.SingleDecisionXacmlJaxbRequestPreprocessor$StrictVariantFactory
org.ow2.authzforce.core.pdp.impl.io.MultiDecisionXacmlJaxbRequestPreprocessor$LaxVariantFactory
......
This diff is collapsed.
......@@ -31,6 +31,7 @@ import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Optional;
import javax.xml.bind.JAXBException;
......@@ -76,7 +77,7 @@ public class JsonProfileConformanceV3Test
* Suffix of name of directory containing files of XACML Policy(Set) that can be referenced from root policy via Policy(Set)IdReference. The actual directory name is the concatenation of the test
* ID and this suffix.
*/
public final static String REF_POLICIES_DIRNAME_SUFFIX = "Repository";
public final static String POLICIES_DIRNAME_SUFFIX = "Policies";
/**
* Suffix of filename of an AttributeProvider configuration. The actual filename is the concatenation of the test ID and this suffix.
......@@ -201,19 +202,20 @@ public class JsonProfileConformanceV3Test
}
final Path rootPolicyFile = testDirectoryPath.resolve(ROOT_POLICY_FILENAME_SUFFIX);
// referenced policies if any
final Path refPoliciesDir = testDirectoryPath.resolve(REF_POLICIES_DIRNAME_SUFFIX);
final Path policiesDir = testDirectoryPath.resolve(POLICIES_DIRNAME_SUFFIX);
final Path attributeProviderConfFile = testDirectoryPath.resolve(ATTRIBUTE_PROVIDER_FILENAME_SUFFIX);
final Optional<Path> optAttProviderConfFile = Files.exists(attributeProviderConfFile) ? Optional.of(attributeProviderConfFile) : Optional.empty();
/*
* So far we assume the PDP engine configuration files are valid, because for the moment we only test Request/Response in JSON Profile since JSON Profile only applies to these elements (not to
* policies) at the moment. If some day, JSON Profile addresses policy format too, then we should do like in ConformanceV3fromV2 class from pdp-testutils package (policy syntax validation).
*/
final PdpEngineConfiguration pdpEngineConf = TestUtils.newPdpEngineConfiguration(rootPolicyFile.toUri().toURL().toString(),
Files.exists(refPoliciesDir) ? refPoliciesDir.toUri().toURL().toString() : null, ENABLE_XPATH,
Files.exists(attributeProviderConfFile) ? attributeProviderConfFile.toUri().toURL().toString() : null, SingleDecisionXacmlJsonRequestPreprocessor.LaxVariantFactory.ID,
BaseXacmlJsonResultPostprocessor.DefaultFactory.ID);
final PdpEngineConfiguration pdpEngineConf = Files.exists(policiesDir)
? TestUtils.newPdpEngineConfiguration(TestUtils.getPolicyRef(rootPolicyFile), policiesDir, ENABLE_XPATH, optAttProviderConfFile, null, null)
: TestUtils.newPdpEngineConfiguration(rootPolicyFile, ENABLE_XPATH, optAttProviderConfFile, SingleDecisionXacmlJsonRequestPreprocessor.LaxVariantFactory.ID,
BaseXacmlJsonResultPostprocessor.DefaultFactory.ID);
try (final PdpEngineInoutAdapter<JSONObject, JSONObject> pdp = PdpEngineXacmlJsonAdapters.newXacmlJsonInoutAdapter(pdpEngineConf))
{
// this is an evaluation test with request/response (not a policy syntax check)
......
......@@ -36,8 +36,8 @@ import org.ow2.authzforce.core.pdp.api.XmlUtils.XmlnsFilteringParser;
import org.ow2.authzforce.core.pdp.api.XmlUtils.XmlnsFilteringParserFactory;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgRegistry;
import org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory;
import org.ow2.authzforce.core.pdp.api.policy.BaseStaticRefPolicyProvider;