Commit bbe4cc00 authored by Cyril Dangerville's avatar Cyril Dangerville

* Fixed unit tests, including the conformance files with systematic

XACML schema validation, as some of them were not XACML 3.0 compliant.
* New class DatatypeConstants to centralized all standard datatype
constants
* Generalized the notion of Expression value and datatype to bags
(formerly restricted to primitive datatypes) - new class BagDatatype
* Addded Bags utils class equivalent to Collections class to create
empty bag, singleton bag, etc.
* Removed xmlbeans dependency (replaced by use of Saxon for same
features)
* Improved logs in Rule evaluation
* Improved hashCode/equals/toString methods in most classes
* Fixed variable management: remove Policy-locally-defined variables
from context when done evaluating the policy
* Better management of Policy versions, in particular for
PolicyIdReference resolution
* Modified BooleanAttributeValue to avoid creating new instances of it
during evaluation
parent 0e05c041

Too many changes to show.

To preserve performance only 1000 of 1000+ files are displayed.

...@@ -52,13 +52,8 @@ ...@@ -52,13 +52,8 @@
<artifactId>logback-classic</artifactId> <artifactId>logback-classic</artifactId>
</dependency> </dependency>
<dependency> <dependency>
<!-- For validating certain entities of XACML standard datatypes actually defined by XML schema (e.g. anyURI type) --> <!-- For validating IP addresses (XACML IPAdress datatype), Domain names (XACML DNSName datatype),
<groupId>org.apache.xmlbeans</groupId> etc. without any DNS resolution -->
<artifactId>xmlbeans</artifactId>
<version>2.6.0</version>
</dependency>
<dependency>
<!-- For validating IP addresses (XACML IPAdress datatype), Domain names (XACML DNSName datatype), etc. without any DNS resolution -->
<groupId>com.google.guava</groupId> <groupId>com.google.guava</groupId>
<artifactId>guava</artifactId> <artifactId>guava</artifactId>
<version>18.0</version> <version>18.0</version>
...@@ -77,12 +72,6 @@ ...@@ -77,12 +72,6 @@
<!-- /Authzforce dependencies --> <!-- /Authzforce dependencies -->
<!-- Test dependencies --> <!-- Test dependencies -->
<!-- <dependency> -->
<!-- <groupId>commons-jxpath</groupId> -->
<!-- <artifactId>commons-jxpath</artifactId> -->
<!-- <version>1.3</version> -->
<!-- <scope>test</scope> -->
<!-- </dependency> -->
<dependency> <dependency>
<groupId>junit</groupId> <groupId>junit</groupId>
<artifactId>junit</artifactId> <artifactId>junit</artifactId>
...@@ -93,6 +82,39 @@ ...@@ -93,6 +82,39 @@
</dependencies> </dependencies>
<build> <build>
<plugins> <plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<version>3.5</version>
<configuration>
<targetJdk>1.7</targetJdk>
<excludeRoots>
<excludeRoot>target/generated-sources</excludeRoot>
<excludeRoot>target/generated-test-sources</excludeRoot>
</excludeRoots>
</configuration>
<executions>
<execution>
<phase>verify</phase>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<version>3.0.1</version>
<executions>
<execution>
<phase>verify</phase>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin> <plugin>
<!-- Apache license Headers --> <!-- Apache license Headers -->
<groupId>com.mycila</groupId> <groupId>com.mycila</groupId>
......
...@@ -43,6 +43,8 @@ import java.util.List; ...@@ -43,6 +43,8 @@ import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Map.Entry; import java.util.Map.Entry;
import javax.xml.datatype.XMLGregorianCalendar;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Request; import oasis.names.tc.xacml._3_0.core.schema.wd_17.Request;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Response; import oasis.names.tc.xacml._3_0.core.schema.wd_17.Response;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Result; import oasis.names.tc.xacml._3_0.core.schema.wd_17.Result;
...@@ -56,15 +58,16 @@ import com.thalesgroup.authzforce.core.DecisionResultFilter; ...@@ -56,15 +58,16 @@ import com.thalesgroup.authzforce.core.DecisionResultFilter;
import com.thalesgroup.authzforce.core.IndividualDecisionRequest; import com.thalesgroup.authzforce.core.IndividualDecisionRequest;
import com.thalesgroup.authzforce.core.RequestFilter; import com.thalesgroup.authzforce.core.RequestFilter;
import com.thalesgroup.authzforce.core.attr.AttributeGUID; import com.thalesgroup.authzforce.core.attr.AttributeGUID;
import com.thalesgroup.authzforce.core.attr.AttributeValue;
import com.thalesgroup.authzforce.core.attr.DateAttributeValue; import com.thalesgroup.authzforce.core.attr.DateAttributeValue;
import com.thalesgroup.authzforce.core.attr.DateTimeAttributeValue; import com.thalesgroup.authzforce.core.attr.DateTimeAttributeValue;
import com.thalesgroup.authzforce.core.attr.DatatypeConstants;
import com.thalesgroup.authzforce.core.attr.TimeAttributeValue; import com.thalesgroup.authzforce.core.attr.TimeAttributeValue;
import com.thalesgroup.authzforce.core.eval.BagResult; import com.thalesgroup.authzforce.core.eval.Bags;
import com.thalesgroup.authzforce.core.eval.DecisionResult; import com.thalesgroup.authzforce.core.eval.DecisionResult;
import com.thalesgroup.authzforce.core.eval.EvaluationContext; import com.thalesgroup.authzforce.core.eval.EvaluationContext;
import com.thalesgroup.authzforce.core.eval.IndeterminateEvaluationException; import com.thalesgroup.authzforce.core.eval.IndeterminateEvaluationException;
import com.thalesgroup.authzforce.core.eval.IndividualDecisionRequestContext; import com.thalesgroup.authzforce.core.eval.IndividualDecisionRequestContext;
import com.thalesgroup.authzforce.core.eval.Bag;
import com.thalesgroup.authzforce.core.policy.RootPolicyFinder; import com.thalesgroup.authzforce.core.policy.RootPolicyFinder;
import com.thalesgroup.authzforce.xacml.schema.XACMLAttributeId; import com.thalesgroup.authzforce.xacml.schema.XACMLAttributeId;
import com.thalesgroup.authzforce.xacml.schema.XACMLCategory; import com.thalesgroup.authzforce.xacml.schema.XACMLCategory;
...@@ -136,10 +139,10 @@ public class PDP implements Closeable ...@@ -136,10 +139,10 @@ public class PDP implements Closeable
private class IndividualDecisionRequestEvaluator private class IndividualDecisionRequestEvaluator
{ {
protected final Result evaluate(IndividualDecisionRequest request, Map<AttributeGUID, BagResult<? extends AttributeValue>> pdpIssuedAttributes) protected final Result evaluate(IndividualDecisionRequest request, Map<AttributeGUID, Bag<?>> pdpIssuedAttributes)
{ {
// convert to EvaluationContext // convert to EvaluationContext
final Map<AttributeGUID, BagResult<? extends AttributeValue>> namedAttributes = request.getNamedAttributes(); final Map<AttributeGUID, Bag<?>> namedAttributes = request.getNamedAttributes();
namedAttributes.putAll(pdpIssuedAttributes); namedAttributes.putAll(pdpIssuedAttributes);
final EvaluationContext ctx = new IndividualDecisionRequestContext(namedAttributes, request.getExtraContentsByCategory()); final EvaluationContext ctx = new IndividualDecisionRequestContext(namedAttributes, request.getExtraContentsByCategory());
final DecisionResult result = rootPolicyFinder.findAndEvaluate(ctx); final DecisionResult result = rootPolicyFinder.findAndEvaluate(ctx);
...@@ -147,7 +150,7 @@ public class PDP implements Closeable ...@@ -147,7 +150,7 @@ public class PDP implements Closeable
return result; return result;
} }
protected List<Result> evaluate(List<IndividualDecisionRequest> individualDecisionRequests, Map<AttributeGUID, BagResult<? extends AttributeValue>> pdpIssuedAttributes) protected List<Result> evaluate(List<IndividualDecisionRequest> individualDecisionRequests, Map<AttributeGUID, Bag<?>> pdpIssuedAttributes)
{ {
final List<Result> results = new ArrayList<>(); final List<Result> results = new ArrayList<>();
for (final IndividualDecisionRequest request : individualDecisionRequests) for (final IndividualDecisionRequest request : individualDecisionRequests)
...@@ -175,7 +178,7 @@ public class PDP implements Closeable ...@@ -175,7 +178,7 @@ public class PDP implements Closeable
} }
@Override @Override
protected final List<Result> evaluate(List<IndividualDecisionRequest> individualDecisionRequests, Map<AttributeGUID, BagResult<? extends AttributeValue>> pdpIssuedAttributes)