Commit bd5c2834 authored by cdanger's avatar cdanger
Browse files

- Exported GenericAttributeProviderBasedAttributeDesignatorExpression to

authzforce-ce-core-pdp-api
- Changed authzforce-ce-core-pdp-api dependency version
parent a1a72413
......@@ -32,6 +32,7 @@ import org.ow2.authzforce.core.pdp.api.expression.ConstantExpression;
import org.ow2.authzforce.core.pdp.api.expression.Expression;
import org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory;
import org.ow2.authzforce.core.pdp.api.expression.FunctionExpression;
import org.ow2.authzforce.core.pdp.api.expression.GenericAttributeProviderBasedAttributeDesignatorExpression;
import org.ow2.authzforce.core.pdp.api.expression.VariableReference;
import org.ow2.authzforce.core.pdp.api.func.Function;
import org.ow2.authzforce.core.pdp.api.value.AttributeValue;
......@@ -532,7 +533,8 @@ public final class DepthLimitingExpressionFactory implements ExpressionFactory
if (expr instanceof ApplyType)
{
expression = ApplyExpressions.newInstance((ApplyType) expr, xPathCompiler, this, longestVarRefChain);
} else if (expr instanceof AttributeDesignatorType)
}
else if (expr instanceof AttributeDesignatorType)
{
if (this.attributeProvider == null)
{
......@@ -552,7 +554,8 @@ public final class DepthLimitingExpressionFactory implements ExpressionFactory
}
expression = new GenericAttributeProviderBasedAttributeDesignatorExpression<>(jaxbAttrDes, attrFactory.getDatatype().getBagDatatype(), attributeProvider);
} else if (expr instanceof AttributeSelectorType)
}
else if (expr instanceof AttributeSelectorType)
{
if (!allowAttributeSelectors)
{
......@@ -579,26 +582,31 @@ public final class DepthLimitingExpressionFactory implements ExpressionFactory
}
expression = AttributeSelectorExpressions.newInstance(jaxbAttrSelector, xPathCompiler, attributeProvider, attrFactory);
} else if (expr instanceof AttributeValueType)
}
else if (expr instanceof AttributeValueType)
{
expression = getInstance((AttributeValueType) expr, xPathCompiler);
} else if (expr instanceof FunctionType)
}
else if (expr instanceof FunctionType)
{
final FunctionType jaxbFunc = (FunctionType) expr;
final FunctionExpression funcExp = getFunction(jaxbFunc.getFunctionId());
if (funcExp != null)
{
expression = funcExp;
} else
}
else
{
throw new IllegalArgumentException("Function " + jaxbFunc.getFunctionId()
+ " is not supported (at least) as standalone Expression: either a generic higher-order function supported only as Apply FunctionId, or function completely unknown.");
}
} else if (expr instanceof VariableReferenceType)
}
else if (expr instanceof VariableReferenceType)
{
final VariableReferenceType varRefElt = (VariableReferenceType) expr;
expression = getVariable(varRefElt, longestVarRefChain);
} else
}
else
{
throw new IllegalArgumentException("Expressions of type " + expr.getClass().getSimpleName()
+ " are not supported. Expected: one of Apply, AttributeDesignator, AttributeSelector, AttributeValue, Function or VariableReference.");
......
/**
* Copyright 2012-2018 Thales Services SAS.
*
* This file is part of AuthzForce CE.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.ow2.authzforce.core.pdp.impl.expression;
import java.util.Optional;
import org.ow2.authzforce.core.pdp.api.AttributeFqn;
import org.ow2.authzforce.core.pdp.api.AttributeFqns;
import org.ow2.authzforce.core.pdp.api.AttributeProvider;
import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.expression.AttributeDesignatorExpression;
import org.ow2.authzforce.core.pdp.api.value.AttributeValue;
import org.ow2.authzforce.core.pdp.api.value.Bag;
import org.ow2.authzforce.core.pdp.api.value.BagDatatype;
import org.ow2.authzforce.core.pdp.api.value.Bags;
import org.ow2.authzforce.core.pdp.api.value.Datatype;
import org.ow2.authzforce.xacml.identifiers.XacmlStatusCode;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
/**
* AttributeDesignator evaluator initialized with and using an {@link AttributeProvider} to retrieve the attribute value not only from the request but also possibly from extra Attribute Provider
* modules (so-called XACML PIPs) (PDP extensions)
*
* @param <AV>
* AttributeDesignator evaluation result value's primitive datatype
*
* @version $Id: $
*/
public final class GenericAttributeProviderBasedAttributeDesignatorExpression<AV extends AttributeValue> implements AttributeDesignatorExpression<AV>
{
private static final IllegalArgumentException NULL_ATTRIBUTE_PROVIDER_EXCEPTION = new IllegalArgumentException("Undefined attribute Provider");
private final AttributeFqn attrGUID;
private final BagDatatype<AV> returnType;
private final boolean mustBePresent;
private final transient Bag.Validator mustBePresentEnforcer;
private final transient AttributeProvider attrProvider;
private final transient IndeterminateEvaluationException missingAttributeForUnknownReasonException;
private final transient IndeterminateEvaluationException missingAttributeBecauseNullContextException;
// lazy initialization
private transient volatile String toString = null;
private transient volatile int hashCode = 0;
/** {@inheritDoc} */
@Override
public Optional<Bag<AV>> getValue()
{
/*
* context-dependent, therefore not constant
*/
return Optional.empty();
}
/**
* Return an instance of an AttributeDesignator based on an AttributeDesignatorType
*
* @param attrDesignator
* the AttributeDesignatorType we want to convert
* @param resultDatatype
* expected datatype of the result of evaluating this AttributeDesignator ( {@code AV is the expected type of every element in the bag})
* @param attrProvider
* Attribute Provider responsible for finding the attribute designated by this in a given evaluation context at runtime
* @throws IllegalArgumentException
* if {@code attrDesignator.getCategory() == null || attrDesignator.getAttributeId() == null}
*/
public GenericAttributeProviderBasedAttributeDesignatorExpression(final AttributeDesignatorType attrDesignator, final BagDatatype<AV> resultDatatype, final AttributeProvider attrProvider)
{
if (attrProvider == null)
{
throw NULL_ATTRIBUTE_PROVIDER_EXCEPTION;
}
this.attrProvider = attrProvider;
this.attrGUID = AttributeFqns.newInstance(attrDesignator);
this.returnType = resultDatatype;
// error messages/exceptions
final String missingAttributeMessage = this + " not found in context";
this.mustBePresent = attrDesignator.isMustBePresent();
this.mustBePresentEnforcer = mustBePresent ? new Bags.NonEmptinessValidator(missingAttributeMessage) : Bags.DUMB_VALIDATOR;
this.missingAttributeForUnknownReasonException = new IndeterminateEvaluationException(missingAttributeMessage + " for unknown reason", XacmlStatusCode.MISSING_ATTRIBUTE.value());
this.missingAttributeBecauseNullContextException = new IndeterminateEvaluationException(
"Missing Attributes/Attribute for evaluation of AttributeDesignator '" + this.attrGUID + "' because request context undefined", XacmlStatusCode.MISSING_ATTRIBUTE.value());
}
@Override
public AttributeFqn getAttributeFQN()
{
return this.attrGUID;
}
@Override
public boolean isNonEmptyBagRequired()
{
return this.mustBePresent;
}
/**
* {@inheritDoc}
*
* Evaluates the pre-assigned meta-data against the given context, trying to find some matching values.
*/
@Override
public Bag<AV> evaluate(final EvaluationContext context) throws IndeterminateEvaluationException
{
if (context == null)
{
throw missingAttributeBecauseNullContextException;
}
final Bag<AV> bag = attrProvider.get(attrGUID, this.returnType.getElementType(), context);
if (bag == null)
{
throw this.missingAttributeForUnknownReasonException;
}
mustBePresentEnforcer.validate(bag);
/*
* if we got here, it means that the bag wasn't empty, or bag was empty AND mustBePresent was false (so validate() succeeded), so we just return the result
*/
return bag;
}
/** {@inheritDoc} */
@Override
public Datatype<Bag<AV>> getReturnType()
{
return this.returnType;
}
/*
* (non-Javadoc)
*
* @see java.lang.Object#toString()
*/
/** {@inheritDoc} */
@Override
public String toString()
{
if (toString == null)
{
toString = "AttributeDesignator [" + this.attrGUID + ", dataType= " + this.returnType.getElementType() + ", mustBePresent= "
+ (mustBePresentEnforcer == Bags.DUMB_VALIDATOR ? "false" : "true") + "]";
}
return toString;
}
/** {@inheritDoc} */
@Override
public int hashCode()
{
if (hashCode == 0)
{
hashCode = this.attrGUID.hashCode();
}
return hashCode;
}
/** Equal iff the Attribute Category/Issuer/Id are equal */
@Override
public boolean equals(final Object obj)
{
if (this == obj)
{
return true;
}
if (!(obj instanceof GenericAttributeProviderBasedAttributeDesignatorExpression))
{
return false;
}
final GenericAttributeProviderBasedAttributeDesignatorExpression<?> other = (GenericAttributeProviderBasedAttributeDesignatorExpression<?>) obj;
return this.attrGUID.equals(other.attrGUID);
}
}
......@@ -33,7 +33,7 @@
<dependency>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-core-pdp-api</artifactId>
<version>15.1.0</version>
<version>15.1.1-SNAPSHOT</version>
</dependency>
<!-- /AuthzForce dependencies -->
<!-- Test dependencies -->
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment