Commit c684ff9a authored by cdanger's avatar cdanger

- Refactoring due to removing FunctionSet and CombiningAlgSet classes,

grouping standard combining alg identifiers in
StandardCombiningAlgRegistry, and function identifiers in
StandardFunctionRegistry
parent a0527011
......@@ -174,6 +174,17 @@ public final class BaseDecisionResult implements DecisionResult
this(DecisionType.INDETERMINATE, DecisionType.INDETERMINATE, status, null, null, usedNamedAttributes, usedExtraAttributeContents);
}
/**
* Instantiates a Indeterminate Decision result with a given error status and extended Indeterminate set to Indeterminate{DP}
*
* @param status
* reason/code for Indeterminate
*/
public BaseDecisionResult(final Status status)
{
this(DecisionType.INDETERMINATE, DecisionType.INDETERMINATE, status, null, null, null, null);
}
/**
* Instantiates a Permit/Deny decision with optional obligations and advice. See {@link #BaseDecisionResult(Status, DecisionType)} for Indeterminate, and {@link #NOT_APPLICABLE} for NotApplicable.
*
......
......@@ -35,7 +35,7 @@ import org.ow2.authzforce.core.pdp.api.func.Function;
import org.ow2.authzforce.core.pdp.api.func.FunctionCall;
import org.ow2.authzforce.core.pdp.api.value.AttributeValue;
import org.ow2.authzforce.core.pdp.api.value.BooleanValue;
import org.ow2.authzforce.core.pdp.impl.func.StandardHigherOrderBagFunctions;
import org.ow2.authzforce.core.pdp.impl.func.StandardFunctionRegistry;
/**
* XACML Match evaluator. This is the part of the Target that actually evaluates whether the specified attribute values in the Target match the corresponding attribute values in the request context.
......@@ -64,7 +64,7 @@ public class MatchEvaluator
* @throws java.lang.IllegalArgumentException
* invalid <code>jaxbMatch</code>
*/
public MatchEvaluator(Match jaxbMatch, XPathCompiler xPathCompiler, ExpressionFactory expFactory) throws IllegalArgumentException
public MatchEvaluator(final Match jaxbMatch, final XPathCompiler xPathCompiler, final ExpressionFactory expFactory) throws IllegalArgumentException
{
// get the matchFunction type, making sure that it's really a correct
// Target matchFunction
......@@ -86,24 +86,26 @@ public class MatchEvaluator
try
{
attrValueExpr = expFactory.getInstance(attributeValue, xPathCompiler);
} catch (IllegalArgumentException e)
}
catch (final IllegalArgumentException e)
{
throw new IllegalArgumentException("Invalid <Match>'s <AttributeValue>", e);
}
// Match(matchFunction, attributeValue, bagExpression) = anyOf(matchFunction,
// attributeValue, bagExpression)
final Function<BooleanValue> anyOfFunc = (Function<BooleanValue>) expFactory.getFunction(StandardHigherOrderBagFunctions.NAME_ANY_OF);
final Function<BooleanValue> anyOfFunc = (Function<BooleanValue>) expFactory.getFunction(StandardFunctionRegistry.StdFunction.ANY_OF.getId());
if (anyOfFunc == null)
{
throw new IllegalArgumentException("Unsupported function '" + StandardHigherOrderBagFunctions.NAME_ANY_OF + "' required for Match evaluation");
throw new IllegalArgumentException("Unsupported function '" + StandardFunctionRegistry.StdFunction.ANY_OF.getId() + "' required for Match evaluation");
}
final List<Expression<?>> anyOfFuncInputs = Arrays.<Expression<?>> asList(matchFunction, attrValueExpr, bagExpression);
try
{
this.anyOfFuncCall = anyOfFunc.newCall(anyOfFuncInputs);
} catch (IllegalArgumentException e)
}
catch (final IllegalArgumentException e)
{
throw new IllegalArgumentException("Invalid inputs (Expressions) to the Match (validated using the equivalent standard 'any-of' function definition): " + anyOfFuncInputs, e);
}
......@@ -118,13 +120,14 @@ public class MatchEvaluator
* @throws org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException
* error occurred evaluating the Match element in this evaluation {@code context}
*/
public boolean match(EvaluationContext context) throws IndeterminateEvaluationException
public boolean match(final EvaluationContext context) throws IndeterminateEvaluationException
{
final BooleanValue anyOfFuncCallResult;
try
{
anyOfFuncCallResult = anyOfFuncCall.evaluate(context);
} catch (IndeterminateEvaluationException e)
}
catch (final IndeterminateEvaluationException e)
{
throw new IndeterminateEvaluationException("Error evaluating Match (with equivalent 'any-of' function)", e.getStatusCode(), e);
}
......
......@@ -18,9 +18,7 @@
*/
package org.ow2.authzforce.core.pdp.impl.combining;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.DecisionType;
......@@ -38,7 +36,7 @@ import org.ow2.authzforce.core.pdp.impl.BaseDecisionResult;
*
* @version $Id: $
*/
public final class DenyOverridesAlg extends BaseCombiningAlg<Decidable>
final class DenyOverridesAlg extends BaseCombiningAlg<Decidable>
{
private static class Evaluator implements CombiningAlg.Evaluator
......@@ -155,26 +153,11 @@ public final class DenyOverridesAlg extends BaseCombiningAlg<Decidable>
}
}
private DenyOverridesAlg(final String algId)
DenyOverridesAlg(final String algId)
{
super(algId, Decidable.class);
}
/**
* Supported algorithms
*/
public static final CombiningAlgSet SET;
static
{
final Set<CombiningAlg<?>> algSet = new HashSet<>();
for (final String algId : SUPPORTED_IDENTIFIERS)
{
algSet.add(new DenyOverridesAlg(algId));
}
SET = new CombiningAlgSet(algSet);
}
/** {@inheritDoc} */
@Override
public CombiningAlg.Evaluator getInstance(final List<CombiningAlgParameter<? extends Decidable>> params, final List<? extends Decidable> combinedElements) throws UnsupportedOperationException,
......
......@@ -28,7 +28,6 @@ import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.combining.BaseCombiningAlg;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlg;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgParameter;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgSet;
import org.ow2.authzforce.core.pdp.impl.BaseDecisionResult;
/**
......@@ -36,29 +35,24 @@ import org.ow2.authzforce.core.pdp.impl.BaseDecisionResult;
*
* @version $Id: $
*/
public final class DenyUnlessPermitAlg extends BaseCombiningAlg<Decidable>
final class DenyUnlessPermitAlg extends BaseCombiningAlg<Decidable>
{
/**
* The standard URIs used to identify this algorithm; first one is for policy combinging, second one for rule combining.
*/
private static final String[] SUPPORTED_IDENTIFIERS = { "urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-unless-permit",
"urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-unless-permit" };
private static class Evaluator implements CombiningAlg.Evaluator
{
private final List<? extends Decidable> combinedElements;
private Evaluator(List<? extends Decidable> combinedElements)
private Evaluator(final List<? extends Decidable> combinedElements)
{
this.combinedElements = combinedElements;
}
@Override
public DecisionResult eval(EvaluationContext context)
public DecisionResult eval(final EvaluationContext context)
{
DecisionResult combinedDenyResult = null;
for (Decidable combinedElement : combinedElements)
for (final Decidable combinedElement : combinedElements)
{
// make sure that the policy matches the context
final DecisionResult policyResult = combinedElement.evaluate(context);
......@@ -89,20 +83,15 @@ public final class DenyUnlessPermitAlg extends BaseCombiningAlg<Decidable>
/** {@inheritDoc} */
@Override
public CombiningAlg.Evaluator getInstance(List<CombiningAlgParameter<? extends Decidable>> params, List<? extends Decidable> combinedElements) throws UnsupportedOperationException,
public CombiningAlg.Evaluator getInstance(final List<CombiningAlgParameter<? extends Decidable>> params, final List<? extends Decidable> combinedElements) throws UnsupportedOperationException,
IllegalArgumentException
{
return new Evaluator(combinedElements);
}
private DenyUnlessPermitAlg(String algId)
DenyUnlessPermitAlg(final String algId)
{
super(algId, Decidable.class);
}
/**
* Supported algorithms
*/
public static final CombiningAlgSet SET = new CombiningAlgSet(new DenyUnlessPermitAlg(SUPPORTED_IDENTIFIERS[0]), new DenyUnlessPermitAlg(SUPPORTED_IDENTIFIERS[1]));
}
......@@ -28,7 +28,6 @@ import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.combining.BaseCombiningAlg;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlg;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgParameter;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgSet;
import org.ow2.authzforce.core.pdp.impl.BaseDecisionResult;
/**
......@@ -36,26 +35,21 @@ import org.ow2.authzforce.core.pdp.impl.BaseDecisionResult;
*
* @version $Id: $
*/
public final class FirstApplicableAlg extends BaseCombiningAlg<Decidable>
final class FirstApplicableAlg extends BaseCombiningAlg<Decidable>
{
/**
* The standard URIs used to identify this algorithm
*/
private static final String[] SUPPORTED_IDENTIFIERS = { "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:first-applicable",
"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable" };
private static class Evaluator implements CombiningAlg.Evaluator
{
private final List<? extends Decidable> combinedElements;
private Evaluator(List<? extends Decidable> combinedElements)
private Evaluator(final List<? extends Decidable> combinedElements)
{
this.combinedElements = combinedElements;
}
@Override
public DecisionResult eval(EvaluationContext context)
public DecisionResult eval(final EvaluationContext context)
{
for (final Decidable combinedElement : combinedElements)
{
......@@ -80,20 +74,15 @@ public final class FirstApplicableAlg extends BaseCombiningAlg<Decidable>
/** {@inheritDoc} */
@Override
public CombiningAlg.Evaluator getInstance(List<CombiningAlgParameter<? extends Decidable>> params, List<? extends Decidable> combinedElements) throws UnsupportedOperationException,
public CombiningAlg.Evaluator getInstance(final List<CombiningAlgParameter<? extends Decidable>> params, final List<? extends Decidable> combinedElements) throws UnsupportedOperationException,
IllegalArgumentException
{
return new Evaluator(combinedElements);
}
private FirstApplicableAlg(String algId)
FirstApplicableAlg(final String algId)
{
super(algId, Decidable.class);
}
/**
* Supported algorithms
*/
public static final CombiningAlgSet SET = new CombiningAlgSet(new FirstApplicableAlg(SUPPORTED_IDENTIFIERS[0]), new FirstApplicableAlg(SUPPORTED_IDENTIFIERS[1]));
}
......@@ -18,15 +18,12 @@
*/
package org.ow2.authzforce.core.pdp.impl.combining;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.ow2.authzforce.core.pdp.api.Decidable;
import org.ow2.authzforce.core.pdp.api.combining.BaseCombiningAlg;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlg;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgParameter;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgSet;
/**
* This is the standard Deny-Overrides and Ordered-Deny-Overrides combining algorithm. It allows a single evaluation of Deny to take precedence over any number of permit, not applicable or
......@@ -34,35 +31,13 @@ import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgSet;
*
* @version $Id: $
*/
public final class LegacyDenyOverridesAlg extends BaseCombiningAlg<Decidable>
final class LegacyDenyOverridesAlg extends BaseCombiningAlg<Decidable>
{
private static final String LEGACY_ALG_WARNING = "%s is a legacy combining algorithm defined in XACML versions earlier than 3.0. This implementation does not support such legacy algorithms. Use the new XACML 3.0 versions of these combining algorithms instead.";
/**
* The standard URIs used to identify this algorithm
*/
private static final String[] SUPPORTED_IDENTIFIERS = { "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides",
"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides", "urn:oasis:names:tc:xacml:1.1:policy-combining-algorithm:ordered-deny-overrides",
"urn:oasis:names:tc:xacml:1.1:rule-combining-algorithm:ordered-deny-overrides" };
/**
* Supported algorithms
*/
public static final CombiningAlgSet SET;
static
{
final Set<CombiningAlg<?>> algSet = new HashSet<>();
for (final String algId : SUPPORTED_IDENTIFIERS)
{
algSet.add(new LegacyDenyOverridesAlg(algId));
}
SET = new CombiningAlgSet(algSet);
}
private final UnsupportedOperationException unsupportedLegacyAlgorithmException;
private LegacyDenyOverridesAlg(String algId)
LegacyDenyOverridesAlg(final String algId)
{
super(algId, Decidable.class);
this.unsupportedLegacyAlgorithmException = new UnsupportedOperationException(String.format(LEGACY_ALG_WARNING, this));
......@@ -70,7 +45,7 @@ public final class LegacyDenyOverridesAlg extends BaseCombiningAlg<Decidable>
/** {@inheritDoc} */
@Override
public CombiningAlg.Evaluator getInstance(List<CombiningAlgParameter<? extends Decidable>> params, List<? extends Decidable> combinedElements)
public CombiningAlg.Evaluator getInstance(final List<CombiningAlgParameter<? extends Decidable>> params, final List<? extends Decidable> combinedElements)
{
throw this.unsupportedLegacyAlgorithmException;
/*
......
......@@ -18,15 +18,11 @@
*/
package org.ow2.authzforce.core.pdp.impl.combining;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.ow2.authzforce.core.pdp.api.Decidable;
import org.ow2.authzforce.core.pdp.api.combining.BaseCombiningAlg;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlg;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgParameter;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgSet;
/**
* This implements the standard Permit-Overrides and Ordered-Permit-Overrides policy/rule combining algorithm. It allows a single evaluation of Permit to take precedence over any number of deny, not
......@@ -34,35 +30,13 @@ import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgSet;
*
* @version $Id: $
*/
public final class LegacyPermitOverridesAlg extends BaseCombiningAlg<Decidable>
final class LegacyPermitOverridesAlg extends BaseCombiningAlg<Decidable>
{
private static final String LEGACY_ALG_WARNING = "%s is a legacy combining algorithm defined in XACML versions earlier than 3.0. This implementation does not support such legacy algorithms. Use the new XACML 3.0 versions of these combining algorithms instead.";
/**
* The standard URIs used to identify this algorithm
*/
private static final String[] SUPPORTED_IDENTIFIERS = { "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides",
"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides", "urn:oasis:names:tc:xacml:1.1:policy-combining-algorithm:ordered-permit-overrides",
"urn:oasis:names:tc:xacml:1.1:rule-combining-algorithm:ordered-permit-overrides" };
/**
* Supported algorithms
*/
public static final CombiningAlgSet SET;
static
{
final Set<CombiningAlg<?>> algSet = new HashSet<>();
for (final String algId : SUPPORTED_IDENTIFIERS)
{
algSet.add(new LegacyPermitOverridesAlg(algId));
}
SET = new CombiningAlgSet(algSet);
}
private final UnsupportedOperationException unsupportedLegacyAlgorithmException;
private LegacyPermitOverridesAlg(String algId)
LegacyPermitOverridesAlg(final String algId)
{
super(algId, Decidable.class);
this.unsupportedLegacyAlgorithmException = new UnsupportedOperationException(String.format(LEGACY_ALG_WARNING, this));
......@@ -70,7 +44,7 @@ public final class LegacyPermitOverridesAlg extends BaseCombiningAlg<Decidable>
/** {@inheritDoc} */
@Override
public Evaluator getInstance(List<CombiningAlgParameter<? extends Decidable>> parameters, List<? extends Decidable> combinedElements)
public Evaluator getInstance(final List<CombiningAlgParameter<? extends Decidable>> parameters, final List<? extends Decidable> combinedElements)
{
throw this.unsupportedLegacyAlgorithmException;
/*
......
......@@ -37,29 +37,26 @@ import org.slf4j.LoggerFactory;
*
* @version $Id: $
*/
public class OnlyOneApplicableAlg extends BaseCombiningAlg<PolicyEvaluator>
final class OnlyOneApplicableAlg extends BaseCombiningAlg<PolicyEvaluator>
{
/**
* The standard URI used to identify this algorithm
*/
public static final String ID = "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:only-one-applicable";
private static class Evaluator implements CombiningAlg.Evaluator
{
private static final Logger LOGGER = LoggerFactory.getLogger(Evaluator.class);
private static final BaseDecisionResult TOO_MANY_APPLICABLE_POLICIES_INDETERMINATE_RESULT = new BaseDecisionResult(new StatusHelper(StatusHelper.STATUS_PROCESSING_ERROR,
"Too many (more than one) applicable policies for algorithm: " + ID));
private final BaseDecisionResult tooManyApplicablePoliciesIndeterminateResult;
private final List<? extends PolicyEvaluator> policyElements;
private Evaluator(List<? extends PolicyEvaluator> policyElements)
private Evaluator(final String algId, final List<? extends PolicyEvaluator> policyElements)
{
this.policyElements = policyElements;
this.tooManyApplicablePoliciesIndeterminateResult = new BaseDecisionResult(new StatusHelper(StatusHelper.STATUS_PROCESSING_ERROR,
"Too many (more than one) applicable policies for algorithm: " + algId));
}
@Override
public DecisionResult eval(EvaluationContext context)
public DecisionResult eval(final EvaluationContext context)
{
// atLeastOne == true iff selectedPolicy != null
PolicyEvaluator selectedPolicy = null;
......@@ -71,7 +68,7 @@ public class OnlyOneApplicableAlg extends BaseCombiningAlg<PolicyEvaluator>
try
{
isApplicable = policy.isApplicable(context);
} catch (IndeterminateEvaluationException e)
} catch (final IndeterminateEvaluationException e)
{
LOGGER.info("Error checking whether {} is applicable", policy, e);
return new BaseDecisionResult(e.getStatus());
......@@ -82,7 +79,7 @@ public class OnlyOneApplicableAlg extends BaseCombiningAlg<PolicyEvaluator>
// if one selected (found applicable) already
if (selectedPolicy != null)
{
return TOO_MANY_APPLICABLE_POLICIES_INDETERMINATE_RESULT;
return tooManyApplicablePoliciesIndeterminateResult;
}
// if this was the first applicable policy in the set, then
......@@ -105,17 +102,17 @@ public class OnlyOneApplicableAlg extends BaseCombiningAlg<PolicyEvaluator>
/** {@inheritDoc} */
@Override
public Evaluator getInstance(List<CombiningAlgParameter<? extends PolicyEvaluator>> params, List<? extends PolicyEvaluator> combinedElements)
public Evaluator getInstance(final List<CombiningAlgParameter<? extends PolicyEvaluator>> params, final List<? extends PolicyEvaluator> combinedElements)
{
return new Evaluator(combinedElements);
return new Evaluator(this.getId(), combinedElements);
}
/**
* Standard constructor.
*/
public OnlyOneApplicableAlg()
OnlyOneApplicableAlg(final String algId)
{
super(ID, PolicyEvaluator.class);
super(algId, PolicyEvaluator.class);
}
}
......@@ -18,9 +18,7 @@
*/
package org.ow2.authzforce.core.pdp.impl.combining;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.DecisionType;
......@@ -30,7 +28,6 @@ import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.combining.BaseCombiningAlg;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlg;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgParameter;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgSet;
import org.ow2.authzforce.core.pdp.impl.BaseDecisionResult;
/**
......@@ -40,28 +37,21 @@ import org.ow2.authzforce.core.pdp.impl.BaseDecisionResult;
*
* @version $Id: $
*/
public final class PermitOverridesAlg extends BaseCombiningAlg<Decidable>
final class PermitOverridesAlg extends BaseCombiningAlg<Decidable>
{
/**
* The standard URN used to identify this algorithm
*/
private static final String[] SUPPORTED_IDENTIFIERS = { "urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:permit-overrides",
"urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides", "urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:ordered-permit-overrides",
"urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:ordered-permit-overrides" };
private static class Evaluator implements CombiningAlg.Evaluator
{
private final List<? extends Decidable> combinedElements;
private Evaluator(List<? extends Decidable> combinedElements)
private Evaluator(final List<? extends Decidable> combinedElements)
{
this.combinedElements = combinedElements;
}
@Override
public DecisionResult eval(EvaluationContext context)
public DecisionResult eval(final EvaluationContext context)
{
/*
* Replaces atLeastOneErrorDP from XACML spec. atLeastOneErrorDP == true <=> firstIndeterminateDPResult != null
......@@ -169,28 +159,13 @@ public final class PermitOverridesAlg extends BaseCombiningAlg<Decidable>
/** {@inheritDoc} */
@Override
public Evaluator getInstance(List<CombiningAlgParameter<? extends Decidable>> params, List<? extends Decidable> combinedElements)
public Evaluator getInstance(final List<CombiningAlgParameter<? extends Decidable>> params, final List<? extends Decidable> combinedElements)
{
return new Evaluator(combinedElements);
}
private PermitOverridesAlg(String algId)
PermitOverridesAlg(final String algId)
{
super(algId, Decidable.class);
}
/**
* Supported algorithms
*/
public static final CombiningAlgSet SET;
static
{
final Set<CombiningAlg<?>> algSet = new HashSet<>();
for (final String algId : SUPPORTED_IDENTIFIERS)
{
algSet.add(new PermitOverridesAlg(algId));
}
SET = new CombiningAlgSet(algSet);
}
}
......@@ -18,9 +18,7 @@
*/
package org.ow2.authzforce.core.pdp.impl.combining;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.DecisionType;
......@@ -30,7 +28,6 @@ import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.combining.BaseCombiningAlg;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlg;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgParameter;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgSet;
import org.ow2.authzforce.core.pdp.impl.BaseDecisionResult;
/**
......@@ -39,31 +36,25 @@ import org.ow2.authzforce.core.pdp.impl.BaseDecisionResult;
*
* @version $Id: $
*/
public final class PermitUnlessDenyAlg extends BaseCombiningAlg<Decidable>
final class PermitUnlessDenyAlg extends BaseCombiningAlg<Decidable>
{
/**
* The standard URN used to identify this algorithm
*/
private static final String[] SUPPORTED_IDENTIFIERS = { "urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:permit-unless-deny",
"urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-unless-deny" };
private static class Evaluator implements CombiningAlg.Evaluator
{
private final List<? extends Decidable> combinedElements;
private Evaluator(List<? extends Decidable> combinedElements)
private Evaluator(final List<? extends Decidable> combinedElements)
{
this.combinedElements = combinedElements;
}
@Override
public DecisionResult eval(EvaluationContext context)
public DecisionResult eval(final EvaluationContext context)
{
DecisionResult combinedPermitResult = null;
for (Decidable combinedElement : combinedElements)
for (final Decidable combinedElement : combinedElements)
{
final DecisionResult result = combinedElement.evaluate(context);
final DecisionType decision = result.getDecision();
......@@ -86,36 +77,21 @@ public final class PermitUnlessDenyAlg extends BaseCombiningAlg<Decidable>
}
}
return combinedPermitResult == null ? BaseDecisionResult.PERMIT : combinedPermitResult;
return combinedPermitResult == null ? BaseDecisionResult.SIMPLE_PERMIT : combinedPermitResult;
}
}
/** {@inheritDoc} */
@Override
public Evaluator getInstance(List<CombiningAlgParameter<? extends Decidable>> params, List<? extends Decidable> combinedElements)
public Evaluator getInstance(final List<CombiningAlgParameter<? extends Decidable>> params, final List<? extends Decidable> combinedElements)
{
return new Evaluator(combinedElements);
}
private PermitUnlessDenyAlg(String algId)
PermitUnlessDenyAlg(final String algId)
{
super(algId, Decidable.class);
}
/**
* Supported algorithms
*/
public static final CombiningAlgSet SET;
static
{
final Set<CombiningAlg<?>> algSet = new HashSet<>();
for (final String algId : SUPPORTED_IDENTIFIERS)
{
algSet.add(new PermitUnlessDenyAlg(algId));
}
SET = new CombiningAlgSet(algSet);
}
}
......@@ -45,14 +45,8 @@ import org.ow2.authzforce.core.pdp.api.value.StandardDatatypes;
*
* @version $Id: $
*/
public final class LogicalAndFunction extends SingleParameterTypedFirstOrderFunction<BooleanValue, BooleanValue>
final class LogicalAndFunction extends SingleParameterTypedFirstOrderFunction<BooleanValue, BooleanValue>
{
/**
* XACML standard identifier for the "and" logical function
*/
public static final String NAME_AND = XACML_NS_1_0 + "and";
private static final String INVALID_ARG_TYPE_MESSAGE_PREFIX = "Function " + NAME_AND + ": Invalid type (expected = " + StandardDatatypes.BOOLEAN_FACTORY.getDatatype() + ") of arg#";
private static final String INDETERMINATE_ARG_MESSAGE_PREFIX = "Function " + NAME_AND + ": Indeterminate arg #";
private static final class CallFactory
{
......@@ -70,16 +64,21 @@ public final class LogicalAndFunction extends SingleParameterTypedFirstOrderFunc
*/
private static final class Call extends FirstOrderFunctionCall<BooleanValue>
{
private final String invalidArgTypeMsgPrefix;
private final String indeterminateArgMsgPrefix;
private final List<Expression<?>> checkedArgExpressions;
private Call(FirstOrderFunctionSignature<BooleanValue> functionSig, List<Expression<?>> argExpressions, Datatype<?>[] remainingArgTypes) throws IllegalArgumentException
private Call(final FirstOrderFunctionSignature<BooleanValue> functionSig, final List<Expression<?>> argExpressions, final Datatype<?>[] remainingArgTypes) throws IllegalArgumentException
{
super(functionSig, argExpressions, remainingArgTypes);
this.checkedArgExpressions = argExpressions;
invalidArgTypeMsgPrefix = "Function " + functionSig.getName() + ": Invalid type (expected = " + StandardDatatypes.BOOLEAN_FACTORY.getDatatype() + ") of arg#";
indeterminateArgMsgPrefix = "Function " + functionSig.getName() + ": Indeterminate arg #";
}
@Override
public BooleanValue evaluate(EvaluationContext context, AttributeValue... remainingArgs) throws IndeterminateEvaluationException
public BooleanValue evaluate(final EvaluationContext context, final AttributeValue... remainingArgs) throws IndeterminateEvaluationException