Commit d571aba1 authored by cdanger's avatar cdanger
Browse files

Merge branch 'release/19.0.0'

parents 0b4a1432 2befa126
......@@ -6,6 +6,23 @@ All notable changes to this project are documented in this file following the [K
- Issues reported on [OW2's GitLab](https://gitlab.ow2.org/authzforce/core/issues) are referenced in the form of `[GL-N]`, where N is the issue number.
## 19.0.0
### Changed
- Parent project `authzforce-ce-parent` upgraded to 8.2.0: upgraded following dependencies:
- SLF4j to 1.7.32
- Spring core to 5.3.14
- Saxon-HE to 10.6
- Guava to 31.0
- org.json:json to 20211205
- Upgraded dependency `authzforce-ce-core-pdp-api` to 20.0.0
- Request Preprocessor extension interface changed: `DecisionRequestPreprocessor.Factory#getInstance(...)` method arg `xmlProcessor` removed.
- PDP configuration XSD (`pdp.xsd`): `pdp/@version` attribute changed from required to optional with default value equal to xsd version
- PDP-schema-derived (JAXB-annotated) classes changed: using XJC plugin `immutable-xjc-plugin` instead of `jaxb2-value-constructor`
- Removed `BasePdpdEngine` class constructor arg: `xacmlExpressionFactory`
- Removed `RootPolicyEvaluators.Base` class constructor arg: `xacmlExpressionFactory`
- Removed `PdpEngineConfiguration#getXacmlExpressionFactory()` method.
## 18.0.0
### Changed
- **Changed the PDP configuration XML schema (XSD): refer to [MIGRATION.md](MIGRATION.md) for migrating your PDP configurations (e.g. `pdp.xml`) to the new schema**:
......
......@@ -3,7 +3,7 @@
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-core</artifactId>
<version>18.0.0</version>
<version>19.0.0</version>
<relativePath>../pom.xml</relativePath>
</parent>
<artifactId>authzforce-ce-core-pdp-cli</artifactId>
......@@ -30,12 +30,12 @@
<dependency>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-core-pdp-engine</artifactId>
<version>18.0.0</version>
<version>19.0.0</version>
</dependency>
<dependency>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-core-pdp-io-xacml-json</artifactId>
<version>18.0.0</version>
<version>19.0.0</version>
</dependency>
<dependency>
<groupId>org.testng</groupId>
......@@ -49,7 +49,7 @@
<dependency>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-core-pdp-testutils</artifactId>
<version>18.0.0</version>
<version>19.0.0</version>
<scope>test</scope>
</dependency>
</dependencies>
......
......@@ -23,7 +23,6 @@ import org.json.JSONObject;
import org.json.JSONTokener;
import org.ow2.authzforce.core.pdp.api.DecisionRequestPreprocessor;
import org.ow2.authzforce.core.pdp.api.DecisionResultPostprocessor;
import org.ow2.authzforce.core.pdp.api.XmlUtils;
import org.ow2.authzforce.core.pdp.api.XmlUtils.XmlnsFilteringParser;
import org.ow2.authzforce.core.pdp.api.io.PdpEngineInoutAdapter;
import org.ow2.authzforce.core.pdp.api.io.XacmlJaxbParsingUtils;
......@@ -104,7 +103,7 @@ public final class PdpCommandLineCallable implements Callable<Void>
final DecisionResultPostprocessor<IndividualXacmlJsonRequest, JSONObject> defaultResultPostproc = new BaseXacmlJsonResultPostprocessor(
configuration.getClientRequestErrorVerbosityLevel());
final DecisionRequestPreprocessor<JSONObject, IndividualXacmlJsonRequest> defaultReqPreproc = SingleDecisionXacmlJsonRequestPreprocessor.LaxVariantFactory.INSTANCE.getInstance(
configuration.getAttributeValueFactoryRegistry(), configuration.isStrictAttributeIssuerMatchEnabled(), configuration.isXPathEnabled(), XmlUtils.SAXON_PROCESSOR,
configuration.getAttributeValueFactoryRegistry(), configuration.isStrictAttributeIssuerMatchEnabled(), configuration.isXPathEnabled(),
defaultResultPostproc.getFeatures());
final PdpEngineInoutAdapter<JSONObject, JSONObject> jsonPdpEngineAdapter = PdpEngineAdapters.newInoutAdapter(JSONObject.class, JSONObject.class, configuration, defaultReqPreproc,
......@@ -141,7 +140,9 @@ public final class PdpCommandLineCallable implements Callable<Void>
*/
public static void main(final String[] args)
{
CommandLine.call(new PdpCommandLineCallable(), System.out, args);
final CommandLine cli = new CommandLine(new PdpCommandLineCallable());
final int exitCode = cli.execute(args);
System.exit(exitCode);
}
}
This diff is collapsed.
......@@ -16,7 +16,7 @@
<!--
<Class name="org.ow2.authzforce.core.pdp.impl.SchemaHandler$OASISCatalogManager" />
-->
<Bug pattern="UPM_UNCALLED_PRIVATE_METHOD" />
<!--<Bug pattern="UPM_UNCALLED_PRIVATE_METHOD" />-->
</Match>
<Match>
<!-- Spotbugs issue with nested classes -->
......@@ -24,7 +24,7 @@
</Match>
<Match>
<!-- Spotbugs issue: https://github.com/spotbugs/spotbugs/issues/756 -->
<Bug pattern="RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE" />
<!--<Bug pattern="RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE" />-->
</Match>
<Match>
<!--
......@@ -32,4 +32,12 @@
-->
<Bug pattern="URLCONNECTION_SSRF_FD" />
</Match>
<Match>
<Class name="org.ow2.authzforce.core.xmlns.pdp.Pdp" />
<Bug pattern="EI_EXPOSE_REP2" />
</Match>
<Match>
<Class name="org.ow2.authzforce.core.xmlns.pdp.Pdp" />
<Bug pattern="EI_EXPOSE_REP" />
</Match>
</FindBugsFilter>
\ No newline at end of file
......@@ -164,6 +164,6 @@ public final class AllOfEvaluator
// No False but at least one Indeterminate (lastIndeterminate != null)
throw new IndeterminateEvaluationException("Error evaluating <AllOf>'s <Match>#" + lastIndeterminateChildIndex,
lastIndeterminate.getStatusCode(), lastIndeterminate);
lastIndeterminate);
}
}
......@@ -177,7 +177,7 @@ public final class AnyOfEvaluator
// No Match and at least one Indeterminate (lastIndeterminate != null)
// -> Indeterminate
throw new IndeterminateEvaluationException("Error evaluating <AnyOf>'s <AllOf>#" + lastIndeterminateChildIndex,
lastIndeterminate.getStatusCode(), lastIndeterminate);
lastIndeterminate);
}
}
......@@ -20,7 +20,6 @@ package org.ow2.authzforce.core.pdp.impl;
import net.sf.saxon.s9api.XdmNode;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.DecisionType;
import org.ow2.authzforce.core.pdp.api.*;
import org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory;
import org.ow2.authzforce.core.pdp.api.policy.CloseablePolicyProvider;
import org.ow2.authzforce.core.pdp.api.policy.PolicyVersionPatterns;
import org.ow2.authzforce.core.pdp.api.policy.PrimaryPolicyMetadata;
......@@ -431,8 +430,6 @@ public final class BasePdpEngine implements CloseablePdpEngine
/**
* Constructs a new PDP engine with the given configuration information.
*
* @param xacmlExpressionFactory
* XACML Expression parser/factory - mandatory
* @param attributeProviders
* Attribute Providers - mandatory
* @param policyProvider
......@@ -455,13 +452,12 @@ public final class BasePdpEngine implements CloseablePdpEngine
* @throws java.io.IOException
* error closing the root policy Provider when static resolution is to be used
*/
public BasePdpEngine(final ExpressionFactory xacmlExpressionFactory, final CloseablePolicyProvider<?> policyProvider, final Optional<TopLevelPolicyElementType> rootPolicyElementType,
public BasePdpEngine(final CloseablePolicyProvider<?> policyProvider, final Optional<TopLevelPolicyElementType> rootPolicyElementType,
final String rootPolicyId, final Optional<PolicyVersionPatterns> rootPolicyVersionPatterns, final boolean strictAttributeIssuerMatch,
final Optional<CloseableNamedAttributeProviderRegistry> attributeProviders,
final Optional<DecisionCache> decisionCache) throws IllegalArgumentException, IOException
{
final RootPolicyEvaluators.Base candidateRootPolicyEvaluator = new RootPolicyEvaluators.Base(policyProvider, rootPolicyElementType, rootPolicyId, rootPolicyVersionPatterns,
xacmlExpressionFactory);
final RootPolicyEvaluators.Base candidateRootPolicyEvaluator = new RootPolicyEvaluators.Base(policyProvider, rootPolicyElementType, rootPolicyId, rootPolicyVersionPatterns);
// Use static resolution if possible
final RootPolicyEvaluator staticRootPolicyEvaluator;
try
......@@ -497,7 +493,7 @@ public final class BasePdpEngine implements CloseablePdpEngine
*/
public BasePdpEngine(final PdpEngineConfiguration configuration) throws IllegalArgumentException, IOException
{
this(configuration.getXacmlExpressionFactory(), configuration.getPolicyProvider(), configuration.getRootPolicyElementType(), configuration.getRootPolicyId(),
this(configuration.getPolicyProvider(), configuration.getRootPolicyElementType(), configuration.getRootPolicyId(),
configuration.getRootPolicyVersionPatterns(), configuration.isStrictAttributeIssuerMatchEnabled(), configuration.getAttributeProviders(), configuration.getDecisionCache());
}
......
......@@ -20,6 +20,7 @@ package org.ow2.authzforce.core.pdp.impl;
import com.google.common.base.Preconditions;
import com.google.common.collect.*;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
import org.checkerframework.checker.nullness.qual.Nullable;
import org.ow2.authzforce.core.pdp.api.*;
import org.ow2.authzforce.core.pdp.api.value.*;
import org.ow2.authzforce.xacml.identifiers.XacmlStatusCode;
......@@ -67,7 +68,7 @@ public final class CloseableNamedAttributeProviderRegistry implements Closeable
*/
private static final class EvaluationContextOnlyScopedMultiNamedAttributeProvider extends EvaluationContextBasedMultiNamedAttributeProvider
{
private static final DelegateSupplier DELEGATE_SUPPLIER = new DelegateSupplier()
private static final DelegateSupplier NO_OP_DELEGATE_SUPPLIER = new DelegateSupplier()
{
@Override
public <AV extends AttributeValue> DelegateAttributeProvider<AV> get(final AttributeFqn attributeFqn, final Datatype<AV> datatype)
......@@ -84,7 +85,7 @@ public final class CloseableNamedAttributeProviderRegistry implements Closeable
*/
private EvaluationContextOnlyScopedMultiNamedAttributeProvider(final ImmutableSet<AttributeDesignatorType> providedAttributes, final boolean strictAttributeIssuerMatch)
{
super(providedAttributes, strictAttributeIssuerMatch, DELEGATE_SUPPLIER);
super(providedAttributes, strictAttributeIssuerMatch, NO_OP_DELEGATE_SUPPLIER);
}
}
......@@ -98,15 +99,19 @@ public final class CloseableNamedAttributeProviderRegistry implements Closeable
- a subset of entries from providersByAttributeName "matching" requiredProvidedAttributes (all providers not providing any of requiredProvidedAttributes should be filtered out as a result)
- EvaluationContext-only-based (extracting from the request context only) attribute provider as default provider if there is no match for a given providedAttribute, as all requiredProvidedAttributes are... required (must be provided somehow).
*/
final ListMultimap<AttributeFqn, NamedAttributeProvider> mutableMatchingProvidersByAttrName = MultimapBuilder.hashKeys(requiredProvidedAttributes.size()).arrayListValues(1).build();
final MultimapBuilder.MultimapBuilderWithKeys<@Nullable Object> multimapBuilder = MultimapBuilder.hashKeys(requiredProvidedAttributes.size());
//assert multimapBuilder != null;
final MultimapBuilder.ListMultimapBuilder<@Nullable Object, @Nullable Object> listMultimapBuilder = multimapBuilder.arrayListValues(1);
//assert listMultimapBuilder != null;
final ListMultimap<AttributeFqn, NamedAttributeProvider> mutableMatchingProvidersByAttrName = listMultimapBuilder.build();
for (final AttributeDesignatorType providedAttDes : requiredProvidedAttributes)
{
final AttributeFqn providedAttName = AttributeFqns.newInstance(providedAttDes);
final List<NamedAttributeProvider> matchingProviders = providersByAttributeName.get(providedAttName);
/*
* Empty matchingProviders means it should be provided by the request context (in the initial request from PEP)
* Empty matchingProviders list returned if no provider of providedAttName, in which case it means it should be provided by the request context (in the initial request from PEP)
*/
if (matchingProviders == null || matchingProviders.isEmpty())
if (matchingProviders.isEmpty())
{
mutableMatchingProvidersByAttrName.put(providedAttName, new EvaluationContextOnlyScopedMultiNamedAttributeProvider(ImmutableSet.of(providedAttDes), strictAttributeIssuerMatch));
} else {
......@@ -125,7 +130,7 @@ public final class CloseableNamedAttributeProviderRegistry implements Closeable
/*
* A non-null empty list is expected if no mappings
*/
assert subProviders != null;
//assert subProviders != null;
if (subProviders.isEmpty())
{
LOGGER.debug("No value found for required attribute {}, type={} in evaluation context and not supported by any Attribute Provider module", attributeFqn, datatype);
......
......@@ -28,6 +28,7 @@ import org.ow2.authzforce.core.pdp.api.value.AttributeBag;
import org.ow2.authzforce.core.pdp.api.value.AttributeValue;
import org.ow2.authzforce.core.pdp.api.value.Datatype;
import javax.annotation.concurrent.Immutable;
import java.util.Optional;
import java.util.Set;
......@@ -39,12 +40,16 @@ import java.util.Set;
*/
public class EvaluationContextBasedMultiNamedAttributeProvider extends EvaluationContextBasedNamedAttributeProvider implements NamedAttributeProvider
{
/**
* All implementations of this interface must be immutable
*/
@FunctionalInterface
protected interface DelegateSupplier {
@Immutable
interface DelegateSupplier {
<AV extends AttributeValue> DelegateAttributeProvider<AV> get(final AttributeFqn attributeFqn, final Datatype<AV> datatype) throws IndeterminateEvaluationException;
}
private final Set<AttributeDesignatorType> providedAttributes;
private final ImmutableSet<AttributeDesignatorType> providedAttributes;
private final DelegateSupplier delegateSupplier;
/**
......
......@@ -40,7 +40,7 @@ public class EvaluationContextBasedSingleNamedAttributeProvider<AV extends Attri
private final AttributeFqn attName;
private final Datatype<AV> attType;
private final DelegateAttributeProvider<AV> delegate;
private final AttributeDesignatorType jaxbAttDes;
private final ImmutableAttributeDesignator jaxbAttDes;
/**
* Creates new instance for given provided attribute and delegate attribute provider to be called if not found in evaluation context
......@@ -55,7 +55,7 @@ public class EvaluationContextBasedSingleNamedAttributeProvider<AV extends Attri
Preconditions.checkArgument(attributeName != null && attributeDatatype != null && delegate != null, "Invalid arguments");
this.attName = attributeName;
this.attType = attributeDatatype;
this.jaxbAttDes = new AttributeDesignatorType(attName.getCategory(), attName.getId(), attributeDatatype.getId(), attName.getIssuer().orElse(null), false);
this.jaxbAttDes = new ImmutableAttributeDesignator(attName, attributeDatatype, false);
this.delegate = delegate;
}
......
/*
* Copyright 2012-2022 THALES.
*
* This file is part of AuthzForce CE.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.ow2.authzforce.core.pdp.impl;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
import org.ow2.authzforce.core.pdp.api.AttributeFqn;
import org.ow2.authzforce.core.pdp.api.value.Datatype;
import javax.annotation.concurrent.Immutable;
/**
* Immutable version of {@link AttributeDesignatorType}
*/
@Immutable
public final class ImmutableAttributeDesignator extends AttributeDesignatorType
{
private static final long serialVersionUID = 1L;
/**
* Similar to {@link AttributeDesignatorType#AttributeDesignatorType(String, String, String, String, boolean)}
* @param attributeName attribute FQN (Category, AttributeId, Issuer)
* @param datatype attribute datatype
* @param mustBePresent MustBePresent
*/
public ImmutableAttributeDesignator(final AttributeFqn attributeName, final Datatype<?> datatype, final boolean mustBePresent)
{
super(attributeName.getCategory(), attributeName.getId(), datatype.getId(), attributeName.getIssuer().orElse(null), mustBePresent);
}
}
......@@ -17,6 +17,7 @@
*/
package org.ow2.authzforce.core.pdp.impl;
import com.google.common.collect.ImmutableMap;
import net.sf.saxon.s9api.XdmNode;
import org.ow2.authzforce.core.pdp.api.*;
import org.ow2.authzforce.core.pdp.api.expression.AttributeSelectorExpression;
......@@ -26,7 +27,6 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.time.Instant;
import java.util.Collections;
import java.util.Map;
import java.util.Optional;
......@@ -50,7 +50,7 @@ public final class IndividualDecisionRequestContext extends BaseEvaluationContex
* Content in Request or no feature requiring XPath evaluation against Content is supported/enabled.
*/
// Not null
private final Map<String, XdmNode> extraContentsByAttributeCategory;
private final ImmutableMap<String, XdmNode> extraContentsByAttributeCategory;
/*
* AttributeSelector evaluation results. Not null
......@@ -68,12 +68,12 @@ public final class IndividualDecisionRequestContext extends BaseEvaluationContex
* @param returnApplicablePolicyIdList
* true iff list of IDs of policies matched during evaluation must be returned
*/
public IndividualDecisionRequestContext(final Map<AttributeFqn, AttributeBag<?>> namedAttributeMap, final Map<String, XdmNode> extraContentsByCategory, final boolean returnApplicablePolicyIdList, Optional<Instant> requestTimestamp)
public IndividualDecisionRequestContext(final Map<AttributeFqn, AttributeBag<?>> namedAttributeMap, final ImmutableMap<String, XdmNode> extraContentsByCategory, final boolean returnApplicablePolicyIdList, Optional<Instant> requestTimestamp)
{
super(namedAttributeMap, returnApplicablePolicyIdList, requestTimestamp);
if (extraContentsByCategory == null)
{
this.extraContentsByAttributeCategory = Collections.emptyMap();
this.extraContentsByAttributeCategory = ImmutableMap.of();
this.attributeSelectorResults = UpdatableCollections.emptyMap();
} else
{
......
......@@ -148,7 +148,7 @@ public final class MatchEvaluator
}
catch (final IndeterminateEvaluationException e)
{
throw new IndeterminateEvaluationException("Error evaluating Match (with equivalent 'any-of' function)", e.getStatusCode(), e);
throw new IndeterminateEvaluationException("Error evaluating Match (with equivalent 'any-of' function)", e);
}
return anyOfFuncCallResult.getUnderlyingValue();
......
......@@ -277,15 +277,13 @@ public final class PdpEngineConfiguration
private final boolean enableXPath;
private final AttributeValueFactoryRegistry attValFactoryRegistry;
private final boolean strictAttributeIssuerMatch;
private final Optional<CloseableNamedAttributeProviderRegistry> attProviders;
private final ExpressionFactory xacmlExpressionFactory;
/*
* Policy Provider combining all policyProviders declared in PDP configuration
*/
private CloseablePolicyProvider<?> combinedPolicyProvider = null;
private final CloseablePolicyProvider<?> combinedPolicyProvider;
private final String rootPolicyId;
......@@ -293,11 +291,9 @@ public final class PdpEngineConfiguration
private final Optional<PolicyVersionPatterns> rootPolicyVersionPatterns;
private final boolean strictAttributeIssuerMatch;
private final Optional<DecisionCache> decisionCache;
private final Map<Class<?>, Entry<DecisionRequestPreprocessor<?, ?>, DecisionResultPostprocessor<?, ?>>> ioProcChainsByInputType;
private final ImmutableMap<Class<?>, Entry<DecisionRequestPreprocessor<?, ?>, DecisionResultPostprocessor<?, ?>>> ioProcChainsByInputType;
private final int clientReqErrVerbosityLevel;
......@@ -493,7 +489,7 @@ public final class PdpEngineConfiguration
* XACML Expression factory/parser
*/
attProviders = attProviderFactories.isEmpty()? Optional.empty(): Optional.of(new CloseableNamedAttributeProviderRegistry(attProviderFactories, attValFactoryRegistry, strictAttributeIssuerMatch));
xacmlExpressionFactory = new DepthLimitingExpressionFactory(attValFactoryRegistry, functionRegistry, maxVarRefDepth, enableXPath, strictAttributeIssuerMatch, attProviders);
final ExpressionFactory xacmlExprFactory = new DepthLimitingExpressionFactory(attValFactoryRegistry, functionRegistry, maxVarRefDepth, enableXPath, strictAttributeIssuerMatch, attProviders);
/*
* Policy providers
......@@ -504,29 +500,32 @@ public final class PdpEngineConfiguration
throw NO_POLICYPROVIDER_ARGUMENT_EXCEPTION;
}
CloseablePolicyProvider<?> mutableCombinedPolicyProvider = null;
for (final AbstractPolicyProvider policyProviderJaxbConf : policyProviderJaxbConfs)
{
final CloseablePolicyProvider<?> newPolicyProvider = newPolicyProvider(policyProviderJaxbConf, xacmlParserFactory, maxPolicySetRefDepth, xacmlExpressionFactory, combiningAlgRegistry,
envProps, Optional.ofNullable(combinedPolicyProvider));
final CloseablePolicyProvider<?> newPolicyProvider = newPolicyProvider(policyProviderJaxbConf, xacmlParserFactory, maxPolicySetRefDepth, xacmlExprFactory, combiningAlgRegistry,
envProps, Optional.ofNullable(mutableCombinedPolicyProvider));
/*
* Update combinedPolicyProvider with new policy provider
*/
if (combinedPolicyProvider == null)
if (mutableCombinedPolicyProvider == null)
{
combinedPolicyProvider = newPolicyProvider;
mutableCombinedPolicyProvider = newPolicyProvider;
}
else if (combinedPolicyProvider instanceof CloseableStaticPolicyProvider && newPolicyProvider instanceof CloseableStaticPolicyProvider)
else if (mutableCombinedPolicyProvider instanceof CloseableStaticPolicyProvider && newPolicyProvider instanceof CloseableStaticPolicyProvider)
{
combinedPolicyProvider = new CompositeCloseableStaticPolicyProvider(
Arrays.asList((CloseableStaticPolicyProvider) combinedPolicyProvider, (CloseableStaticPolicyProvider) newPolicyProvider), maxPolicySetRefDepth);
mutableCombinedPolicyProvider = new CompositeCloseableStaticPolicyProvider(
Arrays.asList((CloseableStaticPolicyProvider) mutableCombinedPolicyProvider, (CloseableStaticPolicyProvider) newPolicyProvider), maxPolicySetRefDepth);
}
else
{
combinedPolicyProvider = new CompositeCloseablePolicyProvider<>(Arrays.asList(combinedPolicyProvider, newPolicyProvider), maxPolicySetRefDepth);
mutableCombinedPolicyProvider = new CompositeCloseablePolicyProvider<>(Arrays.asList(mutableCombinedPolicyProvider, newPolicyProvider), maxPolicySetRefDepth);
}
}
combinedPolicyProvider = mutableCombinedPolicyProvider;
final TopLevelPolicyElementRef rootPolicyRef = pdpJaxbConf.getRootPolicyRef();
/*
* If rootPolicyRef is undefined, we expect the Policy Provider to provide one and only once static policy, the one to be used as root policy.
......@@ -576,7 +575,7 @@ public final class PdpEngineConfiguration
if (inoutProcChains.isEmpty())
{
this.ioProcChainsByInputType = Collections.emptyMap();
this.ioProcChainsByInputType = ImmutableMap.of();
}
else
{
......@@ -608,7 +607,7 @@ public final class PdpEngineConfiguration
final DecisionRequestPreprocessor.Factory<?, ?> requestPreprocFactory = PdpExtensions.getExtension(DecisionRequestPreprocessor.Factory.class, reqPreprocId);
final DecisionRequestPreprocessor<?, ?> decisionRequestPreproc = requestPreprocFactory.getInstance(attValFactoryRegistry, strictAttributeIssuerMatch, enableXPath,
XmlUtils.SAXON_PROCESSOR, decisionResultPostproc == null ? Collections.emptySet() : decisionResultPostproc.getFeatures());
decisionResultPostproc == null ? Collections.emptySet() : decisionResultPostproc.getFeatures());
if (decisionResultPostproc != null && decisionRequestPreproc.getOutputRequestType() != decisionResultPostproc.getRequestType())
{
throw new IllegalArgumentException(
......@@ -911,16 +910,6 @@ public final class PdpEngineConfiguration
return attProviders;
}
/**
* Returns the XACML Expression parser/factory
*
* @return the XACML expression factory
*/
public ExpressionFactory getXacmlExpressionFactory()
{
return xacmlExpressionFactory;
}
/**
* Returns the Policy Provider in charge of providing the root policy where the PDP starts evaluation, and any other referenced policy
*
......
......@@ -140,7 +140,7 @@ public final class PepActionExpression
}
catch (final IndeterminateEvaluationException e)
{
throw new IndeterminateEvaluationException(this + ": Error evaluating " + attrAssignmentExpr, e.getStatusCode(), e);
throw new IndeterminateEvaluationException(this + ": Error evaluating " + attrAssignmentExpr, e);
}
assignments.addAll(attrAssignsFromExpr);
......
......@@ -18,6 +18,7 @@
package org.ow2.authzforce.core.pdp.impl;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableSet;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
import org.ow2.authzforce.core.pdp.api.*;
import org.ow2.authzforce.core.pdp.api.value.*;
......@@ -51,7 +52,7 @@ public final class StandardEnvironmentAttributeProvider extends BaseNamedAttribu
private static final Logger LOGGER = LoggerFactory.getLogger(StandardEnvironmentAttributeProvider.class);
private static final ZoneId UTC_ZONE_ID = ZoneId.of("UTC");
private static final IndeterminateEvaluationException UNEXPECTED_CALL_TO_GET_ATTRIBUTE_EXCEPTION = new IndeterminateEvaluationException("Method StandardEnvironmentAttributeProvider#get(AttributeFqn, Datatype, EvaluationContext, Optional) should not be called in override=true mode because attributes already provided in EvaluationContext when calling method beginIndividualDecisionRequest(EvaluationContext, Optional). (Possibly this method was not called as expected.)", XacmlStatusCode.PROCESSING_ERROR.value());
private static final Set<AttributeDesignatorType> SUPPORTED_ATT_DESIGNATORS;
private static final ImmutableSet<AttributeDesignatorType> SUPPORTED_ATT_DESIGNATORS;
static
{
......@@ -61,7 +62,7 @@ public final class StandardEnvironmentAttributeProvider extends BaseNamedAttribu
mutableSet.add(new AttributeDesignatorType(att.getFQN().getCategory(), att.getFQN().getId(), att.getDatatype().getId(), att.getFQN().getIssuer().orElse(null), false));
}
SUPPORTED_ATT_DESIGNATORS = Set.copyOf(mutableSet);
SUPPORTED_ATT_DESIGNATORS = ImmutableSet.copyOf(mutableSet);
}
private static void overrideEvalCtxFromTimestamp(final EvaluationContext evalCtx)
......
......@@ -167,7 +167,7 @@ public final class TargetEvaluators
// null)
throw new IndeterminateEvaluationException(
"Error evaluating <Target>/<AnyOf>#" + lastIndeterminateChildIndex,
lastIndeterminate.getStatusCode(), lastIndeterminate);
lastIndeterminate);
}
}
......
......@@ -18,6 +18,7 @@
package org.ow2.authzforce.core.pdp.impl;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableSet;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
import org.ow2.authzforce.core.pdp.api.*;
import org.ow2.authzforce.core.pdp.api.value.*;
......@@ -33,7 +34,7 @@ import java.util.Set;
*/
public final class XacmlVariableBasedAttributeProvider extends BaseNamedAttributeProvider
{
private final Set<AttributeDesignatorType> supportedAttDesignators;
private final ImmutableSet<AttributeDesignatorType> supportedAttDesignators;
private final String supportedAttCategory;
private final UnsupportedOperationException invalidAttCatEx;
private final AttributeSource attSrc;
......@@ -49,7 +50,7 @@ public final class XacmlVariableBasedAttributeProvider extends BaseNamedAttribut
assert attributeCategory != null && !attributeCategory.isEmpty();
supportedAttCategory = attributeCategory;
invalidAttCatEx = new UnsupportedOperationException("Unsupported attribute category: " + supportedAttCategory);
supportedAttDesignators = Set.of(new AttributeDesignatorType(attributeCategory, null, null, null, false));
supportedAttDesignators = ImmutableSet.of(new AttributeDesignatorType(attributeCategory, null, null, null, false));
attSrc = AttributeSources.newCustomSource(this.getInstanceID());
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment