GitLab

- Fixed HTML doc formatting in pdp.xsd and improved content.

- Upgraded authzforce-ce-core-pdp-api version to 16.1.0 adding
PolicyProvider#getCandidateRootPolicy() interface
- Changed PDP config XSD
	- Simplified versioning (version="7.1" and remove minor version from
namespace)
	- 'rootPolicyRef' no longer mandatory. If not specified,
PolicyProvider#getCandidateRootPolicy() on the 'policyProvider' is used
to specify the root policy
- Added CoreStaticPolicyProvider#getCandidateRootPolicy() to implement
PolicyProvider#getCandidateRootPolicy()

	- Changed PolicyProvider API. See CHANGELOG on core-pdp-api repository.
- Fixed #38 (GitHub)
	- Removed CoreRootPolicyProvider
	- Replaced CoreRefBasedRootPolicyProvider with CoreStaticPolicyProvider

- upgraded authzforce-ce-core-pdp-api to 15.3.0
- Added dependency on java.xmail v1.6.0 as mail-api implementation for
XACML RFC822Name validation
- Upgraded dependency authzforce-ce-xacml-json-model to 2.1.0
- New feature: policyLocations in native Policy Providers'
configurations support (not only PARENT_DIR property but also) system
properties and environment variables (enclosed between '${...}')
- Changed copyright company name to Thales
- Added unit test for DefaulEnvironmentProperties#replacePlaceholders()

- Change dep authzforce-ce-core-pdp-api: 15.0.0->15.1.0
- upgraded dep authzforce-ce-xacml-json-model: 1.1.0->2.0.0
- Fixed #13:
  - Changed dep mongo-java-driver in testutils module: 2.14.12 -> 3.5.0
  - Idem for jongo: 1.3. -> 1.4.0
- XML StaticRefPolicyProvider type / CoreRefPolicyProvider class:
  - added support for recursive directory searching for policies, e.g.
pattern .../*/*.xml for searching on two directory levels
  - added option to ignore old versions (keep only the latest) when
multiple versions of same policy ID available (ignoreOldVersions=true in
xml config pdp.xsd)
- Simplified for code for detecting duplicate enclosed policy ID/version

- Upgraded authzforce-ce-core-pdp-api dependency: 12.1.0 -> 13.0.0
- Implementation of feature requested in Github issue 10 (with unit
tests): creation of (XACML) AttributeValues from standard Java types

- Upgraded dependencies: core-pdp-api: 11.0.0 ->12.0.0
- Changed PDP XSD: 5.0.0 -> 6.0.0
	- Attribute badRequestStatusDetailLevel ->
clientRequestErrorVerbosityLevel
	- Attribute requestFilter/resultFilter attributes -> element
ioProcChain* (InOutProcChain: pair of request/response processors)
	- Added maxIntegerValue attribute to help the PDP engine optimize
processing of integer values (choice between Java integer
implementations, i.e. BigInteger, Long, Integer)
- Changed naming convention for class names with acronym(s) (only first
letter should be uppercase), e.g. PolicyPOJO -> PolicyPojo	
- Added module pdp-cli for PDP command-line interface, produces an
executable jar allowing to test PDP engine on the command line
- Added module pdp-io-xacml-json for PDP extensions processing
(request/result pre/postprocessors) formats defined by JSON Profile of
XACML 3.0, with OASIS XACML 3.0 conformance tests auto-converted (from
XML) to JSON; therefore also provides XSLT sheets for transforming
XACML/XML requests/responses to XACML/JSON
- Adapted BasePdpEngine to new PdpEngine interface, i.e. agnostic of
serialization format, e.g. XACML/XML specific part moved to separate
PdpEngineInoutAdapter implementation
- XACML/JAXB RequestFilters become RequestPreprocessors:
	- DefaultRequestFilter -> SingleDecisionXacmlJaxbRequestPreprocessor
	- MultiDecisionRequestFilter ->
MultiDecisionXacmlJaxbRequestPreprocessor
- PdpEngineAdapters utility class to help instantiate
XACML/JAXB-supporting PDP engines
- Added PdpEngineConfiguration utility class to simplify instantiation
of BasePdpEngine from pdp.xml
- Renamed PdpExtensionLoader -> PdpExtensions
- Renamed CoreRefBasedRootPolicyProviderModule ->
CoreRefBasedRootPolicyProvider
- Renamed CoreRefPolicyProviderModule -> CoreRefPolicyProvider
- Renamed CoreRootPolicyProviderModule -> CoreRootPolicyProvider
- Renamed MongoDBRefPolicyProviderModule -> MongoDbRefPolicyProvider
- StaticApplicablePolicyView -> FlattenedPolicyTree
- ImmutableDatatypeFactoryRegistry ->
ImmutableAttributeValueFactoryRegistry
- StandardDatatypeFactoryRegistry -> StandardAttributeValueFactories
- PDP extensions

order to make test utilities a reusable maven artifact, that can be
reused to test extensions and also in server/webapp tests:
	- pdp-engine
	- pdp-testutils
	

- Fixed issue #22 (OW2) with non-regression test
- New feature to set Standard Current Time Environment Attribute
(PDP_ONLY, REQUEST_ELSE_PDP, REQUEST_ONLY) with unit tests
- New features: strictAttributeIssuerMatch=false supported when
retrieving attributes from provider modules (if attribute has Issuer,
Issuer-less copy added to context)
- New way of handling ReturnPolicyIdList (return applicable policies)
with new definition of applicable policies (not returning NotApplicable
and enclosing policy is applicable, if any)
-> changes to response in tests IIIG301,302
- Removed TestApplyMarshalling because we consider no longer the
responsibility of the PDP to be able to marshall XACML instances, but
the caller; in particular classes ApplyExpression,
AttributeDesignatorExpression, AttributeSelectorExpression,
AttributeAssigmnentExpressionEvaluator no longer extending JAXB classes
to simplify and improve code memory usage
- New  utility class StandardCombiningAlgorithms for registry of
standard combining algorithms
- New  utility class StandardEnvironmentAttributes for registry of
standard environment attributes
- - New  utility class StandardFunctions for registry of standard
functions
- Fixed issues with autoboxing/unboxing
- Use of Guava Preconditions.checkNotNull() and ImmutableList
- Use of koloboke HashMap/HashSet
- Removed MutableDecisionResult

PDP_ONLY) feature support to select where current date/time come from
- Renamed BaseDecisionResult into MutableDecisionResult

Changed anonymous type to named type for StandardCurrentTimeProvider in PDP XSD to generate enum class

- changed pdpStdTimeEnvOverrides into stdEnvTimeProvider with more (3)
options: REQUEST_ELSE_PDP, REQUEST_ONLY, PDP_ONLY

- pdp.xsd:
	- Removed functionSet element (no longer supported)
	- Added attribute 'pdpStdTimeOverrides' boolean for enabling/disabling
PDP issued standard env current date/time override of matching request
attributes
	

FirstOrderBags.getFunctions(DatatypeFactory<AV>) and fixed license
header)
- Changed request filter IDs:
	- urn:ow2:authzforce:xacml:request-filter:default-lax ->
urn:ow2:authzforce:feature:pdp:request-filter:default-lax
	- urn:ow2:authzforce:xacml:request-filter:default-strict ->
urn:ow2:authzforce:feature:pdp:request-filter:default-strict
    - urn:ow2:authzforce:xacml:request-filter:multiple:repeated-attribute-categories-strict
->
urn:ow2:authzforce:feature:pdp:request-filter:multiple:repeated-attribute-categories-strict
    - urn:ow2:authzforce:xacml:request-filter:multiple:repeated-attribute-categories-lax
->
urn:ow2:authzforce:feature:pdp:request-filter:multiple:repeated-attribute-categories-lax
- Fixed doc in pdp.xsd on PDP extensions

MaxPolicyRefDepth
- Javadoc fix: removed @author from all source files

made optional
- Refactoring on PolicyEvaluator classes: new PolicyEvaluators factory
class for creating policy evaluators with better-optimized support for
statically defined policies (or policy references)
- Renamed extension ID prefix from 'urn:thalesgroup:' to
'urn:ow2:authzforce' (for open source extensions), e.g. for
request/result filters, functions, etc.

"urn:thalesgroup:xacml:request-filter:default-lax" and possible values
for requestFilter extensions natively supported:
 * "urn:thalesgroup:xacml:request-filter:default-lax": implements only
XACML 3.0 Core (NO support for Multiple Decision) and allows duplicate
<Attribute> with same meta-data in the same <Attributes> element of a
Request (complying with XACML 3.0 core spec, §7.3.3)
 * "urn:thalesgroup:xacml:request-filter:default-strict": implements
only XACML 3.0 Core (NO support for Multiple Decision) and does not
allow duplicate <Attribute> with same meta-data in the same <Attributes>
element of a Request (NOT complying with XACML 3.0 core spec, §7.3.3,
but better performances)
 *  "urn:oasis:names:tc:xacml:3.0:profile:multiple:repeated-attribute-categories-lax":
implements Multiple Decision Profile, section 2.3 (repeated attribute
categories), and allows duplicate <Attribute> with same meta-data in the
same <Attributes> element of a Request (complying with XACML 3.0 core
spec, §7.3.3)
 * "urn:oasis:names:tc:xacml:3.0:profile:multiple:repeated-attribute-categories-strict":
same as previous one, except it does not allow duplicate <Attribute>
with same meta-data in the same <Attributes> element of a Request (NOT
complying with XACML 3.0 core spec, §7.3.3, but better performances)

therefore PDP extension implementers) to a separate project
authzforce-ce-core-pdp-api
- Lower findbugs alert threshold and fixed new findbugs issues
- Removed inheritance of JAXB classes for most *Evaluator classes to
simplify the code
- Property placeholder replacement optimized, no longer done on the
whole PDP conf document, but only when needed by policy provider
extensions (e.g. to replace PARENT_DIR)
- New XML-namespace-aware XML parser to support namespace-aware XPath
evaluation of XACML Request/Policies
- new CoreRefBasedPolicyProviderModule (root policy defined as a
reference to a previously declared RefPolicyProviderModule and policy
IdRef to be resolved by the latter)
- PDP conf schema versioning (3.6):
http://authzforce.github.io/core/xmlns/pdp/3.6
 and depends on new pdp extension schema version:
http://authzforce.github.io/xmlns/pdp/ext/3
 - Fixed issue with control of max policy ref depth

tests upgraded to conform to the XACML 3.0 standard. Most of them have
been submitted to the OASIS XACML Committee in April 2014 by AT&T.
The original files are available on the xacml-comment mailing list: 
https://lists.oasis-open.org/archives/xacml-comment/201404/msg00001.html
and on AT&T's Github repository (MIT License): 
https://github.com/att/XACML/wiki/XACML-TEST-Project-Information
except IIA010, IIA012, IIA024, IID029, IID030 and III.C (test 1 is the
only one support in this latter category)
- Added feature with unit test: Policy Reference depth control and
circular reference detection
- Added feature with unit test: Variable Reference depth control and
circular reference detection
- Added option to enable/disable XPath support (xpathExpression
datatype, AttributeSelector and xpath functions)
- Added support of xpathExpressions in Request with support of
namespace-prefix mappings extracted from XML document
(...xmlns:prefix="uri"...) where the xpathExpression is defined, i.e.
XACML Request or Policy(Set), in native policy finders
- Added support of xpath-node-count function (optional XACML feature)
- Added support of optional XACML features: RequestDefaults/XPathVersion
for evaluation of xpathExpressions in Request, and ReturnPolicyIdList to
return identifiers of policies found applicable for the Request
- New modes of request parsing/filtering for enforce best practices and
tweak performances of Request processing:
1) strictAttributeIssuerMatch: parsing so that AttributeDesignator
without Issuer only match request Attributes without Issuer (better
performance if all Attributes have an Issuer which is recommended, but
not fully XACML (§5.29) compliant)
2) allowAttributeDuplicates: allow defining multi-valued attributes by
repeating the same XACML Attribute (same AttributeId) within a XACML
Attributes element (same Category). Indeed, not allowing this is not
fully compliant with the XACML spec according to a discussion on the
xacml-dev mailing list (see {@linkplain
"https://lists.oasis-open.org/archives/xacml-dev/201507/msg00001.html"}),
referring to the XACML 3.0  core spec, §7.3.3, that indicates that
multiple occurrences of the same <Attribute> with same meta-data
but different values should be considered equivalent to a single
<Attribute> element with same meta-data and merged values
(multi-valued Attribute). Moreover, the XACML 3.0 conformance test
'IIIA024' expects this behavior: the multiple subject-id Attributes are
expected to result in a multi-value bag during evaluation of the
<AttributeDesignator>. Setting this parameter to {@code false} is
not fully compliant, but provides better performance, especially if you
know the Requests to be well-formed, i.e. all AttributeValues of a given
Attribute are grouped together in the same <Attribute> element.
Combined with strictAttributeIssuerMatch == true, this is the most
efficient alternative (although not fully compliant).
- Fixed non-compliance of Request Content parsing for XPath eval (use
the single child element of Content node as XML input doc to XPath eval,
NOT the Content node itself) -> removed useless need of JAXBContext and
creating JAXBSource for parsing into XDMnode -> perf improved
- Fixed AttributeSelector evaluation for XPath to XML attribute value
(return the attribute value as a string instead of an Attribute
node/entry "attributeName=attributeValue"
- Fixed VariableReferenceDepth control (reference chain was not updated
properly)
- Fixed PolicySetIdReference Depth control (reference chain was not
updated properly)
- Use of new immutable version of xacml-model where all XACML/JAXB
objects are immutable -> significant changes in way to create these
objects during evaluation, esp. Obligations and Advices
- Fix ordering of obligations/advices when merging a given Policy(Set)'s
obligations/advices with the child elements' (Policy/Rule) ones
- Fixed static pre-eval on <Apply> with xpathExpression (should not
pre-eval statically, i.e. out of context, since xpathExpression value
depends on context
- Replaced RELEASE-NOTES.md with CHANGELOG.md to adopt conventions from
keepachangelog.com
- Improved unit tests: ability to plug the TestAttributeProviderModule
configured with a file XXXAttributeProvider.xml to the PDP for specific
tests, also to plug referenced Policies for the RefPolicyFinder of the
PDP with 'refPolicies' directory containing Policy(Set)files; and
ability to test for Policy or Request syntax error checking only (no
Request evaluation by PDP)
- Improved test class TestUtils to create a PDP instance with XPath
support disabled/enabled and specific request filter ID on the PDP
- Improved TestAttributeProviderModule supports any static configuration
of Attributes (with contant values); same format as in XACML Requests
- Removed license header of Apache2 (replaced with GPL)
- Removed NOTICE.txt obsolete ("Apache AuthZForce" does not exist)
- Conformance tests split in 'mandatory' and 'optional' folder to
distinguish XACML mandatory feature from optional feature testing
- Change logback dependency scope from 'compile' to 'test' as we need it
only for tests, not for compiling -> simplifies dependencies
- Replaced dependency spring-xml (obsolete) with spring-core because we
only use org.springframework.util.* -> simplifies dependencies 
- Fix header plugin that was missing path to header license, and
'format' goals
- Refactor - extracted PDP interface and moved default implementation to
PDPImpl class, to hide internals from potential PDP API client and
improve genericity
- Refactor - extracted RequestFilter interface from abstract class and
moved abstract class code to BaseRequestFilter class to hide internals
from potential RequestFilter API client and improve genericity; and to
merge common code between DefaultRequestFilter and
MultiDecisionRequestFilter
- Refactor - extracted IndividualDecisionRequest interface from abstract
class and moved abstract class code to MutableIndividualDecisionRequest
and ImmutableIndividualDecisionRequest classes, to hide internals from
potential RequestFilter API client and improve genericity
- Made BasePdpExtensionRegistry mutable to allow adding extensions after
creating instance from an exiting one
- DecisionResult renamed to more explicit name PolicyDecisionResult
- Moved old README content to another project (rest-service) since does
not apply anymore, and replaced with proper content.

AttributeFinder, PolicyFinder, etc. and also in schema files
- Restructured and improved/fixed unit tests
- Added unit tests for circular and undefined
PolicyIdReference/PolicySetIdReference/VariableReference
- Added HTML description for conformance tests
- Removed TestMatchAlg, replaced with official conformance test on
Target matching -> group II.B.

- Use maven property for git repo (inherited from parent pom)
- Fixed buggy configuration of maven-jaxb2-plugin after upgrading to
latest version of the plugin
- Removed no longer used AuditLogs.xsd

- Upgraded test config.xml with new new PDP schema
- Upgrading to SNAPSHOT versions in POM
- Switching logging framework to log4j
- Updated license headers because we changed year to 2015
- Updated XML catalog to make it work with SchemaHandler to load PDP
config

(not DOM) -> PdpConfigurationManager
- Fixed NPE in permit-unless-deny/deny-unless-permit algs
- Fixed deny-unless-permit/deny-unless-permit algs to combine
obligations/advice from combined elements (not only the one that
returned permit for denyUnlessPermit, or deny for permitUnlessDeny, but
also others)
- Removed commented classes/dead code/code not used anymore
- Added framework for handling PDP extension: IPdpExtension interface
and use it as interface for all PDP extensions starting with
AttributeFinderModule, PolicyFinderModule with corresponding XML type
(module/extension configuration model) as type parameter;
PdpExtensionFactory, PdpModelHandler, SchemaHandler
- Changed parent project version to last SNAPSHOT
- Add gpl license for src/main/java/com/thalesgroup/authzforce/core
- Updated Thales Apache license
- Added PdpBean to use PDP as JNDI resource
- moved license files out of src/ folder to distinguish from source code
- Removed thales author names from comment (control version system, e.g.
git, is more reliable)
- Added PdpModelHandler to handle PDP configuration model with support
of dynamic extension loading (attribute finders, policy finders, etc.)
- Added PdpConfigurationManager does the job of ConfigurationStore but
using JAXB and new PDP Configuration XML schema instead of DOM, meant to
replace ConfigurationStore completely
- Replaced use of custom com.sun.xacml.CacheManager with Ehcache cache
API
- Migrated code to java7 style