1. 09 Mar, 2022 4 commits
  2. 08 Mar, 2022 1 commit
    • cdanger's avatar
      - Upgraded authzforce-ce-core-pdp-api to v21.1.1 · 44bb7668
      cdanger authored
      - Fixed bug when having multiple XPath expressions (e.g. AttributeSelectors) with XPath variables in the same Policy (the list of declared variables on Saxon XPathCompiler is internally saved and not reinitialized after each call to `XPathCompiler#compile(String)` having side effects when reusing the same XPathCompiler instance).
      44bb7668
  3. 07 Mar, 2022 2 commits
    • cdanger's avatar
      - Added SPIF-to-XACML conversion stylesheets: · 629cb21d
      cdanger authored
        - `spif2xacml-for-xpath-1.0.xsl`: SPIF-to-XACML policy transformation XSLT using XPath 1.0, more verbose and less efficient than the XPath 2.0 version below.
        - `spif2xacml-for-xpath-2.0.xsl`: SPIF-to-XACML policy transformation XSLT using XPath 2.0 features (not available in 1.0), with the option to enable AuthzForce optimizations (XSLT parameter `authzforce_optimized`) for further enhancements.
      
      - Used generated policies from sample ACME SPIF with above stylesheets to custom pdp tests XPath2.0 and XacmlVariablesAsXPathVariables.
      629cb21d
    • cdanger's avatar
      - Upgraded authzforce-ce-core-pdp-api: 21.1.0 · 38e46180
      cdanger authored
      - Replaced occurrences of XPathCompiler class in method parameters with Optional<XPathCompilerProxy>, XPathCompilerProxy being a new immutable class wrapping XPathCompiler (for safer code and fixing Spotbugs issues) from authzforce-ce-core-pdp-api, and the use of Optional to indicate it is used only if XPath is enabled (by PDP configuration or Policy(Set)Defaults/XPathVersion in enclosing Policy(Set) )
      - Added feature: XPath variables in AttributeSelectors' and `xPathExpression` `AttributeValues`s' XPath expressions can now be defined by XACML VariableDefinitions (variable name used as XACML VariableId), which means XACML Variables can be used as XPath variables there. And unit tests for it based on STANAG 4774.1
      - Fixed Spotbugs issues
      - VariableReference interface: added getXPathVariableName(): QName
      - Added unit tests for XPath 2.0 expressions in AttributeSelectors
      38e46180
  4. 25 Feb, 2022 1 commit
  5. 18 Feb, 2022 1 commit
  6. 08 Feb, 2022 1 commit
  7. 07 Feb, 2022 12 commits
  8. 05 Feb, 2022 9 commits
  9. 02 Feb, 2022 4 commits
    • cdanger's avatar
    • cdanger's avatar
      After-merge commit · 35363afd
      cdanger authored
      35363afd
    • cdanger's avatar
      - Fixed #62: Refactor BasePdpEngine - Move the standardEnvironmentAttribute*... · 3ab1e7cd
      cdanger authored
      - Fixed #62: Refactor BasePdpEngine - Move the standardEnvironmentAttribute* code (providing current-time/dateTime/date attributes not present in the request) to dedicated AttributeProvider -> new PDP XSD and new built-in AttributeProvider: `StandardEnvironmentAttributeProvider` class
      - authzforce-ce-parent upgraded to 8.1.0
      - Authzfoce-ce-core-pdp-api upgraded to 19.0.0: applied API changes:
      ### Changed
      - AttributeProvider interface removed, existing NamedAttributeProvider used instead
      - `authzforce-ce-parent` version: 8.1.0
      - Improved support of Multiple Decision Profile in the `PdpEngine` interface and the following types of PDP extensions:  Combining Algorithm, Function, Attribute Provider, Policy Provider. The corresponding interfaces (`CombiningAlg`...) have changed: certain of their methods - called during request evaluation - now take a new `Optional<EvaluationContext>` parameter which is used to pass the MDP evaluation context (MDP = Multiple Decision Profile) which is an evaluation context shared across all the Individual Decision Requests within the same Multiple Decision Request whenever MDP is used in the input request to the PDP. This enables all PDP extensions to be aware / provide better support of the Multiple Decision Profile. This may be used in particular by an Attribute Provider providing the standard current-time/current-date/current-dateTime attributes which should have the same values for all Individual Decision Requests corresponding to the same Multiple Decision Request.
      - `DecisionRequest` and `EvaluationContext` interfaces changed:
        - New method `getCreationTimestamp()`: provides the date/time of the request/context creation. Used typically for the standard current-* attributes.
        - `putNamedAttributeValueIfAbsent(AttributeFqn, AttributeBag)` replaced with more generic `putNamedAttributeValue(AttributeFqn, AttributeBag, boolean override)`
      
      ### Added
      - Attribute Provider (`NamedAttributeProvider`) interface: added 2 new methods for better support of the Multiple Decision Profile (all implemented by default to do nothing):
      
          - `beginMultipleDecisionRequest(EvaluationContext mdpContext)`: for special processing in the context of the MDP request (before corresponding Individual Decision requests are evaluated)
          - `supportsBeginMultipleDecisionRequest()`: indicates whether the Attribute Provider implements `beginMultipleDecisionRequest()` method and therefore needs the PDP engine to call it when a new MDP request is evaluated
          - `beginIndividualDecisionRequest(EvaluationContext individualDecisionContext, Optional<EvaluationContext> mdpContext)`: for special processing in the context of an Individual Decision request, before it is evaluated against policies (before the `get(attribute)` method is ever called for the individual decision request).
          - `supportsBeginIndividualDecisionRequest()`: indicates whether the Attribute Provider implements `beginIndividualDecisionRequest()` method and therefore needs the PDP engine to call it when a new individual decision request is evaluated.
      
      - PdpBean#evaluate(...), PdpEngine#evaluate(...) and all *Evaluator#evaluate(...) method takes a new `Optional<EvaluationContext>` parameter to support the new MDP evaluation context when MDP (Multiple Decision profile) is used
      - Moved the OSS PDP benchmark (authzforce, at&t xacml and wso2 balana) to a separate maven module
      - Obsoleted .travis.yml replaced with GitHub Action
      - Replaced ModularAttributeProvider with new CloseableNamedAttributeProviderRegistry, EvaluationContextBased*NamedAttributeProvider classes
      - Updated all tests pdp.xml (PDP configs) to new XSD
      - Added Migration (from 17.x to 18.x) instructions with new `migration` folder containing migration XSLT stylesheets and new XSLT for migrating PDP config to XSD v8: pdp-xsd-v7.xsl
      - pdp-testutils module: upgraded jongo dependency to 1.5.0, mongo-java-driver to 3.12.10
      - New StandardResourceAttribute/StandardSubjectAttribute enums for standard resource/suject attributes with standard-fixed datatype
      - pdp-cli: Upgraded picocli to 4.6.2, testng to 7.5
      3ab1e7cd
    • cdanger's avatar
      - Fixed #62: Refactor BasePdpEngine - Move the standardEnvironmentAttribute*... · 508e918b
      cdanger authored
      - Fixed #62: Refactor BasePdpEngine - Move the standardEnvironmentAttribute* code (providing current-time/dateTime/date attributes not present in the request) to dedicated AttributeProvider -> new PDP XSD and new built-in AttributeProvider: `StandardEnvironmentAttributeProvider` class
      - authzforce-ce-parent upgraded to 8.1.0
      - Authzfoce-ce-core-pdp-api upgraded to 19.0.0: applied API changes:
      ### Changed
      - AttributeProvider interface removed, existing NamedAttributeProvider used instead
      - `authzforce-ce-parent` version: 8.1.0
      - Improved support of Multiple Decision Profile in the `PdpEngine` interface and the following types of PDP extensions:  Combining Algorithm, Function, Attribute Provider, Policy Provider. The corresponding interfaces (`CombiningAlg`...) have changed: certain of their methods - called during request evaluation - now take a new `Optional<EvaluationContext>` parameter which is used to pass the MDP evaluation context (MDP = Multiple Decision Profile) which is an evaluation context shared...
      508e918b
  10. 22 Oct, 2021 5 commits