Commit 0bdaefe2 authored by cdanger's avatar cdanger

Fixed issue OW2-25 for higher-order functions (add non-regression tests

for it)
parent 395cf987
# Change log # Change log
All notable changes to this project are documented in this file following the [Keep a CHANGELOG](http://keepachangelog.com) conventions. All notable changes to this project are documented in this file following the [Keep a CHANGELOG](http://keepachangelog.com) conventions.
Issues reported on [GitHub](https://github.com/authzforce/core/issues) are referenced in the form of `[GH-N]`, where N is the issue number. Issues reported on [OW2](https://jira.ow2.org/browse/AUTHZFORCE/) are mentioned in the form of `[OW2-N]`, where N is the issue number.
## Unreleased
### Fixed
- [OW2-25] (Reopened) NullPointerException when parsing Apply expressions using invalid/unsupported Function ID. This is the final fix addressing higher-order functions. (Initial fix only addressed first-order ones.)
- Artifact `authzforce-ce-core` with `tests` classifier: missing classes.
## 7.0.0 ## 7.0.0
### Changed ### Changed
...@@ -40,7 +48,7 @@ All notable changes to this project are documented in this file following the [K ...@@ -40,7 +48,7 @@ All notable changes to this project are documented in this file following the [K
### Changed ### Changed
- Maven parent project version: 3.4.0 -> 4.0.0: - Maven parent project version: 3.4.0 -> 4.0.0:
- **Java version: 1.7 -> 1.8** (fixes GitHub issue #4) - [GH-4] **Java version: 1.7 -> 1.8**
- Guava dependency version: 18.0 -> 20.0 - Guava dependency version: 18.0 -> 20.0
- Saxon-HE dependency version: 9.6.0-5 -> 9.7.0-11 - Saxon-HE dependency version: 9.6.0-5 -> 9.7.0-11
- com.sun.mail:javax.mail v1.5.4 changed to com.sun.mail:mailapi v1.5.6 - com.sun.mail:javax.mail v1.5.4 changed to com.sun.mail:mailapi v1.5.6
...@@ -51,10 +59,10 @@ All notable changes to this project are documented in this file following the [K ...@@ -51,10 +59,10 @@ All notable changes to this project are documented in this file following the [K
- Dependency on Koloboke, replaced by extension mechanism mentioned in *Added* section that would allow to switch from the default HashMap/HashSet implementation to Koloboke-based. - Dependency on Koloboke, replaced by extension mechanism mentioned in *Added* section that would allow to switch from the default HashMap/HashSet implementation to Koloboke-based.
### Fixed ### Fixed
- OW2 #AUTHZFORCE-23: enforcement of RuleId/PolicyId/PolicySetId uniqueness: - [OW2-23] Enforcement of RuleId/PolicyId/PolicySetId uniqueness:
- PolicyId (resp. PolicySetId) should be unique across all policies loaded by PDP so that PolicyIdReferences (resp. PolicySetIdReferences) in Responses' PolicyIdentifierList are absolute references to applicable policies (no ambiguity). - PolicyId (resp. PolicySetId) should be unique across all policies loaded by PDP so that PolicyIdReferences (resp. PolicySetIdReferences) in Responses' PolicyIdentifierList are absolute references to applicable policies (no ambiguity).
- [RuleId should be unique within a policy](https://lists.oasis-open.org/archives/xacml/201310/msg00025.html) -> A rule is globally uniquely identified by the parent PolicyId and the RuleId. - [RuleId should be unique within a policy](https://lists.oasis-open.org/archives/xacml/201310/msg00025.html) -> A rule is globally uniquely identified by the parent PolicyId and the RuleId.
- OW2 #AUTHZFORCE-25: NullPointerException when parsing Apply expressions using invalid/unsupported Function ID - [OW2-25] NullPointerException when parsing Apply expressions using invalid/unsupported Function ID. Partial fix addressing only invalid first-order functions. See release 7.0.1 for final fix addressing higher-order functions too.
## 5.0.2 ## 5.0.2
...@@ -64,7 +72,7 @@ All notable changes to this project are documented in this file following the [K ...@@ -64,7 +72,7 @@ All notable changes to this project are documented in this file following the [K
## 5.0.1 ## 5.0.1
### Fixed ### Fixed
- #22 (OW2): When handling the same XACML Request twice in the same JVM with the root PolicySet using deny-unless-permit algorithm over a Policy returning simple Deny (no status/obligation/advice) and a Policy returning Permit/Deny with obligations/advice, the obligation is duplicated in the final result at the second time this situation occurs. - [OW2-22] When handling the same XACML Request twice in the same JVM with the root PolicySet using deny-unless-permit algorithm over a Policy returning simple Deny (no status/obligation/advice) and a Policy returning Permit/Deny with obligations/advice, the obligation is duplicated in the final result at the second time this situation occurs.
- XACML StatusCode XML serialization/marshalling error when Missing Attribute info that is no valid anyURI is returned by PDP in a Indeterminate Result - XACML StatusCode XML serialization/marshalling error when Missing Attribute info that is no valid anyURI is returned by PDP in a Indeterminate Result
- Memory management issue: native RootPolicyProvider modules keeping a reference to static refPolicyProvider, even after policies have been resolved statically at initialization time, preventing garbage collection and memory saving. - Memory management issue: native RootPolicyProvider modules keeping a reference to static refPolicyProvider, even after policies have been resolved statically at initialization time, preventing garbage collection and memory saving.
- Calls to Logger impacted negatively by autoboxing - Calls to Logger impacted negatively by autoboxing
......
...@@ -89,14 +89,10 @@ public final class ImmutableFunctionRegistry implements FunctionRegistry ...@@ -89,14 +89,10 @@ public final class ImmutableFunctionRegistry implements FunctionRegistry
} }
final GenericHigherOrderFunctionFactory funcFactory = genericHigherOrderFunctionFactoryRegistry.getExtension(functionId); final GenericHigherOrderFunctionFactory funcFactory = genericHigherOrderFunctionFactoryRegistry.getExtension(functionId);
/* if (funcFactory == null)
* FIXME: faire la test suite qui met en evidence le bug d'abord en non regression -> modifier OW2#25 (avec wrong id for any-of combined with sub function in a ApplyExpression) et ensuite {
* corriger return null;
*/ }
// if (funcFactory == null)
// {
// return null;
// }
return funcFactory.getInstance(subFunctionReturnTypeFactory); return funcFactory.getInstance(subFunctionReturnTypeFactory);
} }
......
PDP initialization must fail with IllegalArgumentException when using unknown/unsupported Function as Apply function PDP initialization must fail with IllegalArgumentException when using unknown/unsupported first-order Function as Apply function
PDP initialization must fail with IllegalArgumentException when using unknown/unsupported higher-order Function as Apply function
<?xml version="1.0" encoding="UTF-8"?>
<!-- Testing parameter 'maxPolicySetRefDepth' -->
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/5.0" version="5.0.0">
<rootPolicyProvider id="rootPolicyProvider" xsi:type="StaticRootPolicyProvider" policyLocation="${PARENT_DIR}/policy.xml" />
</pdp>
<?xml version="1.0" encoding="UTF-8"?>
<PolicySet xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicySetId="root" Version="1.0" PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:ordered-permit-overrides">
<Target />
<Policy PolicyId="P1" Version="1.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:ordered-permit-overrides">
<Target />
<Rule RuleId="R1" Effect="Permit">
<Description>Rule using unknown Function as Match function: urn:oasis:names:tc:xacml:2.0:function:string-equal instead of urn:oasis:names:tc:xacml:1.0:function:string-equal</Description>
<Target />
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
<Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal" />
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Paul</AttributeValue>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">John</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Paul</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">George</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Ringo</AttributeValue>
</Apply>
</Apply>
</Condition>
</Rule>
</Policy>
</PolicySet>
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment