Commit 11f05b70 authored by cdanger's avatar cdanger

- Removed any usage of SunXACML ParsingException

- Fixed Javadoc comments
parent 56b2616a
/**
*
* Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
*
* 1. Redistribution of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
*
* 2. Redistribution in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or
* other materials provided with the distribution.
*
* Neither the name of Sun Microsystems, Inc. or the names of contributors may be used to endorse or promote products derived from this software without
* specific prior written permission.
*
* This software is provided "AS IS," without a warranty of any kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED
* WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") AND ITS LICENSORS
* SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL
* SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
* CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGES.
*
* You acknowledge that this software is not designed or intended for use in the design, construction, operation or maintenance of any nuclear facility.
*/
package com.sun.xacml;
import org.ow2.authzforce.core.pdp.api.StatusHelper;
import org.ow2.authzforce.core.pdp.impl.BaseDecisionResult;
/**
* Exception that gets thrown if any general parsing error occurs.
*
* @since 1.0
* @author Seth Proctor
*/
public class ParsingException extends Exception
{
/**
*
*/
private static final long serialVersionUID = 1L;
/**
* Constructs a new <code>ParsingException</code> with no message or cause.
*/
public ParsingException()
{
}
/**
* Constructs a new <code>ParsingException</code> with a message, but no cause. The message is saved for later retrieval by the
* {@link java.lang#Throwable.getMessage() Throwable.getMessage()} method.
*
* @param message
* the detail message (<code>null</code> if nonexistent or unknown)
*/
public ParsingException(String message)
{
super(message);
}
/**
* Constructs a new <code>ParsingException</code> with a message and a cause. The message and cause are saved for later retrieval by the
* {@link java.lang#Throwable.getMessage() Throwable.getMessage()} and {@link java.lang#Throwable.getCause() Throwable.getCause()} methods.
*
* @param message
* the detail message (<code>null</code> if nonexistent or unknown)
* @param cause
* the cause (<code>null</code> if nonexistent or unknown)
*/
public ParsingException(String message, Throwable cause)
{
super(message, cause);
}
/**
* Turns this into a Indeterminate DecisionResult
*
* @return "Indeterminate" DecisionResult
*/
public BaseDecisionResult getIndeterminateResult()
{
return new BaseDecisionResult(new StatusHelper(StatusHelper.STATUS_SYNTAX_ERROR, this.getMessage()));
}
}
......@@ -40,11 +40,11 @@ import org.ow2.authzforce.core.pdp.impl.value.DatatypeConstants;
import org.ow2.authzforce.core.pdp.impl.value.TimeValue;
/**
* This class implements the time-in-range function, which takes three time values and returns true if the first value falls between the second and the third
* value. This function was introduced in XACML 2.0.
* This class implements the time-in-range function, which takes three time values and returns true if the first value falls between the second and the third value. This function was introduced in
* XACML 2.0.
* <p>
* Note that this function allows any time ranges less than 24 hours. In other words, it is not bound by normal day boundries (midnight GMT), but by the minimum
* time in the range. This means that ranges like 9am-5pm are supported, as are ranges like 5pm-9am.
* Note that this function allows any time ranges less than 24 hours. In other words, it is not bound by normal day boundries (midnight GMT), but by the minimum time in the range. This means that
* ranges like 9am-5pm are supported, as are ranges like 5pm-9am.
*
* @since 2.0
* @author seth proctor
......@@ -90,14 +90,16 @@ public final class TimeInRangeFunction extends FirstOrderFunction.SingleParamete
}
/**
* Evaluates the time-in-range function, which takes three <code>TimeAttributeValue</code> values. This function return true if the first value falls
* between the second and third values (ie., on or after the second time and on or before the third time). If no time zone is specified for the second
* and/or third time value, then the timezone from the first time value is used. This lets you say time-in-range(current-time, 9am, 5pm) and always have
* the evaluation happen in your current-time timezone.
* Evaluates the time-in-range function, which takes three <code>TimeAttributeValue</code> values. This function return true if the first value falls between the second and third values (ie.,
* on or after the second time and on or before the third time). If no time zone is specified for the second and/or third time value, then the timezone from the first time value is used. This
* lets you say time-in-range(current-time, 9am, 5pm) and always have the evaluation happen in your current-time timezone.
*
* @param arg
* time to be checked against the lower and upper bounds
* @param lowerBound
* lower time bound
* @param upperBound
* upper time bound
* @return true iff arg is in range [lowerBound, upperBound]
*
*
......@@ -127,9 +129,8 @@ public final class TimeInRangeFunction extends FirstOrderFunction.SingleParamete
*/
setSameDate(calCheckedWhetherInRange, startCal);
/*
* Now we date does not matter in calendar comparison, we only compare times of the day so ignoring the date, the checked time of the day might be
* before the lower time bound but still be in range if considered this is the time on the next day. In this case, startCal is on day N, and
* calCheckedWhetherInRange on day N+1.
* Now we date does not matter in calendar comparison, we only compare times of the day so ignoring the date, the checked time of the day might be before the lower time bound but still be
* in range if considered this is the time on the next day. In this case, startCal is on day N, and calCheckedWhetherInRange on day N+1.
*/
/*
* Boolean below says whether the checked time is strictly after the start time if considered on the *same day*, i.e. in terms of time of day.
......@@ -138,16 +139,15 @@ public final class TimeInRangeFunction extends FirstOrderFunction.SingleParamete
if (startCal.after(endCal))
{
/**
* start time of the day > end time of the day, for instance 02:00:00 > 01:00:00 so we consider the end time (01:00:00) on the next day (later
* than the second argument - end time - by less than 24h, the spec says). So we interpret the time interval as the date interval [startTime on
* day N, endTime on day N+1]. If checked time of day < start time of day (compared on the same day), then checked time can only be on day after
* to be in range
* start time of the day > end time of the day, for instance 02:00:00 > 01:00:00 so we consider the end time (01:00:00) on the next day (later than the second argument - end time - by
* less than 24h, the spec says). So we interpret the time interval as the date interval [startTime on day N, endTime on day N+1]. If checked time of day < start time of day (compared
* on the same day), then checked time can only be on day after to be in range
*/
if (isCheckedDayTimeStrictlyBeforeStartDayTime)
{
/*
* time checked is strictly before start time if considered on the same day, so not in range unless considered on day N+1 So let's compared
* with end time after considering them on the same day
* time checked is strictly before start time if considered on the same day, so not in range unless considered on day N+1 So let's compared with end time after considering them on
* the same day
*/
// calCheckedWhetherInRange.add(Calendar.DAY_OF_YEAR, 1);
// set checked time to same day as end time for comparison
......@@ -178,8 +178,7 @@ public final class TimeInRangeFunction extends FirstOrderFunction.SingleParamete
return !calCheckedWhetherInRange.after(endCal);
}
private Call(FunctionSignature.SingleParameterTyped<BooleanValue, TimeValue> functionSignature, List<Expression<?>> argExpressions,
Datatype<?>... remainingArgTypes)
private Call(FunctionSignature.SingleParameterTyped<BooleanValue, TimeValue> functionSignature, List<Expression<?>> argExpressions, Datatype<?>... remainingArgTypes)
{
super(functionSignature, argExpressions, remainingArgTypes);
}
......@@ -188,8 +187,7 @@ public final class TimeInRangeFunction extends FirstOrderFunction.SingleParamete
protected BooleanValue evaluate(Deque<TimeValue> argStack) throws IndeterminateEvaluationException
{
/*
* args.poll() returns the first element and remove it from the stack, so that next poll() returns the next element (and removes it from the stack),
* etc.
* args.poll() returns the first element and remove it from the stack, so that next poll() returns the next element (and removes it from the stack), etc.
*/
return BooleanValue.valueOf(eval(argStack.poll(), argStack.poll(), argStack.poll()));
}
......
......@@ -33,8 +33,7 @@ import org.ow2.authzforce.core.pdp.impl.func.HigherOrderBagFunctionSet;
import org.ow2.authzforce.core.pdp.impl.value.BooleanValue;
/**
* XACML Match evaluator. This is the part of the Target that actually evaluates whether the specified attribute values in the Target match the corresponding
* attribute values in the request context.
* XACML Match evaluator. This is the part of the Target that actually evaluates whether the specified attribute values in the Target match the corresponding attribute values in the request context.
*/
public class MatchEvaluator
{
......@@ -99,8 +98,7 @@ public class MatchEvaluator
this.anyOfFuncCall = anyOfFunc.newCall(anyOfFuncInputs);
} catch (IllegalArgumentException e)
{
throw new IllegalArgumentException(
"Invalid inputs (Expressions) to the Match (validated using the equivalent standard 'any-of' function definition): " + anyOfFuncInputs, e);
throw new IllegalArgumentException("Invalid inputs (Expressions) to the Match (validated using the equivalent standard 'any-of' function definition): " + anyOfFuncInputs, e);
}
}
......@@ -112,6 +110,7 @@ public class MatchEvaluator
*
* @return true iff the context matches
* @throws IndeterminateEvaluationException
* error occurred evaluating the Match element in this evaluation {@code context}
*/
public boolean match(EvaluationContext context) throws IndeterminateEvaluationException
{
......
......@@ -17,8 +17,6 @@ import java.io.IOException;
import java.util.List;
import java.util.Map;
import javax.xml.bind.JAXBException;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Request;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Response;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Result;
......@@ -29,14 +27,11 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.SystemPropertyUtils;
import com.sun.xacml.ParsingException;
import com.sun.xacml.UnknownIdentifierException;
/**
* JavaBean for the PDP to be used/called as JNDI resource.
*
* In JEE application servers such as Glassfish, you could use class org.glassfish.resources.custom.factory.JavaBeanFactory for registering the custom JNDI
* resource. More info: http://docs.oracle.com/cd/E26576_01/doc.312/e24930/jndi.htm#giywi
* In JEE application servers such as Glassfish, you could use class org.glassfish.resources.custom.factory.JavaBeanFactory for registering the custom JNDI resource. More info:
* http://docs.oracle.com/cd/E26576_01/doc.312/e24930/jndi.htm#giywi
*
* For Tomcat, see http://tomcat.apache.org/tomcat-7.0-doc/jndi-resources-howto.html# Adding_Custom_Resource_Factories.
*
......@@ -56,30 +51,30 @@ public final class PdpBean implements PDP
private String catalogLocation = null;
/**
* Configuration file. Only the 'defaultPDP' configuration will be loaded, i.e. 'pdp' element with 'name' matching the 'defaultPDP' attribute of the root
* 'config' element
* Configuration file. Only the 'defaultPDP' configuration will be loaded, i.e. 'pdp' element with 'name' matching the 'defaultPDP' attribute of the root 'config' element
*
* @param filePath
* configuration file path used as argument to {@link org.springframework.core.io.DefaultResourceLoader#getResource(String)} to resolve the
* resource; any placeholder ${...} in the path will be replaced with the corresponding system property value
* @throws JAXBException
* configuration file path used as argument to {@link org.springframework.core.io.DefaultResourceLoader#getResource(String)} to resolve the resource; any placeholder ${...} in the path
* will be replaced with the corresponding system property value
* @throws IllegalArgumentException
* if there is an unresolvable placeholder in {@code filePath}
*/
public void setConfigFile(String filePath) throws JAXBException
public void setConfigFile(String filePath) throws IllegalArgumentException
{
confLocation = SystemPropertyUtils.resolvePlaceholders(filePath);
init();
}
/**
* Configuration schema file. Used only for validating XML configurations (enclosed with 'xml' tag) of PDP extension modules in PDP configuration file set
* with {@link #setConfigFile(String)}
* Configuration schema file. Used only for validating XML configurations (enclosed with 'xml' tag) of PDP extension modules in PDP configuration file set with {@link #setConfigFile(String)}
*
* @param filePath
* configuration file path used as argument to {@link org.springframework.core.io.DefaultResourceLoader#getResource(String)} to resolve the
* resource; any placeholder ${...} in the path will be replaced with the corresponding system property value
* @throws JAXBException
* configuration file path used as argument to {@link org.springframework.core.io.DefaultResourceLoader#getResource(String)} to resolve the resource; any placeholder ${...} in the path
* will be replaced with the corresponding system property value
* @throws IllegalArgumentException
* if there is an unresolvable placeholder in {@code filePath}
*/
public void setSchemaFile(String filePath) throws JAXBException
public void setSchemaFile(String filePath) throws IllegalArgumentException
{
extSchemaLocation = SystemPropertyUtils.resolvePlaceholders(filePath);
init();
......@@ -89,27 +84,22 @@ public final class PdpBean implements PDP
* Set XML catalog for resolving XML entities used in XML schema
*
* @param filePath
* @throws JAXBException
* configuration file path used as argument to {@link org.springframework.core.io.DefaultResourceLoader#getResource(String)} to resolve the resource; any placeholder ${...} in the path
* will be replaced with the corresponding system property value
* @throws IllegalArgumentException
* if there is an unresolvable placeholder in {@code filePath}
*/
public void setCatalogFile(String filePath) throws JAXBException
public void setCatalogFile(String filePath) throws IllegalArgumentException
{
catalogLocation = SystemPropertyUtils.resolvePlaceholders(filePath);
init();
}
/**
*
* @return
* @throws JAXBException
* @throws ParsingException
* @throws UnknownIdentifierException
*/
private boolean init()
{
if (!initialized && catalogLocation != null && extSchemaLocation != null && confLocation != null)
{
LOGGER.info("Loading PDP configuration from file {} with extension schema location '{}' and XML catalog location '{}'", new Object[] {
confLocation, extSchemaLocation, catalogLocation });
LOGGER.info("Loading PDP configuration from file {} with extension schema location '{}' and XML catalog location '{}'", new Object[] { confLocation, extSchemaLocation, catalogLocation });
try
{
pdp = PdpConfigurationParser.getPDP(confLocation, catalogLocation, extSchemaLocation);
......
......@@ -61,16 +61,15 @@ public class PdpModelHandler
private final JAXBContext confJaxbCtx;
/**
* Load Configuration model handler. Parameters here are locations to XSD files. Locations can be any resource string supported by Spring ResourceLoader.
* More info: http://docs.spring.io/spring/docs/current/spring-framework-reference/html/resources.html
* Load Configuration model handler. Parameters here are locations to XSD files. Locations can be any resource string supported by Spring ResourceLoader. More info:
* http://docs.spring.io/spring/docs/current/spring-framework-reference/html/resources.html
*
* For example: classpath:com/myapp/aaa.xsd, file:///data/bbb.xsd, http://myserver/ccc.xsd...
*
*
* @param extensionXsdLocation
* location of user-defined extension XSD (may be null if no extension to load), if exists; in such XSD, there must be a XSD import for each
* extension schema. Only import the namespace, do not define the actual schema location here. Use the catalog specified by the
* <code>catalogLocation</code> parameter to specify the schema location. For example:
* location of user-defined extension XSD (may be null if no extension to load), if exists; in such XSD, there must be a XSD import for each extension schema. Only import the namespace,
* do not define the actual schema location here. Use the catalog specified by the <code>catalogLocation</code> parameter to specify the schema location. For example:
*
* <pre>
* {@literal
......@@ -86,8 +85,7 @@ public class PdpModelHandler
* </pre>
*
* @param catalogLocation
* location of XML catalog for resolving XSDs imported by the pdp.xsd (PDP configuration schema) and the extensions XSD specified as
* 'extensionXsdLocation' argument (may be null)
* location of XML catalog for resolving XSDs imported by the pdp.xsd (PDP configuration schema) and the extensions XSD specified as 'extensionXsdLocation' argument (may be null)
*
*/
@ConstructorProperties({ "catalogLocation", "extensionXsdLocation" })
......@@ -103,10 +101,10 @@ public class PdpModelHandler
}
/*
* JAXB classes of extensions are generated separately from the extension base type XSD. Therefore no @XmlSeeAlso to link to the base type. Therefore
* any JAXB provider cannot (un)marshall documents using the extension base type XSD, unless it is provided with the list of the extra JAXB classes
* based on the new extension XSD. For instance, this is the case for JAXB providers used by REST/SOAP frameworks: Apache CXF, Metro, etc. So we need to
* add to the JAXBContext all the extensions' model (JAXB-generated) classes. These have been collected by the PdpExtensionLoader.
* JAXB classes of extensions are generated separately from the extension base type XSD. Therefore no @XmlSeeAlso to link to the base type. Therefore any JAXB provider cannot (un)marshall
* documents using the extension base type XSD, unless it is provided with the list of the extra JAXB classes based on the new extension XSD. For instance, this is the case for JAXB providers
* used by REST/SOAP frameworks: Apache CXF, Metro, etc. So we need to add to the JAXBContext all the extensions' model (JAXB-generated) classes. These have been collected by the
* PdpExtensionLoader.
*/
final Set<Class<?>> jaxbBoundClassList = new HashSet<Class<?>>(PdpExtensionLoader.getExtensionJaxbClasses());
LOGGER.debug("Final list of loaded extension models (JAXB classes): {}", jaxbBoundClassList);
......@@ -146,13 +144,14 @@ public class PdpModelHandler
* Class of object to be unmarshalled, must be a subclass (or the class itself) of {@value #SUPPORTED_ROOT_CONF_ELEMENT_JAXB_TYPE}
* @return object of class clazz
* @throws JAXBException
* if an error was encountered while unmarshalling the XML document in {@code src} into an instance of {@code clazz}
*/
public <T> T unmarshal(Source src, Class<T> clazz) throws JAXBException
{
if (!SUPPORTED_ROOT_CONF_ELEMENT_JAXB_TYPE.isAssignableFrom(clazz))
{
throw new UnsupportedOperationException("XML configuration unmarshalling is not supported for " + clazz
+ "; supported JAXB type for root configuration elements is: " + SUPPORTED_ROOT_CONF_ELEMENT_JAXB_TYPE);
throw new UnsupportedOperationException("XML configuration unmarshalling is not supported for " + clazz + "; supported JAXB type for root configuration elements is: "
+ SUPPORTED_ROOT_CONF_ELEMENT_JAXB_TYPE);
}
final Unmarshaller unmarshaller = confJaxbCtx.createUnmarshaller();
......
......@@ -50,8 +50,7 @@ import org.xml.sax.SAXParseException;
/**
*
* XML schema handler that can load schema file(s) from location(s) supported by {@link ResourceUtils} using any OASIS catalog at any location supported by
* {@link ResourceUtils} as well.
* XML schema handler that can load schema file(s) from location(s) supported by {@link ResourceUtils} using any OASIS catalog at any location supported by {@link ResourceUtils} as well.
*
*/
public class SchemaHandler
......@@ -100,8 +99,8 @@ public class SchemaHandler
}
} catch (IOException ex)
{
final String errMsg = "Unable to resolve schema-required entity with XML catalog (location='" + catalogLocation + "'): type=" + type
+ ", namespaceURI=" + namespaceURI + ", publicId='" + publicId + "', systemId='" + systemId + "', baseURI='" + baseURI + "'";
final String errMsg = "Unable to resolve schema-required entity with XML catalog (location='" + catalogLocation + "'): type=" + type + ", namespaceURI=" + namespaceURI
+ ", publicId='" + publicId + "', systemId='" + systemId + "', baseURI='" + baseURI + "'";
throw new RuntimeException(errMsg, ex);
}
......@@ -132,9 +131,9 @@ public class SchemaHandler
}
/**
* This is quite similar to org.apache.cxf.catalog.OASISCatalogManager, except it is much simplified as we don't need as many features. We are not using
* CXF's OASISCatalogManager class directly because it is part of cxf-core which drags many classes and dependencies on CXF we don't need. It would make
* more sense if OASISCatalogManager was part of a cxf common utility package, but it is not the case as of writing (December 2014).
* This is quite similar to org.apache.cxf.catalog.OASISCatalogManager, except it is much simplified as we don't need as many features. We are not using CXF's OASISCatalogManager class directly
* because it is part of cxf-core which drags many classes and dependencies on CXF we don't need. It would make more sense if OASISCatalogManager was part of a cxf common utility package, but it
* is not the case as of writing (December 2014).
*/
private static class OASISCatalogManager
{
......@@ -199,8 +198,7 @@ public class SchemaHandler
}
} catch (IOException e)
{
_LOGGER.warn(
"Error resolving resource needed by org.apache.xml.resolver.CatalogResolver for OASIS CatalogManager with URL: {}", e);
_LOGGER.warn("Error resolving resource needed by org.apache.xml.resolver.CatalogResolver for OASIS CatalogManager with URL: {}", e);
}
}
return s;
......@@ -235,8 +233,7 @@ public class SchemaHandler
if (catalog == null)
{
_LOGGER.warn("Catalog found at {} but no org.apache.xml.resolver.CatalogManager was found. Check the classpatch for an xmlresolver jar.",
catalogURL);
_LOGGER.warn("Catalog found at {} but no org.apache.xml.resolver.CatalogManager was found. Check the classpatch for an xmlresolver jar.", catalogURL);
} else
{
catalog.parseCatalog(catalogURL);
......@@ -330,8 +327,7 @@ public class SchemaHandler
public final Reader getCharacterStream()
{
/*
* No character stream, only byte streams are allowed. Do not throw exception, otherwise the resolution of the resource fails, even if byte stream
* OK
* No character stream, only byte streams are allowed. Do not throw exception, otherwise the resolution of the resource fails, even if byte stream OK
*/
return null;
// throw new UnsupportedOperationException();
......@@ -381,8 +377,7 @@ public class SchemaHandler
public final String getBaseURI()
{
/*
* No base URI, only absolute URIs are allowed. Do not throw exception if no base URI, otherwise the resolution of the resource fails, even for
* absolute URIs
* No base URI, only absolute URIs are allowed. Do not throw exception if no base URI, otherwise the resolution of the resource fails, even for absolute URIs
*/
return null;
// throw new UnsupportedOperationException();
......@@ -398,8 +393,7 @@ public class SchemaHandler
public final String getEncoding()
{
/*
* No encoding override, only absolute URIs are allowed. Do not throw exception if no base URI, otherwise the resolution of the resource fails, even
* if encoding specified in other way
* No encoding override, only absolute URIs are allowed. Do not throw exception if no base URI, otherwise the resolution of the resource fails, even if encoding specified in other way
*/
return null;
// throw new UnsupportedOperationException();
......@@ -429,7 +423,7 @@ public class SchemaHandler
private String catalogLocation;
/**
* Default empty constructor, needed for instanciation by Spring framework
* Default empty constructor, needed for instantiation by Spring framework
*/
public SchemaHandler()
{
......@@ -439,6 +433,7 @@ public class SchemaHandler
* Sets (Spring-supported) locations to XML schema files
*
* @param locations
* XML schema locations
*/
public void setSchemaLocations(List<String> locations)
{
......@@ -449,6 +444,7 @@ public class SchemaHandler
* Sets (Spring-supported) locations to XML catalog files
*
* @param location
* XML catalog location
*/
public void setCatalogLocation(String location)
{
......@@ -470,16 +466,17 @@ public class SchemaHandler
*
*
* @param schemaLocations
* XML schema locations
* @param catalogLocation
* XML catalog location
* @return XML validation schema
*/
public static Schema createSchema(List<String> schemaLocations, final String catalogLocation)
{
/*
* This is mostly similar to org.apache.cxf.jaxrs.utils.schemas.SchemaHandler#createSchema(), except we are using Spring ResourceUtils class to get
* Resource URLs and we don't use any Bus object. We are not using CXF's SchemaHandler class directly because it is part of cxf-rt-frontend-jaxrs which
* drags many dependencies on CXF we don't need, the full CXF JAX-RS framework actually. It would make more sense if SchemaHandler was part of some cxf
* common utility package, but it is not the case as of writing (December 2014).
* This is mostly similar to org.apache.cxf.jaxrs.utils.schemas.SchemaHandler#createSchema(), except we are using Spring ResourceUtils class to get Resource URLs and we don't use any Bus
* object. We are not using CXF's SchemaHandler class directly because it is part of cxf-rt-frontend-jaxrs which drags many dependencies on CXF we don't need, the full CXF JAX-RS framework
* actually. It would make more sense if SchemaHandler was part of some cxf common utility package, but it is not the case as of writing (December 2014).
*/
final SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
......
......@@ -27,8 +27,8 @@ import org.ow2.authzforce.core.pdp.api.CombiningAlg;
import org.ow2.authzforce.core.pdp.api.Decidable;
/**
* Combining algorithm set. Allows to group combining algorithms, especially when it is actually the same generic algorithm but with different IDs, such as most
* standard algorithms which are the same for policy combining and rule combining algorithm IDs.
* Combining algorithm set. Allows to group combining algorithms, especially when it is actually the same generic algorithm but with different IDs, such as most standard algorithms which are the same
* for policy combining and rule combining algorithm IDs.
*
* TODO: consider making it a PdpExtension like FunctionSet, or generic PdpExtensionSet
*/
......@@ -40,6 +40,7 @@ public class CombiningAlgSet
* Creates set from multiple combining algorithms
*
* @param algorithms
* XACML policy/rule combining algorithms added to the set
*/
public CombiningAlgSet(CombiningAlg<?>... algorithms)
{
......@@ -50,6 +51,7 @@ public class CombiningAlgSet
* Creates a set as a copy of an existing set
*
* @param algorithms
* XACML policy/rule combining algorithms added to the set
*/
public CombiningAlgSet(Set<CombiningAlg<?>> algorithms)
{
......@@ -57,8 +59,8 @@ public class CombiningAlgSet
}
/**
* Returns a single instance of each of the functions supported by some class. The <code>Set</code> must contain instances of <code>Function</code>, and it
* must be both non-null and non-empty. It may contain only a single <code>Function</code>.
* Returns a single instance of each of the functions supported by some class. The <code>Set</code> must contain instances of <code>Function</code>, and it must be both non-null and non-empty. It
* may contain only a single <code>Function</code>.
*
* @return the functions members of this group
*/
......
......@@ -35,8 +35,6 @@ import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.JaxbXACMLUtils;
import org.ow2.authzforce.core.pdp.api.Value;
import com.sun.xacml.ParsingException;
/**
* Evaluates XACML Apply
*
......@@ -73,24 +71,20 @@ public final class Apply<V extends Value> extends ApplyType implements Expressio
* @param xacmlApply
* XACML Apply element
* @param xPathCompiler
* Enclosing Policy(Set)'s default XPath compiler, corresponding to the Policy(Set)'s default XPath version specified in {@link DefaultsType}
* element.
* Enclosing Policy(Set)'s default XPath compiler, corresponding to the Policy(Set)'s default XPath version specified in {@link DefaultsType} element.
* @param expFactory
* expression factory for instantiating Apply's parameters
* @param longestVarRefChain
* Longest chain of VariableReference references leading to this Apply, when evaluating a VariableDefinitions, i.e. list of VariableIds, such
* that V1-> V2 ->... -> Vn -> <code>this</code>, where "V1 -> V2" means: the expression in VariableDefinition of V1 contains a VariableReference
* to V2. This is used to detect exceeding depth of VariableReference reference when a new VariableReference occurs in a VariableDefinition's
* expression. May be null, if this expression does not belong to any VariableDefinition.
* Longest chain of VariableReference references leading to this Apply, when evaluating a VariableDefinitions, i.e. list of VariableIds, such that V1-> V2 ->... -> Vn ->
* <code>this</code>, where "V1 -> V2" means: the expression in VariableDefinition of V1 contains a VariableReference to V2. This is used to detect exceeding depth of VariableReference
* reference when a new VariableReference occurs in a VariableDefinition's expression. May be null, if this expression does not belong to any VariableDefinition.
* @return Apply instance
*
* @throws IllegalArgumentException
* if {@code xacmlApply} is invalid or {@code expFactory} is null; or function ID not supported/unknown; if {@code xprs} are invalid
* expressions, or invalid arguments for this function; or if all {@code xprs} are static but calling the function statically (with these static
* arguments) failed
* if {@code xacmlApply} is invalid or {@code expFactory} is null; or function ID not supported/unknown; if {@code xprs} are invalid expressions, or invalid arguments for this
* function; or if all {@code xprs} are static but calling the function statically (with these static arguments) failed
*/
public static Apply<?> getInstance(ApplyType xacmlApply, XPathCompiler xPathCompiler, ExpressionFactory expFactory, Deque<String> longestVarRefChain)
throws IllegalArgumentException
public static Apply<?> getInstance(ApplyType xacmlApply, XPathCompiler xPathCompiler, ExpressionFactory expFactory, Deque<String> longestVarRefChain) throws IllegalArgumentException
{
if (xacmlApply == null)
{
......@@ -151,8 +145,7 @@ public final class Apply<V extends Value> extends ApplyType implements Expressio
if (function == null)
{
throw new IllegalArgumentException("Error parsing Apply[description=" + applyDesc + "]: Invalid Function: function ID '" + functionId
+ "' not supported");
throw new IllegalArgumentException("Error parsing Apply[description=" + applyDesc + "]: Invalid Function: function ID '" + functionId + "' not supported");
}
return new Apply<>(function, funcInputs, xacmlApply.getExpressions(), applyDesc);
......@@ -173,12 +166,8 @@ public final class Apply<V extends Value> extends ApplyType implements Expressio
* @throws IllegalArgumentException
* if {@code xprs} are invalid arguments for this function;
*
* @throws ParsingException
* if all {@code xprs} are static but calling the function with these static arguments failed
*
*/
private Apply(Function<V> function, List<Expression<?>> xprs, List<JAXBElement<? extends ExpressionType>> originalXacmlExpressions, String description)
throws IllegalArgumentException
private Apply(Function<V> function, List<Expression<?>> xprs, List<JAXBElement<? extends ExpressionType>> originalXacmlExpressions, String description) throws IllegalArgumentException
{
assert function != null;
......@@ -221,8 +210,7 @@ public final class Apply<V extends Value> extends ApplyType implements Expressio
staticEvalResult = funcCall.evaluate(null);
} catch (IndeterminateEvaluationException e)
{
throw new IllegalArgumentException("Invalid Apply[Description = " + description + "]: function " + function
+ " is not applicable to arguments (all static): " + xprs, e);
throw new IllegalArgumentException("Invalid Apply[Description = " + description + "]: function " + function + " is not applicable to arguments (all static): " + xprs, e);
}
/*
......@@ -259,14 +247,14 @@ public final class Apply<V extends Value> extends ApplyType implements Expressio
}
/**
* Evaluates the apply object using the given function. This will in turn call evaluate on all the given parameters, some of which may be other
* <code>Apply</code> objects.
* Evaluates the apply object using the given function. This will in turn call evaluate on all the given parameters, some of which may be other <code>Apply</code> objects.
*
* @param context
* the representation of the request
*
* @return the result of trying to evaluate this apply object
* @throws IndeterminateEvaluationException
* if any evaluation error occured when evaluating the Apply expression in the given {@context}
*/
@Override
public V evaluate(EvaluationContext context) throws IndeterminateEvaluationException
......@@ -275,8 +263,8 @@ public final class Apply<V extends Value> extends ApplyType implements Expressio
}
/**
* Returns the type of attribute that this object will return on a call to <code>evaluate</code> . In practice, this will always be the same as the result
* of calling <code>getReturnType</code> on the function used by this object.
* Returns the type of attribute that this object will return on a call to <code>evaluate</code> . In practice, this will always be the same as the result of calling <code>getReturnType</code> on
* the function used by this object.
*
* @return the type returned by <code>evaluate</code>
*/
......
......@@ -36,9 +36,12 @@ public class BaseFunctionSet implements FunctionSet
private final Set<Function<?>> functions;
/**
* Constructor from an identifier and an array of functions
*
* @param id
* globally unique ID of this function set, to be used as PDP extension ID
* @param functions
* functions added to the set
*/
public BaseFunctionSet(String id, Function<?>... functions)
{
......@@ -46,8 +49,12 @@ public class BaseFunctionSet implements FunctionSet
}
/**
* Constructor from an identifier and a set of functions
*
* @param id
* globally unique ID of this function set, to be used as PDP extension ID
* @param functions
* functions added to the set. This function set uses a immutable copy of this input.
*/
public BaseFunctionSet(String id, Set<Function<?>> functions)
{
......@@ -56,8 +63,8 @@ public class BaseFunctionSet implements FunctionSet
}
/**
* Returns a single instance of each of the functions supported by some class. The <code>Set</code> must contain instances of <code>Function</code>, and it
* must be both non-null and non-empty. It may contain only a single <code>Function</code>.
* Returns a single instance of each of the functions supported by some class. The <code>Set</code> must contain instances of <code>Function</code>, and it must be both non-null and non-empty. It
* may contain only a single <code>Function</code>.
*
* @return the functions members of this group
*/
......
......@@ -39,32 +39,32 @@ public class FunctionRegistry
* @param genericFunctionFactoryRegistry
* (optional) generic function factory registry
*/
protected FunctionRegistry(BasePdpExtensionRegistry<Function<?>> nonGenericFunctionRegistry,
BasePdpExtensionRegistry<GenericHigherOrderFunctionFactory> genericFunctionFactoryRegistry)
protected FunctionRegistry(BasePdpExtensionRegistry<Function<?>> nonGenericFunctionRegistry, BasePdpExtensionRegistry<GenericHigherOrderFunctionFactory> genericFunctionFactoryRegistry)
{
this.nonGenericFunctionRegistry = new BasePdpExtensionRegistry<>(Function.class, nonGenericFunctionRegistry);
this.genericHigherOrderFunctionFactoryRegistry = genericFunctionFactoryRegistry == null ? null : new BasePdpExtensionRegistry<>(
GenericHigherOrderFunctionFactory.class, genericFunctionFactoryRegistry);
this.genericHigherOrderFunctionFactoryRegistry = genericFunctionFactoryRegistry == null ? null : new BasePdpExtensionRegistry<>(GenericHigherOrderFunctionFactory.class,
genericFunctionFactoryRegistry);
}
/**
* Constructor that sets a "base registry" from which this inherits all the extensions. Used for instance to build a new registry based on a standard one
* (e.g. {@link StandardFunctionRegistry} for standard functions).
* Constructor that sets a "base registry" from which this inherits all the extensions. Used for instance to build a new registry based on a standard one (e.g. {@link StandardFunctionRegistry} for
* standard functions).
*
* @param baseRegistry
* the base/parent registry on which this one is based or null
*/
public FunctionRegistry(FunctionRegistry baseRegistry)
{