Commit 147ef63c authored by cdanger's avatar cdanger

### Added

- PdpImpl#getStaticRootAndRefPolicies() that provides all the PDP's root policy and policies referenced - directly or indirectly - from the root policy, if all are statically resolved. This allows PDP clients to know all the policies (if statically resolved) possibly used by the PDP during the evaluation.
parent c5602fe4
......@@ -2,6 +2,8 @@
All notable changes to this project are documented in this file following the [Keep a CHANGELOG](http://keepachangelog.com) conventions.
## Unreleased
### Added
- PdpImpl#getStaticRootAndRefPolicies() that provides all the PDP's root policy and policies referenced - directly or indirectly - from the root policy, if all are statically resolved. This allows PDP clients to know all the policies (if statically resolved) possibly used by the PDP during the evaluation.
## 3.7.0
### Added
......
......@@ -6,7 +6,7 @@
<version>3.3.7</version>
</parent>
<artifactId>authzforce-ce-core</artifactId>
<version>3.7.1-SNAPSHOT</version>
<version>3.8.0-SNAPSHOT</version>
<name>${project.groupId}:${project.artifactId}</name>
<description>AuthZForce Community Edition - XACML-compliant Core Engine</description>
<url>https://tuleap.ow2.org/projects/authzforce</url>
......@@ -56,7 +56,7 @@
<groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-core-pdp-api</artifactId>
<!-- Major/minor version should match this artifact major/minor version to respect Semantic Versioning; -->
<version>3.6.1</version>
<version>3.7.0-SNAPSHOT</version>
</dependency>
<!-- /Authzforce dependencies -->
......
......@@ -41,6 +41,7 @@ import org.ow2.authzforce.core.pdp.api.DecisionResultFilter;
import org.ow2.authzforce.core.pdp.api.EnvironmentProperties;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.IndividualDecisionRequest;
import org.ow2.authzforce.core.pdp.api.PolicyVersion;
import org.ow2.authzforce.core.pdp.api.RequestFilter;
import org.ow2.authzforce.core.pdp.api.StatusHelper;
import org.ow2.authzforce.core.pdp.api.XMLUtils;
......@@ -209,7 +210,7 @@ public class PDPImpl implements CloseablePDP
};
private final RootPolicyEvaluator rootPolicyProvider;
private final RootPolicyEvaluator rootPolicyEvaluator;
private final DecisionCache decisionCache;
private final RequestFilter reqFilter;
private final IndividualDecisionRequestEvaluator individualReqEvaluator;
......@@ -276,17 +277,17 @@ public class PDPImpl implements CloseablePDP
final RequestFilter requestFilter = requestFilterFactory.getInstance(attributeFactory, strictAttributeIssuerMatch, enableXPath,
XMLUtils.SAXON_PROCESSOR);
final RootPolicyEvaluator.Base candidateRootPolicyProvider = new RootPolicyEvaluator.Base(attributeFactory, functionRegistry,
final RootPolicyEvaluator.Base candidateRootPolicyEvaluator = new RootPolicyEvaluator.Base(attributeFactory, functionRegistry,
jaxbAttributeProviderConfs, maxVariableReferenceDepth, enableXPath, combiningAlgRegistry, jaxbRootPolicyProviderConf,
jaxbRefPolicyProviderConf, maxPolicySetRefDepth, strictAttributeIssuerMatch, environmentProperties);
// Use static resolution if possible
final RootPolicyEvaluator staticRootPolicyProvider = candidateRootPolicyProvider.toStatic();
if (staticRootPolicyProvider == null)
final RootPolicyEvaluator staticRootPolicyEvaluator = candidateRootPolicyEvaluator.toStatic();
if (staticRootPolicyEvaluator == null)
{
this.rootPolicyProvider = candidateRootPolicyProvider;
this.rootPolicyEvaluator = candidateRootPolicyEvaluator;
} else
{
this.rootPolicyProvider = staticRootPolicyProvider;
this.rootPolicyEvaluator = staticRootPolicyEvaluator;
}
this.reqFilter = requestFilter;
......@@ -302,8 +303,8 @@ public class PDPImpl implements CloseablePDP
this.decisionCache = responseCacheStoreFactory.getInstance(jaxbDecisionCacheConf);
}
this.individualReqEvaluator = this.decisionCache == null ? new NonCachingIndividualDecisionRequestEvaluator(rootPolicyProvider)
: new CachingIndividualRequestEvaluator(rootPolicyProvider, this.decisionCache);
this.individualReqEvaluator = this.decisionCache == null ? new NonCachingIndividualDecisionRequestEvaluator(rootPolicyEvaluator)
: new CachingIndividualRequestEvaluator(rootPolicyEvaluator, this.decisionCache);
this.resultFilter = decisionResultFilter == null ? DEFAULT_RESULT_FILTER : decisionResultFilter;
}
......@@ -379,7 +380,7 @@ public class PDPImpl implements CloseablePDP
@Override
public void close() throws IOException
{
rootPolicyProvider.close();
rootPolicyEvaluator.close();
if (decisionCache != null)
{
decisionCache.close();
......@@ -391,5 +392,13 @@ public class PDPImpl implements CloseablePDP
{
return evaluate(request, null);
}
/**
* Get the PDP's root policy and policies referenced - directly or indirectly - from the root policy, if all are statically resolved
* @return the root and referenced policies; null if any of these policies is not statically resolved (once and for all)
*/
public Map<String, PolicyVersion> getStaticRootAndRefPolicies() {
return this.rootPolicyEvaluator.getStaticRootAndRefPolicies();
}
}
......@@ -15,11 +15,13 @@ package org.ow2.authzforce.core.pdp.impl.policy;
import java.util.Deque;
import java.util.List;
import java.util.Map;
import org.ow2.authzforce.core.pdp.api.DecisionResult;
import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.IPolicyEvaluator;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.PolicyVersion;
import org.ow2.authzforce.core.pdp.api.RefPolicyProvider;
import org.ow2.authzforce.core.pdp.api.StatusHelper;
import org.ow2.authzforce.core.pdp.api.VersionPatterns;
......@@ -112,4 +114,16 @@ class DynamicPolicyRefEvaluator<T extends IPolicyEvaluator> extends PolicyRefere
// computed dynamically at evaluation time, see resolve() method
return null;
}
@Override
public Map<String, PolicyVersion> getStaticRefPolicies() {
// this is not static
return null;
}
@Override
public PolicyVersion getPolicyVersion() {
// Version is not statically defined
return null;
}
}
\ No newline at end of file
......@@ -40,6 +40,7 @@ import org.ow2.authzforce.core.pdp.api.CombiningAlgParameter;
import org.ow2.authzforce.core.pdp.api.CombiningAlgRegistry;
import org.ow2.authzforce.core.pdp.api.ExpressionFactory;
import org.ow2.authzforce.core.pdp.api.JaxbXACMLUtils;
import org.ow2.authzforce.core.pdp.api.PolicyVersion;
import org.ow2.authzforce.core.pdp.api.VariableReference;
import org.ow2.authzforce.core.pdp.api.XMLUtils;
import org.ow2.authzforce.core.pdp.impl.combining.BaseCombiningAlgParameter;
......@@ -219,4 +220,10 @@ public final class PolicyEvaluator extends GenericPolicyEvaluator<RuleEvaluator>
return null;
}
@Override
public Map<String, PolicyVersion> getStaticRefPolicies() {
// a Policy does not have any policy reference
return Collections.emptyMap();
}
}
......@@ -16,18 +16,20 @@ package org.ow2.authzforce.core.pdp.impl.policy;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import org.ow2.authzforce.core.pdp.api.DecisionResult;
import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.IPolicyEvaluator;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.PolicyVersion;
import org.ow2.authzforce.core.pdp.api.VersionPatterns;
class StaticPolicyRefEvaluator<P extends IPolicyEvaluator> extends PolicyReferenceEvaluator<P>
{
private static final IllegalArgumentException UNDEF_POLICY_EXCEPTION = new IllegalArgumentException("undefined policy as target of static policy reference");
private final transient P referredPolicy;
private final List<String> longestPolicyRefChain;
private final P referredPolicy;
private transient final List<String> longestPolicyRefChain;
StaticPolicyRefEvaluator(String policyIdRef, VersionPatterns versionConstraints, P referredPolicy)
{
......@@ -87,4 +89,14 @@ class StaticPolicyRefEvaluator<P extends IPolicyEvaluator> extends PolicyReferen
return this.longestPolicyRefChain;
}
@Override
public PolicyVersion getPolicyVersion() {
return referredPolicy.getPolicyVersion();
}
@Override
public Map<String, PolicyVersion> getStaticRefPolicies() {
return referredPolicy.getStaticRefPolicies();
}
}
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment