Commit 214ed66d authored by cdanger's avatar cdanger

Merge branch 'release/7.1.0'

parents cc4a5a3c 213778a7
# Change log
All notable changes to this project are documented in this file following the [Keep a CHANGELOG](http://keepachangelog.com) conventions.
Issues reported on [GitHub](https://github.com/authzforce/core/issues) are referenced in the form of `[GH-N]`, where N is the issue number. Issues reported on [OW2](https://jira.ow2.org/browse/AUTHZFORCE/) are mentioned in the form of `[OW2-N]`, where N is the issue number.
## 7.1.0
### Added
- [OW2-26] Simplify evaluation of Apply expression with commutative numeric function f (e.g. add and multiply): if multiple arguments are constants A, B..., then: `f(a1,...an, A, b1,...bn, B, c1,...) = f(C, a1,...an, b1,...bn, c1...)` where `C = f(A,B...)` and a1,...an, b1,...bn, c1,... are the other arguments (variables).
### Fixed
- [OW2-25] (Reopened) NullPointerException when parsing Apply expressions using invalid/unsupported Function ID. This is the final fix addressing higher-order functions. (Initial fix only addressed first-order ones.)
- Artifact `authzforce-ce-core` with `tests` classifier: missing classes.
## 7.0.0
### Changed
......@@ -40,7 +51,7 @@ All notable changes to this project are documented in this file following the [K
### Changed
- Maven parent project version: 3.4.0 -> 4.0.0:
- **Java version: 1.7 -> 1.8** (fixes GitHub issue #4)
- [GH-4] **Java version: 1.7 -> 1.8**
- Guava dependency version: 18.0 -> 20.0
- Saxon-HE dependency version: 9.6.0-5 -> 9.7.0-11
- com.sun.mail:javax.mail v1.5.4 changed to com.sun.mail:mailapi v1.5.6
......@@ -51,10 +62,10 @@ All notable changes to this project are documented in this file following the [K
- Dependency on Koloboke, replaced by extension mechanism mentioned in *Added* section that would allow to switch from the default HashMap/HashSet implementation to Koloboke-based.
### Fixed
- OW2 #AUTHZFORCE-23: enforcement of RuleId/PolicyId/PolicySetId uniqueness:
- [OW2-23] Enforcement of RuleId/PolicyId/PolicySetId uniqueness:
- PolicyId (resp. PolicySetId) should be unique across all policies loaded by PDP so that PolicyIdReferences (resp. PolicySetIdReferences) in Responses' PolicyIdentifierList are absolute references to applicable policies (no ambiguity).
- [RuleId should be unique within a policy](https://lists.oasis-open.org/archives/xacml/201310/msg00025.html) -> A rule is globally uniquely identified by the parent PolicyId and the RuleId.
- OW2 #AUTHZFORCE-25: NullPointerException when parsing Apply expressions using invalid/unsupported Function ID
- [OW2-25] NullPointerException when parsing Apply expressions using invalid/unsupported Function ID. Partial fix addressing only invalid first-order functions. See release 7.0.1 for final fix addressing higher-order functions too.
## 5.0.2
......@@ -64,7 +75,7 @@ All notable changes to this project are documented in this file following the [K
## 5.0.1
### Fixed
- #22 (OW2): When handling the same XACML Request twice in the same JVM with the root PolicySet using deny-unless-permit algorithm over a Policy returning simple Deny (no status/obligation/advice) and a Policy returning Permit/Deny with obligations/advice, the obligation is duplicated in the final result at the second time this situation occurs.
- [OW2-22] When handling the same XACML Request twice in the same JVM with the root PolicySet using deny-unless-permit algorithm over a Policy returning simple Deny (no status/obligation/advice) and a Policy returning Permit/Deny with obligations/advice, the obligation is duplicated in the final result at the second time this situation occurs.
- XACML StatusCode XML serialization/marshalling error when Missing Attribute info that is no valid anyURI is returned by PDP in a Indeterminate Result
- Memory management issue: native RootPolicyProvider modules keeping a reference to static refPolicyProvider, even after policies have been resolved statically at initialization time, preventing garbage collection and memory saving.
- Calls to Logger impacted negatively by autoboxing
......
......@@ -56,7 +56,7 @@ If you want to use the experimental features (see previous section) as well, you
To get started using a PDP to evaluate XACML requests, instantiate a new PDP instance with one of the methods: `org.ow2.authzforce.core.pdp.impl.BasePdpEngine#getInstance(...)`. The parameters are:
1. *confLocation*: location of the configuration file (mandatory): this file must be an XML document compliant with the PDP configuration [XML schema](src/main/resources/pdp.xsd). You can read the documentation of every configuration parameter in that file. If you don't use any XML-schema-defined PDP extension (AttributeProviders, PolicyProviders...), this is the only parameter you need, and you can use the simplest method `PdpConfigurationParser#getPDP(String confLocation)` to load your PDP. Here is an example of configuration:
1. *confLocation*: location of the configuration file (mandatory): this file must be an XML document compliant with the PDP configuration [XML schema](src/main/resources/pdp.xsd). You can read the documentation of every configuration parameter in that file. If you don't use any XML-schema-defined PDP extension (AttributeProviders, PolicyProviders...), this is the only parameter you need, and you can use the simplest method `BasePdpEngine#getInstance(String confLocation)` to load your PDP. Here is an example of configuration:
```xml
<?xml version="1.0" encoding="UTF-8"?>
......@@ -68,7 +68,7 @@ To get started using a PDP to evaluate XACML requests, instantiate a new PDP ins
1. *catalogLocation*: location of the XML catalog (optional, required only if using one or more XML-schema-defined PDP extensions): used to resolve the PDP configuration schema and other imported schemas/DTDs, and schemas of any PDP extension namespace used in the configuration file. You may use the [catalog](src/main/resources/catalog.xml) in the sources as an example. This is the one used by default if none specified.
1. *extensionXsdLocation*: location of the PDP extensions schema file (optional, required only if using one or more XML-schema-defined PDP extensions): contains imports of namespaces corresponding to XML schemas of all XML-schema-defined PDP extensions to be used in the configuration file. Used for validation of PDP extensions configuration. The actual schema locations are resolved by the XML catalog parameter. You may use the [pdp-ext.xsd](src/test/resources/pdp-ext.xsd) in the sources as an example.
As a result of `getInstance(...)`, you get an instance of `BasePdpEngine`, you can evaluate a XACML Request directly by calling the `evaluate(Request...)` methods; or you can evaluate a decision request (more precisely an equivalent of a Individual Decision Request as defined by the XACML Multiple Decision Profile) in AuthzForce's more efficient native model by calling `evaluate(ImmutablePdpDecisionRequest)` or (multiple decision requests with `evaluate(List<ImmutablePdpDecisionRequest>)`). In order to build a `ImmutablePdpDecisionRequest`, you may use the request builder returned by `BasePdpEngine#newRequestBuilder(...)`. Please look at the Javadoc for more information.
As a result of `getInstance(...)`, you get an instance of `BasePdpEngine` with which you can evaluate a XACML Request directly by calling the `evaluate(Request...)` methods; or you can evaluate a decision request (more precisely an equivalent of a Individual Decision Request as defined by the XACML Multiple Decision Profile) in AuthzForce's more efficient native model by calling `evaluate(ImmutablePdpDecisionRequest)` or (multiple decision requests with `evaluate(List<ImmutablePdpDecisionRequest>)`). In order to build a `ImmutablePdpDecisionRequest`, you may use the request builder returned by `BasePdpEngine#newRequestBuilder(...)`. Please look at the Javadoc for more information.
Our PDP implementation uses SLF4J for logging so you can use any SLF4J implementation to manage logging. As an example, we use logback for testing, so you can use [logback.xml](src/test/resources/logback.xml) as an example for configuring loggers, appenders, etc.
......@@ -91,4 +91,4 @@ Please include as much information as possible; the more we know, the better the
* Log output can be useful too; sometimes enabling DEBUG logging can help;
* Your code & configuration files are often useful.
If you wish to contact the developers for other reasons, use [Authzforce contact mailing list](http://scr.im/azteam).
If you wish to contact the developers for other reasons, use [AuthzForce contact mailing list](http://scr.im/azteam).
......@@ -6,7 +6,7 @@
<version>5.0.0</version>
</parent>
<artifactId>authzforce-ce-core</artifactId>
<version>7.0.0</version>
<version>7.1.0</version>
<name>${project.groupId}:${project.artifactId}</name>
<description>AuthZForce Community Edition - XACML-compliant Core Engine</description>
<url>https://tuleap.ow2.org/projects/authzforce</url>
......@@ -58,7 +58,7 @@
<version>4.11</version>
<scope>test</scope>
</dependency>
<dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
<version>${cxf.version}</version>
......@@ -128,7 +128,7 @@
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<configuration>
<onlyAnalyze>org.ow2.authzforce.*</onlyAnalyze>
<onlyAnalyze>org.ow2.authzforce.*</onlyAnalyze>
<excludeFilterFile>findbugs-exclude-filter.xml</excludeFilterFile>
</configuration>
<executions>
......@@ -292,8 +292,8 @@
<includes>
<include>org.ow2.authzforce.core.test.xsd</include>
<include>org/ow2/authzforce/core/xmlns/test/**</include>
<include>org/ow2/authzforce/core/test/custom/**</include>
<include>org/ow2/authzforce/core/test/utils/**</include>
<include>org/ow2/authzforce/core/pdp/impl/test/custom/**</include>
<include>org/ow2/authzforce/core/pdp/impl/test/utils/**</include>
<include>META-INF/**</include>
</includes>
</configuration>
......
......@@ -499,8 +499,8 @@ public final class BasePdpEngine implements CloseablePDP<ImmutablePdpDecisionReq
}
else
{
final DecisionCache.Factory<?> responseCacheStoreFactory = PdpExtensionLoader.getJaxbBoundExtension(DecisionCache.Factory.class, jaxbDecisionCacheConf.getClass());
this.decisionCache = ((DecisionCache.Factory<AbstractDecisionCache>) responseCacheStoreFactory).getInstance(jaxbDecisionCacheConf);
final DecisionCache.Factory<AbstractDecisionCache> responseCacheStoreFactory = PdpExtensionLoader.getDecisionCacheFactory(jaxbDecisionCacheConf);
this.decisionCache = responseCacheStoreFactory.getInstance(jaxbDecisionCacheConf);
}
final StandardEnvironmentAttributeSource validStdEnvAttrSrc = stdEnvAttributeSource == null ? DEFAULT_STD_ENV_ATTRIBUTE_SOURCE : stdEnvAttributeSource;
......
......@@ -161,8 +161,8 @@ public final class CloseableAttributeProvider extends ModularAttributeProvider i
{
try
{
final CloseableAttributeProviderModule.FactoryBuilder<AbstractAttributeProvider> attrProviderModBuilder = PdpExtensionLoader.getJaxbBoundExtension(
CloseableAttributeProviderModule.FactoryBuilder.class, jaxbAttributeProviderConf.getClass());
final CloseableAttributeProviderModule.FactoryBuilder<AbstractAttributeProvider> attrProviderModBuilder = PdpExtensionLoader
.getAttributeProviderModuleFactoryBuilder(jaxbAttributeProviderConf);
final CloseableAttributeProviderModule.DependencyAwareFactory depAwareAttrProviderModBuilder = attrProviderModBuilder.getInstance(jaxbAttributeProviderConf, environmentProperties);
final Set<AttributeDesignatorType> requiredAttrs = depAwareAttrProviderModBuilder.getDependencies();
/*
......
......@@ -51,13 +51,11 @@ public final class ImmutableFunctionRegistry implements FunctionRegistry
* @param genericFunctionFactories
* (optional) generic function factories
*/
public ImmutableFunctionRegistry(Set<Function<?>> nonGenericFunctions,
Set<GenericHigherOrderFunctionFactory> genericFunctionFactories)
public ImmutableFunctionRegistry(final Set<Function<?>> nonGenericFunctions, final Set<GenericHigherOrderFunctionFactory> genericFunctionFactories)
{
this.nonGenericFunctionRegistry = new ImmutablePdpExtensionRegistry<>(Function.class, nonGenericFunctions);
this.genericHigherOrderFunctionFactoryRegistry = genericFunctionFactories == null ? null
: new ImmutablePdpExtensionRegistry<>(GenericHigherOrderFunctionFactory.class,
genericFunctionFactories);
this.genericHigherOrderFunctionFactoryRegistry = genericFunctionFactories == null ? null : new ImmutablePdpExtensionRegistry<>(GenericHigherOrderFunctionFactory.class,
genericFunctionFactories);
}
/*
......@@ -66,7 +64,7 @@ public final class ImmutableFunctionRegistry implements FunctionRegistry
* @see org.ow2.authzforce.core.pdp.impl.func.FunctionRegistry#getFunction(java.lang.String)
*/
@Override
public Function<?> getFunction(String functionId)
public Function<?> getFunction(final String functionId)
{
return nonGenericFunctionRegistry.getExtension(functionId);
}
......@@ -74,12 +72,10 @@ public final class ImmutableFunctionRegistry implements FunctionRegistry
/*
* (non-Javadoc)
*
* @see org.ow2.authzforce.core.pdp.impl.func.FunctionRegistry#getFunction(java.lang.String,
* org.ow2.authzforce.core.pdp.api.value.DatatypeFactory)
* @see org.ow2.authzforce.core.pdp.impl.func.FunctionRegistry#getFunction(java.lang.String, org.ow2.authzforce.core.pdp.api.value.DatatypeFactory)
*/
@Override
public <SUB_RETURN_T extends AttributeValue> Function<?> getFunction(String functionId,
DatatypeFactory<SUB_RETURN_T> subFunctionReturnTypeFactory)
public <SUB_RETURN_T extends AttributeValue> Function<?> getFunction(final String functionId, final DatatypeFactory<SUB_RETURN_T> subFunctionReturnTypeFactory)
{
final Function<?> nonGenericFunc = nonGenericFunctionRegistry.getExtension(functionId);
if (nonGenericFunc != null)
......@@ -92,8 +88,12 @@ public final class ImmutableFunctionRegistry implements FunctionRegistry
return null;
}
final GenericHigherOrderFunctionFactory funcFactory = genericHigherOrderFunctionFactoryRegistry
.getExtension(functionId);
final GenericHigherOrderFunctionFactory funcFactory = genericHigherOrderFunctionFactoryRegistry.getExtension(functionId);
if (funcFactory == null)
{
return null;
}
return funcFactory.getInstance(subFunctionReturnTypeFactory);
}
......
......@@ -45,6 +45,8 @@ import org.ow2.authzforce.core.pdp.impl.func.StandardHigherOrderBagFunctions.One
*/
final class MapFunctionFactory extends GenericHigherOrderFunctionFactory
{
private static final IllegalArgumentException NULL_SUB_FUNCTION_RETURN_TYPE_ARG_EXCEPTION = new IllegalArgumentException(
"Cannot create generic function with null subFunctionReturnTypeFactory (sub-function return type factory) arg");
/**
*
......@@ -54,29 +56,24 @@ final class MapFunctionFactory extends GenericHigherOrderFunctionFactory
* subfunction return type
*
*/
private static final class MapFunction<SUB_RETURN_T extends AttributeValue>
extends OneBagOnlyHigherOrderFunction<Bag<SUB_RETURN_T>, SUB_RETURN_T>
private static final class MapFunction<SUB_RETURN_T extends AttributeValue> extends OneBagOnlyHigherOrderFunction<Bag<SUB_RETURN_T>, SUB_RETURN_T>
{
private static final class Call<SUB_RETURN extends AttributeValue>
extends OneBagOnlyHigherOrderFunction.Call<Bag<SUB_RETURN>, SUB_RETURN>
private static final class Call<SUB_RETURN extends AttributeValue> extends OneBagOnlyHigherOrderFunction.Call<Bag<SUB_RETURN>, SUB_RETURN>
{
private final Datatype<SUB_RETURN> returnBagElementType;
private final String indeterminateSubFuncEvalMessagePrefix;
private Call(final String functionId, final Datatype<Bag<SUB_RETURN>> returnType,
final FirstOrderFunction<SUB_RETURN> subFunction, final List<Expression<?>> primitiveInputs,
private Call(final String functionId, final Datatype<Bag<SUB_RETURN>> returnType, final FirstOrderFunction<SUB_RETURN> subFunction, final List<Expression<?>> primitiveInputs,
final Expression<?> lastInputBag)
{
super(functionId, returnType, subFunction, primitiveInputs, lastInputBag);
this.returnBagElementType = subFunction.getReturnType();
this.indeterminateSubFuncEvalMessagePrefix = "Function " + functionId
+ ": Error calling sub-function (first argument) with last arg=";
this.indeterminateSubFuncEvalMessagePrefix = "Function " + functionId + ": Error calling sub-function (first argument) with last arg=";
}
@Override
protected Bag<SUB_RETURN> evaluate(final Bag<?> lastArgBag, final EvaluationContext context)
throws IndeterminateEvaluationException
protected Bag<SUB_RETURN> evaluate(final Bag<?> lastArgBag, final EvaluationContext context) throws IndeterminateEvaluationException
{
final Collection<SUB_RETURN> results = new ArrayDeque<>(lastArgBag.size());
for (final AttributeValue lastArgBagVal : lastArgBag)
......@@ -88,8 +85,7 @@ final class MapFunctionFactory extends GenericHigherOrderFunctionFactory
}
catch (final IndeterminateEvaluationException e)
{
throw new IndeterminateEvaluationException(
indeterminateSubFuncEvalMessagePrefix + lastArgBagVal, e.getStatusCode(), e);
throw new IndeterminateEvaluationException(indeterminateSubFuncEvalMessagePrefix + lastArgBagVal, e.getStatusCode(), e);
}
results.add(subResult);
......@@ -111,8 +107,7 @@ final class MapFunctionFactory extends GenericHigherOrderFunctionFactory
}
@Override
protected OneBagOnlyHigherOrderFunction.Call<Bag<SUB_RETURN_T>, SUB_RETURN_T> newFunctionCall(
final FirstOrderFunction<SUB_RETURN_T> subFunc, final List<Expression<?>> primitiveInputs,
protected OneBagOnlyHigherOrderFunction.Call<Bag<SUB_RETURN_T>, SUB_RETURN_T> newFunctionCall(final FirstOrderFunction<SUB_RETURN_T> subFunc, final List<Expression<?>> primitiveInputs,
final Expression<?> lastInputBag)
{
return new Call<>(this.getId(), this.getReturnType(), subFunc, primitiveInputs, lastInputBag);
......@@ -134,9 +129,13 @@ final class MapFunctionFactory extends GenericHigherOrderFunctionFactory
}
@Override
public <SUB_RETURN extends AttributeValue> HigherOrderBagFunction<?, SUB_RETURN> getInstance(
final DatatypeFactory<SUB_RETURN> subFunctionReturnTypeFactory)
public <SUB_RETURN extends AttributeValue> HigherOrderBagFunction<?, SUB_RETURN> getInstance(final DatatypeFactory<SUB_RETURN> subFunctionReturnTypeFactory)
{
if (subFunctionReturnTypeFactory == null)
{
throw NULL_SUB_FUNCTION_RETURN_TYPE_ARG_EXCEPTION;
}
return new MapFunction<>(functionId, subFunctionReturnTypeFactory.getBagDatatype());
}
......
......@@ -18,11 +18,15 @@
*/
package org.ow2.authzforce.core.pdp.impl.func;
import java.util.ArrayDeque;
import java.util.ArrayList;
import java.util.Deque;
import java.util.Iterator;
import java.util.List;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.StatusHelper;
import org.ow2.authzforce.core.pdp.api.expression.ConstantPrimitiveAttributeValueExpression;
import org.ow2.authzforce.core.pdp.api.expression.Expression;
import org.ow2.authzforce.core.pdp.api.func.BaseFirstOrderFunctionCall.EagerSinglePrimitiveTypeEval;
import org.ow2.authzforce.core.pdp.api.func.FirstOrderFunctionCall;
......@@ -31,6 +35,8 @@ import org.ow2.authzforce.core.pdp.api.func.SingleParameterTypedFirstOrderFuncti
import org.ow2.authzforce.core.pdp.api.value.Datatype;
import org.ow2.authzforce.core.pdp.api.value.NumericValue;
import org.ow2.authzforce.core.pdp.api.value.Value;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* A class that implements all the numeric *-add functions (as opposed to date/time *-add-* functions).
......@@ -40,12 +46,11 @@ import org.ow2.authzforce.core.pdp.api.value.Value;
*
* @version $Id: $
*/
final class NumericArithmeticFunction<AV extends NumericValue<?, AV>>
extends SingleParameterTypedFirstOrderFunction<AV, AV>
final class NumericArithmeticFunction<AV extends NumericValue<?, AV>> extends SingleParameterTypedFirstOrderFunction<AV, AV>
{
private static final Logger LOGGER = LoggerFactory.getLogger(NumericArithmeticFunction.class);
private static final IllegalArgumentException UNDEF_PARAMETER_TYPES_EXCEPTION = new IllegalArgumentException(
"Undefined function parameter types");
private static final IllegalArgumentException UNDEF_PARAMETER_TYPES_EXCEPTION = new IllegalArgumentException("Undefined function parameter types");
private static <AV extends Value> List<Datatype<AV>> validate(final List<Datatype<AV>> paramTypes)
{
......@@ -62,13 +67,24 @@ final class NumericArithmeticFunction<AV extends NumericValue<?, AV>>
V eval(Deque<V> args) throws IllegalArgumentException, ArithmeticException;
}
/**
* Multary/Multiary/Polyadic operator
*
* @see "https://en.wikipedia.org/wiki/Arity#Other_names"
*
* @param <V>
*/
interface MultaryOperation<V extends NumericValue<?, V>> extends StaticOperation<V>
{
boolean isCommutative();
}
private static final class Call<V extends NumericValue<?, V>> extends EagerSinglePrimitiveTypeEval<V, V>
{
private final String invalidArgsErrMsg;
private final StaticOperation<V> op;
private Call(final SingleParameterTypedFirstOrderFunctionSignature<V, V> functionSig,
final StaticOperation<V> op, final List<Expression<?>> args, final Datatype<?>[] remainingArgTypes)
private Call(final SingleParameterTypedFirstOrderFunctionSignature<V, V> functionSig, final StaticOperation<V> op, final List<Expression<?>> args, final Datatype<?>[] remainingArgTypes)
throws IllegalArgumentException
{
super(functionSig, args, remainingArgTypes);
......@@ -104,8 +120,7 @@ final class NumericArithmeticFunction<AV extends NumericValue<?, AV>>
* whether this is a varargs function (like Java varargs method), i.e. last arg has variable-length
*
*/
NumericArithmeticFunction(final String funcURI, final boolean varArgs, final List<Datatype<AV>> paramTypes,
final StaticOperation<AV> op) throws IllegalArgumentException
NumericArithmeticFunction(final String funcURI, final boolean varArgs, final List<Datatype<AV>> paramTypes, final StaticOperation<AV> op) throws IllegalArgumentException
{
super(funcURI, validate(paramTypes).get(0), varArgs, paramTypes);
this.op = op;
......@@ -113,17 +128,79 @@ final class NumericArithmeticFunction<AV extends NumericValue<?, AV>>
/** {@inheritDoc} */
@Override
public FirstOrderFunctionCall<AV> newCall(final List<Expression<?>> argExpressions,
final Datatype<?>... remainingArgTypes) throws IllegalArgumentException
public FirstOrderFunctionCall<AV> newCall(final List<Expression<?>> argExpressions, final Datatype<?>... remainingArgTypes) throws IllegalArgumentException
{
/**
* TODO: optimize call to "add" (resp. "multiply") function call by checking all static/constant arguments and
* if there are more than one, pre-compute their sum (resp. product) and replace these arguments with one
* argument that is this sum (resp. product) in the function call. Indeed, 'add' function is commutative and
* (constant in upper case, variables in lower case): add(C1, C2, x, y...) = add(C1+C2, x, y...). Similarly,
* multiply(C1, C2, x, y...) = multiply(C1*C2, x, y...)
* If this.op is a commutative function (e.g. add or multiply function), we can simplify arguments if there are multiple constants. Indeed, if C1,...Cm are constants, then:
* <p>
* op(x1,..., x_{n1-1}, C1, x_n1, ..., x_{n2-1} C2, x_n2, ..., Cm, x_nm...) = op( C, x1.., x_{n1-1}, x_n1, x_{n2-2}, x_n2...), where C (constant) = op(C1, C2..., Cm)
* </p>
* In this case, we can pre-compute constant C and replace all constant args with one: C
*
*/
if (op instanceof MultaryOperation && ((MultaryOperation<AV>) op).isCommutative())
{
/*
* Constant argExpressions
*/
final Deque<AV> constants = new ArrayDeque<>(argExpressions.size());
/*
* Remaining variable argExpressions
*/
final List<Expression<?>> finalArgExpressions = new ArrayList<>(argExpressions.size());
final Datatype<AV> paramType = this.functionSignature.getParameterType();
final Iterator<Expression<?>> argExpIterator = argExpressions.iterator();
int argIndex = 0;
while (argExpIterator.hasNext())
{
final Expression<?> argExp = argExpIterator.next();
final Value v = argExp.getValue();
if (v == null)
{
// variable
finalArgExpressions.add(argExp);
}
else
{
// constant
try
{
constants.add(paramType.cast(v));
}
catch (final ClassCastException e)
{
throw new IllegalArgumentException("Function " + this.functionSignature + ": invalid arg #" + argIndex + ": bad type: " + argExp.getReturnType() + ". Expected type: "
+ paramType, e);
}
}
argIndex += 1;
}
if (constants.size() > 1)
{
/*
* we can replace all constant args C1, C2... with one constant C = op(C1, C2...)
*/
LOGGER.warn("Function {}: simplifying args to this commutative function (f): replacing all constant args {} with one that is the constant result of f(constant_args)",
this.functionSignature, constants);
final AV constantResult = op.eval(constants);
if (finalArgExpressions.isEmpty())
{
/*
* There aren't any other args, i.e. all are constant. The result is constantResult.
*/
return new ConstantResultFirstOrderFunctionCall<>(constantResult, paramType);
}
/*
* finalArgExpressions is not empty. There is at least one variable arg.
*/
finalArgExpressions.add(new ConstantPrimitiveAttributeValueExpression<>(paramType, constantResult));
return new Call<>(functionSignature, op, finalArgExpressions, remainingArgTypes);
}
}
return new Call<>(functionSignature, op, argExpressions, remainingArgTypes);
}
......
......@@ -23,6 +23,7 @@ import java.util.Deque;
import org.ow2.authzforce.core.pdp.api.value.DoubleValue;
import org.ow2.authzforce.core.pdp.api.value.IntegerValue;
import org.ow2.authzforce.core.pdp.api.value.NumericValue;
import org.ow2.authzforce.core.pdp.impl.func.NumericArithmeticFunction.MultaryOperation;
import org.ow2.authzforce.core.pdp.impl.func.NumericArithmeticFunction.StaticOperation;
final class NumericArithmeticOperators
......@@ -43,8 +44,14 @@ final class NumericArithmeticOperators
}
static final class AddOperator<NAV extends NumericValue<?, NAV>> implements StaticOperation<NAV>
static final class AddOperator<NAV extends NumericValue<?, NAV>> implements MultaryOperation<NAV>
{
@Override
public boolean isCommutative()
{
return true;
}
@Override
public NAV eval(final Deque<NAV> args)
{
......@@ -54,9 +61,15 @@ final class NumericArithmeticOperators
}
static final class MultiplyOperator<NAV extends NumericValue<?, NAV>> implements StaticOperation<NAV>
static final class MultiplyOperator<NAV extends NumericValue<?, NAV>> implements MultaryOperation<NAV>
{
@Override
public boolean isCommutative()
{
return true;
}
@Override
public NAV eval(final Deque<NAV> args)
{
......
......@@ -43,7 +43,6 @@ import org.ow2.authzforce.core.pdp.api.EnvironmentProperties;
import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.ImmutablePepActions;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.JaxbXACMLUtils;
import org.ow2.authzforce.core.pdp.api.PdpDecisionResult;
import org.ow2.authzforce.core.pdp.api.PdpDecisionResults;
import org.ow2.authzforce.core.pdp.api.StatusHelper;
......@@ -145,14 +144,10 @@ public final class RootPolicyEvaluators
this.expressionFactory = new ExpressionFactoryImpl(attributeFactory, functionRegistry, jaxbAttributeProviderConfs, maxVariableReferenceDepth, enableXPath, strictAttributeIssuerMatch,
environmentProperties);
final RootPolicyProviderModule.Factory<?> rootPolicyProviderModFactory = PdpExtensionLoader.getJaxbBoundExtension(RootPolicyProviderModule.Factory.class,
jaxbRootPolicyProviderConf.getClass());
final RefPolicyProviderModule.Factory<?> refPolicyProviderModFactory = jaxbRefPolicyProviderConf == null ? null : PdpExtensionLoader.getJaxbBoundExtension(
RefPolicyProviderModule.Factory.class, jaxbRefPolicyProviderConf.getClass());
rootPolicyProviderMod = ((RootPolicyProviderModule.Factory<AbstractPolicyProvider>) rootPolicyProviderModFactory).getInstance(jaxbRootPolicyProviderConf,
JaxbXACMLUtils.getXACMLParserFactory(enableXPath), this.expressionFactory, combiningAlgRegistry, jaxbRefPolicyProviderConf,
(RefPolicyProviderModule.Factory<AbstractPolicyProvider>) refPolicyProviderModFactory, maxPolicySetRefDepth, environmentProperties);
final RefPolicyProviderModule.Factory<AbstractPolicyProvider> refPolicyProviderModFactory = jaxbRefPolicyProviderConf == null ? null : PdpExtensionLoader
.getRefPolicyProviderModuleFactory(jaxbRefPolicyProviderConf);
rootPolicyProviderMod = PdpExtensionLoader.getRootPolicyProviderModule(jaxbRootPolicyProviderConf, enableXPath, this.expressionFactory, combiningAlgRegistry, jaxbRefPolicyProviderConf,
refPolicyProviderModFactory, maxPolicySetRefDepth, environmentProperties);
isRootPolicyProviderStatic = rootPolicyProviderMod instanceof StaticRootPolicyProviderModule;
}
......
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
* Copyright (C) 2012-2017 Thales Services SAS.
*
* http://www.apache.org/licenses/LICENSE-2.0
* This file is part of AuthZForce CE.
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
* AuthZForce CE is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* AuthZForce CE is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with AuthZForce CE. If not, see <http://www.gnu.org/licenses/>.
*/
package org.apache.coheigea.cxf.sts.xacml.common;
......@@ -26,24 +26,43 @@ import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.wss4j.common.ext.WSPasswordCallback;
public class CommonCallbackHandler implements CallbackHandler {
public class CommonCallbackHandler implements CallbackHandler
{
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) { // CXF
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
if ("alice".equals(pc.getIdentifier())) {
pc.setPassword("security");
break;
} else if ("bob".equals(pc.getIdentifier())) {
pc.setPassword("security");
break;
} else if ("mystskey".equals(pc.getIdentifier())) {
pc.setPassword("stskpass");
break;
}
}
}
}
@Override
public void handle(final Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
for (final Callback callback : callbacks)
{
if (callback instanceof WSPasswordCallback)
{ // CXF
final WSPasswordCallback pc = (WSPasswordCallback) callback;
if ("myclientkey".equals(pc.getIdentifier()))
{
pc.setPassword("ckpass");
break;
}
else if ("myservicekey".equals(pc.getIdentifier()))
{
pc.setPassword("skpass");
break;
}
else if ("alice".equals(pc.getIdentifier()))
{
pc.setPassword("security");
break;
}
else if ("bob".equals(pc.getIdentifier()))
{
pc.setPassword("security");
break;
}
else if ("mystskey".equals(pc.getIdentifier()))
{
pc.setPassword("stskpass");
break;
}
}
}
}
}
......@@ -28,7 +28,6 @@ import org.ow2.authzforce.core.pdp.impl.test.conformance.ConformanceV3FromV2Opti
import org.ow2.authzforce.core.pdp.impl.test.conformance.ConformanceV3Others;
import org.ow2.authzforce.core.pdp.impl.test.custom.CustomPdpTest;
import org.ow2.authzforce.core.pdp.impl.test.custom.TestPdpGetStaticApplicablePolicies;
import org.ow2.authzforce.core.pdp.impl.test.cxf.LocalPdpAuthorizationTest;
import org.ow2.authzforce.core.pdp.impl.test.func.BagFunctionsTest;
import org.ow2.authzforce.core.pdp.impl.test.func.DateTimeArithmeticFunctionsTest;
import org.ow2.authzforce.core.pdp.impl.test.func.EqualityFunctionsTest;
......@@ -43,6 +42,7 @@ import org.ow2.authzforce.core.pdp.impl.test.func.SetFunctionsTest;
import org.ow2.authzforce.core.pdp.impl.test.func.SpecialMatchFunctionsTest;
import org.ow2.authzforce.core.pdp.impl.test.func.StringConversionFunctionsTest;
import org.ow2.authzforce.core.pdp.impl.test.func.StringFunctionsTest;
import org.ow2.authzforce.core.pdp.impl.test.pep.cxf.EmbeddedPdpBasedAuthzInterceptorTest;
import org.ow2.authzforce.core.pdp.impl.test.value.AnyURIAttributeTest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
......@@ -60,7 +60,7 @@ import org.slf4j.LoggerFactory;
@SuiteClasses(value = { EqualityFunctionsTest.class, NumericArithmeticFunctionsTest.class, StringConversionFunctionsTest.class, NumericConversionFunctionsTest.class, LogicalFunctionsTest.class,
NumericComparisonFunctionsTest.class, DateTimeArithmeticFunctionsTest.class, NonNumericComparisonFunctionsTest.class, StringFunctionsTest.class, BagFunctionsTest.class,
SetFunctionsTest.class, HigherOrderFunctionsTest.class, RegExpBasedFunctionsTest.class, SpecialMatchFunctionsTest.class, ConformanceV3FromV2Mandatory.class, ConformanceV3FromV2Optional.class,
ConformanceV3Others.class, CustomPdpTest.class, TestPdpGetStaticApplicablePolicies.class, NonRegression.class, LocalPdpAuthorizationTest.class })
ConformanceV3Others.class, CustomPdpTest.class, TestPdpGetStaticApplicablePolicies.class, NonRegression.class, EmbeddedPdpBasedAuthzInterceptorTest.class })
public class MainTest
{
/**
......
/**
* Copyright (C) 2012-2017 Thales Services SAS.
*
* This file is part of AuthZForce CE.
*
* AuthZForce CE is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* AuthZForce CE is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with AuthZForce CE. If not, see <http://www.gnu.org/licenses/>.
*/
package org.ow2.authzforce.core.pdp.impl.test.cxf;
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.wss4j.common.ext.WSPasswordCallback;
public class CommonCallbackHandler implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) { // CXF
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
if ("myclientkey".equals(pc.getIdentifier())) {
pc.setPassword("ckpass");
break;
} else if ("myservicekey".equals(pc.getIdentifier())) {
pc.setPassword("skpass");
break;
} else if ("alice".equals(pc.getIdentifier())) {
pc.setPassword("security");
break;
} else if ("bob".equals(pc.getIdentifier())) {
pc.setPassword("security");
break;
} else if ("mystskey".equals(pc.getIdentifier())) {
pc.setPassword("stskpass");
break;
}
}