Commit 2987b830 authored by cdanger's avatar cdanger

- CoreRefBasedRootPolicyProviderModule, MongoDBRefPolicyProviderModule:

Changed implemented class to BaseStaticRefPolicyProviderModule
- Improved policysetrefdepth check in PolicyEvaluators instantiation
parent ec6bf096
...@@ -49,10 +49,10 @@ import org.ow2.authzforce.core.pdp.api.JaxbXACMLUtils.XACMLParserFactory; ...@@ -49,10 +49,10 @@ import org.ow2.authzforce.core.pdp.api.JaxbXACMLUtils.XACMLParserFactory;
import org.ow2.authzforce.core.pdp.api.XMLUtils.NamespaceFilteringParser; import org.ow2.authzforce.core.pdp.api.XMLUtils.NamespaceFilteringParser;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgRegistry; import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgRegistry;
import org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory; import org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory;
import org.ow2.authzforce.core.pdp.api.policy.BaseStaticRefPolicyProviderModule;
import org.ow2.authzforce.core.pdp.api.policy.PolicyVersion; import org.ow2.authzforce.core.pdp.api.policy.PolicyVersion;
import org.ow2.authzforce.core.pdp.api.policy.RefPolicyProviderModule; import org.ow2.authzforce.core.pdp.api.policy.RefPolicyProviderModule;
import org.ow2.authzforce.core.pdp.api.policy.StaticRefPolicyProvider; import org.ow2.authzforce.core.pdp.api.policy.StaticRefPolicyProvider;
import org.ow2.authzforce.core.pdp.api.policy.StaticRefPolicyProviderModule;
import org.ow2.authzforce.core.pdp.api.policy.StaticTopLevelPolicyElementEvaluator; import org.ow2.authzforce.core.pdp.api.policy.StaticTopLevelPolicyElementEvaluator;
import org.ow2.authzforce.core.pdp.api.policy.TopLevelPolicyElementEvaluator; import org.ow2.authzforce.core.pdp.api.policy.TopLevelPolicyElementEvaluator;
import org.ow2.authzforce.core.pdp.api.policy.TopLevelPolicyElementType; import org.ow2.authzforce.core.pdp.api.policy.TopLevelPolicyElementType;
...@@ -78,7 +78,7 @@ import com.google.common.collect.Table; ...@@ -78,7 +78,7 @@ import com.google.common.collect.Table;
* *
* @version $Id: $ * @version $Id: $
*/ */
public class CoreRefPolicyProviderModule implements StaticRefPolicyProviderModule public class CoreRefPolicyProviderModule extends BaseStaticRefPolicyProviderModule
{ {
private static final IllegalArgumentException ILLEGAL_COMBINING_ALG_REGISTRY_ARGUMENT_EXCEPTION = new IllegalArgumentException("Undefined CombiningAlgorithm registry"); private static final IllegalArgumentException ILLEGAL_COMBINING_ALG_REGISTRY_ARGUMENT_EXCEPTION = new IllegalArgumentException("Undefined CombiningAlgorithm registry");
private static final IllegalArgumentException ILLEGAL_EXPRESSION_FACTORY_ARGUMENT_EXCEPTION = new IllegalArgumentException("Undefined Expression factory"); private static final IllegalArgumentException ILLEGAL_EXPRESSION_FACTORY_ARGUMENT_EXCEPTION = new IllegalArgumentException("Undefined Expression factory");
...@@ -284,10 +284,9 @@ public class CoreRefPolicyProviderModule implements StaticRefPolicyProviderModul ...@@ -284,10 +284,9 @@ public class CoreRefPolicyProviderModule implements StaticRefPolicyProviderModul
} }
@Override @Override
public TopLevelPolicyElementEvaluator get(final TopLevelPolicyElementType policyType, final String id, final Optional<VersionPatterns> versionConstraints, public Deque<String> checkJoinedPolicyRefChain(final Deque<String> policyRefChain1, final List<String> policyRefChain2)
final Deque<String> ancestorPolicyRefChain, final EvaluationContext evaluationContext) throws IndeterminateEvaluationException, IllegalArgumentException
{ {
return get(policyType, id, versionConstraints, ancestorPolicyRefChain); return Helper.checkJoinedPolicyRefChain(policyRefChain1, policyRefChain2, maxPolicySetRefDepth);
} }
@Override @Override
...@@ -301,8 +300,7 @@ public class CoreRefPolicyProviderModule implements StaticRefPolicyProviderModul ...@@ -301,8 +300,7 @@ public class CoreRefPolicyProviderModule implements StaticRefPolicyProviderModul
return policyEntry == null ? null : policyEntry.getValue(); return policyEntry == null ? null : policyEntry.getValue();
} }
// Else this is a request for PolicySet (from PolicySetIdReference) // Else this is a request for PolicySet
final Deque<String> newPolicySetRefChain = Utils.appendAndCheckPolicyRefChain(ancestorPolicyRefChain, Collections.singletonList(id), maxPolicySetRefDepth);
final Entry<PolicyVersion, PolicyWithNamespaces<PolicySet>> jaxbPolicySetEntry = jaxbPolicySetMap.get(id, versionConstraints); final Entry<PolicyVersion, PolicyWithNamespaces<PolicySet>> jaxbPolicySetEntry = jaxbPolicySetMap.get(id, versionConstraints);
if (jaxbPolicySetEntry == null) if (jaxbPolicySetEntry == null)
{ {
...@@ -323,7 +321,7 @@ public class CoreRefPolicyProviderModule implements StaticRefPolicyProviderModul ...@@ -323,7 +321,7 @@ public class CoreRefPolicyProviderModule implements StaticRefPolicyProviderModul
try try
{ {
resultPolicySetEvaluator = PolicyEvaluators.getInstanceStatic(jaxbPolicySetWithNs.policy, null, jaxbPolicySetWithNs.nsPrefixUriMap, expressionFactory, combiningAlgRegistry, resultPolicySetEvaluator = PolicyEvaluators.getInstanceStatic(jaxbPolicySetWithNs.policy, null, jaxbPolicySetWithNs.nsPrefixUriMap, expressionFactory, combiningAlgRegistry,
this.parsedPolicyIds, this.parsedPolicySetIds, this, newPolicySetRefChain, maxPolicySetRefDepth); this.parsedPolicyIds, this.parsedPolicySetIds, this, ancestorPolicyRefChain);
} }
catch (final IllegalArgumentException e) catch (final IllegalArgumentException e)
{ {
...@@ -339,23 +337,29 @@ public class CoreRefPolicyProviderModule implements StaticRefPolicyProviderModul ...@@ -339,23 +337,29 @@ public class CoreRefPolicyProviderModule implements StaticRefPolicyProviderModul
/* /*
* check total policy ref depth, i.e. length of (newAncestorPolicySetRefChain + parsed policySet's longest (nested) policy ref chain) <= maxPolicySetRefDepth * check total policy ref depth, i.e. length of (newAncestorPolicySetRefChain + parsed policySet's longest (nested) policy ref chain) <= maxPolicySetRefDepth
*/ */
Utils.appendAndCheckPolicyRefChain(newPolicySetRefChain, policySetEvaluator.getExtraPolicyMetadata().getLongestPolicyRefChain(), maxPolicySetRefDepth); checkJoinedPolicyRefChain(ancestorPolicyRefChain, policySetEvaluator.getExtraPolicyMetadata().getLongestPolicyRefChain());
} }
return resultPolicySetEvaluator; return resultPolicySetEvaluator;
} }
@Override
public TopLevelPolicyElementEvaluator get(final TopLevelPolicyElementType policyType, final String id, final Optional<VersionPatterns> versionConstraints,
final Deque<String> ancestorPolicyRefChain, final EvaluationContext evaluationContext) throws IndeterminateEvaluationException, IllegalArgumentException
{
return get(policyType, id, versionConstraints, ancestorPolicyRefChain);
}
} }
private final PolicyMap<StaticTopLevelPolicyElementEvaluator> policyEvaluatorMap; private final PolicyMap<StaticTopLevelPolicyElementEvaluator> policyEvaluatorMap;
private final PolicyMap<StaticTopLevelPolicyElementEvaluator> policySetEvaluatorMap; private final PolicyMap<StaticTopLevelPolicyElementEvaluator> policySetEvaluatorMap;
private final int maxPolicySetRefDepth;
private CoreRefPolicyProviderModule(final PolicyMap<StaticTopLevelPolicyElementEvaluator> policyMap, final PolicyMap<PolicyWithNamespaces<PolicySet>> jaxbPolicySetMap, private CoreRefPolicyProviderModule(final PolicyMap<StaticTopLevelPolicyElementEvaluator> policyMap, final PolicyMap<PolicyWithNamespaces<PolicySet>> jaxbPolicySetMap,
final int maxPolicySetRefDepth, final ExpressionFactory expressionFactory, final CombiningAlgRegistry combiningAlgRegistry) throws IllegalArgumentException final int maxPolicySetRefDepth, final ExpressionFactory expressionFactory, final CombiningAlgRegistry combiningAlgRegistry) throws IllegalArgumentException
{ {
super(maxPolicySetRefDepth);
assert policyMap != null && jaxbPolicySetMap != null && expressionFactory != null && combiningAlgRegistry != null; assert policyMap != null && jaxbPolicySetMap != null && expressionFactory != null && combiningAlgRegistry != null;
this.maxPolicySetRefDepth = maxPolicySetRefDepth < 0 ? Utils.UNLIMITED_POLICY_REF_DEPTH : maxPolicySetRefDepth;
this.policyEvaluatorMap = policyMap; this.policyEvaluatorMap = policyMap;
final Table<String, PolicyVersion, StaticTopLevelPolicyElementEvaluator> updatablePolicySetEvaluatorTable = HashBasedTable.create(); final Table<String, PolicyVersion, StaticTopLevelPolicyElementEvaluator> updatablePolicySetEvaluatorTable = HashBasedTable.create();
/* /*
...@@ -388,7 +392,7 @@ public class CoreRefPolicyProviderModule implements StaticRefPolicyProviderModul ...@@ -388,7 +392,7 @@ public class CoreRefPolicyProviderModule implements StaticRefPolicyProviderModul
try try
{ {
newPolicySetEvaluator = PolicyEvaluators.getInstanceStatic(jaxbPolicySetWithNs.policy, null, jaxbPolicySetWithNs.nsPrefixUriMap, expressionFactory, combiningAlgRegistry, newPolicySetEvaluator = PolicyEvaluators.getInstanceStatic(jaxbPolicySetWithNs.policy, null, jaxbPolicySetWithNs.nsPrefixUriMap, expressionFactory, combiningAlgRegistry,
parsedPolicyIds, parsedPolicySetIds, bootstrapRefPolicyProvider, null, maxPolicySetRefDepth); parsedPolicyIds, parsedPolicySetIds, bootstrapRefPolicyProvider, null);
} }
catch (final IllegalArgumentException e) catch (final IllegalArgumentException e)
{ {
...@@ -626,6 +630,12 @@ public class CoreRefPolicyProviderModule implements StaticRefPolicyProviderModul ...@@ -626,6 +630,12 @@ public class CoreRefPolicyProviderModule implements StaticRefPolicyProviderModul
return new CoreRefPolicyProviderModule(policyMap, policySetMap, maxPolicySetRefDepth, expressionFactory, combiningAlgRegistry); return new CoreRefPolicyProviderModule(policyMap, policySetMap, maxPolicySetRefDepth, expressionFactory, combiningAlgRegistry);
} }
@Override
public Deque<String> checkJoinedPolicyRefChain(final Deque<String> policyRefChain1, final List<String> policyRefChain2)
{
return Helper.checkJoinedPolicyRefChain(policyRefChain1, policyRefChain2, maxPolicySetRefDepth);
}
/** {@inheritDoc} */ /** {@inheritDoc} */
@Override @Override
public StaticTopLevelPolicyElementEvaluator get(final TopLevelPolicyElementType policyType, final String id, final Optional<VersionPatterns> constraints, final Deque<String> policySetRefChain) public StaticTopLevelPolicyElementEvaluator get(final TopLevelPolicyElementType policyType, final String id, final Optional<VersionPatterns> constraints, final Deque<String> policySetRefChain)
...@@ -642,8 +652,9 @@ public class CoreRefPolicyProviderModule implements StaticRefPolicyProviderModul ...@@ -642,8 +652,9 @@ public class CoreRefPolicyProviderModule implements StaticRefPolicyProviderModul
return policyEntry.getValue(); return policyEntry.getValue();
} }
// Request for PolicySet (from PolicySetIdReference) /*
final Deque<String> newPolicySetRefChain = Utils.appendAndCheckPolicyRefChain(policySetRefChain, Collections.singletonList(id), maxPolicySetRefDepth); * Request for PolicySet (not necessarily from PolicySetIdReference, but also from CoreRefBasedRootPolicyProviderModule#CoreRefBasedRootPolicyProviderModule(...) or else)
*/
final Entry<PolicyVersion, StaticTopLevelPolicyElementEvaluator> policyEntry = policySetEvaluatorMap.get(id, constraints); final Entry<PolicyVersion, StaticTopLevelPolicyElementEvaluator> policyEntry = policySetEvaluatorMap.get(id, constraints);
if (policyEntry == null) if (policyEntry == null)
{ {
...@@ -654,7 +665,7 @@ public class CoreRefPolicyProviderModule implements StaticRefPolicyProviderModul ...@@ -654,7 +665,7 @@ public class CoreRefPolicyProviderModule implements StaticRefPolicyProviderModul
* check total policy ref depth, i.e. length of (newAncestorPolicySetRefChain + parsed policySet's longest (nested) policy ref chain) <= maxPolicySetRefDepth * check total policy ref depth, i.e. length of (newAncestorPolicySetRefChain + parsed policySet's longest (nested) policy ref chain) <= maxPolicySetRefDepth
*/ */
final StaticTopLevelPolicyElementEvaluator policy = policyEntry.getValue(); final StaticTopLevelPolicyElementEvaluator policy = policyEntry.getValue();
Utils.appendAndCheckPolicyRefChain(newPolicySetRefChain, policy.getExtraPolicyMetadata().getLongestPolicyRefChain(), maxPolicySetRefDepth); checkJoinedPolicyRefChain(policySetRefChain, policy.getExtraPolicyMetadata().getLongestPolicyRefChain());
return policy; return policy;
} }
...@@ -665,12 +676,4 @@ public class CoreRefPolicyProviderModule implements StaticRefPolicyProviderModul ...@@ -665,12 +676,4 @@ public class CoreRefPolicyProviderModule implements StaticRefPolicyProviderModul
// maps are immutable, nothing to clear // maps are immutable, nothing to clear
} }
/** {@inheritDoc} */
@Override
public TopLevelPolicyElementEvaluator get(final TopLevelPolicyElementType policyType, final String policyId, final Optional<VersionPatterns> policyVersionConstraints,
final Deque<String> policySetRefChain, final EvaluationContext evaluationCtx) throws IllegalArgumentException, IndeterminateEvaluationException
{
return get(policyType, policyId, policyVersionConstraints, policySetRefChain);
}
} }
...@@ -30,7 +30,6 @@ ...@@ -30,7 +30,6 @@
<artifactId>mongo-java-driver</artifactId> <artifactId>mongo-java-driver</artifactId>
<!-- See this issue for compatibility with Jongo: https://github.com/bguerout/jongo/issues/254 --> <!-- See this issue for compatibility with Jongo: https://github.com/bguerout/jongo/issues/254 -->
<version>2.14.2</version> <version>2.14.2</version>
<scope>test</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.jongo</groupId> <groupId>org.jongo</groupId>
......
...@@ -24,6 +24,7 @@ import java.io.IOException; ...@@ -24,6 +24,7 @@ import java.io.IOException;
import java.io.StringReader; import java.io.StringReader;
import java.net.UnknownHostException; import java.net.UnknownHostException;
import java.util.Deque; import java.util.Deque;
import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Optional; import java.util.Optional;
...@@ -35,19 +36,17 @@ import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySet; ...@@ -35,19 +36,17 @@ import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySet;
import org.jongo.Jongo; import org.jongo.Jongo;
import org.jongo.MongoCollection; import org.jongo.MongoCollection;
import org.ow2.authzforce.core.pdp.api.EnvironmentProperties; import org.ow2.authzforce.core.pdp.api.EnvironmentProperties;
import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException; import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.JaxbXACMLUtils.XACMLParserFactory; import org.ow2.authzforce.core.pdp.api.JaxbXACMLUtils.XACMLParserFactory;
import org.ow2.authzforce.core.pdp.api.StatusHelper; import org.ow2.authzforce.core.pdp.api.StatusHelper;
import org.ow2.authzforce.core.pdp.api.XMLUtils.NamespaceFilteringParser; import org.ow2.authzforce.core.pdp.api.XMLUtils.NamespaceFilteringParser;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgRegistry; import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgRegistry;
import org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory; import org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory;
import org.ow2.authzforce.core.pdp.api.policy.BaseStaticRefPolicyProviderModule;
import org.ow2.authzforce.core.pdp.api.policy.PolicyVersion; import org.ow2.authzforce.core.pdp.api.policy.PolicyVersion;
import org.ow2.authzforce.core.pdp.api.policy.PolicyVersionPattern; import org.ow2.authzforce.core.pdp.api.policy.PolicyVersionPattern;
import org.ow2.authzforce.core.pdp.api.policy.RefPolicyProviderModule; import org.ow2.authzforce.core.pdp.api.policy.RefPolicyProviderModule;
import org.ow2.authzforce.core.pdp.api.policy.StaticRefPolicyProviderModule;
import org.ow2.authzforce.core.pdp.api.policy.StaticTopLevelPolicyElementEvaluator; import org.ow2.authzforce.core.pdp.api.policy.StaticTopLevelPolicyElementEvaluator;
import org.ow2.authzforce.core.pdp.api.policy.TopLevelPolicyElementEvaluator;
import org.ow2.authzforce.core.pdp.api.policy.TopLevelPolicyElementType; import org.ow2.authzforce.core.pdp.api.policy.TopLevelPolicyElementType;
import org.ow2.authzforce.core.pdp.api.policy.VersionPatterns; import org.ow2.authzforce.core.pdp.api.policy.VersionPatterns;
import org.ow2.authzforce.core.pdp.impl.policy.PolicyEvaluators; import org.ow2.authzforce.core.pdp.impl.policy.PolicyEvaluators;
...@@ -71,7 +70,7 @@ import com.mongodb.ServerAddress; ...@@ -71,7 +70,7 @@ import com.mongodb.ServerAddress;
* TODO: performance optimization: cache results of {@link #get(TopLevelPolicyElementType, String, Optional, Deque)} to avoid repetitive requests to database server * TODO: performance optimization: cache results of {@link #get(TopLevelPolicyElementType, String, Optional, Deque)} to avoid repetitive requests to database server
* *
*/ */
public class MongoDBRefPolicyProviderModule implements StaticRefPolicyProviderModule public class MongoDBRefPolicyProviderModule extends BaseStaticRefPolicyProviderModule
{ {
/** /**
* 'type' value expected in policy documents stored in database for XACML Policies * 'type' value expected in policy documents stored in database for XACML Policies
...@@ -89,11 +88,11 @@ public class MongoDBRefPolicyProviderModule implements StaticRefPolicyProviderMo ...@@ -89,11 +88,11 @@ public class MongoDBRefPolicyProviderModule implements StaticRefPolicyProviderMo
private final XACMLParserFactory xacmlParserFactory; private final XACMLParserFactory xacmlParserFactory;
private final ExpressionFactory expressionFactory; private final ExpressionFactory expressionFactory;
private final CombiningAlgRegistry combiningAlgRegistry; private final CombiningAlgRegistry combiningAlgRegistry;
private final int maxPolicySetRefDepth;
private MongoDBRefPolicyProviderModule(final String id, final ServerAddress serverAddress, final String dbName, final String collectionName, final XACMLParserFactory xacmlParserFactory, private MongoDBRefPolicyProviderModule(final String id, final ServerAddress serverAddress, final String dbName, final String collectionName, final XACMLParserFactory xacmlParserFactory,
final ExpressionFactory expressionFactory, final CombiningAlgRegistry combiningAlgRegistry, final int maxPolicySetRefDepth) final ExpressionFactory expressionFactory, final CombiningAlgRegistry combiningAlgRegistry, final int maxPolicySetRefDepth)
{ {
super(maxPolicySetRefDepth);
assert id != null && !id.isEmpty() && dbName != null && !dbName.isEmpty() && collectionName != null && !collectionName.isEmpty() && xacmlParserFactory != null && expressionFactory != null assert id != null && !id.isEmpty() && dbName != null && !dbName.isEmpty() && collectionName != null && !collectionName.isEmpty() && xacmlParserFactory != null && expressionFactory != null
&& combiningAlgRegistry != null; && combiningAlgRegistry != null;
...@@ -104,7 +103,6 @@ public class MongoDBRefPolicyProviderModule implements StaticRefPolicyProviderMo ...@@ -104,7 +103,6 @@ public class MongoDBRefPolicyProviderModule implements StaticRefPolicyProviderMo
this.xacmlParserFactory = xacmlParserFactory; this.xacmlParserFactory = xacmlParserFactory;
this.expressionFactory = expressionFactory; this.expressionFactory = expressionFactory;
this.combiningAlgRegistry = combiningAlgRegistry; this.combiningAlgRegistry = combiningAlgRegistry;
this.maxPolicySetRefDepth = maxPolicySetRefDepth;
} }
/** /**
...@@ -163,6 +161,12 @@ public class MongoDBRefPolicyProviderModule implements StaticRefPolicyProviderMo ...@@ -163,6 +161,12 @@ public class MongoDBRefPolicyProviderModule implements StaticRefPolicyProviderMo
} }
@Override
public Deque<String> checkJoinedPolicyRefChain(final Deque<String> policyRefChain1, final List<String> policyRefChain2)
{
return Helper.checkJoinedPolicyRefChain(policyRefChain1, policyRefChain2, maxPolicySetRefDepth);
}
@Override @Override
public void close() throws IOException public void close() throws IOException
{ {
...@@ -342,11 +346,4 @@ public class MongoDBRefPolicyProviderModule implements StaticRefPolicyProviderMo ...@@ -342,11 +346,4 @@ public class MongoDBRefPolicyProviderModule implements StaticRefPolicyProviderMo
+ jaxbPolicyOrPolicySetObj.getClass().getCanonicalName() + ". Expected: " + Policy.class.getCanonicalName() + ", " + PolicySet.class.getCanonicalName(), + jaxbPolicyOrPolicySetObj.getClass().getCanonicalName() + ". Expected: " + Policy.class.getCanonicalName() + ", " + PolicySet.class.getCanonicalName(),
StatusHelper.STATUS_PROCESSING_ERROR); StatusHelper.STATUS_PROCESSING_ERROR);
} }
@Override
public TopLevelPolicyElementEvaluator get(final TopLevelPolicyElementType policyType, final String policyId, final Optional<VersionPatterns> policyVersionPatterns,
final Deque<String> policySetRefChain, final EvaluationContext evaluationCtx) throws IllegalArgumentException, IndeterminateEvaluationException
{
return get(policyType, policyId, policyVersionPatterns, policySetRefChain);
}
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment