Commit 50722bbc authored by cdanger's avatar cdanger

- Changed parent version: 7.2.0->7.3.0

- Change dep authzforce-ce-core-pdp-api: 15.0.0->15.1.0
- upgraded dep authzforce-ce-xacml-json-model: 1.1.0->2.0.0
- Fixed #13:
  - Changed dep mongo-java-driver in testutils module: 2.14.12 -> 3.5.0
  - Idem for jongo: 1.3. -> 1.4.0
- XML StaticRefPolicyProvider type / CoreRefPolicyProvider class:
  - added support for recursive directory searching for policies, e.g.
pattern .../*/*.xml for searching on two directory levels
  - added option to ignore old versions (keep only the latest) when
multiple versions of same policy ID available (ignoreOldVersions=true in
xml config pdp.xsd)
- Simplified for code for detecting duplicate enclosed policy ID/version
parent d1ad4e53
......@@ -27,9 +27,6 @@ import java.util.concurrent.Callable;
import javax.xml.bind.Marshaller;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Request;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Response;
import org.json.JSONObject;
import org.json.JSONTokener;
import org.ow2.authzforce.core.pdp.api.DecisionRequestPreprocessor;
......@@ -44,8 +41,10 @@ import org.ow2.authzforce.core.pdp.io.xacml.json.BaseXacmlJsonResultPostprocesso
import org.ow2.authzforce.core.pdp.io.xacml.json.IndividualXacmlJsonRequest;
import org.ow2.authzforce.core.pdp.io.xacml.json.SingleDecisionXacmlJsonRequestPreprocessor;
import org.ow2.authzforce.xacml.Xacml3JaxbHelper;
import org.ow2.authzforce.xacml.json.model.Xacml3JsonUtils;
import org.ow2.authzforce.xacml.json.model.XacmlJsonUtils;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Request;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Response;
import picocli.CommandLine;
import picocli.CommandLine.Command;
import picocli.CommandLine.Option;
......@@ -68,23 +67,25 @@ public final class PdpCommandLineCallable implements Callable<Void>
/*
* WARNING: do not make picocli-annoated fields final here! Known issue: https://github.com/remkop/picocli/issues/68. Planned to be fixed in release 2.1.0.
*/
@Option(names = { "-t", "--type" }, description = "Type of XACML request/response: 'XACML_XML' for XACML 3.0/XML (XACML core specification), 'XACML_JSON' for XACML 3.0/JSON (JSON Profile of XACML 3.0)")
private RequestType requestType = RequestType.XACML_XML;
@Option(names = { "-t",
"--type" }, description = "Type of XACML request/response: 'XACML_XML' for XACML 3.0/XML (XACML core specification), 'XACML_JSON' for XACML 3.0/JSON (JSON Profile of XACML 3.0)")
private final RequestType requestType = RequestType.XACML_XML;
@Parameters(index = "0", description = "Path to PDP configuration file, valid against schema located at https://github.com/authzforce/core/blob/release-X.Y.Z/pdp-engine/src/main/resources/pdp.xsd (X.Y.Z is the version provided by -v option)")
private File confFile;
@Option(names = { "-c", "--catalog" }, description = "Path to XML catalog for resolving schemas used in extensions XSD specified by -e option, required only if -e specified")
private String catalogLocation = null;
private final String catalogLocation = null;
@Option(names = { "-e", "--extensions" }, description = "Path to extensions XSD (contains XSD namespace imports for all extensions used in the PDP configuration), required only if using any extension in the PDP configuration file")
private String extensionXsdLocation = null;
@Option(names = { "-e",
"--extensions" }, description = "Path to extensions XSD (contains XSD namespace imports for all extensions used in the PDP configuration), required only if using any extension in the PDP configuration file")
private final String extensionXsdLocation = null;
@Parameters(index = "1", description = "XACML Request (format determined by -t option)")
private File reqFile;
@Option(names = { "-p", "--prettyprint" }, description = "Pretty-print output with line feeds and indentation")
private boolean formattedOutput = false;
private final boolean formattedOutput = false;
@Override
public Void call() throws Exception
......@@ -104,17 +105,17 @@ public final class PdpCommandLineCallable implements Callable<Void>
throw new IllegalArgumentException("Invalid XACML JSON Request file: " + reqFile + ". Expected root key: \"Request\"");
}
Xacml3JsonUtils.REQUEST_SCHEMA.validate(jsonRequest);
XacmlJsonUtils.REQUEST_SCHEMA.validate(jsonRequest);
}
final DecisionResultPostprocessor<IndividualXacmlJsonRequest, JSONObject> defaultResultPostproc = new BaseXacmlJsonResultPostprocessor(
configuration.getClientRequestErrorVerbosityLevel());
configuration.getClientRequestErrorVerbosityLevel());
final DecisionRequestPreprocessor<JSONObject, IndividualXacmlJsonRequest> defaultReqPreproc = SingleDecisionXacmlJsonRequestPreprocessor.LaxVariantFactory.INSTANCE.getInstance(
configuration.getAttributeValueFactoryRegistry(), configuration.isStrictAttributeIssuerMatchEnabled(), configuration.isXpathEnabled(), XmlUtils.SAXON_PROCESSOR,
defaultResultPostproc.getFeatures());
configuration.getAttributeValueFactoryRegistry(), configuration.isStrictAttributeIssuerMatchEnabled(), configuration.isXpathEnabled(), XmlUtils.SAXON_PROCESSOR,
defaultResultPostproc.getFeatures());
final PdpEngineInoutAdapter<JSONObject, JSONObject> jsonPdpEngineAdapter = PdpEngineAdapters.newInoutAdapter(JSONObject.class, JSONObject.class, configuration, defaultReqPreproc,
defaultResultPostproc);
defaultResultPostproc);
final JSONObject jsonResponse = jsonPdpEngineAdapter.evaluate(jsonRequest);
System.out.println(jsonResponse.toString(formattedOutput ? 4 : 0));
break;
......
This diff is collapsed.
......@@ -35,7 +35,6 @@
preEvaluateDoc="false"
serializerFactory=""
errorListener="net.sf.saxon.lib.StandardErrorListener"
traceListener="net.sf.saxon.trace.XSLTTraceListener"
usePiDisableOutputEscaping="false"
validationWarnings="true" />
<serialization
......@@ -92,7 +91,7 @@
stylesheetParser="">
</xslt>
<xquery
version="1.1"
version="3.1"
allowUpdate="false"
errorListener="net.sf.saxon.StandardErrorListener"
moduleUriResolver="net.sf.saxon.lib.StandardModuleURIResolver"
......@@ -103,12 +102,5 @@
defaultElementNamespace=""
preserveBoundarySpace="false"
requiredContextItemType="document-node()"
emptyLeast="true" />
<!-- XSD occurrenceLimits property is not considered valid by SAXON 9.6 although it is in the doc:
http://www.saxonica.com/documentation9.6/index.html#!configuration/configuration-file/config-xsd
Bug reported here: https://saxonica.plan.io/issues/2731
-->
<xsd
version="1.1" />
emptyLeast="true" />
</configuration>
\ No newline at end of file
......@@ -21,7 +21,7 @@
<dependency>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-xacml-json-model</artifactId>
<version>1.1.0</version>
<version>2.0.0</version>
</dependency>
<dependency>
<groupId>org.ow2.authzforce</groupId>
......
......@@ -44,7 +44,7 @@ import org.ow2.authzforce.core.pdp.io.xacml.json.XacmlJsonParsingUtils.ContentSk
import org.ow2.authzforce.core.pdp.io.xacml.json.XacmlJsonParsingUtils.FullXacmlJsonAttributesParserFactory;
import org.ow2.authzforce.core.pdp.io.xacml.json.XacmlJsonParsingUtils.NamedXacmlJsonAttributeParser;
import org.ow2.authzforce.xacml.identifiers.XacmlStatusCode;
import org.ow2.authzforce.xacml.json.model.Xacml3JsonUtils;
import org.ow2.authzforce.xacml.json.model.XacmlJsonUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
......@@ -208,7 +208,7 @@ public abstract class BaseXacmlJsonRequestPreprocessor implements DecisionReques
try
{
Xacml3JsonUtils.REQUEST_SCHEMA.validate(request);
XacmlJsonUtils.REQUEST_SCHEMA.validate(request);
}
catch (final ValidationException e)
{
......
......@@ -21,7 +21,6 @@ import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
......@@ -43,7 +42,7 @@ import org.ow2.authzforce.core.pdp.io.xacml.json.BaseXacmlJsonResultPostprocesso
import org.ow2.authzforce.core.pdp.io.xacml.json.SingleDecisionXacmlJsonRequestPreprocessor;
import org.ow2.authzforce.core.pdp.testutil.TestUtils;
import org.ow2.authzforce.xacml.json.model.LimitsCheckingJSONObject;
import org.ow2.authzforce.xacml.json.model.Xacml3JsonUtils;
import org.ow2.authzforce.xacml.json.model.XacmlJsonUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.ResourceUtils;
......@@ -132,11 +131,11 @@ public class JsonProfileConformanceV3Test
}
// normalize responses for comparison
final JSONObject normalizedExpectedResponse = Xacml3JsonUtils.canonicalizeResponse(expectedResponse);
final JSONObject normalizedActualResponse = Xacml3JsonUtils.canonicalizeResponse(actualResponseFromPDP);
final JSONObject normalizedExpectedResponse = XacmlJsonUtils.canonicalizeResponse(expectedResponse);
final JSONObject normalizedActualResponse = XacmlJsonUtils.canonicalizeResponse(actualResponseFromPDP);
Assert.assertTrue(normalizedActualResponse.similar(normalizedExpectedResponse),
"Test '" + testId + "' (StatusMessage/StatusDetail/nested StatusCode elements removed/ignored for comparison): expected: <" + normalizedExpectedResponse + "> ; actual: <"
+ normalizedActualResponse + ">");
"Test '" + testId + "' (StatusMessage/StatusDetail/nested StatusCode elements removed/ignored for comparison): expected: <" + normalizedExpectedResponse + "> ; actual: <"
+ normalizedActualResponse + ">");
}
public static Collection<Object[]> params(final String testResourcesRootDirectory) throws URISyntaxException, IOException
......@@ -176,7 +175,7 @@ public class JsonProfileConformanceV3Test
// Response file
final Path expectedRespFile = testDirectoryPath.resolve(EXPECTED_RESPONSE_FILENAME_SUFFIX);
final JSONObject expectedResponse;
try (final BufferedReader reader = new BufferedReader(new InputStreamReader(new FileInputStream(expectedRespFile.toFile()), StandardCharsets.UTF_8)))
try (final BufferedReader reader = Files.newBufferedReader(expectedRespFile, StandardCharsets.UTF_8))
{
expectedResponse = new LimitsCheckingJSONObject(reader, MAX_JSON_STRING_LENGTH, MAX_JSON_CHILDREN_COUNT, MAX_JSON_DEPTH);
if (!expectedResponse.has("Response"))
......@@ -184,7 +183,7 @@ public class JsonProfileConformanceV3Test
throw new IllegalArgumentException("Invalid XACML JSON Response file: " + expectedRespFile + ". Expected root key: \"Response\"");
}
Xacml3JsonUtils.RESPONSE_SCHEMA.validate(expectedResponse);
XacmlJsonUtils.RESPONSE_SCHEMA.validate(expectedResponse);
}
// Request file
......@@ -198,7 +197,7 @@ public class JsonProfileConformanceV3Test
throw new IllegalArgumentException("Invalid XACML JSON Request file: " + reqFile + ". Expected root key: \"Request\"");
}
Xacml3JsonUtils.REQUEST_SCHEMA.validate(jsonRequest);
XacmlJsonUtils.REQUEST_SCHEMA.validate(jsonRequest);
}
final Path rootPolicyFile = testDirectoryPath.resolve(ROOT_POLICY_FILENAME_SUFFIX);
......@@ -212,9 +211,9 @@ public class JsonProfileConformanceV3Test
* policies) at the moment. If some day, JSON Profile addresses policy format too, then we should do like in ConformanceV3fromV2 class from pdp-testutils package (policy syntax validation).
*/
final PdpEngineConfiguration pdpEngineConf = TestUtils.newPdpEngineConfiguration(rootPolicyFile.toUri().toURL().toString(),
Files.exists(refPoliciesDir) ? refPoliciesDir.toUri().toURL().toString() : null, ENABLE_XPATH,
Files.exists(attributeProviderConfFile) ? attributeProviderConfFile.toUri().toURL().toString() : null, SingleDecisionXacmlJsonRequestPreprocessor.LaxVariantFactory.ID,
BaseXacmlJsonResultPostprocessor.DefaultFactory.ID);
Files.exists(refPoliciesDir) ? refPoliciesDir.toUri().toURL().toString() : null, ENABLE_XPATH,
Files.exists(attributeProviderConfFile) ? attributeProviderConfFile.toUri().toURL().toString() : null, SingleDecisionXacmlJsonRequestPreprocessor.LaxVariantFactory.ID,
BaseXacmlJsonResultPostprocessor.DefaultFactory.ID);
try (final PdpEngineInoutAdapter<JSONObject, JSONObject> pdp = PdpEngineXacmlJsonAdapters.newXacmlJsonInoutAdapter(pdpEngineConf))
{
// this is an evaluation test with request/response (not a policy syntax check)
......
......@@ -29,26 +29,13 @@
<groupId>org.mongodb</groupId>
<artifactId>mongo-java-driver</artifactId>
<!-- See this issue for compatibility with Jongo: https://github.com/bguerout/jongo/issues/254 -->
<version>2.14.2</version>
<!-- Version must match the one defined in Jongo's pom.xml -->
<version>3.5.0</version>
</dependency>
<!-- Jongo 1.3.0 depends on Jackson-databind 2.7.3 which is affected by CVE:
https://nvd.nist.gov/vuln/detail/CVE-2018-5968
The issue and pull request has been submitted to Jongo project:
https://github.com/bguerout/jongo/issues/327
Also affected by CVE: https://nvd.nist.gov/vuln/detail/CVE-2018-7489
TODO: fix again in jongo dependencies
-->
<!-- So let's force upgrade to 2.9.5 to fix it -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.9.5</version>
</dependency>
<dependency>
<groupId>org.jongo</groupId>
<artifactId>jongo</artifactId>
<version>1.3.0</version>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>junit</groupId>
......
......@@ -3,7 +3,7 @@
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-parent</artifactId>
<version>7.2.0</version>
<version>7.3.0</version>
</parent>
<artifactId>authzforce-ce-core</artifactId>
<version>13.0.1-SNAPSHOT</version>
......@@ -33,7 +33,7 @@
<dependency>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-core-pdp-api</artifactId>
<version>15.0.0</version>
<version>15.1.0</version>
</dependency>
<!-- /AuthzForce dependencies -->
<!-- Test dependencies -->
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment