Commit 53b8f6c8 authored by cdanger's avatar cdanger

- upgraded core-pdp-api dependency version

parent 8b58de89
......@@ -23,20 +23,20 @@ import java.util.Collections;
import java.util.List;
import java.util.Set;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
import org.ow2.authzforce.core.pdp.api.AttributeFqn;
import org.ow2.authzforce.core.pdp.api.AttributeFqns;
import org.ow2.authzforce.core.pdp.api.AttributeProvider;
import org.ow2.authzforce.core.pdp.api.CloseableDesignatedAttributeProvider;
import org.ow2.authzforce.core.pdp.api.DesignatedAttributeProvider;
import org.ow2.authzforce.core.pdp.api.CloseableNamedAttributeProvider;
import org.ow2.authzforce.core.pdp.api.HashCollections;
import org.ow2.authzforce.core.pdp.api.NamedAttributeProvider;
import org.ow2.authzforce.core.pdp.api.value.AttributeValueFactoryRegistry;
import com.google.common.collect.ArrayListMultimap;
import com.google.common.collect.ImmutableListMultimap;
import com.google.common.collect.ListMultimap;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
/**
* Closeable AttributeProvider
* <p>
......@@ -51,9 +51,9 @@ public final class CloseableAttributeProvider extends ModularAttributeProvider i
private static final class ModuleAdapter
{
private final CloseableDesignatedAttributeProvider module;
private final CloseableNamedAttributeProvider module;
private ModuleAdapter(final CloseableDesignatedAttributeProvider module) throws IOException
private ModuleAdapter(final CloseableNamedAttributeProvider module) throws IOException
{
final Set<AttributeDesignatorType> providedAttributes = module.getProvidedAttributes();
if (providedAttributes == null || providedAttributes.isEmpty())
......@@ -81,7 +81,7 @@ public final class CloseableAttributeProvider extends ModularAttributeProvider i
return module.toString();
}
private DesignatedAttributeProvider getAdaptedModule()
private NamedAttributeProvider getAdaptedModule()
{
return this.module;
}
......@@ -99,8 +99,7 @@ public final class CloseableAttributeProvider extends ModularAttributeProvider i
try
{
mod.close();
}
catch (final IOException e)
} catch (final IOException e)
{
latestEx = e;
}
......@@ -115,8 +114,8 @@ public final class CloseableAttributeProvider extends ModularAttributeProvider i
// not-null
private final Set<ModuleAdapter> moduleClosers;
private CloseableAttributeProvider(final ImmutableListMultimap<AttributeFqn, DesignatedAttributeProvider> modulesByAttributeId, final Set<ModuleAdapter> moduleClosers,
final boolean strictAttributeIssuerMatch)
private CloseableAttributeProvider(final ImmutableListMultimap<AttributeFqn, NamedAttributeProvider> modulesByAttributeId, final Set<ModuleAdapter> moduleClosers,
final boolean strictAttributeIssuerMatch)
{
super(modulesByAttributeId, null, strictAttributeIssuerMatch);
assert moduleClosers != null;
......@@ -124,7 +123,7 @@ public final class CloseableAttributeProvider extends ModularAttributeProvider i
}
private static final CloseableAttributeProvider EVALUATION_CONTEXT_ONLY_SCOPED_CLOSEABLE_ATTRIBUTE_PROVIDER = new CloseableAttributeProvider(ImmutableListMultimap.of(),
Collections.<ModuleAdapter> emptySet(), true);
Collections.<ModuleAdapter>emptySet(), true);
/**
* Instantiates attribute Provider that tries to find attribute values in evaluation context, then, if not there, query the {@code module} providing the requested attribute ID, if any.
......@@ -144,18 +143,18 @@ public final class CloseableAttributeProvider extends ModularAttributeProvider i
* @throws java.io.IOException
* error closing the Attribute Providers created from {@code attributeProviderFactories}, when a {@link IllegalArgumentException} is raised
*/
public static CloseableAttributeProvider getInstance(final List<CloseableDesignatedAttributeProvider.DependencyAwareFactory> attributeProviderFactories,
final AttributeValueFactoryRegistry attributeFactory, final boolean strictAttributeIssuerMatch) throws IOException
public static CloseableAttributeProvider getInstance(final List<CloseableNamedAttributeProvider.DependencyAwareFactory> attributeProviderFactories,
final AttributeValueFactoryRegistry attributeFactory, final boolean strictAttributeIssuerMatch) throws IOException
{
if (attributeProviderFactories == null || attributeProviderFactories.isEmpty())
{
return EVALUATION_CONTEXT_ONLY_SCOPED_CLOSEABLE_ATTRIBUTE_PROVIDER;
}
final ListMultimap<AttributeFqn, DesignatedAttributeProvider> modulesByAttributeId = ArrayListMultimap.create();
final ListMultimap<AttributeFqn, NamedAttributeProvider> modulesByAttributeId = ArrayListMultimap.create();
final int moduleCount = attributeProviderFactories.size();
final Set<ModuleAdapter> mutableModuleCloserSet = HashCollections.newUpdatableSet(moduleCount);
for (final CloseableDesignatedAttributeProvider.DependencyAwareFactory attProviderFactory : attributeProviderFactories)
for (final CloseableNamedAttributeProvider.DependencyAwareFactory attProviderFactory : attributeProviderFactories)
{
try
{
......@@ -169,10 +168,9 @@ public final class CloseableAttributeProvider extends ModularAttributeProvider i
if (requiredAttrs == null)
{
depAttrProvider = ModularAttributeProvider.EVALUATION_CONTEXT_ONLY_SCOPED_ATTRIBUTE_PROVIDER;
}
else
} else
{
final ImmutableListMultimap<AttributeFqn, DesignatedAttributeProvider> immutableCopyOfAttrProviderModsByAttrId = ImmutableListMultimap.copyOf(modulesByAttributeId);
final ImmutableListMultimap<AttributeFqn, NamedAttributeProvider> immutableCopyOfAttrProviderModsByAttrId = ImmutableListMultimap.copyOf(modulesByAttributeId);
depAttrProvider = new ModularAttributeProvider(immutableCopyOfAttrProviderModsByAttrId, requiredAttrs, strictAttributeIssuerMatch);
}
......@@ -190,8 +188,7 @@ public final class CloseableAttributeProvider extends ModularAttributeProvider i
*/
modulesByAttributeId.put(attrGUID, moduleAdapter.getAdaptedModule());
}
}
catch (final IllegalArgumentException e)
} catch (final IllegalArgumentException e)
{
close(mutableModuleCloserSet);
throw e;
......
......@@ -23,9 +23,9 @@ import java.util.Set;
import org.ow2.authzforce.core.pdp.api.AttributeFqn;
import org.ow2.authzforce.core.pdp.api.AttributeFqns;
import org.ow2.authzforce.core.pdp.api.AttributeProvider;
import org.ow2.authzforce.core.pdp.api.DesignatedAttributeProvider;
import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.NamedAttributeProvider;
import org.ow2.authzforce.core.pdp.api.value.AttributeBag;
import org.ow2.authzforce.core.pdp.api.value.AttributeValue;
import org.ow2.authzforce.core.pdp.api.value.Bags;
......@@ -50,61 +50,47 @@ public class ModularAttributeProvider implements AttributeProvider
{
private static final IndeterminateEvaluationException INDETERMINATE_EXCEPTION_NO_VALUE_FROM_ATTRIBUTE_PROVIDERS = new IndeterminateEvaluationException(
"No value found by any attribute provider module", XacmlStatusCode.PROCESSING_ERROR.value());
"No value found by any attribute provider module", XacmlStatusCode.PROCESSING_ERROR.value());
private interface IssuedToNonIssuedAttributeCopyMode
{
void process(AttributeFqn attributeFqn, AttributeBag<?> result, EvaluationContext context);
}
private static final IssuedToNonIssuedAttributeCopyMode ISSUED_TO_NON_ISSUED_ATTRIBUTE_COPY_ENABLED_MODE = new IssuedToNonIssuedAttributeCopyMode()
{
private static final Logger LOGGER = LoggerFactory.getLogger(ModularAttributeProvider.class);
@Override
public void process(final AttributeFqn attributeFqn, final AttributeBag<?> result, final EvaluationContext context)
private static final IssuedToNonIssuedAttributeCopyMode ISSUED_TO_NON_ISSUED_ATTRIBUTE_COPY_ENABLED_MODE = (attributeFqn, result, context) -> {
if (!attributeFqn.getIssuer().isPresent())
{
if (!attributeFqn.getIssuer().isPresent())
{
// Attribute already without Issuer -> nothing to copy
return;
}
/*
* Attribute with Issuer -> make Issuer-less copy and put same result in context for match by Issuer-less AttributeDesignator
*/
final AttributeFqn issuerLessAttributeFqn = AttributeFqns.newInstance(attributeFqn.getCategory(), Optional.empty(), attributeFqn.getId());
/*
* Cache the attribute value(s) for the issuer-less attribute in context in case there is a matching Issuer-less AttributeDesignator to evaluate
*/
context.putNamedAttributeValueIfAbsent(issuerLessAttributeFqn, result);
LOGGER.debug("strictAttributeIssuerMatch=false -> Cached values of attribute {}, type={}, derived, by removing Issuer, from attribute {} provided by AttributeProvider module: values= {}",
attributeFqn, result.getElementDatatype(), attributeFqn, result);
// Attribute already without Issuer -> nothing to copy
return;
}
/*
* Attribute with Issuer -> make Issuer-less copy and put same result in context for match by Issuer-less AttributeDesignator
*/
final AttributeFqn issuerLessAttributeFqn = AttributeFqns.newInstance(attributeFqn.getCategory(), Optional.empty(), attributeFqn.getId());
/*
* Cache the attribute value(s) for the issuer-less attribute in context in case there is a matching Issuer-less AttributeDesignator to evaluate
*/
context.putNamedAttributeValueIfAbsent(issuerLessAttributeFqn, result);
LOGGER.debug("strictAttributeIssuerMatch=false -> Cached values of attribute {}, type={}, derived, by removing Issuer, from attribute {} provided by AttributeProvider module: values= {}",
attributeFqn, result.getElementDatatype(), attributeFqn, result);
};
private static final IssuedToNonIssuedAttributeCopyMode ISSUED_TO_NON_ISSUED_ATTRIBUTE_COPY_DISABLED_MODE = new IssuedToNonIssuedAttributeCopyMode()
{
@Override
public void process(final AttributeFqn attributeFqn, final AttributeBag<?> result, final EvaluationContext context)
{
// do not copy the result to any Issuer-less attribute
}
private static final IssuedToNonIssuedAttributeCopyMode ISSUED_TO_NON_ISSUED_ATTRIBUTE_COPY_DISABLED_MODE = (attributeFqn, result, context) -> {
// do not copy the result to any Issuer-less attribute
};
private static final Logger LOGGER = LoggerFactory.getLogger(ModularAttributeProvider.class);
/*
* AttributeDesignator Provider modules by supported/provided attribute ID (global ID: category, issuer, AttributeId)
*/
private final ImmutableListMultimap<AttributeFqn, DesignatedAttributeProvider> designatorModsByAttrId;
private final ImmutableListMultimap<AttributeFqn, NamedAttributeProvider> designatorModsByAttrId;
private final IssuedToNonIssuedAttributeCopyMode issuedToNonIssuedAttributeCopyMode;
protected ModularAttributeProvider(final ImmutableListMultimap<AttributeFqn, DesignatedAttributeProvider> attributeProviderModulesByAttributeId,
final Set<AttributeDesignatorType> selectedAttributeSupport, final boolean strictAttributeIssuerMatch)
protected ModularAttributeProvider(final ImmutableListMultimap<AttributeFqn, NamedAttributeProvider> attributeProviderModulesByAttributeId,
final Set<AttributeDesignatorType> selectedAttributeSupport, final boolean strictAttributeIssuerMatch)
{
assert attributeProviderModulesByAttributeId != null;
......@@ -113,11 +99,11 @@ public class ModularAttributeProvider implements AttributeProvider
designatorModsByAttrId = attributeProviderModulesByAttributeId;
} else
{
final ListMultimap<AttributeFqn, DesignatedAttributeProvider> mutableModsByAttrIdMap = ArrayListMultimap.create(selectedAttributeSupport.size(), 1);
final ListMultimap<AttributeFqn, NamedAttributeProvider> mutableModsByAttrIdMap = ArrayListMultimap.create(selectedAttributeSupport.size(), 1);
for (final AttributeDesignatorType requiredAttr : selectedAttributeSupport)
{
final AttributeFqn requiredAttrGUID = AttributeFqns.newInstance(requiredAttr);
final ImmutableList<DesignatedAttributeProvider> requiredAttrProviderMods = attributeProviderModulesByAttributeId.get(requiredAttrGUID);
final ImmutableList<NamedAttributeProvider> requiredAttrProviderMods = attributeProviderModulesByAttributeId.get(requiredAttrGUID);
/*
* According to doc, a non-null empty list is returned if no mappings
*/
......@@ -154,8 +140,8 @@ public class ModularAttributeProvider implements AttributeProvider
* @return modular attribute provider instance; {@link #EVALUATION_CONTEXT_ONLY_SCOPED_ATTRIBUTE_PROVIDER} iff
* {@code attributeProviderModulesByAttributeId == null || attributeProviderModulesByAttributeId.isEmpty()},
*/
public static ModularAttributeProvider getInstance(final ImmutableListMultimap<AttributeFqn, DesignatedAttributeProvider> attributeProviderModulesByAttributeId,
final Set<AttributeDesignatorType> selectedAttributeSupport, final boolean strictAttributeIssuerMatch)
public static ModularAttributeProvider getInstance(final ImmutableListMultimap<AttributeFqn, NamedAttributeProvider> attributeProviderModulesByAttributeId,
final Set<AttributeDesignatorType> selectedAttributeSupport, final boolean strictAttributeIssuerMatch)
{
if (attributeProviderModulesByAttributeId == null || attributeProviderModulesByAttributeId.isEmpty())
{
......@@ -180,7 +166,7 @@ public class ModularAttributeProvider implements AttributeProvider
// else attribute not found in context, ask the Provider modules, if any
LOGGER.debug("Requesting attribute {} from Provider modules (by provided attribute ID): {}", attributeFqn, designatorModsByAttrId);
final ImmutableList<DesignatedAttributeProvider> attrProviders = designatorModsByAttrId.get(attributeFqn);
final ImmutableList<NamedAttributeProvider> attrProviders = designatorModsByAttrId.get(attributeFqn);
/*
* According to doc, a non-null empty list is returned if no mappings
*/
......@@ -189,14 +175,14 @@ public class ModularAttributeProvider implements AttributeProvider
{
LOGGER.debug("No value found for required attribute {}, type={} in evaluation context and not supported by any Attribute Provider module", attributeFqn, datatype);
throw new IndeterminateEvaluationException("Not in context and no Attribute Provider module supporting requested attribute: " + attributeFqn,
XacmlStatusCode.MISSING_ATTRIBUTE.value());
XacmlStatusCode.MISSING_ATTRIBUTE.value());
}
AttributeBag<AV> result = null;
/*
* Try all modules supporting this attribute until value found
*/
for (final DesignatedAttributeProvider attrProvider : attrProviders)
for (final NamedAttributeProvider attrProvider : attrProviders)
{
result = attrProvider.get(attributeFqn, datatype, context);
if (result != null && !result.isEmpty())
......@@ -259,13 +245,13 @@ public class ModularAttributeProvider implements AttributeProvider
*/
context.putNamedAttributeValueIfAbsent(attributeFqn, result);
return result;
} catch (UnsupportedOperationException e)
} catch (final UnsupportedOperationException e)
{
/*
* Should not happen, this is highly unexpected and should be considered a fatal error (it means the AttributeProvider does not respect its contract)
*/
throw new RuntimeException("Inconsistent AttributeProvider: throwing UnsupportedOperationException for an attribute (name=" + attributeFqn + ", type=" + datatype
+ ") that should be supported according to the provider's contract (getProvidedAttributes() result) ", e);
+ ") that should be supported according to the provider's contract (getProvidedAttributes() result) ", e);
}
}
......
......@@ -23,7 +23,7 @@ import java.util.Map;
import java.util.ServiceLoader;
import java.util.Set;
import org.ow2.authzforce.core.pdp.api.CloseableDesignatedAttributeProvider;
import org.ow2.authzforce.core.pdp.api.CloseableNamedAttributeProvider;
import org.ow2.authzforce.core.pdp.api.DecisionCache;
import org.ow2.authzforce.core.pdp.api.DecisionRequestPreprocessor;
import org.ow2.authzforce.core.pdp.api.DecisionResultPostprocessor;
......@@ -61,7 +61,7 @@ public final class PdpExtensions
* Types of zero-conf (non-JAXB-bound) extension
*/
private static final Set<Class<? extends PdpExtension>> NON_JAXB_BOUND_EXTENSION_CLASSES = HashCollections
.newImmutableSet(Arrays.asList(AttributeValueFactory.class, Function.class, CombiningAlg.class, DecisionRequestPreprocessor.Factory.class, DecisionResultPostprocessor.Factory.class));
.newImmutableSet(Arrays.asList(AttributeValueFactory.class, Function.class, CombiningAlg.class, DecisionRequestPreprocessor.Factory.class, DecisionResultPostprocessor.Factory.class));
/*
* For each type of zero-conf (non-JAXB-bound) extension, have a map (extension ID -> extension instance), so that the extension ID is scoped to the extension type among the ones listed in
......@@ -93,12 +93,11 @@ public final class PdpExtensions
if (duplicate != null)
{
throw new IllegalArgumentException("Extension " + jaxbBoundExt + " (" + jaxbBoundExt.getClass() + ") is conflicting with " + duplicate + "(" + duplicate.getClass()
+ ") for the same XML/JAXB configuration class: " + jaxbBoundExt.getJaxbClass());
+ ") for the same XML/JAXB configuration class: " + jaxbBoundExt.getJaxbClass());
}
isValidExt = true;
}
else
} else
{
for (final Class<? extends PdpExtension> extClass : NON_JAXB_BOUND_EXTENSION_CLASSES)
{
......@@ -203,8 +202,8 @@ public final class PdpExtensions
* @throws java.lang.IllegalArgumentException
* if there is no extension of type {@link org.ow2.authzforce.core.pdp.api.CloseableDesignatedAttributeProvider.FactoryBuilder} supporting {@code jaxbPdpExtensionClass}
*/
public static <ATTRIBUTE_PROVIDER_CONF extends AbstractAttributeProvider> CloseableDesignatedAttributeProvider.FactoryBuilder<ATTRIBUTE_PROVIDER_CONF> getAttributeProviderFactoryBuilder(
final Class<ATTRIBUTE_PROVIDER_CONF> jaxbConfClass)
public static <ATTRIBUTE_PROVIDER_CONF extends AbstractAttributeProvider> CloseableNamedAttributeProvider.FactoryBuilder<ATTRIBUTE_PROVIDER_CONF> getAttributeProviderFactoryBuilder(
final Class<ATTRIBUTE_PROVIDER_CONF> jaxbConfClass)
{
final JaxbBoundPdpExtension<ATTRIBUTE_PROVIDER_CONF> ext = (JaxbBoundPdpExtension<ATTRIBUTE_PROVIDER_CONF>) JAXB_BOUND_EXTENSIONS_BY_JAXB_CLASS.get(jaxbConfClass);
if (ext == null)
......@@ -212,13 +211,13 @@ public final class PdpExtensions
throw new IllegalArgumentException("No PDP extension found supporting JAXB (configuration) type: " + jaxbConfClass + ". Expected types: " + JAXB_BOUND_EXTENSIONS_BY_JAXB_CLASS.keySet());
}
if (!(ext instanceof CloseableDesignatedAttributeProvider.FactoryBuilder))
if (!(ext instanceof CloseableNamedAttributeProvider.FactoryBuilder))
{
throw new IllegalArgumentException("No PDP extension of type " + CloseableDesignatedAttributeProvider.FactoryBuilder.class
+ " (Attribute Provider factory builder) supporting JAXB/XML (configuration) type: " + jaxbConfClass);
throw new IllegalArgumentException("No PDP extension of type " + CloseableNamedAttributeProvider.FactoryBuilder.class
+ " (Attribute Provider factory builder) supporting JAXB/XML (configuration) type: " + jaxbConfClass);
}
return (CloseableDesignatedAttributeProvider.FactoryBuilder<ATTRIBUTE_PROVIDER_CONF>) ext;
return (CloseableNamedAttributeProvider.FactoryBuilder<ATTRIBUTE_PROVIDER_CONF>) ext;
}
/**
......@@ -231,7 +230,7 @@ public final class PdpExtensions
* if there is no extension of type {@link org.ow2.authzforce.core.pdp.api.policy.CloseableRefPolicyProvider.Factory} supporting {@code jaxbPdpExtensionClass}
*/
public static <REF_POLICY_PROVIDER_CONF extends AbstractPolicyProvider> CloseableRefPolicyProvider.Factory<REF_POLICY_PROVIDER_CONF> getRefPolicyProviderFactory(
final Class<REF_POLICY_PROVIDER_CONF> jaxbConfClass) throws IllegalArgumentException
final Class<REF_POLICY_PROVIDER_CONF> jaxbConfClass) throws IllegalArgumentException
{
final JaxbBoundPdpExtension<REF_POLICY_PROVIDER_CONF> ext = (JaxbBoundPdpExtension<REF_POLICY_PROVIDER_CONF>) JAXB_BOUND_EXTENSIONS_BY_JAXB_CLASS.get(jaxbConfClass);
if (ext == null)
......@@ -242,7 +241,7 @@ public final class PdpExtensions
if (!(ext instanceof CloseableRefPolicyProvider.Factory))
{
throw new IllegalArgumentException(
"No PDP extension of type " + CloseableRefPolicyProvider.Factory.class + " (Reference-based Policy Provider factory) supporting JAXB/XML (configuration) type: " + jaxbConfClass);
"No PDP extension of type " + CloseableRefPolicyProvider.Factory.class + " (Reference-based Policy Provider factory) supporting JAXB/XML (configuration) type: " + jaxbConfClass);
}
return (CloseableRefPolicyProvider.Factory<REF_POLICY_PROVIDER_CONF>) ext;
......@@ -261,7 +260,7 @@ public final class PdpExtensions
*/
public static <ROOT_POLICY_PROVIDER_CONF extends AbstractPolicyProvider> RootPolicyProvider.Factory<ROOT_POLICY_PROVIDER_CONF> getRootPolicyProviderFactory(
final Class<ROOT_POLICY_PROVIDER_CONF> jaxbConfClass) throws IllegalArgumentException
final Class<ROOT_POLICY_PROVIDER_CONF> jaxbConfClass) throws IllegalArgumentException
{
final JaxbBoundPdpExtension<ROOT_POLICY_PROVIDER_CONF> ext = (JaxbBoundPdpExtension<ROOT_POLICY_PROVIDER_CONF>) JAXB_BOUND_EXTENSIONS_BY_JAXB_CLASS.get(jaxbConfClass);
if (ext == null)
......@@ -272,7 +271,7 @@ public final class PdpExtensions
if (!(ext instanceof RootPolicyProvider.Factory))
{
throw new IllegalArgumentException(
"No PDP extension of type " + RootPolicyProvider.Factory.class + " (Root Policy Provider factory) supporting JAXB/XML (configuration) type: " + jaxbConfClass);
"No PDP extension of type " + RootPolicyProvider.Factory.class + " (Root Policy Provider factory) supporting JAXB/XML (configuration) type: " + jaxbConfClass);
}
return (RootPolicyProvider.Factory<ROOT_POLICY_PROVIDER_CONF>) ext;
......
......@@ -24,17 +24,7 @@ import java.util.List;
import java.util.Map;
import java.util.Optional;
import net.sf.saxon.s9api.XPathCompiler;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.ApplyType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeSelectorType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.ExpressionType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.FunctionType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.VariableDefinition;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.VariableReferenceType;
import org.ow2.authzforce.core.pdp.api.CloseableDesignatedAttributeProvider;
import org.ow2.authzforce.core.pdp.api.CloseableNamedAttributeProvider;
import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.HashCollections;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
......@@ -55,6 +45,16 @@ import org.ow2.authzforce.xacml.identifiers.XacmlStatusCode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import net.sf.saxon.s9api.XPathCompiler;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.ApplyType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeSelectorType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.ExpressionType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.FunctionType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.VariableDefinition;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.VariableReferenceType;
/**
* Implementation of ExpressionFactory that supports the Expressions defined in VariableDefinitions in order to resolve VariableReferences. In particular, it makes sure the depth of recursivity of
* VariableDefinition does not exceed a value (to avoid inconveniences such as stackoverflow or very negative performance impact) defined by {@code maxVarRefDef} parameter to
......@@ -200,8 +200,9 @@ public final class DepthLimitingExpressionFactory implements ExpressionFactory
super(varId, longestVarRefChain);
assert varExpr != null;
this.expression = varExpr;
this.nullContextException = new IndeterminateEvaluationException("VariableReference[VariableId='" + this.variableId
+ "']: evaluate(context = null) not allowed because the variable requires context for evaluation (not constant)", XacmlStatusCode.PROCESSING_ERROR.value());
this.nullContextException = new IndeterminateEvaluationException(
"VariableReference[VariableId='" + this.variableId + "']: evaluate(context = null) not allowed because the variable requires context for evaluation (not constant)",
XacmlStatusCode.PROCESSING_ERROR.value());
}
/**
......@@ -257,7 +258,7 @@ public final class DepthLimitingExpressionFactory implements ExpressionFactory
private static final Logger LOGGER = LoggerFactory.getLogger(DepthLimitingExpressionFactory.class);
private static final IllegalArgumentException MISSING_ATTRIBUTE_DESIGNATOR_ISSUER_EXCEPTION = new IllegalArgumentException(
"Missing Issuer that is required on AttributeDesignators by PDP configuration");
"Missing Issuer that is required on AttributeDesignators by PDP configuration");
private static final IllegalArgumentException UNSUPPORTED_ATTRIBUTE_SELECTOR_EXCEPTION = new IllegalArgumentException("Unsupported Expression type (optional XACML feature): AttributeSelector");
......@@ -266,7 +267,7 @@ public final class DepthLimitingExpressionFactory implements ExpressionFactory
private static final IllegalArgumentException NULL_ATTRIBUTE_DATATYPE_REGISTRY_EXCEPTION = new IllegalArgumentException("Undefined attribute datatype registry");
private static final IllegalArgumentException UNSUPPORTED_ATTRIBUTE_DESIGNATOR_OR_SELECTOR_BECAUSE_OF_NULL_ATTRIBUTE_PROVIDER_EXCEPTION = new IllegalArgumentException(
"Unsupported Expression type 'AttributeDesignator' and 'AttributeSelector' because no attribute Provider defined");
"Unsupported Expression type 'AttributeDesignator' and 'AttributeSelector' because no attribute Provider defined");
private static final int UNLIMITED_MAX_VARIABLE_REF_DEPTH = -1;
......@@ -314,8 +315,8 @@ public final class DepthLimitingExpressionFactory implements ExpressionFactory
* error closing the Attribute Providers created from {@code attributeProviderFactories}, when a {@link IllegalArgumentException} is raised
*/
public DepthLimitingExpressionFactory(final AttributeValueFactoryRegistry attributeFactory, final FunctionRegistry functionRegistry,
final List<CloseableDesignatedAttributeProvider.DependencyAwareFactory> attributeProviderFactories, final int maxVariableRefDepth, final boolean allowAttributeSelectors,
final boolean strictAttributeIssuerMatch) throws IllegalArgumentException, IOException
final List<CloseableNamedAttributeProvider.DependencyAwareFactory> attributeProviderFactories, final int maxVariableRefDepth, final boolean allowAttributeSelectors,
final boolean strictAttributeIssuerMatch) throws IllegalArgumentException, IOException
{
if (attributeFactory == null)
{
......@@ -388,9 +389,8 @@ public final class DepthLimitingExpressionFactory implements ExpressionFactory
*/
if (maxVariableReferenceDepth != UNLIMITED_MAX_VARIABLE_REF_DEPTH && longestVarRefChainInCurrentVarExpression.size() > this.maxVariableReferenceDepth)
{
throw new IllegalArgumentException("Max allowed VariableReference depth (" + this.maxVariableReferenceDepth + ") exceeded by length ("
+ longestVarRefChainInCurrentVarExpression.size() + ") of longest VariableReference Reference chain found in Expression of Variable '" + varId + "': "
+ longestVarRefChainInCurrentVarExpression);
throw new IllegalArgumentException("Max allowed VariableReference depth (" + this.maxVariableReferenceDepth + ") exceeded by length (" + longestVarRefChainInCurrentVarExpression.size()
+ ") of longest VariableReference Reference chain found in Expression of Variable '" + varId + "': " + longestVarRefChainInCurrentVarExpression);
}
/*
......@@ -473,7 +473,7 @@ public final class DepthLimitingExpressionFactory implements ExpressionFactory
if (maxVariableReferenceDepth != UNLIMITED_MAX_VARIABLE_REF_DEPTH && inoutLongestVarRefChain.size() > this.maxVariableReferenceDepth)
{
throw new IllegalArgumentException("Max allowed VariableReference depth (" + this.maxVariableReferenceDepth + ") exceeded by length (" + inoutLongestVarRefChain.size()
+ ") of VariableReference Reference chain: " + inoutLongestVarRefChain);
+ ") of VariableReference Reference chain: " + inoutLongestVarRefChain);
}
}
......@@ -532,8 +532,7 @@ public final class DepthLimitingExpressionFactory implements ExpressionFactory
if (expr instanceof ApplyType)
{
expression = ApplyExpressions.newInstance((ApplyType) expr, xPathCompiler, this, longestVarRefChain);
}
else if (expr instanceof AttributeDesignatorType)
} else if (expr instanceof AttributeDesignatorType)
{
if (this.attributeProvider == null)
{
......@@ -553,8 +552,7 @@ public final class DepthLimitingExpressionFactory implements ExpressionFactory
}
expression = new GenericAttributeProviderBasedAttributeDesignatorExpression<>(jaxbAttrDes, attrFactory.getDatatype().getBagDatatype(), attributeProvider);
}
else if (expr instanceof AttributeSelectorType)
} else if (expr instanceof AttributeSelectorType)
{
if (!allowAttributeSelectors)
{
......@@ -581,34 +579,29 @@ public final class DepthLimitingExpressionFactory implements ExpressionFactory
}
expression = AttributeSelectorExpressions.newInstance(jaxbAttrSelector, xPathCompiler, attributeProvider, attrFactory);
}
else if (expr instanceof AttributeValueType)
} else if (expr instanceof AttributeValueType)
{
expression = getInstance((AttributeValueType) expr, xPathCompiler);
}
else if (expr instanceof FunctionType)
} else if (expr instanceof FunctionType)
{
final FunctionType jaxbFunc = (FunctionType) expr;
final FunctionExpression funcExp = getFunction(jaxbFunc.getFunctionId());
if (funcExp != null)
{
expression = funcExp;
}
else
} else
{
throw new IllegalArgumentException("Function " + jaxbFunc.getFunctionId()
+ " is not supported (at least) as standalone Expression: either a generic higher-order function supported only as Apply FunctionId, or function completely unknown.");
+ " is not supported (at least) as standalone Expression: either a generic higher-order function supported only as Apply FunctionId, or function completely unknown.");
}
}
else if (expr instanceof VariableReferenceType)
} else if (expr instanceof VariableReferenceType)
{
final VariableReferenceType varRefElt = (VariableReferenceType) expr;
expression = getVariable(varRefElt, longestVarRefChain);
}
else
} else
{
throw new IllegalArgumentException("Expressions of type " + expr.getClass().getSimpleName()
+ " are not supported. Expected: one of Apply, AttributeDesignator, AttributeSelector, AttributeValue, Function or VariableReference.");
+ " are not supported. Expected: one of Apply, AttributeDesignator, AttributeSelector, AttributeValue, Function or VariableReference.");
}
return expression;
......
......@@ -31,8 +31,8 @@ import java.util.stream.Collectors;
import org.ow2.authzforce.core.pdp.api.AttributeFqn;
import org.ow2.authzforce.core.pdp.api.AttributeProvider;
import org.ow2.authzforce.core.pdp.api.BaseDesignatedAttributeProvider;
import org.ow2.authzforce.core.pdp.api.CloseableDesignatedAttributeProvider;
import org.ow2.authzforce.core.pdp.api.BaseNamedAttributeProvider;
import org.ow2.authzforce.core.pdp.api.CloseableNamedAttributeProvider;
import org.ow2.authzforce.core.pdp.api.EnvironmentProperties;
import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
......@@ -56,13 +56,13 @@ import oasis.names.tc.xacml._3_0.core.schema.wd_17.Attributes;
* Fake AttributeProviderModule for test purposes only that can be configured to support a specific set of attribute Providers, but always return an empty bag as attribute value.
*
*/
public class TestAttributeProvider extends BaseDesignatedAttributeProvider
public class TestAttributeProvider extends BaseNamedAttributeProvider
{
/**
* Module factory
*
*/
public static class Factory extends CloseableDesignatedAttributeProvider.FactoryBuilder<org.ow2.authzforce.core.pdp.testutil.ext.xmlns.TestAttributeProvider>
public static class Factory extends CloseableNamedAttributeProvider.FactoryBuilder<org.ow2.authzforce.core.pdp.testutil.ext.xmlns.TestAttributeProvider>
{
@Override
......@@ -85,7 +85,7 @@ public class TestAttributeProvider extends BaseDesignatedAttributeProvider
}
@Override
public CloseableDesignatedAttributeProvider getInstance(final AttributeValueFactoryRegistry attrDatatypeFactory, final AttributeProvider depAttrProvider)
public CloseableNamedAttributeProvider getInstance(final AttributeValueFactoryRegistry attrDatatypeFactory, final AttributeProvider depAttrProvider)
{
return new TestAttributeProvider(conf, attrDatatypeFactory);
}
......@@ -105,7 +105,7 @@ public class TestAttributeProvider extends BaseDesignatedAttributeProvider
private final Map<AttributeFqn, AttributeBag<?>> attrMap;
private TestAttributeProvider(final org.ow2.authzforce.core.pdp.testutil.ext.xmlns.TestAttributeProvider conf, final AttributeValueFactoryRegistry attributeValueFactoryRegistry)
throws IllegalArgumentException
throws IllegalArgumentException
{
super(conf.getId());
final NamedXacmlAttributeParser<Attribute> namedXacmlAttParser = new NamedXacmlJaxbAttributeParser(attributeValueFactoryRegistry);
......@@ -145,7 +145,7 @@ public class TestAttributeProvider extends BaseDesignatedAttributeProvider
@Override
public <AV extends AttributeValue> AttributeBag<AV> get(final AttributeFqn attributeGUID, final Datatype<AV> attributeDatatype, final EvaluationContext context)
throws IndeterminateEvaluationException
throws IndeterminateEvaluationException
{
final AttributeBag<?> attrVals = attrMap.get(attributeGUID);
if (attrVals == null)
......@@ -159,7 +159,7 @@ public class TestAttributeProvider extends BaseDesignatedAttributeProvider
}
throw new IndeterminateEvaluationException("Requested datatype (" + attributeDatatype + ") != provided by " + this + " (" + attrVals.getElementDatatype() + ")",
XacmlStatusCode.MISSING_ATTRIBUTE.value());
XacmlStatusCode.MISSING_ATTRIBUTE.value());
}
}
......@@ -33,7 +33,7 @@
<dependency>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-core-pdp-api</artifactId>
<version>14.0.0</version>
<version>14.0.1-SNAPSHOT</version>
</dependency>
<!-- /AuthzForce dependencies -->
<!-- Test dependencies -->
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment