Commit 5682d8bd authored by cdanger's avatar cdanger

- Made EvaluationContext implementation

'IndividualDecisionRequestContext' public, to be used in unit tests of
PDP extensions
- Change from core-pdp-api: renamed class VersionPatterns to
PolicyVersionPatterns
parent 9a152b32
/**
* Copyright 2012-2018 Thales Services SAS.
*
* This file is part of AuthzForce CE.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.ow2.authzforce.core.pdp.impl;
import java.util.Collections;
......
......@@ -19,24 +19,24 @@ package org.ow2.authzforce.core.pdp.impl.policy;
import java.util.Optional;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.IdReferenceType;
import org.ow2.authzforce.core.pdp.api.EnvironmentProperties;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.XmlUtils.XmlnsFilteringParserFactory;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgRegistry;
import org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory;
import org.ow2.authzforce.core.pdp.api.policy.CloseableRefPolicyProvider;
import org.ow2.authzforce.core.pdp.api.policy.PolicyVersionPatterns;
import org.ow2.authzforce.core.pdp.api.policy.RootPolicyProvider;
import org.ow2.authzforce.core.pdp.api.policy.StaticRefPolicyProvider;
import org.ow2.authzforce.core.pdp.api.policy.StaticRootPolicyProvider;
import org.ow2.authzforce.core.pdp.api.policy.StaticTopLevelPolicyElementEvaluator;
import org.ow2.authzforce.core.pdp.api.policy.TopLevelPolicyElementType;
import org.ow2.authzforce.core.pdp.api.policy.VersionPatterns;
import org.ow2.authzforce.core.xmlns.pdp.StaticRefBasedRootPolicyProvider;
import com.google.common.base.Preconditions;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.IdReferenceType;
/**
* This Root policy provider retrieves the root policy from a {@link CloseableRefPolicyProvider} statically (once and for all), based on a XACML PolicySetIdReference.
*/
......@@ -55,15 +55,13 @@ public class CoreRefBasedRootPolicyProvider implements StaticRootPolicyProvider
{
@Override
public Class<StaticRefBasedRootPolicyProvider> getJaxbClass()
{
public Class<StaticRefBasedRootPolicyProvider> getJaxbClass() {
return StaticRefBasedRootPolicyProvider.class;
}
@Override
public RootPolicyProvider getInstance(final StaticRefBasedRootPolicyProvider jaxbConf, final XmlnsFilteringParserFactory xacmlParserFactory, final ExpressionFactory expressionFactory,
final CombiningAlgRegistry combiningAlgRegistry, final Optional<CloseableRefPolicyProvider> optionalRefPolicyProvider, final EnvironmentProperties environmentProperties)
{
final CombiningAlgRegistry combiningAlgRegistry, final Optional<CloseableRefPolicyProvider> optionalRefPolicyProvider, final EnvironmentProperties environmentProperties) {
Preconditions.checkNotNull(jaxbConf, ILLEGAL_XML_CONF_ARG_MESSAGE);
Preconditions.checkArgument(optionalRefPolicyProvider.isPresent(), NULL_REF_POLICY_PROVIDER_CONF_MESSAGE);
return new CoreRefBasedRootPolicyProvider(jaxbConf.getPolicyRef(), optionalRefPolicyProvider.get());
......@@ -87,36 +85,34 @@ public class CoreRefBasedRootPolicyProvider implements StaticRootPolicyProvider
{
Preconditions.checkNotNull(policyRef, ILLEGAL_XACML_POLICY_REF_ARG_MESSAGE);
Preconditions.checkNotNull(refPolicyProvider, NULL_REF_POLICY_PROVIDER_CONF_MESSAGE);
Preconditions.checkArgument(refPolicyProvider instanceof StaticRefPolicyProvider, "RefPolicyProvider arg '" + refPolicyProvider + "' incompatible with "
+ CoreRefBasedRootPolicyProvider.class + ". Expected: instance of " + StaticRefPolicyProvider.class + ". Make sure the PDP extension of type "
+ CloseableRefPolicyProvider.Factory.class + " corresponding to the refPolicyProvider in PDP configuration can create instances of " + StaticRefPolicyProvider.class);
Preconditions.checkArgument(refPolicyProvider instanceof StaticRefPolicyProvider,
"RefPolicyProvider arg '" + refPolicyProvider + "' incompatible with " + CoreRefBasedRootPolicyProvider.class + ". Expected: instance of " + StaticRefPolicyProvider.class
+ ". Make sure the PDP extension of type " + CloseableRefPolicyProvider.Factory.class + " corresponding to the refPolicyProvider in PDP configuration can create instances of "
+ StaticRefPolicyProvider.class);
final String policySetId = policyRef.getValue();
final VersionPatterns versionPatterns = new VersionPatterns(policyRef.getVersion(), policyRef.getEarliestVersion(), policyRef.getLatestVersion());
final PolicyVersionPatterns PolicyVersionPatterns = new PolicyVersionPatterns(policyRef.getVersion(), policyRef.getEarliestVersion(), policyRef.getLatestVersion());
try
{
rootPolicy = ((StaticRefPolicyProvider) refPolicyProvider).get(TopLevelPolicyElementType.POLICY_SET, policySetId, Optional.of(versionPatterns), null);
}
catch (final IndeterminateEvaluationException e)
rootPolicy = ((StaticRefPolicyProvider) refPolicyProvider).get(TopLevelPolicyElementType.POLICY_SET, policySetId, Optional.of(PolicyVersionPatterns), null);
} catch (final IndeterminateEvaluationException e)
{
throw new IllegalArgumentException("Failed to find a root PolicySet with id = '" + policySetId + "', " + versionPatterns, e);
throw new IllegalArgumentException("Failed to find a root PolicySet with id = '" + policySetId + "', " + PolicyVersionPatterns, e);
}
if (rootPolicy == null)
{
throw new IllegalArgumentException("No policy found by the refPolicyProvider for the specified PolicySetIdReference: PolicySetId = '" + policySetId + "'; " + versionPatterns);
throw new IllegalArgumentException("No policy found by the refPolicyProvider for the specified PolicySetIdReference: PolicySetId = '" + policySetId + "'; " + PolicyVersionPatterns);
}
}
@Override
public StaticTopLevelPolicyElementEvaluator getPolicy()
{
public StaticTopLevelPolicyElementEvaluator getPolicy() {
return rootPolicy;
}
@Override
public void close()
{
public void close() {
// Nothing to close - erase exception from the close() signature
}
}
......@@ -24,7 +24,7 @@ import java.util.Set;
import org.ow2.authzforce.core.pdp.api.HashCollections;
import org.ow2.authzforce.core.pdp.api.policy.PolicyVersion;
import org.ow2.authzforce.core.pdp.api.policy.VersionPatterns;
import org.ow2.authzforce.core.pdp.api.policy.PolicyVersionPatterns;
/**
* Map that provides convenient access to a policy based on the policy ID and version pattern to help resolve policy references
......@@ -63,12 +63,11 @@ public final class PolicyMap<P>
*
* @param id
* policy ID
* @param versionPatterns
* @param PolicyVersionPatterns
* patterns that the returned policy version must match
* @return policy version latest version of policy with ID {@code id} and version matching {@code versionPatterns}
* @return policy version latest version of policy with ID {@code id} and version matching {@code PolicyVersionPatterns}
*/
public Entry<PolicyVersion, P> get(final String id, final Optional<VersionPatterns> versionPatterns)
{
public Entry<PolicyVersion, P> get(final String id, final Optional<PolicyVersionPatterns> PolicyVersionPatterns) {
final PolicyVersions<P> policyVersions = policiesById.get(id);
// id not matched
if (policyVersions == null)
......@@ -76,7 +75,7 @@ public final class PolicyMap<P>
return null;
}
return policyVersions.getLatest(versionPatterns);
return policyVersions.getLatest(PolicyVersionPatterns);
}
/**
......@@ -84,8 +83,7 @@ public final class PolicyMap<P>
*
* @return all policies (with versions)
*/
public Set<Entry<String, PolicyVersions<P>>> entrySet()
{
public Set<Entry<String, PolicyVersions<P>>> entrySet() {
return policiesById.entrySet();
}
}
\ No newline at end of file
......@@ -25,7 +25,7 @@ import java.util.NavigableSet;
import java.util.Optional;
import org.ow2.authzforce.core.pdp.api.policy.PolicyVersion;
import org.ow2.authzforce.core.pdp.api.policy.VersionPatterns;
import org.ow2.authzforce.core.pdp.api.policy.PolicyVersionPatterns;
import com.google.common.collect.ImmutableSortedMap;
import com.google.common.collect.UnmodifiableIterator;
......@@ -33,8 +33,8 @@ import com.google.common.collect.UnmodifiableIterator;
/**
* Policy versions sorted from latest version to oldest.
* <p>
* The choice to have the latest version in first position is motivated by §5.10 of XACML core spec:
* "In the case that more than one matching version can be obtained, then the most recent one SHOULD be used."
* The choice to have the latest version in first position is motivated by §5.10 of XACML core spec: "In the case that more than one matching version can be obtained, then the most recent one SHOULD
* be used."
*
* @param <P>
* policy type (or any other type of data corresponding to a specific policy version)
......@@ -53,7 +53,7 @@ public final class PolicyVersions<P> implements Iterable<Entry<PolicyVersion, P>
*/
public PolicyVersions(final Map<PolicyVersion, P> versions)
{
policiesByVersion = versions == null ? ImmutableSortedMap.<PolicyVersion, P> of() : ImmutableSortedMap.copyOf(versions, Collections.reverseOrder());
policiesByVersion = versions == null ? ImmutableSortedMap.<PolicyVersion, P>of() : ImmutableSortedMap.copyOf(versions, Collections.reverseOrder());
}
/**
......@@ -63,25 +63,23 @@ public final class PolicyVersions<P> implements Iterable<Entry<PolicyVersion, P>
* policy version
* @return policy
*/
public P get(final PolicyVersion version)
{
public P get(final PolicyVersion version) {
return policiesByVersion.get(version);
}
/**
* Get latest policy version matching specific version patterns
*
* @param versionPatterns
* @param PolicyVersionPatterns
* version patterns
* @return latest version; null if none matched
*/
public Entry<PolicyVersion, P> getLatest(final Optional<VersionPatterns> versionPatterns)
{
assert versionPatterns != null;
public Entry<PolicyVersion, P> getLatest(final Optional<PolicyVersionPatterns> PolicyVersionPatterns) {
assert PolicyVersionPatterns != null;
// policiesByVersion is not empty -> at least one value
final Iterator<Entry<PolicyVersion, P>> versionPolicyPairsIterator = policiesByVersion.entrySet().iterator();
if (!versionPatterns.isPresent())
if (!PolicyVersionPatterns.isPresent())
{
/*
* Return the latest version which is the first element by design (TreeMap initialized with reverse order on version keys). See §5.10 of XACML core spec:
......@@ -90,7 +88,7 @@ public final class PolicyVersions<P> implements Iterable<Entry<PolicyVersion, P>
return versionPolicyPairsIterator.next();
}
final VersionPatterns nonNullVersionPatterns = versionPatterns.get();
final PolicyVersionPatterns nonNullPolicyVersionPatterns = PolicyVersionPatterns.get();
// constraints not null
// in the loop, go on until LatestVersion matched, then go on as long as
......@@ -108,7 +106,7 @@ public final class PolicyVersions<P> implements Iterable<Entry<PolicyVersion, P>
*/
if (!latestVersionMatched)
{
latestVersionMatched = nonNullVersionPatterns.matchLatestVersion(version);
latestVersionMatched = nonNullPolicyVersionPatterns.matchLatestVersion(version);
}
// If LatestVersion matched, check other constraints, else do
......@@ -124,7 +122,7 @@ public final class PolicyVersions<P> implements Iterable<Entry<PolicyVersion, P>
{
// EarliestVersion not checked yet
// check against EarliestVersion pattern
earliestVersionMatched = nonNullVersionPatterns.matchEarliestVersion(version);
earliestVersionMatched = nonNullPolicyVersionPatterns.matchEarliestVersion(version);
/*
* If still not matched, version cannot be in the [EarliestVersion, LatestVersion] interval. All next versions are earlier, so they cannot be either -> no match
*/
......@@ -136,7 +134,7 @@ public final class PolicyVersions<P> implements Iterable<Entry<PolicyVersion, P>
// EarliestVersion and LatestVersion matched.
// Check against Version pattern
if (nonNullVersionPatterns.matchVersion(version))
if (nonNullPolicyVersionPatterns.matchVersion(version))
{
// all constraints matched, return the associated policy
return versionPolicyPair;
......@@ -152,8 +150,7 @@ public final class PolicyVersions<P> implements Iterable<Entry<PolicyVersion, P>
/** {@inheritDoc} */
@Override
public Iterator<Entry<PolicyVersion, P>> iterator()
{
public Iterator<Entry<PolicyVersion, P>> iterator() {
return policiesByVersion.entrySet().iterator();
}
......@@ -162,8 +159,7 @@ public final class PolicyVersions<P> implements Iterable<Entry<PolicyVersion, P>
*
* @return number of policy versions
*/
public int size()
{
public int size() {
return this.policiesByVersion.size();
}
......@@ -172,8 +168,7 @@ public final class PolicyVersions<P> implements Iterable<Entry<PolicyVersion, P>
*
* @return unmodifiable iterator over versions from oldest to latest
*/
public UnmodifiableIterator<Entry<PolicyVersion, P>> oldestToLatestIterator()
{
public UnmodifiableIterator<Entry<PolicyVersion, P>> oldestToLatestIterator() {
/*
* The map is sorted from latest to oldest by default, so "descending" in this case means from oldest to latest
*/
......@@ -185,8 +180,7 @@ public final class PolicyVersions<P> implements Iterable<Entry<PolicyVersion, P>
*
* @return versions from latest to oldest
*/
public NavigableSet<PolicyVersion> latestToOldestSet()
{
public NavigableSet<PolicyVersion> latestToOldestSet() {
return policiesByVersion.keySet();
}
}
......@@ -33,7 +33,7 @@
<dependency>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-core-pdp-api</artifactId>
<version>13.0.0</version>
<version>13.0.1-SNAPSHOT</version>
</dependency>
<!-- /AuthzForce dependencies -->
<!-- Test dependencies -->
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment