Commit 6075e6e2 authored by cdanger's avatar cdanger

Merge branch 'release/12.0.0'

parents 101c3ecb 4e2a4e99
......@@ -7,6 +7,18 @@ All notable changes to this project are documented in this file following the [K
- Issues reported on [OW2's GitLab](https://gitlab.ow2.org/authzforce/core/issues) are referenced in the form of `[GL-N]`, where N is the issue number.
## 12.0.0
### Changed
- Dependency authzforce-ce-core-pdp-api: version 13.0.0 -> 14.0.0; changes APIs for PDP AttributeProvider and DecisionCache extensions:
- Interface method DecisionCache.Factory#getInstance(...): added EnvironmentProperties parameter to allow passing environment properties to DecisionCache implementations
- Interface method AttributeProvider#get(...): replaced parameter type BagDatatype with Datatype to simplify AttributeProviders' code
### Added
- Base implementations of a few interfaces to help implementing unit tests for PDP extensions:
- BasePrimaryPolicyMetadata, implements PrimaryPolicyMetadata
- IndividualDecisionRequestContext, implements EvaluationContext
## 11.0.1
### Fixed
- [GL-6]: IllegalArgumentException when applying XACML 'map' function to substring with string bag as first arg
......
......@@ -231,18 +231,18 @@ If you are using the Java API with extensions configured by XML (Policy Provider
## Support
If you are experiencing any issue with this project, please report it on the [OW2 Issue Tracker](https://jira.ow2.org/browse/AUTHZFORCE/).
You should use [AuthzForce users' mailing list](https://mail.ow2.org/wws/info/authzforce-users) as first contact for any communication about AuthzForce: question, feature request, notification, potential issue (unconfirmed), etc.
If you are experiencing any bug with this project and you indeed confirm this is not an issue with your environment (contact the users mailing list first if you are unsure), please report it on the [OW2 Issue Tracker](https://jira.ow2.org/browse/AUTHZFORCE/).
Please include as much information as possible; the more we know, the better the chance of a quicker resolution:
* Software version
* Platform (OS and JRE)
* Stack traces generally really help! If in doubt include the whole thing; often exceptions get wrapped in other exceptions and the exception right near the bottom explains the actual error, not the first few lines at the top. It's very easy for us to skim-read past unnecessary parts of a stack trace.
* Stack traces generally really help! If in doubt, include the whole thing; often exceptions get wrapped in other exceptions and the exception right near the bottom explains the actual error, not the first few lines at the top. It's very easy for us to skim-read past unnecessary parts of a stack trace.
* Log output can be useful too; sometimes enabling DEBUG logging can help;
* Your code & configuration files are often useful.
If you wish to contact the developers for other reasons, use [AuthzForce contact mailing list](http://scr.im/azteam).
## Vulnerability reporting
## Security - Vulnerability reporting
If you want to report a vulnerability, you must do so on the [OW2 Issue Tracker](https://jira.ow2.org/browse/AUTHZFORCE/) with *Security Level* set to **Private**. Then, if the AuthzForce team can confirm it, they will change it to **Public** and set a fix version.
## Contributing
......
......@@ -3,7 +3,7 @@
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-core</artifactId>
<version>11.0.1</version>
<version>12.0.0</version>
<relativePath>..</relativePath>
</parent>
<artifactId>authzforce-ce-core-pdp-cli</artifactId>
......@@ -30,12 +30,12 @@
<dependency>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-core-pdp-engine</artifactId>
<version>11.0.1</version>
<version>12.0.0</version>
</dependency>
<dependency>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-core-pdp-io-xacml-json</artifactId>
<version>11.0.1</version>
<version>12.0.0</version>
</dependency>
<dependency>
<groupId>org.testng</groupId>
......@@ -46,7 +46,7 @@
<dependency>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-core-pdp-testutils</artifactId>
<version>11.0.1</version>
<version>12.0.0</version>
<scope>test</scope>
</dependency>
</dependencies>
......
org.ow2.authzforce.core.pdp.io.xacml.json.SingleDecisionXacmlJsonRequestPreprocessor$LaxVariantFactory
org.ow2.authzforce.core.pdp.io.xacml.json.SingleDecisionXacmlJsonRequestPreprocessor$StrictVariantFactory
org.ow2.authzforce.core.pdp.io.xacml.json.BaseXacmlJsonResultPostprocessor$Factory
......@@ -3,7 +3,7 @@
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-core</artifactId>
<version>11.0.1</version>
<version>12.0.0</version>
<relativePath>..</relativePath>
</parent>
<artifactId>authzforce-ce-core-pdp-engine</artifactId>
......
......@@ -60,8 +60,8 @@ public final class PdpExtensions
/**
* Types of zero-conf (non-JAXB-bound) extension
*/
private static final Set<Class<? extends PdpExtension>> NON_JAXB_BOUND_EXTENSION_CLASSES = HashCollections.newImmutableSet(Arrays.asList(AttributeValueFactory.class, Function.class,
CombiningAlg.class, DecisionRequestPreprocessor.Factory.class, DecisionResultPostprocessor.Factory.class));
private static final Set<Class<? extends PdpExtension>> NON_JAXB_BOUND_EXTENSION_CLASSES = HashCollections
.newImmutableSet(Arrays.asList(AttributeValueFactory.class, Function.class, CombiningAlg.class, DecisionRequestPreprocessor.Factory.class, DecisionResultPostprocessor.Factory.class));
/*
* For each type of zero-conf (non-JAXB-bound) extension, have a map (extension ID -> extension instance), so that the extension ID is scoped to the extension type among the ones listed in
......@@ -241,8 +241,8 @@ public final class PdpExtensions
if (!(ext instanceof CloseableRefPolicyProvider.Factory))
{
throw new IllegalArgumentException("No PDP extension of type " + CloseableRefPolicyProvider.Factory.class
+ " (Reference-based Policy Provider factory) supporting JAXB/XML (configuration) type: " + jaxbConfClass);
throw new IllegalArgumentException(
"No PDP extension of type " + CloseableRefPolicyProvider.Factory.class + " (Reference-based Policy Provider factory) supporting JAXB/XML (configuration) type: " + jaxbConfClass);
}
return (CloseableRefPolicyProvider.Factory<REF_POLICY_PROVIDER_CONF>) ext;
......@@ -271,8 +271,8 @@ public final class PdpExtensions
if (!(ext instanceof RootPolicyProvider.Factory))
{
throw new IllegalArgumentException("No PDP extension of type " + RootPolicyProvider.Factory.class + " (Root Policy Provider factory) supporting JAXB/XML (configuration) type: "
+ jaxbConfClass);
throw new IllegalArgumentException(
"No PDP extension of type " + RootPolicyProvider.Factory.class + " (Root Policy Provider factory) supporting JAXB/XML (configuration) type: " + jaxbConfClass);
}
return (RootPolicyProvider.Factory<ROOT_POLICY_PROVIDER_CONF>) ext;
......@@ -287,7 +287,7 @@ public final class PdpExtensions
* @throws java.lang.IllegalArgumentException
* if there is no extension of type {@link org.ow2.authzforce.core.pdp.api.DecisionCache.Factory} supporting {@code jaxbPdpExtensionClass}
*/
public static <DECISION_CACHE_CONF extends AbstractDecisionCache> DecisionCache.Factory<DECISION_CACHE_CONF> getDecisionCacheFactory(final DECISION_CACHE_CONF jaxbConfClass)
public static <DECISION_CACHE_CONF extends AbstractDecisionCache> DecisionCache.Factory<DECISION_CACHE_CONF> getDecisionCacheFactory(final Class<DECISION_CACHE_CONF> jaxbConfClass)
{
final JaxbBoundPdpExtension<DECISION_CACHE_CONF> ext = (JaxbBoundPdpExtension<DECISION_CACHE_CONF>) JAXB_BOUND_EXTENSIONS_BY_JAXB_CLASS.get(jaxbConfClass);
if (ext == null)
......
......@@ -30,17 +30,6 @@ import java.util.Optional;
import javax.xml.namespace.QName;
import net.sf.saxon.s9api.SaxonApiException;
import net.sf.saxon.s9api.XPathCompiler;
import net.sf.saxon.s9api.XPathExecutable;
import net.sf.saxon.s9api.XPathSelector;
import net.sf.saxon.s9api.XdmAtomicValue;
import net.sf.saxon.s9api.XdmItem;
import net.sf.saxon.s9api.XdmNode;
import net.sf.saxon.s9api.XdmValue;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeSelectorType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType;
import org.ow2.authzforce.core.pdp.api.AttributeFqn;
import org.ow2.authzforce.core.pdp.api.AttributeFqns;
import org.ow2.authzforce.core.pdp.api.AttributeProvider;
......@@ -58,6 +47,17 @@ import org.ow2.authzforce.core.pdp.api.value.StandardDatatypes;
import org.ow2.authzforce.core.pdp.api.value.XPathValue;
import org.ow2.authzforce.xacml.identifiers.XacmlStatusCode;
import net.sf.saxon.s9api.SaxonApiException;
import net.sf.saxon.s9api.XPathCompiler;
import net.sf.saxon.s9api.XPathExecutable;
import net.sf.saxon.s9api.XPathSelector;
import net.sf.saxon.s9api.XdmAtomicValue;
import net.sf.saxon.s9api.XdmItem;
import net.sf.saxon.s9api.XdmNode;
import net.sf.saxon.s9api.XdmValue;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeSelectorType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType;
/**
* Static utility methods pertaining to {@link AttributeSelectorExpression} instances.
*
......@@ -102,7 +102,8 @@ public final class AttributeSelectorExpressions
// the logger we'll use for all messages
// private static final Logger LOGGER = LoggerFactory.getLogger(AttributeSelector.class);
private static final IllegalArgumentException NULL_XACML_ATTRIBUTE_SELECTOR_EXCEPTION = new IllegalArgumentException("AttributeSelector's input XACML/JAXB AttributeSelector element undefined");
private static final IllegalArgumentException NULL_XACML_ATTRIBUTE_SELECTOR_EXCEPTION = new IllegalArgumentException(
"AttributeSelector's input XACML/JAXB AttributeSelector element undefined");
private static final IllegalArgumentException NULL_XPATH_COMPILER_EXCEPTION = new IllegalArgumentException("XPath version/compiler undefined but required for AttributeSelector evaluation");
private static final IllegalArgumentException NULL_ATTRIBUTE_FACTORY_EXCEPTION = new IllegalArgumentException("AttributeSelector's returnType factory undefined");
......@@ -128,7 +129,7 @@ public final class AttributeSelectorExpressions
*/
case TEXT:
otherAttributes = Collections.emptyMap();
content = Collections.<Serializable> singletonList(nodeStrVal);
content = Collections.<Serializable>singletonList(nodeStrVal);
break;
/*
......@@ -365,7 +366,7 @@ public final class AttributeSelectorExpressions
if (xpathEvalResultItem instanceof XdmAtomicValue)
{
final String strVal = xpathEvalResultItem.getStringValue();
jaxbAttrVal = new AttributeValueType(Collections.<Serializable> singletonList(strVal), attributeDatatype.getId(), null);
jaxbAttrVal = new AttributeValueType(Collections.<Serializable>singletonList(strVal), attributeDatatype.getId(), null);
}
else if (xpathEvalResultItem instanceof XdmNode)
{
......@@ -376,10 +377,11 @@ public final class AttributeSelectorExpressions
catch (final IllegalArgumentException e)
{
final Optional<String> contextSelectorId = attributeSelectorId.getContextSelectorId();
throw new IndeterminateEvaluationException(this + ": Error creating attribute value of type '" + attributeDatatype + "' from result #" + xpathEvalResultItemIndex
+ " of evaluating XPath against XML node from Content of Attributes Category='" + attributeSelectorId.getCategory()
+ (contextSelectorId == null ? "" : "' selected by ContextSelectorId='" + contextSelectorId + "'") + ": " + xpathEvalResultItem, XacmlStatusCode.SYNTAX_ERROR.value(),
e);
throw new IndeterminateEvaluationException(
this + ": Error creating attribute value of type '" + attributeDatatype + "' from result #" + xpathEvalResultItemIndex
+ " of evaluating XPath against XML node from Content of Attributes Category='" + attributeSelectorId.getCategory()
+ (contextSelectorId == null ? "" : "' selected by ContextSelectorId='" + contextSelectorId + "'") + ": " + xpathEvalResultItem,
XacmlStatusCode.SYNTAX_ERROR.value(), e);
}
}
else
......@@ -399,9 +401,11 @@ public final class AttributeSelectorExpressions
catch (final IllegalArgumentException e)
{
final Optional<String> contextSelectorId = attributeSelectorId.getContextSelectorId();
throw new IndeterminateEvaluationException(this + ": Error creating attribute value of type '" + attributeDatatype + "' from result #" + xpathEvalResultItemIndex
+ " of evaluating XPath against XML node from Content of Attributes Category='" + attributeSelectorId.getCategory() + "'"
+ (contextSelectorId == null ? "" : " selected by ContextSelectorId='" + contextSelectorId + "'") + ": " + xpathEvalResultItem, XacmlStatusCode.SYNTAX_ERROR.value(), e);
throw new IndeterminateEvaluationException(
this + ": Error creating attribute value of type '" + attributeDatatype + "' from result #" + xpathEvalResultItemIndex
+ " of evaluating XPath against XML node from Content of Attributes Category='" + attributeSelectorId.getCategory() + "'"
+ (contextSelectorId == null ? "" : " selected by ContextSelectorId='" + contextSelectorId + "'") + ": " + xpathEvalResultItem,
XacmlStatusCode.SYNTAX_ERROR.value(), e);
}
resultBag.add(attributeDatatype.cast(attrVal));
......@@ -446,8 +450,9 @@ public final class AttributeSelectorExpressions
}
catch (final SaxonApiException e)
{
throw new IndeterminateEvaluationException(this + ": Error evaluating XPath = '" + contextPathEvaluator.get().getUnderlyingExpression().getInternalExpression().toString()
+ "' against <Content> element", XacmlStatusCode.PROCESSING_ERROR.value(), e);
throw new IndeterminateEvaluationException(
this + ": Error evaluating XPath = '" + contextPathEvaluator.get().getUnderlyingExpression().getInternalExpression().toString() + "' against <Content> element",
XacmlStatusCode.PROCESSING_ERROR.value(), e);
}
if (finalXPathEvaluationContextItem == null)
......@@ -644,7 +649,7 @@ public final class AttributeSelectorExpressions
@Override
protected XdmItem getFinalXPathEvaluationContextItem(final XdmNode contentElement, final EvaluationContext context) throws IndeterminateEvaluationException
{
final Bag<XPathValue> bag = attrProvider.get(contextSelectorFQN, StandardDatatypes.XPATH.getBagDatatype(), context);
final Bag<XPathValue> bag = attrProvider.get(contextSelectorFQN, StandardDatatypes.XPATH, context);
if (bag == null)
{
throw this.missingAttributeForUnknownReasonException;
......
......@@ -19,8 +19,6 @@ package org.ow2.authzforce.core.pdp.impl.expression;
import java.util.Optional;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
import org.ow2.authzforce.core.pdp.api.AttributeFqn;
import org.ow2.authzforce.core.pdp.api.AttributeFqns;
import org.ow2.authzforce.core.pdp.api.AttributeProvider;
......@@ -34,6 +32,8 @@ import org.ow2.authzforce.core.pdp.api.value.Bags;
import org.ow2.authzforce.core.pdp.api.value.Datatype;
import org.ow2.authzforce.xacml.identifiers.XacmlStatusCode;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
/**
* AttributeDesignator evaluator initialized with and using an {@link AttributeProvider} to retrieve the attribute value not only from the request but also possibly from extra Attribute Provider
* modules (so-called XACML PIPs) (PDP extensions)
......@@ -98,8 +98,8 @@ public final class GenericAttributeProviderBasedAttributeDesignatorExpression<AV
this.mustBePresentEnforcer = mustBePresent ? new Bags.NonEmptinessValidator(missingAttributeMessage) : Bags.DUMB_VALIDATOR;
this.missingAttributeForUnknownReasonException = new IndeterminateEvaluationException(missingAttributeMessage + " for unknown reason", XacmlStatusCode.MISSING_ATTRIBUTE.value());
this.missingAttributeBecauseNullContextException = new IndeterminateEvaluationException("Missing Attributes/Attribute for evaluation of AttributeDesignator '" + this.attrGUID
+ "' because request context undefined", XacmlStatusCode.MISSING_ATTRIBUTE.value());
this.missingAttributeBecauseNullContextException = new IndeterminateEvaluationException(
"Missing Attributes/Attribute for evaluation of AttributeDesignator '" + this.attrGUID + "' because request context undefined", XacmlStatusCode.MISSING_ATTRIBUTE.value());
}
@Override
......@@ -127,7 +127,7 @@ public final class GenericAttributeProviderBasedAttributeDesignatorExpression<AV
throw missingAttributeBecauseNullContextException;
}
final Bag<AV> bag = attrProvider.get(attrGUID, this.returnType, context);
final Bag<AV> bag = attrProvider.get(attrGUID, this.returnType.getElementType(), context);
if (bag == null)
{
throw this.missingAttributeForUnknownReasonException;
......
/**
* Copyright 2012-2018 Thales Services SAS.
*
* This file is part of AuthzForce CE.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.ow2.authzforce.core.pdp.impl.io;
import org.ow2.authzforce.core.pdp.api.DecisionResultPostprocessor;
import org.ow2.authzforce.core.pdp.api.io.BaseXacmlJaxbResultPostprocessor;
import org.ow2.authzforce.core.pdp.api.io.IndividualXacmlJaxbRequest;
import org.ow2.authzforce.core.pdp.api.io.BaseXacmlJaxbResultPostprocessor.Factory;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Response;
/**
*
* Default factory creating instances of {@link BaseXacmlJaxbResultPostprocessor}
*
*/
public final class DefaultXacmlJaxbResultPostprocessorFactory extends Factory
{
/**
* Result postprocessor ID, as returned by {@link #getId()}
*/
public static final String ID = "urn:ow2:authzforce:feature:pdp:result-postproc:xacml-xml:default";
/**
* No-arg constructor
*/
public DefaultXacmlJaxbResultPostprocessorFactory()
{
super(ID);
}
@Override
public DecisionResultPostprocessor<IndividualXacmlJaxbRequest, Response> getInstance(final int clientRequestErrorVerbosityLevel)
{
return new BaseXacmlJaxbResultPostprocessor(clientRequestErrorVerbosityLevel);
}
}
\ No newline at end of file
/**
* Copyright 2012-2018 Thales Services SAS.
*
* This file is part of AuthzForce CE.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.ow2.authzforce.core.pdp.impl.policy;
import java.util.Objects;
import java.util.Optional;
import org.ow2.authzforce.core.pdp.api.policy.PolicyVersion;
import org.ow2.authzforce.core.pdp.api.policy.PrimaryPolicyMetadata;
import org.ow2.authzforce.core.pdp.api.policy.TopLevelPolicyElementType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyIssuer;
/**
* Base implementation of {@link PrimaryPolicyMetadata}
* <p>
* NB: This class does not support Issuer and Description metadata (returns none). Extend this if you need to support Issuer and Description metadata
*/
public class BasePrimaryPolicyMetadata implements PrimaryPolicyMetadata
{
private final TopLevelPolicyElementType type;
private final String id;
private final PolicyVersion version;
private transient volatile String toString = null;
private transient volatile int hashCode = 0;
/**
* Creates instance from policy type, identifier and version
*
* @param type
* policy type (Policy or PolicySet)
* @param id
* identifier
* @param version
* version
*/
public BasePrimaryPolicyMetadata(final TopLevelPolicyElementType type, final String id, final PolicyVersion version)
{
assert type != null && id != null && version != null;
this.type = type;
this.id = id;
this.version = version;
}
@Override
public TopLevelPolicyElementType getType() {
return this.type;
}
@Override
public String getId() {
return this.id;
}
@Override
public PolicyVersion getVersion() {
return this.version;
}
@Override
public String toString() {
if (toString == null)
{
this.toString = type + "[" + id + "#v" + version + "]";
}
return toString;
}
/*
* (non-Javadoc)
*
* @see java.lang.Object#hashCode()
*/
@Override
public int hashCode() {
if (hashCode == 0)
{
/*
* Note that we ignore the PolicyIssuer in the hashCode because it is ignored/unused as well in PolicyIdReferences. So we consider it is useless for identification in the XACML model.
*/
this.hashCode = Objects.hash(type, id, version);
}
return hashCode;
}
/*
* (non-Javadoc)
*
* @see java.lang.Object#equals(java.lang.Object)
*/
@Override
public boolean equals(final Object obj) {
if (this == obj)
{
return true;
}
if (obj == null)
{
return false;
}
if (!(obj instanceof PrimaryPolicyMetadata))
{
return false;
}
final PrimaryPolicyMetadata other = (PrimaryPolicyMetadata) obj;
return this.type.equals(other.getType()) && this.id.equals(other.getId()) && this.version.equals(other.getVersion());
}
@Override
public Optional<PolicyIssuer> getIssuer() {
// TODO: support PolicyIssuer. This field is relevant only to XACML Administrative Profile which is not supported here.
return Optional.empty();
}
@Override
public Optional<String> getDescription() {
/*
* TODO: support Description. This field has no use in policy evaluation, therefore not a priority.
*/
return Optional.empty();
}
}
\ No newline at end of file
......@@ -19,24 +19,24 @@ package org.ow2.authzforce.core.pdp.impl.policy;
import java.util.Optional;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.IdReferenceType;
import org.ow2.authzforce.core.pdp.api.EnvironmentProperties;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.XmlUtils.XmlnsFilteringParserFactory;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgRegistry;
import org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory;
import org.ow2.authzforce.core.pdp.api.policy.CloseableRefPolicyProvider;
import org.ow2.authzforce.core.pdp.api.policy.PolicyVersionPatterns;
import org.ow2.authzforce.core.pdp.api.policy.RootPolicyProvider;
import org.ow2.authzforce.core.pdp.api.policy.StaticRefPolicyProvider;
import org.ow2.authzforce.core.pdp.api.policy.StaticRootPolicyProvider;
import org.ow2.authzforce.core.pdp.api.policy.StaticTopLevelPolicyElementEvaluator;
import org.ow2.authzforce.core.pdp.api.policy.TopLevelPolicyElementType;
import org.ow2.authzforce.core.pdp.api.policy.VersionPatterns;
import org.ow2.authzforce.core.xmlns.pdp.StaticRefBasedRootPolicyProvider;
import com.google.common.base.Preconditions;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.IdReferenceType;
/**
* This Root policy provider retrieves the root policy from a {@link CloseableRefPolicyProvider} statically (once and for all), based on a XACML PolicySetIdReference.
*/
......@@ -55,15 +55,13 @@ public class CoreRefBasedRootPolicyProvider implements StaticRootPolicyProvider
{
@Override
public Class<StaticRefBasedRootPolicyProvider> getJaxbClass()
{
public Class<StaticRefBasedRootPolicyProvider> getJaxbClass() {
return StaticRefBasedRootPolicyProvider.class;
}
@Override
public RootPolicyProvider getInstance(final StaticRefBasedRootPolicyProvider jaxbConf, final XmlnsFilteringParserFactory xacmlParserFactory, final ExpressionFactory expressionFactory,
final CombiningAlgRegistry combiningAlgRegistry, final Optional<CloseableRefPolicyProvider> optionalRefPolicyProvider, final EnvironmentProperties environmentProperties)
{
final CombiningAlgRegistry combiningAlgRegistry, final Optional<CloseableRefPolicyProvider> optionalRefPolicyProvider, final EnvironmentProperties environmentProperties) {
Preconditions.checkNotNull(jaxbConf, ILLEGAL_XML_CONF_ARG_MESSAGE);
Preconditions.checkArgument(optionalRefPolicyProvider.isPresent(), NULL_REF_POLICY_PROVIDER_CONF_MESSAGE);
return new CoreRefBasedRootPolicyProvider(jaxbConf.getPolicyRef(), optionalRefPolicyProvider.get());
......@@ -87,36 +85,34 @@ public class CoreRefBasedRootPolicyProvider implements StaticRootPolicyProvider
{
Preconditions.checkNotNull(policyRef, ILLEGAL_XACML_POLICY_REF_ARG_MESSAGE);
Preconditions.checkNotNull(refPolicyProvider, NULL_REF_POLICY_PROVIDER_CONF_MESSAGE);
Preconditions.checkArgument(refPolicyProvider instanceof StaticRefPolicyProvider, "RefPolicyProvider arg '" + refPolicyProvider + "' incompatible with "
+ CoreRefBasedRootPolicyProvider.class + ". Expected: instance of " + StaticRefPolicyProvider.class + ". Make sure the PDP extension of type "
+ CloseableRefPolicyProvider.Factory.class + " corresponding to the refPolicyProvider in PDP configuration can create instances of " + StaticRefPolicyProvider.class);
Preconditions.checkArgument(refPolicyProvider instanceof StaticRefPolicyProvider,
"RefPolicyProvider arg '" + refPolicyProvider + "' incompatible with " + CoreRefBasedRootPolicyProvider.class + ". Expected: instance of " + StaticRefPolicyProvider.class
+ ". Make sure the PDP extension of type " + CloseableRefPolicyProvider.Factory.class + " corresponding to the refPolicyProvider in PDP configuration can create instances of "
+ StaticRefPolicyProvider.class);
final String policySetId = policyRef.getValue();
final VersionPatterns versionPatterns = new VersionPatterns(policyRef.getVersion(), policyRef.getEarliestVersion(), policyRef.getLatestVersion());
final PolicyVersionPatterns PolicyVersionPatterns = new PolicyVersionPatterns(policyRef.getVersion(), policyRef.getEarliestVersion(), policyRef.getLatestVersion());
try
{
rootPolicy = ((StaticRefPolicyProvider) refPolicyProvider).get(TopLevelPolicyElementType.POLICY_SET, policySetId, Optional.of(versionPatterns), null);
}
catch (final IndeterminateEvaluationException e)
rootPolicy = ((StaticRefPolicyProvider) refPolicyProvider).get(TopLevelPolicyElementType.POLICY_SET, policySetId, Optional.of(PolicyVersionPatterns), null);
} catch (final IndeterminateEvaluationException e)
{
throw new IllegalArgumentException("Failed to find a root PolicySet with id = '" + policySetId + "', " + versionPatterns, e);
throw new IllegalArgumentException("Failed to find a root PolicySet with id = '" + policySetId + "', " + PolicyVersionPatterns, e);
}
if (rootPolicy == null)
{
throw new IllegalArgumentException("No policy found by the refPolicyProvider for the specified PolicySetIdReference: PolicySetId = '" + policySetId + "'; " + versionPatterns);
throw new IllegalArgumentException("No policy found by the refPolicyProvider for the specified PolicySetIdReference: PolicySetId = '" + policySetId + "'; " + PolicyVersionPatterns);
}
}
@Override
public StaticTopLevelPolicyElementEvaluator getPolicy()
{
public StaticTopLevelPolicyElementEvaluator getPolicy() {
return rootPolicy;
}
@Override
public void close()
{
public void close() {
// Nothing to close - erase exception from the close() signature
}
}
......@@ -24,7 +24,7 @@ import java.util.Set;
import org.ow2.authzforce.core.pdp.api.HashCollections;
import org.ow2.authzforce.core.pdp.api.policy.PolicyVersion;
import org.ow2.authzforce.core.pdp.api.policy.VersionPatterns;
import org.ow2.authzforce.core.pdp.api.policy.PolicyVersionPatterns;
/**
* Map that provides convenient access to a policy based on the policy ID and version pattern to help resolve policy references
......@@ -63,12 +63,11 @@ public final class PolicyMap<P>
*
* @param id
* policy ID
* @param versionPatterns
* @param PolicyVersionPatterns
* patterns that the returned policy version must match
* @return policy version latest version of policy with ID {@code id} and version matching {@code versionPatterns}
* @return policy version latest version of policy with ID {@code id} and version matching {@code PolicyVersionPatterns}
*/
public Entry<PolicyVersion, P> get(final String id, final Optional<VersionPatterns> versionPatterns)
{
public Entry<PolicyVersion, P> get(final String id, final Optional<PolicyVersionPatterns> PolicyVersionPatterns) {
final PolicyVersions<P> policyVersions = policiesById.get(id);
// id not matched
if (policyVersions == null)
......@@ -76,7 +75,7 @@ public final class PolicyMap<P>
return null;
}
return policyVersions.getLatest(versionPatterns);
return policyVersions.getLatest(PolicyVersionPatterns);
}
/**
......@@ -84,8 +83,7 @@ public final class PolicyMap<P>
*
* @return all policies (with versions)
*/
public Set<Entry<String, PolicyVersions<P>>> entrySet()
{
public Set<Entry<String, PolicyVersions<P>>> entrySet() {
return policiesById.entrySet();
}
}
\ No newline at end of file
......@@ -25,7 +25,7 @@ import java.util.NavigableSet;
import java.util.Optional;
import org.ow2.authzforce.core.pdp.api.policy.PolicyVersion;
import org.ow2.authzforce.core.pdp.api.policy.VersionPatterns;
import org.ow2.authzforce.core.pdp.api.policy.PolicyVersionPatterns;
import com.google.common.collect.ImmutableSortedMap;
import com.google.common.collect.UnmodifiableIterator;
......@@ -33,8 +33,8 @@ import com.google.common.collect.UnmodifiableIterator;
/**
* Policy versions sorted from latest version to oldest.
* <p>
* The choice to have the latest version in first position is motivated by §5.10 of XACML core spec:
* "In the case that more than one matching version can be obtained, then the most recent one SHOULD be used."
* The choice to have the latest version in first position is motivated by §5.10 of XACML core spec: "In the case that more than one matching version can be obtained, then the most recent one SHOULD
* be used."
*
* @param <P>
* policy type (or any other type of data corresponding to a specific policy version)
......@@ -53,7 +53,7 @@ public final class PolicyVersions<P> implements Iterable<Entry<PolicyVersion, P>
*/
public PolicyVersions(final Map<PolicyVersion, P> versions)
{
policiesByVersion = versions == null ? ImmutableSortedMap.<PolicyVersion, P> of() : ImmutableSortedMap.copyOf(versions, Collections.reverseOrder());
policiesByVersion = versions == null ? ImmutableSortedMap.<PolicyVersion, P>of() : ImmutableSortedMap.copyOf(versions, Collections.reverseOrder());
}
/**
......@@ -63,25 +63,23 @@ public final class PolicyVersions<P> implements Iterable<Entry<PolicyVersion, P>
* policy version
* @return policy
*/
public P get(final PolicyVersion version)
{
public P get(final PolicyVersion version) {
return policiesByVersion.get(version);
}
/**
* Get latest policy version matching specific version patterns
*