Commit 6e76fef7 authored by cdanger's avatar cdanger

- Renamed PolicyDecisionResult back to DecisionResult (more generic

since it is used for Rules as well, not just Policies)
- Updated CHANGELOG with latest developments and missing releases
- Updated README content to be relevant to authzforce core. Old content
moved to another project (authzforce server/rest service)
- Added sample pdp-ext.xsd

 
parent 438ce239
This diff is collapsed.
# AuthZForce Core
PDP engine implementation of the XACML 3.0 Core and part of the Multiple Decision Profile (section 2.3, i.e. repetition of attribute categories) specifications. For further details on what is actually supported with regards to the specifications, please refer to `src/test/resources/conformance/xacml-3.0-from-2.0-ct/README.md`.
PDP engine implementation of the XACML 3.0 Core and part of the Multiple Decision Profile (section 2.3, i.e. repetition of attribute categories) specifications. For further details on what is actually supported with regards to the specifications, please refer to the conformance tests [README](src/test/resources/conformance/xacml-3.0-from-2.0-ct/README.md).
## Versions
See the [change log file](CHANGELOG.md) according to the *Keep a CHANGELOG* [conventions](http://keepachangelog.com/).
## License
See the [license file](LICENSE.txt).
## Getting started
To get started using a PDP to evaluate XACML requests, instantiate a new PDP instance with one of the methods: `org.ow2.authzforce.core.PdpConfigurationParser#getPDP(...)`. The parameters are:
1. location of the configuration file (mandatory): this file must be an XML document compliant with schema `src/main/resources/pdp.xsd`. You can read the documentation of every configuration parameter in that file.
1. location of the XML catalog (optional, required only if using one or more XML-schema-defined PDP extensions): used to resolve the PDP configuration schema and other imported schemas/DTDs, and schemas of any PDP extension namespace used in the configuration file. An example of such file is located at `src/main/resources/catalog.xml`. This is the one used by default if none specified.
1. location of the PDP extensions schema file (optional, required only if using one or more PDP extensions): contains imports of namespaces corresponding to XML schemas of all XML-schema-defined PDP extensions to be used in the configuration file. Used for validation of PDP extensions configuration. The actual schema locations are resolved by the XML catalog parameter.
1. Location of the configuration file (mandatory): this file must be an XML document compliant with the PDP configuration [XML schema](src/main/resources/pdp.xsd). You can read the documentation of every configuration parameter in that file.
1. Location of the XML catalog (optional, required only if using one or more XML-schema-defined PDP extensions): used to resolve the PDP configuration schema and other imported schemas/DTDs, and schemas of any PDP extension namespace used in the configuration file. You may use the [catalog](src/main/resources/catalog.xml) in the sources as an example. This is the one used by default if none specified.
1. Location of the PDP extensions schema file (optional, required only if using one or more PDP extensions): contains imports of namespaces corresponding to XML schemas of all XML-schema-defined PDP extensions to be used in the configuration file. Used for validation of PDP extensions configuration. The actual schema locations are resolved by the XML catalog parameter. You may use the [pdp-ext.xsd](src/test/resources/pdp-ext.xsd) in the sources as an example.
Once you have a PDP instance. You can evaluate a XACML request by calling one of the `PDP#evaluate(...)` methods.
Our PDP implementation uses SLF4J for logging so you can use any SLF4J implementation to manage logging. As an example, we use logback for testing, so you can use [logback.xml](src/test/resources/logback.xml) as an example for configuring loggers, appenders, etc.
......@@ -3,10 +3,10 @@
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-parent</artifactId>
<version>3.3.3-SNAPSHOT</version>
<version>3.3.3</version>
</parent>
<artifactId>authzforce-ce-core</artifactId>
<version>3.5.9-SNAPSHOT</version>
<version>3.6.0-SNAPSHOT</version>
<name>${project.groupId}:${project.artifactId}</name>
<description>AuthZForce Community Edition - XACML-compliant Core Engine</description>
<url>https://tuleap.ow2.org/projects/authzforce</url>
......
......@@ -23,7 +23,7 @@
*/
package com.sun.xacml;
import org.ow2.authzforce.core.PolicyDecisionResult;
import org.ow2.authzforce.core.DecisionResult;
import org.ow2.authzforce.core.StatusHelper;
/**
......@@ -79,9 +79,9 @@ public class ParsingException extends Exception
*
* @return "Indeterminate" DecisionResult
*/
public PolicyDecisionResult getIndeterminateResult()
public DecisionResult getIndeterminateResult()
{
return new PolicyDecisionResult(new StatusHelper(StatusHelper.STATUS_SYNTAX_ERROR, this.getMessage()));
return new DecisionResult(new StatusHelper(StatusHelper.STATUS_SYNTAX_ERROR, this.getMessage()));
}
}
......@@ -38,6 +38,6 @@ public interface Decidable
*
* @return the result of evaluation
*/
PolicyDecisionResult evaluate(EvaluationContext context);
DecisionResult evaluate(EvaluationContext context);
}
......@@ -31,24 +31,24 @@ import oasis.names.tc.xacml._3_0.core.schema.wd_17.Status;
* Attributes to be included in the final Result; and Obligations/Advices are packaged together in a {@link PepActions} field.
*
*/
public final class PolicyDecisionResult
public final class DecisionResult
{
private static final IllegalArgumentException ILLEGAL_DECISION_ARGUMENT_EXCEPTION = new IllegalArgumentException("Undefined Decision");
/**
* NotApplicable decision result
*/
public static final PolicyDecisionResult NOT_APPLICABLE = new PolicyDecisionResult(DecisionType.NOT_APPLICABLE, null);
public static final DecisionResult NOT_APPLICABLE = new DecisionResult(DecisionType.NOT_APPLICABLE, null);
/**
* Deny result with no obligation/advice/Included attribute/policy identifiers. Deny decision and nothing else.
*/
public static final PolicyDecisionResult DENY = new PolicyDecisionResult(DecisionType.DENY, null);
public static final DecisionResult DENY = new DecisionResult(DecisionType.DENY, null);
/**
* Permit result with no obligation/advice/Included attribute/policy identifiers. Permit decision and nothing else.
*/
public static final PolicyDecisionResult PERMIT = new PolicyDecisionResult(DecisionType.PERMIT, null);
public static final DecisionResult PERMIT = new DecisionResult(DecisionType.PERMIT, null);
private final DecisionType decision;
......@@ -72,7 +72,7 @@ public final class PolicyDecisionResult
* @param policyIdentifierList
* list of matched policy identifiers
*/
public PolicyDecisionResult(DecisionType decision, Status status, PepActions pepActions, List<JAXBElement<IdReferenceType>> policyIdentifierList)
public DecisionResult(DecisionType decision, Status status, PepActions pepActions, List<JAXBElement<IdReferenceType>> policyIdentifierList)
{
if (decision == null)
{
......@@ -92,7 +92,7 @@ public final class PolicyDecisionResult
* @param status
* reason/code for Indeterminate
*/
public PolicyDecisionResult(Status status)
public DecisionResult(Status status)
{
this(DecisionType.INDETERMINATE, status, null, null);
}
......@@ -106,7 +106,7 @@ public final class PolicyDecisionResult
* @param pepActions
* PEP actions (obligations/advices)
*/
public PolicyDecisionResult(DecisionType decision, PepActions pepActions)
public DecisionResult(DecisionType decision, PepActions pepActions)
{
this(decision, null, pepActions, null);
}
......@@ -132,12 +132,12 @@ public final class PolicyDecisionResult
return true;
}
if (!(obj instanceof PolicyDecisionResult))
if (!(obj instanceof DecisionResult))
{
return false;
}
final PolicyDecisionResult other = (PolicyDecisionResult) obj;
final DecisionResult other = (DecisionResult) obj;
if (this.decision != other.decision)
{
return false;
......
......@@ -62,13 +62,13 @@ public class IndividualDecisionRequestEvaluator
namedAttributes.putAll(pdpIssuedAttributes);
final EvaluationContext ctx = new IndividualDecisionRequestContext(namedAttributes, request.getExtraContentsByCategory(),
request.isApplicablePolicyIdListReturned());
final PolicyDecisionResult result = rootPolicyEvaluator.findAndEvaluate(ctx);
if (result == PolicyDecisionResult.PERMIT)
final DecisionResult result = rootPolicyEvaluator.findAndEvaluate(ctx);
if (result == DecisionResult.PERMIT)
{
return PERMIT;
}
if (result == PolicyDecisionResult.DENY)
if (result == DecisionResult.DENY)
{
return DENY;
}
......
......@@ -21,7 +21,7 @@ package org.ow2.authzforce.core.combining;
import java.util.List;
import org.ow2.authzforce.core.Decidable;
import org.ow2.authzforce.core.PolicyDecisionResult;
import org.ow2.authzforce.core.DecisionResult;
import org.ow2.authzforce.core.EvaluationContext;
import org.ow2.authzforce.core.PdpExtension;
......@@ -52,7 +52,7 @@ public abstract class CombiningAlg<T extends Decidable> implements PdpExtension
*
* @return combined result
*/
PolicyDecisionResult eval(EvaluationContext context);
DecisionResult eval(EvaluationContext context);
}
// the identifier for the algorithm
......
......@@ -19,7 +19,7 @@ import java.util.Set;
import org.ow2.authzforce.core.Decidable;
import org.ow2.authzforce.core.EvaluationContext;
import org.ow2.authzforce.core.PolicyDecisionResult;
import org.ow2.authzforce.core.DecisionResult;
/**
* This is the standard XACML 3.0 Deny-Overrides policy/rule combining algorithm. It allows a single evaluation of Deny to take precedence over any number of
......@@ -39,22 +39,22 @@ public final class DenyOverridesAlg extends CombiningAlg<Decidable>
}
@Override
public PolicyDecisionResult eval(EvaluationContext context)
public DecisionResult eval(EvaluationContext context)
{
/*
* Replaces atLeastOneError from XACML spec. atLeastOneError == true <=> firstIndeterminateResult != null
*/
PolicyDecisionResult firstIndeterminateResult = null;
DecisionResult firstIndeterminateResult = null;
/*
* Replaces atLeastOnePermit from XACML spec. atLeastOnePermit == true <=> combinedPermitResult != null
*/
PolicyDecisionResult combinedPermitResult = null;
DecisionResult combinedPermitResult = null;
for (final Decidable combinedElement : combinedElements)
{
// evaluate the policy
final PolicyDecisionResult result = combinedElement.evaluate(context);
final DecisionResult result = combinedElement.evaluate(context);
switch (result.getDecision())
{
case DENY:
......@@ -93,7 +93,7 @@ public final class DenyOverridesAlg extends CombiningAlg<Decidable>
return combinedPermitResult;
}
return PolicyDecisionResult.NOT_APPLICABLE;
return DecisionResult.NOT_APPLICABLE;
}
}
......
......@@ -19,7 +19,7 @@ import oasis.names.tc.xacml._3_0.core.schema.wd_17.DecisionType;
import org.ow2.authzforce.core.Decidable;
import org.ow2.authzforce.core.EvaluationContext;
import org.ow2.authzforce.core.PolicyDecisionResult;
import org.ow2.authzforce.core.DecisionResult;
/**
* Deny-unless-permit combining algorithm
......@@ -39,13 +39,13 @@ public final class DenyUnlessPermitAlg extends CombiningAlg<Decidable>
}
@Override
public PolicyDecisionResult eval(EvaluationContext context)
public DecisionResult eval(EvaluationContext context)
{
PolicyDecisionResult combinedDenyResult = null;
DecisionResult combinedDenyResult = null;
for (Decidable combinedElement : combinedElements)
{
// make sure that the policy matches the context
final PolicyDecisionResult policyResult = combinedElement.evaluate(context);
final DecisionResult policyResult = combinedElement.evaluate(context);
final DecisionType decision = policyResult.getDecision();
switch (decision)
{
......@@ -66,7 +66,7 @@ public final class DenyUnlessPermitAlg extends CombiningAlg<Decidable>
}
}
return combinedDenyResult == null ? PolicyDecisionResult.DENY : combinedDenyResult;
return combinedDenyResult == null ? DecisionResult.DENY : combinedDenyResult;
}
}
......
......@@ -18,7 +18,7 @@ import java.util.List;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.DecisionType;
import org.ow2.authzforce.core.Decidable;
import org.ow2.authzforce.core.PolicyDecisionResult;
import org.ow2.authzforce.core.DecisionResult;
import org.ow2.authzforce.core.EvaluationContext;
/**
......@@ -39,12 +39,12 @@ public final class FirstApplicableAlg extends CombiningAlg<Decidable>
}
@Override
public PolicyDecisionResult eval(EvaluationContext context)
public DecisionResult eval(EvaluationContext context)
{
for (final Decidable combinedElement : combinedElements)
{
// evaluate the policy
final PolicyDecisionResult result = combinedElement.evaluate(context);
final DecisionResult result = combinedElement.evaluate(context);
final DecisionType decision = result.getDecision();
// in the case of PERMIT, DENY, or INDETERMINATE, we always
......@@ -57,7 +57,7 @@ public final class FirstApplicableAlg extends CombiningAlg<Decidable>
}
// if we got here, then none of the rules applied
return PolicyDecisionResult.NOT_APPLICABLE;
return DecisionResult.NOT_APPLICABLE;
}
}
......
......@@ -20,7 +20,7 @@ package org.ow2.authzforce.core.combining;
import java.util.List;
import org.ow2.authzforce.core.PolicyDecisionResult;
import org.ow2.authzforce.core.DecisionResult;
import org.ow2.authzforce.core.EvaluationContext;
import org.ow2.authzforce.core.IndeterminateEvaluationException;
import org.ow2.authzforce.core.StatusHelper;
......@@ -38,7 +38,7 @@ public class OnlyOneApplicableAlg extends CombiningAlg<IPolicyEvaluator>
{
private static final Logger LOGGER = LoggerFactory.getLogger(Evaluator.class);
private static final PolicyDecisionResult TOO_MANY_APPLICABLE_POLICIES_INDETERMINATE_RESULT = new PolicyDecisionResult(new StatusHelper(
private static final DecisionResult TOO_MANY_APPLICABLE_POLICIES_INDETERMINATE_RESULT = new DecisionResult(new StatusHelper(
StatusHelper.STATUS_PROCESSING_ERROR, "Too many (more than one) applicable policies for algorithm: " + ID));
private final List<? extends IPolicyEvaluator> policyElements;
......@@ -49,7 +49,7 @@ public class OnlyOneApplicableAlg extends CombiningAlg<IPolicyEvaluator>
}
@Override
public PolicyDecisionResult eval(EvaluationContext context)
public DecisionResult eval(EvaluationContext context)
{
// atLeastOne == true iff selectedPolicy != null
IPolicyEvaluator selectedPolicy = null;
......@@ -64,7 +64,7 @@ public class OnlyOneApplicableAlg extends CombiningAlg<IPolicyEvaluator>
} catch (IndeterminateEvaluationException e)
{
LOGGER.info("Error checking whether {} is applicable", policy, e);
return new PolicyDecisionResult(e.getStatus());
return new DecisionResult(e.getStatus());
}
if (isApplicable)
......@@ -88,7 +88,7 @@ public class OnlyOneApplicableAlg extends CombiningAlg<IPolicyEvaluator>
return selectedPolicy.evaluate(context, true);
}
return PolicyDecisionResult.NOT_APPLICABLE;
return DecisionResult.NOT_APPLICABLE;
}
}
......
......@@ -19,7 +19,7 @@ import java.util.Set;
import org.ow2.authzforce.core.Decidable;
import org.ow2.authzforce.core.EvaluationContext;
import org.ow2.authzforce.core.PolicyDecisionResult;
import org.ow2.authzforce.core.DecisionResult;
/**
* This is the standard Permit-Overrides policy/rule combining algorithm. It allows a single evaluation of Permit to take precedence over any number of deny,
......@@ -39,22 +39,22 @@ public final class PermitOverridesAlg extends CombiningAlg<Decidable>
}
@Override
public PolicyDecisionResult eval(EvaluationContext context)
public DecisionResult eval(EvaluationContext context)
{
/*
* Replaces and enhances atLeastOneError from XACML spec. atLeastOneError == true <=> firstIndeterminateResult != null
*/
PolicyDecisionResult firstIndeterminateResult = null;
DecisionResult firstIndeterminateResult = null;
/*
* Replaces and enhances atLeastOneDeny from XACML spec. atLeastOneDeny == true <=> combinedDenyResult != null
*/
PolicyDecisionResult combinedDenyResult = null;
DecisionResult combinedDenyResult = null;
for (final Decidable combinedElement : combinedElements)
{
// evaluate the policy
final PolicyDecisionResult result = combinedElement.evaluate(context);
final DecisionResult result = combinedElement.evaluate(context);
switch (result.getDecision())
{
case PERMIT:
......@@ -96,7 +96,7 @@ public final class PermitOverridesAlg extends CombiningAlg<Decidable>
return combinedDenyResult;
}
return PolicyDecisionResult.NOT_APPLICABLE;
return DecisionResult.NOT_APPLICABLE;
}
}
......
......@@ -21,7 +21,7 @@ import oasis.names.tc.xacml._3_0.core.schema.wd_17.DecisionType;
import org.ow2.authzforce.core.Decidable;
import org.ow2.authzforce.core.EvaluationContext;
import org.ow2.authzforce.core.PolicyDecisionResult;
import org.ow2.authzforce.core.DecisionResult;
/**
* permit-unless-deny policy algorithm
......@@ -40,13 +40,13 @@ public final class PermitUnlessDenyAlg extends CombiningAlg<Decidable>
}
@Override
public PolicyDecisionResult eval(EvaluationContext context)
public DecisionResult eval(EvaluationContext context)
{
PolicyDecisionResult combinedPermitResult = null;
DecisionResult combinedPermitResult = null;
for (Decidable combinedElement : combinedElements)
{
final PolicyDecisionResult result = combinedElement.evaluate(context);
final DecisionResult result = combinedElement.evaluate(context);
final DecisionType decision = result.getDecision();
switch (decision)
{
......@@ -67,7 +67,7 @@ public final class PermitUnlessDenyAlg extends CombiningAlg<Decidable>
}
}
return combinedPermitResult == null ? PolicyDecisionResult.PERMIT : combinedPermitResult;
return combinedPermitResult == null ? DecisionResult.PERMIT : combinedPermitResult;
}
}
......
......@@ -21,7 +21,7 @@ package org.ow2.authzforce.core.policy;
import java.util.Deque;
import java.util.List;
import org.ow2.authzforce.core.PolicyDecisionResult;
import org.ow2.authzforce.core.DecisionResult;
import org.ow2.authzforce.core.EvaluationContext;
import org.ow2.authzforce.core.IndeterminateEvaluationException;
import org.ow2.authzforce.core.StatusHelper;
......@@ -72,7 +72,7 @@ class DynamicPolicyRefEvaluator<T extends IPolicyEvaluator> extends PolicyRefere
}
@Override
public final PolicyDecisionResult evaluate(EvaluationContext context, boolean skipTarget)
public final DecisionResult evaluate(EvaluationContext context, boolean skipTarget)
{
// we must have found a policy
try
......@@ -81,7 +81,7 @@ class DynamicPolicyRefEvaluator<T extends IPolicyEvaluator> extends PolicyRefere
} catch (IndeterminateEvaluationException e)
{
LOGGER.info("Error resolving {} to the policy to evaluate in the request context", this, e);
return new PolicyDecisionResult(e.getStatus());
return new DecisionResult(e.getStatus());
} catch (ParsingException e)
{
LOGGER.info("Error resolving {} to the policy to evaluate in the request context", this, e);
......
......@@ -32,7 +32,7 @@ import org.ow2.authzforce.core.Decidable;
import org.ow2.authzforce.core.EvaluationContext;
import org.ow2.authzforce.core.IndeterminateEvaluationException;
import org.ow2.authzforce.core.PepActions;
import org.ow2.authzforce.core.PolicyDecisionResult;
import org.ow2.authzforce.core.DecisionResult;
import org.ow2.authzforce.core.TargetEvaluator;
import org.ow2.authzforce.core.combining.CombiningAlg;
import org.ow2.authzforce.core.combining.CombiningAlgParameter;
......@@ -241,11 +241,11 @@ public abstract class GenericPolicyEvaluator<T extends Decidable> implements IPo
* @return decision result
*/
@Override
public PolicyDecisionResult evaluate(EvaluationContext context, boolean skipTarget)
public DecisionResult evaluate(EvaluationContext context, boolean skipTarget)
{
try
{
final PolicyDecisionResult algResult;
final DecisionResult algResult;
if (skipTarget)
{
// evaluate with combining algorithm
......@@ -260,7 +260,7 @@ public abstract class GenericPolicyEvaluator<T extends Decidable> implements IPo
if (!isApplicable(context))
{
LOGGER.debug("{} -> NotApplicable", policyId);
return PolicyDecisionResult.NOT_APPLICABLE;
return DecisionResult.NOT_APPLICABLE;
}
} catch (IndeterminateEvaluationException e)
{
......@@ -287,7 +287,7 @@ public abstract class GenericPolicyEvaluator<T extends Decidable> implements IPo
}
// everything else considered as Indeterminate
return new PolicyDecisionResult(targetMatchIndeterminateException.getStatus());
return new DecisionResult(targetMatchIndeterminateException.getStatus());
}
}
......@@ -352,12 +352,12 @@ public abstract class GenericPolicyEvaluator<T extends Decidable> implements IPo
* error, therefore lower level than error)
*/
LOGGER.info("{}/{Obligation|Advice}Expressions -> Indeterminate", policyId, e);
return new PolicyDecisionResult(DecisionType.INDETERMINATE, e.getStatus(), null, applicablePolicyIdList);
return new DecisionResult(DecisionType.INDETERMINATE, e.getStatus(), null, applicablePolicyIdList);
}
}
}
return new PolicyDecisionResult(algResultDecision, algResult.getStatus(), pepActions, applicablePolicyIdList);
return new DecisionResult(algResultDecision, algResult.getStatus(), pepActions, applicablePolicyIdList);
} finally
{
// remove local variables from context
......@@ -386,7 +386,7 @@ public abstract class GenericPolicyEvaluator<T extends Decidable> implements IPo
}
@Override
public PolicyDecisionResult evaluate(EvaluationContext context)
public DecisionResult evaluate(EvaluationContext context)
{
return evaluate(context, false);
}
......
......@@ -19,7 +19,7 @@ package org.ow2.authzforce.core.policy;
import java.util.List;
import org.ow2.authzforce.core.Decidable;
import org.ow2.authzforce.core.PolicyDecisionResult;
import org.ow2.authzforce.core.DecisionResult;
import org.ow2.authzforce.core.EvaluationContext;
import org.ow2.authzforce.core.IndeterminateEvaluationException;
......@@ -59,7 +59,7 @@ public interface IPolicyEvaluator extends Decidable
* whether to evaluate the Target. If false, this must be equivalent to {@link #evaluate(EvaluationContext)}
* @return decision result
*/
PolicyDecisionResult evaluate(EvaluationContext context, boolean skipTarget);
DecisionResult evaluate(EvaluationContext context, boolean skipTarget);
/**
* Get policy ID, e.g. for auditing
......
......@@ -30,7 +30,7 @@ import org.ow2.authzforce.core.IndeterminateEvaluationException;
import org.ow2.authzforce.core.PepActionExpression;
import org.ow2.authzforce.core.PepActionExpressions;
import org.ow2.authzforce.core.PepActions;
import org.ow2.authzforce.core.PolicyDecisionResult;
import org.ow2.authzforce.core.DecisionResult;
import org.ow2.authzforce.core.expression.ExpressionFactory;
import com.sun.xacml.ParsingException;
......@@ -167,7 +167,7 @@ public class PolicyPepActionExpressionsEvaluator
* @throws IndeterminateEvaluationException
* error evaluating one of ObligationExpression/AdviceExpressions' AttributeAssignmentExpressions' expressions
*/
public PepActions evaluate(PolicyDecisionResult combiningAlgResult, EvaluationContext context) throws IndeterminateEvaluationException
public PepActions evaluate(DecisionResult combiningAlgResult, EvaluationContext context) throws IndeterminateEvaluationException
{
final PepActionExpressions.EffectSpecific matchingActionExpressions;
switch (combiningAlgResult.getDecision())
......
......@@ -14,7 +14,7 @@
package org.ow2.authzforce.core.policy;
import org.ow2.authzforce.core.EvaluationContext;
import org.ow2.authzforce.core.PolicyDecisionResult;
import org.ow2.authzforce.core.DecisionResult;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
......@@ -63,7 +63,7 @@ public abstract class PolicyReferenceEvaluator<T extends IPolicyEvaluator> imple
}
@Override
public final PolicyDecisionResult evaluate(EvaluationContext context)
public final DecisionResult evaluate(EvaluationContext context)
{
return evaluate(context, false);
}
......
......@@ -17,7 +17,7 @@ import java.io.Closeable;
import java.io.IOException;
import java.util.List;
import org.ow2.authzforce.core.PolicyDecisionResult;
import org.ow2.authzforce.core.DecisionResult;
import org.ow2.authzforce.core.EvaluationContext;
import org.ow2.authzforce.core.IndeterminateEvaluationException;
import org.ow2.authzforce.core.PdpExtensionLoader;
......@@ -53,7 +53,7 @@ public interface RootPolicyEvaluator extends Closeable
* @return the result of evaluating the request against the applicable policy; or NotApplicable if none is applicable; or Indeterminate if error determining
* an applicable policy or more than one applies or evaluation of the applicable policy returned Indeterminate Decision
*/
PolicyDecisionResult findAndEvaluate(EvaluationContext context);
DecisionResult findAndEvaluate(EvaluationContext context);
/**
*
......@@ -74,7 +74,7 @@ public interface RootPolicyEvaluator extends Closeable
}
@Override
public PolicyDecisionResult findAndEvaluate(EvaluationContext context)
public DecisionResult findAndEvaluate(EvaluationContext context)
{
return staticRootPolicyEvaluator.evaluate(context);
}
......@@ -159,7 +159,7 @@ public interface RootPolicyEvaluator extends Closeable
}
@Override
public PolicyDecisionResult findAndEvaluate(EvaluationContext context)
public DecisionResult findAndEvaluate(EvaluationContext context)
{
final IPolicyEvaluator policy;
try
......@@ -168,7 +168,7 @@ public interface RootPolicyEvaluator extends Closeable
} catch (IndeterminateEvaluationException e)
{
LOGGER.info("Error finding applicable root policy to evaluate with root policy Provider module {}", rootPolicyProviderMod, e);
return new PolicyDecisionResult(e.getStatus());
return new DecisionResult(e.getStatus());
} catch (ParsingException e)
{
LOGGER.warn("Error parsing one of the possible root policies (handled by root policy Provider module {})", rootPolicyProviderMod, e);
......@@ -177,7 +177,7 @@ public interface RootPolicyEvaluator extends Closeable
if (policy == null)
{
return PolicyDecisionResult.NOT_APPLICABLE;
return DecisionResult.NOT_APPLICABLE;
}
return policy.evaluate(context, true);
......
......@@ -19,7 +19,7 @@ import java.util.List;
import org.ow2.authzforce.core.EvaluationContext;
import org.ow2.authzforce.core.IndeterminateEvaluationException;
import org.ow2.authzforce.core.PolicyDecisionResult;
import org.ow2.authzforce.core.DecisionResult;
import com.sun.xacml.VersionConstraints;
......@@ -57,7 +57,7 @@ class StaticPolicyRefEvaluator<P extends IPolicyEvaluator> extends PolicyReferen
}
@Override
public final PolicyDecisionResult evaluate(EvaluationContext context, boolean skipTarget)
public final DecisionResult evaluate(EvaluationContext context, boolean skipTarget)
{
return referredPolicy.evaluate(context, skipTarget);
}
......
......@@ -18,7 +18,7 @@ import oasis.names.tc.xacml._3_0.core.schema.wd_17.DecisionType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType;
import org.ow2.authzforce.core.Decidable;
import org.ow2.authzforce.core.PolicyDecisionResult;
import org.ow2.authzforce.core.DecisionResult;
import org.ow2.authzforce.core.EvaluationContext;
import org.ow2.authzforce.core.IndeterminateEvaluationException;
import org.ow2.authzforce.core.PepActions;
......@@ -41,7 +41,7 @@ public class RuleEvaluator implements Decidable
private final transient TargetEvaluator evaluatableTarget;
private final transient ConditionEvaluator evaluatableCondition;
private final transient RulePepActionExpressionsEvaluator effectMatchPepActionExps;
private final transient PolicyDecisionResult nullActionsRuleDecisionResult;
private final transient DecisionResult nullActionsRuleDecisionResult;
private final String toString;
private final String ruleId;
......@@ -97,7 +97,7 @@ public class RuleEvaluator implements Decidable
if (this.effectMatchPepActionExps == null)
{
this.nullActionsRuleDecisionResult = new PolicyDecisionResult(this.effectAsDecision, null);
this.nullActionsRuleDecisionResult = new DecisionResult(this.effectAsDecision, null);
} else
{
this.nullActionsRuleDecisionResult = null;
......@@ -129,7 +129,7 @@ public class RuleEvaluator implements Decidable
* @return the result of the evaluation
*/
@Override
public PolicyDecisionResult evaluate(EvaluationContext context)
public DecisionResult evaluate(EvaluationContext context)
{
/*
* Null or empty Target matches all So we just check if target non-null matches
......@@ -144,7 +144,7 @@ public class RuleEvaluator implements Decidable
if (!evaluatableTarget.match(context))
{
LOGGER.debug("{}/Target -> No-match", this);
final PolicyDecisionResult result = PolicyDecisionResult.NOT_APPLICABLE;
final DecisionResult result = DecisionResult.NOT_APPLICABLE;
LOGGER.debug("{} -> {}", this, result);
return result;
}
......@@ -162,7 +162,7 @@ public class RuleEvaluator implements Decidable
* FIXME: implement Extended Indeterminate: "Indeterminate{P}" if the Rule's Effect is Permit, or "Indeterminate{D}" if the Rule's Effect is
* Deny
*/
final PolicyDecisionResult result = new PolicyDecisionResult(e.getStatus());
final DecisionResult result = new DecisionResult(e.getStatus());
LOGGER.debug("{} -> {}", this, result);
return result;
}
......@@ -190,7 +190,7 @@ public class RuleEvaluator implements Decidable
* therefore lower level than Error level)
*/
LOGGER.info("{}/Condition -> Indeterminate", this, e);
final PolicyDecisionResult result = new PolicyDecisionResult(e.getStatus());
final DecisionResult result = new DecisionResult(e.getStatus());
LOGGER.debug("{} -> {}", this, result);
return result;
}
......@@ -198,7 +198,7 @@ public class RuleEvaluator implements Decidable
if (!isConditionTrue)
{
LOGGER.debug("{}/Condition -> False", this);
final PolicyDecisionResult result = PolicyDecisionResult.NOT_APPLICABLE;
final DecisionResult result = DecisionResult.NOT_APPLICABLE;
LOGGER.debug("{} -> {}", this, result);
return result;
}
......@@ -237,12 +237,12 @@ public class RuleEvaluator implements Decidable
* If any of the attribute assignment expressions in an obligation or advice expression with a matching FulfillOn or AppliesTo attribute evaluates
* to "Indeterminate", then the whole rule, policy, or policy set SHALL be "Indeterminate" (see XACML 3.0 core spec, section 7.18).
*/
final PolicyDecisionResult result = new PolicyDecisionResult(e.getStatus());
final DecisionResult result = new DecisionResult(e.getStatus());
LOGGER.debug("{} -> {}", this, result);
return result;
}