Commit 8e8c652b authored by cdanger's avatar cdanger

Applied changes to core-pdp-api:

- AttributeProvider: get(..., BagDatatype datatype, ...) -> get(...,
Datatype datatype, ...)
- EvaluationContext: getNamedAttributeValue(AttributeFqn, BagDatatype)
-> getNamedAttributeValue(AttributeFqn, Datatype)
parent ce089e5c
......@@ -37,7 +37,6 @@ import org.ow2.authzforce.core.pdp.api.expression.AttributeSelectorExpression;
import org.ow2.authzforce.core.pdp.api.value.AttributeBag;
import org.ow2.authzforce.core.pdp.api.value.AttributeValue;
import org.ow2.authzforce.core.pdp.api.value.Bag;
import org.ow2.authzforce.core.pdp.api.value.BagDatatype;
import org.ow2.authzforce.core.pdp.api.value.Datatype;
import org.ow2.authzforce.core.pdp.api.value.StandardDatatypes;
import org.ow2.authzforce.core.pdp.api.value.Value;
......@@ -117,18 +116,18 @@ public final class IndividualDecisionRequestContext implements EvaluationContext
/** {@inheritDoc} */
@Override
public <AV extends AttributeValue> AttributeBag<AV> getNamedAttributeValue(final AttributeFqn attributeFqn, final BagDatatype<AV> attributeBagDatatype) throws IndeterminateEvaluationException {
public <AV extends AttributeValue> AttributeBag<AV> getNamedAttributeValue(final AttributeFqn attributeFqn, final Datatype<AV> datatype) throws IndeterminateEvaluationException
{
final AttributeBag<?> bagResult = namedAttributes.get(attributeFqn);
if (bagResult == null)
{
return null;
}
final Datatype<?> expectedElementDatatype = attributeBagDatatype.getElementType();
if (!bagResult.getElementDatatype().equals(expectedElementDatatype))
if (!bagResult.getElementDatatype().equals(datatype))
{
throw new IndeterminateEvaluationException("Datatype (" + bagResult.getElementDatatype() + ") of AttributeDesignator " + attributeFqn + " in context is different from expected/requested ("
+ expectedElementDatatype
+ datatype
+ "). May be caused by refering to the same Attribute Category/Id/Issuer with different Datatypes in different policy elements and/or attribute providers, which is not allowed.",
XacmlStatusCode.SYNTAX_ERROR.value());
}
......@@ -142,7 +141,8 @@ public final class IndividualDecisionRequestContext implements EvaluationContext
}
@Override
public boolean putNamedAttributeValueIfAbsent(final AttributeFqn attributeFqn, final AttributeBag<?> result) {
public boolean putNamedAttributeValueIfAbsent(final AttributeFqn attributeFqn, final AttributeBag<?> result)
{
final Bag<?> duplicate = namedAttributes.putIfAbsent(attributeFqn, result);
if (duplicate != null)
{
......@@ -164,13 +164,15 @@ public final class IndividualDecisionRequestContext implements EvaluationContext
/** {@inheritDoc} */
@Override
public XdmNode getAttributesContent(final String category) {
public XdmNode getAttributesContent(final String category)
{
return extraContentsByAttributeCategory.get(category);
}
/** {@inheritDoc} */
@Override
public <AV extends AttributeValue> Bag<AV> getAttributeSelectorResult(final AttributeSelectorExpression<AV> attributeSelector) throws IndeterminateEvaluationException {
public <AV extends AttributeValue> Bag<AV> getAttributeSelectorResult(final AttributeSelectorExpression<AV> attributeSelector) throws IndeterminateEvaluationException
{
final Bag<?> bagResult = attributeSelectorResults.get(attributeSelector.getAttributeSelectorId());
if (bagResult == null)
{
......@@ -197,8 +199,8 @@ public final class IndividualDecisionRequestContext implements EvaluationContext
/** {@inheritDoc} */
@Override
public <AV extends AttributeValue> boolean putAttributeSelectorResultIfAbsent(final AttributeSelectorExpression<AV> attributeSelector, final Bag<AV> result)
throws IndeterminateEvaluationException {
public <AV extends AttributeValue> boolean putAttributeSelectorResultIfAbsent(final AttributeSelectorExpression<AV> attributeSelector, final Bag<AV> result) throws IndeterminateEvaluationException
{
final AttributeSelectorId attSelectorId = attributeSelector.getAttributeSelectorId();
if (attributeSelectorResults.putIfAbsent(attSelectorId, result) != null)
{
......@@ -210,7 +212,7 @@ public final class IndividualDecisionRequestContext implements EvaluationContext
{
final Optional<AttributeFqn> optionalContextSelectorFQN = attributeSelector.getContextSelectorFQN();
final Optional<AttributeBag<XPathValue>> contextSelectorValue = optionalContextSelectorFQN.isPresent()
? Optional.of(getNamedAttributeValue(optionalContextSelectorFQN.get(), StandardDatatypes.XPATH.getBagDatatype()))
? Optional.of(getNamedAttributeValue(optionalContextSelectorFQN.get(), StandardDatatypes.XPATH))
: Optional.empty();
listener.attributeSelectorResultProduced(attributeSelector, contextSelectorValue, result);
}
......@@ -220,7 +222,8 @@ public final class IndividualDecisionRequestContext implements EvaluationContext
/** {@inheritDoc} */
@Override
public <V extends Value> V getVariableValue(final String variableId, final Datatype<V> expectedDatatype) throws IndeterminateEvaluationException {
public <V extends Value> V getVariableValue(final String variableId, final Datatype<V> expectedDatatype) throws IndeterminateEvaluationException
{
final Value val = varValsById.get(variableId);
if (val == null)
{
......@@ -239,7 +242,8 @@ public final class IndividualDecisionRequestContext implements EvaluationContext
/** {@inheritDoc} */
@Override
public boolean putVariableIfAbsent(final String variableId, final Value value) {
public boolean putVariableIfAbsent(final String variableId, final Value value)
{
if (varValsById.putIfAbsent(variableId, value) != null)
{
LOGGER.error("Attempt to override value of Variable '{}' already set in evaluation context. Overriding value: {}", variableId, value);
......@@ -251,53 +255,62 @@ public final class IndividualDecisionRequestContext implements EvaluationContext
/** {@inheritDoc} */
@Override
public Value removeVariable(final String variableId) {
public Value removeVariable(final String variableId)
{
return varValsById.remove(variableId);
}
/** {@inheritDoc} */
@Override
public Object getOther(final String key) {
public Object getOther(final String key)
{
return mutableProperties.get(key);
}
/** {@inheritDoc} */
@Override
public boolean containsKey(final String key) {
public boolean containsKey(final String key)
{
return mutableProperties.containsKey(key);
}
/** {@inheritDoc} */
@Override
public void putOther(final String key, final Object val) {
public void putOther(final String key, final Object val)
{
mutableProperties.put(key, val);
}
/** {@inheritDoc} */
@Override
public Object remove(final String key) {
public Object remove(final String key)
{
return mutableProperties.remove(key);
}
/** {@inheritDoc} */
@Override
public Iterator<Entry<AttributeFqn, AttributeBag<?>>> getNamedAttributes() {
public Iterator<Entry<AttributeFqn, AttributeBag<?>>> getNamedAttributes()
{
final Set<Entry<AttributeFqn, AttributeBag<?>>> immutableAttributeSet = Collections.unmodifiableSet(namedAttributes.entrySet());
return immutableAttributeSet.iterator();
}
@Override
public boolean isApplicablePolicyIdListRequested() {
public boolean isApplicablePolicyIdListRequested()
{
return returnApplicablePolicyIdList;
}
@Override
public <L extends Listener> L putListener(final Class<L> listenerType, final L listener) {
public <L extends Listener> L putListener(final Class<L> listenerType, final L listener)
{
return this.listeners.putInstance(listenerType, listener);
}
@Override
public <L extends Listener> L getListener(final Class<L> listenerType) {
public <L extends Listener> L getListener(final Class<L> listenerType)
{
return this.listeners.getInstance(listenerType);
}
}
\ No newline at end of file
......@@ -30,17 +30,6 @@ import java.util.Optional;
import javax.xml.namespace.QName;
import net.sf.saxon.s9api.SaxonApiException;
import net.sf.saxon.s9api.XPathCompiler;
import net.sf.saxon.s9api.XPathExecutable;
import net.sf.saxon.s9api.XPathSelector;
import net.sf.saxon.s9api.XdmAtomicValue;
import net.sf.saxon.s9api.XdmItem;
import net.sf.saxon.s9api.XdmNode;
import net.sf.saxon.s9api.XdmValue;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeSelectorType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType;
import org.ow2.authzforce.core.pdp.api.AttributeFqn;
import org.ow2.authzforce.core.pdp.api.AttributeFqns;
import org.ow2.authzforce.core.pdp.api.AttributeProvider;
......@@ -58,6 +47,17 @@ import org.ow2.authzforce.core.pdp.api.value.StandardDatatypes;
import org.ow2.authzforce.core.pdp.api.value.XPathValue;
import org.ow2.authzforce.xacml.identifiers.XacmlStatusCode;
import net.sf.saxon.s9api.SaxonApiException;
import net.sf.saxon.s9api.XPathCompiler;
import net.sf.saxon.s9api.XPathExecutable;
import net.sf.saxon.s9api.XPathSelector;
import net.sf.saxon.s9api.XdmAtomicValue;
import net.sf.saxon.s9api.XdmItem;
import net.sf.saxon.s9api.XdmNode;
import net.sf.saxon.s9api.XdmValue;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeSelectorType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType;
/**
* Static utility methods pertaining to {@link AttributeSelectorExpression} instances.
*
......@@ -102,7 +102,8 @@ public final class AttributeSelectorExpressions
// the logger we'll use for all messages
// private static final Logger LOGGER = LoggerFactory.getLogger(AttributeSelector.class);
private static final IllegalArgumentException NULL_XACML_ATTRIBUTE_SELECTOR_EXCEPTION = new IllegalArgumentException("AttributeSelector's input XACML/JAXB AttributeSelector element undefined");
private static final IllegalArgumentException NULL_XACML_ATTRIBUTE_SELECTOR_EXCEPTION = new IllegalArgumentException(
"AttributeSelector's input XACML/JAXB AttributeSelector element undefined");
private static final IllegalArgumentException NULL_XPATH_COMPILER_EXCEPTION = new IllegalArgumentException("XPath version/compiler undefined but required for AttributeSelector evaluation");
private static final IllegalArgumentException NULL_ATTRIBUTE_FACTORY_EXCEPTION = new IllegalArgumentException("AttributeSelector's returnType factory undefined");
......@@ -128,7 +129,7 @@ public final class AttributeSelectorExpressions
*/
case TEXT:
otherAttributes = Collections.emptyMap();
content = Collections.<Serializable> singletonList(nodeStrVal);
content = Collections.<Serializable>singletonList(nodeStrVal);
break;
/*
......@@ -365,7 +366,7 @@ public final class AttributeSelectorExpressions
if (xpathEvalResultItem instanceof XdmAtomicValue)
{
final String strVal = xpathEvalResultItem.getStringValue();
jaxbAttrVal = new AttributeValueType(Collections.<Serializable> singletonList(strVal), attributeDatatype.getId(), null);
jaxbAttrVal = new AttributeValueType(Collections.<Serializable>singletonList(strVal), attributeDatatype.getId(), null);
}
else if (xpathEvalResultItem instanceof XdmNode)
{
......@@ -376,10 +377,11 @@ public final class AttributeSelectorExpressions
catch (final IllegalArgumentException e)
{
final Optional<String> contextSelectorId = attributeSelectorId.getContextSelectorId();
throw new IndeterminateEvaluationException(this + ": Error creating attribute value of type '" + attributeDatatype + "' from result #" + xpathEvalResultItemIndex
+ " of evaluating XPath against XML node from Content of Attributes Category='" + attributeSelectorId.getCategory()
+ (contextSelectorId == null ? "" : "' selected by ContextSelectorId='" + contextSelectorId + "'") + ": " + xpathEvalResultItem, XacmlStatusCode.SYNTAX_ERROR.value(),
e);
throw new IndeterminateEvaluationException(
this + ": Error creating attribute value of type '" + attributeDatatype + "' from result #" + xpathEvalResultItemIndex
+ " of evaluating XPath against XML node from Content of Attributes Category='" + attributeSelectorId.getCategory()
+ (contextSelectorId == null ? "" : "' selected by ContextSelectorId='" + contextSelectorId + "'") + ": " + xpathEvalResultItem,
XacmlStatusCode.SYNTAX_ERROR.value(), e);
}
}
else
......@@ -399,9 +401,11 @@ public final class AttributeSelectorExpressions
catch (final IllegalArgumentException e)
{
final Optional<String> contextSelectorId = attributeSelectorId.getContextSelectorId();
throw new IndeterminateEvaluationException(this + ": Error creating attribute value of type '" + attributeDatatype + "' from result #" + xpathEvalResultItemIndex
+ " of evaluating XPath against XML node from Content of Attributes Category='" + attributeSelectorId.getCategory() + "'"
+ (contextSelectorId == null ? "" : " selected by ContextSelectorId='" + contextSelectorId + "'") + ": " + xpathEvalResultItem, XacmlStatusCode.SYNTAX_ERROR.value(), e);
throw new IndeterminateEvaluationException(
this + ": Error creating attribute value of type '" + attributeDatatype + "' from result #" + xpathEvalResultItemIndex
+ " of evaluating XPath against XML node from Content of Attributes Category='" + attributeSelectorId.getCategory() + "'"
+ (contextSelectorId == null ? "" : " selected by ContextSelectorId='" + contextSelectorId + "'") + ": " + xpathEvalResultItem,
XacmlStatusCode.SYNTAX_ERROR.value(), e);
}
resultBag.add(attributeDatatype.cast(attrVal));
......@@ -446,8 +450,9 @@ public final class AttributeSelectorExpressions
}
catch (final SaxonApiException e)
{
throw new IndeterminateEvaluationException(this + ": Error evaluating XPath = '" + contextPathEvaluator.get().getUnderlyingExpression().getInternalExpression().toString()
+ "' against <Content> element", XacmlStatusCode.PROCESSING_ERROR.value(), e);
throw new IndeterminateEvaluationException(
this + ": Error evaluating XPath = '" + contextPathEvaluator.get().getUnderlyingExpression().getInternalExpression().toString() + "' against <Content> element",
XacmlStatusCode.PROCESSING_ERROR.value(), e);
}
if (finalXPathEvaluationContextItem == null)
......@@ -644,7 +649,7 @@ public final class AttributeSelectorExpressions
@Override
protected XdmItem getFinalXPathEvaluationContextItem(final XdmNode contentElement, final EvaluationContext context) throws IndeterminateEvaluationException
{
final Bag<XPathValue> bag = attrProvider.get(contextSelectorFQN, StandardDatatypes.XPATH.getBagDatatype(), context);
final Bag<XPathValue> bag = attrProvider.get(contextSelectorFQN, StandardDatatypes.XPATH, context);
if (bag == null)
{
throw this.missingAttributeForUnknownReasonException;
......
......@@ -19,8 +19,6 @@ package org.ow2.authzforce.core.pdp.impl.expression;
import java.util.Optional;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
import org.ow2.authzforce.core.pdp.api.AttributeFqn;
import org.ow2.authzforce.core.pdp.api.AttributeFqns;
import org.ow2.authzforce.core.pdp.api.AttributeProvider;
......@@ -34,6 +32,8 @@ import org.ow2.authzforce.core.pdp.api.value.Bags;
import org.ow2.authzforce.core.pdp.api.value.Datatype;
import org.ow2.authzforce.xacml.identifiers.XacmlStatusCode;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
/**
* AttributeDesignator evaluator initialized with and using an {@link AttributeProvider} to retrieve the attribute value not only from the request but also possibly from extra Attribute Provider
* modules (so-called XACML PIPs) (PDP extensions)
......@@ -98,8 +98,8 @@ public final class GenericAttributeProviderBasedAttributeDesignatorExpression<AV
this.mustBePresentEnforcer = mustBePresent ? new Bags.NonEmptinessValidator(missingAttributeMessage) : Bags.DUMB_VALIDATOR;
this.missingAttributeForUnknownReasonException = new IndeterminateEvaluationException(missingAttributeMessage + " for unknown reason", XacmlStatusCode.MISSING_ATTRIBUTE.value());
this.missingAttributeBecauseNullContextException = new IndeterminateEvaluationException("Missing Attributes/Attribute for evaluation of AttributeDesignator '" + this.attrGUID
+ "' because request context undefined", XacmlStatusCode.MISSING_ATTRIBUTE.value());
this.missingAttributeBecauseNullContextException = new IndeterminateEvaluationException(
"Missing Attributes/Attribute for evaluation of AttributeDesignator '" + this.attrGUID + "' because request context undefined", XacmlStatusCode.MISSING_ATTRIBUTE.value());
}
@Override
......@@ -127,7 +127,7 @@ public final class GenericAttributeProviderBasedAttributeDesignatorExpression<AV
throw missingAttributeBecauseNullContextException;
}
final Bag<AV> bag = attrProvider.get(attrGUID, this.returnType, context);
final Bag<AV> bag = attrProvider.get(attrGUID, this.returnType.getElementType(), context);
if (bag == null)
{
throw this.missingAttributeForUnknownReasonException;
......
......@@ -29,10 +29,6 @@ import java.util.Map.Entry;
import java.util.Set;
import java.util.stream.Collectors;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Attribute;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Attributes;
import org.ow2.authzforce.core.pdp.api.AttributeFqn;
import org.ow2.authzforce.core.pdp.api.AttributeProvider;
import org.ow2.authzforce.core.pdp.api.BaseDesignatedAttributeProvider;
......@@ -48,10 +44,13 @@ import org.ow2.authzforce.core.pdp.api.value.AttributeBag;
import org.ow2.authzforce.core.pdp.api.value.AttributeValue;
import org.ow2.authzforce.core.pdp.api.value.AttributeValueFactoryRegistry;
import org.ow2.authzforce.core.pdp.api.value.Bag;
import org.ow2.authzforce.core.pdp.api.value.BagDatatype;
import org.ow2.authzforce.core.pdp.api.value.Datatype;
import org.ow2.authzforce.xacml.identifiers.XacmlStatusCode;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Attribute;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Attributes;
/**
*
* Fake AttributeProviderModule for test purposes only that can be configured to support a specific set of attribute Providers, but always return an empty bag as attribute value.
......@@ -94,8 +93,9 @@ public class TestAttributeProvider extends BaseDesignatedAttributeProvider
}
}
private static AttributeDesignatorType newAttributeDesignator(Entry<AttributeFqn, AttributeBag<?>> attributeEntry) {
private static AttributeDesignatorType newAttributeDesignator(Entry<AttributeFqn, AttributeBag<?>> attributeEntry)
{
final AttributeFqn attrKey = attributeEntry.getKey();
final Bag<?> attrVals = attributeEntry.getValue();
return new AttributeDesignatorType(attrKey.getCategory(), attrKey.getId(), attrVals.getElementDatatype().getId(), attrKey.getIssuer().orElse(null), false);
......@@ -144,7 +144,7 @@ public class TestAttributeProvider extends BaseDesignatedAttributeProvider
}
@Override
public <AV extends AttributeValue> AttributeBag<AV> get(final AttributeFqn attributeGUID, final BagDatatype<AV> returnDatatype, final EvaluationContext context)
public <AV extends AttributeValue> AttributeBag<AV> get(final AttributeFqn attributeGUID, final Datatype<AV> attributeDatatype, final EvaluationContext context)
throws IndeterminateEvaluationException
{
final AttributeBag<?> attrVals = attrMap.get(attributeGUID);
......@@ -153,13 +153,12 @@ public class TestAttributeProvider extends BaseDesignatedAttributeProvider
return null;
}
final Datatype<AV> valueType = returnDatatype.getElementType();
if (attrVals.getElementDatatype().equals(valueType))
if (attrVals.getElementDatatype().equals(attributeDatatype))
{
return (AttributeBag<AV>) attrVals;
}
throw new IndeterminateEvaluationException("Requested datatype (" + valueType + ") != provided by " + this + " (" + attrVals.getElementDatatype() + ")",
throw new IndeterminateEvaluationException("Requested datatype (" + attributeDatatype + ") != provided by " + this + " (" + attrVals.getElementDatatype() + ")",
XacmlStatusCode.MISSING_ATTRIBUTE.value());
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment