Commit a08a1ead authored by cdanger's avatar cdanger

Changes from core-pdp-api:

- Renamed StringParseableValueFactory to StringParseableValue.Factory
- AttributeAssignmentExpressionEvaluator: AttributeAssignment replaced
with equivalent in AuthzForce data model: PepActionAttributeAssignment
- RuleEvaluator, PolicyEvaluator and CombiningAlgEvaluators and all
CombiningAlg implementations: replaced (Updatable)PepActions with
(Updatable)List<PepAction>
- AttributeValue now longer extends XACML AttributeValueType (no longer
has xacml datatype info)

- Improved validation of XACML Apply expressions
- Moved BasePdpExtensionRegistry,
ImmutableAttributeValueFactoryRegistry, and
StandardAttributeValueFactories class to core-pdp-api project to allow
PEP implementers to only rely on core-pdp-api for parsing
attributevalues in AttributeAssignments in XACML Response's Results
- Moved BasePrimaryPolicyMetadata to core-pdp-api project (dependency)
- Removed PepActionFactories and PepActionExpressions now useless
parent db46abbf
/**
* Copyright 2012-2018 Thales Services SAS.
*
* This file is part of AuthzForce CE.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.ow2.authzforce.core.pdp.impl;
import java.util.Map;
import java.util.Set;
import org.ow2.authzforce.core.pdp.api.HashCollections;
import org.ow2.authzforce.core.pdp.api.PdpExtension;
import org.ow2.authzforce.core.pdp.api.PdpExtensionRegistry;
import com.google.common.base.Function;
import com.google.common.base.Preconditions;
import com.google.common.collect.Maps;
/**
* This is a base implementation of <code>PdpExtensionRegistry</code>. This should be used as basis to implement (in a final class) an immutable PDP extension registry of a specific type. If you need
* a generic immutable PDP extension registry, see {
*
* @param <T>
* type of extension in this registry
* @version $Id: $
*/
public abstract class BasePdpExtensionRegistry<T extends PdpExtension> implements PdpExtensionRegistry<T>
{
private final Class<? super T> extClass;
private final Map<String, T> extensionsById;
private final transient String toString;
/**
* Instantiates immutable registry from a map.
*
* @param extensionClass
* extension class
* @param extensionsById
* extensions input map; the registry actually creates and uses an immutable copy of this map internally to avoid external modifications on the internal map
*/
protected BasePdpExtensionRegistry(final Class<? super T> extensionClass, final Map<String, ? extends T> extensionsById)
{
assert extensionClass != null && extensionsById != null;
this.extClass = extensionClass;
this.extensionsById = HashCollections.newImmutableMap(extensionsById);
this.toString = this + "( extensionClass= " + extClass.getCanonicalName() + " )";
}
/** {@inheritDoc} */
@Override
public final T getExtension(final String identity)
{
return extensionsById.get(identity);
}
/** {@inheritDoc} */
@Override
public final Set<T> getExtensions()
{
return HashCollections.newImmutableSet(extensionsById.values());
}
private static final class ExtensionToIdFunction<E extends PdpExtension> implements Function<E, String>
{
@Override
public String apply(final E extension) throws NullPointerException
{
assert extension != null;
return Preconditions.checkNotNull(extension, "One of the input extensions is invalid (null)").getId();
}
}
private static final Function<? extends PdpExtension, String> EXTENSION_TO_ID_FUNCTION = new ExtensionToIdFunction<>();
@SuppressWarnings("unchecked")
private static <E extends PdpExtension> Map<String, E> newImmutableMap(final Set<E> extensions)
{
return Maps.uniqueIndex(extensions, (Function<E, String>) EXTENSION_TO_ID_FUNCTION);
}
/**
* Instantiates immutable registry from a set of extensions
*
* @param extensionClass
* extension class (required not null)
* @param extensions
* extensions (required not null)
*/
protected BasePdpExtensionRegistry(final Class<? super T> extensionClass, final Set<? extends T> extensions)
{
this(extensionClass, newImmutableMap(extensions));
}
@Override
public String toString()
{
return toString;
}
}
......@@ -22,6 +22,7 @@ package org.ow2.authzforce.core.pdp.impl;
import java.util.Set;
import org.ow2.authzforce.core.pdp.api.BasePdpExtensionRegistry;
import org.ow2.authzforce.core.pdp.api.PdpExtension;
import com.google.common.base.Preconditions;
......
......@@ -59,17 +59,17 @@ import org.ow2.authzforce.core.pdp.api.policy.RootPolicyProvider;
import org.ow2.authzforce.core.pdp.api.value.AttributeValueFactory;
import org.ow2.authzforce.core.pdp.api.value.AttributeValueFactoryRegistry;
import org.ow2.authzforce.core.pdp.api.value.Datatype;
import org.ow2.authzforce.core.pdp.api.value.ImmutableAttributeValueFactoryRegistry;
import org.ow2.authzforce.core.pdp.api.value.IntegerValue;
import org.ow2.authzforce.core.pdp.api.value.SimpleValue.StringParseableValueFactory;
import org.ow2.authzforce.core.pdp.api.value.StandardAttributeValueFactories;
import org.ow2.authzforce.core.pdp.api.value.StandardDatatypes;
import org.ow2.authzforce.core.pdp.api.value.StringParseableValue;
import org.ow2.authzforce.core.pdp.impl.combining.ImmutableCombiningAlgRegistry;
import org.ow2.authzforce.core.pdp.impl.combining.StandardCombiningAlgorithm;
import org.ow2.authzforce.core.pdp.impl.expression.DepthLimitingExpressionFactory;
import org.ow2.authzforce.core.pdp.impl.func.FunctionRegistry;
import org.ow2.authzforce.core.pdp.impl.func.ImmutableFunctionRegistry;
import org.ow2.authzforce.core.pdp.impl.func.StandardFunction;
import org.ow2.authzforce.core.pdp.impl.value.ImmutableAttributeValueFactoryRegistry;
import org.ow2.authzforce.core.pdp.impl.value.StandardAttributeValueFactories;
import org.ow2.authzforce.core.xmlns.pdp.InOutProcChain;
import org.ow2.authzforce.core.xmlns.pdp.Pdp;
import org.ow2.authzforce.core.xmlns.pdp.StandardEnvironmentAttributeSource;
......@@ -286,9 +286,9 @@ public final class PdpEngineConfiguration
}
final AttributeValueFactory<?> intValFactory = attValFactoryRegistry.getExtension(StandardDatatypes.INTEGER.getId());
assert intValFactory != null && intValFactory.getDatatype() == StandardDatatypes.INTEGER && intValFactory instanceof StringParseableValueFactory;
assert intValFactory != null && intValFactory.getDatatype() == StandardDatatypes.INTEGER && intValFactory instanceof StringParseableValue.Factory;
final FunctionRegistry stdRegistry = StandardFunction.getRegistry(enableXPath, (StringParseableValueFactory<IntegerValue>) intValFactory);
final FunctionRegistry stdRegistry = StandardFunction.getRegistry(enableXPath, (StringParseableValue.Factory<IntegerValue>) intValFactory);
if (nonGenericFunctionExtensionIdentifiers.isEmpty())
{
functionRegistry = stdRegistry;
......
......@@ -18,41 +18,40 @@
package org.ow2.authzforce.core.pdp.impl;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.PepActions;
import org.ow2.authzforce.core.pdp.api.PepAction;
import org.ow2.authzforce.core.pdp.api.PepActionAttributeAssignment;
import org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import net.sf.saxon.s9api.XPathCompiler;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeAssignment;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeAssignmentExpression;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType;
/**
* PEP action (obligation/advice) expression evaluator
*
* @param <JAXB_PEP_ACTION>
* PEP action type in XACML/JAXB model (Obligation/Advice)
* @version $Id: $
*/
public final class PepActionExpression<JAXB_PEP_ACTION>
public final class PepActionExpression
{
private static final Logger LOGGER = LoggerFactory.getLogger(PepActionExpression.class);
private final String actionId;
private final transient JAXB_PEP_ACTION emptyPepAction;
private final transient List<AttributeAssignmentExpressionEvaluator> evaluatableAttributeAssignmentExpressions;
private final PepActions.Factory<JAXB_PEP_ACTION> pepActionFactory;
private final boolean isMandatory;
private final String infoPrefix;
private final List<AttributeAssignmentExpressionEvaluator> evaluatableAttributeAssignmentExpressions;
private final EffectType appliesTo;
private transient final String toString;
/**
* Constructor that takes all the data associated with an PEP action (obligation/advice) expression.
......@@ -62,8 +61,9 @@ public final class PepActionExpression<JAXB_PEP_ACTION>
* @param pepActionId
* the obligation's id
* @param appliesTo
* the type of decision to which the PEP action applies (ObligationExpression's FulfillOn /
* AdviceExpression's AppliesTo)
* the type of decision to which the PEP action applies (ObligationExpression's FulfillOn / AdviceExpression's AppliesTo)
* @param isMandatory
* true iff the PEP action is mandatory (XACML Obligation, as opposed to Advice)
* @param jaxbAssignmentExps
* a <code>List</code> of <code>AttributeAssignmentExpression</code>s
* @param xPathCompiler
......@@ -73,54 +73,34 @@ public final class PepActionExpression<JAXB_PEP_ACTION>
* @throws java.lang.IllegalArgumentException
* one of the AttributeAssignmentExpressions' Expression is invalid
*/
public PepActionExpression(final PepActions.Factory<JAXB_PEP_ACTION> pepActionFactory, final String pepActionId,
final EffectType appliesTo, final List<AttributeAssignmentExpression> jaxbAssignmentExps,
final XPathCompiler xPathCompiler, final ExpressionFactory expFactory) throws IllegalArgumentException
public PepActionExpression(final String pepActionId, final boolean isMandatory, final List<AttributeAssignmentExpression> jaxbAssignmentExps, final XPathCompiler xPathCompiler,
final ExpressionFactory expFactory) throws IllegalArgumentException
{
Preconditions.checkArgument(pepActionId != null, "Undefined PEP action (obligation/advice) ID");
this.actionId = pepActionId;
this.appliesTo = appliesTo;
this.isMandatory = isMandatory;
this.toString = (isMandatory ? "Obligation " : "Advice ") + "'" + actionId + "'";
if (jaxbAssignmentExps == null || jaxbAssignmentExps.isEmpty())
{
emptyPepAction = pepActionFactory.getInstance(null, pepActionId);
this.evaluatableAttributeAssignmentExpressions = Collections.emptyList();
}
else
} else
{
emptyPepAction = null;
this.evaluatableAttributeAssignmentExpressions = new ArrayList<>(jaxbAssignmentExps.size());
for (final AttributeAssignmentExpression jaxbAttrAssignExp : jaxbAssignmentExps)
{
final AttributeAssignmentExpressionEvaluator attrAssignExp;
try
{
attrAssignExp = new AttributeAssignmentExpressionEvaluator(jaxbAttrAssignExp, xPathCompiler,
expFactory);
}
catch (final IllegalArgumentException e)
attrAssignExp = new AttributeAssignmentExpressionEvaluator(jaxbAttrAssignExp, xPathCompiler, expFactory);
} catch (final IllegalArgumentException e)
{
throw new IllegalArgumentException("Invalid AttributeAssignmentExpression[@AttributeId="
+ jaxbAttrAssignExp.getAttributeId() + "]/Expression", e);
throw new IllegalArgumentException("Invalid " + toString + ": Invalid AttributeAssignmentExpression[@AttributeId=" + jaxbAttrAssignExp.getAttributeId() + "]", e);
}
this.evaluatableAttributeAssignmentExpressions.add(attrAssignExp);
}
}
this.pepActionFactory = pepActionFactory;
this.infoPrefix = pepActionFactory.getActionXmlElementName() + "Expression[@"
+ pepActionFactory.getActionXmlElementName() + "=" + actionId + "]";
}
/**
* The type of decision to which the PEP action applies (ObligationExpression's FulfillOn / AdviceExpression's
* AppliesTo)
*
* @return appliesTo/fulfillOn property
*/
public EffectType getAppliesTo()
{
return appliesTo;
}
/**
......@@ -133,6 +113,12 @@ public final class PepActionExpression<JAXB_PEP_ACTION>
return this.actionId;
}
@Override
public String toString()
{
return toString;
}
/**
* Evaluates to a PEP action (obligation/advice).
*
......@@ -140,40 +126,30 @@ public final class PepActionExpression<JAXB_PEP_ACTION>
* evaluation context
* @return an instance of a PEP action in JAXB model (JAXB Obligation/Advice)
* @throws org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException
* if any of the attribute assignment expressions evaluates to "Indeterminate" (see XACML 3.0 core spec,
* section 7.18)
* if any of the attribute assignment expressions evaluates to "Indeterminate" (see XACML 3.0 core spec, section 7.18)
*/
public JAXB_PEP_ACTION evaluate(final EvaluationContext context) throws IndeterminateEvaluationException
public PepAction evaluate(final EvaluationContext context) throws IndeterminateEvaluationException
{
// if no assignmentExpression
if (this.emptyPepAction != null)
{
return this.emptyPepAction;
}
// else there are assignmentExpressions
final List<AttributeAssignment> assignments = new ArrayList<>();
final List<PepActionAttributeAssignment<?>> assignments = new ArrayList<>();
for (final AttributeAssignmentExpressionEvaluator attrAssignmentExpr : this.evaluatableAttributeAssignmentExpressions)
{
/*
* Section 5.39 of XACML 3.0 core spec says there may be multiple AttributeAssignments resulting from one
* AttributeAssignmentExpression
* Section 5.39 of XACML 3.0 core spec says there may be multiple AttributeAssignments resulting from one AttributeAssignmentExpression
*/
final List<AttributeAssignment> attrAssignsFromExpr;
final Collection<PepActionAttributeAssignment<?>> attrAssignsFromExpr;
try
{
attrAssignsFromExpr = attrAssignmentExpr.evaluate(context);
LOGGER.debug("{}/{} -> {}", this.infoPrefix, attrAssignmentExpr, attrAssignsFromExpr);
}
catch (final IndeterminateEvaluationException e)
LOGGER.debug("{}/{} -> {}", this, attrAssignmentExpr, attrAssignsFromExpr);
} catch (final IndeterminateEvaluationException e)
{
throw new IndeterminateEvaluationException(
infoPrefix + ": Error evaluating " + attrAssignmentExpr + "/Expression", e.getStatusCode(), e);
throw new IndeterminateEvaluationException(this + ": Error evaluating " + attrAssignmentExpr, e.getStatusCode(), e);
}
assignments.addAll(attrAssignsFromExpr);
}
return pepActionFactory.getInstance(assignments, actionId);
return new PepAction(actionId, isMandatory, ImmutableList.copyOf(assignments));
}
}
/**
* Copyright 2012-2018 Thales Services SAS.
*
* This file is part of AuthzForce CE.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.ow2.authzforce.core.pdp.impl;
import java.util.List;
import org.ow2.authzforce.core.pdp.api.PepActions;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Advice;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeAssignment;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Obligation;
/**
* PEP action (obligation/advice) factories
*/
public final class PepActionFactories {
/**
* Obligation factory
*
*/
public static final PepActions.Factory<Obligation> OBLIGATION_FACTORY = new PepActions.Factory<Obligation>()
{
@Override
public Obligation getInstance(List<AttributeAssignment> attributeAssignments, String actionId)
{
return new Obligation(attributeAssignments, actionId);
}
@Override
public String getActionXmlElementName()
{
return "Obligation";
}
};
/**
* Advice factory
*
*/
public static final PepActions.Factory<Advice> ADVICE_FACTORY = new PepActions.Factory<Advice>()
{
@Override
public Advice getInstance(List<AttributeAssignment> attributeAssignments, String actionId)
{
return new Advice(attributeAssignments, actionId);
}
@Override
public String getActionXmlElementName()
{
return "Advice";
}
};
}
......@@ -22,15 +22,12 @@ package org.ow2.authzforce.core.pdp.impl.combining;
import java.util.Collection;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.DecisionType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType;
import org.ow2.authzforce.core.pdp.api.DecisionResult;
import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.ExtendedDecision;
import org.ow2.authzforce.core.pdp.api.ExtendedDecisions;
import org.ow2.authzforce.core.pdp.api.PepAction;
import org.ow2.authzforce.core.pdp.api.UpdatableList;
import org.ow2.authzforce.core.pdp.api.UpdatablePepActions;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlg;
import org.ow2.authzforce.core.pdp.api.policy.PrimaryPolicyMetadata;
import org.ow2.authzforce.core.pdp.impl.rule.RuleEvaluator;
......@@ -39,6 +36,9 @@ import org.slf4j.LoggerFactory;
import com.google.common.collect.ImmutableList;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.DecisionType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType;
/**
* Common Combining Algorithm evaluators
*/
......@@ -56,9 +56,11 @@ final class CombiningAlgEvaluators
protected abstract ExtendedDecision getReturnedDecision();
@Override
public final ExtendedDecision evaluate(final EvaluationContext context, final UpdatablePepActions updatablePepActions, final UpdatableList<PrimaryPolicyMetadata> updatableApplicablePolicyIdList)
public final ExtendedDecision evaluate(final EvaluationContext context, final UpdatableList<PepAction> updatablePepActions,
final UpdatableList<PrimaryPolicyMetadata> updatableApplicablePolicyIdList)
{
LOGGER.debug("This evaluator constantly returns the same decision, which results from an optimization of the combining algorithm and combined elements (if any) initially defined in the policy. Check the policy initialization logs for more information on this optimization.");
LOGGER.debug(
"This evaluator constantly returns the same decision, which results from an optimization of the combining algorithm and combined elements (if any) initially defined in the policy. Check the policy initialization logs for more information on this optimization.");
return getReturnedDecision();
}
}
......@@ -126,7 +128,8 @@ final class CombiningAlgEvaluators
}
@Override
public ExtendedDecision evaluate(final EvaluationContext context, final UpdatablePepActions updatablePepActions, final UpdatableList<PrimaryPolicyMetadata> updatableApplicablePolicyIdList)
public ExtendedDecision evaluate(final EvaluationContext context, final UpdatableList<PepAction> updatablePepActions,
final UpdatableList<PrimaryPolicyMetadata> updatableApplicablePolicyIdList)
{
ExtendedDecision firstIndeterminate = null;
for (final RuleEvaluator rule : rulesWithSameEffect)
......@@ -135,7 +138,7 @@ final class CombiningAlgEvaluators
final DecisionType decision = evalResult.getDecision();
if (decision == commonDecision)
{
updatablePepActions.add(evalResult.getPepActions());
updatablePepActions.addAll(evalResult.getPepActions());
return evalResult;
}
......
......@@ -21,15 +21,13 @@ import java.util.ArrayDeque;
import java.util.Deque;
import java.util.Iterator;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.DecisionType;
import org.ow2.authzforce.core.pdp.api.Decidable;
import org.ow2.authzforce.core.pdp.api.DecisionResult;
import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.ExtendedDecision;
import org.ow2.authzforce.core.pdp.api.ExtendedDecisions;
import org.ow2.authzforce.core.pdp.api.PepAction;
import org.ow2.authzforce.core.pdp.api.UpdatableList;
import org.ow2.authzforce.core.pdp.api.UpdatablePepActions;
import org.ow2.authzforce.core.pdp.api.combining.BaseCombiningAlg;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlg;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgParameter;
......@@ -38,6 +36,8 @@ import org.ow2.authzforce.core.pdp.impl.rule.RuleEvaluator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.DecisionType;
/**
* This is the standard First-Applicable policy/rule combining algorithm. It looks through the set of policies/rules, finds the first one that applies, and returns that evaluation result.
*
......@@ -55,7 +55,7 @@ final class FirstApplicableCombiningAlg<T extends Decidable> extends BaseCombini
}
@Override
public ExtendedDecision evaluate(final EvaluationContext context, final UpdatablePepActions outPepActions, final UpdatableList<PrimaryPolicyMetadata> outApplicablePolicyIdList)
public ExtendedDecision evaluate(final EvaluationContext context, final UpdatableList<PepAction> outPepActions, final UpdatableList<PrimaryPolicyMetadata> outApplicablePolicyIdList)
{
for (final Decidable combinedElement : getCombinedElements())
{
......@@ -74,7 +74,7 @@ final class FirstApplicableCombiningAlg<T extends Decidable> extends BaseCombini
outApplicablePolicyIdList.addAll(result.getApplicablePolicies());
}
outPepActions.add(result.getPepActions());
outPepActions.addAll(result.getPepActions());
return ExtendedDecisions.SIMPLE_PERMIT;
case DENY:
if (outApplicablePolicyIdList != null)
......@@ -82,7 +82,7 @@ final class FirstApplicableCombiningAlg<T extends Decidable> extends BaseCombini
outApplicablePolicyIdList.addAll(result.getApplicablePolicies());
}
outPepActions.add(result.getPepActions());
outPepActions.addAll(result.getPepActions());
return ExtendedDecisions.SIMPLE_DENY;
case INDETERMINATE:
if (outApplicablePolicyIdList != null)
......@@ -107,8 +107,8 @@ final class FirstApplicableCombiningAlg<T extends Decidable> extends BaseCombini
/** {@inheritDoc} */
@Override
public CombiningAlg.Evaluator getInstance(final Iterable<CombiningAlgParameter<? extends T>> params, final Iterable<? extends T> combinedElements) throws UnsupportedOperationException,
IllegalArgumentException
public CombiningAlg.Evaluator getInstance(final Iterable<CombiningAlgParameter<? extends T>> params, final Iterable<? extends T> combinedElements)
throws UnsupportedOperationException, IllegalArgumentException
{
// if no element combined -> decision is overridden Effect
if (combinedElements == null)
......
......@@ -19,11 +19,11 @@ package org.ow2.authzforce.core.pdp.impl.combining;
import java.util.Set;
import org.ow2.authzforce.core.pdp.api.BasePdpExtensionRegistry;
import org.ow2.authzforce.core.pdp.api.Decidable;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlg;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgRegistry;
import org.ow2.authzforce.core.pdp.api.policy.PolicyEvaluator;
import org.ow2.authzforce.core.pdp.impl.BasePdpExtensionRegistry;
import org.ow2.authzforce.core.pdp.impl.rule.RuleEvaluator;
import com.google.common.base.Preconditions;
......
......@@ -17,15 +17,13 @@
*/
package org.ow2.authzforce.core.pdp.impl.combining;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.DecisionType;
import org.ow2.authzforce.core.pdp.api.DecisionResult;
import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.ExtendedDecision;
import org.ow2.authzforce.core.pdp.api.ExtendedDecisions;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.PepAction;
import org.ow2.authzforce.core.pdp.api.UpdatableList;
import org.ow2.authzforce.core.pdp.api.UpdatablePepActions;
import org.ow2.authzforce.core.pdp.api.combining.BaseCombiningAlg;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlg;
import org.ow2.authzforce.core.pdp.api.combining.CombiningAlgParameter;
......@@ -35,6 +33,8 @@ import org.ow2.authzforce.xacml.identifiers.XacmlStatusCode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.DecisionType;
/**
* This is the standard only-one-applicable policy combining algorithm.
*
......@@ -52,12 +52,12 @@ final class OnlyOneApplicableCombiningAlg extends BaseCombiningAlg<PolicyEvaluat
private Evaluator(final String algId, final Iterable<? extends PolicyEvaluator> policyElements)
{
super(policyElements);
this.tooManyApplicablePoliciesIndeterminateResult = ExtendedDecisions.newIndeterminate(DecisionType.INDETERMINATE, new IndeterminateEvaluationException(
"Too many (more than one) applicable policies for algorithm: " + algId, XacmlStatusCode.PROCESSING_ERROR.value()));
this.tooManyApplicablePoliciesIndeterminateResult = ExtendedDecisions.newIndeterminate(DecisionType.INDETERMINATE,
new IndeterminateEvaluationException("Too many (more than one) applicable policies for algorithm: " + algId, XacmlStatusCode.PROCESSING_ERROR.value()));
}
@Override
public ExtendedDecision evaluate(final EvaluationContext context, final UpdatablePepActions outPepActions, final UpdatableList<PrimaryPolicyMetadata> outApplicablePolicyIdList)
public ExtendedDecision evaluate(final EvaluationContext context, final UpdatableList<PepAction> outPepActions, final UpdatableList<PrimaryPolicyMetadata> outApplicablePolicyIdList)
{
assert outPepActions != null;
......@@ -71,8 +71,7 @@ final class OnlyOneApplicableCombiningAlg extends BaseCombiningAlg<PolicyEvaluat
try
{
isApplicableByTarget = policy.isApplicableByTarget(context);
}
catch (final IndeterminateEvaluationException e)
} catch (final IndeterminateEvaluationException e)
{
LOGGER.info("Error checking whether {} is applicable", policy, e);
return ExtendedDecisions.newIndeterminate(DecisionType.INDETERMINATE, e);
......@@ -102,7 +101,7 @@ final class OnlyOneApplicableCombiningAlg extends BaseCombiningAlg<PolicyEvaluat
{
case PERMIT:
case DENY:
outPepActions.add(result.getPepActions());
outPepActions.addAll(result.getPepActions());
if (outApplicablePolicyIdList != null)
{
outApplicablePolicyIdList.addAll(result.getApplicablePolicies());
......
......@@ -25,11 +25,6 @@ import java.util.Optional;
import javax.xml.bind.JAXBElement;
import net.sf.saxon.s9api.XPathCompiler;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.ApplyType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.DefaultsType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.ExpressionType;
import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.expression.ConstantExpression;
......@@ -40,10 +35,16 @@ import org.ow2.authzforce.core.pdp.api.func.Function;
import org.ow2.authzforce.core.pdp.api.func.FunctionCall;
import org.ow2.authzforce.core.pdp.api.value.AttributeValue;
import org.ow2.authzforce.core.pdp.api.value.Datatype;
import org.ow2.authzforce.core.pdp.api.value.StandardDatatypes;
import org.ow2.authzforce.core.pdp.api.value.Value;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import net.sf.saxon.s9api.XPathCompiler;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.ApplyType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.DefaultsType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.ExpressionType;
/**
* Static utility methods pertaining to {@link ApplyType} evaluators.
*
......@@ -110,8 +111,7 @@ public final class ApplyExpressions
{
staticEvalResult = functionCall.evaluate(null);
LOGGER.debug("Apply[Description = " + description + "]: static evaluation OK -> expression is constant -> optimizing: using constant result as evaluation result");
}
catch (final IndeterminateEvaluationException e)
} catch (final IndeterminateEvaluationException e)
{
LOGGER.debug("Apply[Description = " + description + "]: static evaluation failed -> expression is not constant -> not optimizing");
}
......@@ -138,7 +138,7 @@ public final class ApplyExpressions
* function; or if all {@code xprs} are static but calling the function statically (with these static arguments) failed
*/
public static Expression<?> newInstance(final ApplyType xacmlApply, final XPathCompiler xPathCompiler, final ExpressionFactory expFactory, final Deque<String> longestVarRefChain)