Commit a1e7ed4f authored by cdanger's avatar cdanger

- Moved all classes meaningful as API classes for PDP extensions (and

therefore PDP extension implementers) to a separate project
authzforce-ce-core-pdp-api
- Lower findbugs alert threshold and fixed new findbugs issues
- Removed inheritance of JAXB classes for most *Evaluator classes to
simplify the code
- Property placeholder replacement optimized, no longer done on the
whole PDP conf document, but only when needed by policy provider
extensions (e.g. to replace PARENT_DIR)
- New XML-namespace-aware XML parser to support namespace-aware XPath
evaluation of XACML Request/Policies
- new CoreRefBasedPolicyProviderModule (root policy defined as a
reference to a previously declared RefPolicyProviderModule and policy
IdRef to be resolved by the latter)
- PDP conf schema versioning (3.6):
http://authzforce.github.io/core/xmlns/pdp/3.6
 and depends on new pdp extension schema version:
http://authzforce.github.io/xmlns/pdp/ext/3
 - Fixed issue with control of max policy ref depth
parent 9a52ee8d
......@@ -3,7 +3,7 @@
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-parent</artifactId>
<version>3.3.5</version>
<version>3.3.7</version>
</parent>
<artifactId>authzforce-ce-core</artifactId>
<version>3.6.1-SNAPSHOT</version>
......@@ -49,18 +49,14 @@
<artifactId>guava</artifactId>
<version>18.0</version>
</dependency>
<dependency>
<!-- For XACML AttributeSelector evaluation and XPath-based functions (making reference to [XF]) -->
<groupId>net.sf.saxon</groupId>
<artifactId>Saxon-HE</artifactId>
<version>9.6.0-5</version>
</dependency>
<!-- /Third-party dependencies -->
<!-- Authzforce dependencies -->
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-pdp-ext-model</artifactId>
<artifactId>${artifactId.prefix}-core-pdp-api</artifactId>
<!-- Major/minor version should match this artifact major/minor version to respect Semantic Versioning; -->
<version>3.6.1-SNAPSHOT</version>
</dependency>
<!-- /Authzforce dependencies -->
......@@ -106,6 +102,17 @@
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<version>3.0.2</version>
<configuration>
<!--
Enables analysis which takes more memory but finds more bugs.
If you run out of memory, changes the value of the effort element
to 'Low'.
-->
<effort>Max</effort>
<!-- Reports all bugs (other values are medium and max) -->
<threshold>Low</threshold>
<failOnError>true</failOnError>
</configuration>
<executions>
<execution>
<phase>verify</phase>
......@@ -178,6 +185,7 @@
<episode>
<groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-pdp-ext-model</artifactId>
<version>3.3.7-SNAPSHOT</version>
</episode>
</episodes>
<catalog>src/main/jaxb/catalog.xml</catalog>
......@@ -249,15 +257,6 @@
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-release-plugin</artifactId>
<configuration>
<mavenExecutorId>forked-path</mavenExecutorId>
<!-- Disabling sonatype-oss-release that requires GPG sign which is not compatible with Jenkins, until we find a better solution -->
<useReleaseProfile>true</useReleaseProfile>
<arguments>-DperformRelease=true</arguments>
</configuration>
</plugin>
</plugins>
</build>
</project>
......@@ -27,13 +27,13 @@ import java.util.Collections;
import java.util.Deque;
import java.util.List;
import org.ow2.authzforce.core.IndeterminateEvaluationException;
import org.ow2.authzforce.core.expression.Expression;
import org.ow2.authzforce.core.func.FirstOrderFunction;
import org.ow2.authzforce.core.func.FirstOrderFunctionCall;
import org.ow2.authzforce.core.value.BooleanValue;
import org.ow2.authzforce.core.value.Datatype;
import org.ow2.authzforce.core.value.DatatypeConstants;
import org.ow2.authzforce.core.pdp.api.Datatype;
import org.ow2.authzforce.core.pdp.api.Expression;
import org.ow2.authzforce.core.pdp.api.FirstOrderFunction;
import org.ow2.authzforce.core.pdp.api.FirstOrderFunctionCall;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.impl.value.BooleanValue;
import org.ow2.authzforce.core.pdp.impl.value.DatatypeConstants;
/**
* A class that implements the not function. This function takes one boolean argument and returns the logical negation of that value. If the argument evaluates
......@@ -62,8 +62,7 @@ public final class NotFunction extends FirstOrderFunction.SingleParameterTyped<B
}
@Override
protected FirstOrderFunctionCall<BooleanValue> newCall(List<Expression<?>> argExpressions, Datatype<?>... remainingArgTypes)
throws IllegalArgumentException
public FirstOrderFunctionCall<BooleanValue> newCall(List<Expression<?>> argExpressions, Datatype<?>... remainingArgTypes) throws IllegalArgumentException
{
return new FirstOrderFunctionCall.EagerSinglePrimitiveTypeEval<BooleanValue, BooleanValue>(functionSignature, argExpressions, remainingArgTypes)
{
......
......@@ -23,8 +23,8 @@
*/
package com.sun.xacml;
import org.ow2.authzforce.core.DecisionResult;
import org.ow2.authzforce.core.StatusHelper;
import org.ow2.authzforce.core.pdp.api.StatusHelper;
import org.ow2.authzforce.core.pdp.impl.BaseDecisionResult;
/**
* Exception that gets thrown if any general parsing error occurs.
......@@ -79,9 +79,9 @@ public class ParsingException extends Exception
*
* @return "Indeterminate" DecisionResult
*/
public DecisionResult getIndeterminateResult()
public BaseDecisionResult getIndeterminateResult()
{
return new DecisionResult(new StatusHelper(StatusHelper.STATUS_SYNTAX_ERROR, this.getMessage()));
return new BaseDecisionResult(new StatusHelper(StatusHelper.STATUS_SYNTAX_ERROR, this.getMessage()));
}
}
......@@ -28,16 +28,17 @@ import java.util.Deque;
import java.util.List;
import java.util.Locale;
import org.ow2.authzforce.core.IndeterminateEvaluationException;
import org.ow2.authzforce.core.expression.Expression;
import org.ow2.authzforce.core.func.FirstOrderFunction;
import org.ow2.authzforce.core.func.FirstOrderFunctionCall;
import org.ow2.authzforce.core.func.FirstOrderFunctionCall.EagerSinglePrimitiveTypeEval;
import org.ow2.authzforce.core.func.FunctionSet;
import org.ow2.authzforce.core.func.FunctionSignature;
import org.ow2.authzforce.core.value.Datatype;
import org.ow2.authzforce.core.value.DatatypeConstants;
import org.ow2.authzforce.core.value.StringValue;
import org.ow2.authzforce.core.pdp.api.Datatype;
import org.ow2.authzforce.core.pdp.api.Expression;
import org.ow2.authzforce.core.pdp.api.FirstOrderFunction;
import org.ow2.authzforce.core.pdp.api.FirstOrderFunctionCall;
import org.ow2.authzforce.core.pdp.api.FirstOrderFunctionCall.EagerSinglePrimitiveTypeEval;
import org.ow2.authzforce.core.pdp.api.FunctionSet;
import org.ow2.authzforce.core.pdp.api.FunctionSignature;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.impl.func.BaseFunctionSet;
import org.ow2.authzforce.core.pdp.impl.value.DatatypeConstants;
import org.ow2.authzforce.core.pdp.impl.value.StringValue;
/**
* string-normalize-* function
......@@ -135,7 +136,7 @@ public final class StringNormalizeFunction extends FirstOrderFunction.SinglePara
/**
* *-string-normalize-* function cluster
*/
public static final FunctionSet CLUSTER = new FunctionSet(FunctionSet.DEFAULT_ID_NAMESPACE + "string-normalize", //
public static final FunctionSet CLUSTER = new BaseFunctionSet(FunctionSet.DEFAULT_ID_NAMESPACE + "string-normalize", //
new StringNormalizeFunction(NAME_STRING_NORMALIZE_SPACE, STRING_NORMALIZE_SPACE_FUNCTION_CALL_FACTORY), //
new StringNormalizeFunction(NAME_STRING_NORMALIZE_TO_LOWER_CASE, STRING_NORMALIZE_TO_LOWER_CASE_FUNCTION_CALL_FACTORY));
......@@ -145,7 +146,7 @@ public final class StringNormalizeFunction extends FirstOrderFunction.SinglePara
* @see com.thalesgroup.authzforce.core.func.FirstOrderFunction#getFunctionCall(java.util.List, com.thalesgroup.authzforce.core.eval.DatatypeDef[])
*/
@Override
protected FirstOrderFunctionCall<StringValue> newCall(List<Expression<?>> argExpressions, Datatype<?>... remainingArgTypes) throws IllegalArgumentException
public FirstOrderFunctionCall<StringValue> newCall(List<Expression<?>> argExpressions, Datatype<?>... remainingArgTypes) throws IllegalArgumentException
{
return funcCallFactory.getInstance(argExpressions, remainingArgTypes);
}
......
......@@ -29,15 +29,15 @@ import java.util.Deque;
import java.util.List;
import java.util.TimeZone;
import org.ow2.authzforce.core.IndeterminateEvaluationException;
import org.ow2.authzforce.core.expression.Expression;
import org.ow2.authzforce.core.func.FirstOrderFunction;
import org.ow2.authzforce.core.func.FirstOrderFunctionCall;
import org.ow2.authzforce.core.func.FunctionSignature;
import org.ow2.authzforce.core.value.BooleanValue;
import org.ow2.authzforce.core.value.Datatype;
import org.ow2.authzforce.core.value.DatatypeConstants;
import org.ow2.authzforce.core.value.TimeValue;
import org.ow2.authzforce.core.pdp.api.Datatype;
import org.ow2.authzforce.core.pdp.api.Expression;
import org.ow2.authzforce.core.pdp.api.FirstOrderFunction;
import org.ow2.authzforce.core.pdp.api.FirstOrderFunctionCall;
import org.ow2.authzforce.core.pdp.api.FunctionSignature;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.impl.value.BooleanValue;
import org.ow2.authzforce.core.pdp.impl.value.DatatypeConstants;
import org.ow2.authzforce.core.pdp.impl.value.TimeValue;
/**
* This class implements the time-in-range function, which takes three time values and returns true if the first value falls between the second and the third
......@@ -196,8 +196,7 @@ public final class TimeInRangeFunction extends FirstOrderFunction.SingleParamete
}
@Override
protected FirstOrderFunctionCall<BooleanValue> newCall(List<Expression<?>> argExpressions, Datatype<?>... remainingArgTypes)
throws IllegalArgumentException
public FirstOrderFunctionCall<BooleanValue> newCall(List<Expression<?>> argExpressions, Datatype<?>... remainingArgTypes) throws IllegalArgumentException
{
return new Call(functionSignature, argExpressions, remainingArgTypes);
}
......
......@@ -3,38 +3,34 @@
*
* This file is part of AuthZForce.
*
* AuthZForce is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* AuthZForce is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software
* Foundation, either version 3 of the License, or (at your option) any later version.
*
* AuthZForce is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* AuthZForce is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with AuthZForce. If not, see <http://www.gnu.org/licenses/>.
* You should have received a copy of the GNU General Public License along with AuthZForce. If not, see <http://www.gnu.org/licenses/>.
*/
package org.ow2.authzforce.core;
package org.ow2.authzforce.core.pdp.impl;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import net.sf.saxon.s9api.XPathCompiler;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AllOf;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Match;
import org.ow2.authzforce.core.expression.ExpressionFactory;
import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.ExpressionFactory;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.sun.xacml.ParsingException;
/**
* XACML AllOf evaluator
*
*/
public class AllOfEvaluator extends oasis.names.tc.xacml._3_0.core.schema.wd_17.AllOf
public class AllOfEvaluator
{
private static final Logger LOGGER = LoggerFactory.getLogger(AllOfEvaluator.class);
......@@ -53,11 +49,12 @@ public class AllOfEvaluator extends oasis.names.tc.xacml._3_0.core.schema.wd_17.
* XPath compiler corresponding to enclosing policy(set) default XPath version
* @param expFactory
* Expression factory
* @throws ParsingException
* @throws IllegalArgumentException
* one of the child Match elements is invalid
*/
public AllOfEvaluator(oasis.names.tc.xacml._3_0.core.schema.wd_17.AllOf jaxbAllOf, XPathCompiler xPathCompiler, ExpressionFactory expFactory) throws ParsingException
public AllOfEvaluator(AllOf jaxbAllOf, XPathCompiler xPathCompiler, ExpressionFactory expFactory) throws IllegalArgumentException
{
final List<oasis.names.tc.xacml._3_0.core.schema.wd_17.Match> jaxbMatches = jaxbAllOf.getMatches();
final List<Match> jaxbMatches = jaxbAllOf.getMatches();
if (jaxbMatches.isEmpty())
{
throw NO_MATCH_EXCEPTION;
......@@ -65,27 +62,24 @@ public class AllOfEvaluator extends oasis.names.tc.xacml._3_0.core.schema.wd_17.
evaluatableMatchList = new ArrayList<>(jaxbMatches.size());
int matchIndex = 0;
for (final oasis.names.tc.xacml._3_0.core.schema.wd_17.Match jaxbMatch : jaxbMatches)
for (final Match jaxbMatch : jaxbMatches)
{
final MatchEvaluator matchEvaluator;
try
{
matchEvaluator = new MatchEvaluator(jaxbMatch, xPathCompiler, expFactory);
} catch (ParsingException e)
} catch (IllegalArgumentException e)
{
throw new ParsingException("Error parsing <AllOf>'s <Match>#" + matchIndex, e);
throw new IllegalArgumentException("Invalid <AllOf>'s <Match>#" + matchIndex, e);
}
evaluatableMatchList.add(matchEvaluator);
matchIndex++;
}
this.matches = Collections.<oasis.names.tc.xacml._3_0.core.schema.wd_17.Match> unmodifiableList(evaluatableMatchList);
}
/**
* Determines whether this <code>AllOf</code> matches the input request (whether it is
* applicable).Here is the table shown in the specification: <code>
* Determines whether this <code>AllOf</code> matches the input request (whether it is applicable).Here is the table shown in the specification: <code>
* <Match> values <AllOf> value
* All True “Match�?
* No False and at least
......@@ -150,6 +144,7 @@ public class AllOfEvaluator extends oasis.names.tc.xacml._3_0.core.schema.wd_17.
}
// No False but at least one Indeterminate (lastIndeterminate != null)
throw new IndeterminateEvaluationException("Error evaluating <AllOf>'s <Match>#" + lastIndeterminateChildIndex, lastIndeterminate.getStatusCode(), lastIndeterminate);
throw new IndeterminateEvaluationException("Error evaluating <AllOf>'s <Match>#" + lastIndeterminateChildIndex, lastIndeterminate.getStatusCode(),
lastIndeterminate);
}
}
\ No newline at end of file
......@@ -14,25 +14,26 @@
/**
*
*/
package org.ow2.authzforce.core;
package org.ow2.authzforce.core.pdp.impl;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import net.sf.saxon.s9api.XPathCompiler;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AllOf;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOf;
import org.ow2.authzforce.core.expression.ExpressionFactory;
import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.ExpressionFactory;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.sun.xacml.ParsingException;
/**
* AnyOf evaluator
*
*/
public class AnyOfEvaluator extends oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOf
public class AnyOfEvaluator
{
private static final Logger LOGGER = LoggerFactory.getLogger(AnyOfEvaluator.class);
......@@ -52,13 +53,12 @@ public class AnyOfEvaluator extends oasis.names.tc.xacml._3_0.core.schema.wd_17.
* @param expFactory
* Expression factory
*
* @throws ParsingException
* if AnyOf element is invalid
* @throws IllegalArgumentException
* if one of the child AllOf elements is invalid
*/
public AnyOfEvaluator(oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOf jaxbAnyOf, XPathCompiler xPathCompiler, ExpressionFactory expFactory)
throws ParsingException
public AnyOfEvaluator(AnyOf jaxbAnyOf, XPathCompiler xPathCompiler, ExpressionFactory expFactory) throws IllegalArgumentException
{
final List<oasis.names.tc.xacml._3_0.core.schema.wd_17.AllOf> jaxbAllOfList = jaxbAnyOf.getAllOves();
final List<AllOf> jaxbAllOfList = jaxbAnyOf.getAllOves();
if (jaxbAllOfList.isEmpty())
{
throw NO_ALL_OF_EXCEPTION;
......@@ -66,22 +66,20 @@ public class AnyOfEvaluator extends oasis.names.tc.xacml._3_0.core.schema.wd_17.
this.evaluatableAllOfList = new ArrayList<>(jaxbAllOfList.size());
int matchIndex = 0;
for (final oasis.names.tc.xacml._3_0.core.schema.wd_17.AllOf jaxbAllOf : jaxbAllOfList)
for (final AllOf jaxbAllOf : jaxbAllOfList)
{
final AllOfEvaluator allOfEvaluator;
try
{
allOfEvaluator = new AllOfEvaluator(jaxbAllOf, xPathCompiler, expFactory);
} catch (ParsingException e)
} catch (IllegalArgumentException e)
{
throw new ParsingException("Error parsing <AnyOf>'s <AllOf>#" + matchIndex, e);
throw new IllegalArgumentException("Invalid <AnyOf>'s <AllOf>#" + matchIndex, e);
}
evaluatableAllOfList.add(allOfEvaluator);
matchIndex++;
}
this.allOves = Collections.<oasis.names.tc.xacml._3_0.core.schema.wd_17.AllOf> unmodifiableList(evaluatableAllOfList);
}
/**
......
......@@ -14,7 +14,7 @@
/**
*
*/
package org.ow2.authzforce.core;
package org.ow2.authzforce.core.pdp.impl;
import java.util.ArrayList;
import java.util.List;
......@@ -23,23 +23,24 @@ import javax.xml.bind.JAXBElement;
import net.sf.saxon.s9api.XPathCompiler;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeAssignment;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeAssignmentExpression;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.ExpressionType;
import org.ow2.authzforce.core.expression.Expression;
import org.ow2.authzforce.core.expression.ExpressionFactory;
import org.ow2.authzforce.core.value.AttributeValue;
import org.ow2.authzforce.core.value.Bag;
import org.ow2.authzforce.core.value.Value;
import org.ow2.authzforce.core.pdp.api.AttributeValue;
import org.ow2.authzforce.core.pdp.api.Bag;
import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.Expression;
import org.ow2.authzforce.core.pdp.api.ExpressionFactory;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.Value;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.sun.xacml.ParsingException;
/**
* XACML AttributeAssignmentExpression evaluator
*
*/
public class AttributeAssignmentExpressionEvaluator extends oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeAssignmentExpression
public class AttributeAssignmentExpressionEvaluator extends AttributeAssignmentExpression
{
private static final Logger LOGGER = LoggerFactory.getLogger(AttributeAssignmentExpressionEvaluator.class);
......@@ -80,11 +81,11 @@ public class AttributeAssignmentExpressionEvaluator extends oasis.names.tc.xacml
* XPath compiler corresponding to enclosing policy(set) default XPath version
* @param expFactory
* expression factory for parsing the AttributeAssignmentExpression's expression
* @throws ParsingException
* error parsing the AttributeAssignmentExpression's Expression
* @throws IllegalArgumentException
* invalid AttributeAssignmentExpression's Expression
*/
public AttributeAssignmentExpressionEvaluator(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeAssignmentExpression jaxbAttrAssignExp,
XPathCompiler xPathCompiler, ExpressionFactory expFactory) throws ParsingException
public AttributeAssignmentExpressionEvaluator(AttributeAssignmentExpression jaxbAttrAssignExp, XPathCompiler xPathCompiler, ExpressionFactory expFactory)
throws IllegalArgumentException
{
// JAXB fields
this.attributeId = jaxbAttrAssignExp.getAttributeId();
......@@ -107,7 +108,7 @@ public class AttributeAssignmentExpressionEvaluator extends oasis.names.tc.xacml
*
* @param context
* evaluation context
* @return AttributeAssignments or null if no AttributeValue resulting from evaluation of the Expression
* @return non-null AttributeAssignments; empty if no AttributeValue resulting from evaluation of the Expression
* @throws IndeterminateEvaluationException
* if evaluation of the Expression in this context fails (Indeterminate)
*/
......
......@@ -14,7 +14,7 @@
/**
*
*/
package org.ow2.authzforce.core;
package org.ow2.authzforce.core.pdp.impl;
import java.util.ArrayList;
import java.util.List;
......@@ -26,29 +26,31 @@ import oasis.names.tc.xacml._3_0.core.schema.wd_17.DecisionType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.IdReferenceType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Status;
import org.ow2.authzforce.core.pdp.api.DecisionResult;
import org.ow2.authzforce.core.pdp.api.PepActions;
/**
* Result of evaluation of {@link Decidable} (Policy, Rule...). This is different from the final Result in the Response by the PDP as it does not have the
* Attributes to be included in the final Result; and Obligations/Advices are packaged together in a {@link PepActions} field.
* Base implementation of DecisionResult
*
*/
public final class DecisionResult
public final class BaseDecisionResult implements DecisionResult
{
private static final IllegalArgumentException ILLEGAL_DECISION_ARGUMENT_EXCEPTION = new IllegalArgumentException("Undefined Decision");
/**
* NotApplicable decision result
*/
public static final DecisionResult NOT_APPLICABLE = new DecisionResult(DecisionType.NOT_APPLICABLE, null);
public static final DecisionResult NOT_APPLICABLE = new BaseDecisionResult(DecisionType.NOT_APPLICABLE, null);
/**
* Deny result with no obligation/advice/Included attribute/policy identifiers. Deny decision and nothing else.
*/
public static final DecisionResult DENY = new DecisionResult(DecisionType.DENY, null);
public static final DecisionResult DENY = new BaseDecisionResult(DecisionType.DENY, null);
/**
* Permit result with no obligation/advice/Included attribute/policy identifiers. Permit decision and nothing else.
*/
public static final DecisionResult PERMIT = new DecisionResult(DecisionType.PERMIT, null);
public static final DecisionResult PERMIT = new BaseDecisionResult(DecisionType.PERMIT, null);
private final DecisionType decision;
......@@ -72,7 +74,7 @@ public final class DecisionResult
* @param policyIdentifierList
* list of matched policy identifiers
*/
public DecisionResult(DecisionType decision, Status status, PepActions pepActions, List<JAXBElement<IdReferenceType>> policyIdentifierList)
public BaseDecisionResult(DecisionType decision, Status status, PepActions pepActions, List<JAXBElement<IdReferenceType>> policyIdentifierList)
{
if (decision == null)
{
......@@ -81,7 +83,7 @@ public final class DecisionResult
this.decision = decision;
this.status = status;
this.pepActions = pepActions == null ? new PepActions(null, null) : pepActions;
this.pepActions = pepActions == null ? new BasePepActions(null, null) : pepActions;
this.applicablePolicyIdList = policyIdentifierList == null ? new ArrayList<JAXBElement<IdReferenceType>>() : policyIdentifierList;
}
......@@ -92,13 +94,13 @@ public final class DecisionResult
* @param status
* reason/code for Indeterminate
*/
public DecisionResult(Status status)
public BaseDecisionResult(Status status)
{
this(DecisionType.INDETERMINATE, status, null, null);
}
/**
* Instantiates a Permit/Deny decision with optional obligations and advice. See {@link #PolicyDecisionResult(Status)} for Indeterminate, and
* Instantiates a Permit/Deny decision with optional obligations and advice. See {@link #BaseDecisionResult(Status)} for Indeterminate, and
* {@link #NOT_APPLICABLE} for NotApplicable.
*
* @param decision
......@@ -106,7 +108,7 @@ public final class DecisionResult
* @param pepActions
* PEP actions (obligations/advices)
*/
public DecisionResult(DecisionType decision, PepActions pepActions)
public BaseDecisionResult(DecisionType decision, PepActions pepActions)
{
this(decision, null, pepActions, null);
}
......@@ -138,7 +140,7 @@ public final class DecisionResult
}
final DecisionResult other = (DecisionResult) obj;
if (this.decision != other.decision)
if (this.decision != other.getDecision())
{
return false;
}
......@@ -146,24 +148,24 @@ public final class DecisionResult
// Status is optional in XACML
if (this.status == null)
{
if (other.status != null)
if (other.getStatus() != null)
{
return false;
}
} else if (!this.status.equals(other.status))
} else if (!this.status.equals(other.getStatus()))
{
return false;
}
// this.getObligations() derived from this.pepActions
// pepActions never null
if (!this.pepActions.equals(other.pepActions))
if (!this.pepActions.equals(other.getPepActions()))
{
return false;
}
// applicablePolicyIdList never null
if (!this.applicablePolicyIdList.equals(other.applicablePolicyIdList))
if (!this.applicablePolicyIdList.equals(other.getApplicablePolicyIdList()))
{
return false;
}
......@@ -176,6 +178,7 @@ public final class DecisionResult
*
* @return identifiers of policies found applicable for the decision request
*/
@Override
public List<JAXBElement<IdReferenceType>> getApplicablePolicyIdList()
{
return this.applicablePolicyIdList;
......@@ -186,6 +189,7 @@ public final class DecisionResult
*
* @return decision
*/
@Override
public DecisionType getDecision()
{
return this.decision;
......@@ -196,6 +200,7 @@ public final class DecisionResult
*
* @return PEP actions
*/
@Override
public PepActions getPepActions()
{
return this.pepActions;
......@@ -206,6 +211,7 @@ public final class DecisionResult
*
* @return status
*/
@Override
public Status getStatus()
{
return this.status;
......@@ -219,6 +225,7 @@ public final class DecisionResult
* @param newMatchedPolicyIdList
* new matched policy identifiers
*/
@Override
public void merge(PepActions newPepActions, List<JAXBElement<IdReferenceType>> newMatchedPolicyIdList)
{
if (newPepActions != null)
......
......@@ -11,12 +11,14 @@
*
* You should have received a copy of the GNU General Public License along with AuthZForce. If not, see <http://www.gnu.org/licenses/>.
*/
package org.ow2.authzforce.core;
package org.ow2.authzforce.core.pdp.impl;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import org.ow2.authzforce.core.pdp.api.PdpExtension;
import org.ow2.authzforce.core.pdp.api.PdpExtensionRegistry;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
......