Commit bbe4cc00 authored by Cyril Dangerville's avatar Cyril Dangerville

* Fixed unit tests, including the conformance files with systematic

XACML schema validation, as some of them were not XACML 3.0 compliant.
* New class DatatypeConstants to centralized all standard datatype
constants
* Generalized the notion of Expression value and datatype to bags
(formerly restricted to primitive datatypes) - new class BagDatatype
* Addded Bags utils class equivalent to Collections class to create
empty bag, singleton bag, etc.
* Removed xmlbeans dependency (replaced by use of Saxon for same
features)
* Improved logs in Rule evaluation
* Improved hashCode/equals/toString methods in most classes
* Fixed variable management: remove Policy-locally-defined variables
from context when done evaluating the policy
* Better management of Policy versions, in particular for
PolicyIdReference resolution
* Modified BooleanAttributeValue to avoid creating new instances of it
during evaluation
parent 0e05c041

Too many changes to show.

To preserve performance only 1000 of 1000+ files are displayed.

......@@ -52,13 +52,8 @@
<artifactId>logback-classic</artifactId>
</dependency>
<dependency>
<!-- For validating certain entities of XACML standard datatypes actually defined by XML schema (e.g. anyURI type) -->
<groupId>org.apache.xmlbeans</groupId>
<artifactId>xmlbeans</artifactId>
<version>2.6.0</version>
</dependency>
<dependency>
<!-- For validating IP addresses (XACML IPAdress datatype), Domain names (XACML DNSName datatype), etc. without any DNS resolution -->
<!-- For validating IP addresses (XACML IPAdress datatype), Domain names (XACML DNSName datatype),
etc. without any DNS resolution -->
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>18.0</version>
......@@ -77,12 +72,6 @@
<!-- /Authzforce dependencies -->
<!-- Test dependencies -->
<!-- <dependency> -->
<!-- <groupId>commons-jxpath</groupId> -->
<!-- <artifactId>commons-jxpath</artifactId> -->
<!-- <version>1.3</version> -->
<!-- <scope>test</scope> -->
<!-- </dependency> -->
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
......@@ -93,6 +82,39 @@
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<version>3.5</version>
<configuration>
<targetJdk>1.7</targetJdk>
<excludeRoots>
<excludeRoot>target/generated-sources</excludeRoot>
<excludeRoot>target/generated-test-sources</excludeRoot>
</excludeRoots>
</configuration>
<executions>
<execution>
<phase>verify</phase>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<version>3.0.1</version>
<executions>
<execution>
<phase>verify</phase>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<!-- Apache license Headers -->
<groupId>com.mycila</groupId>
......
......@@ -43,6 +43,8 @@ import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import javax.xml.datatype.XMLGregorianCalendar;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Request;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Response;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Result;
......@@ -56,15 +58,16 @@ import com.thalesgroup.authzforce.core.DecisionResultFilter;
import com.thalesgroup.authzforce.core.IndividualDecisionRequest;
import com.thalesgroup.authzforce.core.RequestFilter;
import com.thalesgroup.authzforce.core.attr.AttributeGUID;
import com.thalesgroup.authzforce.core.attr.AttributeValue;
import com.thalesgroup.authzforce.core.attr.DateAttributeValue;
import com.thalesgroup.authzforce.core.attr.DateTimeAttributeValue;
import com.thalesgroup.authzforce.core.attr.DatatypeConstants;
import com.thalesgroup.authzforce.core.attr.TimeAttributeValue;
import com.thalesgroup.authzforce.core.eval.BagResult;
import com.thalesgroup.authzforce.core.eval.Bags;
import com.thalesgroup.authzforce.core.eval.DecisionResult;
import com.thalesgroup.authzforce.core.eval.EvaluationContext;
import com.thalesgroup.authzforce.core.eval.IndeterminateEvaluationException;
import com.thalesgroup.authzforce.core.eval.IndividualDecisionRequestContext;
import com.thalesgroup.authzforce.core.eval.Bag;
import com.thalesgroup.authzforce.core.policy.RootPolicyFinder;
import com.thalesgroup.authzforce.xacml.schema.XACMLAttributeId;
import com.thalesgroup.authzforce.xacml.schema.XACMLCategory;
......@@ -136,10 +139,10 @@ public class PDP implements Closeable
private class IndividualDecisionRequestEvaluator
{
protected final Result evaluate(IndividualDecisionRequest request, Map<AttributeGUID, BagResult<? extends AttributeValue>> pdpIssuedAttributes)
protected final Result evaluate(IndividualDecisionRequest request, Map<AttributeGUID, Bag<?>> pdpIssuedAttributes)
{
// convert to EvaluationContext
final Map<AttributeGUID, BagResult<? extends AttributeValue>> namedAttributes = request.getNamedAttributes();
final Map<AttributeGUID, Bag<?>> namedAttributes = request.getNamedAttributes();
namedAttributes.putAll(pdpIssuedAttributes);
final EvaluationContext ctx = new IndividualDecisionRequestContext(namedAttributes, request.getExtraContentsByCategory());
final DecisionResult result = rootPolicyFinder.findAndEvaluate(ctx);
......@@ -147,7 +150,7 @@ public class PDP implements Closeable
return result;
}
protected List<Result> evaluate(List<IndividualDecisionRequest> individualDecisionRequests, Map<AttributeGUID, BagResult<? extends AttributeValue>> pdpIssuedAttributes)
protected List<Result> evaluate(List<IndividualDecisionRequest> individualDecisionRequests, Map<AttributeGUID, Bag<?>> pdpIssuedAttributes)
{
final List<Result> results = new ArrayList<>();
for (final IndividualDecisionRequest request : individualDecisionRequests)
......@@ -175,7 +178,7 @@ public class PDP implements Closeable
}
@Override
protected final List<Result> evaluate(List<IndividualDecisionRequest> individualDecisionRequests, Map<AttributeGUID, BagResult<? extends AttributeValue>> pdpIssuedAttributes)
protected final List<Result> evaluate(List<IndividualDecisionRequest> individualDecisionRequests, Map<AttributeGUID, Bag<?>> pdpIssuedAttributes)
{
final List<Result> results = new ArrayList<>();
final Map<IndividualDecisionRequest, Result> cachedResultsByRequest = decisionCache.getAll(individualDecisionRequests);
......@@ -319,17 +322,17 @@ public class PDP implements Closeable
* Every request context (named attributes) is completed with common current date/time
* attribute (same values) set/"issued" locally (here by the PDP engine) according to XACML
* core spec:
* "This TYPE_URI indicates the current time at the context handler. In practice it is the time at which the request context was created."
* "This identifier indicates the current time at the context handler. In practice it is the time at which the request context was created."
* (§ B.7).
*/
final Map<AttributeGUID, BagResult<? extends AttributeValue>> pdpIssuedAttributes = new HashMap<>();
final Map<AttributeGUID, Bag<?>> pdpIssuedAttributes = new HashMap<>();
// current datetime
final DateTimeAttributeValue currentDateTimeValue = new DateTimeAttributeValue(new GregorianCalendar());
pdpIssuedAttributes.put(ENVIRONMENT_CURRENT_DATETIME_ATTRIBUTE_GUID, new BagResult<>(currentDateTimeValue, DateTimeAttributeValue.class, DateTimeAttributeValue.BAG_TYPE));
pdpIssuedAttributes.put(ENVIRONMENT_CURRENT_DATETIME_ATTRIBUTE_GUID, Bags.singleton(DatatypeConstants.DATETIME.BAG_TYPE, currentDateTimeValue));
// current date
pdpIssuedAttributes.put(ENVIRONMENT_CURRENT_DATE_ATTRIBUTE_GUID, new BagResult<>(currentDateTimeValue.toDate(), DateAttributeValue.class, DateAttributeValue.BAG_TYPE));
pdpIssuedAttributes.put(ENVIRONMENT_CURRENT_DATE_ATTRIBUTE_GUID, Bags.singleton(DatatypeConstants.DATE.BAG_TYPE, DateAttributeValue.getInstance((XMLGregorianCalendar) currentDateTimeValue.getUnderlyingValue().clone())));
// current time
pdpIssuedAttributes.put(ENVIRONMENT_CURRENT_TIME_ATTRIBUTE_GUID, new BagResult<>(currentDateTimeValue.toTime(), TimeAttributeValue.class, TimeAttributeValue.BAG_TYPE));
pdpIssuedAttributes.put(ENVIRONMENT_CURRENT_TIME_ATTRIBUTE_GUID, Bags.singleton(DatatypeConstants.TIME.BAG_TYPE, TimeAttributeValue.getInstance((XMLGregorianCalendar) currentDateTimeValue.getUnderlyingValue().clone())));
// evaluate the individual decision requests with the extra common attributes set previously
final List<Result> results = individualReqEvaluator.evaluate(individualDecisionRequests, pdpIssuedAttributes);
......
......@@ -66,19 +66,6 @@ public class ParsingException extends Exception
super(message);
}
/**
* Constructs a new <code>ParsingException</code> with a cause, but no message. The cause is
* saved for later retrieval by the {@link java.lang#Throwable.getCause() Throwable.getCause()}
* method.
*
* @param cause
* the cause (<code>null</code> if nonexistent or unknown)
*/
public ParsingException(Throwable cause)
{
super(cause);
}
/**
* Constructs a new <code>ParsingException</code> with a message and a cause. The message and
* cause are saved for later retrieval by the {@link java.lang#Throwable.getMessage()
......
......@@ -33,7 +33,7 @@
*/
package com.sun.xacml;
import java.util.Queue;
import java.util.Deque;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.IdReferenceType;
......@@ -71,9 +71,9 @@ public abstract class PolicyReference<T extends IPolicy> extends IdReferenceType
protected final Class<T> referredPolicyClass;
protected final String toString;
private final String toString;
protected PolicyReference(String idRef, VersionConstraints versionConstraints, Class<T> policyReferenceType)
private PolicyReference(String idRef, VersionConstraints versionConstraints, Class<T> policyReferenceType)
{
this.versionConstraints = versionConstraints;
this.referredPolicyClass = policyReferenceType;
......@@ -188,9 +188,13 @@ public abstract class PolicyReference<T extends IPolicy> extends IdReferenceType
// this policyFinder to use in finding the referenced policy
private final RefPolicyFinder refPolicyFinder;
private final Queue<String> policySetRefChain;
/*
* (Do not use a Queue as it is FIFO, and we need LIFO and iteration in order of insertion,
* so different from Collections.asLifoQueue(Deque) as well.)
*/
private final Deque<String> policySetRefChain;
private Dynamic(String policyIdRef, VersionConstraints versionConstraints, Class<T> policyReferenceType, RefPolicyFinder refPolicyFinder, Queue<String> policyRefChain)
private Dynamic(String policyIdRef, VersionConstraints versionConstraints, Class<T> policyReferenceType, RefPolicyFinder refPolicyFinder, Deque<String> policyRefChain)
{
super(policyIdRef, versionConstraints, policyReferenceType);
if (refPolicyFinder == null)
......@@ -274,7 +278,7 @@ public abstract class PolicyReference<T extends IPolicy> extends IdReferenceType
* @throws IllegalArgumentException
* if {@code refPolicyFinder} undefined
*/
public static <T extends IPolicy> PolicyReference<T> getInstance(IdReferenceType idRef, RefPolicyFinder refPolicyFinder, Class<T> refPolicyType, Queue<String> parentPolicySetRefChain) throws ParsingException, IllegalArgumentException
public static <T extends IPolicy> PolicyReference<T> getInstance(IdReferenceType idRef, RefPolicyFinder refPolicyFinder, Class<T> refPolicyType, Deque<String> parentPolicySetRefChain) throws ParsingException, IllegalArgumentException
{
if (refPolicyFinder == null)
{
......
/**
*
* Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
*