Commit d19f6bda authored by cdanger's avatar cdanger

### Changed

- Parent project version: 4.0.0 -> 4.1.1  
- authzforce-ce-core-pdp-api: 8.0.0 -> 8.2.0

### Fixed
- Security issues reported by Find Security Bugs plugin
parent 7935e0d3
...@@ -4,10 +4,14 @@ All notable changes to this project are documented in this file following the [K ...@@ -4,10 +4,14 @@ All notable changes to this project are documented in this file following the [K
## Unreleased ## Unreleased
### Changed ### Changed
- Parent project version: 4.0.0 -> 4.1.0 => Changed dependency versions: - Parent project version: 4.0.0 -> 4.1.1 => Changed dependency versions:
- Spring 4.3.4 -> 4.3.5, - Spring 4.3.4 -> 4.3.5,
- Saxon-HE 9.7.0-11 -> 9.7.0-14 - Saxon-HE 9.7.0-11 -> 9.7.0-14
- authzforce-ce-core-pdp-api: 8.0.0 -> 8.1.0 - authzforce-ce-core-pdp-api dependency version: 8.0.0 -> 8.2.0
### Fixed
- Security issues reported by Find Security Bugs plugin
## 6.0.0 ## 6.0.0
### Added ### Added
......
<?xml version="1.0"?>
<!--
This file contains some false positive bugs detected by Findbugs. Their
false positive nature has been analyzed individually and they have been
put here to instruct Findbugs to ignore them.
-->
<FindBugsFilter>
<Match>
<!-- CRLF injection in logs is considered fixed in the logger configuration, e.g. logback.xml.
More info: https://github.com/find-sec-bugs/find-sec-bugs/issues/240
-->
<Bug pattern="CRLF_INJECTION_LOGS" />
</Match>
</FindBugsFilter>
\ No newline at end of file
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
<parent> <parent>
<groupId>org.ow2.authzforce</groupId> <groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-parent</artifactId> <artifactId>authzforce-ce-parent</artifactId>
<version>4.1.0</version> <version>4.1.1</version>
</parent> </parent>
<artifactId>authzforce-ce-core</artifactId> <artifactId>authzforce-ce-core</artifactId>
<version>6.0.1-SNAPSHOT</version> <version>6.0.1-SNAPSHOT</version>
...@@ -42,7 +42,7 @@ ...@@ -42,7 +42,7 @@
<dependency> <dependency>
<groupId>${project.groupId}</groupId> <groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-core-pdp-api</artifactId> <artifactId>${artifactId.prefix}-core-pdp-api</artifactId>
<version>8.1.0</version> <version>8.2.0</version>
</dependency> </dependency>
<!-- /Authzforce dependencies --> <!-- /Authzforce dependencies -->
...@@ -102,6 +102,9 @@ ...@@ -102,6 +102,9 @@
<plugin> <plugin>
<groupId>org.codehaus.mojo</groupId> <groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId> <artifactId>findbugs-maven-plugin</artifactId>
<configuration>
<excludeFilterFile>findbugs-exclude-filter.xml</excludeFilterFile>
</configuration>
<executions> <executions>
<execution> <execution>
<phase>verify</phase> <phase>verify</phase>
......
...@@ -19,7 +19,6 @@ ...@@ -19,7 +19,6 @@
package org.ow2.authzforce.core.pdp.impl; package org.ow2.authzforce.core.pdp.impl;
import java.io.BufferedReader; import java.io.BufferedReader;
import java.io.File;
import java.io.FileNotFoundException; import java.io.FileNotFoundException;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
...@@ -28,6 +27,9 @@ import java.io.Reader; ...@@ -28,6 +27,9 @@ import java.io.Reader;
import java.net.MalformedURLException; import java.net.MalformedURLException;
import java.net.URISyntaxException; import java.net.URISyntaxException;
import java.net.URL; import java.net.URL;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
...@@ -55,8 +57,7 @@ import org.xml.sax.SAXParseException; ...@@ -55,8 +57,7 @@ import org.xml.sax.SAXParseException;
/** /**
* *
* XML schema handler that can load schema file(s) from location(s) supported by {@link ResourceUtils} using any OASIS * XML schema handler that can load schema file(s) from location(s) supported by {@link ResourceUtils} using any OASIS catalog at any location supported by {@link ResourceUtils} as well.
* catalog at any location supported by {@link ResourceUtils} as well.
* *
* @version $Id: $ * @version $Id: $
*/ */
...@@ -76,8 +77,7 @@ public final class SchemaHandler ...@@ -76,8 +77,7 @@ public final class SchemaHandler
} }
@Override @Override
public LSInput resolveResource(final String type, final String namespaceURI, final String publicId, public LSInput resolveResource(final String type, final String namespaceURI, final String publicId, final String systemId, final String baseURI)
final String systemId, final String baseURI)
{ {
try try
{ {
...@@ -94,8 +94,7 @@ public final class SchemaHandler ...@@ -94,8 +94,7 @@ public final class SchemaHandler
resolvedLocation = catalogResolver.resolvePublic(publicId, systemId); resolvedLocation = catalogResolver.resolvePublic(publicId, systemId);
if (_LOGGER.isDebugEnabled()) if (_LOGGER.isDebugEnabled())
{ {
_LOGGER.debug("resolvePublic(publicId = {}, systemId = {}) -> {}", _LOGGER.debug("resolvePublic(publicId = {}, systemId = {}) -> {}", publicId, systemId, resolvedLocation);
new Object[] { publicId, systemId, resolvedLocation });
} }
} }
if (resolvedLocation != null) if (resolvedLocation != null)
...@@ -109,9 +108,8 @@ public final class SchemaHandler ...@@ -109,9 +108,8 @@ public final class SchemaHandler
} }
catch (final IOException ex) catch (final IOException ex)
{ {
final String errMsg = "Unable to resolve schema-required entity with XML catalog (location='" final String errMsg = "Unable to resolve schema-required entity with XML catalog (location='" + catalogLocation + "'): type=" + type + ", namespaceURI=" + namespaceURI
+ catalogLocation + "'): type=" + type + ", namespaceURI=" + namespaceURI + ", publicId='" + ", publicId='" + publicId + "', systemId='" + systemId + "', baseURI='" + baseURI + "'";
+ publicId + "', systemId='" + systemId + "', baseURI='" + baseURI + "'";
throw new RuntimeException(errMsg, ex); throw new RuntimeException(errMsg, ex);
} }
...@@ -142,10 +140,9 @@ public final class SchemaHandler ...@@ -142,10 +140,9 @@ public final class SchemaHandler
}; };
/** /**
* This is quite similar to org.apache.cxf.catalog.OASISCatalogManager, except it is much simplified as we don't * This is quite similar to org.apache.cxf.catalog.OASISCatalogManager, except it is much simplified as we don't need as many features. We are not using CXF's OASISCatalogManager class directly
* need as many features. We are not using CXF's OASISCatalogManager class directly because it is part of cxf-core * because it is part of cxf-core which drags many classes and dependencies on CXF we don't need. It would make more sense if OASISCatalogManager was part of a cxf common utility package, but it
* which drags many classes and dependencies on CXF we don't need. It would make more sense if OASISCatalogManager * is not the case as of writing (December 2014).
* was part of a cxf common utility package, but it is not the case as of writing (December 2014).
* <p> * <p>
* WARNING: this is not immutable since getCatalog() gives access to internal catalog which is mutable. * WARNING: this is not immutable since getCatalog() gives access to internal catalog which is mutable.
* </p> * </p>
...@@ -188,9 +185,7 @@ public final class SchemaHandler ...@@ -188,9 +185,7 @@ public final class SchemaHandler
} }
catch (final IOException e) catch (final IOException e)
{ {
_LOGGER.warn( _LOGGER.warn("Error resolving resource needed by org.apache.xml.resolver.CatalogResolver for OASIS CatalogManager with URL: {}", e);
"Error resolving resource needed by org.apache.xml.resolver.CatalogResolver for OASIS CatalogManager with URL: {}",
e);
} }
} }
return s; return s;
...@@ -228,10 +223,10 @@ public final class SchemaHandler ...@@ -228,10 +223,10 @@ public final class SchemaHandler
{ {
try try
{ {
final File file = new File(catalogURL.toURI()); final Path filePath = Paths.get(catalogURL.toURI());
if (!file.exists()) if (!Files.exists(filePath))
{ {
throw new FileNotFoundException(file.getAbsolutePath()); throw new FileNotFoundException(filePath.toString());
} }
} }
catch (final URISyntaxException e) catch (final URISyntaxException e)
...@@ -242,9 +237,7 @@ public final class SchemaHandler ...@@ -242,9 +237,7 @@ public final class SchemaHandler
if (catalog == null) if (catalog == null)
{ {
_LOGGER.warn( _LOGGER.warn("Catalog found at {} but no org.apache.xml.resolver.CatalogManager was found. Check the classpatch for an xmlresolver jar.", catalogURL);
"Catalog found at {} but no org.apache.xml.resolver.CatalogManager was found. Check the classpatch for an xmlresolver jar.",
catalogURL);
} }
else else
{ {
...@@ -319,8 +312,7 @@ public final class SchemaHandler ...@@ -319,8 +312,7 @@ public final class SchemaHandler
public Reader getCharacterStream() public Reader getCharacterStream()
{ {
/* /*
* No character stream, only byte streams are allowed. Do not throw exception, otherwise the resolution of * No character stream, only byte streams are allowed. Do not throw exception, otherwise the resolution of the resource fails, even if byte stream OK
* the resource fails, even if byte stream OK
*/ */
return null; return null;
// throw new UnsupportedOperationException(); // throw new UnsupportedOperationException();
...@@ -370,8 +362,7 @@ public final class SchemaHandler ...@@ -370,8 +362,7 @@ public final class SchemaHandler
public String getBaseURI() public String getBaseURI()
{ {
/* /*
* No base URI, only absolute URIs are allowed. Do not throw exception if no base URI, otherwise the * No base URI, only absolute URIs are allowed. Do not throw exception if no base URI, otherwise the resolution of the resource fails, even for absolute URIs
* resolution of the resource fails, even for absolute URIs
*/ */
return null; return null;
// throw new UnsupportedOperationException(); // throw new UnsupportedOperationException();
...@@ -387,8 +378,7 @@ public final class SchemaHandler ...@@ -387,8 +378,7 @@ public final class SchemaHandler
public String getEncoding() public String getEncoding()
{ {
/* /*
* No encoding override, only absolute URIs are allowed. Do not throw exception if no base URI, otherwise * No encoding override, only absolute URIs are allowed. Do not throw exception if no base URI, otherwise the resolution of the resource fails, even if encoding specified in other way
* the resolution of the resource fails, even if encoding specified in other way
*/ */
return null; return null;
// throw new UnsupportedOperationException(); // throw new UnsupportedOperationException();
...@@ -461,11 +451,9 @@ public final class SchemaHandler ...@@ -461,11 +451,9 @@ public final class SchemaHandler
public static Schema createSchema(final List<String> schemaLocations, final String catalogLocation) public static Schema createSchema(final List<String> schemaLocations, final String catalogLocation)
{ {
/* /*
* This is mostly similar to org.apache.cxf.jaxrs.utils.schemas.SchemaHandler#createSchema(), except we are * This is mostly similar to org.apache.cxf.jaxrs.utils.schemas.SchemaHandler#createSchema(), except we are using Spring ResourceUtils class to get Resource URLs and we don't use any Bus
* using Spring ResourceUtils class to get Resource URLs and we don't use any Bus object. We are not using CXF's * object. We are not using CXF's SchemaHandler class directly because it is part of cxf-rt-frontend-jaxrs which drags many dependencies on CXF we don't need, the full CXF JAX-RS framework
* SchemaHandler class directly because it is part of cxf-rt-frontend-jaxrs which drags many dependencies on CXF * actually. It would make more sense if SchemaHandler was part of some cxf common utility package, but it is not the case as of writing (December 2014).
* we don't need, the full CXF JAX-RS framework actually. It would make more sense if SchemaHandler was part of
* some cxf common utility package, but it is not the case as of writing (December 2014).
*/ */
final SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI); final SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
......
...@@ -365,7 +365,6 @@ public final class ExpressionFactoryImpl implements ExpressionFactory ...@@ -365,7 +365,6 @@ public final class ExpressionFactoryImpl implements ExpressionFactory
LOGGER.warn("Expression of Variable {} is constant '{}', therefore should be replaced with a equivalent AttributeValue.", variableId, constant); LOGGER.warn("Expression of Variable {} is constant '{}', therefore should be replaced with a equivalent AttributeValue.", variableId, constant);
} }
variableExpression.getReturnType();
return new ConstantVariableReference<>(variableId, constant, variableExpression.getReturnType(), longestVarRefChainInExpression); return new ConstantVariableReference<>(variableId, constant, variableExpression.getReturnType(), longestVarRefChainInExpression);
} }
......
...@@ -80,7 +80,7 @@ public class ConformanceV3FromV2 ...@@ -80,7 +80,7 @@ public class ConformanceV3FromV2
*/ */
private static final Logger LOGGER = LoggerFactory.getLogger(ConformanceV3FromV2.class); private static final Logger LOGGER = LoggerFactory.getLogger(ConformanceV3FromV2.class);
protected static void setUp(String testRootDirectoryLocation) throws Exception protected static void setUp(final String testRootDirectoryLocation) throws Exception
{ {
LOGGER.debug("Launching conformance tests for features in directory: {}", testRootDirectoryLocation); LOGGER.debug("Launching conformance tests for features in directory: {}", testRootDirectoryLocation);
} }
...@@ -103,8 +103,8 @@ public class ConformanceV3FromV2 ...@@ -103,8 +103,8 @@ public class ConformanceV3FromV2
* PDP request filter ID to be used for the tests * PDP request filter ID to be used for the tests
* @return test data * @return test data
*/ */
protected static Collection<? extends Object[]> getTestData(String rootDirectoryPath, String testSubDirectoryName, String testFilenamePrefixBeforeNum, int startTestNum, int endTestNum, protected static Collection<? extends Object[]> getTestData(final String rootDirectoryPath, final String testSubDirectoryName, final String testFilenamePrefixBeforeNum, final int startTestNum,
String requestFilterId) final int endTestNum, final String requestFilterId)
{ {
final Collection<Object[]> testData = new ArrayList<>(); final Collection<Object[]> testData = new ArrayList<>();
for (int testNum = startTestNum; testNum <= endTestNum; testNum++) for (int testNum = startTestNum; testNum <= endTestNum; testNum++)
...@@ -113,10 +113,12 @@ public class ConformanceV3FromV2 ...@@ -113,10 +113,12 @@ public class ConformanceV3FromV2
if (testNum < 10) if (testNum < 10)
{ {
paddedTestNumber = "00" + testNum; paddedTestNumber = "00" + testNum;
} else if (testNum < 100) }
else if (testNum < 100)
{ {
paddedTestNumber = "0" + testNum; paddedTestNumber = "0" + testNum;
} else }
else
{ {
paddedTestNumber = Integer.toString(testNum); paddedTestNumber = Integer.toString(testNum);
} }
...@@ -135,7 +137,7 @@ public class ConformanceV3FromV2 ...@@ -135,7 +137,7 @@ public class ConformanceV3FromV2
private final String reqFilter; private final String reqFilter;
public ConformanceV3FromV2(String filePathPrefix, boolean enableXPath, String requestFilter) public ConformanceV3FromV2(final String filePathPrefix, final boolean enableXPath, final String requestFilter)
{ {
this.testFilePathPrefix = filePathPrefix; this.testFilePathPrefix = filePathPrefix;
this.enableXPath = enableXPath; this.enableXPath = enableXPath;
...@@ -148,29 +150,33 @@ public class ConformanceV3FromV2 ...@@ -148,29 +150,33 @@ public class ConformanceV3FromV2
{ {
LOGGER.debug("Starting conformance test with files '{}*.xml'", testFilePathPrefix); LOGGER.debug("Starting conformance test with files '{}*.xml'", testFilePathPrefix);
NamespaceFilteringParser unmarshaller = xacmlParserFactory.getInstance(); final NamespaceFilteringParser respUnmarshaller = xacmlParserFactory.getInstance();
Response expectedResponse = null; Response expectedResponse = null;
String expectedRespFilepath = testFilePathPrefix + EXPECTED_RESPONSE_FILENAME_SUFFIX; final String expectedRespFilepath = testFilePathPrefix + EXPECTED_RESPONSE_FILENAME_SUFFIX;
try try
{ {
expectedResponse = TestUtils.createResponse(expectedRespFilepath, unmarshaller); expectedResponse = TestUtils.createResponse(expectedRespFilepath, respUnmarshaller);
} catch (FileNotFoundException notFoundErr) }
catch (final FileNotFoundException notFoundErr)
{ {
// do nothing except logging -> request = null // do nothing except logging -> request = null
LOGGER.debug("Response file '{}' does not exist -> Static Policy/Request syntax error check", expectedRespFilepath); LOGGER.debug("Response file '{}' does not exist -> Static Policy/Request syntax error check", expectedRespFilepath);
} }
final NamespaceFilteringParser reqUnmarshaller = xacmlParserFactory.getInstance();
Request request = null; Request request = null;
// if no Request file, it is just a static policy syntax error check // if no Request file, it is just a static policy syntax error check
String expectedReqFilepath = testFilePathPrefix + REQUEST_FILENAME_SUFFIX; final String expectedReqFilepath = testFilePathPrefix + REQUEST_FILENAME_SUFFIX;
try try
{ {
request = TestUtils.createRequest(expectedReqFilepath, unmarshaller); request = TestUtils.createRequest(expectedReqFilepath, reqUnmarshaller);
} catch (FileNotFoundException notFoundErr) }
catch (final FileNotFoundException notFoundErr)
{ {
// do nothing except logging -> request = null // do nothing except logging -> request = null
LOGGER.debug("Request file '{}' does not exist -> Static policy syntax error check (Request/Response ignored)", expectedReqFilepath); LOGGER.debug("Request file '{}' does not exist -> Static policy syntax error check (Request/Response ignored)", expectedReqFilepath);
} catch (JAXBException e) }
catch (final JAXBException e)
{ {
// we found syntax error in request // we found syntax error in request
if (expectedResponse == null) if (expectedResponse == null)
...@@ -185,11 +191,11 @@ public class ConformanceV3FromV2 ...@@ -185,11 +191,11 @@ public class ConformanceV3FromV2
throw e; throw e;
} }
String rootPolicyFilepath = testFilePathPrefix + ROOT_POLICY_FILENAME_SUFFIX; final String rootPolicyFilepath = testFilePathPrefix + ROOT_POLICY_FILENAME_SUFFIX;
// referenced policies if any // referenced policies if any
String refPoliciesDirLocation = testFilePathPrefix + REF_POLICIES_DIRNAME_SUFFIX; final String refPoliciesDirLocation = testFilePathPrefix + REF_POLICIES_DIRNAME_SUFFIX;
String attributeProviderConfLocation = testFilePathPrefix + ATTRIBUTE_PROVIDER_FILENAME_SUFFIX; final String attributeProviderConfLocation = testFilePathPrefix + ATTRIBUTE_PROVIDER_FILENAME_SUFFIX;
PDPImpl pdp = null; PDPImpl pdp = null;
try try
...@@ -200,7 +206,8 @@ public class ConformanceV3FromV2 ...@@ -200,7 +206,8 @@ public class ConformanceV3FromV2
// this is a policy syntax error check and we didn't found the syntax error as // this is a policy syntax error check and we didn't found the syntax error as
// expected // expected
Assert.fail("Failed to find syntax error as expected in policy located at: " + rootPolicyFilepath); Assert.fail("Failed to find syntax error as expected in policy located at: " + rootPolicyFilepath);
} else if (expectedResponse == null) }
else if (expectedResponse == null)
{ {
/* /*
* No expected response, so it is not a PDP evaluation test, but request or policy syntax error check. We got here, so request and policy OK. This is unexpected. * No expected response, so it is not a PDP evaluation test, but request or policy syntax error check. We got here, so request and policy OK. This is unexpected.
...@@ -208,19 +215,21 @@ public class ConformanceV3FromV2 ...@@ -208,19 +215,21 @@ public class ConformanceV3FromV2
Assert.fail("Missing response file '" + expectedRespFilepath + "' or failed to find syntax error as expected in either request located at '" + expectedReqFilepath Assert.fail("Missing response file '" + expectedRespFilepath + "' or failed to find syntax error as expected in either request located at '" + expectedReqFilepath
+ "' or policy located at '" + rootPolicyFilepath + "'"); + "' or policy located at '" + rootPolicyFilepath + "'");
} else }
else
{ {
// this is an evaluation test with request/response (not a policy syntax check) // this is an evaluation test with request/response (not a policy syntax check)
LOGGER.debug("Request that is sent to the PDP: {}", request); LOGGER.debug("Request that is sent to the PDP: {}", request);
Response response = pdp.evaluate(request, unmarshaller.getNamespacePrefixUriMap()); final Response actualResponse = pdp.evaluate(request, reqUnmarshaller.getNamespacePrefixUriMap());
if (LOGGER.isDebugEnabled()) if (LOGGER.isDebugEnabled())
{ {
LOGGER.debug("Response that is received from the PDP : {}", TestUtils.printResponse(response)); LOGGER.debug("Response that is received from the PDP : {}", TestUtils.printResponse(actualResponse));
} }
TestUtils.assertNormalizedEquals(testFilePathPrefix, expectedResponse, response); TestUtils.assertNormalizedEquals(testFilePathPrefix, expectedResponse, actualResponse);
} }
} catch (IllegalArgumentException e) }
catch (final IllegalArgumentException e)
{ {
// we found syntax error in policy // we found syntax error in policy
if (request == null) if (request == null)
...@@ -233,7 +242,8 @@ public class ConformanceV3FromV2 ...@@ -233,7 +242,8 @@ public class ConformanceV3FromV2
// Unexpected error // Unexpected error
throw e; throw e;
} finally }
finally
{ {
if (pdp != null) if (pdp != null)
{ {
......
...@@ -39,7 +39,7 @@ import org.ow2.authzforce.core.test.utils.FunctionTest; ...@@ -39,7 +39,7 @@ import org.ow2.authzforce.core.test.utils.FunctionTest;
public class SpecialMatchFunctionsTest extends FunctionTest public class SpecialMatchFunctionsTest extends FunctionTest
{ {
public SpecialMatchFunctionsTest(String functionName, List<Value> inputs, Value expectedResult) public SpecialMatchFunctionsTest(final String functionName, final List<Value> inputs, final Value expectedResult)
{ {
super(functionName, null, inputs, expectedResult); super(functionName, null, inputs, expectedResult);
} }
...@@ -52,32 +52,38 @@ public class SpecialMatchFunctionsTest extends FunctionTest ...@@ -52,32 +52,38 @@ public class SpecialMatchFunctionsTest extends FunctionTest
{ {
return Arrays.asList( return Arrays.asList(
// urn:oasis:names:tc:xacml:1.0:function:x500Name-match // urn:oasis:names:tc:xacml:1.0:function:x500Name-match
new Object[] { NAME_X500NAME_MATCH, new Object[] { NAME_X500NAME_MATCH, Arrays.asList(new X500NameValue("O=Medico Corp,C=US"), new X500NameValue("cn=John Smith,o=Medico Corp, c=US")), BooleanValue.TRUE },
Arrays.asList(new X500NameValue("O=Medico Corp,C=US"), new X500NameValue("cn=John Smith,o=Medico Corp, c=US")), BooleanValue.TRUE }, //
new Object[] { NAME_X500NAME_MATCH, new Object[] { NAME_X500NAME_MATCH, Arrays.asList(new X500NameValue("O=Medico Corp,C=US"), new X500NameValue("cn=John Smith, o=Medico Corp, c=US")), BooleanValue.TRUE },
Arrays.asList(new X500NameValue("O=Another Corp,C=US"), new X500NameValue("cn=John Smith,o=Medico Corp, c=US")), BooleanValue.FALSE }, //
new Object[] { NAME_X500NAME_MATCH, Arrays.asList(new X500NameValue("O=Medico Corp,C=US"), new X500NameValue("cn=John Smith\\,O=Medico Corp, c=US")), BooleanValue.FALSE },
//
new Object[] { NAME_X500NAME_MATCH, Arrays.asList(new X500NameValue("O=Medico Corp,C=US"), new X500NameValue("cn=John Smith\\, O=Medico Corp, c=US")), BooleanValue.FALSE },
//
new Object[] { NAME_X500NAME_MATCH, Arrays.asList(new X500NameValue("O=Another Corp,C=US"), new X500NameValue("cn=John Smith,o=Medico Corp, c=US")), BooleanValue.FALSE },
// urn:oasis:names:tc:xacml:1.0:function:rfc822Name-match // urn:oasis:names:tc:xacml:1.0:function:rfc822Name-match
new Object[] { NAME_RFC822NAME_MATCH, Arrays.asList(new StringValue("Anderson@sun.com"), new RFC822NameValue("Anderson@sun.com")), new Object[] { NAME_RFC822NAME_MATCH, Arrays.asList(new StringValue("Anderson@sun.com"), new RFC822NameValue("Anderson@sun.com")), BooleanValue.TRUE },
BooleanValue.TRUE }, //
new Object[] { NAME_RFC822NAME_MATCH, Arrays.asList(new StringValue("Anderson@sun.com"), new RFC822NameValue("Anderson@SUN.COM")), new Object[] { NAME_RFC822NAME_MATCH, Arrays.asList(new StringValue("Anderson@sun.com"), new RFC822NameValue("Anderson@SUN.COM")), BooleanValue.TRUE },
BooleanValue.TRUE }, //
new Object[] { NAME_RFC822NAME_MATCH, Arrays.asList(new StringValue("Anderson@sun.com"), new RFC822NameValue("Anne.Anderson@sun.com")), new Object[] { NAME_RFC822NAME_MATCH, Arrays.asList(new StringValue("Anderson@sun.com"), new RFC822NameValue("Anne.Anderson@sun.com")), BooleanValue.FALSE },
BooleanValue.FALSE }, //
new Object[] { NAME_RFC822NAME_MATCH, Arrays.asList(new StringValue("Anderson@sun.com"), new RFC822NameValue("anderson@sun.com")), new Object[] { NAME_RFC822NAME_MATCH, Arrays.asList(new StringValue("Anderson@sun.com"), new RFC822NameValue("anderson@sun.com")), BooleanValue.FALSE },
BooleanValue.FALSE }, //
new Object[] { NAME_RFC822NAME_MATCH, Arrays.asList(new StringValue("Anderson@sun.com"), new RFC822NameValue("Anderson@east.sun.com")), new Object[] { NAME_RFC822NAME_MATCH, Arrays.asList(new StringValue("Anderson@sun.com"), new RFC822NameValue("Anderson@east.sun.com")), BooleanValue.FALSE },
BooleanValue.FALSE }, //
new Object[] { NAME_RFC822NAME_MATCH, Arrays.asList(new StringValue("sun.com"), new RFC822NameValue("Anderson@sun.com")), BooleanValue.TRUE }, new Object[] { NAME_RFC822NAME_MATCH, Arrays.asList(new StringValue("sun.com"), new RFC822NameValue("Anderson@sun.com")), BooleanValue.TRUE },
//
new Object[] { NAME_RFC822NAME_MATCH, Arrays.asList(new StringValue("sun.com"), new RFC822NameValue("Baxter@SUN.COM")), BooleanValue.TRUE }, new Object[] { NAME_RFC822NAME_MATCH, Arrays.asList(new StringValue("sun.com"), new RFC822NameValue("Baxter@SUN.COM")), BooleanValue.TRUE },
new Object[] { NAME_RFC822NAME_MATCH, Arrays.asList(new StringValue("sun.com"), new RFC822NameValue("Anderson@east.sun.com")), //
BooleanValue.FALSE }, new Object[] { NAME_RFC822NAME_MATCH, Arrays.asList(new StringValue("sun.com"), new RFC822NameValue("Anderson@east.sun.com")), BooleanValue.FALSE },
new Object[] { NAME_RFC822NAME_MATCH, Arrays.asList(new StringValue(".east.sun.com"), new RFC822NameValue("Anderson@east.sun.com")), //
BooleanValue.TRUE }, new Object[] { NAME_RFC822NAME_MATCH, Arrays.asList(new StringValue(".east.sun.com"), new RFC822NameValue("Anderson@east.sun.com")), BooleanValue.TRUE },
new Object[] { NAME_RFC822NAME_MATCH, Arrays.asList(new StringValue(".east.sun.com"), new RFC822NameValue("anne.anderson@ISRG.EAST.SUN.COM")), //
BooleanValue.TRUE }, new Object[] { NAME_RFC822NAME_MATCH, Arrays.asList(new StringValue(".east.sun.com"), new RFC822NameValue("anne.anderson@ISRG.EAST.SUN.COM")), BooleanValue.TRUE },
new Object[] { NAME_RFC822NAME_MATCH, Arrays.asList(new StringValue(".east.sun.com"), new RFC822NameValue("Anderson@sun.com")), //
BooleanValue.FALSE }); new Object[] { NAME_RFC822NAME_MATCH, Arrays.asList(new StringValue(".east.sun.com"), new RFC822NameValue("Anderson@sun.com")), BooleanValue.FALSE });
} }
} }
...@@ -15,8 +15,7 @@ ...@@ -15,8 +15,7 @@
<PolicySet xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" <PolicySet
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:ordered-deny-overrides" PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:ordered-deny-overrides"
PolicySetId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIG302:InternalPolicyset" PolicySetId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIG302:InternalPolicyset"
Version="1.0" Version="1.0"
......
...@@ -11,6 +11,8 @@ ...@@ -11,6 +11,8 @@
<appender name="stdout" class="ch.qos.logback.core.ConsoleAppender"> <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
<encoder> <encoder>
<pattern>%-4r [%t] [%d] %5p [%C:%M] \(%F:%L\) - %m%n</pattern> <pattern>%-4r [%t] [%d] %5p [%C:%M] \(%F:%L\) - %m%n</pattern>
<!-- Pattern mitigating CRLF injection -->
<!-- <pattern>%-4r [%t] [%d] %5p [%C:%M] \(%F:%L\) - %replace(%m){'\r?\n','<NEWLINE>'}%n</pattern> -->
</encoder> </encoder>
</appender> </appender>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment