Commit e7289923 authored by cdanger's avatar cdanger

- Update to new PDP API using java.util.Optional when relevant:

	- Change of type in AttributeGUID constructor's issuer parameter from
String to Optional <String>
	- Change of type in StatusHelper constructor's message and detail
parameters, from String to Optional<String>
	- Change of type returned by Datatype#getTypeParameter(): Datatype<?>
-> Optional<Datatype<?>>
parent 4f69942a
......@@ -42,7 +42,7 @@
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-core-pdp-api</artifactId>
<version>9.0.0</version>
<version>9.0.1-SNAPSHOT</version>
</dependency>
<!-- /Authzforce dependencies -->
......
......@@ -27,6 +27,7 @@ import java.util.Collections;
import java.util.GregorianCalendar;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import javax.xml.bind.JAXBException;
......@@ -111,7 +112,7 @@ public final class BasePdpEngine implements CloseablePDP<ImmutablePdpDecisionReq
* Indeterminate response iff CombinedDecision element not supported because the request parser does not support any scheme from MultipleDecisionProfile section 2.
*/
private static final Response UNSUPPORTED_COMBINED_DECISION_RESPONSE = new Response(Collections.<Result> singletonList(new Result(DecisionType.INDETERMINATE, new StatusHelper(
StatusHelper.STATUS_SYNTAX_ERROR, "Unsupported feature: CombinedDecision='true'"), null, null, null, null)));
StatusHelper.STATUS_SYNTAX_ERROR, Optional.of("Unsupported feature: CombinedDecision='true'")), null, null, null, null)));
private interface StandardEnvironmentAttributeIssuer
{
......@@ -207,7 +208,7 @@ public final class BasePdpEngine implements CloseablePDP<ImmutablePdpDecisionReq
/*
* Put the non-issued version of the attribute first
*/
final AttributeGUID nonIssuedAttributeGUID = new AttributeGUID(attributeGUID.getCategory(), null, attributeGUID.getId());
final AttributeGUID nonIssuedAttributeGUID = new AttributeGUID(attributeGUID.getCategory(), Optional.empty(), attributeGUID.getId());
super.putNamedAttributeIfAbsent(nonIssuedAttributeGUID, attributeValues);
return super.putNamedAttributeIfAbsent(attributeGUID, attributeValues);
}
......@@ -277,8 +278,8 @@ public final class BasePdpEngine implements CloseablePDP<ImmutablePdpDecisionReq
private static final IndeterminateEvaluationException INDETERMINATE_EVALUATION_EXCEPTION = new IndeterminateEvaluationException("Internal error in decision cache: null result",
StatusHelper.STATUS_PROCESSING_ERROR);
private static final Result INVALID_DECISION_CACHE_RESULT = new Result(DecisionType.INDETERMINATE, new StatusHelper(StatusHelper.STATUS_PROCESSING_ERROR, "Internal error"), null, null, null,
null);
private static final Result INVALID_DECISION_CACHE_RESULT = new Result(DecisionType.INDETERMINATE, new StatusHelper(StatusHelper.STATUS_PROCESSING_ERROR, Optional.of("Internal error")), null,
null, null, null);
private final DecisionCache decisionCache;
......
......@@ -20,6 +20,7 @@ package org.ow2.authzforce.core.pdp.impl;
import java.util.Collections;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
......@@ -57,7 +58,7 @@ public class ModularAttributeProvider implements AttributeProvider
@Override
public void process(final AttributeGUID attributeGUID, final Bag<?> result, final EvaluationContext context)
{
if (attributeGUID.getIssuer() == null)
if (!attributeGUID.getIssuer().isPresent())
{
// Attribute already without Issuer -> nothing to copy
return;
......@@ -65,7 +66,7 @@ public class ModularAttributeProvider implements AttributeProvider
/*
* Attribute with Issuer -> make Issuer-less copy and put same result in context for match by Issuer-less AttributeDesignator
*/
final AttributeGUID issuerLessAttributeGUID = new AttributeGUID(attributeGUID.getCategory(), null, attributeGUID.getId());
final AttributeGUID issuerLessAttributeGUID = new AttributeGUID(attributeGUID.getCategory(), Optional.empty(), attributeGUID.getId());
/*
* Cache the attribute value(s) for the issuer-less attribute in context in case there is a matching Issuer-less AttributeDesignator to evaluate
*/
......
......@@ -20,10 +20,11 @@ package org.ow2.authzforce.core.pdp.impl;
import java.util.Arrays;
import java.util.Map;
import java.util.Optional;
import org.ow2.authzforce.core.pdp.api.AttributeGUID;
import org.ow2.authzforce.xacml.identifiers.XACMLAttributeId;
import org.ow2.authzforce.xacml.identifiers.XACMLAttributeCategory;
import org.ow2.authzforce.xacml.identifiers.XACMLAttributeId;
import com.google.common.collect.Maps;
......@@ -38,17 +39,17 @@ public enum StandardEnvironmentAttribute
/**
* urn:oasis:names:tc:xacml:1.0:environment:current-time
*/
CURRENT_TIME(new AttributeGUID(XACMLAttributeCategory.XACML_3_0_ENVIRONMENT.value(), null, XACMLAttributeId.XACML_1_0_ENVIRONMENT_CURRENT_TIME.value())),
CURRENT_TIME(new AttributeGUID(XACMLAttributeCategory.XACML_3_0_ENVIRONMENT.value(), Optional.empty(), XACMLAttributeId.XACML_1_0_ENVIRONMENT_CURRENT_TIME.value())),
/**
* urn:oasis:names:tc:xacml:1.0:environment:current-date
*/
CURRENT_DATE(new AttributeGUID(XACMLAttributeCategory.XACML_3_0_ENVIRONMENT.value(), null, XACMLAttributeId.XACML_1_0_ENVIRONMENT_CURRENT_DATE.value())),
CURRENT_DATE(new AttributeGUID(XACMLAttributeCategory.XACML_3_0_ENVIRONMENT.value(), Optional.empty(), XACMLAttributeId.XACML_1_0_ENVIRONMENT_CURRENT_DATE.value())),
/**
* urn:oasis:names:tc:xacml:1.0:environment:current-dateTime
*/
CURRENT_DATETIME(new AttributeGUID(XACMLAttributeCategory.XACML_3_0_ENVIRONMENT.value(), null, XACMLAttributeId.XACML_1_0_ENVIRONMENT_CURRENT_DATETIME.value()));
CURRENT_DATETIME(new AttributeGUID(XACMLAttributeCategory.XACML_3_0_ENVIRONMENT.value(), Optional.empty(), XACMLAttributeId.XACML_1_0_ENVIRONMENT_CURRENT_DATETIME.value()));
private final AttributeGUID attributeGUID;
......
......@@ -18,6 +18,8 @@
*/
package org.ow2.authzforce.core.pdp.impl.combining;
import java.util.Optional;
import javax.xml.bind.JAXBElement;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.DecisionType;
......@@ -55,8 +57,8 @@ final class OnlyOneApplicableCombiningAlg extends BaseCombiningAlg<PolicyEvaluat
private Evaluator(final String algId, final Iterable<? extends PolicyEvaluator> policyElements)
{
super(policyElements);
this.tooManyApplicablePoliciesIndeterminateResult = ExtendedDecisions.newIndeterminate(DecisionType.INDETERMINATE, new StatusHelper(StatusHelper.STATUS_PROCESSING_ERROR,
"Too many (more than one) applicable policies for algorithm: " + algId));
this.tooManyApplicablePoliciesIndeterminateResult = ExtendedDecisions.newIndeterminate(DecisionType.INDETERMINATE,
new StatusHelper(StatusHelper.STATUS_PROCESSING_ERROR, Optional.of("Too many (more than one) applicable policies for algorithm: " + algId)));
}
@Override
......
......@@ -57,10 +57,7 @@ import org.ow2.authzforce.core.pdp.api.value.Datatype;
*/
public final class AttributeDesignatorExpression<AV extends AttributeValue> implements Expression<Bag<AV>>
{
private static final IllegalArgumentException NULL_CATEGORY_EXCEPTION = new IllegalArgumentException("Undefined attribute designator category");
private static final IllegalArgumentException NULL_DATATYPE_EXCEPTION = new IllegalArgumentException("Undefined attribute designator datatype");
private static final IllegalArgumentException NULL_ATTRIBUTE_ID_EXCEPTION = new IllegalArgumentException("Undefined attribute designator AttribtueId");
private static final IllegalArgumentException NULL_ATTRIBUTE_Provider_EXCEPTION = new IllegalArgumentException("Undefined attribute Provider");
private static final IllegalArgumentException NULL_ATTRIBUTE_PROVIDER_EXCEPTION = new IllegalArgumentException("Undefined attribute Provider");
private static final UnsupportedOperationException UNSUPPORTED_OPERATION_EXCEPTION = new UnsupportedOperationException();
private final transient AttributeGUID attrGUID;
......@@ -91,35 +88,19 @@ public final class AttributeDesignatorExpression<AV extends AttributeValue> impl
* expected datatype of the result of evaluating this AttributeDesignator ( {@code AV is the expected type of every element in the bag})
* @param attrProvider
* Attribute Provider responsible for finding the attribute designated by this in a given evaluation context at runtime
* @throws IllegalArgumentException
* if {@code attrDesignator.getCategory() == null || attrDesignator.getAttributeId() == null}
*/
public AttributeDesignatorExpression(final AttributeDesignatorType attrDesignator, final BagDatatype<AV> resultDatatype, final AttributeProvider attrProvider)
{
final String categoryURI = attrDesignator.getCategory();
if (categoryURI == null)
{
throw NULL_CATEGORY_EXCEPTION;
}
final String datatypeURI = attrDesignator.getDataType();
if (datatypeURI == null)
{
throw NULL_DATATYPE_EXCEPTION;
}
final String id = attrDesignator.getAttributeId();
if (id == null)
{
throw NULL_ATTRIBUTE_ID_EXCEPTION;
}
if (attrProvider == null)
{
throw NULL_ATTRIBUTE_Provider_EXCEPTION;
throw NULL_ATTRIBUTE_PROVIDER_EXCEPTION;
}
this.attrGUID = new AttributeGUID(categoryURI, attrDesignator.getIssuer(), id);
this.returnType = resultDatatype;
this.attrProvider = attrProvider;
this.attrGUID = new AttributeGUID(attrDesignator);
this.returnType = resultDatatype;
// error messages/exceptions
final String missingAttributeMessage = this + " not found in context";
......
......@@ -24,6 +24,7 @@ import java.util.Collections;
import java.util.Deque;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
......@@ -311,7 +312,7 @@ public final class AttributeSelectorExpression<AV extends AttributeValue> implem
throw NULL_ATTRIBUTE_Provider_BUT_NON_NULL_CONTEXT_SELECTOR_ID_EXCEPTION;
}
final AttributeGUID contextSelectorGUID = new AttributeGUID(attributeSelectorId.getCategory(), null, contextSelectorId);
final AttributeGUID contextSelectorGUID = new AttributeGUID(attributeSelectorId.getCategory(), Optional.empty(), contextSelectorId);
final String missingContextSelectorAttributeExceptionMessage = this + ": No value found for attribute designated by Category=" + attributeCategory + " and ContextSelectorId="
+ contextSelectorId;
final IndeterminateEvaluationException missingAttributeForUnknownReasonException = new IndeterminateEvaluationException(missingAttributeMessage + " for unknown reason",
......@@ -432,19 +433,14 @@ public final class AttributeSelectorExpression<AV extends AttributeValue> implem
final AttributeValue attrVal;
try
{
attrVal = attrFactory.getInstance(jaxbAttrVal.getContent(), jaxbAttrVal.getOtherAttributes(),
this.xpathCompiler);
attrVal = attrFactory.getInstance(jaxbAttrVal.getContent(), jaxbAttrVal.getOtherAttributes(), this.xpathCompiler);
}
catch (final IllegalArgumentException e)
{
final String contextSelectorId = attributeSelectorId.getContextSelectorId();
throw new IndeterminateEvaluationException(this + ": Error creating attribute value of type '"
+ attributeDatatype + "' from result #" + xpathEvalResultItemIndex
+ " of evaluating XPath against XML node from Content of Attributes Category='"
+ attributeSelectorId.getCategory() + "'"
+ (contextSelectorId == null ? ""
: " selected by ContextSelectorId='" + contextSelectorId + "'")
+ ": " + xpathEvalResultItem, StatusHelper.STATUS_SYNTAX_ERROR, e);
throw new IndeterminateEvaluationException(this + ": Error creating attribute value of type '" + attributeDatatype + "' from result #" + xpathEvalResultItemIndex
+ " of evaluating XPath against XML node from Content of Attributes Category='" + attributeSelectorId.getCategory() + "'"
+ (contextSelectorId == null ? "" : " selected by ContextSelectorId='" + contextSelectorId + "'") + ": " + xpathEvalResultItem, StatusHelper.STATUS_SYNTAX_ERROR, e);
}
resultBag.add(attributeDatatype.cast(attrVal));
......
......@@ -65,7 +65,7 @@ final class MapFunctionFactory extends GenericHigherOrderFunctionFactory
private final String indeterminateSubFuncEvalMessagePrefix;
private Call(final String functionId, final Datatype<Bag<SUB_RETURN>> returnType, final FirstOrderFunction<SUB_RETURN> subFunction, final List<Expression<?>> primitiveInputs,
final Expression<?> lastInputBag)
final Expression<? extends Bag<?>> lastInputBag)
{
super(functionId, returnType, subFunction, primitiveInputs, lastInputBag);
this.returnBagElementType = subFunction.getReturnType();
......@@ -108,7 +108,7 @@ final class MapFunctionFactory extends GenericHigherOrderFunctionFactory
@Override
protected OneBagOnlyHigherOrderFunction.Call<Bag<SUB_RETURN_T>, SUB_RETURN_T> newFunctionCall(final FirstOrderFunction<SUB_RETURN_T> subFunc, final List<Expression<?>> primitiveInputs,
final Expression<?> lastInputBag)
final Expression<? extends Bag<?>> lastInputBag)
{
return new Call<>(this.getId(), this.getReturnType(), subFunc, primitiveInputs, lastInputBag);
}
......
......@@ -58,7 +58,7 @@ final class SubstringFunction<AV extends SimpleValue<String>> extends MultiParam
private final String invalidArgTypesErrorMsg;
private final String argsOutOfBoundsErrorMessage;
private final Class<? extends SimpleValue<String>> firstParamClass;
private final Datatype<? extends SimpleValue<String>> param0Type;
private Call(final FirstOrderFunctionSignature<StringValue> functionSig, final Datatype<? extends SimpleValue<String>> param0Type, final List<Expression<?>> args,
final Datatype<?>[] remainingArgTypes) throws IllegalArgumentException
......@@ -67,7 +67,7 @@ final class SubstringFunction<AV extends SimpleValue<String>> extends MultiParam
this.invalidArgTypesErrorMsg = "Function " + functionId + ": Invalid arg types: expected: " + param0Type + ", " + StandardDatatypes.INTEGER_FACTORY.getDatatype() + ", "
+ StandardDatatypes.INTEGER_FACTORY.getDatatype() + "; actual: ";
this.argsOutOfBoundsErrorMessage = "Function " + functionId + ": either beginIndex is out of bounds, or endIndex =/= -1 and out of bounds";
this.firstParamClass = param0Type.getValueClass();
this.param0Type = param0Type;
}
@Override
......@@ -82,7 +82,7 @@ final class SubstringFunction<AV extends SimpleValue<String>> extends MultiParam
final IntegerValue endIndex;
try
{
arg0 = firstParamClass.cast(rawArg0);
arg0 = param0Type.cast(rawArg0);
beginIndex = (IntegerValue) rawArg1;
endIndex = (IntegerValue) rawArg2;
}
......
......@@ -44,8 +44,7 @@ import org.ow2.authzforce.core.pdp.api.value.DurationValue;
*
* @version $Id: $
*/
final class TemporalArithmeticFunction<T extends BaseTimeValue<T>, D extends DurationValue<D>>
extends MultiParameterTypedFirstOrderFunction<T>
final class TemporalArithmeticFunction<T extends BaseTimeValue<T>, D extends DurationValue<D>> extends MultiParameterTypedFirstOrderFunction<T>
{
interface StaticOperation<TV extends BaseTimeValue<TV>, DV extends DurationValue<DV>>
{
......@@ -53,23 +52,20 @@ final class TemporalArithmeticFunction<T extends BaseTimeValue<T>, D extends Dur
TV eval(TV time, DV duration);
}
private static final class Call<TV extends BaseTimeValue<TV>, DV extends DurationValue<DV>>
extends EagerMultiPrimitiveTypeEval<TV>
private static final class Call<TV extends BaseTimeValue<TV>, DV extends DurationValue<DV>> extends EagerMultiPrimitiveTypeEval<TV>
{
private final String invalidArgTypesErrorMsg;
private final Class<DV> durationParamClass;
private final Class<TV> timeParamClass;
private final Datatype<DV> durationParamType;
private final Datatype<TV> timeParamType;
private final StaticOperation<TV, DV> op;
private Call(final FirstOrderFunctionSignature<TV> functionSig, final Datatype<TV> timeParamType,
final Datatype<DV> durationParamType, final StaticOperation<TV, DV> op, final List<Expression<?>> args,
final Datatype<?>[] remainingArgTypes) throws IllegalArgumentException
private Call(final FirstOrderFunctionSignature<TV> functionSig, final Datatype<TV> timeParamType, final Datatype<DV> durationParamType, final StaticOperation<TV, DV> op,
final List<Expression<?>> args, final Datatype<?>[] remainingArgTypes) throws IllegalArgumentException
{
super(functionSig, args, remainingArgTypes);
invalidArgTypesErrorMsg = "Function " + this.functionId + ": Invalid arg types (expected: " + timeParamType
+ "," + durationParamType + "): ";
this.timeParamClass = timeParamType.getValueClass();
this.durationParamClass = durationParamType.getValueClass();
invalidArgTypesErrorMsg = "Function " + this.functionId + ": Invalid arg types (expected: " + timeParamType + "," + durationParamType + "): ";
this.timeParamType = timeParamType;
this.durationParamType = durationParamType;
this.op = op;
}
......@@ -83,14 +79,12 @@ final class TemporalArithmeticFunction<T extends BaseTimeValue<T>, D extends Dur
final DV arg1;
try
{
arg0 = timeParamClass.cast(rawArg0);
arg1 = durationParamClass.cast(rawArg1);
arg0 = timeParamType.cast(rawArg0);
arg1 = durationParamType.cast(rawArg1);
}
catch (final ClassCastException e)
{
throw new IndeterminateEvaluationException(
invalidArgTypesErrorMsg + rawArg0.getDataType() + "," + rawArg1.getDataType(),
StatusHelper.STATUS_PROCESSING_ERROR, e);
throw new IndeterminateEvaluationException(invalidArgTypesErrorMsg + rawArg0.getDataType() + "," + rawArg1.getDataType(), StatusHelper.STATUS_PROCESSING_ERROR, e);
}
return op.eval(arg0, arg1);
......@@ -115,8 +109,7 @@ final class TemporalArithmeticFunction<T extends BaseTimeValue<T>, D extends Dur
* @param op
* temporal arithmetic operation
*/
TemporalArithmeticFunction(final String functionName, final Datatype<T> timeParamType,
final Datatype<D> durationParamType, final StaticOperation<T, D> op)
TemporalArithmeticFunction(final String functionName, final Datatype<T> timeParamType, final Datatype<D> durationParamType, final StaticOperation<T, D> op)
{
super(functionName, timeParamType, false, Arrays.asList(timeParamType, durationParamType));
this.timeParamType = timeParamType;
......@@ -127,8 +120,7 @@ final class TemporalArithmeticFunction<T extends BaseTimeValue<T>, D extends Dur
/** {@inheritDoc} */
@Override
public FirstOrderFunctionCall<T> newCall(final List<Expression<?>> argExpressions,
final Datatype<?>... remainingArgTypes) throws IllegalArgumentException
public FirstOrderFunctionCall<T> newCall(final List<Expression<?>> argExpressions, final Datatype<?>... remainingArgTypes) throws IllegalArgumentException
{
return new Call<>(functionSignature, timeParamType, durationParamType, op, argExpressions, remainingArgTypes);
}
......
......@@ -21,6 +21,7 @@ package org.ow2.authzforce.core.pdp.impl.policy;
import java.io.Closeable;
import java.io.IOException;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import javax.xml.bind.JAXBElement;
......@@ -176,7 +177,7 @@ public final class RootPolicyEvaluators
{
LOGGER.warn("One of the possible root policies (resolved by the root policy provider module {}) is invalid", rootPolicyProviderMod, e);
// we consider that
return new ImmutablePdpDecisionResult(new StatusHelper(StatusHelper.STATUS_PROCESSING_ERROR, e.getMessage()), context);
return new ImmutablePdpDecisionResult(new StatusHelper(StatusHelper.STATUS_PROCESSING_ERROR, Optional.ofNullable(e.getMessage())), context);
}
if (policy == null)
......
......@@ -26,8 +26,13 @@ import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Optional;
import java.util.Set;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Attribute;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Attributes;
import org.ow2.authzforce.core.pdp.api.AttributeGUID;
import org.ow2.authzforce.core.pdp.api.AttributeProvider;
import org.ow2.authzforce.core.pdp.api.BaseAttributeProviderModule;
......@@ -44,14 +49,9 @@ import org.ow2.authzforce.core.pdp.api.value.Datatype;
import org.ow2.authzforce.core.pdp.api.value.DatatypeFactoryRegistry;
import org.ow2.authzforce.core.xmlns.test.TestAttributeProvider;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Attribute;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Attributes;
/**
*
* Fake AttributeProviderModule for test purposes only that can be configured to support a specific set of attribute Providers, but always return an empty bag
* as attribute value.
* Fake AttributeProviderModule for test purposes only that can be configured to support a specific set of attribute Providers, but always return an empty bag as attribute value.
*
*/
public class TestAttributeProviderModule extends BaseAttributeProviderModule
......@@ -70,7 +70,7 @@ public class TestAttributeProviderModule extends BaseAttributeProviderModule
}
@Override
public DependencyAwareFactory getInstance(final TestAttributeProvider conf, EnvironmentProperties environmentProperties)
public DependencyAwareFactory getInstance(final TestAttributeProvider conf, final EnvironmentProperties environmentProperties)
{
return new DependencyAwareFactory()
{
......@@ -83,7 +83,7 @@ public class TestAttributeProviderModule extends BaseAttributeProviderModule
}
@Override
public CloseableAttributeProviderModule getInstance(DatatypeFactoryRegistry attrDatatypeFactory, AttributeProvider depAttrProvider)
public CloseableAttributeProviderModule getInstance(final DatatypeFactoryRegistry attrDatatypeFactory, final AttributeProvider depAttrProvider)
{
return new TestAttributeProviderModule(conf, attrDatatypeFactory);
}
......@@ -95,7 +95,7 @@ public class TestAttributeProviderModule extends BaseAttributeProviderModule
private final Set<AttributeDesignatorType> supportedDesignatorTypes = new HashSet<>();
private final Map<AttributeGUID, Bag<?>> attrMap = new HashMap<>();
private TestAttributeProviderModule(TestAttributeProvider conf, DatatypeFactoryRegistry attrDatatypeFactory) throws IllegalArgumentException
private TestAttributeProviderModule(final TestAttributeProvider conf, final DatatypeFactoryRegistry attrDatatypeFactory) throws IllegalArgumentException
{
super(conf.getId());
final JaxbXACMLAttributeParser<Bag<?>> xacmlAttributeParser = new NonIssuedLikeIssuedStrictJaxbXACMLAttributeParser(attrDatatypeFactory);
......@@ -110,8 +110,8 @@ public class TestAttributeProviderModule extends BaseAttributeProviderModule
for (final Attribute jaxbAttr : jaxbAttributes.getAttributes())
{
xacmlAttributeParser.parseAttribute(attrMap, new AttributeGUID(categoryName, jaxbAttr.getIssuer(), jaxbAttr.getAttributeId()),
jaxbAttr.getAttributeValues(), null);
xacmlAttributeParser
.parseAttribute(attrMap, new AttributeGUID(categoryName, Optional.ofNullable(jaxbAttr.getIssuer()), jaxbAttr.getAttributeId()), jaxbAttr.getAttributeValues(), null);
}
}
......@@ -119,8 +119,7 @@ public class TestAttributeProviderModule extends BaseAttributeProviderModule
{
final AttributeGUID attrKey = attrEntry.getKey();
final Bag<?> attrVals = attrEntry.getValue();
supportedDesignatorTypes.add(new AttributeDesignatorType(attrKey.getCategory(), attrKey.getId(), attrVals.getElementDatatype().getId(), attrKey
.getIssuer(), false));
supportedDesignatorTypes.add(new AttributeDesignatorType(attrKey.getCategory(), attrKey.getId(), attrVals.getElementDatatype().getId(), attrKey.getIssuer().orElse(null), false));
}
}
......@@ -137,8 +136,7 @@ public class TestAttributeProviderModule extends BaseAttributeProviderModule
}
@Override
public <AV extends AttributeValue> Bag<AV> get(AttributeGUID attributeGUID, Datatype<AV> attributeDatatype, EvaluationContext context)
throws IndeterminateEvaluationException
public <AV extends AttributeValue> Bag<AV> get(final AttributeGUID attributeGUID, final Datatype<AV> attributeDatatype, final EvaluationContext context) throws IndeterminateEvaluationException
{
final Bag<?> attrVals = attrMap.get(attributeGUID);
if (attrVals == null)
......@@ -151,8 +149,8 @@ public class TestAttributeProviderModule extends BaseAttributeProviderModule
return (Bag<AV>) attrVals;
}
throw new IndeterminateEvaluationException("Requested datatype (" + attributeDatatype + ") != provided by " + this + " ("
+ attrVals.getElementDatatype() + ")", StatusHelper.STATUS_MISSING_ATTRIBUTE);
throw new IndeterminateEvaluationException("Requested datatype (" + attributeDatatype + ") != provided by " + this + " (" + attrVals.getElementDatatype() + ")",
StatusHelper.STATUS_MISSING_ATTRIBUTE);
}
}
......@@ -20,6 +20,7 @@ package org.ow2.authzforce.core.pdp.impl.test.custom;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.DecisionType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Result;
......@@ -46,7 +47,7 @@ public class TestCombinedDecisionResultFilter implements DecisionResultFilter
public static final String ID = "urn:ow2:authzforce:feature:pdp:result-filter:multiple:test-combined-decision";
private static final List<Result> INDETERMINATE_RESULT_SINGLETON_LIST = Collections.singletonList(new Result(DecisionType.INDETERMINATE, new StatusHelper(StatusHelper.STATUS_PROCESSING_ERROR,
null), null, null, null, null));
Optional.empty()), null, null, null, null));
// private static final List<Result> INDETERMINATE_RESULT_SINGLETON_LIST_BECAUSE_NO_INDIVIDUAL = Collections.singletonList(new Result(DecisionType.INDETERMINATE, new StatusHelper(
// StatusHelper.STATUS_PROCESSING_ERROR, "No <Result> to combine!"), null, null, null, null));
......
......@@ -18,7 +18,6 @@
*/
package org.ow2.authzforce.core.pdp.impl.test.custom;
import java.net.URI;
import java.util.AbstractMap.SimpleEntry;
import java.util.Locale;
import java.util.Map.Entry;
......@@ -29,13 +28,11 @@ import org.ow2.authzforce.core.pdp.api.func.Function;
import org.ow2.authzforce.core.pdp.api.value.SimpleValue;
/**
* Represents the dnsName-value datatype <i>XACML Data Loss Prevention / Network Access Control (DLP/NAC) Profile Version 1.0<i>. Edited by John Tolbert,
* Richard Hill, Crystal Hayes, David Brossard, Hal Lockhart, and Steven Legg. 16 February 2015. OASIS Committee Specification 01.
* http://docs.oasis-open.org/xacml/xacml-3.0-dlp-nac/v1.0/cs01/xacml-3.0-dlp-nac-v1.0-cs01.html. Latest version:
* Represents the dnsName-value datatype <i>XACML Data Loss Prevention / Network Access Control (DLP/NAC) Profile Version 1.0<i>. Edited by John Tolbert, Richard Hill, Crystal Hayes, David Brossard,
* Hal Lockhart, and Steven Legg. 16 February 2015. OASIS Committee Specification 01. http://docs.oasis-open.org/xacml/xacml-3.0-dlp-nac/v1.0/cs01/xacml-3.0-dlp-nac-v1.0-cs01.html. Latest version:
* http://docs.oasis-open.org/xacml/xacml-3.0-dlp-nac/v1.0/xacml-3.0-dlp-nac-v1.0.html.
* <p>
* It is basically the same as XACML Core dnsName datatype except that the hostname may use a wildcard as left-most subdomain, and the part after ':' is limited
* to a port number only.
* It is basically the same as XACML Core dnsName datatype except that the hostname may use a wildcard as left-most subdomain, and the part after ':' is limited to a port number only.
* <p>
* Used here for testing Authzforce datatype extension mechanism, i.e. plugging a custom simple datatype into the PDP engine.
*
......@@ -54,11 +51,11 @@ public final class TestDNSNameWithPortValue extends SimpleValue<String>
public Factory()
{
super(TestDNSNameWithPortValue.class, ID, URI.create(Function.XACML_NS_3_0 + "dnsName-value"));
super(TestDNSNameWithPortValue.class, ID, Function.XACML_NS_3_0 + "dnsName-value");
}
@Override
public TestDNSNameWithPortValue getInstance(String val)
public TestDNSNameWithPortValue getInstance(final String val)
{
return new TestDNSNameWithPortValue(val);
}
......@@ -91,8 +88,8 @@ public final class TestDNSNameWithPortValue extends SimpleValue<String>
}
/*
* These fields are not actually needed in the XACML core specification since no function uses them, but it might be useful for new XACML profile or custom
* functions dealing with network access control for instance.
* These fields are not actually needed in the XACML core specification since no function uses them, but it might be useful for new XACML profile or custom functions dealing with network access
* control for instance.
*/
// the required hostname
private final transient String hostname;
......@@ -103,16 +100,15 @@ public final class TestDNSNameWithPortValue extends SimpleValue<String>
/**
* Private helper that tests whether the given string is valid.
*
* TODO: find out whether it's better to use DomainValidator from Apache commons-validator instead, but first make sure this issue is fixed:
* https://issues.apache.org/jira/browse/VALIDATOR-366
* TODO: find out whether it's better to use DomainValidator from Apache commons-validator instead, but first make sure this issue is fixed: https://issues.apache.org/jira/browse/VALIDATOR-366
*/
private static boolean isValidHostName(String hostname)
private static boolean isValidHostName(final String hostname)
{
assert hostname != null;
return HOSTNAME_PATTERN.matcher(hostname).matches();
}
private static Entry<String, Integer> parseDnsName(String dnsName) throws IllegalArgumentException
private static Entry<String, Integer> parseDnsName(final String dnsName) throws IllegalArgumentException
{
assert dnsName != null;
......@@ -124,7 +120,8 @@ public final class TestDNSNameWithPortValue extends SimpleValue<String>
// there is no port portRange, so just use the name
host = dnsName;
port = UNDEFINED_PORT;
} else
}
else
{
// split the name and the port
host = dnsName.substring(0, portSep);
......@@ -149,7 +146,7 @@ public final class TestDNSNameWithPortValue extends SimpleValue<String>
* @throws java.lang.IllegalArgumentException
* if format of {@code val} does not comply with the dnsName datatype definition
*/
public TestDNSNameWithPortValue(String val) throws IllegalArgumentException
public TestDNSNameWithPortValue(final String val) throws IllegalArgumentException
{
super(ID, val);
final Entry<String, Integer> hostAndPort = parseDnsName(this.value);
......@@ -197,12 +194,11 @@ public final class TestDNSNameWithPortValue extends SimpleValue<String>
*
* @see java.lang.Object#equals(java.lang.Object)
*
* We override the equals because for hostname, we can use equalsIgnoreCase() instead of equals() to compare, and PortRange.equals() for the portRange
* attribute (more optimal than String equals)
* We override the equals because for hostname, we can use equalsIgnoreCase() instead of equals() to compare, and PortRange.equals() for the portRange attribute (more optimal than String equals)
*/
/** {@inheritDoc} */
@Override
public boolean equals(Object obj)
public boolean equals(final Object obj)
{
if (this == obj)
{
......
......@@ -19,10 +19,10 @@
package org.ow2.authzforce.core.pdp.impl.test.custom;
import java.io.Serializable;
import java.net.URI;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.xml.namespace.QName;
......@@ -60,7 +60,7 @@ public class TestXACMLPolicyAttributeValue extends AttributeValue
private TestXACMLPolicyAttributeValue(final List<Serializable> content) throws IllegalArgumentException
{
super(ID, content, null);
super(ID, content, Optional.empty());
/*
* If content is empty, e.g. <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string"/>, assume value is empty string.
......@@ -125,16 +125,21 @@ public class TestXACMLPolicyAttributeValue extends AttributeValue
{
public Factory()
{
super(TestXACMLPolicyAttributeValue.class, ID, URI.create(FUNCTION_ID_PREFIX));
super(TestXACMLPolicyAttributeValue.class, ID, FUNCTION_ID_PREFIX);
}
private static final IllegalArgumentException NON_NULL_OTHER_XML_ATTRIBUTES_ARG_EXCEPTION = new IllegalArgumentException("Invalid content for datatype '" + ID
+ "': extra XML attributes are not supported by this primitive datatype, only one XML element.");
private static final IllegalArgumentException UNDEFINED_CONTENT_ARG_EXCEPTION = new IllegalArgumentException("Invalid content for datatype '" + ID + "': null.");
@Override
public TestXACMLPolicyAttributeValue getInstance(final List<Serializable> content, final Map<QName, String> otherXmlAttributes, final XPathCompiler xPathCompiler)
throws IllegalArgumentException
{
if (content == null || content.isEmpty())
{
throw UNDEFINED_CONTENT_ARG_EXCEPTION;
}
if (otherXmlAttributes != null && !otherXmlAttributes.isEmpty())
{
......
......@@ -26,6 +26,7 @@ import static org.ow2.authzforce.xacml.identifiers.XACMLAttributeCategory.XACML_
import java.security.Principal;
import java.util.Collections;
import java.util.Optional;
import java.util.Set;
import javax.xml.namespace.QName;
......@@ -169,16 +170,16 @@ public class EmbeddedPdpBasedAuthzInterceptor extends AbstractPhaseInterceptor<M
final PdpDecisionRequestBuilder<ImmutablePdpDecisionRequest> requestBuilder = pdp.newRequestBuilder(3, 7);
// Subject ID
final AttributeGUID subjectIdAttributeId = new AttributeGUID(XACML_1_0_ACCESS_SUBJECT.value(), issuer, XACMLAttributeId.XACML_1_0_SUBJECT_ID.value());
final AttributeGUID subjectIdAttributeId = new AttributeGUID(XACML_1_0_ACCESS_SUBJECT.value(), Optional.ofNullable(issuer), XACMLAttributeId.XACML_1_0_SUBJECT_ID.value());
final Bag<?> subjectIdAttributeValues = Bags.singleton(STRING_FACTORY.getDatatype(), new StringValue(principal.getName()));
requestBuilder.putNamedAttributeIfAbsent(subjectIdAttributeId, subjectIdAttributeValues);
// Subject role(s)
final AttributeGUID subjectRoleAttributeId = new AttributeGUID(XACML_1_0_ACCESS_SUBJECT.value(), issuer, XACMLAttributeId.XACML_2_0_SUBJECT_ROLE.value());
final AttributeGUID subjectRoleAttributeId = new AttributeGUID(XACML_1_0_ACCESS_SUBJECT.value(), Optional.ofNullable(issuer), XACMLAttributeId.XACML_2_0_SUBJECT_ROLE.value());
requestBuilder.putNamedAttributeIfAbsent(subjectRoleAttributeId, stringsToAnyURIBag(roles));
// Resource ID
final AttributeGUID resourceIdAttributeId = new AttributeGUID(XACML_3_0_RESOURCE.value(), null, XACMLAttributeId.XACML_1_0_RESOURCE_ID.value());
final AttributeGUID resourceIdAttributeId = new AttributeGUID(XACML_3_0_RESOURCE.value(), Optional.empty(), XACMLAttributeId.XACML_1_0_RESOURCE_ID.value());
final Bag<?> resourceIdAttributeValues = Bags.singleton(STRING_FACTORY.getDatatype(), new StringValue(getResourceId(messageParser)));
requestBuilder.putNamedAttributeIfAbsent(resourceIdAttributeId, resourceIdAttributeValues);
......@@ -189,27 +190,27 @@ public class EmbeddedPdpBasedAuthzInterceptor extends AbstractPhaseInterceptor<M
final QName wsdlService = messageParser.getWSDLService();
if (wsdlService != null)
{
final AttributeGUID resourceServiceIdAttributeId = new AttributeGUID(XACML_3_0_RESOURCE.value(), null, XACMLConstants.RESOURCE_WSDL_SERVICE_ID);
final AttributeGUID resourceServiceIdAttributeId = new AttributeGUID(XACML_3_0_RESOURCE.value(), Optional.empty(), XACMLConstants.RESOURCE_WSDL_SERVICE_ID);
final Bag<?> resourceServiceIdAttributeValues = Bags.singleton(STRING_FACTORY.getDatatype(), new StringValue(wsdlService.toString()));
requestBuilder.putNamedAttributeIfAbsent(resourceServiceIdAttributeId, resourceServiceIdAttributeValues);
}