- Fixed invalid schemaLocation in test samples of XACML

policies/resquests/responses (still pointing to XACML 2.0 XSD)
- Added test extensions for result filter (for CombinedDecision from
XACML Multiple Decision Profile, in TestCombinedDecisionResultFilter),
simple datatype (dnsName-value from XACML DLP/BAC profile, in
TestDNSNameValueEqualFunction class), complex datatype (XACML Policy, in
class TestXACMLPolicyAttributeValue), function (dnsName-value-equal from
XACML DLP/NAC profile, in TestDNSNameValueEqualFunction class),
combining algorithm from XACML Additional Combining Algorithms Profile
(in class TestOnPermitApplySecondCombiningAlg)
- Fixed NullPointerException occuring when specifying unsupported
combining algorithm in PDP configuration
- New method in PdpExtensionLoader to get list of extensions of a given
type
- Fixed bug in PdpExtensionLoader considering input extension type
invalid if no extension found of this type (although type is correct)
- Renamed DNSNameValue to DNSNameWithPortRangeValue class to distinguish
dnsName datatype from new dnsname-value type in XACML DLP/NAC profile
with accepts just a port number (not a range)
- Removed support for dnsName-equal and ipAddress-equal functions which
do not exist in XACML spec actually (the regexp-match equivalent is to
be used instead)

pom.xml

@@ -6,7 +6,7 @@
 		<version>3.3.7</version>
 	</parent>
 	<artifactId>authzforce-ce-core</artifactId>
-	<version>3.8.4-SNAPSHOT</version>
+	<version>3.9.0-SNAPSHOT</version>
 	<name>${project.groupId}:${project.artifactId}</name>
 	<description>AuthZForce Community Edition - XACML-compliant Core Engine</description>
 	<url>https://tuleap.ow2.org/projects/authzforce</url>
@@ -56,7 +56,7 @@
 			<groupId>${project.groupId}</groupId>
 			<artifactId>${artifactId.prefix}-core-pdp-api</artifactId>
 			<!-- Major/minor version should match this artifact major/minor version to respect Semantic Versioning -->
-			<version>3.7.0</version>
+			<version>3.7.1-SNAPSHOT</version>
 		</dependency>
 		<!-- /Authzforce dependencies -->
 

src/main/java/org/ow2/authzforce/core/pdp/impl/BaseDecisionResult.java

@@ -76,21 +76,7 @@ public final class BaseDecisionResult implements DecisionResult
 	// initialized non-null
 	private final List<JAXBElement<IdReferenceType>> applicablePolicyIdList;
 
-	/**
-	 * Instantiates a generic Decision result
-	 *
-	 * @param decision
-	 *            decision
-	 * @param extendedIndeterminate
-	 *            Extended Indeterminate value, null if {@code decision !=  DecisionType.INDETERMINATE}
-	 * @param status
-	 *            status
-	 * @param pepActions
-	 *            PEP actions (obligations/advices)
-	 * @param policyIdentifierList
-	 *            list of matched policy identifiers
-	 */
-	public BaseDecisionResult(DecisionType decision, DecisionType extendedIndeterminate, Status status, PepActions pepActions, List<JAXBElement<IdReferenceType>> policyIdentifierList)
+	private BaseDecisionResult(DecisionType decision, DecisionType extendedIndeterminate, Status status, PepActions pepActions, List<JAXBElement<IdReferenceType>> policyIdentifierList)
 	{
 		if (decision == null)
 		{
@@ -105,6 +91,27 @@ public final class BaseDecisionResult implements DecisionResult
 
 	}
 
+	/**
+	 * Instantiates a generic Decision result
+	 *
+	 * @param extendedIndeterminate
+	 *            Extended Indeterminate value (XACML 3.0 Core, section 7.10). We use the following convention:
+	 *            <ul>
+	 *            <li>{@link DecisionType#DENY} means "Indeterminate{D}"</li>
+	 *            <li>{@link DecisionType#PERMIT} means "Indeterminate{P}"</li>
+	 *            <li>{@link DecisionType#INDETERMINATE} means "Indeterminate{DP}"</li>
+	 *            <li>{@link DecisionType#NOT_APPLICABLE} is the default value and means the decision is not Indeterminate, and therefore any extended Indeterminate value should be ignored</li>
+	 *            </ul>
+	 * @param status
+	 *            status
+	 * @param policyIdentifierList
+	 *            list of matched policy identifiers
+	 */
+	public BaseDecisionResult(Status status, DecisionType extendedIndeterminate, List<JAXBElement<IdReferenceType>> policyIdentifierList)
+	{
+		this(DecisionType.INDETERMINATE, extendedIndeterminate, status, null, policyIdentifierList);
+	}
+
 	/**
 	 * Instantiates a Indeterminate Decision result with a given error status
 	 *
@@ -148,6 +155,21 @@ public final class BaseDecisionResult implements DecisionResult
 		this(decision, DecisionType.NOT_APPLICABLE, null, pepActions, null);
 	}
 
+	/**
+	 * Instantiates a decision result reusing the decision, extended Indeterminate and status from a given result
+	 * 
+	 * @param algResult
+	 *            decision result giving the decision, extended Indeterminate result and status to the new instance
+	 * @param pepActions
+	 *            PEP actions (obligations/advices) to be added to the result
+	 * @param applicablePolicyIdList
+	 *            list of matched policy identifiers to be added to the result
+	 */
+	public BaseDecisionResult(DecisionResult algResult, PepActions pepActions, List<JAXBElement<IdReferenceType>> applicablePolicyIdList)
+	{
+		this(algResult.getDecision(), algResult.getExtendedIndeterminate(), algResult.getStatus(), pepActions, applicablePolicyIdList);
+	}
+
 	private transient volatile int hashCode = 0;
 
 	/** {@inheritDoc} */

src/main/java/org/ow2/authzforce/core/pdp/impl/PdpConfigurationParser.java

@@ -84,28 +84,34 @@ public class PdpConfigurationParser
 	 * @param confLocation
 	 *            location of PDP configuration XML file, compliant with the PDP XML schema (pdp.xsd)
 	 * @param extensionXsdLocation
-	 *            location of user-defined extension XSD (may be null if no extension to load), if exists; in such XSD, there must be a XSD import for each extension, where the 'schemaLocation'
-	 *            attribute value must be ${fully_qualidifed_jaxb_class_bound_to_extension_XML_type}. xsd, for example:
+	 *            location of user-defined extension XSD (may be null if no extension to load), if exists; in such XSD, there must be a XSD namespace import for each extension used in the PDP
+	 *            configuration, for example:
 	 *
 	 *            <pre>
 	 * {@literal
 	 * 		  <?xml version="1.0" encoding="UTF-8"?>
-	 * 		  <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
-	 *            targetNamespace="http://thalesgroup.com/authzforce/model/3.0"
-	 *            xmlns:tns="http://thalesgroup.com/authzforce/model/3.0"
-	 *            elementFormDefault="qualified" attributeFormDefault="unqualified">
-	 * 
-	 *            <xs:import
-	 *            namespace="http://thalesgroup.com/authzforce/model/3.0/Provider/attribute/rest"
-	 *            schemaLocation=
-	 *            "com.thalesgroup.authzforce.model._3_0.Provider.attribute.rest.RESTfulAttributeProvider.xsd"
-	 *            />
-	 * 
-	 *            </xs:schema>
+	 * <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
+	 * 	<xs:annotation>
+	 * 		<xs:documentation xml:lang="en">
+	 * 			Import here the schema(s) of any XSD-defined PDP extension that you want to use in a PDP configuration: attribute finders, policy finders, etc.
+	 * 			Indicate only the namespace here and use the XML catalog to resolve the schema location.
+	 * 		</xs:documentation>
+	 * 	</xs:annotation>
+	 * 	<!-- Do not specify schema locations here. Define the schema locations in the XML catalog instead (see file 'catalog.xml'). -->
+	 * 	<!--  Adding TestAttributeProvider extension for example -->
+	 * 	<xs:import namespace="http://authzforce.github.io/core/xmlns/test/3" />
+	 * </xs:schema>
 	 * 			}
 	 * </pre>
 	 *
-	 *            In this example, 'com.thalesgroup.authzforce.model._3_0.Provider.attribute.rest .RESTfulAttributeFinde r ' is the JAXB-annotated class bound to XML type 'RESTfulAttributeProvider'.
+	 *            In this example, the file at {@code catalogLocation} must define the schemaLocation for the imported namespace above using a line like this (for an XML-formatted catalog):
+	 * 
+	 *            <pre>
+	 *            {@literal
+	 *            <uri name="http://authzforce.github.io/core/xmlns/test/3" uri="classpath:org.ow2.authzforce.core.test.xsd" />
+	 *            }
+	 * </pre>
+	 * 
 	 *            We assume that this XML type is an extension of one the PDP extension base types, 'AbstractAttributeProvider' (that extends 'AbstractPdpExtension' like all other extension base
 	 *            types) in this case.
 	 * @param catalogLocation
@@ -130,28 +136,34 @@ public class PdpConfigurationParser
 	 * @param confFile
 	 *            PDP configuration XML file, compliant with the PDP XML schema (pdp.xsd)
 	 * @param extensionXsdLocation
-	 *            location of user-defined extension XSD (may be null if no extension to load), if exists; in such XSD, there must be a XSD import for each extension, where the 'schemaLocation'
-	 *            attribute value must be ${fully_qualidifed_jaxb_class_bound_to_extension_XML_type}. xsd, for example:
+	 *            location of user-defined extension XSD (may be null if no extension to load), if exists; in such XSD, there must be a XSD namespace import for each extension used in the PDP
+	 *            configuration, for example:
 	 *
 	 *            <pre>
 	 * {@literal
 	 * 		  <?xml version="1.0" encoding="UTF-8"?>
-	 * 		  <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
-	 *            targetNamespace="http://thalesgroup.com/authzforce/model/3.0"
-	 *            xmlns:tns="http://thalesgroup.com/authzforce/model/3.0"
-	 *            elementFormDefault="qualified" attributeFormDefault="unqualified">
-	 * 
-	 *            <xs:import
-	 *            namespace="http://thalesgroup.com/authzforce/model/3.0/Provider/attribute/rest"
-	 *            schemaLocation=
-	 *            "com.thalesgroup.authzforce.model._3_0.Provider.attribute.rest.RESTfulAttributeProvider.xsd"
-	 *            />
-	 * 
-	 *            </xs:schema>
+	 * <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
+	 * 	<xs:annotation>
+	 * 		<xs:documentation xml:lang="en">
+	 * 			Import here the schema(s) of any XSD-defined PDP extension that you want to use in a PDP configuration: attribute finders, policy finders, etc.
+	 * 			Indicate only the namespace here and use the XML catalog to resolve the schema location.
+	 * 		</xs:documentation>
+	 * 	</xs:annotation>
+	 * 	<!-- Do not specify schema locations here. Define the schema locations in the XML catalog instead (see file 'catalog.xml'). -->
+	 * 	<!--  Adding TestAttributeProvider extension for example -->
+	 * 	<xs:import namespace="http://authzforce.github.io/core/xmlns/test/3" />
+	 * </xs:schema>
 	 * 			}
 	 * </pre>
 	 *
-	 *            In this example, 'com.thalesgroup.authzforce.model._3_0.Provider.attribute.rest .RESTfulAttributeFinde r ' is the JAXB-annotated class bound to XML type 'RESTfulAttributeProvider'.
+	 *            In this example, the file at {@code catalogLocation} must define the schemaLocation for the imported namespace above using a line like this (for an XML-formatted catalog):
+	 * 
+	 *            <pre>
+	 *            {@literal
+	 *            <uri name="http://authzforce.github.io/core/xmlns/test/3" uri="classpath:org.ow2.authzforce.core.test.xsd" />
+	 *            }
+	 * </pre>
+	 * 
 	 *            We assume that this XML type is an extension of one the PDP extension base types, 'AbstractAttributeProvider' (that extends 'AbstractPdpExtension' like all other extension base
 	 *            types) in this case.
 	 * @param catalogLocation
@@ -309,7 +321,15 @@ public class PdpConfigurationParser
 		final CombiningAlgRegistry combiningAlgRegistry = new BaseCombiningAlgRegistry(pdpJaxbConf.isUseStandardCombiningAlgorithms() ? StandardCombiningAlgRegistry.INSTANCE : null);
 		for (final String algId : pdpJaxbConf.getCombiningAlgorithms())
 		{
-			final CombiningAlg<?> alg = PdpExtensionLoader.getExtension(CombiningAlg.class, algId);
+			final CombiningAlg<?> alg;
+			try
+			{
+				alg = PdpExtensionLoader.getExtension(CombiningAlg.class, algId);
+			} catch (IllegalArgumentException e)
+			{