Commit f874dd38 authored by cdanger's avatar cdanger

- Fixed invalid schemaLocation in test samples of XACML

policies/resquests/responses (still pointing to XACML 2.0 XSD)
- Added test extensions for result filter (for CombinedDecision from
XACML Multiple Decision Profile, in TestCombinedDecisionResultFilter),
simple datatype (dnsName-value from XACML DLP/BAC profile, in
TestDNSNameValueEqualFunction class), complex datatype (XACML Policy, in
class TestXACMLPolicyAttributeValue), function (dnsName-value-equal from
XACML DLP/NAC profile, in TestDNSNameValueEqualFunction class),
combining algorithm from XACML Additional Combining Algorithms Profile
(in class TestOnPermitApplySecondCombiningAlg)
- Fixed NullPointerException occuring when specifying unsupported
combining algorithm in PDP configuration
- New method in PdpExtensionLoader to get list of extensions of a given
type
- Fixed bug in PdpExtensionLoader considering input extension type
invalid if no extension found of this type (although type is correct)
- Renamed DNSNameValue to DNSNameWithPortRangeValue class to distinguish
dnsName datatype from new dnsname-value type in XACML DLP/NAC profile
with accepts just a port number (not a range)
- Removed support for dnsName-equal and ipAddress-equal functions which
do not exist in XACML spec actually (the regexp-match equivalent is to
be used instead)
parent 6071643f

Too many changes to show.

To preserve performance only 1000 of 1000+ files are displayed.

......@@ -6,7 +6,7 @@
<version>3.3.7</version>
</parent>
<artifactId>authzforce-ce-core</artifactId>
<version>3.8.4-SNAPSHOT</version>
<version>3.9.0-SNAPSHOT</version>
<name>${project.groupId}:${project.artifactId}</name>
<description>AuthZForce Community Edition - XACML-compliant Core Engine</description>
<url>https://tuleap.ow2.org/projects/authzforce</url>
......@@ -56,7 +56,7 @@
<groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-core-pdp-api</artifactId>
<!-- Major/minor version should match this artifact major/minor version to respect Semantic Versioning -->
<version>3.7.0</version>
<version>3.7.1-SNAPSHOT</version>
</dependency>
<!-- /Authzforce dependencies -->
......
......@@ -76,21 +76,7 @@ public final class BaseDecisionResult implements DecisionResult
// initialized non-null
private final List<JAXBElement<IdReferenceType>> applicablePolicyIdList;
/**
* Instantiates a generic Decision result
*
* @param decision
* decision
* @param extendedIndeterminate
* Extended Indeterminate value, null if {@code decision != DecisionType.INDETERMINATE}
* @param status
* status
* @param pepActions
* PEP actions (obligations/advices)
* @param policyIdentifierList
* list of matched policy identifiers
*/
public BaseDecisionResult(DecisionType decision, DecisionType extendedIndeterminate, Status status, PepActions pepActions, List<JAXBElement<IdReferenceType>> policyIdentifierList)
private BaseDecisionResult(DecisionType decision, DecisionType extendedIndeterminate, Status status, PepActions pepActions, List<JAXBElement<IdReferenceType>> policyIdentifierList)
{
if (decision == null)
{
......@@ -105,6 +91,27 @@ public final class BaseDecisionResult implements DecisionResult
}
/**
* Instantiates a generic Decision result
*
* @param extendedIndeterminate
* Extended Indeterminate value (XACML 3.0 Core, section 7.10). We use the following convention:
* <ul>
* <li>{@link DecisionType#DENY} means "Indeterminate{D}"</li>
* <li>{@link DecisionType#PERMIT} means "Indeterminate{P}"</li>
* <li>{@link DecisionType#INDETERMINATE} means "Indeterminate{DP}"</li>
* <li>{@link DecisionType#NOT_APPLICABLE} is the default value and means the decision is not Indeterminate, and therefore any extended Indeterminate value should be ignored</li>
* </ul>
* @param status
* status
* @param policyIdentifierList
* list of matched policy identifiers
*/
public BaseDecisionResult(Status status, DecisionType extendedIndeterminate, List<JAXBElement<IdReferenceType>> policyIdentifierList)
{
this(DecisionType.INDETERMINATE, extendedIndeterminate, status, null, policyIdentifierList);
}
/**
* Instantiates a Indeterminate Decision result with a given error status
*
......@@ -148,6 +155,21 @@ public final class BaseDecisionResult implements DecisionResult
this(decision, DecisionType.NOT_APPLICABLE, null, pepActions, null);
}
/**
* Instantiates a decision result reusing the decision, extended Indeterminate and status from a given result
*
* @param algResult
* decision result giving the decision, extended Indeterminate result and status to the new instance
* @param pepActions
* PEP actions (obligations/advices) to be added to the result
* @param applicablePolicyIdList
* list of matched policy identifiers to be added to the result
*/
public BaseDecisionResult(DecisionResult algResult, PepActions pepActions, List<JAXBElement<IdReferenceType>> applicablePolicyIdList)
{
this(algResult.getDecision(), algResult.getExtendedIndeterminate(), algResult.getStatus(), pepActions, applicablePolicyIdList);
}
private transient volatile int hashCode = 0;
/** {@inheritDoc} */
......
......@@ -84,28 +84,34 @@ public class PdpConfigurationParser
* @param confLocation
* location of PDP configuration XML file, compliant with the PDP XML schema (pdp.xsd)
* @param extensionXsdLocation
* location of user-defined extension XSD (may be null if no extension to load), if exists; in such XSD, there must be a XSD import for each extension, where the 'schemaLocation'
* attribute value must be ${fully_qualidifed_jaxb_class_bound_to_extension_XML_type}. xsd, for example:
* location of user-defined extension XSD (may be null if no extension to load), if exists; in such XSD, there must be a XSD namespace import for each extension used in the PDP
* configuration, for example:
*
* <pre>
* {@literal
* <?xml version="1.0" encoding="UTF-8"?>
* <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
* targetNamespace="http://thalesgroup.com/authzforce/model/3.0"
* xmlns:tns="http://thalesgroup.com/authzforce/model/3.0"
* elementFormDefault="qualified" attributeFormDefault="unqualified">
*
* <xs:import
* namespace="http://thalesgroup.com/authzforce/model/3.0/Provider/attribute/rest"
* schemaLocation=
* "com.thalesgroup.authzforce.model._3_0.Provider.attribute.rest.RESTfulAttributeProvider.xsd"
* />
*
* </xs:schema>
* <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
* <xs:annotation>
* <xs:documentation xml:lang="en">
* Import here the schema(s) of any XSD-defined PDP extension that you want to use in a PDP configuration: attribute finders, policy finders, etc.
* Indicate only the namespace here and use the XML catalog to resolve the schema location.
* </xs:documentation>
* </xs:annotation>
* <!-- Do not specify schema locations here. Define the schema locations in the XML catalog instead (see file 'catalog.xml'). -->
* <!-- Adding TestAttributeProvider extension for example -->
* <xs:import namespace="http://authzforce.github.io/core/xmlns/test/3" />
* </xs:schema>
* }
* </pre>
*
* In this example, 'com.thalesgroup.authzforce.model._3_0.Provider.attribute.rest .RESTfulAttributeFinde r ' is the JAXB-annotated class bound to XML type 'RESTfulAttributeProvider'.
* In this example, the file at {@code catalogLocation} must define the schemaLocation for the imported namespace above using a line like this (for an XML-formatted catalog):
*
* <pre>
* {@literal
* <uri name="http://authzforce.github.io/core/xmlns/test/3" uri="classpath:org.ow2.authzforce.core.test.xsd" />
* }
* </pre>
*
* We assume that this XML type is an extension of one the PDP extension base types, 'AbstractAttributeProvider' (that extends 'AbstractPdpExtension' like all other extension base
* types) in this case.
* @param catalogLocation
......@@ -130,28 +136,34 @@ public class PdpConfigurationParser
* @param confFile
* PDP configuration XML file, compliant with the PDP XML schema (pdp.xsd)
* @param extensionXsdLocation
* location of user-defined extension XSD (may be null if no extension to load), if exists; in such XSD, there must be a XSD import for each extension, where the 'schemaLocation'
* attribute value must be ${fully_qualidifed_jaxb_class_bound_to_extension_XML_type}. xsd, for example:
* location of user-defined extension XSD (may be null if no extension to load), if exists; in such XSD, there must be a XSD namespace import for each extension used in the PDP
* configuration, for example:
*
* <pre>
* {@literal
* <?xml version="1.0" encoding="UTF-8"?>
* <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
* targetNamespace="http://thalesgroup.com/authzforce/model/3.0"
* xmlns:tns="http://thalesgroup.com/authzforce/model/3.0"
* elementFormDefault="qualified" attributeFormDefault="unqualified">
*
* <xs:import
* namespace="http://thalesgroup.com/authzforce/model/3.0/Provider/attribute/rest"
* schemaLocation=
* "com.thalesgroup.authzforce.model._3_0.Provider.attribute.rest.RESTfulAttributeProvider.xsd"
* />
*
* </xs:schema>
* <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
* <xs:annotation>
* <xs:documentation xml:lang="en">
* Import here the schema(s) of any XSD-defined PDP extension that you want to use in a PDP configuration: attribute finders, policy finders, etc.
* Indicate only the namespace here and use the XML catalog to resolve the schema location.
* </xs:documentation>
* </xs:annotation>
* <!-- Do not specify schema locations here. Define the schema locations in the XML catalog instead (see file 'catalog.xml'). -->
* <!-- Adding TestAttributeProvider extension for example -->
* <xs:import namespace="http://authzforce.github.io/core/xmlns/test/3" />
* </xs:schema>
* }
* </pre>
*
* In this example, 'com.thalesgroup.authzforce.model._3_0.Provider.attribute.rest .RESTfulAttributeFinde r ' is the JAXB-annotated class bound to XML type 'RESTfulAttributeProvider'.
* In this example, the file at {@code catalogLocation} must define the schemaLocation for the imported namespace above using a line like this (for an XML-formatted catalog):
*
* <pre>
* {@literal
* <uri name="http://authzforce.github.io/core/xmlns/test/3" uri="classpath:org.ow2.authzforce.core.test.xsd" />
* }
* </pre>
*
* We assume that this XML type is an extension of one the PDP extension base types, 'AbstractAttributeProvider' (that extends 'AbstractPdpExtension' like all other extension base
* types) in this case.
* @param catalogLocation
......@@ -309,7 +321,15 @@ public class PdpConfigurationParser
final CombiningAlgRegistry combiningAlgRegistry = new BaseCombiningAlgRegistry(pdpJaxbConf.isUseStandardCombiningAlgorithms() ? StandardCombiningAlgRegistry.INSTANCE : null);
for (final String algId : pdpJaxbConf.getCombiningAlgorithms())
{
final CombiningAlg<?> alg = PdpExtensionLoader.getExtension(CombiningAlg.class, algId);
final CombiningAlg<?> alg;
try
{
alg = PdpExtensionLoader.getExtension(CombiningAlg.class, algId);
} catch (IllegalArgumentException e)
{