Commit fab9c0ff authored by cdanger's avatar cdanger

- Changed parent version to 6.0.0

- Module authzforce-ce-core-pdp-engine:
	- Changed dependency authzforce-ce-core-pdp-api version to 10.0.0
	- New ApplyExpressions utility class (creates ApplyExpression,
interface moved to pdp-api)
	- New AttributeSelectorExpressions utility class (creates
AttributeSelectorExpression, interface moved to pdp-api)
	- Renamed ExpressionFactoryImpl to DepthLimitingExpressionFactory
	- AttributeDesignatorExpression moved to pdp-api
	- New impl of AttributeDesignatorExpression (backed by
AttributeProvider):
GenericAttributeProviderBasedAttributeDesignatorExpression
- Module authzforce-ce-core-pdp-testutils:
  - Added new test RefPolicyProvider implementation using MongoDB as
source database of policies and Jongo library and mongo-java-driver
library for DB client: MongoDBRefPolicyProviderModule class (modified
testutil.ext.xsd and META-INF/services PdpExtension file) with
PolicyPOJO class for mapping policy document from/to database to/from
Java with Jongo, and JUnit test classes
parent 7752d7a8
......@@ -6,3 +6,4 @@
/.pmd
/.pmdruleset.xml
/.project
/.checkstyle
......@@ -42,7 +42,7 @@
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-core-pdp-api</artifactId>
<version>9.1.1-SNAPSHOT</version>
<version>10.0.0</version>
</dependency>
<!-- /Authzforce dependencies -->
......
......@@ -76,8 +76,8 @@ public final class AttributeAssignmentExpressionEvaluator
final XPathCompiler xPathCompiler, final ExpressionFactory expFactory) throws IllegalArgumentException
{
/*
* Cannot used AttributeGUID class to handle metadata because AttributeAssignment Category is not required like
* in AttributeDesignator which is what the AttributeGUID is used for
* Cannot used AttributeFQN class to handle metadata because AttributeAssignment Category is not required like
* in AttributeDesignator which is what the AttributeFQN is used for
*/
this.attributeId = Preconditions.checkNotNull(jaxbAttrAssignExp.getAttributeId(),
"Undefined AttributeAssignment/AttributeId");
......
......@@ -26,7 +26,8 @@ import java.util.Set;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
import org.ow2.authzforce.core.pdp.api.AttributeGUID;
import org.ow2.authzforce.core.pdp.api.AttributeFQN;
import org.ow2.authzforce.core.pdp.api.AttributeFQNs;
import org.ow2.authzforce.core.pdp.api.AttributeProvider;
import org.ow2.authzforce.core.pdp.api.AttributeProviderModule;
import org.ow2.authzforce.core.pdp.api.CloseableAttributeProviderModule;
......@@ -113,7 +114,7 @@ public final class CloseableAttributeProvider extends ModularAttributeProvider i
// not-null
private final Set<ModuleAdapter> moduleClosers;
private CloseableAttributeProvider(final Map<AttributeGUID, AttributeProviderModule> modulesByAttributeId, final Set<ModuleAdapter> moduleClosers, final boolean strictAttributeIssuerMatch)
private CloseableAttributeProvider(final Map<AttributeFQN, AttributeProviderModule> modulesByAttributeId, final Set<ModuleAdapter> moduleClosers, final boolean strictAttributeIssuerMatch)
{
super(modulesByAttributeId, null, strictAttributeIssuerMatch);
assert moduleClosers != null;
......@@ -121,7 +122,7 @@ public final class CloseableAttributeProvider extends ModularAttributeProvider i
}
private static final CloseableAttributeProvider EVALUATION_CONTEXT_ONLY_SCOPED_CLOSEABLE_ATTRIBUTE_PROVIDER = new CloseableAttributeProvider(
Collections.<AttributeGUID, AttributeProviderModule> emptyMap(), Collections.<ModuleAdapter> emptySet(), true);
Collections.<AttributeFQN, AttributeProviderModule> emptyMap(), Collections.<ModuleAdapter> emptySet(), true);
/**
* Instantiates attribute Provider that tries to find attribute values in evaluation context, then, if not there, query the {@code module} providing the requested attribute ID, if any.
......@@ -153,7 +154,7 @@ public final class CloseableAttributeProvider extends ModularAttributeProvider i
return EVALUATION_CONTEXT_ONLY_SCOPED_CLOSEABLE_ATTRIBUTE_PROVIDER;
}
final Map<AttributeGUID, AttributeProviderModule> modulesByAttributeId = HashCollections.newUpdatableMap();
final Map<AttributeFQN, AttributeProviderModule> modulesByAttributeId = HashCollections.newUpdatableMap();
final int moduleCount = jaxbAttributeProviderConfs.size();
final Set<ModuleAdapter> mutableModuleCloserSet = HashCollections.newUpdatableSet(moduleCount);
for (final AbstractAttributeProvider jaxbAttributeProviderConf : jaxbAttributeProviderConfs)
......@@ -176,8 +177,8 @@ public final class CloseableAttributeProvider extends ModularAttributeProvider i
}
else
{
final Map<AttributeGUID, AttributeProviderModule> immutableCopyOfAttrProviderModsByAttrId = Collections
.<AttributeGUID, AttributeProviderModule> unmodifiableMap(modulesByAttributeId);
final Map<AttributeFQN, AttributeProviderModule> immutableCopyOfAttrProviderModsByAttrId = Collections
.<AttributeFQN, AttributeProviderModule> unmodifiableMap(modulesByAttributeId);
depAttrProvider = new ModularAttributeProvider(immutableCopyOfAttrProviderModsByAttrId, requiredAttrs, strictAttributeIssuerMatch);
}
......@@ -188,7 +189,7 @@ public final class CloseableAttributeProvider extends ModularAttributeProvider i
for (final AttributeDesignatorType attrDesignator : moduleAdapter.getProvidedAttributes())
{
final AttributeGUID attrGUID = new AttributeGUID(attrDesignator);
final AttributeFQN attrGUID = AttributeFQNs.newInstance(attrDesignator);
final AttributeProviderModule duplicate = modulesByAttributeId.putIfAbsent(attrGUID, moduleAdapter.getAdaptedModule());
if (duplicate != null)
{
......
......@@ -28,17 +28,18 @@ import net.sf.saxon.s9api.XPathCompiler;
import net.sf.saxon.s9api.XdmNode;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Attributes;
import org.ow2.authzforce.core.pdp.api.AttributeGUID;
import org.ow2.authzforce.core.pdp.api.AttributeFQN;
import org.ow2.authzforce.core.pdp.api.BaseRequestFilter;
import org.ow2.authzforce.core.pdp.api.HashCollections;
import org.ow2.authzforce.core.pdp.api.ImmutablePdpDecisionRequest;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.IndividualXACMLRequest;
import org.ow2.authzforce.core.pdp.api.JaxbXACMLUtils.JaxbXACMLAttributesParser;
import org.ow2.authzforce.core.pdp.api.PdpDecisionRequestFactory;
import org.ow2.authzforce.core.pdp.api.RequestFilter;
import org.ow2.authzforce.core.pdp.api.SingleCategoryAttributes;
import org.ow2.authzforce.core.pdp.api.StatusHelper;
import org.ow2.authzforce.core.pdp.api.value.Bag;
import org.ow2.authzforce.core.pdp.api.value.AttributeBag;
import org.ow2.authzforce.core.pdp.api.value.DatatypeFactoryRegistry;
import com.google.common.collect.ImmutableList;
......@@ -50,6 +51,17 @@ import com.google.common.collect.ImmutableList;
*/
public final class DefaultRequestFilter extends BaseRequestFilter
{
private static final PdpDecisionRequestFactory<ImmutablePdpDecisionRequest> DEFAULT_REQUEST_FACTORY = new PdpDecisionRequestFactory<ImmutablePdpDecisionRequest>()
{
@Override
public ImmutablePdpDecisionRequest getInstance(final Map<AttributeFQN, AttributeBag<?>> namedAttributes, final Map<String, XdmNode> extraContentsByCategory,
final boolean returnApplicablePolicies)
{
return ImmutablePdpDecisionRequest.getInstance(namedAttributes, extraContentsByCategory, returnApplicablePolicies);
}
};
/**
*
* Factory for this type of request filter that allows duplicate &lt;Attribute&gt; with same meta-data in the same &lt;Attributes&gt; element of a Request (complying with XACML 3.0 core spec,
......@@ -73,7 +85,7 @@ public final class DefaultRequestFilter extends BaseRequestFilter
public RequestFilter getInstance(final DatatypeFactoryRegistry datatypeFactoryRegistry, final boolean strictAttributeIssuerMatch, final boolean requireContentForXPath,
final Processor xmlProcessor)
{
return new DefaultRequestFilter(datatypeFactoryRegistry, strictAttributeIssuerMatch, true, requireContentForXPath, xmlProcessor);
return new DefaultRequestFilter(datatypeFactoryRegistry, DEFAULT_REQUEST_FACTORY, strictAttributeIssuerMatch, true, requireContentForXPath, xmlProcessor);
}
/**
......@@ -103,14 +115,34 @@ public final class DefaultRequestFilter extends BaseRequestFilter
public RequestFilter getInstance(final DatatypeFactoryRegistry datatypeFactoryRegistry, final boolean strictAttributeIssuerMatch, final boolean requireContentForXPath,
final Processor xmlProcessor)
{
return new DefaultRequestFilter(datatypeFactoryRegistry, strictAttributeIssuerMatch, false, requireContentForXPath, xmlProcessor);
return new DefaultRequestFilter(datatypeFactoryRegistry, DEFAULT_REQUEST_FACTORY, strictAttributeIssuerMatch, false, requireContentForXPath, xmlProcessor);
}
}
private DefaultRequestFilter(final DatatypeFactoryRegistry datatypeFactoryRegistry, final boolean strictAttributeIssuerMatch, final boolean allowAttributeDuplicates,
final boolean requireContentForXPath, final Processor xmlProcessor)
private final PdpDecisionRequestFactory<ImmutablePdpDecisionRequest> reqFactory;
/**
* Creates instance of default request filter
*
* @param datatypeFactoryRegistry
* attribute datatype registry
* @param requestFactory
* decision request factory
* @param strictAttributeIssuerMatch
* true iff strict attribute Issuer match must be enforced (in particular request attributes with empty Issuer only match corresponding AttributeDesignators with empty Issuer)
* @param allowAttributeDuplicates
* true iff duplicate Attribute (with same metadata) elements in Request (for multi-valued attributes) must be allowed
* @param requireContentForXPath
* true iff Content elements must be parsed, else ignored
* @param xmlProcessor
* XML processor for parsing Content elements iff {@code requireContentForXPath}
*/
public DefaultRequestFilter(final DatatypeFactoryRegistry datatypeFactoryRegistry, final PdpDecisionRequestFactory<ImmutablePdpDecisionRequest> requestFactory,
final boolean strictAttributeIssuerMatch, final boolean allowAttributeDuplicates, final boolean requireContentForXPath, final Processor xmlProcessor)
{
super(datatypeFactoryRegistry, strictAttributeIssuerMatch, allowAttributeDuplicates, requireContentForXPath, xmlProcessor);
assert requestFactory != null;
reqFactory = requestFactory;
}
/** {@inheritDoc} */
......@@ -118,7 +150,7 @@ public final class DefaultRequestFilter extends BaseRequestFilter
public List<? extends IndividualXACMLRequest> filter(final List<Attributes> attributesList, final JaxbXACMLAttributesParser xacmlAttrsParser, final boolean isApplicablePolicyIdListReturned,
final boolean combinedDecision, final XPathCompiler xPathCompiler, final Map<String, String> namespaceURIsByPrefix) throws IndeterminateEvaluationException
{
final Map<AttributeGUID, Bag<?>> namedAttributes = HashCollections.newUpdatableMap(attributesList.size());
final Map<AttributeFQN, AttributeBag<?>> namedAttributes = HashCollections.newUpdatableMap(attributesList.size());
final Map<String, XdmNode> extraContentsByCategory = HashCollections.newUpdatableMap(attributesList.size());
/*
* attributesToIncludeInResult.size() <= attributesList.size()
......@@ -155,7 +187,7 @@ public final class DefaultRequestFilter extends BaseRequestFilter
* "Regardless of any dynamic modifications of the request context during policy evaluation, the PDP SHALL behave as if each bag of attribute values is fully populated in the context before it is first tested, and is thereafter immutable during evaluation. (That is, every subsequent test of that attribute shall use the same bag of values that was initially tested.)"
* </i></p>
*/
for (final Entry<AttributeGUID, Bag<?>> attrEntry : categorySpecificAttributes)
for (final Entry<AttributeFQN, AttributeBag<?>> attrEntry : categorySpecificAttributes)
{
namedAttributes.put(attrEntry.getKey(), attrEntry.getValue());
}
......@@ -167,7 +199,7 @@ public final class DefaultRequestFilter extends BaseRequestFilter
}
}
return Collections.singletonList(new IndividualXACMLRequest(new ImmutablePdpDecisionRequest(namedAttributes, extraContentsByCategory, isApplicablePolicyIdListReturned), ImmutableList
return Collections.singletonList(new IndividualXACMLRequest(reqFactory.getInstance(namedAttributes, extraContentsByCategory, isApplicablePolicyIdListReturned), ImmutableList
.copyOf(attributesToIncludeInResult)));
}
}
......@@ -25,12 +25,12 @@ import java.util.Map.Entry;
import net.sf.saxon.s9api.XdmNode;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.Attributes;
import org.ow2.authzforce.core.pdp.api.AttributeGUID;
import org.ow2.authzforce.core.pdp.api.AttributeFQN;
import org.ow2.authzforce.core.pdp.api.HashCollections;
import org.ow2.authzforce.core.pdp.api.IndividualXACMLRequest;
import org.ow2.authzforce.core.pdp.api.ImmutablePdpDecisionRequest;
import org.ow2.authzforce.core.pdp.api.IndividualXACMLRequest;
import org.ow2.authzforce.core.pdp.api.SingleCategoryAttributes;
import org.ow2.authzforce.core.pdp.api.value.Bag;
import org.ow2.authzforce.core.pdp.api.value.AttributeBag;
import com.google.common.collect.ImmutableList;
......@@ -45,7 +45,7 @@ final class IndividualXACMLRequestBuilder
private static final IllegalArgumentException UNDEF_ATTRIBUTE_CATEGORY_EXCEPTION = new IllegalArgumentException("Undefined attribute category");
// initialized not null by constructors
private final Map<AttributeGUID, Bag<?>> namedAttributes;
private final Map<AttributeFQN, AttributeBag<?>> namedAttributes;
private final Map<String, XdmNode> contentNodesByCategory;
private final List<Attributes> attributesToIncludeInResult;
private final boolean isApplicablePolicyIdListReturned;
......@@ -122,7 +122,7 @@ final class IndividualXACMLRequestBuilder
* "Regardless of any dynamic modifications of the request context during policy evaluation, the PDP SHALL behave as if each bag of attribute values is fully populated in the context before it is first tested, and is thereafter immutable during evaluation. (That is, every subsequent test of that attribute shall use the same bag of values that was initially tested.)"
* </i></p>
*/
for (final Entry<AttributeGUID, Bag<?>> attrEntry : categorySpecificAttributes)
for (final Entry<AttributeFQN, AttributeBag<?>> attrEntry : categorySpecificAttributes)
{
namedAttributes.put(attrEntry.getKey(), attrEntry.getValue());
}
......@@ -137,7 +137,7 @@ final class IndividualXACMLRequestBuilder
public IndividualXACMLRequest build()
{
return new IndividualXACMLRequest(new ImmutablePdpDecisionRequest(this.namedAttributes, this.contentNodesByCategory, this.isApplicablePolicyIdListReturned),
return new IndividualXACMLRequest(ImmutablePdpDecisionRequest.getInstance(this.namedAttributes, this.contentNodesByCategory, this.isApplicablePolicyIdListReturned),
ImmutableList.copyOf(this.attributesToIncludeInResult));
}
......
......@@ -114,7 +114,7 @@ public final class MatchEvaluator
throw new IllegalArgumentException("Unsupported function '" + StandardFunction.ANY_OF.getId() + "' required for Match evaluation");
}
final Function<BooleanValue> anyOfFunc = funcExp.getValue();
final Function<BooleanValue> anyOfFunc = funcExp.getValue().get();
final List<Expression<?>> anyOfFuncInputs = Arrays.<Expression<?>> asList(matchFunction, attrValueExpr, bagExpression);
try
{
......
......@@ -183,23 +183,13 @@ public final class MultiDecisionRequestFilter extends BaseRequestFilter
* the map should guarantee that the iteration order is the same as insertion order used previously (e.g. LinkedHashMap).
*/
final Iterator<Entry<String, Queue<SingleCategoryAttributes<?>>>> multiReqAttrAlternativesByCategoryIterator = multiReqAttrAlternativesByCategory.entrySet().iterator();
while (multiReqAttrAlternativesByCategoryIterator.hasNext())
boolean isLastCategory = !multiReqAttrAlternativesByCategoryIterator.hasNext();
while (!isLastCategory)
{
final Entry<String, Queue<SingleCategoryAttributes<?>>> multiReqAttrAlternativesByCategoryEntry = multiReqAttrAlternativesByCategoryIterator.next();
final String categoryName = multiReqAttrAlternativesByCategoryEntry.getKey();
final Queue<SingleCategoryAttributes<?>> categorySpecificAlternatives = multiReqAttrAlternativesByCategoryEntry.getValue();
/*
* Get the first category (<Attributes>) alternative to be added to the individual requests existing in the individualRequests already, i.e. the "old" ones; whereas the other alternatives
* (if any) will be added to new individual request cloned from these "old" ones.
*/
final SingleCategoryAttributes<?> categorySpecificAlternative0 = categorySpecificAlternatives.poll();
if (categorySpecificAlternative0 == null)
{
// no alternative / no repeated category
continue;
}
final boolean isLastCategory = multiReqAttrAlternativesByCategoryIterator.hasNext();
isLastCategory = !multiReqAttrAlternativesByCategoryIterator.hasNext();
final ListIterator<IndividualXACMLRequestBuilder> individualRequestsIterator = individualRequestBuilders.listIterator();
while (individualRequestsIterator.hasNext())
{
......@@ -229,17 +219,6 @@ public final class MultiDecisionRequestFilter extends BaseRequestFilter
individualRequestsIterator.add(newReqBuilder);
}
}
/*
* Now we are done cloning, we can add the first category alternative to individualReqCtx
*/
oldReqBuilder.put(categoryName, categorySpecificAlternative0);
if (isLastCategory)
{
// we can finalize the request build
finalIndividualRequests.add(oldReqBuilder.build());
}
}
catch (final IllegalArgumentException e)
{
......
......@@ -314,7 +314,7 @@ public final class PdpExtensionLoader
/**
* Get Attribute Provider Module factory builder
*
* @param jaxbAttributeProviderConf
* @param jaxbDecisionCacheConf
* module configuration (instance of JAXB-annotated class derived from XML instance)
* @return Attribute Provider Module factory builder
* @throws java.lang.IllegalArgumentException
......
......@@ -21,7 +21,8 @@ import java.util.Arrays;
import java.util.Map;
import java.util.Optional;
import org.ow2.authzforce.core.pdp.api.AttributeGUID;
import org.ow2.authzforce.core.pdp.api.AttributeFQN;
import org.ow2.authzforce.core.pdp.api.AttributeFQNs;
import org.ow2.authzforce.xacml.identifiers.XACMLAttributeCategory;
import org.ow2.authzforce.xacml.identifiers.XACMLAttributeId;
......@@ -38,23 +39,23 @@ public enum StandardEnvironmentAttribute
/**
* urn:oasis:names:tc:xacml:1.0:environment:current-time
*/
CURRENT_TIME(new AttributeGUID(XACMLAttributeCategory.XACML_3_0_ENVIRONMENT.value(), Optional.empty(), XACMLAttributeId.XACML_1_0_ENVIRONMENT_CURRENT_TIME.value())),
CURRENT_TIME(AttributeFQNs.newInstance(XACMLAttributeCategory.XACML_3_0_ENVIRONMENT.value(), Optional.empty(), XACMLAttributeId.XACML_1_0_ENVIRONMENT_CURRENT_TIME.value())),
/**
* urn:oasis:names:tc:xacml:1.0:environment:current-date
*/
CURRENT_DATE(new AttributeGUID(XACMLAttributeCategory.XACML_3_0_ENVIRONMENT.value(), Optional.empty(), XACMLAttributeId.XACML_1_0_ENVIRONMENT_CURRENT_DATE.value())),
CURRENT_DATE(AttributeFQNs.newInstance(XACMLAttributeCategory.XACML_3_0_ENVIRONMENT.value(), Optional.empty(), XACMLAttributeId.XACML_1_0_ENVIRONMENT_CURRENT_DATE.value())),
/**
* urn:oasis:names:tc:xacml:1.0:environment:current-dateTime
*/
CURRENT_DATETIME(new AttributeGUID(XACMLAttributeCategory.XACML_3_0_ENVIRONMENT.value(), Optional.empty(), XACMLAttributeId.XACML_1_0_ENVIRONMENT_CURRENT_DATETIME.value()));
CURRENT_DATETIME(AttributeFQNs.newInstance(XACMLAttributeCategory.XACML_3_0_ENVIRONMENT.value(), Optional.empty(), XACMLAttributeId.XACML_1_0_ENVIRONMENT_CURRENT_DATETIME.value()));
private final AttributeGUID attributeGUID;
private final AttributeFQN attributeFQN;
private StandardEnvironmentAttribute(final AttributeGUID attributeGUID)
private StandardEnvironmentAttribute(final AttributeFQN attributeFQN)
{
this.attributeGUID = attributeGUID;
this.attributeFQN = attributeFQN;
}
/**
......@@ -62,20 +63,20 @@ public enum StandardEnvironmentAttribute
*
* @return attribute GUID (AttributeId, Issuer, Category)
*/
public AttributeGUID getGUID()
public AttributeFQN getFQN()
{
return this.attributeGUID;
return this.attributeFQN;
}
private static final Map<AttributeGUID, StandardEnvironmentAttribute> ID_TO_STD_ATTR_MAP = Maps.uniqueIndex(Arrays.asList(StandardEnvironmentAttribute.values()),
new com.google.common.base.Function<StandardEnvironmentAttribute, AttributeGUID>()
private static final Map<AttributeFQN, StandardEnvironmentAttribute> ID_TO_STD_ATTR_MAP = Maps.uniqueIndex(Arrays.asList(StandardEnvironmentAttribute.values()),
new com.google.common.base.Function<StandardEnvironmentAttribute, AttributeFQN>()
{
@Override
public AttributeGUID apply(final StandardEnvironmentAttribute input)
public AttributeFQN apply(final StandardEnvironmentAttribute input)
{
assert input != null;
return input.getGUID();
return input.getFQN();
}
});
......@@ -83,12 +84,12 @@ public enum StandardEnvironmentAttribute
/**
* Get the standard environment attribute corresponding to the given ID
*
* @param attributeGUID
* @param attributeFQN
* standard attribute ID
* @return StandardEnvironmentAttribute corresponding to given ID, or null if there is no standard environment attribute with such ID
*/
public static StandardEnvironmentAttribute getInstance(final AttributeGUID attributeGUID)
public static StandardEnvironmentAttribute getInstance(final AttributeFQN attributeFQN)
{
return ID_TO_STD_ATTR_MAP.get(attributeGUID);
return ID_TO_STD_ATTR_MAP.get(attributeFQN);
}
}
......@@ -17,16 +17,17 @@
*/
package org.ow2.authzforce.core.pdp.impl.expression;
import javax.xml.bind.JAXBElement;
import java.util.Optional;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
import org.ow2.authzforce.core.pdp.api.AttributeGUID;
import org.ow2.authzforce.core.pdp.api.AttributeFQN;
import org.ow2.authzforce.core.pdp.api.AttributeFQNs;
import org.ow2.authzforce.core.pdp.api.AttributeProvider;
import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.StatusHelper;
import org.ow2.authzforce.core.pdp.api.expression.Expression;
import org.ow2.authzforce.core.pdp.api.expression.AttributeDesignatorExpression;
import org.ow2.authzforce.core.pdp.api.value.AttributeValue;
import org.ow2.authzforce.core.pdp.api.value.Bag;
import org.ow2.authzforce.core.pdp.api.value.BagDatatype;
......@@ -34,37 +35,25 @@ import org.ow2.authzforce.core.pdp.api.value.Bags;
import org.ow2.authzforce.core.pdp.api.value.Datatype;
/**
* AttributeDesignator evaluator
*
* <p>
* WARNING: java.net.URI cannot be used here for XACML datatype/category/ID, because not equivalent to XML schema anyURI type. Spaces are allowed in XSD anyURI [1], not in java.net.URI.
* </p>
* <p>
* [1] http://www.w3.org/TR/xmlschema-2/#anyURI That's why we use String instead.
* </p>
* <p>
* See also:
* </p>
* <p>
* https://java.net/projects/jaxb/lists/users/archive/2011-07/message/16
* </p>
* AttributeDesignator evaluator initialized with and using an {@link AttributeProvider} to retrieve the attribute value not only from the request but also possibly from extra Attribute Provider
* modules (so-called XACML PIPs) (PDP extensions)
*
* @param <AV>
* AttributeDesignator evaluation result value's primitive datatype
*
* @version $Id: $
*/
public final class AttributeDesignatorExpression<AV extends AttributeValue> implements Expression<Bag<AV>>
public final class GenericAttributeProviderBasedAttributeDesignatorExpression<AV extends AttributeValue> implements AttributeDesignatorExpression<AV>
{
private static final IllegalArgumentException NULL_ATTRIBUTE_PROVIDER_EXCEPTION = new IllegalArgumentException("Undefined attribute Provider");
private static final UnsupportedOperationException UNSUPPORTED_OPERATION_EXCEPTION = new UnsupportedOperationException();
private final transient AttributeGUID attrGUID;
private final AttributeFQN attrGUID;
private final BagDatatype<AV> returnType;
private final boolean mustBePresent;
private final transient Bag.Validator mustBePresentEnforcer;
private final transient AttributeProvider attrProvider;
private final transient BagDatatype<AV> returnType;
private final transient IndeterminateEvaluationException missingAttributeForUnknownReasonException;
private final transient IndeterminateEvaluationException missingAttributeBecauseNullContextException;
private final transient Bag.Validator mustBePresentEnforcer;
// lazy initialization
private transient volatile String toString = null;
......@@ -72,10 +61,12 @@ public final class AttributeDesignatorExpression<AV extends AttributeValue> impl
/** {@inheritDoc} */
@Override
public Bag<AV> getValue()
public Optional<Bag<AV>> getValue()
{
// depends on the context
return null;
/*
* context-dependent, therefore not constant
*/
return Optional.empty();
}
/**
......@@ -90,27 +81,39 @@ public final class AttributeDesignatorExpression<AV extends AttributeValue> impl
* @throws IllegalArgumentException
* if {@code attrDesignator.getCategory() == null || attrDesignator.getAttributeId() == null}
*/
public AttributeDesignatorExpression(final AttributeDesignatorType attrDesignator, final BagDatatype<AV> resultDatatype, final AttributeProvider attrProvider)
public GenericAttributeProviderBasedAttributeDesignatorExpression(final AttributeDesignatorType attrDesignator, final BagDatatype<AV> resultDatatype, final AttributeProvider attrProvider)
{
if (attrProvider == null)
{
throw NULL_ATTRIBUTE_PROVIDER_EXCEPTION;
}
this.attrProvider = attrProvider;
this.attrGUID = new AttributeGUID(attrDesignator);
this.attrGUID = AttributeFQNs.newInstance(attrDesignator);
this.returnType = resultDatatype;
// error messages/exceptions
final String missingAttributeMessage = this + " not found in context";
final boolean mustBePresentFlag = attrDesignator.isMustBePresent();
this.mustBePresentEnforcer = mustBePresentFlag ? new Bags.NonEmptinessValidator(missingAttributeMessage) : Bags.DUMB_VALIDATOR;
this.mustBePresent = attrDesignator.isMustBePresent();
this.mustBePresentEnforcer = mustBePresent ? new Bags.NonEmptinessValidator(missingAttributeMessage) : Bags.DUMB_VALIDATOR;
this.missingAttributeForUnknownReasonException = new IndeterminateEvaluationException(missingAttributeMessage + " for unknown reason", StatusHelper.STATUS_MISSING_ATTRIBUTE);
this.missingAttributeBecauseNullContextException = new IndeterminateEvaluationException("Missing Attributes/Attribute for evaluation of AttributeDesignator '" + this.attrGUID
+ "' because request context undefined", StatusHelper.STATUS_MISSING_ATTRIBUTE);
}
@Override
public AttributeFQN getAttributeFQN()
{
return this.attrGUID;
}
@Override
public boolean isNonEmptyBagRequired()
{
return this.mustBePresent;
}
/**
* {@inheritDoc}
*
......@@ -124,7 +127,7 @@ public final class AttributeDesignatorExpression<AV extends AttributeValue> impl
throw missingAttributeBecauseNullContextException;
}
final Bag<AV> bag = attrProvider.get(attrGUID, this.returnType.getElementType(), context);
final Bag<AV> bag = attrProvider.get(attrGUID, this.returnType, context);
if (bag == null)
{
throw this.missingAttributeForUnknownReasonException;
......@@ -145,13 +148,6 @@ public final class AttributeDesignatorExpression<AV extends AttributeValue> impl
return this.returnType;
}
/** {@inheritDoc} */
@Override
public JAXBElement<AttributeDesignatorType> getJAXBElement()
{
throw UNSUPPORTED_OPERATION_EXCEPTION;
}
/*
* (non-Javadoc)
*
......@@ -182,7 +178,7 @@ public final class AttributeDesignatorExpression<AV extends AttributeValue> impl
return hashCode;
}
/** {@inheritDoc} */
/** Equal iff the Attribute Category/Issuer/Id are equal */
@Override
public boolean equals(final Object obj)
{
......@@ -191,12 +187,12 @@ public final class AttributeDesignatorExpression<AV extends AttributeValue> impl
return true;
}
if (!(obj instanceof AttributeDesignatorExpression))
if (!(obj instanceof GenericAttributeProviderBasedAttributeDesignatorExpression))
{
return false;
}
final AttributeDesignatorExpression<?> other = (AttributeDesignatorExpression<?>) obj;
final GenericAttributeProviderBasedAttributeDesignatorExpression<?> other = (GenericAttributeProviderBasedAttributeDesignatorExpression<?>) obj;
return this.attrGUID.equals(other.attrGUID);
}
......
......@@ -20,6 +20,7 @@ package org.ow2.authzforce.core.pdp.impl.func;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import org.ow2.authzforce.core.pdp.api.EvaluationContext;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
......@@ -339,12 +340,13 @@ final class LogicalNOfFunction extends MultiParameterTypedFirstOrderFunction<Boo
*/
final Iterator<? extends Expression<?>> argExpsIterator = argExpressions.iterator();
// Evaluate the first argument
final Value arg0 = argExpsIterator.next().getValue();
if (arg0 != null)
final Optional<? extends Value> arg0 = argExpsIterator.next().getValue();
if (arg0.isPresent())
{
// arg0 is constant
// We downsize the BigInteger value to int right away, because anyway inputs.size() is an
// int, so we cannot do better and don't need to.
final int nOfRequiredTrues = IntegerValue.class.cast(arg0).getUnderlyingValue().intValueExact();
final int nOfRequiredTrues = IntegerValue.class.cast(arg0.get()).getUnderlyingValue().intValueExact();
if (nOfRequiredTrues < 0)
{
throw new IllegalArgumentException(getInvalidArg0MessagePrefix(functionSignature) + nOfRequiredTrues);
......
......@@ -90,7 +90,7 @@ final class MapFunctionFactory extends GenericHigherOrderFunctionFactory
results.add(subResult);
}
return Bags.getInstance(returnBagElementType, results);
return Bags.newBag(returnBagElementType, results);
}
}
......
......@@ -22,6 +22,7 @@ import java.util.ArrayList;
import java.util.Deque;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException;
import org.ow2.authzforce.core.pdp.api.StatusHelper;
......@@ -153,8 +154,8 @@ final class NumericArithmeticFunction<AV extends NumericValue<?, AV>> extends Si
while (argExpIterator.hasNext())
{
final Expression<?> argExp = argExpIterator.next();
final Value v = argExp.getValue();
if (v == null)
final Optional<? extends Value> v = argExp.getValue();
if (!v.isPresent())
{
// variable
finalArgExpressions.add(argExp);
......@@ -164,7 +165,7 @@ final class NumericArithmeticFunction<AV extends NumericValue<?, AV>> extends Si
// constant
try
{
constants.add(paramType.cast(v));
constants.add(paramType.cast(v.get()));
}
catch (final ClassCastException e)
{
......
......@@ -97,8 +97,8 @@ final class StandardHigherOrderBagFunctions
private Call(final String functionId, final FirstOrderFunction<BooleanValue> subFunc, final Expression<? extends Bag<?>> input0, final Expression<? extends Bag<?>> input1)
{
final Optional<Datatype<?>> bagElementType0 = input0.getReturnType().getTypeParameter();
final Optional<Datatype<?>> bagElementType1 = input1.getReturnType().getTypeParameter();
final Optional<? extends Datatype<?>> bagElementType0 = input0.getReturnType().getTypeParameter();</