1. 28 Feb, 2017 1 commit
  2. 26 Feb, 2017 1 commit
    • cdanger's avatar
      - Update to new PDP API using java.util.Optional when relevant: · e7289923
      cdanger authored
      	- Change of type in AttributeGUID constructor's issuer parameter from
      String to Optional <String>
      	- Change of type in StatusHelper constructor's message and detail
      parameters, from String to Optional<String>
      	- Change of type returned by Datatype#getTypeParameter(): Datatype<?>
      -> Optional<Datatype<?>>
      e7289923
  3. 07 Feb, 2017 1 commit
  4. 15 Jan, 2017 1 commit
    • cdanger's avatar
      ### Changed · d19f6bda
      cdanger authored
      - Parent project version: 4.0.0 -> 4.1.1  
      - authzforce-ce-core-pdp-api: 8.0.0 -> 8.2.0
      
      ### Fixed
      - Security issues reported by Find Security Bugs plugin
      d19f6bda
  5. 08 Aug, 2016 1 commit
  6. 04 Dec, 2015 1 commit
    • cdanger's avatar
      - Added support of OASIS XACML Committee's 2.0 version of conformance · 438ce239
      cdanger authored
      tests upgraded to conform to the XACML 3.0 standard. Most of them have
      been submitted to the OASIS XACML Committee in April 2014 by AT&T.
      The original files are available on the xacml-comment mailing list: 
      https://lists.oasis-open.org/archives/xacml-comment/201404/msg00001.html
      and on AT&T's Github repository (MIT License): 
      https://github.com/att/XACML/wiki/XACML-TEST-Project-Information
      except IIA010, IIA012, IIA024, IID029, IID030 and III.C (test 1 is the
      only one support in this latter category)
      - Added feature with unit test: Policy Reference depth control and
      circular reference detection
      - Added feature with unit test: Variable Reference depth control and
      circular reference detection
      - Added option to enable/disable XPath support (xpathExpression
      datatype, AttributeSelector and xpath functions)
      - Added support of xpathExpressions in Request with support of
      namespace-prefix mappings extracted from XML document
      (...xmlns:prefix="uri"...) where the xpathExpression is defined, i.e.
      XACML Request or Policy(Set), in native policy finders
      - Added support of xpath-node-count function (optional XACML feature)
      - Added support of optional XACML features: RequestDefaults/XPathVersion
      for evaluation of xpathExpressions in Request, and ReturnPolicyIdList to
      return identifiers of policies found applicable for the Request
      - New modes of request parsing/filtering for enforce best practices and
      tweak performances of Request processing:
      1) strictAttributeIssuerMatch: parsing so that AttributeDesignator
      without Issuer only match request Attributes without Issuer (better
      performance if all Attributes have an Issuer which is recommended, but
      not fully XACML (§5.29) compliant)
      2) allowAttributeDuplicates: allow defining multi-valued attributes by
      repeating the same XACML Attribute (same AttributeId) within a XACML
      Attributes element (same Category). Indeed, not allowing this is not
      fully compliant with the XACML spec according to a discussion on the
      xacml-dev mailing list (see {@linkplain
      "https://lists.oasis-open.org/archives/xacml-dev/201507/msg00001.html"}),
      referring to the XACML 3.0  core spec, §7.3.3, that indicates that
      multiple occurrences of the same &lt;Attribute&gt; with same meta-data
      but different values should be considered equivalent to a single
      &lt;Attribute&gt; element with same meta-data and merged values
      (multi-valued Attribute). Moreover, the XACML 3.0 conformance test
      'IIIA024' expects this behavior: the multiple subject-id Attributes are
      expected to result in a multi-value bag during evaluation of the
      &lt;AttributeDesignator&gt;. Setting this parameter to {@code false} is
      not fully compliant, but provides better performance, especially if you
      know the Requests to be well-formed, i.e. all AttributeValues of a given
      Attribute are grouped together in the same &lt;Attribute&gt; element.
      Combined with strictAttributeIssuerMatch == true, this is the most
      efficient alternative (although not fully compliant).
      - Fixed non-compliance of Request Content parsing for XPath eval (use
      the single child element of Content node as XML input doc to XPath eval,
      NOT the Content node itself) -> removed useless need of JAXBContext and
      creating JAXBSource for parsing into XDMnode -> perf improved
      - Fixed AttributeSelector evaluation for XPath to XML attribute value
      (return the attribute value as a string instead of an Attribute
      node/entry "attributeName=attributeValue"
      - Fixed VariableReferenceDepth control (reference chain was not updated
      properly)
      - Fixed PolicySetIdReference Depth control (reference chain was not
      updated properly)
      - Use of new immutable version of xacml-model where all XACML/JAXB
      objects are immutable -> significant changes in way to create these
      objects during evaluation, esp. Obligations and Advices
      - Fix ordering of obligations/advices when merging a given Policy(Set)'s
      obligations/advices with the child elements' (Policy/Rule) ones
      - Fixed static pre-eval on <Apply> with xpathExpression (should not
      pre-eval statically, i.e. out of context, since xpathExpression value
      depends on context
      - Replaced RELEASE-NOTES.md with CHANGELOG.md to adopt conventions from
      keepachangelog.com
      - Improved unit tests: ability to plug the TestAttributeProviderModule
      configured with a file XXXAttributeProvider.xml to the PDP for specific
      tests, also to plug referenced Policies for the RefPolicyFinder of the
      PDP with 'refPolicies' directory containing Policy(Set)files; and
      ability to test for Policy or Request syntax error checking only (no
      Request evaluation by PDP)
      - Improved test class TestUtils to create a PDP instance with XPath
      support disabled/enabled and specific request filter ID on the PDP
      - Improved TestAttributeProviderModule supports any static configuration
      of Attributes (with contant values); same format as in XACML Requests
      - Removed license header of Apache2 (replaced with GPL)
      - Removed NOTICE.txt obsolete ("Apache AuthZForce" does not exist)
      - Conformance tests split in 'mandatory' and 'optional' folder to
      distinguish XACML mandatory feature from optional feature testing
      - Change logback dependency scope from 'compile' to 'test' as we need it
      only for tests, not for compiling -> simplifies dependencies
      - Replaced dependency spring-xml (obsolete) with spring-core because we
      only use org.springframework.util.* -> simplifies dependencies 
      - Fix header plugin that was missing path to header license, and
      'format' goals
      - Refactor - extracted PDP interface and moved default implementation to
      PDPImpl class, to hide internals from potential PDP API client and
      improve genericity
      - Refactor - extracted RequestFilter interface from abstract class and
      moved abstract class code to BaseRequestFilter class to hide internals
      from potential RequestFilter API client and improve genericity; and to
      merge common code between DefaultRequestFilter and
      MultiDecisionRequestFilter
      - Refactor - extracted IndividualDecisionRequest interface from abstract
      class and moved abstract class code to MutableIndividualDecisionRequest
      and ImmutableIndividualDecisionRequest classes, to hide internals from
      potential RequestFilter API client and improve genericity
      - Made BasePdpExtensionRegistry mutable to allow adding extensions after
      creating instance from an exiting one
      - DecisionResult renamed to more explicit name PolicyDecisionResult
      - Moved old README content to another project (rest-service) since does
      not apply anymore, and replaced with proper content.
      438ce239
  7. 18 Nov, 2015 1 commit
    • Cyril Dangerville's avatar
      - Replaced Finder with Provider (more generic) in terms · ce305116
      Cyril Dangerville authored
      AttributeFinder, PolicyFinder, etc. and also in schema files
      - Restructured and improved/fixed unit tests
      - Added unit tests for circular and undefined
      PolicyIdReference/PolicySetIdReference/VariableReference
      - Added HTML description for conformance tests
      - Removed TestMatchAlg, replaced with official conformance test on
      Target matching -> group II.B.
      ce305116
  8. 13 Nov, 2015 1 commit
  9. 05 Oct, 2015 1 commit
  10. 23 Sep, 2015 1 commit
    • Cyril Dangerville's avatar
      * Fixed unit tests, including the conformance files with systematic · bbe4cc00
      Cyril Dangerville authored
      XACML schema validation, as some of them were not XACML 3.0 compliant.
      * New class DatatypeConstants to centralized all standard datatype
      constants
      * Generalized the notion of Expression value and datatype to bags
      (formerly restricted to primitive datatypes) - new class BagDatatype
      * Addded Bags utils class equivalent to Collections class to create
      empty bag, singleton bag, etc.
      * Removed xmlbeans dependency (replaced by use of Saxon for same
      features)
      * Improved logs in Rule evaluation
      * Improved hashCode/equals/toString methods in most classes
      * Fixed variable management: remove Policy-locally-defined variables
      from context when done evaluating the policy
      * Better management of Policy versions, in particular for
      PolicyIdReference resolution
      * Modified BooleanAttributeValue to avoid creating new instances of it
      during evaluation
      bbe4cc00
  11. 13 Mar, 2015 1 commit
  12. 28 Jan, 2015 1 commit
  13. 30 Dec, 2014 2 commits
    • Cyril Dangerville's avatar
      Revert "- Removed NOTICE.txt coming from Sun - Removed RELEASE-NOTES.txt... · 35b2a1e3
      Cyril Dangerville authored
      Revert "- Removed NOTICE.txt coming from Sun - Removed RELEASE-NOTES.txt because does not correspond to this fiware branch - Removed THIRD-PARTY.properties because not valid - Removed enteprise features (audit with aspectj deps) - Removed log4j conf (switching to logback) - Fixed tests (fixed Apply encode method bug, and commented tests for not yet supported string functions) - Removed XACML 2.0 conformance tests to keep only XACML 3.0"
      
      This reverts commit 9b94a30a.
      35b2a1e3
    • Cyril Dangerville's avatar
      - Removed NOTICE.txt coming from Sun · 9b94a30a
      Cyril Dangerville authored
      - Removed RELEASE-NOTES.txt because does not correspond to this fiware
      branch
      - Removed THIRD-PARTY.properties because not valid
      - Removed enteprise features (audit with aspectj deps)
      - Removed log4j conf (switching to logback)
      - Fixed tests (fixed Apply encode method bug, and commented tests for
      not yet supported string functions)
      - Removed XACML 2.0 conformance tests to keep only XACML 3.0
      9b94a30a
  14. 17 Dec, 2013 1 commit
    • Romain Ferrari's avatar
      Adding unitary tests for StringFunctions: · 9fb43fad
      Romain Ferrari authored
      urn:oasis:names:tc:xacml:2.0:function:string-concatenate and
      urn:oasis:names:tc:xacml:3.0:function:boolean-from-string
      and adding them into the MainTest test suite
      enhancing log for unitary tests of Match, AnyOf and AllOf elements
      9fb43fad
  15. 16 Oct, 2013 1 commit