Commit 1dce9dd0 authored by cdanger's avatar cdanger
Browse files

Merge branch 'release/5.4.1'

parents adf52561 079be1af
# Change log
All notable changes to this project are documented in this file following the [Keep a CHANGELOG](http://keepachangelog.com) conventions. We try to apply [Semantic Versioning](http://semver.org) with one particular rule: the version must be equal to or greater than the version of the _authzforce-ce-rest-api-model_ dependency (declared in _rest-service_ module's POM). Indeed, this dependency holds the resources of the REST API specification implemented by this project. Therefore, the rule helps relate a specific version of this project to the specific version of the REST API specification that is implemented/supported.
All notable changes to this project are documented in this file following the [Keep a CHANGELOG](http://keepachangelog.com) conventions. We try to apply [FIWARE Versioning](https://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/Releases_and_Sprints_numbering,_with_mapping_to_calendar_dates) with one particular rule: the version must be equal to or greater than the version of the _authzforce-ce-rest-api-model_ dependency (declared in _rest-service_ module's POM). Indeed, this dependency holds the resources of the REST API specification implemented by this project. Therefore, the rule helps relate a specific version of this project to the specific version of the REST API specification that is implemented/supported.
## 5.4.1
### Fixed
- #22 (OW2): When handling the same XACML Request twice in the same JVM with the root PolicySet using deny-unless-permit algorithm over a Policy returning simple Deny (no status/obligation/advice) and a Policy returning Permit/Deny with obligations/advice, the obligation is duplicated in the final result at the second time this situation occurs.
- XACML StatusCode XML serialization/marshalling error when Missing Attribute info that is no valid anyURI is returned by PDP in a Indeterminate Result
- Other issues reported by Codacy
### Changed
- Parent project version: authzforce-ce-parent: 3.4.0
- Dependency versions: authzforce-ce-core-pap-api: 5.3.0, authzforce-ce-pap-dao-flat-file: 6.1.0
- Interpretation of XACML Request flag ReturnPolicyId=true, considering a policy "applicable" if and only if the decision is not NotApplicable and if it is not a root policy, the same goes for the enclosing policy. See also the discussion on the xacml-comment mailing list: https://lists.oasis-open.org/archives/xacml-comment/201605/msg00004.html
- AttributeProvider module API: new environmentProperties parameter in factories, allowing module configurations to use global Environment properties like PARENT_DIR variable
- New PDP XML configuration (file 'conf/domain.tmpl/pdp.xml'): schema namespace = http://authzforce.github.io/core/xmlns/pdp/5.0 (previous namespace: http://authzforce.github.io/core/xmlns/pdp/3.6).
- Removed 'functionSet' element
- Added 'standardEnvAttributeSource' attribute (enum): sets the source for the Standard Current Time Environment Attribute values (current-date, current-time, current-dateTime): PDP_ONLY, REQUEST_ELSE_PDP, REQUEST_ONLY
- Added 'badRequestStatusDetailLevel' attribute (positive integer) sets the level of detail of the error message in StatusDetail returned in Indeterminate Results in case of bad Requests
### Added
- Upgrader tool now supporting migration from 5.1.x, 5.2.x, 5.3.x, 5.4.x to current (to help deal with PDP XML schema changes, esp. namespace)
## 5.4.0
......
# AuthZForce Server (Community Edition)
[![License badge](https://img.shields.io/badge/license-GPL-blue.svg)](https://opensource.org/licenses/GPL-3.0)
[![Documentation badge](https://readthedocs.org/projects/authzforce-ce-fiware/badge/?version=release-5.3.0a)](http://authzforce-ce-fiware.readthedocs.io/en/release-5.3.0a/?badge=release-5.3.0a)
[![Documentation badge](https://readthedocs.org/projects/authzforce-ce-fiware/badge/?version=release-5.4.1)](http://authzforce-ce-fiware.readthedocs.io/en/release-5.4.1/?badge=release-5.4.1)
[![Docker badge](https://img.shields.io/docker/pulls/fiware/authzforce-ce-server.svg)](https://hub.docker.com/r/fiware/authzforce-ce-server/)
[![Support badge]( https://img.shields.io/badge/support-ask.fiware.org-yellowgreen.svg)](https://ask.fiware.org/questions/scope:all/sort:activity-desc/tags:authzforce/)
[![Codacy Badge](https://api.codacy.com/project/badge/Grade/cdb9dd59cbf04a95bfbfbdcf770bb7d8)](https://www.codacy.com/app/coder103/authzforce-ce-server?utm_source=github.com&utm_medium=referral&utm_content=authzforce/server&utm_campaign=Badge_Grade)
......@@ -12,8 +12,6 @@ The manuals are available as downloadable HTML/PDF from the [releases page](http
*If you are interested in using an embedded XACML-compliant PDP in your Java applications, AuthZForce also provides a PDP engine as a Java library in [Authzforce core project](http://github.com/authzforce/core).*
Note for contributers:
The sources for the manuals are located in [fiware repository](http://github.com/authzforce/fiware/doc).
## Features
......@@ -59,3 +57,42 @@ The sources for the manuals are located in [fiware repository](http://github.com
### High availability and load-balancing
* Integration with file synchronization tools (e.g. [csync2](http://oss.linbit.com/csync2/)) or distributed filesystems (e.g. NFS and CIFS) to build clusters of AuthZForce Servers.
## Support
Use the *Issues* tab on the Github repository page.
Please include as much information as possible; the more we know, the better the chance of a quicker resolution:
* Software version
* Platform (OS and JDK)
* Stack traces generally really help! If in doubt include the whole thing; often exceptions get wrapped in other exceptions and the exception right near the bottom explains the actual error, not the first few lines at the top. It's very easy for us to skim-read past unnecessary parts of a stack trace.
* Log output can be useful too; sometimes enabling DEBUG logging can help;
* Your code & configuration files are often useful.
If you wish to contact the developers for other reasons, use [Authzforce contact mailing list](http://scr.im/azteam).
## Contributing
### Documentation
The sources for the manuals are located in [fiware repository](http://github.com/authzforce/fiware/doc).
### Releasing
1. From the develop branch, prepare a release (example using a HTTP proxy):
<pre><code>
$ mvn -Dhttps.proxyHost=proxyhostname -Dhttps.proxyPort=3128 jgitflow:release-start
</code></pre>
1. Update the CHANGELOG according to keepachangelog.com.
1. To perform the release (example using a HTTP proxy):
<pre><code>
$ mvn -Dhttps.proxyHost=proxyhostname -Dhttps.proxyPort=3128 jgitflow:release-finish
</code></pre>
If, after deployment, the command does not succeed because of some issue with the branches. Fix the issue, then re-run the same command but with 'noDeploy' option set to true to avoid re-deployment:
<pre><code>
$ mvn -Dhttps.proxyHost=proxyhostname -Dhttps.proxyPort=3128 -DnoDeploy=true jgitflow:release-finish
</code></pre>
More info on jgitflow: http://jgitflow.bitbucket.org/
1. Connect and log in to the OSS Nexus Repository Manager: https://oss.sonatype.org/
1. Go to Staging Profiles and select the pending repository authzforce-*... you just uploaded with `jgitflow:release-finish`
1. Click the Release button to release to Maven Central.
1. When the artifacts have been successfully published on Maven Central, follow the instructions in the [Release section of fiware repository](https://github.com/authzforce/fiware/blob/master/README.md#release).
1. Update the versions in badges at the top of this file.
1. Create a release on Github with a description based on the [release description template](release.description.tmpl.md), replacing M/m/P with the new major/minor/patch versions.
......@@ -3,7 +3,7 @@
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-server</artifactId>
<version>5.4.0</version>
<version>5.4.1</version>
<relativePath>..</relativePath>
</parent>
<artifactId>authzforce-ce-server-dist</artifactId>
......@@ -95,7 +95,6 @@
<plugin>
<groupId>com.ruleoftech</groupId>
<artifactId>markdown-page-generator-plugin</artifactId>
<version>0.10</version>
<executions>
<execution>
<phase>package</phase>
......
<pdp
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://authzforce.github.io/core/xmlns/pdp/3.6"
xmlns="http://authzforce.github.io/core/xmlns/pdp/5.0"
xmlns:pap-dao="http://authzforce.github.io/pap-dao-flat-file/xmlns/pdp-ext/3.6"
version="3.6.4"
version="5.0.0"
maxVariableRefDepth="10"
maxPolicyRefDepth="10"
strictAttributeIssuerMatch="false"
......
<pdp
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://authzforce.github.io/core/xmlns/pdp/3.6"
xmlns="http://authzforce.github.io/core/xmlns/pdp/5.0"
xmlns:pap-dao="http://authzforce.github.io/pap-dao-flat-file/xmlns/pdp-ext/3.6"
version="3.6.4"
version="5.0.0"
maxPolicyRefDepth="10"
strictAttributeIssuerMatch="false"
requestFilter="urn:ow2:authzforce:feature:pdp:request-filter:default-lax">
......
......@@ -4,21 +4,21 @@
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-parent</artifactId>
<version>3.3.7</version>
<version>3.4.0</version>
</parent>
<artifactId>authzforce-ce-server</artifactId>
<!-- FIWARE Versioning + Version must be equal or higher than 'authzforce-ce-rest-api-model' dependency in 'rest-service' module -->
<version>5.4.0</version>
<version>5.4.1</version>
<packaging>pom</packaging>
<name>${project.groupId}:${project.artifactId}</name>
<description>AuthZForce CE Server</description>
<url>https://github.com/authzforce/server</url>
<properties>
<git.url.base>https://github.com/authzforce/server</git.url.base>
<authzforce-ce-core.version>4.0.2</authzforce-ce-core.version>
<authzforce-ce-core-pap-api.version>5.2.1</authzforce-ce-core-pap-api.version>
<authzforce-ce-core.version>5.0.2</authzforce-ce-core.version>
<authzforce-ce-core-pap-api.version>5.3.0</authzforce-ce-core-pap-api.version>
<!-- Version must be compatible with authzforce-ce-core and authzforce-ce-core-pap-api versions above. -->
<authzforce-ce-pap-dao-flat-file.version>6.0.1</authzforce-ce-pap-dao-flat-file.version>
<authzforce-ce-pap-dao-flat-file.version>6.1.0</authzforce-ce-pap-dao-flat-file.version>
</properties>
<scm>
<connection>scm:git:${git.url.base}.git</connection>
......@@ -28,11 +28,6 @@
</scm>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-core</artifactId>
<version>${authzforce-ce-core.version}</version>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-core</artifactId>
......@@ -57,4 +52,41 @@
<module>upgrader</module>
<module>dist</module>
</modules>
<build>
<pluginManagement>
<plugins>
<!--This plugin's configuration is used to store Eclipse m2e settings only. It has no influence on the Maven build itself.-->
<plugin>
<groupId>org.eclipse.m2e</groupId>
<artifactId>lifecycle-mapping</artifactId>
<version>1.0.0</version>
<configuration>
<lifecycleMappingMetadata>
<pluginExecutions>
<pluginExecution>
<pluginExecutionFilter>
<groupId>
org.apache.maven.plugins
</groupId>
<artifactId>
maven-antrun-plugin
</artifactId>
<versionRange>
[1.6,)
</versionRange>
<goals>
<goal>run</goal>
</goals>
</pluginExecutionFilter>
<action>
<ignore />
</action>
</pluginExecution>
</pluginExecutions>
</lifecycleMappingMetadata>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
</project>
[Release notes](CHANGELOG.md#MmP)
Binary distributions available on [Maven Central Repository](http://repo1.maven.org/maven2/org/ow2/authzforce/authzforce-ce-server-dist/M.m.P/) in two forms:
* Ubuntu package (recommended option): `.deb`;
* Other Linux distributions: `.tar.gz`.
Docker image available on [Docker Hub](https://hub.docker.com/r/fiware/authzforce-ce-server/tags/).
Documentation available [online](http://authzforce-ce-fiware.readthedocs.io/en/release-M.m.P/) and as downloadable [HTML](https://media.readthedocs.org/htmlzip/authzforce-ce-fiware/release-M.m.P/authzforce-ce-fiware.zip) and [PDF](https://media.readthedocs.org/pdf/authzforce-ce-fiware/release-M.m.P/authzforce-ce-fiware.pdf).
......@@ -4,7 +4,7 @@
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-server</artifactId>
<!-- Version must be equal or higher than authzforce-ce-rest-api-model dependency -->
<version>5.4.0</version>
<version>5.4.1</version>
<relativePath>..</relativePath>
</parent>
<artifactId>authzforce-ce-server-rest-service</artifactId>
......@@ -21,13 +21,11 @@
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
<version>${slf4j.version}</version>
</dependency>
<dependency>
<!-- For URL path segment escaper: http://google.github.io/guava/releases/18.0/api/docs/com/google/common/net/UrlEscapers.html#urlPathSegmentEscaper() -->
......@@ -50,7 +48,6 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<version>3.5</version>
<!-- target JDK already set by parent project's maven.compiler.target property -->
<configuration>
<verbose>true</verbose>
......@@ -68,7 +65,6 @@
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<version>3.0.2</version>
<configuration>
<!-- Enables analysis which takes more memory but finds more bugs. If you run out of memory, changes the value of the effort element to 'Low'. -->
<effort>Max</effort>
......
......@@ -34,7 +34,7 @@ import org.slf4j.LoggerFactory;
import org.xml.sax.SAXException;
/**
* @see org.apache.cxf.jaxrs.impl.WebApplicationExceptionMapper WebApplicationExceptionMapper
* JAX-RS {@link ExceptionMapper} for {@link BadRequestException}
*/
@Provider
public class BadRequestExceptionMapper implements ExceptionMapper<BadRequestException>
......@@ -44,9 +44,9 @@ public class BadRequestExceptionMapper implements ExceptionMapper<BadRequestExce
private static final String INVALID_PARAM_MSG_PREFIX = "Invalid parameters: ";
@Override
public Response toResponse(BadRequestException exception)
public Response toResponse(final BadRequestException exception)
{
LOGGER.warn("Bad request", exception);
LOGGER.info("Bad request", exception);
final Response oldResp = exception.getResponse();
final String errMsg;
final Throwable cause = exception.getCause();
......@@ -60,23 +60,28 @@ public class BadRequestExceptionMapper implements ExceptionMapper<BadRequestExce
{
final Throwable linkedEx = ((JAXBException) internalCause).getLinkedException();
errMsg = INVALID_PARAM_MSG_PREFIX + linkedEx.getMessage();
} else
}
else
{
errMsg = INVALID_PARAM_MSG_PREFIX + cause.getMessage();
}
} else if (cause instanceof JAXBException)
}
else if (cause instanceof JAXBException)
{
final Throwable linkedEx = ((JAXBException) cause).getLinkedException();
errMsg = INVALID_PARAM_MSG_PREFIX + linkedEx.getMessage();
} else if (cause instanceof IllegalArgumentException)
}
else if (cause instanceof IllegalArgumentException)
{
final Throwable internalCause = cause.getCause();
errMsg = cause.getMessage() + (internalCause == null ? "" : ": " + internalCause.getMessage());
} else
}
else
{
errMsg = cause.getMessage();
}
} else
}
else
{
// handle case where cause message is only in the response message (no exception object
// in stacktrace), e.g. JAXBException
......@@ -85,7 +90,8 @@ public class BadRequestExceptionMapper implements ExceptionMapper<BadRequestExce
{
// hide "JAXBException..." when it occurs and only keep the JAXBException message
errMsg = JAXBEXCEPTION_MSG_START_PATTERN.matcher((String) oldEntity).replaceFirst(INVALID_PARAM_MSG_PREFIX);
} else
}
else
{
errMsg = null;
}
......
......@@ -27,22 +27,21 @@ import javax.ws.rs.ext.ExceptionMapper;
import javax.ws.rs.ext.Provider;
/**
* @see org.apache.cxf.jaxrs.impl.WebApplicationExceptionMapper WebApplicationExceptionMapper
* JAX-RS {@link ExceptionMapper} for {@link ClientErrorException}
*/
@Provider
public class ClientErrorExceptionMapper implements ExceptionMapper<ClientErrorException>
{
@Override
public Response toResponse(ClientErrorException exception)
public Response toResponse(final ClientErrorException exception)
{
// if NotFoundException has root cause, we expect the root cause message to be more specific
// on what resource could not be found, so return this message to the client
if (exception.getCause() != null)
{
final org.ow2.authzforce.rest.api.xmlns.Error errorEntity = new org.ow2.authzforce.rest.api.xmlns.Error(
exception.getCause().getMessage());
final org.ow2.authzforce.rest.api.xmlns.Error errorEntity = new org.ow2.authzforce.rest.api.xmlns.Error(exception.getCause().getMessage());
return Response.status(exception.getResponse().getStatus()).entity(errorEntity).build();
}
......
......@@ -30,18 +30,17 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* @see org.apache.cxf.jaxrs.impl.WebApplicationExceptionMapper WebApplicationExceptionMapper
* JAX-RS {@link ExceptionMapper} for {@link InternalServerErrorException}
*/
@Provider
public class ServerErrorExceptionMapper implements ExceptionMapper<InternalServerErrorException>
{
private final static Logger LOGGER = LoggerFactory.getLogger(ServerErrorExceptionMapper.class);
private final static String INTERNAL_ERR_MSG = "Internal server error";
private final static org.ow2.authzforce.rest.api.xmlns.Error ERROR = new org.ow2.authzforce.rest.api.xmlns.Error(INTERNAL_ERR_MSG
+ ". Retry later or contact the administrator.");
private final static org.ow2.authzforce.rest.api.xmlns.Error ERROR = new org.ow2.authzforce.rest.api.xmlns.Error(INTERNAL_ERR_MSG + ". Retry later or contact the administrator.");
@Override
public Response toResponse(InternalServerErrorException exception)
public Response toResponse(final InternalServerErrorException exception)
{
LOGGER.error(INTERNAL_ERR_MSG, exception);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(ERROR).build();
......
......@@ -3,7 +3,7 @@
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-server</artifactId>
<version>5.4.0</version>
<version>5.4.1</version>
<relativePath>..</relativePath>
</parent>
<artifactId>authzforce-ce-server-upgrader</artifactId>
......@@ -48,7 +48,6 @@
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
<scope>test</scope>
</dependency>
<dependency>
......@@ -94,7 +93,6 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<version>3.5</version>
<!-- target JDK already set by parent project's maven.compiler.target property -->
<configuration>
<verbose>true</verbose>
......@@ -112,7 +110,6 @@
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<version>3.0.2</version>
<configuration>
<!-- Enables analysis which takes more memory but finds more bugs. If you run out of memory, changes the value of the effort element to 'Low'. -->
<effort>Max</effort>
......@@ -268,6 +265,30 @@
</target>
</configuration>
</execution>
<execution>
<id>upgrade-from-5.1.x</id>
<phase>generate-test-resources</phase>
<goals>
<goal>run</goal>
</goals>
<configuration>
<target>
<copy todir="${project.basedir}/target/server/from-5.1.x/conf">
<fileset dir="${project.basedir}/src/test/server/current/conf" />
</copy>
<taskdef resource="net/sf/antcontrib/antlib.xml" />
<ant antfile="${project.basedir}/src/main/build.xml" inheritAll="false" inheritRefs="false">
<property name="old.version" value="5.1.0" />
<property name="old.install.dir" value="${project.basedir}/src/test/server/5.1.x" />
<property name="new.install.dir" value="${project.basedir}/target/server/from-5.1.x" />
<!-- <property name="ignore.domain.name" value="true" /> -->
<!-- <property name="pdp.max.var.ref.depth" value="20" /> -->
<!-- <property name="pdp.max.policy.ref.depth" value="20" /> -->
<!-- <property name="pdp.request.filter" value="urn:ow2:authzforce:feature:pdp:request-filter:multiple:repeated-attribute-categories-lax" /> -->
</ant>
</target>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
......@@ -289,12 +310,13 @@
<value>2</value>
</property>
</properties>
<!-- If run with Java 8, the JVM will reject 'http' schemaLocation of xml.xsd in XACML schema, unless you set this property -->
<argLine>-Djavax.xml.accessExternalSchema=http</argLine>
</configuration>
</plugin>
<plugin>
<groupId>com.ruleoftech</groupId>
<artifactId>markdown-page-generator-plugin</artifactId>
<version>0.10</version>
<executions>
<execution>
<phase>package</phase>
......
......@@ -2,7 +2,9 @@
{currentYear=${currentYear}}
# AuthZForce Upgrader
To upgrade AuhZForce data from a R4 version (4.2.x, 4.3.x or 4.4.x) to ${project.version}, proceed as follows:
If you intend to install a new version of Authzforce on the same server as the old version, first create a backup of the folder `/opt/authzforce` in the case of v4.2.0, or `/opt/authzforce-ce-server` for later versions, and proceed with the instructions below, using the backup folder as `old.install.dir`.
To upgrade AuhZForce data from an older version to ${project.version}, proceed as follows:
1. Install Ivy and Ant-Contrib on your system:
......@@ -25,7 +27,7 @@ To upgrade AuhZForce data from a R4 version (4.2.x, 4.3.x or 4.4.x) to ${project
</xsl:when>
```
1. Run the following command, where argument `old.version` is the old version (in the form `4.x.y`) of Authzforce you are upgrading from, argument `old.install.dir` is the installation directory of the old version, and argument `new.install.dir` is the new installation directory of the Authzforce version corresponding to this upgrade tool:
1. Run the following command, where argument `old.version` is the old version (in the form `x.y.z`) of Authzforce you are upgrading from, argument `old.install.dir` is the installation directory of the old version, or a backup of it if you are installing the new version on the same server, and argument `new.install.dir` is the new installation directory of the Authzforce version corresponding to this upgrade tool:
*WARNING 1: by default, for each domain, the following command will convert the old domain property 'name' to the new 'externalId' property (the value is copied from one to the other during the upgrade).* **Make sure that each old domain 'name' is UNIQUE.** *Indeed, each 'externalId' MUST BE UNIQUE after the upgrade. If this is not the case, either fix it or skip this conversion step by adding the following argument: `-Dignore.domain.name=true`. In this case, the 'externalId' will not be set by the upgrader tool. This is not an issue for new AuthZForce versions since 'externalId' values are optional. You may set them later with the API if you need to.*
......@@ -57,7 +59,7 @@ To upgrade AuhZForce data from a R4 version (4.2.x, 4.3.x or 4.4.x) to ${project
1. Restart Tomcat on the new AuthZForce server to load the new data.
1. If your old Authzforce version was 4.2.0 and the upgrade was successful, you may remote this old version:
1. If your old Authzforce version was 4.2.0 and the upgrade was successful, you may remove this old version:
```shell
$ sudo aptitude purge authzforce
```
......
......@@ -30,20 +30,22 @@
<property name="build.dir" value="build" />
<property name="src.dir" value="src" />
<property name="old.version" value="" description="Old Authzforce version: 4.2.x, 4.3.x or 4.4.x" />
<property name="old.version" value="" description="Old Authzforce version: 4.2.x, 4.3.x, 4.4.x, 5.1.x, 5.2.x, 5.3.x" />
<condition property="old.version.pattern" value="4.2.x">
<matches pattern="4\.2\..*" string="${old.version}" />
</condition>
<condition property="no.old.policies.dir" value="true">
<equals arg1="${old.version.pattern}" arg2="4.2.x" />
</condition>
<condition property="old.version.pattern" value="4.3.x">
<matches pattern="4\.3\..*" string="${old.version}" />
</condition>
<condition property="old.version.pattern" value="4.4.x">
<matches pattern="4\.4\..*" string="${old.version}" />
</condition>
<condition property="old.version.pattern" value="5.1.x">
<matches pattern="5\.(1|2|3)\..*" string="${old.version}" />
</condition>
<fail message="Invalid old.version arg: undefined or does not match one of these patterns: 4.2.x, 4.3.x or 4.4.x" unless="old.version.pattern" />
<property name="xslt.dir" location="xslt/${old.version.pattern}" />
......
......@@ -20,7 +20,7 @@
-->
<!-- PDP configuration upgrade XSL Sheet: 4.2.0 -> 5.1.x and above. To be used with Saxon XSLT processor. Author: Cyril DANGERVILLE. -->
<xsl:stylesheet version="2.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oldapi="http://thalesgroup.com/authz/model/3.0" xmlns:oldext="http://thalesgroup.com/authz/model/ext/3.0" xmlns:old="http://thalesgroup.com/authzforce/pdp/model/2014/12" xmlns="http://authzforce.github.io/core/xmlns/pdp/3.6" xmlns:xacml="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:pap-dao="http://authzforce.github.io/pap-dao-flat-file/xmlns/pdp-ext/3.6"
<xsl:stylesheet version="2.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oldapi="http://thalesgroup.com/authz/model/3.0" xmlns:oldext="http://thalesgroup.com/authz/model/ext/3.0" xmlns:old="http://thalesgroup.com/authzforce/pdp/model/2014/12" xmlns="http://authzforce.github.io/core/xmlns/pdp/5.0" xmlns:xacml="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:pap-dao="http://authzforce.github.io/pap-dao-flat-file/xmlns/pdp-ext/3.6"
exclude-result-prefixes="oldapi oldext old">
<xsl:import href="../xacml3-policy-c14n.xsl" />
<xsl:output encoding="UTF-8" indent="yes" method="xml" />
......@@ -41,7 +41,7 @@
<xsl:template match="old:pdps">
<xsl:apply-templates select="document($refPoliciesFileURI)/oldapi:policySets/xacml:PolicySet" />
<xsl:apply-templates select="$rootPolicy" />
<pdp version="3.6.4" maxVariableRefDepth="{$maxVariableRefDepth}" maxPolicyRefDepth="{$maxPolicyRefDepth}" strictAttributeIssuerMatch="false" requestFilter="{$requestFilter}">
<pdp version="5.0.0" maxVariableRefDepth="{$maxVariableRefDepth}" maxPolicyRefDepth="{$maxPolicyRefDepth}" strictAttributeIssuerMatch="false" requestFilter="{$requestFilter}">
<xsl:apply-templates select="old:attributeFactory/old:datatype" />
<xsl:apply-templates select="old:functionFactory/old:target/old:function|old:functionFactory/old:condition/old:function|old:functionFactory/old:general/old:function" />
<xsl:apply-templates select="old:functionFactory/old:target/old:abstractFunction|old:functionFactory/old:condition/old:abstractFunction|old:functionFactory/old:general/old:abstractFunction" />
......@@ -93,9 +93,10 @@
<!-- Function sets -->
<xsl:template match="old:functionCluster">
<functionSet>
<xsl:value-of select="@class" />
</functionSet>
<xsl:message terminate="yes">
This upgrader tool does not support migration of 'functionCluster' elements.
Please convert any 'functionCluster' to the equivalent sequence of 'function' elements (one per function in the cluster) in your PDP configuration files (pdp.xml) and try the upgrade tool again.
</xsl:message>
</xsl:template>
<!-- Policy/Rule combining algorithms -->
......
......@@ -12,7 +12,7 @@
with Saxon XSLT processor. Author: Cyril DANGERVILLE. -->
<xsl:stylesheet version="2.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://authzforce.github.io/core/xmlns/pdp/3.6">
xmlns:old="http://authzforce.github.io/core/xmlns/pdp/3.6" xmlns="http://authzforce.github.io/core/xmlns/pdp/5.0">
<xsl:import href="../xacml3-policy-c14n.xsl" />
<xsl:output encoding="UTF-8" indent="yes" method="xml" />
......@@ -30,7 +30,8 @@
select="'http://www.w3.org/2001/XMLSchema-instance'" />
<xsl:namespace name="flat-file-dao"
select="'http://authzforce.github.io/pap-dao-flat-file/xmlns/pdp-ext/3.6'" />
<xsl:apply-templates select="@* | node()" />
<xsl:attribute name="version">5.0.0</xsl:attribute>
<xsl:apply-templates select="@*[name()!='version'] | node()" />
</xsl:element>
</xsl:template>
......@@ -48,14 +49,28 @@
<!-- Do nothing, do not copy. -->
</xsl:template>
<xsl:template match="old:functionSet">
<xsl:message terminate="yes">
This upgrader tool does not support migration of 'functionSet'
(deprecated)
elements.
Please convert any 'functionSet' to the
equivalent sequence
of 'function' elements (one per function in the
set) in your PDP
configuration files (pdp.xml) and try the upgrade
tool again.
</xsl:message>
</xsl:template>
<xsl:template match="@requestFilter">
<xsl:attribute name="requestFilter" select="string($requestFilter)" />
</xsl:template>
<xsl:template match="@maxVariableRefDepth">
<xsl:attribute name="maxVariableRefDepth" select="string($maxVariableRefDepth)" />
<xsl:attribute name="maxVariableRefDepth" select="string($maxVariableRefDepth)" />
</xsl:template>
<xsl:template match="@maxPolicyRefDepth">
<xsl:attribute name="maxPolicyRefDepth" select="string($maxPolicyRefDepth)" />
</xsl:template>
......
......@@ -12,7 +12,7 @@
with Saxon XSLT processor. Author: Cyril DANGERVILLE. -->
<xsl:stylesheet version="2.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://authzforce.github.io/core/xmlns/pdp/3.6">
xmlns:old="http://authzforce.github.io/core/xmlns/pdp/3.6" xmlns="http://authzforce.github.io/core/xmlns/pdp/5.0">
<xsl:import href="../xacml3-policy-c14n.xsl" />
<xsl:output encoding="UTF-8" indent="yes" method="xml" />
......@@ -30,7 +30,8 @@
select="'http://www.w3.org/2001/XMLSchema-instance'" />
<xsl:namespace name="flat-file-dao"
select="'http://authzforce.github.io/pap-dao-flat-file/xmlns/pdp-ext/3.6'" />
<xsl:apply-templates select="@* | node()" />
<xsl:attribute name="version">5.0.0</xsl:attribute>
<xsl:apply-templates select="@*[name()!='version'] | node()" />
</xsl:element>
</xsl:template>
......@@ -48,14 +49,28 @@
<!-- Do nothing, do not copy. -->
</xsl:template>
<xsl:template match="old:functionSet">
<xsl:message terminate="yes">
This upgrader tool does not support migration of 'functionSet'
(deprecated)
elements because.
Please convert any 'functionSet' to the
equivalent sequence
of 'function' elements (one per function in the
set) in your PDP
configuration files (pdp.xml) and try the upgrade
tool again.