Merge branch 'release/5.4.0'

.gitignore

@@ -2,3 +2,4 @@
 /.project
 /.settings/
 /.README.md.html
+/.CHANGELOG.md.html

CHANGELOG.md

@@ -2,6 +2,14 @@
 All notable changes to this project are documented in this file following the [Keep a CHANGELOG](http://keepachangelog.com) conventions. We try to apply [Semantic Versioning](http://semver.org) with one particular rule: the version must be equal to or greater than the version of the _authzforce-ce-rest-api-model_ dependency (declared in _rest-service_ module's POM). Indeed, this dependency holds the resources of the REST API specification implemented by this project. Therefore, the rule helps relate a specific version of this project to the specific version of the REST API specification that is implemented/supported.
 
 
+## 5.4.0
+### Added
+- Conformance with [REST Profile of XACML v3.0 Version 1.0](http://docs.oasis-open.org/xacml/xacml-rest/v1.0/xacml-rest-v1.0.html), especially test assertion [urn:oasis:names:tc:xacml:3.0:profile:rest:assertion:home:pdp](http://docs.oasis-open.org/xacml/xacml-rest/v1.0/cs02/xacml-rest-v1.0-cs02.html#_Toc399235433) (FIWARE SEC-923). 
+
+### Changed
+- REST API model (authzforce-ce-rest-api-model) version: 5.3.1 (only text and FastInfoset-encoded XML are supported, not JSON)
+
+
 ## 5.3.0
 ### Changed
 - Version of dependency `authzforce-ce-pap-dao-flat-file` to `6.0.0`, causing changes to the REST API URL `/domains/{domainId}/pap/pdp.properties` regarding IDs of features of type `urn:ow2:authzforce:feature-type:pdp:request-filter`:

README.md

-[![Codacy Badge](https://api.codacy.com/project/badge/Grade/cdb9dd59cbf04a95bfbfbdcf770bb7d8)](https://www.codacy.com/app/coder103/authzforce-ce-server?utm_source=github.com&utm_medium=referral&utm_content=authzforce/server&utm_campaign=Badge_Grade)
-
-# AuthZForce Server
+# AuthZForce Server (Community Edition)
 [![License badge](https://img.shields.io/badge/license-GPL-blue.svg)](https://opensource.org/licenses/GPL-3.0)
-[![Documentation badge](https://readthedocs.org/projects/authzforce-ce-fiware/badge/?version=release-5.3.0)](http://authzforce-ce-fiware.readthedocs.io/en/release-5.3.0/?badge=release-5.3.0)
+[![Documentation badge](https://readthedocs.org/projects/authzforce-ce-fiware/badge/?version=release-5.3.0a)](http://authzforce-ce-fiware.readthedocs.io/en/release-5.3.0a/?badge=release-5.3.0a)
 [![Docker badge](https://img.shields.io/docker/pulls/fiware/authzforce-ce-server.svg)](https://hub.docker.com/r/fiware/authzforce-ce-server/)
 [![Support badge]( https://img.shields.io/badge/support-ask.fiware.org-yellowgreen.svg)](https://ask.fiware.org/questions/scope:all/sort:activity-desc/tags:authzforce/)
+[![Codacy Badge](https://api.codacy.com/project/badge/Grade/cdb9dd59cbf04a95bfbfbdcf770bb7d8)](https://www.codacy.com/app/coder103/authzforce-ce-server?utm_source=github.com&utm_medium=referral&utm_content=authzforce/server&utm_campaign=Badge_Grade)
 
 AuthZForce Server provides a multi-tenant RESTful API to Policy Administration Points (PAP) and Policy Decision Points (PDP) as defined in the [OASIS XACML 3.0 standard](http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html).
 
@@ -55,7 +54,7 @@ The sources for the manuals are located in [fiware repository](http://github.com
 * Defined in standard [Web Application Description Language and XML schema](https://github.com/authzforce/rest-api-model/tree/develop/src/main/resources) so that you can automatically generate client code. 
 * Provides access to all PAP/PDP features mentioned in previous sections.
 * Multi-tenant: allows to have multiple domains/tenants, each with its own PAP/PDP, in particular its own policy repository.
-* Conformance with [REST Profile of XACML v3.0 Version 1.0](http://docs.oasis-open.org/xacml/xacml-rest/v1.0/xacml-rest-v1.0.html) (at the level of each domain) except for test `urn:oasis:names:tc:xacml:3.0:profile:rest:assertion:home:pdp` (to be fixed in next release)
+* Conformance with [REST Profile of XACML v3.0 Version 1.0](http://docs.oasis-open.org/xacml/xacml-rest/v1.0/xacml-rest-v1.0.html) 
 * [Fast Infoset](http://www.itu.int/en/ITU-T/asn1/Pages/Fast-Infoset.aspx) support for requests/responses.
 
 ### High availability and load-balancing

dist/pom.xml

@@ -3,7 +3,7 @@
    <parent>
       <groupId>org.ow2.authzforce</groupId>
       <artifactId>authzforce-ce-server</artifactId>
-      <version>5.3.1-SNAPSHOT</version>
+      <version>5.4.0</version>
       <relativePath>..</relativePath>
    </parent>
    <artifactId>authzforce-ce-server-dist</artifactId>

pom.xml

@@ -8,7 +8,7 @@
    </parent>
    <artifactId>authzforce-ce-server</artifactId>
    <!-- FIWARE Versioning + Version must be equal or higher than 'authzforce-ce-rest-api-model' dependency in 'rest-service' module -->
-   <version>5.3.1-SNAPSHOT</version>
+   <version>5.4.0</version>
    <packaging>pom</packaging>
    <name>${project.groupId}:${project.artifactId}</name>
    <description>AuthZForce CE Server</description>

rest-service/pom.xml

@@ -4,7 +4,7 @@
       <groupId>org.ow2.authzforce</groupId>
       <artifactId>authzforce-ce-server</artifactId>
       <!-- Version must be equal or higher than authzforce-ce-rest-api-model dependency -->
-      <version>5.3.1-SNAPSHOT</version>
+      <version>5.4.0</version>
       <relativePath>..</relativePath>
    </parent>
    <artifactId>authzforce-ce-server-rest-service</artifactId>
@@ -29,10 +29,6 @@
          <artifactId>log4j-over-slf4j</artifactId>
          <version>${slf4j.version}</version>
       </dependency>
-      <dependency>
-         <groupId>org.apache.cxf</groupId>
-         <artifactId>cxf-rt-frontend-jaxrs</artifactId>
-      </dependency>
       <dependency>
          <!-- For URL path segment escaper: http://google.github.io/guava/releases/18.0/api/docs/com/google/common/net/UrlEscapers.html#urlPathSegmentEscaper() -->
          <groupId>com.google.guava</groupId>
@@ -42,7 +38,7 @@
       <dependency>
          <groupId>${project.groupId}</groupId>
          <artifactId>${artifactId.prefix}-rest-api-model</artifactId>
-         <version>5.2.0</version>
+         <version>5.3.1</version>
       </dependency>
       <dependency>
          <groupId>${project.groupId}</groupId>

rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/DomainResourceImpl.java

@@ -218,7 +218,13 @@ public class DomainResourceImpl<DAO extends DomainDAO<PolicyVersionResourceImpl,
 
 		pdpLink.setHref(pdpResourcePath.value());
 		pdpLink.setTitle("Policy Decision Point");
-		pdpLink.setRel(Relation.ITEM);
+
+		/*
+		 * Conformance with test assertion 'urn:oasis:names:tc:xacml:3.0:profile:rest:assertion:home:pdp' of REST Profile of XACML v3.0 Version 1.0:
+		 * http://docs.oasis-open.org/xacml/xacml-rest/v1.0/cs02/xacml-rest-v1.0-cs02.html#_Toc399235433. Example:
+		 * http://docs.oasis-open.org/xacml/xacml-rest/v1.0/cs02/xacml-rest-v1.0-cs02.html#_Toc399235419
+		 */
+		pdpLink.setRel(Relation.HTTP_DOCS_OASIS_OPEN_ORG_NS_XACML_RELATION_PDP);
 
 		final Resources childResources = new Resources(Arrays.asList(propsLink, papLink, pdpLink));
 		final ReadableDomainProperties props;

rest-service/src/main/java/org/ow2/authzforce/rest/service/jaxrs/DomainsResourceImpl.java

@@ -28,12 +28,12 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
 
+import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.BadRequestException;
 import javax.ws.rs.InternalServerErrorException;
 import javax.ws.rs.NotFoundException;
 import javax.ws.rs.core.Context;
 
-import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.ow2.authzforce.core.pap.api.dao.DomainsDAO;
 import org.ow2.authzforce.rest.api.jaxrs.DomainResource;
 import org.ow2.authzforce.rest.api.jaxrs.DomainsResource;
@@ -53,7 +53,7 @@ public class DomainsResourceImpl implements DomainsResource
 	private static final BadRequestException INVALID_ARG_BAD_REQUEST_EXCEPTION = new BadRequestException("Invalid argument");
 
 	@Context
-	private MessageContext messageContext;
+	private HttpServletRequest httpRequest;
 
 	private final DomainsDAO<DomainResourceImpl<?>> domainRepo;
 
@@ -130,7 +130,7 @@ public class DomainsResourceImpl implements DomainsResource
 		// add domain on the fly
 		// rename to resourceCollection
 		final Set<String> authorizedDomainIDs = new HashSet<>();
-		final Object attrVal = messageContext == null ? null : messageContext.getHttpServletRequest().getAttribute(authorizedResourceAttrId);
+		final Object attrVal = httpRequest == null ? null : httpRequest.getAttribute(authorizedResourceAttrId);
 		// attrVal may be null
 		if (attrVal == null)
 		{

webapp/pom.xml

@@ -3,7 +3,7 @@
    <parent>
       <groupId>org.ow2.authzforce</groupId>
       <artifactId>authzforce-ce-server</artifactId>
-      <version>5.3.1-SNAPSHOT</version>
+      <version>5.4.0</version>
       <relativePath>..</relativePath>
    </parent>
    <artifactId>authzforce-ce-server-webapp</artifactId>

webapp/src/main/webapp/WEB-INF/beans.xml

@@ -132,7 +132,7 @@
    </beans>
 
    <beans profile="+fastinfoset">
-      <jaxrs:server id="tazService" address="/" docLocation="classpath:/authz-api.fastinfoset.wadl" staticSubresourceResolution="true">
+      <jaxrs:server id="tazService" address="/" docLocation="classpath:/authz-api+fi.wadl" staticSubresourceResolution="true">
          <jaxrs:serviceBeans>
             <ref bean="domainsResourceBean" />
          </jaxrs:serviceBeans>

webapp/src/test/java/org/ow2/authzforce/web/test/DomainAPIHelper.java

@@ -19,6 +19,7 @@
 package org.ow2.authzforce.web.test;
 
 import static org.testng.Assert.assertEquals;
+import static org.testng.Assert.assertNotNull;
 import static org.testng.Assert.assertTrue;
 
 import java.io.File;
@@ -94,17 +95,27 @@ class DomainAPIHelper
 				String.format("Actual PolicySet Version (='%s') from %s() != expected PolicySet Version (='%s')", actual.getVersion(), testedMethodId, expected.getVersion()));
 	}
 
-	static boolean isHrefMatched(String href, List<Link> links)
+	/**
+	 * Get link with href matching a given href
+	 * 
+	 * @param hrefToBeMatched
+	 *            href to be matched
+	 * @param links
+	 *            links where to look for the matching link
+	 * @return matching link, null if none
+	 * 
+	 */
+	static Link getMatchingLink(String hrefToBeMatched, List<Link> links)
 	{
 		for (Link link : links)
 		{
-			if (link.getHref().equals(href))
+			if (link.getHref().equals(hrefToBeMatched))
 			{
-				return true;
+				return link;
 			}
 		}
 
-		return false;
+		return null;
 	}
 
 	protected void resetPdpAndPrp(List<Feature> pdpFeaturesToEnable) throws JAXBException
@@ -330,12 +341,12 @@ class DomainAPIHelper
 		// Check result was committed
 		// check added policy link is in policies list
 		PoliciesResource policiesRes = domain.getPapResource().getPoliciesResource();
-		assertTrue(isHrefMatched(policyResId, policiesRes.getPolicies().getLinks()), "Added policy resource link not found in links returned by getPoliciesResource()");
+		assertNotNull(getMatchingLink(policyResId, policiesRes.getPolicies().getLinks()), "Added policy resource link not found in links returned by getPoliciesResource()");
 
 		// check added policy version is in policy versions list
 		PolicyResource policyRes = policiesRes.getPolicyResource(policyResId);
 		final Resources policyVersionsResources = policyRes.getPolicyVersions();
-		assertTrue(isHrefMatched(versionResId, policyVersionsResources.getLinks()), "Added policy version resource link not found in links returned by getPolicyVersions()");
+		assertNotNull(getMatchingLink(versionResId, policyVersionsResources.getLinks()), "Added policy version resource link not found in links returned by getPolicyVersions()");
 
 		// check PolicySet of added policy id/version is actually the one we
 		// added

webapp/src/test/java/org/ow2/authzforce/web/test/DomainMainTestWithoutAutoSyncOrVersionRolling.java

@@ -6,6 +6,7 @@ package org.ow2.authzforce.web.test;
 import static org.testng.Assert.assertEquals;
 import static org.testng.Assert.assertFalse;
 import static org.testng.Assert.assertNotNull;
+import static org.testng.Assert.assertNull;
 import static org.testng.Assert.assertTrue;
 import static org.testng.Assert.fail;
 
@@ -592,8 +593,8 @@ public class DomainMainTestWithoutAutoSyncOrVersionRolling extends RestServiceTe
 		PolicyResource policyResource = testDomain.getPapResource().getPoliciesResource().getPolicyResource(TEST_POLICY_DELETE_ID);
 		Resources versionsResources = policyResource.deletePolicy();
 		assertNotNull(versionsResources);
-		assertTrue(DomainAPIHelper.isHrefMatched("1.2.3", versionsResources.getLinks()));
-		assertTrue(DomainAPIHelper.isHrefMatched("1.3.1", versionsResources.getLinks()));
+		assertNotNull(DomainAPIHelper.getMatchingLink("1.2.3", versionsResources.getLinks()));
+		assertNotNull(DomainAPIHelper.getMatchingLink("1.3.1", versionsResources.getLinks()));
 
 		try
 		{
@@ -605,7 +606,7 @@ public class DomainMainTestWithoutAutoSyncOrVersionRolling extends RestServiceTe
 		}
 
 		PoliciesResource policiesRes = testDomain.getPapResource().getPoliciesResource();
-		assertFalse(DomainAPIHelper.isHrefMatched(TEST_POLICY_DELETE_ID, policiesRes.getPolicies().getLinks()),
+		assertNull(DomainAPIHelper.getMatchingLink(TEST_POLICY_DELETE_ID, policiesRes.getPolicies().getLinks()),
 				"Deleted policy resource (all versions) is still in links returned by getPoliciesResource()");
 	}
 
@@ -634,7 +635,7 @@ public class DomainMainTestWithoutAutoSyncOrVersionRolling extends RestServiceTe
 
 		Resources policyVersionsResources = testDomain.getPapResource().getPoliciesResource().getPolicyResource(TEST_POLICY_DELETE_ID).getPolicyVersions();
 		assertEquals(policyVersionsResources.getLinks().size(), 1);
-		assertTrue(DomainAPIHelper.isHrefMatched("1.3.1", policyVersionsResources.getLinks()));
+		assertNotNull(DomainAPIHelper.getMatchingLink("1.3.1", policyVersionsResources.getLinks()));
 	}
 
 	private static final String TEST_POLICY_DELETE_SINGLE_VERSION_ID = "testPolicyDeleteSingleVersion";

webapp/src/test/java/org/ow2/authzforce/web/test/DomainSetTest.java

@@ -49,6 +49,7 @@ import org.testng.annotations.Optional;
 import org.testng.annotations.Parameters;
 import org.testng.annotations.Test;
 import org.w3._2005.atom.Link;
+import org.w3._2005.atom.Relation;
 
 public class DomainSetTest extends RestServiceTest
 {
@@ -260,6 +261,10 @@ public class DomainSetTest extends RestServiceTest
 		final String testDomainId = createdDomainIds.iterator().next();
 		Domain testDomainResource = domainsAPIProxyClient.getDomainResource(testDomainId).getDomain();
 		assertNotNull(testDomainResource, String.format("Error retrieving domain ID=%s", testDomainId));
+		final Link pdpLink = DomainAPIHelper.getMatchingLink("/pdp", testDomainResource.getChildResources().getLinks());
+		assertNotNull(pdpLink, "Missing link to PDP in response to getDomain(" + testDomainId + ")");
+		assertEquals(pdpLink.getRel(), Relation.HTTP_DOCS_OASIS_OPEN_ORG_NS_XACML_RELATION_PDP, "PDP link relation in response to getDomain(" + testDomainId
+				+ ") does not comply with REST profile of XACML 3.0");
 	}
 
 	@Test(dependsOnMethods = { "getDomain" })

webapp/src/test/java/org/ow2/authzforce/web/test/DomainsResourceFastInfoset.java

@@ -21,6 +21,10 @@ package org.ow2.authzforce.web.test;
 import org.apache.cxf.annotations.FastInfoset;
 import org.ow2.authzforce.rest.api.jaxrs.DomainsResource;
 
+/**
+ * FastInfoset-aware API client
+ *
+ */
 @FastInfoset(force = true)
 public interface DomainsResourceFastInfoset extends DomainsResource
 {

webapp/src/test/java/org/ow2/authzforce/web/test/RestServiceTest.java

@@ -84,7 +84,9 @@ abstract class RestServiceTest extends AbstractTestNGSpringContextTests
 	protected static final int XML_MAX_TEXT_LENGTH = 1000;
 
 	/*
-	 * For maxAttributeSize = 500 in JAXRS server configuration, exception raised only when chars.length > 911! WHY? Possible issue with woodstox library. FIXME: report this issue to CXF/Woodstox
+	 * For maxAttributeSize = 500 in JAXRS server configuration, exception raised only when chars.length > 911! WHY? Possible issue with woodstox library.
+	 * 
+	 * FIXME: report this issue to CXF/Woodstox
 	 */
 	private static final int XML_MAX_ATTRIBUTE_SIZE = 500;
 	protected static final int XML_MAX_ATTRIBUTE_SIZE_EFFECTIVE = 911;