http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMVariableDefinition.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMVariableDefinition.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMVariableDefinition.java new file mode 100755 index 0000000..d1d32f3 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMVariableDefinition.java @@ -0,0 +1,94 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy.dom; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +import com.att.research.xacml.api.XACML3; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.dom.DOMProperties; +import com.att.research.xacml.std.dom.DOMStructureException; +import com.att.research.xacml.std.dom.DOMUtil; +import com.att.research.xacmlatt.pdp.policy.Policy; +import com.att.research.xacmlatt.pdp.policy.VariableDefinition; + +/** + * DOMVariableDefinition extends {@link com.att.research.xacmlatt.pdp.policy.VariableDefinition} with methods + * for creation from DOM {@link org.w3c.dom.Node}s. + * + * @author car + * @version $Revision: 1.2 $ + */ +public class DOMVariableDefinition extends VariableDefinition { + private static final Log logger = LogFactory.getLog(DOMVariableDefinition.class); + + protected DOMVariableDefinition() { + } + + /** + * Creates a new <code>VariableDefinition</code> by parsing the given <code>Node</code> representing a XACML VariableDefinition element. + * + * @param nodeVariableDefinition the <code>Node</code> representing the XACML VariableDefinition element + * @param policy the <code>Policy</code> encompassing the VariableDefinition element + * @return a new <code>VariableDefinition</code> parsed from the given <code>Node</code> + * @throws DOMStructureException if there is an error parsing the <code>Node</code> + */ + public static VariableDefinition newInstance(Node nodeVariableDefinition, Policy policy) throws DOMStructureException { + Element elementVariableDefinition = DOMUtil.getElement(nodeVariableDefinition); + boolean bLenient = DOMProperties.isLenient(); + + DOMVariableDefinition domVariableDefinition = new DOMVariableDefinition(); + + try { + Element elementExpression = DOMUtil.getFirstChildElement(elementVariableDefinition); + if (elementExpression != null) { + if (DOMExpression.isExpression(elementExpression)) { + domVariableDefinition.setExpression(DOMExpression.newInstance(elementExpression, policy)); + } else if (!bLenient) { + throw DOMUtil.newUnexpectedElementException(elementExpression, elementVariableDefinition); + } + } else if (!bLenient) { + throw DOMUtil.newMissingElementException(elementVariableDefinition, XACML3.XMLNS, XACML3.ELEMENT_EXPRESSION); + } + domVariableDefinition.setId(DOMUtil.getStringAttribute(elementVariableDefinition, XACML3.ATTRIBUTE_VARIABLEID, !bLenient)); + } catch (DOMStructureException ex) { + domVariableDefinition.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, ex.getMessage()); + if (DOMProperties.throwsExceptions()) { + throw ex; + } + } + return domVariableDefinition; + } + + public static boolean repair(Node nodeVariableDefinition) throws DOMStructureException { + Element elementVariableDefinition = DOMUtil.getElement(nodeVariableDefinition); + boolean result = false; + + Element elementExpression = DOMUtil.getFirstChildElement(elementVariableDefinition); + if (elementExpression != null) { + if (DOMExpression.isExpression(elementExpression)) { + result = result || DOMExpression.repair(elementExpression); + } else { + logger.warn("Unexpected element " + elementExpression.getNodeName()); + elementVariableDefinition.removeChild(elementExpression); + result = true; + } + } else { + throw DOMUtil.newMissingElementException(elementVariableDefinition, XACML3.XMLNS, XACML3.ELEMENT_EXPRESSION); + } + + result = result || DOMUtil.repairStringAttribute(elementVariableDefinition, XACML3.ATTRIBUTE_VARIABLEID, "variable", logger); + return result; + } +}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/package-info.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/package-info.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/package-info.java new file mode 100755 index 0000000..f42ce1e --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/package-info.java @@ -0,0 +1,20 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ + +package com.att.research.xacmlatt.pdp.policy.dom; + +/** + * com.att.research.xacmlatt.pdp.policy.dom contains class definitions that extend {@link com.att.research.xacmlatt.pdp.policy} classes + * with methods for creation from DOM {@link org.w3c.dom.Node}s. + * + * @author car + * @version $Revision: 1.1 $ + */ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/Apply.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/Apply.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/Apply.java new file mode 100755 index 0000000..08064fd --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/Apply.java @@ -0,0 +1,170 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy.expressions; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Iterator; +import java.util.List; + +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.StatusCode; +import com.att.research.xacml.std.StdStatus; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.util.FactoryException; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.eval.EvaluationException; +import com.att.research.xacmlatt.pdp.policy.Expression; +import com.att.research.xacmlatt.pdp.policy.ExpressionResult; +import com.att.research.xacmlatt.pdp.policy.FunctionArgument; +import com.att.research.xacmlatt.pdp.policy.FunctionArgumentExpression; +import com.att.research.xacmlatt.pdp.policy.FunctionDefinition; +import com.att.research.xacmlatt.pdp.policy.FunctionDefinitionFactory; +import com.att.research.xacmlatt.pdp.policy.PolicyDefaults; + +/** + * Apply extends {@link com.att.research.xacmlatt.pdp.policy.Expression} to implement the XACML Apply Expression element. + * + * @author car + * @version $Revision: 1.3 $ + */ +public class Apply extends Expression { + private Identifier functionId; + private FunctionDefinition functionDefinition; + private String description; + private List<Expression> arguments = new ArrayList<Expression>(); + + protected List<Expression> getArgumentList() { + return this.arguments; + } + + protected void clearArgumentList() { + this.getArgumentList().clear(); + } + + public Apply(StatusCode statusCodeIn, String statusMessageIn) { + super(statusCodeIn, statusMessageIn); + } + + public Apply(StatusCode statusCodeIn) { + super(statusCodeIn); + } + + public Apply() { + } + + public Apply(Identifier functionIdIn, String descriptionIn, Collection<Expression> argumentsIn) { + this.functionId = functionIdIn; + this.description = descriptionIn; + if (argumentsIn != null) { + this.arguments.addAll(argumentsIn); + } + } + + public Identifier getFunctionId() { + return this.functionId; + } + + public void setFunctionId(Identifier identifier) { + this.functionId = identifier; + this.functionDefinition = null; + } + + /** + * Gets and caches the {@link com.att.research.xacmlatt.pdp.policy.FunctionDefinition} matching the + * <code>Identifier</code> for the FunctionId in this <code>Apply</code>. + * + * @return the <code>FunctionDefinition</code> for the <code>Identifier</code> for the Function Id for this <code>Apply</code> + */ + public FunctionDefinition getFunctionDefinition() { + if (this.functionDefinition == null) { + Identifier thisFunctionId = this.getFunctionId(); + if (thisFunctionId != null) { + try { + this.functionDefinition = FunctionDefinitionFactory.newInstance().getFunctionDefinition(thisFunctionId); + } catch (FactoryException ex) { + this.setStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "FactoryException getting FunctionDefinition"); + } + } + } + return this.functionDefinition; + } + + public String getDescription() { + return this.description; + } + + public void setDescription(String string) { + this.description = string; + } + + public Iterator<Expression> getArguments() { + return this.getArgumentList().iterator(); + } + + public void setArguments(Collection<Expression> listExpressions) { + this.clearArgumentList(); + if (listExpressions != null) { + this.addArguments(listExpressions); + } + } + + public void addArgument(Expression expression) { + this.getArgumentList().add(expression); + } + + public void addArguments(Collection<Expression> listExpressions) { + this.getArgumentList().addAll(listExpressions); + } + + @Override + public ExpressionResult evaluate(EvaluationContext evaluationContext, PolicyDefaults policyDefaults) throws EvaluationException { + if (!this.validate()) { + return ExpressionResult.newError(new StdStatus(this.getStatusCode(), this.getStatusMessage())); + } + + /* + * Get the FunctionDefinition + */ + FunctionDefinition thisFunctionDefinition = this.getFunctionDefinition(); + if (thisFunctionDefinition == null) { + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "Unknown Function \"" + this.getFunctionId().toString() + "\"")); + } + + /* + * Get all of the arguments and convert them into FunctionArgument objects. + */ + List<FunctionArgument> listFunctionArguments = new ArrayList<FunctionArgument>(); + Iterator<Expression> iterExpressionArguments = this.getArguments(); + if (iterExpressionArguments != null) { + while (iterExpressionArguments.hasNext()) { + listFunctionArguments.add(new FunctionArgumentExpression(iterExpressionArguments.next(), evaluationContext, policyDefaults)); + } + } + + /* + * Apply the FunctionDefinition to the arguments + */ + return thisFunctionDefinition.evaluate(evaluationContext, listFunctionArguments); + } + + @Override + protected boolean validateComponent() { + if (this.getFunctionId() == null) { + this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing FunctionId"); + return false; + } else { + this.setStatus(StdStatusCode.STATUS_CODE_OK, null); + return true; + } + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeDesignator.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeDesignator.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeDesignator.java new file mode 100755 index 0000000..2a3e530 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeDesignator.java @@ -0,0 +1,215 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy.expressions; + +import java.util.Collection; + +import com.att.research.xacml.api.Attribute; +import com.att.research.xacml.api.AttributeValue; +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.MissingAttributeDetail; +import com.att.research.xacml.api.Status; +import com.att.research.xacml.api.StatusCode; +import com.att.research.xacml.api.StatusDetail; +import com.att.research.xacml.api.pip.PIPException; +import com.att.research.xacml.api.pip.PIPRequest; +import com.att.research.xacml.api.pip.PIPResponse; +import com.att.research.xacml.std.StdMutableMissingAttributeDetail; +import com.att.research.xacml.std.StdStatus; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.StdStatusDetail; +import com.att.research.xacml.std.pip.StdPIPRequest; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.eval.EvaluationException; +import com.att.research.xacmlatt.pdp.policy.Bag; +import com.att.research.xacmlatt.pdp.policy.ExpressionResult; +import com.att.research.xacmlatt.pdp.policy.PolicyDefaults; + +/** + * AttributeDesignator extends {@link com.att.research.xacmlatt.pdp.policy.expression.AttributeRetrievalBase} to represent the + * XACML AttributeDesignator element. + * + * @author car + * @version $Revision: 1.2 $ + */ +public class AttributeDesignator extends AttributeRetrievalBase { + private Identifier attributeId; + private String issuer; + private PIPRequest pipRequestCached; + private MissingAttributeDetail missingAttributeDetail; + private StatusDetail statusDetail; + + protected PIPRequest getPIPRequest() { + if (this.pipRequestCached == null) { + this.pipRequestCached = new StdPIPRequest(this.getCategory(), this.getAttributeId(), this.getDataTypeId(), this.getIssuer()); + } + return this.pipRequestCached; + } + + protected MissingAttributeDetail getMissingAttributeDetail() { + if (this.missingAttributeDetail == null) { + this.missingAttributeDetail = new StdMutableMissingAttributeDetail(this.getCategory(), this.getAttributeId(), this.getDataTypeId(), this.getIssuer()); + } + return this.missingAttributeDetail; + } + + protected StatusDetail getStatusDetail() { + if (this.statusDetail == null) { + this.statusDetail = new StdStatusDetail(this.getMissingAttributeDetail()); + } + return this.statusDetail; + } + + public AttributeDesignator(StatusCode statusCodeIn, String statusMessageIn) { + super(statusCodeIn, statusMessageIn); + } + + public AttributeDesignator(StatusCode statusCodeIn) { + super(statusCodeIn); + } + + public AttributeDesignator() { + } + + public Identifier getAttributeId() { + return this.attributeId; + } + + public void setAttributeId(Identifier identifierAttributeId) { + this.attributeId = identifierAttributeId; + } + + public String getIssuer() { + return this.issuer; + } + + public void setIssuer(String issuerIn) { + this.issuer = issuerIn; + } + + @Override + protected boolean validateComponent() { + if (!super.validateComponent()) { + return false; + } else if (this.getAttributeId() == null) { + this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing AttributeId"); + return false; + } else { + return true; + } + } + + /** + * Determines if the given <code>Attribute</code> has the same category, attribute id, and issuer as this + * <code>AttributeDesignator</code>. + * + * @param attribute the <code>Attribute</code> to test + * @return true if the <code>Attribute</code> matches, else false + */ + protected boolean match(Attribute attribute) { + if (!this.getCategory().equals(attribute.getCategory())) { + return false; + } else if (!this.getAttributeId().equals(attribute.getAttributeId())) { + return false; + } else if (this.getIssuer() != null && !this.getIssuer().equals(attribute.getIssuer())) { + return false; + } else { + return true; + } + } + + /** + * Determines if the given <code>AttributeValue</code> has the same data type id as this + * <code>AttributeDesignator</code>. + * + * @param attributeValue the <code>AttributeValue</code> to test + * @return true if the <code>AttributeValue</code> maches, else false + */ + protected boolean match(AttributeValue<?> attributeValue) { + if (!this.getDataTypeId().equals(attributeValue.getDataTypeId())) { + return false; + } else { + return true; + } + } + + @Override + public ExpressionResult evaluate(EvaluationContext evaluationContext, PolicyDefaults policyDefaults) throws EvaluationException { + if (!this.validate()) { + return ExpressionResult.newInstance(new StdStatus(this.getStatusCode(), this.getStatusMessage())); + } + + /* + * Set up the PIPRequest representing this + */ + PIPRequest pipRequest = this.getPIPRequest(); + assert(pipRequest != null); + + /* + * Query the evaluation context for results + */ + PIPResponse pipResponse = null; + try { + pipResponse = evaluationContext.getAttributes(pipRequest); + } catch (PIPException ex) { + throw new EvaluationException("PIPException getting Attributes", ex); + } + assert(pipResponse != null); + + /* + * See if the request was successful + */ + Status pipStatus = pipResponse.getStatus(); + if (pipStatus != null && !pipStatus.getStatusCode().equals(StdStatusCode.STATUS_CODE_OK)) { + return ExpressionResult.newInstance(pipStatus); + } + + /* + * See if there were any results + */ + Bag bagAttributeValues = new Bag(); + Collection<Attribute> listAttributes = pipResponse.getAttributes(); + for (Attribute attribute : listAttributes) { + if (this.match(attribute)) { + for (AttributeValue<?> attributeValue: attribute.getValues()) { + if (this.match(attributeValue)) { + bagAttributeValues.add(attributeValue); + } + } + } + } + if (this.getMustBePresent() && bagAttributeValues.size() == 0) { + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_MISSING_ATTRIBUTE, "Missing required attribute", new StdStatusDetail(this.getMissingAttributeDetail()))); + } else { + return ExpressionResult.newBag(bagAttributeValues); + } + } + + @Override + public String toString() { + StringBuilder stringBuilder = new StringBuilder("{"); + + stringBuilder.append("super="); + stringBuilder.append(super.toString()); + + Object objectToDump; + if ((objectToDump = this.getAttributeId()) != null) { + stringBuilder.append(",attributeId="); + stringBuilder.append(objectToDump.toString()); + } + if ((objectToDump = this.getIssuer()) != null) { + stringBuilder.append(",issuer="); + stringBuilder.append((String)objectToDump); + } + stringBuilder.append('}'); + return stringBuilder.toString(); + } +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeRetrievalBase.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeRetrievalBase.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeRetrievalBase.java new file mode 100755 index 0000000..21ac724 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeRetrievalBase.java @@ -0,0 +1,170 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy.expressions; + +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.StatusCode; +import com.att.research.xacml.api.StatusDetail; +import com.att.research.xacml.api.XACML; +import com.att.research.xacml.std.StdStatus; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.datatypes.DataTypes; +import com.att.research.xacmlatt.pdp.policy.Expression; +import com.att.research.xacmlatt.pdp.policy.ExpressionResult; + +/** + * AttributeRetrievalBase extends {@link com.att.research.xacmlatt.pdp.policy.PolicyComponent} and + * implements {@link com.att.research.xacmlatt.pdp.eval.Evaluatable} to serve as an abstract base class + * for the {@link com.att.research.xacmlatt.pdp.policy.AttributeSelector} and {@link com.att.research.xacmlatt.pdp.policy.AttributeDesignator} + * classes. + * + * @author car + * @version $Revision: 1.1 $ + */ +public abstract class AttributeRetrievalBase extends Expression { + private Identifier category; + private Identifier dataTypeId; + private Boolean mustBePresent; + + protected AttributeRetrievalBase(StatusCode statusCodeIn, + String statusMessageIn) { + super(statusCodeIn, statusMessageIn); + } + + protected AttributeRetrievalBase(StatusCode statusCodeIn) { + super(statusCodeIn); + } + + protected AttributeRetrievalBase() { + } + + protected AttributeRetrievalBase(Identifier categoryIn, Identifier dataTypeIdIn, Boolean mustBePresentIn) { + this.category = categoryIn; + this.dataTypeId = dataTypeIdIn; + this.mustBePresent = mustBePresentIn; + } + + /** + * Gets the {@link com.att.research.xacml.api.Identifier} for the category associated with this + * <code>AttributeRetrievalBase</code>. + * + * @return the <code>Identifier</code> for the category of this <code>AttributeRetrievalBase</code>. + */ + public Identifier getCategory() { + return this.category; + } + + /** + * Sets the <code>Identifier</code> for the category associated with this <code>AttributeRetrievalBase</code>. + * + * @param categoryIn the <code>Identifier</code> for the category associated with this <code>AttributeRetrievalBase</code> + */ + public void setCategory(Identifier categoryIn) { + this.category = categoryIn; + } + + /** + * Gets the <code>Identifier</code> for the data type associated with this <code>AttributeRetrievalBase</code>. + * + * @return the <code>Identifier</code> for the data type associated with this <code>AttributeRetrievalBase</code> + */ + public Identifier getDataTypeId() { + return this.dataTypeId; + } + + /** + * Sets the <code>Identifier</code> for the data type associated with this <code>AttributeRetrievalBase</code>. + * + * @param dataTypeIn the <code>Identifier</code> for the data type associated with this <code>AttributeRetrievalBase</code> + */ + public void setDataTypeId(Identifier dataTypeIn) { + // allow old-style Ids for Durations since there is no structural or semantic changes, just a different Id. + if (dataTypeIn.equals(XACML.ID_DATATYPE_WD_DAYTIMEDURATION)) { + dataTypeIn = DataTypes.DT_DAYTIMEDURATION.getId(); + } else if (dataTypeIn.equals(XACML.ID_DATATYPE_WD_YEARMONTHDURATION)) { + dataTypeIn = DataTypes.DT_YEARMONTHDURATION.getId(); + } + this.dataTypeId = dataTypeIn; + } + + /** + * Determines if a value must be found for this <code>AttributeRetrievalBase</code> when it is evaluated. If true, + * and no value is found, an indeterminate result is returned, otherwise an empty bag is returned. + * + * @return true if the value of this <code>AttributeRetrievalBase</code> must be found, else false + */ + public Boolean getMustBePresent() { + return this.mustBePresent; + } + + /** + * Sets the flag indicating whether a value must be found for this <code>AttributeRetrievalBase</code>. + * + * @param b the boolean value for the flag + */ + public void setMustBePresent(boolean b) { + this.mustBePresent = b; + } + + @Override + protected boolean validateComponent() { + if (this.getCategory() == null) { + this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing Category"); + return false; + } else if (this.getDataTypeId() == null) { + this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing DataType"); + return false; + } else if (this.getMustBePresent() == null) { + this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing MustBePresent"); + return false; + } else { + this.setStatus(StdStatusCode.STATUS_CODE_OK, null); + return true; + } + } + + @Override public String toString() { + StringBuilder stringBuilder = new StringBuilder("{"); + stringBuilder.append("super="); + stringBuilder.append(super.toString()); + + Object objectToDump; + if ((objectToDump = this.getCategory()) != null) { + stringBuilder.append(",category="); + stringBuilder.append(objectToDump.toString()); + } + if ((objectToDump = this.getDataTypeId()) != null) { + stringBuilder.append(",dataType="); + stringBuilder.append(objectToDump.toString()); + } + if ((objectToDump = this.getMustBePresent()) != null) { + stringBuilder.append(",mustBePresent="); + stringBuilder.append(objectToDump.toString()); + } + stringBuilder.append('}'); + return stringBuilder.toString(); + } + + /** + * Creates the appropriate {@link com.att.research.xacmlatt.pdp.policy.ExpressionResult} for an empty list based + * on the <code>getMustBePresent</code> value. + * + * @return an appropriate <code>ExpressionResult</code> + */ + protected ExpressionResult getEmptyResult(String statusMessage, StatusDetail statusDetail) { + if (this.getMustBePresent() != null && this.getMustBePresent().booleanValue()) { + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_MISSING_ATTRIBUTE, statusMessage, statusDetail)); + } else { + return ExpressionResult.newEmpty(); + } + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeSelector.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeSelector.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeSelector.java new file mode 100755 index 0000000..d5f94e2 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeSelector.java @@ -0,0 +1,283 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy.expressions; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import javax.xml.xpath.XPath; +import javax.xml.xpath.XPathConstants; +import javax.xml.xpath.XPathExpression; +import javax.xml.xpath.XPathExpressionException; +import javax.xml.xpath.XPathFactory; + +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import com.att.research.xacml.api.Attribute; +import com.att.research.xacml.api.AttributeValue; +import com.att.research.xacml.api.DataType; +import com.att.research.xacml.api.DataTypeException; +import com.att.research.xacml.api.DataTypeFactory; +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.Request; +import com.att.research.xacml.api.RequestAttributes; +import com.att.research.xacml.api.StatusCode; +import com.att.research.xacml.std.StdStatus; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.datatypes.DataTypes; +import com.att.research.xacml.std.datatypes.NodeNamespaceContext; +import com.att.research.xacml.std.datatypes.XPathExpressionWrapper; +import com.att.research.xacml.std.dom.DOMStructureException; +import com.att.research.xacml.std.dom.DOMUtil; +import com.att.research.xacml.util.FactoryException; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.eval.EvaluationException; +import com.att.research.xacmlatt.pdp.policy.Bag; +import com.att.research.xacmlatt.pdp.policy.ExpressionResult; +import com.att.research.xacmlatt.pdp.policy.PolicyDefaults; + +/** + * AttributeSelector extends {@link com.att.research.xacmlatt.pdp.policy.expressions.AttributeRetrievalBase} to implement + * the XACML AttributeSelector element. + * + * @author car + * @version $Revision: 1.2 $ + */ +public class AttributeSelector extends AttributeRetrievalBase { + private Identifier contextSelectorId; + private String path; + @SuppressWarnings("unused") + private DataType<?> dataType; + + protected DataType<?> getDataType() { + Identifier dataTypeIdThis = this.getDataTypeId(); + if (dataTypeIdThis == null) { + return null; + } else { + DataTypeFactory dataTypeFactory = null; + try { + dataTypeFactory = DataTypeFactory.newInstance(); + if (dataTypeFactory == null) { + return null; + } + } catch (FactoryException ex) { + return null; + } + return (this.dataType = dataTypeFactory.getDataType(dataTypeIdThis)); + } + } + + public AttributeSelector(StatusCode statusCodeIn, String statusMessageIn) { + super(statusCodeIn, statusMessageIn); + } + + public AttributeSelector(StatusCode statusCodeIn) { + super(statusCodeIn); + } + + public AttributeSelector() { + } + + public Identifier getContextSelectorId() { + return this.contextSelectorId; + } + + public void setContextSelectorId(Identifier identifier) { + this.contextSelectorId = identifier; + } + + public String getPath() { + return this.path; + } + + public void setPath(String pathIn) { + this.path = pathIn; + } + + @Override + protected boolean validateComponent() { + if (!super.validateComponent()) { + return false; + } else if (this.getPath() == null) { + this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing Path"); + return false; + } else { + return true; + } + } + + /** + * If there is a context selector ID, get the attributes from the given <code>RequestAttributes</code> with that + * ID, ensure they are <code>XPathExpression</code>s and return them. + * + * @param requestAttributes + * @return + */ + protected List<XPathExpression> getContextSelectorValues(RequestAttributes requestAttributes) { + Identifier thisContextSelectorId = this.getContextSelectorId(); + if (thisContextSelectorId == null) { + return null; + } + List<XPathExpression> listXPathExpressions = null; + Iterator<Attribute> iterAttributes = requestAttributes.getAttributes(thisContextSelectorId); + if (iterAttributes != null) { + while (iterAttributes.hasNext()) { + Attribute attribute = iterAttributes.next(); + Iterator<AttributeValue<XPathExpressionWrapper>> iterXPathExpressions = attribute.findValues(DataTypes.DT_XPATHEXPRESSION); + if (iterXPathExpressions != null && iterXPathExpressions.hasNext()) { + if (listXPathExpressions == null) { + listXPathExpressions = new ArrayList<XPathExpression>(); + } + listXPathExpressions.add(iterXPathExpressions.next().getValue()); + } + } + } + return listXPathExpressions; + } + + @Override + public ExpressionResult evaluate(EvaluationContext evaluationContext, PolicyDefaults policyDefaults) throws EvaluationException { + if (!this.validate()) { + return ExpressionResult.newError(new StdStatus(this.getStatusCode(), this.getStatusMessage())); + } + + /* + * Get the DataType for this AttributeSelector for converting the resulting nodes into AttributeValues + */ + DataType<?> thisDataType = this.getDataType(); + + /* + * Get the Request so we can find the XPathExpression to locate the root node and to find the Content element + * of the requested category. + */ + Request request = evaluationContext.getRequest(); + assert(request != null); + + /* + * Get the RequestAttributes objects for our Category. If none are found, then we abort quickly with either + * an empty or indeterminate result. + */ + Iterator<RequestAttributes> iterRequestAttributes = request.getRequestAttributes(this.getCategory()); + if (iterRequestAttributes == null || !iterRequestAttributes.hasNext()) { + return this.getEmptyResult("No Attributes with Category " + this.getCategory().toString(), null); + } + + /* + * Section 5.30 of the XACML 3.0 specification is a little vague about how to use the + * ContextSelectorId in the face of having multiple Attributes elements with the same CategoryId. My interpretation + * is that each is distinct, so we look for an attribute matching the ContextSelectorId in each matching Attributes element + * and use that to search the Content in that particular Attributes element. If either an Attribute matching the context selector id + * is not found or there is no Content, then that particular Attributes element is skipped. + */ + Bag bagAttributeValues = new Bag(); + StdStatus statusFirstError = null; + while (iterRequestAttributes.hasNext()) { + RequestAttributes requestAttributes = iterRequestAttributes.next(); + + /* + * See if we have a Content element to query. + */ + Node nodeContentRoot = requestAttributes.getContentRoot(); + if (nodeContentRoot != null) { + List<Node> listNodesToQuery = new ArrayList<Node>(); + List<XPathExpression> listXPathExpressions = this.getContextSelectorValues(requestAttributes); + if (listXPathExpressions == null) { + listNodesToQuery.add(nodeContentRoot); + } else { + Iterator<XPathExpression> iterXPathExpressions = listXPathExpressions.iterator(); + while (iterXPathExpressions.hasNext()) { + XPathExpression xpathExpression = iterXPathExpressions.next(); + Node nodeContent = requestAttributes.getContentNodeByXpathExpression(xpathExpression); + if (nodeContent != null) { + listNodesToQuery.add(nodeContent); + } + } + } + + /* + * If there are any nodes to query, do so now and add the results + */ + if (listNodesToQuery.size() > 0) { + for (Node nodeToQuery : listNodesToQuery) { + NodeList nodeList = null; + try { + XPath xPath = XPathFactory.newInstance().newXPath(); + xPath.setNamespaceContext(new NodeNamespaceContext(nodeToQuery.getOwnerDocument())); + XPathExpression xPathExpression = xPath.compile(this.getPath()); + Node nodeToQueryDocumentRoot = null; + try { + nodeToQueryDocumentRoot = DOMUtil.getDirectDocumentChild(nodeToQuery); + } catch (DOMStructureException ex) { + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "Exception processing context node: " + ex.getMessage())); + } + nodeList = (NodeList)xPathExpression.evaluate(nodeToQueryDocumentRoot, XPathConstants.NODESET); + } catch (XPathExpressionException ex) { + if (statusFirstError == null) { + statusFirstError = new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "XPathExpressionException: " + ex.getMessage()); + } + } + if (nodeList != null && nodeList.getLength() > 0) { + for (int i = 0 ; i < nodeList.getLength() ; i++) { + AttributeValue<?> attributeValueNode = null; + try { + attributeValueNode = thisDataType.createAttributeValue(nodeList.item(i)); + } catch (DataTypeException ex) { + if (statusFirstError == null) { + statusFirstError = new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, ex.getMessage()); + } + } + if (attributeValueNode != null) { + bagAttributeValues.add(attributeValueNode); + } else if (statusFirstError == null) { + statusFirstError = new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "Unable to convert node to " + this.getDataTypeId().toString()); + } + } + } + } + } + } + + } + + if (bagAttributeValues.size() == 0) { + if (statusFirstError == null) { + return this.getEmptyResult("No Content found", null); + } else { + return ExpressionResult.newError(statusFirstError); + } + } else { + return ExpressionResult.newBag(bagAttributeValues); + } + } + + @Override + public String toString() { + StringBuilder stringBuilder = new StringBuilder("{"); + + stringBuilder.append("super="); + stringBuilder.append(super.toString()); + + Object objectToDump; + if ((objectToDump = this.getContextSelectorId()) != null) { + stringBuilder.append(",contextSelectorId="); + stringBuilder.append(objectToDump.toString()); + } + if ((objectToDump = this.getPath()) != null) { + stringBuilder.append(",path="); + stringBuilder.append((String)objectToDump); + } + stringBuilder.append('}'); + return stringBuilder.toString(); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeValueExpression.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeValueExpression.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeValueExpression.java new file mode 100755 index 0000000..73cf5b8 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeValueExpression.java @@ -0,0 +1,89 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy.expressions; + +import com.att.research.xacml.api.AttributeValue; +import com.att.research.xacml.api.StatusCode; +import com.att.research.xacml.std.StdStatus; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.eval.EvaluationException; +import com.att.research.xacmlatt.pdp.policy.Expression; +import com.att.research.xacmlatt.pdp.policy.ExpressionResult; +import com.att.research.xacmlatt.pdp.policy.PolicyDefaults; + +/** + * AttributeValueExpression extends {@link com.att.research.xacmlatt.pdp.policy.Expression} to represent XACML + * AttributeValue elements in an Expression context. + * + * @author car + * @version $Revision: 1.1 $ + */ +public class AttributeValueExpression extends Expression { + private AttributeValue<?> attributeValue; + + public AttributeValueExpression(StatusCode statusCodeIn, String statusMessageIn) { + super(statusCodeIn, statusMessageIn); + } + + public AttributeValueExpression(StatusCode statusCodeIn) { + super(statusCodeIn); + } + + public AttributeValueExpression() { + } + + public AttributeValueExpression(AttributeValue<?> attributeValueIn) { + this.attributeValue = attributeValueIn; + } + + public AttributeValue<?> getAttributeValue() { + return this.attributeValue; + } + + public void setAttributeValue(AttributeValue<?> attributeValueIn) { + this.attributeValue = attributeValueIn; + } + + @Override + public ExpressionResult evaluate(EvaluationContext evaluationContext, PolicyDefaults policyDefaults) throws EvaluationException { + if (!this.validate()) { + return ExpressionResult.newError(new StdStatus(this.getStatusCode(), this.getStatusMessage())); + } + + return ExpressionResult.newSingle(this.getAttributeValue()); + } + + @Override + protected boolean validateComponent() { + if (this.getAttributeValue() == null) { + this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing AttributeValue"); + return false; + } else { + this.setStatus(StdStatusCode.STATUS_CODE_OK, null); + return true; + } + } + + @Override + public String toString() { + StringBuilder stringBuilder = new StringBuilder("{"); + + Object objectToDump; + if ((objectToDump = this.getAttributeValue()) != null) { + stringBuilder.append("attributeValue="); + stringBuilder.append(objectToDump.toString()); + } + stringBuilder.append('}'); + return stringBuilder.toString(); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/Function.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/Function.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/Function.java new file mode 100755 index 0000000..16cf506 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/Function.java @@ -0,0 +1,105 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy.expressions; + +import java.net.URI; + +import com.att.research.xacml.api.AttributeValue; +import com.att.research.xacml.api.DataTypeException; +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.StatusCode; +import com.att.research.xacml.std.StdStatus; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.datatypes.DataTypes; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.eval.EvaluationException; +import com.att.research.xacmlatt.pdp.policy.Expression; +import com.att.research.xacmlatt.pdp.policy.ExpressionResult; +import com.att.research.xacmlatt.pdp.policy.PolicyDefaults; + +/** + * Function extends {@link com.att.research.xacmlatt.pdp.policy.Expression} to implement the XACML Function element. + * + * @author car + * @version $Revision: 1.1 $ + */ +public class Function extends Expression { + private Identifier functionId; + private AttributeValue<URI> attributeValue; + private ExpressionResult expressionResultOk; + + protected ExpressionResult getExpressionResultOk() { + if (this.expressionResultOk == null) { + this.expressionResultOk = ExpressionResult.newSingle(this.getAttributeValue()); + } + return this.expressionResultOk; + } + + public Function(StatusCode statusCodeIn, String statusMessageIn) { + super(statusCodeIn, statusMessageIn); + } + + public Function(StatusCode statusCodeIn) { + super(statusCodeIn); + } + + public Function() { + } + + public Function(Identifier functionIdIn) { + this.functionId = functionIdIn; + } + + public Identifier getFunctionId() { + return this.functionId; + } + + public void setFunctionId(Identifier identifier) { + this.functionId = identifier; + this.attributeValue = null; + this.expressionResultOk = null; + } + + public AttributeValue<URI> getAttributeValue() { + if (this.attributeValue == null) { + Identifier thisFunctionId = this.getFunctionId(); + if (thisFunctionId != null) { + try { + this.attributeValue = DataTypes.DT_ANYURI.createAttributeValue(thisFunctionId); + } catch (DataTypeException ex) { + this.attributeValue = null; + } + } + } + return this.attributeValue; + } + + @Override + public ExpressionResult evaluate(EvaluationContext evaluationContext, PolicyDefaults policyDefaults) throws EvaluationException { + if (!this.validate()) { + return ExpressionResult.newError(new StdStatus(this.getStatusCode(), this.getStatusMessage())); + } else { + return this.getExpressionResultOk(); + } + } + + @Override + protected boolean validateComponent() { + if (this.getFunctionId() == null) { + this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing FunctionId"); + return false; + } else { + this.setStatus(StdStatusCode.STATUS_CODE_OK, null); + return true; + } + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/VariableReference.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/VariableReference.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/VariableReference.java new file mode 100755 index 0000000..be322e9 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/VariableReference.java @@ -0,0 +1,149 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.policy.expressions; + +import com.att.research.xacml.api.StatusCode; +import com.att.research.xacml.api.trace.Traceable; +import com.att.research.xacml.std.StdStatus; +import com.att.research.xacml.std.StdStatusCode; +import com.att.research.xacml.std.trace.StdTraceEvent; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.eval.EvaluationException; +import com.att.research.xacmlatt.pdp.policy.Expression; +import com.att.research.xacmlatt.pdp.policy.ExpressionResult; +import com.att.research.xacmlatt.pdp.policy.Policy; +import com.att.research.xacmlatt.pdp.policy.PolicyDefaults; +import com.att.research.xacmlatt.pdp.policy.VariableDefinition; + +/** + * VariableReference extends {@link com.att.research.xacmlatt.pdp.policy.Expression} to implement the XACML VariableReference + * element. + * + * @author car + * @version $Revision: 1.1 $ + */ +public class VariableReference extends Expression implements Traceable { + private static final ExpressionResult ER_SE_NO_EXPRESSION = ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing Expression for VariableDefinition")); + + private Policy policy; + private String variableId; + private VariableDefinition variableDefinition; + + protected VariableDefinition getVariableDefinition() { + if (this.variableDefinition == null) { + Policy thisPolicy = this.getPolicy(); + if (thisPolicy != null) { + String thisVariableId = this.getVariableId(); + if (thisVariableId != null) { + this.variableDefinition = thisPolicy.getVariableDefinition(thisVariableId); + } + } + } + return this.variableDefinition; + } + + public VariableReference(StatusCode statusCodeIn, String statusMessageIn) { + super(statusCodeIn, statusMessageIn); + } + + public VariableReference(StatusCode statusCodeIn) { + super(statusCodeIn); + } + + public VariableReference() { + } + + public VariableReference(Policy policyIn, String variableIdIn) { + this.policy = policyIn; + this.variableId = variableIdIn; + } + + public Policy getPolicy() { + return this.policy; + } + + public void setPolicy(Policy policyIn) { + this.policy = policyIn; + } + + public String getVariableId() { + return this.variableId; + } + + public void setVariableId(String variableIdIn) { + this.variableId = variableIdIn; + } + + @Override + public ExpressionResult evaluate(EvaluationContext evaluationContext, PolicyDefaults policyDefaults) throws EvaluationException { + if (!this.validate()) { + return ExpressionResult.newError(new StdStatus(this.getStatusCode(), this.getStatusMessage())); + } + + VariableDefinition variableDefinition = this.getVariableDefinition(); + if (variableDefinition == null) { + return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "No VariableDefinition found for \"" + this.getVariableId() + "\"")); + } + Expression expression = variableDefinition.getExpression(); + if (expression == null) { + return ER_SE_NO_EXPRESSION; + } + + ExpressionResult result = expression.evaluate(evaluationContext, policyDefaults); + + if (evaluationContext.isTracing()) { + evaluationContext.trace(new StdTraceEvent<ExpressionResult>("Variable", this, result)); + } + + return result; + } + + @Override + protected boolean validateComponent() { + if (this.getVariableId() == null) { + this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing VariableId"); + return false; + } else if (this.getPolicy() == null) { + this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "VariableReference not in a Policy"); + return false; + } else { + this.setStatus(StdStatusCode.STATUS_CODE_OK, null); + return true; + } + } + + @Override + public String toString() { + StringBuilder stringBuilder = new StringBuilder("{"); + + stringBuilder.append("super="); + stringBuilder.append(super.toString()); + + String stringToDump; + if ((stringToDump = this.getVariableId()) != null) { + stringBuilder.append(",variableId="); + stringBuilder.append(stringToDump); + } + stringBuilder.append('}'); + return stringBuilder.toString(); + } + + @Override + public String getTraceId() { + return this.variableId; + } + + @Override + public Traceable getCause() { + return this.policy; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/package-info.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/package-info.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/package-info.java new file mode 100755 index 0000000..0abd0ec --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/package-info.java @@ -0,0 +1,20 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ + +package com.att.research.xacmlatt.pdp.policy.expressions; + +/** + * com.att.research.xacmlatt.pdp.policy.expressions contains class definitions that represent specific XACML elements sub-typed from + * the Expression element. + * + * @author car + * @version $Revision: 1.1 $ + */ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/package-info.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/package-info.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/package-info.java new file mode 100755 index 0000000..bb4a5ba --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/package-info.java @@ -0,0 +1,20 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ + +package com.att.research.xacmlatt.pdp.policy; + +/** + * com.att.research.xacmlatt.pdp.policy contains class definitions that represent a XACML 3.0 Policy such that it can be + * used to implement the {@link com.att.research.xacml.pdp.PDPEngine} <code>decide</code> method. + * + * @author car + * @version $Revision: 1.1 $ + */ http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdCombiningAlgorithmFactory.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdCombiningAlgorithmFactory.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdCombiningAlgorithmFactory.java new file mode 100755 index 0000000..9312e31 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdCombiningAlgorithmFactory.java @@ -0,0 +1,89 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.std; + +import java.lang.reflect.Field; +import java.lang.reflect.Modifier; +import java.util.HashMap; +import java.util.Map; + +import com.att.research.xacml.api.Identifier; +import com.att.research.xacmlatt.pdp.policy.CombiningAlgorithm; +import com.att.research.xacmlatt.pdp.policy.CombiningAlgorithmFactory; +import com.att.research.xacmlatt.pdp.policy.PolicySetChild; +import com.att.research.xacmlatt.pdp.policy.Rule; + +/** + * StdCombiningAlgorithmFactory extends {@link com.att.research.xacmlatt.pdp.policy.CombiningAlgorithmFactory} to implement + * a mapping from {@link com.att.research.xacml.api.Identifier}s to + * the standard {@link com.att.research.xacmlatt.pdp.policy.CombiningAlgorithm} implementations. + * + * @author car + * @version $Revision: 1.2 $ + */ +public class StdCombiningAlgorithmFactory extends CombiningAlgorithmFactory { + private static Map<Identifier,CombiningAlgorithm<Rule>> mapRuleCombiningAlgorithms + = new HashMap<Identifier,CombiningAlgorithm<Rule>>(); + private static Map<Identifier,CombiningAlgorithm<PolicySetChild>> mapPolicyCombiningAlgorithms + = new HashMap<Identifier,CombiningAlgorithm<PolicySetChild>>(); + private static boolean needInit = true; + + protected static void registerRuleCombiningAlgorithm(CombiningAlgorithm<Rule> ruleCombiningAlgorithm) { + mapRuleCombiningAlgorithms.put(ruleCombiningAlgorithm.getId(), ruleCombiningAlgorithm); + } + + protected static void registerPolicyCombiningAlgorithm(CombiningAlgorithm<PolicySetChild> policyCombiningAlgorithm) { + mapPolicyCombiningAlgorithms.put(policyCombiningAlgorithm.getId(), policyCombiningAlgorithm); + } + + @SuppressWarnings("unchecked") + private static void initMap() { + if (needInit) { + synchronized(mapRuleCombiningAlgorithms) { + if (needInit) { + needInit = false; + Field[] declaredFields = StdCombiningAlgorithms.class.getFields(); + for (Field field : declaredFields) { + if (Modifier.isStatic(field.getModifiers()) && + Modifier.isPublic(field.getModifiers()) && + field.getName().startsWith(StdCombiningAlgorithms.PREFIX_CA) && + CombiningAlgorithm.class.isAssignableFrom(field.getType()) + ) { + try { + if (field.getName().startsWith(StdCombiningAlgorithms.PREFIX_RULE)) { + registerRuleCombiningAlgorithm((CombiningAlgorithm<Rule>)field.get(null)); + } else if (field.getName().startsWith(StdCombiningAlgorithms.PREFIX_POLICY)) { + registerPolicyCombiningAlgorithm((CombiningAlgorithm<PolicySetChild>)field.get(null)); + } + } catch (IllegalAccessException ex) { + + } + } + } + } + } + } + } + + public StdCombiningAlgorithmFactory() { + initMap(); + } + + @Override + public CombiningAlgorithm<Rule> getRuleCombiningAlgorithm(Identifier combiningAlgorithmId) { + return mapRuleCombiningAlgorithms.get(combiningAlgorithmId); + } + + @Override + public CombiningAlgorithm<PolicySetChild> getPolicyCombiningAlgorithm(Identifier combiningAlgorithmId) { + return mapPolicyCombiningAlgorithms.get(combiningAlgorithmId); + } +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdCombiningAlgorithms.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdCombiningAlgorithms.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdCombiningAlgorithms.java new file mode 100755 index 0000000..450c1f2 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdCombiningAlgorithms.java @@ -0,0 +1,125 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.std; + +import com.att.research.xacml.api.XACML1; +import com.att.research.xacml.api.XACML3; +import com.att.research.xacmlatt.pdp.policy.CombiningAlgorithm; +import com.att.research.xacmlatt.pdp.policy.PolicySetChild; +import com.att.research.xacmlatt.pdp.policy.Rule; +import com.att.research.xacmlatt.pdp.std.combiners.CombinedPermitOverrides; +import com.att.research.xacmlatt.pdp.std.combiners.DenyOverrides; +import com.att.research.xacmlatt.pdp.std.combiners.DenyUnlessPermit; +import com.att.research.xacmlatt.pdp.std.combiners.FirstApplicable; +import com.att.research.xacmlatt.pdp.std.combiners.LegacyDenyOverridesPolicy; +import com.att.research.xacmlatt.pdp.std.combiners.LegacyDenyOverridesRule; +import com.att.research.xacmlatt.pdp.std.combiners.LegacyPermitOverridesPolicy; +import com.att.research.xacmlatt.pdp.std.combiners.LegacyPermitOverridesRule; +import com.att.research.xacmlatt.pdp.std.combiners.OnlyOneApplicable; +import com.att.research.xacmlatt.pdp.std.combiners.PermitOverrides; +import com.att.research.xacmlatt.pdp.std.combiners.PermitUnlessDeny; +import com.att.research.xacmlatt.pdp.util.ATTPDPProperties; + +/** + * StdCombiningAlgorithms contains single instances of each of the {@link com.att.research.xacmlatt.pdp.policy.CombiningAlgorithm} + * implementations in the {@link com.att.research.xacmlatt.pdp.std.combiners} package. + * + * @author car + * @version $Revision: 1.2 $ + */ +public class StdCombiningAlgorithms { + + protected StdCombiningAlgorithms() { + } + + public static final String PREFIX_CA = "CA_"; + public static final String PREFIX_RULE = PREFIX_CA + "RULE_"; + public static final String PREFIX_POLICY = PREFIX_CA + "POLICY_"; + + // C.2 Deny-overrides + public static final CombiningAlgorithm<Rule> CA_RULE_DENY_OVERRIDES + = new DenyOverrides<Rule>(XACML3.ID_RULE_DENY_OVERRIDES); + public static final CombiningAlgorithm<PolicySetChild> CA_POLICY_DENY_OVERRIDES + = new DenyOverrides<PolicySetChild>(XACML3.ID_POLICY_DENY_OVERRIDES); + + // C.3 Ordered-deny-overrides + public static final CombiningAlgorithm<Rule> CA_RULE_ORDERED_DENY_OVERRIDES + = new DenyOverrides<Rule>(XACML3.ID_RULE_ORDERED_DENY_OVERRIDES); + public static final CombiningAlgorithm<PolicySetChild> CA_POLICY_ORDERED_DENY_OVERRIDES + = new DenyOverrides<PolicySetChild>(XACML3.ID_POLICY_ORDERED_DENY_OVERRIDES); + + // C.4 Permit-overrides + public static final CombiningAlgorithm<Rule> CA_RULE_PERMIT_OVERRIDES + = new PermitOverrides<Rule>(XACML3.ID_RULE_PERMIT_OVERRIDES); + public static final CombiningAlgorithm<PolicySetChild> CA_POLICY_PERMIT_OVERRIDES + = new PermitOverrides<PolicySetChild>(XACML3.ID_POLICY_PERMIT_OVERRIDES); + + // C.5 Ordered-permit-overrides + public static final CombiningAlgorithm<Rule> CA_RULE_ORDERED_PERMIT_OVERRIDES + = new PermitOverrides<Rule>(XACML3.ID_RULE_ORDERED_PERMIT_OVERRIDES); + public static final CombiningAlgorithm<PolicySetChild> CA_POLICY_ORDERED_PERMIT_OVERRIDES + = new PermitOverrides<PolicySetChild>(XACML3.ID_POLICY_ORDERED_PERMIT_OVERRIDES); + + // C.6 Deny-unless-permit + public static final CombiningAlgorithm<Rule> CA_RULE_DENY_UNLESS_PERMIT + = new DenyUnlessPermit<Rule>(XACML3.ID_RULE_DENY_UNLESS_PERMIT); + public static final CombiningAlgorithm<PolicySetChild> CA_POLICY_DENY_UNLESS_PERMIT + = new DenyUnlessPermit<PolicySetChild>(XACML3.ID_POLICY_DENY_UNLESS_PERMIT); + + // C.7 Permit-unles-deny + public static final CombiningAlgorithm<Rule> CA_RULE_PERMIT_UNLESS_DENY + = new PermitUnlessDeny<Rule>(XACML3.ID_RULE_PERMIT_UNLESS_DENY); + public static final CombiningAlgorithm<PolicySetChild> CA_POLICY_PERMIT_UNLESS_DENY + = new PermitUnlessDeny<PolicySetChild>(XACML3.ID_POLICY_PERMIT_UNLESS_DENY); + + // C.8 First-applicable + public static final CombiningAlgorithm<Rule> CA_RULE_FIRST_APPLICABLE + = new FirstApplicable<Rule>(XACML1.ID_RULE_FIRST_APPLICABLE); + public static final CombiningAlgorithm<PolicySetChild> CA_POLICY_FIRST_APPLICABLE + = new FirstApplicable<PolicySetChild>(XACML1.ID_POLICY_FIRST_APPLICABLE); + + // C.9 Only-one-applicable + //public static final CombiningAlgorithm<Rule> CA_RULE_ONLY_ONE_APPLICABLE + // = new OnlyOneApplicable<Rule>(XACML1.ID_RULE_ONLY_ONE_APPLICABLE); + public static final CombiningAlgorithm<PolicySetChild> CA_POLICY_ONLY_ONE_APPLICABLE + = new OnlyOneApplicable(XACML1.ID_POLICY_ONLY_ONE_APPLICABLE); + + // C.10 Legacy Deny-overrides + public static final CombiningAlgorithm<Rule> CA_RULE_LEGACY_DENY_OVERRIDES + = new LegacyDenyOverridesRule(XACML1.ID_RULE_DENY_OVERRIDES); + public static final CombiningAlgorithm<PolicySetChild> CA_POLICY_LEGACY_DENY_OVERRIDES + = new LegacyDenyOverridesPolicy(XACML1.ID_POLICY_DENY_OVERRIDES); + + // C.11 Legacy Ordered-deny-overrides + public static final CombiningAlgorithm<Rule> CA_RULE_LEGACY_ORDERED_DENY_OVERRIDES + = new LegacyDenyOverridesRule(XACML1.ID_RULE_ORDERED_DENY_OVERRIDES); + public static final CombiningAlgorithm<PolicySetChild> CA_POLICY_LEGACY_ORDERED_DENY_OVERRIDES + = new LegacyDenyOverridesPolicy(XACML1.ID_POLICY_ORDERED_DENY_OVERRIDES); + + // C.12 Legacy Permit-overrides + public static final CombiningAlgorithm<Rule> CA_RULE_LEGACY_PERMIT_OVERRIDES + = new LegacyPermitOverridesRule(XACML1.ID_RULE_PERMIT_OVERRIDES); + public static final CombiningAlgorithm<PolicySetChild> CA_POLICY_LEGACY_PERMIT_OVERRIDES + = new LegacyPermitOverridesPolicy(XACML1.ID_POLICY_PERMIT_OVERRIDES); + + // C.13 Legacy Ordered-permit-overrides + public static final CombiningAlgorithm<Rule> CA_RULE_LEGACY_ORDERED_PERMIT_OVERRIDES + = new LegacyPermitOverridesRule(XACML1.ID_RULE_ORDERED_PERMIT_OVERRIDES); + public static final CombiningAlgorithm<PolicySetChild> CA_POLICY_LEGACY_ORDERED_PERMIT_OVERRIDES + = new LegacyPermitOverridesPolicy(XACML1.ID_POLICY_ORDERED_PERMIT_OVERRIDES); + + // + // Custom AT&T Policy Combing Algorithms + // + public static final CombiningAlgorithm<PolicySetChild> CA_POLICY_COMBINED_PERMIT_OVERRIDES + = new CombinedPermitOverrides<PolicySetChild>(ATTPDPProperties.ID_POLICY_COMBINEDPERMITOVERRIDES); + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdEvaluationContext.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdEvaluationContext.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdEvaluationContext.java new file mode 100755 index 0000000..7266227 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdEvaluationContext.java @@ -0,0 +1,150 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.std; + +import com.att.research.xacml.api.IdReferenceMatch; +import com.att.research.xacml.api.Request; +import com.att.research.xacml.api.pip.*; +import com.att.research.xacml.api.trace.TraceEngine; +import com.att.research.xacml.api.trace.TraceEngineFactory; +import com.att.research.xacml.api.trace.TraceEvent; +import com.att.research.xacml.std.pip.engines.RequestEngine; +import com.att.research.xacml.std.pip.finders.RequestFinder; +import com.att.research.xacml.util.FactoryException; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.policy.*; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import java.util.Collection; +import java.util.Properties; + +/** + * StdEvaluationContext implements the {@link com.att.research.xacmlatt.pdp.eval.EvaluationContext} interface using + * default factories to load the XACML policies, and get the PIP engines. + * + * @author car + * @version $Revision: 1.1 $ + */ +public class StdEvaluationContext implements EvaluationContext { + private Log logger = LogFactory.getLog(this.getClass()); + private Properties properties; + private Request request; + private RequestFinder requestFinder; + private PolicyFinder policyFinder; + private TraceEngine traceEngine; + + /** + * Creates a new <code>StdEvaluationContext</code> with the given {@link com.att.research.xacml.api.Request} and + * {@link com.att.research.xacmlatt.pdp.policy.PolicyDef}. + * + * @param requestIn the <code>Request</code> + * @param policyDef the <code>PolicyDef</code> + */ + public StdEvaluationContext(Request requestIn, PolicyFinder policyFinderIn, PIPFinder pipFinder, TraceEngine traceEngineIn, Properties properties) { + this.properties = properties; + this.request = requestIn; + this.policyFinder = policyFinderIn; + if (traceEngineIn != null) { + this.traceEngine = traceEngineIn; + } else { + try { + if (this.properties == null) { + this.traceEngine = TraceEngineFactory.newInstance().getTraceEngine(); + } else { + this.traceEngine = TraceEngineFactory.newInstance(this.properties).getTraceEngine(this.properties); + } + } catch (FactoryException ex) { + this.logger.error("FactoryException creating TraceEngine: " + ex.toString(), ex); + } + } + + if (pipFinder == null) { + this.requestFinder = new RequestFinder(null, new RequestEngine(requestIn)); + } else { + if (pipFinder instanceof RequestFinder) { + this.requestFinder = (RequestFinder)pipFinder; + } else { + this.requestFinder = new RequestFinder(pipFinder, new RequestEngine(requestIn)); + } + } + } + + public StdEvaluationContext(Request requestIn, PolicyFinder policyFinderIn, PIPFinder pipFinder, TraceEngine traceEngineIn) { + this(requestIn, policyFinderIn, pipFinder, traceEngineIn, null); + } + + public StdEvaluationContext(Request requestIn, PolicyFinder policyFinderIn, PIPFinder pipFinder) { + this(requestIn, policyFinderIn, pipFinder, null); + } + + @Override + public Request getRequest() { + return this.request; + } + + @Override + public PIPResponse getAttributes(PIPRequest pipRequest) throws PIPException { + return this.requestFinder.getAttributes(pipRequest, null); + } + + @Override + public PIPResponse getAttributes(PIPRequest pipRequest, PIPEngine exclude) throws PIPException { + return this.requestFinder.getAttributes(pipRequest, exclude); + } + + @Override + public PIPResponse getAttributes(PIPRequest pipRequest, PIPEngine exclude, PIPFinder pipFinderRoot) throws PIPException { + return this.requestFinder.getAttributes(pipRequest, exclude, pipFinderRoot); + } + + @Override + public PolicyFinderResult<PolicyDef> getRootPolicyDef() { + return this.policyFinder.getRootPolicyDef(this); + } + + @Override + public PolicyFinderResult<Policy> getPolicy(IdReferenceMatch idReferenceMatch) { + return this.policyFinder.getPolicy(idReferenceMatch); + } + + @Override + public PolicyFinderResult<PolicySet> getPolicySet(IdReferenceMatch idReferenceMatch) { + return this.policyFinder.getPolicySet(idReferenceMatch); + } + + @Override + public void trace(TraceEvent<?> traceEvent) { + if (this.traceEngine != null) { + this.traceEngine.trace(traceEvent); + } + } + + @Override + public boolean isTracing() { + return (this.traceEngine == null ? false : this.traceEngine.isTracing()); + } + + @Override + public PIPResponse getMatchingAttributes(PIPRequest pipRequest, PIPEngine exclude) throws PIPException { + return this.requestFinder.getMatchingAttributes(pipRequest, exclude); + } + + @Override + public PIPResponse getMatchingAttributes(PIPRequest pipRequest, PIPEngine exclude, PIPFinder pipFinderParent) throws PIPException { + return this.requestFinder.getMatchingAttributes(pipRequest, exclude, pipFinderParent); + } + + @Override + public Collection<PIPEngine> getPIPEngines() { + return this.requestFinder.getPIPEngines(); + } +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdEvaluationContextFactory.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdEvaluationContextFactory.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdEvaluationContextFactory.java new file mode 100755 index 0000000..ea68162 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdEvaluationContextFactory.java @@ -0,0 +1,163 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.std; + +import java.util.Properties; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import com.att.research.xacml.api.Request; +import com.att.research.xacml.api.pip.PIPFinder; +import com.att.research.xacml.api.pip.PIPFinderFactory; +import com.att.research.xacml.api.trace.TraceEngine; +import com.att.research.xacml.api.trace.TraceEngineFactory; +import com.att.research.xacmlatt.pdp.eval.EvaluationContext; +import com.att.research.xacmlatt.pdp.eval.EvaluationContextFactory; +import com.att.research.xacmlatt.pdp.policy.PolicyFinder; +import com.att.research.xacmlatt.pdp.policy.PolicyFinderFactory; + +/** + * StdEvaluationContextFactory extends {@link com.att.research.xacmlatt.pdp.eval.EvaluationContextFactory} to implement + * the <code>getEvaluationContext</code> method with a standard {@link com.att.research.xacmlatt.pdp.eval.EvaluationContext}. + * + * @author car + * @version $Revision: 1.1 $ + */ +public class StdEvaluationContextFactory extends EvaluationContextFactory { + private Log logger = LogFactory.getLog(this.getClass()); + private PolicyFinder policyFinder; + private PIPFinder pipFinder; + private TraceEngine traceEngine; + + /** + * Should this properties file be passed onward when instantiating the PolicyFinder + * and the PIPFinder? + * + * If yes, then we are assuming that the given properties were not just meant to + * configure the evaluation context, but all the other engines that get created. + * + * If no, then we are assuming the given properties were only meant for the evaluation + * context. But this implementation as of 7/14 does not even need the properties for + * configuring itseof. + * + * The problem is, the caller does not have the ability to instantiate the PIPFinder + * and PolicyFinder engines. This is done internally by the evaluation context. So how + * can they have the ability to customize PIP/Policy factories with their own properties + * object if the properties file isn't passed on? + * + * Thus, this class will pass on the properties file if given in the constructor. + * + */ + protected Properties properties = null; + + protected PolicyFinder getPolicyFinder() { + if (this.policyFinder == null) { + synchronized(this) { + if (this.policyFinder == null) { + try { + if (this.properties == null) { + if (this.logger.isDebugEnabled()) { + this.logger.debug("getting Policy finder using default properties"); + } + PolicyFinderFactory policyFinderFactory = PolicyFinderFactory.newInstance(); + this.policyFinder = policyFinderFactory.getPolicyFinder(); + } else { + if (this.logger.isDebugEnabled()) { + this.logger.debug("getting Policy finder using properties: " + this.properties); + } + PolicyFinderFactory policyFinderFactory = PolicyFinderFactory.newInstance(this.properties); + this.policyFinder = policyFinderFactory.getPolicyFinder(this.properties); + } + } catch (Exception ex) { + this.logger.error("Exception getting PolicyFinder: " + ex.getMessage(), ex); + } + } + } + } + return this.policyFinder; + } + + protected PIPFinder getPIPFinder() { + if (this.pipFinder == null) { + synchronized(this) { + if (this.pipFinder == null) { + try { + if (this.properties == null) { + if (this.logger.isDebugEnabled()) { + this.logger.debug("getting PIP finder using default properties"); + } + PIPFinderFactory pipFinderFactory = PIPFinderFactory.newInstance(); + this.pipFinder = pipFinderFactory.getFinder(); + } else { + if (this.logger.isDebugEnabled()) { + this.logger.debug("getting PIP finder using properties: " + this.properties); + } + PIPFinderFactory pipFinderFactory = PIPFinderFactory.newInstance(this.properties); + this.pipFinder = pipFinderFactory.getFinder(this.properties); + } + } catch (Exception ex) { + this.logger.error("Exception getting PIPFinder: " + ex.toString(), ex); + } + } + } + } + return this.pipFinder; + } + + protected TraceEngine getTraceEngine() { + if (this.traceEngine == null) { + synchronized(this) { + if (this.traceEngine == null) { + try { + if (this.properties == null) { + TraceEngineFactory traceEngineFactory = TraceEngineFactory.newInstance(); + this.traceEngine = traceEngineFactory.getTraceEngine(); + } else { + TraceEngineFactory traceEngineFactory = TraceEngineFactory.newInstance(this.properties); + this.traceEngine = traceEngineFactory.getTraceEngine(this.properties); + } + } catch (Exception ex) { + this.logger.error("Exception getting TraceEngine: " + ex.toString(), ex); + } + } + } + } + return this.traceEngine; + } + + public StdEvaluationContextFactory() { + } + + public StdEvaluationContextFactory(Properties properties) { + this.properties = properties; + } + + @Override + public EvaluationContext getEvaluationContext(Request request) { + if (this.properties == null) { + return new StdEvaluationContext(request, this.getPolicyFinder(), this.getPIPFinder(), this.getTraceEngine()); + } else { + return new StdEvaluationContext(request, this.getPolicyFinder(), this.getPIPFinder(), this.getTraceEngine(), this.properties); + } + } + + @Override + public void setPolicyFinder(PolicyFinder policyFinderIn) { + this.policyFinder = policyFinderIn; + } + + @Override + public void setPIPFinder(PIPFinder pipFinderIn) { + this.pipFinder = pipFinderIn; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdFunctionDefinitionFactory.java ---------------------------------------------------------------------- diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdFunctionDefinitionFactory.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdFunctionDefinitionFactory.java new file mode 100755 index 0000000..04f8001 --- /dev/null +++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdFunctionDefinitionFactory.java @@ -0,0 +1,70 @@ +/* + * AT&T - PROPRIETARY + * THIS FILE CONTAINS PROPRIETARY INFORMATION OF + * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN + * ACCORDANCE WITH APPLICABLE AGREEMENTS. + * + * Copyright (c) 2013 AT&T Knowledge Ventures + * Unpublished and Not for Publication + * All Rights Reserved + */ +package com.att.research.xacmlatt.pdp.std; + +import java.lang.reflect.Field; +import java.lang.reflect.Modifier; +import java.util.HashMap; +import java.util.Map; + +import com.att.research.xacml.api.Identifier; +import com.att.research.xacmlatt.pdp.policy.FunctionDefinition; +import com.att.research.xacmlatt.pdp.policy.FunctionDefinitionFactory; + +/** + * StdFunctionDefinitionFactory is the default {@link com.att.research.xacmlatt.pdp.policy.FunctionDefinitionFactory} implementation + * used if no other <code>FunctionDefinitionFactory</code> implementation is supplied. It contains all of the standard XACML 3.0 + * functions. + * + * @author car + * @version $Revision: 1.2 $ + */ +public class StdFunctionDefinitionFactory extends FunctionDefinitionFactory { + private static Map<Identifier,FunctionDefinition> mapFunctionDefinitions = new HashMap<Identifier,FunctionDefinition>(); + private static boolean needMapInit = true; + + private static void register(FunctionDefinition functionDefinition) { + mapFunctionDefinitions.put(functionDefinition.getId(), functionDefinition); + } + + private static void initMap() { + if (needMapInit) { + synchronized(mapFunctionDefinitions) { + if (needMapInit) { + needMapInit = false; + Field[] declaredFields = StdFunctions.class.getDeclaredFields(); + for (Field field : declaredFields) { + if (Modifier.isStatic(field.getModifiers()) && + field.getName().startsWith(StdFunctions.FD_PREFIX) && + FunctionDefinition.class.isAssignableFrom(field.getType()) && + Modifier.isPublic(field.getModifiers()) + ) { + try { + register((FunctionDefinition)(field.get(null))); + } catch (IllegalAccessException ex) { + + } + } + } + } + } + } + } + + public StdFunctionDefinitionFactory() { + initMap(); + } + + @Override + public FunctionDefinition getFunctionDefinition(Identifier functionId) { + return mapFunctionDefinitions.get(functionId); + } +}
