Update of /cvsroot/sunxacml/sunxacml/com/sun/xacml
In directory sc8-pr-cvs1:/tmp/cvs-serv19795/com/sun/xacml
Modified Files:
AbstractPolicy.java Policy.java PolicyReference.java
PolicySet.java Rule.java
Added Files:
PolicyTreeElement.java
Log Message:
added PolicyTreeElement interface and support for child management
--- NEW FILE: PolicyTreeElement.java ---
/*
* @(#)PolicyTreeElement.java
*
* Copyright 2003 Sun Microsystems, Inc. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistribution of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistribution in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* Neither the name of Sun Microsystems, Inc. or the names of contributors may
* be used to endorse or promote products derived from this software without
* specific prior written permission.
*
* This software is provided "AS IS," without a warranty of any kind. ALL
* EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
* ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
* OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
* AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
* AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
* DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
* REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
* INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY
* OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
* EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
*
* You acknowledge that this software is not designed or intended for use in
* the design, construction, operation or maintenance of any nuclear facility.
*/
package com.sun.xacml;
import com.sun.xacml.ctx.Result;
import java.net.URI;
import java.util.List;
/**
* This represents a single node in a policy tree. A node is either a policy
* set, a policy, or a rule. This interface is used to interact with these
* node types in a general way. Note that rules are leaf nodes in a policy
* tree as they never contain children.
*
* @author seth proctor
*/
public interface PolicyTreeElement
{
/**
* Returns the <code>List</code> of <code>PolicyTreeElement</code> objects
* that are the children of this node. If this node has no children then
* this list is empty. The children are returned as a <code>List</code>
* instead of some unordered collection because in cases like combining
* or evaluation the order is often important.
*
* @return the non-null <code>List</code> of children of this node
*/
public List getChildren();
/**
* Returns the given description of this element or null if
* there is no description
*
* @return the description or null
*/
public String getDescription();
/**
* Returns the id of this element
*
* @return the element's identifier
*/
public URI getId();
/**
* Returns the target for this element or null if there
* is no target
*
* @return the element's target
*/
public Target getTarget();
/**
* Given the input context sees whether or not the request matches this
* element's target. The rules for matching are different depending on
* the type of element being matched.
*
* @param context the representation of the request
*
* @return the result of trying to match this element and the request
*/
public MatchResult match(EvaluationCtx context);
/**
* Evaluates this element in the policy tree, and therefore all elements
* underneath this element. The rules for evaluation are different
* depending on the type of element being evaluated.
*
* @param context the representation of the request we're evaluating
*
* @return the result of the evaluation
*/
public Result evaluate(EvaluationCtx context);
}
Index: AbstractPolicy.java
===================================================================
RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/AbstractPolicy.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** AbstractPolicy.java 9 May 2003 20:50:23 -0000 1.2
--- AbstractPolicy.java 17 Jun 2003 18:23:52 -0000 1.3
***************
*** 45,48 ****
--- 45,49 ----
import java.util.ArrayList;
+ import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
***************
*** 61,65 ****
* @author Marco Barreno
*/
! public abstract class AbstractPolicy
{
--- 62,66 ----
* @author Marco Barreno
*/
! public abstract class AbstractPolicy implements PolicyTreeElement
{
***************
*** 81,86 ****
private String defaultVersion;
! // the things we run through the combining algorithm
! private List combiners;
// any obligations held by this policy
--- 82,87 ----
private String defaultVersion;
! // the elements we run through the combining algorithm
! private List children;
// any obligations held by this policy
***************
*** 143,149 ****
if (obligations == null)
! this.obligations = new HashSet();
else
! this.obligations = new HashSet(obligations);
}
--- 144,150 ----
if (obligations == null)
! this.obligations = Collections.EMPTY_SET;
else
! this.obligations = Collections.unmodifiableSet(obligations);
}
***************
*** 200,203 ****
--- 201,207 ----
}
}
+
+ // finally, make sure the set of obligations is immutable
+ obligations = Collections.unmodifiableSet(obligations);
}
***************
*** 283,286 ****
--- 287,302 ----
/**
+ * Returns the <code>List</code> of children under this node in the
+ * policy tree. Depending on what kind of policy this node represents
+ * the children will either be <code>AbstractPolicy</code> objects
+ * or <code>Rule</code>s.
+ *
+ * @return a <code>List</code> of child nodes
+ */
+ public List getChildren() {
+ return children;
+ }
+
+ /**
* Returns the Set of obligations for this policy, which may be empty
*
***************
*** 307,322 ****
/**
! * Sets the objects (<code>Rule</code> or <code>Policy</code> objects)
! * that are passed to the combining algorithm on evaluation.
*
! * @param combiners the rules or policies to give the combining alg
*/
! protected void setCombiners(List combiners) {
// we always want a concrete list, since we're going to pass it to
// a combiner that expects a non-null input
! if (combiners == null)
! this.combiners = new ArrayList();
! else
! this.combiners = new ArrayList(combiners);
}
--- 323,343 ----
/**
! * Sets the child policy tree elements for this node, which are passed
! * to the combining algorithm on evaluation. The <code>List</code> must
! * contain <code>Rule</code>s or <code>AbstractPolicy</code>s, but may
! * not contain both types of elements.
*
! * @param children the child elements used by the combining algorithm
*/
! protected void setChildren(List children) {
// we always want a concrete list, since we're going to pass it to
// a combiner that expects a non-null input
! if (children == null) {
! this.children = Collections.EMPTY_LIST;
! } else {
! // NOTE: since this is only getting called by known child
! // classes we don't check that the types are all the same
! this.children = Collections.unmodifiableList(children);
! }
}
***************
*** 333,337 ****
public Result evaluate(EvaluationCtx context) {
// evaluate
! Result result = combiningAlg.combine(context, combiners);
// if we have no obligations, we're done
--- 354,358 ----
public Result evaluate(EvaluationCtx context) {
// evaluate
! Result result = combiningAlg.combine(context, children);
// if we have no obligations, we're done
Index: Policy.java
===================================================================
RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/Policy.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -C2 -d -r1.1.1.1 -r1.2
*** Policy.java 13 Feb 2003 22:19:10 -0000 1.1.1.1
--- Policy.java 17 Jun 2003 18:23:52 -0000 1.2
***************
*** 46,49 ****
--- 46,50 ----
import java.util.ArrayList;
+ import java.util.Iterator;
import java.util.List;
import java.util.Set;
***************
*** 85,88 ****
--- 86,93 ----
* @param target the <code>Target</code> for this policy
* @param rules a list of <code>Rule</code> objects
+ *
+ * @throws IllegalArgumentException if the <code>List</code> of rules
+ * contains an object that is not a
+ * <code>Rule</code>
*/
public Policy(URI id, CombiningAlgorithm combiningAlg, Target target,
***************
*** 101,104 ****
--- 106,113 ----
* @param defaultVersion the XPath version to use
* @param rules a list of <code>Rule</code> objects
+ *
+ * @throws IllegalArgumentException if the <code>List</code> of rules
+ * contains an object that is not a
+ * <code>Rule</code>
*/
public Policy(URI id, CombiningAlgorithm combiningAlg, Target target,
***************
*** 117,120 ****
--- 126,133 ----
* @param target the <code>Target</code> for this policy
* @param rules a list of <code>Rule</code> objects
+ *
+ * @throws IllegalArgumentException if the <code>List</code> of rules
+ * contains an object that is not a
+ * <code>Rule</code>
*/
public Policy(URI id, CombiningAlgorithm combiningAlg, String description,
***************
*** 134,137 ****
--- 147,154 ----
* @param defaultVersion the XPath version to use
* @param rules a list of <code>Rule</code> objects
+ *
+ * @throws IllegalArgumentException if the <code>List</code> of rules
+ * contains an object that is not a
+ * <code>Rule</code>
*/
public Policy(URI id, CombiningAlgorithm combiningAlg, String description,
***************
*** 153,156 ****
--- 170,177 ----
* @param rules a list of <code>Rule</code> objects
* @param obligations a set of <code>Obligations</code> objects
+ *
+ * @throws IllegalArgumentException if the <code>List</code> of rules
+ * contains an object that is not a
+ * <code>Rule</code>
*/
public Policy(URI id, CombiningAlgorithm combiningAlg, String description,
***************
*** 160,164 ****
obligations);
! setCombiners(rules);
}
--- 181,195 ----
obligations);
! // check that the list contains only rules
! if (rules != null) {
! Iterator it = rules.iterator();
! while (it.hasNext()) {
! Object o = it.next();
! if (! (o instanceof Rule))
! throw new IllegalArgumentException("non-Rule in rules");
! }
! }
!
! setChildren(rules);
}
***************
*** 181,185 ****
}
! setCombiners(rules);
}
--- 212,216 ----
}
! setChildren(rules);
}
Index: PolicyReference.java
===================================================================
RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/PolicyReference.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -C2 -d -r1.1.1.1 -r1.2
*** PolicyReference.java 13 Feb 2003 22:19:10 -0000 1.1.1.1
--- PolicyReference.java 17 Jun 2003 18:23:52 -0000 1.2
***************
*** 48,51 ****
--- 48,52 ----
import java.util.ArrayList;
+ import java.util.List;
import java.util.Set;
***************
*** 210,213 ****
--- 211,227 ----
public String getDefaultVersion() {
return resolvePolicy().getDefaultVersion();
+ }
+
+ /**
+ * Returns the child policy nodes under this node in the policy tree. If
+ * the policy is invalid or can't be retrieved, then a runtime exception
+ * is thrown.
+ *
+ * @return the <code>List</code> of child policy nodes
+ *
+ * @throws ProcessingException if the referenced policy can't be retrieved
+ */
+ public List getChildren() {
+ return resolvePolicy().getChildren();
}
Index: PolicySet.java
===================================================================
RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/PolicySet.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -C2 -d -r1.1.1.1 -r1.2
*** PolicySet.java 13 Feb 2003 22:19:10 -0000 1.1.1.1
--- PolicySet.java 17 Jun 2003 18:23:52 -0000 1.2
***************
*** 48,51 ****
--- 48,52 ----
import java.util.ArrayList;
+ import java.util.Iterator;
import java.util.List;
import java.util.Set;
***************
*** 87,90 ****
--- 88,95 ----
* @param target the <code>Target</code> for this set
* @param policies a list of <code>AbstractPolicy</code> objects
+ *
+ * @throws IllegalArgumentException if the <code>List</code> of policies
+ * contains an object that is not an
+ * <code>AbstractPolicy</code>
*/
public PolicySet(URI id, CombiningAlgorithm combiningAlg, Target target,
***************
*** 103,106 ****
--- 108,115 ----
* @param policies a list of <code>AbstractPolicy</code> objects
* @param defaultVersion the XPath version to use
+ *
+ * @throws IllegalArgumentException if the <code>List</code> of policies
+ * contains an object that is not an
+ * <code>AbstractPolicy</code>
*/
public PolicySet(URI id, CombiningAlgorithm combiningAlg, Target target,
***************
*** 119,122 ****
--- 128,135 ----
* @param target the <code>Target</code> for this set
* @param policies a list of <code>AbstractPolicy</code> objects
+ *
+ * @throws IllegalArgumentException if the <code>List</code> of policies
+ * contains an object that is not an
+ * <code>AbstractPolicy</code>
*/
public PolicySet(URI id, CombiningAlgorithm combiningAlg,
***************
*** 136,139 ****
--- 149,156 ----
* @param policies a list of <code>AbstractPolicy</code> objects
* @param defaultVersion the XPath version to use
+ *
+ * @throws IllegalArgumentException if the <code>List</code> of policies
+ * contains an object that is not an
+ * <code>AbstractPolicy</code>
*/
public PolicySet(URI id, CombiningAlgorithm combiningAlg,
***************
*** 156,159 ****
--- 173,180 ----
* @param defaultVersion the XPath version to use
* @param obligations a set of <code>Obligation</code> objects
+ *
+ * @throws IllegalArgumentException if the <code>List</code> of policies
+ * contains an object that is not an
+ * <code>AbstractPolicy</code>
*/
public PolicySet(URI id, CombiningAlgorithm combiningAlg,
***************
*** 163,167 ****
obligations);
! setCombiners(policies);
}
--- 184,199 ----
obligations);
! // check that the list contains only AbstractPolicy objects
! if (policies != null) {
! Iterator it = policies.iterator();
! while (it.hasNext()) {
! Object o = it.next();
! if (! (o instanceof AbstractPolicy))
! throw new IllegalArgumentException("non-AbstractPolicy " +
! "in policies");
! }
! }
!
! setChildren(policies);
}
***************
*** 193,197 ****
}
! setCombiners(policies);
}
--- 225,229 ----
}
! setChildren(policies);
}
Index: Rule.java
===================================================================
RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/Rule.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -C2 -d -r1.1.1.1 -r1.2
*** Rule.java 13 Feb 2003 22:19:10 -0000 1.1.1.1
--- Rule.java 17 Jun 2003 18:23:52 -0000 1.2
***************
*** 43,50 ****
--- 43,55 ----
import com.sun.xacml.ctx.Result;
+ import com.sun.xacml.ctx.Status;
import java.net.URI;
import java.net.URISyntaxException;
+ import java.util.ArrayList;
+ import java.util.Collections;
+ import java.util.List;
+
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
***************
*** 59,63 ****
* @author Seth Proctor
*/
! public class Rule
{
--- 64,68 ----
* @author Seth Proctor
*/
! public class Rule implements PolicyTreeElement
{
***************
*** 184,187 ****
--- 189,202 ----
/**
+ * Since a rule is always a leaf in a policy tree because it can have
+ * no children, this always returns an empty <code>List</code>.
+ *
+ * @return a <code>List</code> with no elements
+ */
+ public List getChildren() {
+ return Collections.EMPTY_LIST;
+ }
+
+ /**
* Returns the condition for this <code>Rule</code> or null if there
* is no condition
***************
*** 194,201 ****
--- 209,247 ----
/**
+ * Given the input context sees whether or not the request matches this
+ * <code>Rule</code>'s <code>Target</code>. Note that unlike the matching
+ * done by the <code>evaluate</code> method, if the <code>Target</code>
+ * is missing than this will return Indeterminate. This lets you write
+ * your own custom matching routines for rules but lets evaluation
+ * proceed normally.
+ *
+ * @param context the representation of the request
+ *
+ * @return the result of trying to match this rule and the request
+ */
+ public MatchResult match(EvaluationCtx context) {
+ if (target == null) {
+ ArrayList code = new ArrayList();
+ code.add(Status.STATUS_PROCESSING_ERROR);
+ Status status = new Status(code, "no target available for " +
+ "matching a rule");
+
+ return new MatchResult(MatchResult.INDETERMINATE, status);
+ }
+
+ return target.match(context);
+ }
+
+ /**
* Evaluates the rule against the supplied context. This will check that
* the target matches, and then try to evaluate the condition. If the
* target and condition apply, then the rule's effect is returned in
* the result.
+ * <p>
+ * Note that rules are not required to have targets. If no target is
+ * specified, then the rule inherits its parent's target. In the event
+ * that this <code>Rule</code> has no <code>Target</code> then the
+ * match is assumed to be true, since evaluating a policy tree to this
+ * level required the parent's target to match.
*
* @param context the representation of the request we're evaluating
***************
*** 204,213 ****
*/
public Result evaluate(EvaluationCtx context) {
! // If the Target is null, then it's supposed to inherit from the
! // parent policy and use the same Taget. Since the parent's Target
! // must have matched in order for us to get to this point in the
! // evaluation we assume that the inherited Target also matches,
! // since it's the same match operation. Therefore, if there was no
! // Target supplied for this Rule, we just skip this step
if (target != null) {
MatchResult match = target.match(context);
--- 250,256 ----
*/
public Result evaluate(EvaluationCtx context) {
! // If the Target is null then it's supposed to inherit from the
! // parent policy, so we skip the matching step assuming we wouldn't
! // be here unless the parent matched
if (target != null) {
MatchResult match = target.match(context);
|
