sunxacml-commit Mailing List for Sun's XACML Implementation (Page 2)
Brought to you by:
farrukh_najmi,
sethp
Menu
▾
▴
sunxacml-commit — Notifications of cvs commits appear on this list
You can subscribe to this list here.
| 2003 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(3) |
Jun
(3) |
Jul
(6) |
Aug
(37) |
Sep
(5) |
Oct
(6) |
Nov
(1) |
Dec
(3) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2004 |
Jan
(3) |
Feb
(11) |
Mar
(26) |
Apr
(5) |
May
(27) |
Jun
(13) |
Jul
(7) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(2) |
| 2005 |
Jan
(12) |
Feb
(5) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(8) |
| 2006 |
Jan
(10) |
Feb
(6) |
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
|
Dec
(1) |
| 2009 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(6) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Seth P. <se...@us...> - 2006-01-13 22:33:01
|
Update of /cvsroot/sunxacml/sunxacml In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv30273 Modified Files: build.xml Log Message: Added support for the XACML 2.0 functions, cleaned up current env handling and date/time construction, and made most of the factory-related changes to support the promised 2.0 features Index: build.xml =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/build.xml,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** build.xml 7 Jan 2005 23:51:33 -0000 1.5 --- build.xml 13 Jan 2006 22:32:50 -0000 1.6 *************** *** 1,5 **** <!-- ! Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. Redistribution and use in source and binary forms, with or without --- 1,5 ---- <!-- ! Copyright 2003-2006 Sun Microsystems, Inc. All Rights Reserved. Redistribution and use in source and binary forms, with or without *************** *** 82,86 **** </footer> <bottom> ! <![CDATA[<font size="-1">Copyright 2003-2005 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms.<p>Sun, Sun Microsystems, the Sun Logo, and Java are --- 82,86 ---- </footer> <bottom> ! <![CDATA[<font size="-1">Copyright 2003-2006 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms.<p>Sun, Sun Microsystems, the Sun Logo, and Java are |
|
From: Seth P. <se...@us...> - 2006-01-13 22:33:01
|
Update of /cvsroot/sunxacml/sunxacml/com/sun/xacml/finder In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv30273/com/sun/xacml/finder Modified Files: PolicyFinder.java PolicyFinderModule.java Log Message: Added support for the XACML 2.0 functions, cleaned up current env handling and date/time construction, and made most of the factory-related changes to support the promised 2.0 features Index: PolicyFinder.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/finder/PolicyFinder.java,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** PolicyFinder.java 7 Jan 2005 23:47:43 -0000 1.5 --- PolicyFinder.java 13 Jan 2006 22:32:52 -0000 1.6 *************** *** 38,41 **** --- 38,42 ---- import com.sun.xacml.EvaluationCtx; + import com.sun.xacml.PolicyMetaData; import com.sun.xacml.PolicyReference; import com.sun.xacml.VersionConstraints; *************** *** 214,217 **** --- 215,220 ---- * @param constraints any optional constraints on the version of the * referenced policy + * @param parentMetaData the meta-data from the parent policy, which + * provides XACML version, factories, etc. * * @return the result of trying to find an applicable policy *************** *** 220,224 **** */ public PolicyFinderResult findPolicy(URI idReference, int type, ! VersionConstraints constraints) throws IllegalArgumentException { --- 223,228 ---- */ public PolicyFinderResult findPolicy(URI idReference, int type, ! VersionConstraints constraints, ! PolicyMetaData parentMetaData) throws IllegalArgumentException { *************** *** 234,238 **** PolicyFinderModule module = (PolicyFinderModule)(it.next()); PolicyFinderResult newResult = ! module.findPolicy(idReference, type, constraints); // if there was an error, we stop right away --- 238,243 ---- PolicyFinderModule module = (PolicyFinderModule)(it.next()); PolicyFinderResult newResult = ! module.findPolicy(idReference, type, constraints, ! parentMetaData); // if there was an error, we stop right away Index: PolicyFinderModule.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/finder/PolicyFinderModule.java,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** PolicyFinderModule.java 7 Jan 2005 23:47:43 -0000 1.4 --- PolicyFinderModule.java 13 Jan 2006 22:32:52 -0000 1.5 *************** *** 38,41 **** --- 38,42 ---- import com.sun.xacml.EvaluationCtx; + import com.sun.xacml.PolicyMetaData; import com.sun.xacml.VersionConstraints; *************** *** 155,163 **** * never impose constraints when used from a pre-2.0 * XACML policy) * * @return the result of looking for a matching policy */ public PolicyFinderResult findPolicy(URI idReference, int type, ! VersionConstraints constraints) { return new PolicyFinderResult(); } --- 156,167 ---- * never impose constraints when used from a pre-2.0 * XACML policy) + * @param parentMetaData the meta-data from the parent policy, which + * provides XACML version, factories, etc. * * @return the result of looking for a matching policy */ public PolicyFinderResult findPolicy(URI idReference, int type, ! VersionConstraints constraints, ! PolicyMetaData parentMetaData) { return new PolicyFinderResult(); } |
|
From: Seth P. <se...@us...> - 2006-01-13 22:33:01
|
Update of /cvsroot/sunxacml/sunxacml/com/sun/xacml/combine In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv30273/com/sun/xacml/combine Modified Files: CombiningAlgFactory.java StandardCombiningAlgFactory.java Log Message: Added support for the XACML 2.0 functions, cleaned up current env handling and date/time construction, and made most of the factory-related changes to support the promised 2.0 features Index: CombiningAlgFactory.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/combine/CombiningAlgFactory.java,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** CombiningAlgFactory.java 17 May 2004 20:33:45 -0000 1.9 --- CombiningAlgFactory.java 13 Jan 2006 22:32:51 -0000 1.10 *************** *** 3,7 **** * @(#)CombiningAlgFactory.java * ! * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)CombiningAlgFactory.java * ! * Copyright 2003-2006 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 37,44 **** --- 37,46 ---- package com.sun.xacml.combine; + import com.sun.xacml.PolicyMetaData; import com.sun.xacml.UnknownIdentifierException; import java.net.URI; + import java.util.HashMap; import java.util.Set; *************** *** 57,70 **** private static CombiningAlgFactoryProxy defaultFactoryProxy; /** ! * static intialiazer that sets up the default factory proxy ! * NOTE: this will change when the right setup mechanism is in place */ static { ! defaultFactoryProxy = new CombiningAlgFactoryProxy() { public CombiningAlgFactory getFactory() { return StandardCombiningAlgFactory.getFactory(); } }; }; --- 59,81 ---- private static CombiningAlgFactoryProxy defaultFactoryProxy; + // the map of registered factories + private static HashMap registeredFactories; + /** ! * static intialiazer that sets up the default factory proxy and ! * registers the standard namespaces */ static { ! CombiningAlgFactoryProxy proxy = new CombiningAlgFactoryProxy() { public CombiningAlgFactory getFactory() { return StandardCombiningAlgFactory.getFactory(); } }; + + registeredFactories = new HashMap(); + registeredFactories.put(PolicyMetaData.XACML_1_0_IDENTIFIER, proxy); + registeredFactories.put(PolicyMetaData.XACML_2_0_IDENTIFIER, proxy); + + defaultFactoryProxy = proxy; }; *************** *** 88,93 **** /** ! * Sets the default factory. Note that this is just a placeholder for ! * now, and will be replaced with a more useful mechanism soon. */ public static final void setDefaultFactory(CombiningAlgFactoryProxy proxy) --- 99,135 ---- /** ! * Returns a factory based on the given identifier. You may register ! * as many factories as you like, and then retrieve them through this ! * interface, but a factory may only be registered once using a given ! * identifier. By default, the standard XACML 1.0 and 2.0 identifiers ! * are regsietered to provide the standard factory. ! * ! * @param identifier the identifier for a factory ! * ! * @return a <code>CombiningAlgFactory</code> ! * ! * @throws UnknownIdentifierException if the given identifier isn't ! * registered ! */ ! public static final CombiningAlgFactory getInstance(String identifier) ! throws UnknownIdentifierException ! { ! CombiningAlgFactoryProxy proxy = ! (CombiningAlgFactoryProxy)(registeredFactories.get(identifier)); ! ! if (proxy == null) ! throw new UnknownIdentifierException("Uknown CombiningAlgFactory " ! + "identifier: " + ! identifier); ! ! return proxy.getFactory(); ! } ! ! /** ! * Sets the default factory. This does not register the factory proxy as ! * an identifiable factory. ! * ! * @param proxy the <code>CombiningAlgFactoryProxy</code> to set as the ! * new default factory proxy */ public static final void setDefaultFactory(CombiningAlgFactoryProxy proxy) *************** *** 97,100 **** --- 139,169 ---- /** + * Registers the given factory proxy with the given identifier. If the + * identifier is already used, then this throws an exception. If the + * identifier is not already used, then it will always be bound to the + * given proxy. + * + * @param identifier the identifier for the proxy + * @param proxy the <code>CombiningAlgFactoryProxy</code> to register with + * the given identifier + * + * @throws IllegalArgumentException if the identifier is already used + */ + public static final void registerFactory(String identifier, + CombiningAlgFactoryProxy proxy) + throws IllegalArgumentException + { + synchronized (registeredFactories) { + if (registeredFactories.containsKey(identifier)) + throw new IllegalArgumentException("Identifier is already " + + "registered as " + + "CombiningAlgFactory: " + + identifier); + + registeredFactories.put(identifier, proxy); + } + } + + /** * Adds a combining algorithm to the factory. This single instance will * be returned to anyone who asks the factory for an algorithm with the Index: StandardCombiningAlgFactory.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/combine/StandardCombiningAlgFactory.java,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** StandardCombiningAlgFactory.java 13 Jul 2004 22:39:58 -0000 1.6 --- StandardCombiningAlgFactory.java 13 Jan 2006 22:32:51 -0000 1.7 *************** *** 3,7 **** * @(#)StandardCombiningAlgFactory.java * ! * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)StandardCombiningAlgFactory.java * ! * Copyright 2004-2006 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 37,40 **** --- 37,43 ---- package com.sun.xacml.combine; + import com.sun.xacml.PolicyMetaData; + import com.sun.xacml.UnknownIdentifierException; + import java.util.Collections; import java.util.HashSet; *************** *** 48,52 **** /** * This factory supports the standard set of algorithms specified in XACML ! * 1.0 and 1.1. It is the default factory used by the system, and imposes * a singleton pattern insuring that there is only ever one instance of * this class. --- 51,55 ---- /** * This factory supports the standard set of algorithms specified in XACML ! * 1.x and 2.0. It is the default factory used by the system, and imposes * a singleton pattern insuring that there is only ever one instance of * this class. *************** *** 74,77 **** --- 77,83 ---- private static Set supportedAlgorithms = null; + // identifiers for the supported algorithms + private static Set supportedAlgIds; + // the logger we'll use for all messages private static final Logger logger = *************** *** 93,113 **** supportedAlgorithms = new HashSet(); supportedAlgorithms.add(new DenyOverridesRuleAlg()); supportedAlgorithms.add(new DenyOverridesPolicyAlg()); ! supportedAlgorithms.add(new OrderedDenyOverridesRuleAlg()); supportedAlgorithms.add(new OrderedDenyOverridesPolicyAlg()); supportedAlgorithms.add(new PermitOverridesRuleAlg()); supportedAlgorithms.add(new PermitOverridesPolicyAlg()); supportedAlgorithms.add(new OrderedPermitOverridesRuleAlg()); supportedAlgorithms.add(new OrderedPermitOverridesPolicyAlg()); supportedAlgorithms.add(new FirstApplicableRuleAlg()); supportedAlgorithms.add(new FirstApplicablePolicyAlg()); supportedAlgorithms.add(new OnlyOneApplicablePolicyAlg()); } --- 99,133 ---- supportedAlgorithms = new HashSet(); + supportedAlgIds = new HashSet(); supportedAlgorithms.add(new DenyOverridesRuleAlg()); + supportedAlgIds.add(DenyOverridesRuleAlg.algId); supportedAlgorithms.add(new DenyOverridesPolicyAlg()); ! supportedAlgIds.add(DenyOverridesPolicyAlg.algId); ! supportedAlgorithms.add(new OrderedDenyOverridesRuleAlg()); + supportedAlgIds.add(OrderedDenyOverridesRuleAlg.algId); supportedAlgorithms.add(new OrderedDenyOverridesPolicyAlg()); + supportedAlgIds.add(OrderedDenyOverridesPolicyAlg.algId); supportedAlgorithms.add(new PermitOverridesRuleAlg()); + supportedAlgIds.add(PermitOverridesRuleAlg.algId); supportedAlgorithms.add(new PermitOverridesPolicyAlg()); + supportedAlgIds.add(PermitOverridesPolicyAlg.algId); supportedAlgorithms.add(new OrderedPermitOverridesRuleAlg()); + supportedAlgIds.add(OrderedPermitOverridesRuleAlg.algId); supportedAlgorithms.add(new OrderedPermitOverridesPolicyAlg()); + supportedAlgIds.add(OrderedPermitOverridesPolicyAlg.algId); supportedAlgorithms.add(new FirstApplicableRuleAlg()); + supportedAlgIds.add(FirstApplicableRuleAlg.algId); supportedAlgorithms.add(new FirstApplicablePolicyAlg()); + supportedAlgIds.add(FirstApplicablePolicyAlg.algId); supportedAlgorithms.add(new OnlyOneApplicablePolicyAlg()); + supportedAlgIds.add(OnlyOneApplicablePolicyAlg.algId); + + supportedAlgIds = Collections.unmodifiableSet(supportedAlgIds); } *************** *** 135,144 **** /** ! * Returns the set of algorithms that this standard factory supports. * ! * @return a <code>Set</code> of <code>CombiningAlgorithm</code>s */ ! public Set getStandardAlgorithms() { ! return Collections.unmodifiableSet(supportedAlgorithms); } --- 155,199 ---- /** ! * A convenience method that returns a new instance of a ! * <code>CombiningAlgFactory</code> that supports all of the standard ! * algorithms. The new factory allows adding support for new algorithms. ! * This method should only be used when you need a new, mutable instance ! * (eg, when you want to create a new factory that extends the set of ! * supported algorithms). In general, you should use ! * <code>getFactory</code> which is more efficient and enforces a ! * singleton pattern. * ! * @return a new factory supporting the standard algorithms */ ! public static CombiningAlgFactory getNewFactory() { ! // first we make sure everything's been initialized... ! getFactory(); ! ! // ...then we create the new instance ! return new BaseCombiningAlgFactory(supportedAlgorithms); ! } ! ! /** ! * Returns the identifiers supported for the given version of XACML. ! * Because this factory supports identifiers from all versions of the ! * XACML specifications, this method is useful for getting a list of ! * which specific identifiers are supported by a given version of XACML. ! * ! * @param xacmlVersion a standard XACML identifier string, as provided ! * in <code>PolicyMetaData</code> ! * ! * @return a <code>Set</code> of identifiers ! * ! * @throws UnknownIdentifierException if the version string is unknown ! */ ! public static Set getStandardAlgorithms(String xacmlVersion) ! throws UnknownIdentifierException ! { ! if ((xacmlVersion.equals(PolicyMetaData.XACML_1_0_IDENTIFIER)) || ! (xacmlVersion.equals(PolicyMetaData.XACML_2_0_IDENTIFIER))) ! return supportedAlgIds; ! ! throw new UnknownIdentifierException("Unknown XACML version: " + ! xacmlVersion); } |
|
From: Seth P. <se...@us...> - 2006-01-13 22:33:00
|
Update of /cvsroot/sunxacml/sunxacml/com/sun/xacml/cond/cluster In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv30273/com/sun/xacml/cond/cluster Added Files: StringFunctionCluster.java Log Message: Added support for the XACML 2.0 functions, cleaned up current env handling and date/time construction, and made most of the factory-related changes to support the promised 2.0 features --- NEW FILE: StringFunctionCluster.java --- /* * @(#)StringFunctionCluster.java * * Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistribution of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistribution in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed or intended for use in * the design, construction, operation or maintenance of any nuclear facility. */ package com.sun.xacml.cond.cluster; import com.sun.xacml.cond.StringFunction; import com.sun.xacml.cond.URLStringCatFunction; import java.util.HashSet; import java.util.Iterator; import java.util.Set; /** * Clusters all the functions supported by <code>StringFunction</code> * and <code>URLStringCatFunction</code>. * * @since 2.0 * @author Seth Proctor */ public class StringFunctionCluster implements FunctionCluster { public Set getSupportedFunctions() { Set set = new HashSet(); Iterator it = StringFunction.getSupportedIdentifiers(). iterator(); while (it.hasNext()) set.add(new StringFunction((String)(it.next()))); set.add(new URLStringCatFunction()); return set; } } |
|
From: Seth P. <se...@us...> - 2006-01-13 22:33:00
|
Update of /cvsroot/sunxacml/sunxacml/com/sun/xacml/attr/proxy In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv30273/com/sun/xacml/attr/proxy Added Files: DNSNameAttributeProxy.java IPAddressAttributeProxy.java Log Message: Added support for the XACML 2.0 functions, cleaned up current env handling and date/time construction, and made most of the factory-related changes to support the promised 2.0 features --- NEW FILE: DNSNameAttributeProxy.java --- /* * @(#)DNSNameAttributeProxy.java * * Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistribution of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistribution in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed or intended for use in * the design, construction, operation or maintenance of any nuclear facility. */ package com.sun.xacml.attr.proxy; import com.sun.xacml.ParsingException; import com.sun.xacml.attr.AttributeProxy; import com.sun.xacml.attr.AttributeValue; import com.sun.xacml.attr.DNSNameAttribute; import org.w3c.dom.Node; /** * A proxy class that is provided mainly for the run-time configuration * code to use. * * @since 2.0 * @author Seth Proctor */ public class DNSNameAttributeProxy implements AttributeProxy { public AttributeValue getInstance(Node root) throws ParsingException { return DNSNameAttribute.getInstance(root); } public AttributeValue getInstance(String value) throws ParsingException { return DNSNameAttribute.getInstance(value); } } --- NEW FILE: IPAddressAttributeProxy.java --- /* * @(#)IPAddressAttributeProxy.java * * Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistribution of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistribution in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed or intended for use in * the design, construction, operation or maintenance of any nuclear facility. */ package com.sun.xacml.attr.proxy; import com.sun.xacml.ParsingException; import com.sun.xacml.attr.AttributeProxy; import com.sun.xacml.attr.AttributeValue; import com.sun.xacml.attr.IPAddressAttribute; import org.w3c.dom.Node; /** * A proxy class that is provided mainly for the run-time configuration * code to use. * * @since 2.0 * @author Seth Proctor */ public class IPAddressAttributeProxy implements AttributeProxy { public AttributeValue getInstance(Node root) throws ParsingException { return IPAddressAttribute.getInstance(root); } public AttributeValue getInstance(String value) throws ParsingException { return IPAddressAttribute.getInstance(value); } } |
|
From: Seth P. <se...@us...> - 2005-12-16 22:42:47
|
Update of /cvsroot/sunxacml/sunxacml/com/sun/xacml/attr In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv19443/com/sun/xacml/attr Added Files: DNSNameAttribute.java IPAddressAttribute.java PortRange.java Log Message: added to support the new ipAddress and dnsName datatypes in XACML 2.0 --- NEW FILE: PortRange.java --- /* * @(#)PortRange.java * * Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistribution of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistribution in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed or intended for use in * the design, construction, operation or maintenance of any nuclear facility. */ package com.sun.xacml.attr; /** * This class represents a port range as specified in the XACML 2.0 description * of <code>dnsName</code> and <code>ipAddress</code>. The range may have * upper and lower bounds, be specified by a single port number, or may be * unbound. * * @since 2.0 * @author Seth Proctor */ public class PortRange { /** * Constant used to specify that the range is unbound on one side. */ public static final int UNBOUND = -1; // the port bound values private int lowerBound; private int upperBound; /** * Default constructor used to represent an unbound range. This is * typically used when an address has no port information. */ public PortRange() { this(UNBOUND, UNBOUND); } /** * Creates a <code>PortRange</code> that represents a single port value * instead of a range of values. * * @param singlePort the single port number */ public PortRange(int singlePort) { this(singlePort, singlePort); } /** * Creates a <code>PortRange</code> with upper and lower bounds. Either * of the parameters may have the value <code>UNBOUND</code> meaning * that there is no bound at the respective end. * * @param lowerBound the lower-bound port number or <code>UNBOUND</code> * @param upperBound the upper-bound port number or <code>UNBOUND</code> */ public PortRange(int lowerBound, int upperBound) { this.lowerBound = lowerBound; this.upperBound = upperBound; } /** * Creates an instance of <code>PortRange</code> based on the given value. * * @param value a <code>String</code> representing the range * * @return a new <code>PortRange</code> * * @throws NumberFormatException if a port value isn't an integer */ public static PortRange getInstance(String value) { int lowerBound = UNBOUND; int upperBound = UNBOUND; // first off, make sure there's actually content here if ((value.length() == 0) || (value.equals("-"))) return new PortRange(); // there's content, so figure where the '-' is, if at all int dashPos = value.indexOf('-'); if (dashPos == -1) { // there's no dash, so it's just a single number lowerBound = upperBound = Integer.parseInt(value); } else if (dashPos == 0) { // it starts with a dash, so it's just upper-range bound upperBound = Integer.parseInt(value.substring(1)); } else { // it's a number followed by a dash, so get the lower-bound... lowerBound = Integer.parseInt(value.substring(0, dashPos)); int len = value.length(); // ... and see if there is a second port number if (dashPos != (len - 1)) { // the dash wasn't at the end, so there's an upper-bound upperBound = Integer.parseInt(value.substring(dashPos + 1, len)); } } return new PortRange(lowerBound, upperBound); } /** * Returns the lower-bound port value. If the range is not lower-bound, * then this returns <code>UNBOUND</code>. If the range is actually a * single port number, then this returns the same value as * <code>getUpperBound</code>. * * @return the upper-bound */ public int getLowerBound() { return lowerBound; } /** * Returns the upper-bound port value. If the range is not upper-bound, * then this returns <code>UNBOUND</code>. If the range is actually a * single port number, then this returns the same value as * <code>getLowerBound</code>. * * @return the upper-bound */ public int getUpperBound() { return upperBound; } /** * Returns whether the range is bounded by a lower port number. * * @return true if lower-bounded, false otherwise */ public boolean isLowerBounded() { return (lowerBound != -1); } /** * Returns whether the range is bounded by an upper port number. * * @return true if upper-bounded, false otherwise */ public boolean isUpperBounded() { return (upperBound != -1); } /** * Returns whether the range is actually a single port number. * * @return true if the range is a single port number, false otherwise */ public boolean isSinglePort() { return ((lowerBound == upperBound) && (lowerBound != UNBOUND)); } /** * Returns whether the range is unbound, which means that it specifies * no port number or range. This is typically used with addresses that * include no port information. * * @return true if the range is unbound, false otherwise */ public boolean isUnbound() { return ((lowerBound == UNBOUND) && (upperBound == UNBOUND)); } /** * Returns true if the input is an instance of this class and if its * value equals the value contained in this class. * * @param o the object to compare * * @return true if this object and the input represent the same value */ public boolean equals(Object o) { if (! (o instanceof IPAddressAttribute)) return false; PortRange other = (PortRange)o; if (lowerBound != other.lowerBound) return false; if (upperBound != other.upperBound) return false; return true; } /** * */ public String encode() { if (isUnbound()) return ""; if (isSinglePort()) return String.valueOf(lowerBound); if (! isLowerBounded()) return "-" + String.valueOf(upperBound); if (! isUpperBounded()) return String.valueOf(lowerBound) + "-"; return String.valueOf(lowerBound) + "-" + String.valueOf(upperBound); } } --- NEW FILE: IPAddressAttribute.java --- /* * @(#)IPAddressAttribute.java * * Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistribution of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistribution in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed or intended for use in * the design, construction, operation or maintenance of any nuclear facility. */ package com.sun.xacml.attr; import com.sun.xacml.ParsingException; import java.net.InetAddress; import java.net.UnknownHostException; import java.net.URI; import org.w3c.dom.Node; /** * Represents the IPAddress datatype introduced in XACML 2.0. All objects of * this class are immutable and all methods of the class are thread-safe. * * @since 2.0 * @author Seth Proctor */ public class IPAddressAttribute extends AttributeValue { /** * Official name of this type */ public static final String identifier = "urn:oasis:names:tc:xacml:2.0:data-type:ipAddress"; /** * URI version of name for this type * <p> * This field is initialized by a static initializer so that * we can catch any exceptions thrown by URI(String) and * transform them into a RuntimeException, since this should * never happen but should be reported properly if it ever does. */ private static URI identifierURI; /** * RuntimeException that wraps an Exception thrown during the * creation of identifierURI, null if none. */ private static RuntimeException earlyException; /** * Static initializer that initializes the identifierURI * class field so that we can catch any exceptions thrown * by URI(String) and transform them into a RuntimeException. * Such exceptions should never happen but should be reported * properly if they ever do. */ static { try { identifierURI = new URI(identifier); } catch (Exception e) { earlyException = new IllegalArgumentException(); earlyException.initCause(e); } }; // the required address private InetAddress address; // the optional mask private InetAddress mask; // this is the optional port-range private PortRange range; /** * Creates the new <code>IPAddressAttribute</code> with just the required * address component. * * @param address a non-null <code>InetAddress</code> */ public IPAddressAttribute(InetAddress address) { this(address, null, new PortRange()); } /** * Creates the new <code>IPAddressAttribute</code> with the optional * address mask. * * @param address a non-null <code>InetAddress</code> * @param mask an <code>InetAddress</code> or null if there is no mask */ public IPAddressAttribute(InetAddress address, InetAddress mask) { this(address, mask, new PortRange()); } /** * Creates the new <code>IPAddressAttribute</code> with the optional * port range. * * @param address a non-null <code>InetAddress</code> * @param portRange a <code>PortRange</code> */ public IPAddressAttribute(InetAddress address, PortRange range) { this(address, null, range); } /** * Creates the new <code>IPAddressAttribute</code> with all the optional * components. * * @param address a non-null <code>InetAddress</code> * @param mask an <code>InetAddress</code> or null if there is no mask * @param portRange a <code>PortRange</code> */ public IPAddressAttribute(InetAddress address, InetAddress mask, PortRange range) { super(identifierURI); // shouldn't happen, but just in case... if (earlyException != null) throw earlyException; this.address = address; this.mask = mask; this.range = range; } /** * Returns a new <code>IPAddressAttribute</code> that represents * the name at a particular DOM node. * * @param root the <code>Node</code> that contains the desired value * * @return a new <code>IPAddressAttribute</code> representing the * appropriate value (null if there is a parsing error) * * @throws ParsingException if any of the address components is invalid */ public static IPAddressAttribute getInstance(Node root) throws ParsingException { return getInstance(root.getFirstChild().getNodeValue()); } /** * Returns a new <code>IPAddressAttribute</code> that represents * the name indicated by the <code>String</code> provided. * * @param value a string representing the address * * @return a new <code>IPAddressAttribute</code> * * @throws ParsingException if any of the address components is invalid */ public static IPAddressAttribute getInstance(String value) throws ParsingException { try { // an IPv6 address starts with a '[' if (value.indexOf('[') == 0) return getIPv6Address(value); else return getIPv4Address(value); } catch (UnknownHostException uhe) { throw new ParsingException("Failed to parse an IPAddress", uhe); } } /** * Handle parsing an IPv4 address */ private static IPAddressAttribute getIPv4Address(String value) throws UnknownHostException { InetAddress address = null; InetAddress mask = null; PortRange range = null; // start out by seeing where the delimiters are int maskPos = value.indexOf("/"); int rangePos = value.indexOf(":"); // now check to see which components we have if (maskPos == rangePos) { // the sting is just an address address = InetAddress.getByName(value); } else if (maskPos != -1) { // there is also a mask (and maybe a range) address = InetAddress.getByName(value.substring(0, maskPos)); if (rangePos != -1) { // there's a range too, so get it and the mask mask = InetAddress.getByName(value.substring(maskPos + 1, rangePos)); range = PortRange.getInstance(value.substring(rangePos + 1, value.length())); } else { // there's no range, so just get the mask mask = InetAddress.getByName(value.substring(maskPos + 1, value.length())); } } else { // there is a range, but no mask address = InetAddress.getByName(value.substring(0, rangePos)); range = PortRange.getInstance(value.substring(rangePos + 1, value.length())); } // if the range is null, then create it as unbound range = new PortRange(); return new IPAddressAttribute(address, mask, range); } /** * Handle parsing an IPv6 address */ private static IPAddressAttribute getIPv6Address(String value) throws UnknownHostException { InetAddress address = null; InetAddress mask = null; PortRange range = null; int len = value.length(); // get the required address component int endIndex = value.indexOf(']'); address = InetAddress.getByName(value.substring(1, endIndex)); // see if there's anything left in the string if (endIndex != (len - 1)) { // if there's a mask, it's also an IPv6 address if (value.charAt(endIndex + 1) == '/') { int startIndex = endIndex + 3; endIndex = value.indexOf(']', startIndex); mask = InetAddress.getByName(value.substring(startIndex, endIndex)); } // finally, see if there's a port range, if we're not finished if ((endIndex != (len - 1)) && (value.charAt(endIndex + 1) == ':')) range = PortRange.getInstance(value.substring(endIndex + 2, len)); } // if the range is null, then create it as unbound range = new PortRange(); return new IPAddressAttribute(address, mask, range); } /** * Returns the address represented by this object. * * @return the address */ public InetAddress getAddress() { return address; } /** * Returns the mask represented by this object, or null if there is no * mask. * * @return the mask or null */ public InetAddress getMask() { return mask; } /** * Returns the port range represented by this object which will be * unbound if no range was specified. * * @return the range */ public PortRange getRange() { return range; } /** * Returns true if the input is an instance of this class and if its * value equals the value contained in this class. * * @param o the object to compare * * @return true if this object and the input represent the same value */ public boolean equals(Object o) { if (! (o instanceof IPAddressAttribute)) return false; IPAddressAttribute other = (IPAddressAttribute)o; if (! address.equals(other.address)) return false; if (mask != null) { if (other.mask == null) return false; if (! mask.equals(other.mask)) return false; } else { if (other.mask != null) return false; } if (! range.equals(other.range)) return false; return true; } /** * Returns the hashcode value used to index and compare this object with * others of the same type. * * @return the object's hashcode value */ public int hashCode() { // FIXME: what should the hashcode be? return 0; } /** * Converts to a String representation. * * @return the String representation */ public String toString() { return "IPAddressAttribute: \"" + encode() + "\""; } /** * */ public String encode() { String str = "[" + address.getHostAddress() + "]"; if (mask != null) str += "/[" + mask.getHostAddress() + "]"; if (! range.isUnbound()) str += ":" + range.encode(); return str; } } --- NEW FILE: DNSNameAttribute.java --- /* * @(#)DNSNameAttribute.java * * Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistribution of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistribution in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed or intended for use in * the design, construction, operation or maintenance of any nuclear facility. */ package com.sun.xacml.attr; import com.sun.xacml.ParsingException; import java.net.URI; import org.w3c.dom.Node; /** * Represents the DNSName datatype introduced in XACML 2.0. All objects of * this class are immutable and all methods of the class are thread-safe. * * @since 2.0 * @author Seth Proctor */ public class DNSNameAttribute extends AttributeValue { /** * Official name of this type */ public static final String identifier = "urn:oasis:names:tc:xacml:2.0:data-type:dnsName"; /** * URI version of name for this type * <p> * This field is initialized by a static initializer so that * we can catch any exceptions thrown by URI(String) and * transform them into a RuntimeException, since this should * never happen but should be reported properly if it ever does. */ private static URI identifierURI; /** * RuntimeException that wraps an Exception thrown during the * creation of identifierURI, null if none. */ private static RuntimeException earlyException; /** * Static initializer that initializes the identifierURI * class field so that we can catch any exceptions thrown * by URI(String) and transform them into a RuntimeException. * Such exceptions should never happen but should be reported * properly if they ever do. */ static { try { identifierURI = new URI(identifier); } catch (Exception e) { earlyException = new IllegalArgumentException(); earlyException.initCause(e); } }; // the required hostname private String hostname; // the optional port range private PortRange range; // true if the hostname starts with a '*' private boolean isSubdomain = false; /** * Creates the new <code>DNSNameAttribute</code> with only the required * hostname component. * * @param hostname the host name component of the address * * @throws ParsingException if the hostname is invalid */ public DNSNameAttribute(String hostname) throws ParsingException { this(hostname, new PortRange()); } /** * Creates the new <code>DNSNameAttribute</code> with the optional * port range component. * * @param hostname the host name component of the address * @param range the port range * * @throws ParsingException if the hostname is invalid */ public DNSNameAttribute(String hostname, PortRange range) throws ParsingException { super(identifierURI); // shouldn't happen, but just in case... if (earlyException != null) throw earlyException; // verify that the hostname is valid before we store it if (! isValidHostName(hostname)) System.out.println("FIXME: throw error about bad hostname"); // see if it started with a '*' character if (hostname.charAt(0) == '*') this.isSubdomain = true; this.hostname = hostname; this.range = range; } /** * Private helper that tests whether the given string is valid. */ private boolean isValidHostName(String hostname) { /* hostname = *( domainlabel "." ) toplabel [ "." ] domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum toplabel = alpha | alpha *( alphanum | "-" ) alphanum */ String domainlabel = "\\w[[\\w|\\-]*\\w]?"; String toplabel = "[a-zA-Z][[\\w|\\-]*\\w]?"; String pattern = "[\\*\\.]?[" + domainlabel + "\\.]*" + toplabel + "\\.?"; return hostname.matches(pattern); } /** * Returns a new <code>DNSNameAttribute</code> that represents * the name at a particular DOM node. * * @param root the <code>Node</code> that contains the desired value * * @return a new <code>DNSNameAttribute</code> representing the * appropriate value (null if there is a parsing error) * * @throws ParsingException if the hostname is invalid */ public static DNSNameAttribute getInstance(Node root) throws ParsingException { return getInstance(root.getFirstChild().getNodeValue()); } /** * Returns a new <code>DNSNameAttribute</code> that represents * the name indicated by the <code>String</code> provided. * * @param value a string representing the name * * @return a new <code>DNSNameAttribute</code> * * @throws ParsingException if the hostname is invalid */ public static DNSNameAttribute getInstance(String value) throws ParsingException { int portSep = value.indexOf(':'); if (portSep == -1) { // there is no port range, so just use the name return new DNSNameAttribute(value); } else { // split the name and the port range String hostname = value.substring(0, portSep); PortRange range = PortRange.getInstance(value.substring(portSep + 1, value.length())); return new DNSNameAttribute(hostname, range); } } /** * Returns the host name represented by this object. * * @return the host name */ public String getHostName() { return hostname; } /** * Returns the port range represented by this object which will be * unbound if no range was specified. * * @return the port range */ public PortRange getPortRange() { return range; } /** * Returns true if the leading character in the hostname is a '*', and * therefore represents a matching subdomain, or false otherwise. * * @return true if the name represents a subdomain, false otherwise */ public boolean isSubdomain() { return isSubdomain; } /** * Returns true if the input is an instance of this class and if its * value equals the value contained in this class. * * @param o the object to compare * * @return true if this object and the input represent the same value */ public boolean equals(Object o) { if (! (o instanceof DNSNameAttribute)) return false; DNSNameAttribute other = (DNSNameAttribute)o; if (! hostname.toUpperCase().equals(other.hostname.toUpperCase())) return false; if (! range.equals(other.range)) return false; return true; } /** * Returns the hashcode value used to index and compare this object with * others of the same type. * * @return the object's hashcode value */ public int hashCode() { // FIXME: what should the hashcode be? return 0; } /** * Converts to a String representation. * * @return the String representation */ public String toString() { return "DNSNameAttribute: \"" + encode() + "\""; } /** * */ public String encode() { if (range.isUnbound()) return hostname; return hostname + ":" + range.encode(); } } |
|
From: Seth P. <se...@us...> - 2005-12-16 22:40:19
|
Update of /cvsroot/sunxacml/sunxacml/com/sun/xacml/cond In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv18953/com/sun/xacml/cond Added Files: TimeInRangeFunction.java Log Message: now that it's standard, the function is in the core package --- NEW FILE: TimeInRangeFunction.java --- /* * @(#)TimeInRangeFunction.java * * Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistribution of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistribution in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed or intended for use in * the design, construction, operation or maintenance of any nuclear facility. */ package com.sun.xacml.cond; import com.sun.xacml.EvaluationCtx; import com.sun.xacml.attr.AttributeValue; import com.sun.xacml.attr.BagAttribute; import com.sun.xacml.attr.BooleanAttribute; import com.sun.xacml.attr.TimeAttribute; import java.util.List; /** * This class implements the time-in-range function, which takes * three time values and returns true if the first value falls between the * second and the third value. This function was introduced in XACML 2.0. * <p> * Note that this function allows any time ranges less than 24 hours. In * other words, it is not bound by normal day boundries (midnight GMT), but * by the minimum time in the range. This means that ranges like 9am-5pm * are supported, as are ranges like 5pm-9am. * * @since 2.0 * @author seth proctor */ public class TimeInRangeFunction extends FunctionBase { /** * The identifier for this function */ public static final String NAME = FUNCTION_NS_2 + "time-in-range"; /** * The number of milliseconds in a minute */ public static final long MILLIS_PER_MINUTE = 1000 * 60; /** * The number of milliseconds in a day */ public static final long MILLIS_PER_DAY = MILLIS_PER_MINUTE * 60 * 24; /** * Default constructor. */ public TimeInRangeFunction() { super(NAME, 0, TimeAttribute.identifier, false, 3, BooleanAttribute.identifier, false); } /** * Evaluates the time-in-range function, which takes three * <code>TimeAttribute</code> values. This function return true * if the first value falls between the second and third values * (ie., on or after the second time and on or before the third * time). If no time zone is specified for the second and/or third * time value, then the timezone from the first time value is * used. This lets you say time-in-range(current-time, 9am, 5pm) * and always have the evaluation happen in your current-time * timezone. * * @param inputs a <code>List</code> of <code>Evaluatable</code> * objects representing the arguments passed to the function * @param context the respresentation of the request * * @return an <code>EvaluationResult</code> containing true or false */ public EvaluationResult evaluate(List inputs, EvaluationCtx context) { AttributeValue [] argValues = new AttributeValue[inputs.size()]; EvaluationResult result = evalArgs(inputs, context, argValues); // check if any errors occured while resolving the inputs if (result != null) return result; // get the three time values TimeAttribute attr = (TimeAttribute)(argValues[0]); long middleTime = attr.getMilliseconds(); long minTime = resolveTime(attr, (TimeAttribute)(argValues[1])); long maxTime = resolveTime(attr, (TimeAttribute)(argValues[2])); // first off, if the min and max are the same, then this can only // be true is the middle is also the same value if (minTime == maxTime) return EvaluationResult.getInstance(middleTime == minTime); // shift the minTime to 00:00:00 so we can do a normal comparison, // taking care to shift in the correct direction (left if the // maxTime is bigger, otherwise right), and making sure that we // handle any wrapping values for the middle time (the maxTime will // never wrap around 00:00:00 GMT as long as we're dealing with // windows of less than 24 hours) // the amount we're shifting long shiftSpan; // figure out the right direction and get the shift amount if (minTime < maxTime) shiftSpan = -minTime; else shiftSpan = MILLIS_PER_DAY - minTime; // shift the maxTime and the middleTime maxTime = maxTime + shiftSpan; middleTime = handleWrap(middleTime + shiftSpan); // we're in the range if the middle is now between 0 and maxTime return EvaluationResult. getInstance((middleTime >= 0) && (middleTime <= maxTime)); } /** * Private helper method that is used to resolve the correct values for * min and max. If an explicit timezone is provided for either, then * that value gets used. Otherwise we need to pick the timezone the * middle time is using, and move the other time into that timezone. */ private long resolveTime(TimeAttribute middleTime, TimeAttribute otherTime) { long time = otherTime.getMilliseconds(); int tz = otherTime.getTimeZone(); // if there's no explicit timezone, then the otherTime needs to // be shifted to the middleTime's timezone if (tz == TimeAttribute.TZ_UNSPECIFIED) { // the other time didn't specify a timezone, so we use the // timezone specified in the middle time... int middleTz = middleTime.getTimeZone(); // ...and we get the default timezone from the otherTime tz = otherTime.getDefaultedTimeZone(); // if there was no specified timezone for the middleTime, use // the default timezone for that too if (middleTz == TimeAttribute.TZ_UNSPECIFIED) middleTz = middleTime.getDefaultedTimeZone(); // use the timezone to offset the time value, if the two aren't // already in the same timezone if (middleTz != tz) { time -= ((middleTz - tz) * MILLIS_PER_MINUTE); time = handleWrap(time); } } return time; } /** * Private helper method that handles when a time value wraps no more * than 24 hours either above 23:59:59 or below 00:00:00. */ private long handleWrap(long time) { if (time < 0) { // if it's negative, add one day return time + MILLIS_PER_DAY; } if (time > MILLIS_PER_DAY) { // if it's more than 24 hours, subtract one day return time - MILLIS_PER_DAY; } return time; } } |
|
From: Seth P. <se...@us...> - 2005-12-16 22:39:08
|
Update of /cvsroot/sunxacml/sunxacml/com/sun/xacml/attr In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv18725/com/sun/xacml/attr Modified Files: StringAttribute.java Log Message: cleaned up comments on mixed content Index: StringAttribute.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/attr/StringAttribute.java,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** StringAttribute.java 17 Feb 2005 16:01:26 -0000 1.5 --- StringAttribute.java 16 Dec 2005 22:38:59 -0000 1.6 *************** *** 48,57 **** * all methods of the class are thread-safe. * <p> ! * Note that there is currently some confusion in the XACML specification * about whether this datatype should be able to handle XML elements (ie, * whether <AttributeValue DataType="...string"><foo/> ! * </AttributeValue> is valid). Until that is clarified the strict ! * definition of the string datatype is used in this code, which means that ! * elements are not valid. * * @since 1.0 --- 48,59 ---- * all methods of the class are thread-safe. * <p> ! * Note that there was some confusion in the XACML specification * about whether this datatype should be able to handle XML elements (ie, * whether <AttributeValue DataType="...string"><foo/> ! * </AttributeValue> is valid). This has been clarified to provide ! * the correct requirement that a string may not contain mixed content (ie, ! * the example provided here is invalid). If you need to specify something ! * like this with the string datatype, then you must escape the ! * <code><</code> and <code>></code> characters. * * @since 1.0 |
|
From: Seth P. <se...@us...> - 2005-12-16 22:38:23
|
Update of /cvsroot/sunxacml/sunxacml/com/sun/xacml/cond In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv18675/com/sun/xacml/cond Modified Files: FunctionBase.java Log Message: added the new 2.0 namespace Index: FunctionBase.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/cond/FunctionBase.java,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** FunctionBase.java 5 Dec 2005 23:34:51 -0000 1.5 --- FunctionBase.java 16 Dec 2005 22:38:16 -0000 1.6 *************** *** 75,83 **** /** ! * The standard namespace where all the spec-defined functions live */ public static final String FUNCTION_NS = "urn:oasis:names:tc:xacml:1.0:function:"; // A List used by makeProcessingError() to save some steps. private static List processingErrList = null; --- 75,89 ---- /** ! * The standard namespace where all XACML 1.0 spec-defined functions live */ public static final String FUNCTION_NS = "urn:oasis:names:tc:xacml:1.0:function:"; + /** + * The standard namespace where all XACML 2.0 spec-defined functions live + */ + public static final String FUNCTION_NS_2 = + "urn:oasis:names:tc:xacml:2.0:function:"; + // A List used by makeProcessingError() to save some steps. private static List processingErrList = null; |
|
From: Seth P. <se...@us...> - 2005-12-05 23:35:03
|
Update of /cvsroot/sunxacml/sunxacml/com/sun/xacml/cond In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21866/com/sun/xacml/cond Modified Files: Apply.java Evaluatable.java Expression.java ExpressionHandler.java Function.java FunctionBase.java HigherOrderFunction.java MapFunction.java NOfFunction.java VariableDefinition.java VariableManager.java VariableReference.java Added Files: Condition.java Log Message: substantial update to align 2.0 features (Target and Condition) and code re-factoring to better handle Expression/Evaluatable, versions, Target, etc. Index: NOfFunction.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/cond/NOfFunction.java,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** NOfFunction.java 18 Mar 2004 21:13:09 -0000 1.4 --- NOfFunction.java 5 Dec 2005 23:34:51 -0000 1.5 *************** *** 3,7 **** * @(#)NOfFunction.java * ! * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)NOfFunction.java * ! * Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 177,181 **** Object [] list = inputs.toArray(); for (int i = 0; i < list.length; i++) ! if (((Evaluatable)(list[i])).evaluatesToBag()) throw new IllegalArgumentException("n-of can't use bags"); --- 177,181 ---- Object [] list = inputs.toArray(); for (int i = 0; i < list.length; i++) ! if (((Evaluatable)(list[i])).returnsBag()) throw new IllegalArgumentException("n-of can't use bags"); Index: Evaluatable.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/cond/Evaluatable.java,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** Evaluatable.java 7 Jan 2005 23:49:32 -0000 1.5 --- Evaluatable.java 5 Dec 2005 23:34:51 -0000 1.6 *************** *** 3,7 **** * @(#)Evaluatable.java * ! * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)Evaluatable.java * ! * Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 50,57 **** /** ! * Generic interface that is implemented by all objects that can appear in ! * an ApplyType. This lets the evaluation code of <code>Apply</code> and ! * functions iterate through their members and evaluate them, working only ! * on the returned values or errors. * * @since 1.0 --- 50,57 ---- /** ! * Generic interface that is implemented by all objects that can be evaluated ! * directly (<code>AttributeDesignator</code>, <code>Apply</code>, ! * <code>AttributeValue</code>, etc.). As of version 2.0 several methods ! * were extracted to the new <code>Expression</code> super-interface. * * @since 1.0 *************** *** 72,86 **** /** - * Get the type of this object. This may be the data type of an - * <code>Attribute</code> or the return type of an - * <code>AttributeDesignator</code>, etc. - * - * @return the type of data represented by this object - */ - public URI getType(); - - /** * Tells whether evaluation will return a bag or a single value. * * @return true if evaluation will return a bag, false otherwise */ --- 72,80 ---- /** * Tells whether evaluation will return a bag or a single value. * + * @deprecated As of 2.0, you should use the <code>returnsBag</code> + * method from the super-interface <code>Expression</code>. + * * @return true if evaluation will return a bag, false otherwise */ *************** *** 96,117 **** public List getChildren(); - /** - * Encodes this <code>Evaluatable</code> into its XML representation and - * writes this encoding to the given <code>OutputStream</code> with no - * indentation. - * - * @param output a stream into which the XML-encoded data is written - */ - public void encode(OutputStream output); - - /** - * Encodes this <code>Evaluatable</code> into its XML representation and - * writes this encoding to the given <code>OutputStream</code> with - * indentation. - * - * @param output a stream into which the XML-encoded data is written - * @param indenter an object that creates indentation strings - */ - public void encode(OutputStream output, Indenter indenter); - } --- 90,92 ---- Index: HigherOrderFunction.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/cond/HigherOrderFunction.java,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** HigherOrderFunction.java 7 Jan 2005 23:49:32 -0000 1.9 --- HigherOrderFunction.java 5 Dec 2005 23:34:51 -0000 1.10 *************** *** 3,7 **** * @(#)HigherOrderFunction.java * ! * Copyright 2003-20045Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)HigherOrderFunction.java * ! * Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 38,41 **** --- 38,42 ---- import com.sun.xacml.EvaluationCtx; + import com.sun.xacml.Indenter; import com.sun.xacml.attr.AttributeValue; *************** *** 43,46 **** --- 44,50 ---- import com.sun.xacml.attr.BooleanAttribute; + import java.io.OutputStream; + import java.io.PrintStream; + import java.net.URI; import java.net.URISyntaxException; *************** *** 180,192 **** /** - * Returns false since functions aren't directly evaluatable. - * - * @return false - */ - public boolean isEvaluatable() { - return false; - } - - /** * Returns a <code>Set</code> containing all the function identifiers * supported by this class. --- 184,187 ---- *************** *** 265,278 **** } ! // get the two inputs ... note that unlike other functions, we don't ! // have to evaluate here, since the Apply code did it for us already ! // to handle any Indeterminate cases AttributeValue [] args = new AttributeValue[2]; - args[0] = (AttributeValue)(iterator.next()); - args[1] = (AttributeValue)(iterator.next()); ! // now we're ready to do the evaluation ! EvaluationResult result = null; switch(functionId) { --- 260,281 ---- } ! // get the two inputs, and if anything is INDETERMINATE, then we ! // stop right away AttributeValue [] args = new AttributeValue[2]; ! Evaluatable eval = (Evaluatable)(iterator.next()); ! EvaluationResult result = eval.evaluate(context); ! if (result.indeterminate()) ! return result; ! args[0] = (AttributeValue)(result.getAttributeValue()); ! eval = (Evaluatable)(iterator.next()); ! result = eval.evaluate(context); ! if (result.indeterminate()) ! return result; ! args[1] = (AttributeValue)(result.getAttributeValue()); ! ! // now we're ready to do the evaluation ! result = null; switch(functionId) { *************** *** 433,441 **** // the first arg might be a bag ! if (secondIsBag && (! eval1.evaluatesToBag())) throw new IllegalArgumentException("first arg has to be a bag"); // the second arg must be a bag ! if (! eval2.evaluatesToBag()) throw new IllegalArgumentException("second arg has to be a bag"); --- 436,444 ---- // the first arg might be a bag ! if (secondIsBag && (! eval1.returnsBag())) throw new IllegalArgumentException("first arg has to be a bag"); // the second arg must be a bag ! if (! eval2.returnsBag()) throw new IllegalArgumentException("second arg has to be a bag"); *************** *** 564,566 **** --- 567,594 ---- } + /** + * Encodes this <code>HigherOrderFunction</code> into its XML + * representation and writes this encoding to the given + * <code>OutputStream</code> with no indentation. + * + * @param output a stream into which the XML-encoded data is written + */ + public void encode(OutputStream output) { + encode(output, new Indenter(0)); + } + + /** + * Encodes this <code>HigherOrderFunction</code> into its XML + * representation and writes this encoding to the given + * <code>OutputStream</code> with indentation. + * + * @param output a stream into which the XML-encoded data is written + * @param indenter an object that creates indentation strings + */ + public void encode(OutputStream output, Indenter indenter) { + PrintStream out = new PrintStream(output); + out.println(indenter.makeString() + "<Function FunctionId=\"" + + getIdentifier().toString() + "\"/>"); + } + } Index: FunctionBase.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/cond/FunctionBase.java,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** FunctionBase.java 7 Jan 2005 23:49:32 -0000 1.4 --- FunctionBase.java 5 Dec 2005 23:34:51 -0000 1.5 *************** *** 38,41 **** --- 38,42 ---- import com.sun.xacml.EvaluationCtx; + import com.sun.xacml.Indenter; import com.sun.xacml.attr.AttributeValue; *************** *** 46,49 **** --- 47,53 ---- import java.net.URISyntaxException; + import java.io.OutputStream; + import java.io.PrintStream; + import java.util.ArrayList; import java.util.Arrays; *************** *** 223,235 **** /** - * Returns false since functions aren't directly evaluatable. - * - * @return false - */ - public boolean isEvaluatable() { - return false; - } - - /** * Returns the full identifier of this function, as known by the factories. * --- 227,230 ---- *************** *** 401,405 **** if ((! eval.getType().toString().equals(paramType)) || ! (eval.evaluatesToBag() != paramIsBag)) throw new IllegalArgumentException("illegal parameter"); } --- 396,400 ---- if ((! eval.getType().toString().equals(paramType)) || ! (eval.returnsBag() != paramIsBag)) throw new IllegalArgumentException("illegal parameter"); } *************** *** 417,421 **** if ((! eval.getType().toString().equals(paramTypes[i])) || ! (eval.evaluatesToBag() != paramsAreBags[i])) throw new IllegalArgumentException("illegal parameter"); --- 412,416 ---- if ((! eval.getType().toString().equals(paramTypes[i])) || ! (eval.returnsBag() != paramsAreBags[i])) throw new IllegalArgumentException("illegal parameter"); *************** *** 483,485 **** --- 478,505 ---- } + /** + * Encodes this <code>FunctionBase</code> into its XML representation and + * writes this encoding to the given <code>OutputStream</code> with no + * indentation. + * + * @param output a stream into which the XML-encoded data is written + */ + public void encode(OutputStream output) { + encode(output, new Indenter(0)); + } + + /** + * Encodes this <code>FunctionBase</code> into its XML representation and + * writes this encoding to the given <code>OutputStream</code> with + * indentation. + * + * @param output a stream into which the XML-encoded data is written + * @param indenter an object that creates indentation strings + */ + public void encode(OutputStream output, Indenter indenter) { + PrintStream out = new PrintStream(output); + out.println(indenter.makeString() + "<Function FunctionId=\"" + + getFunctionName() + "\"/>"); + } + } Index: Expression.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/cond/Expression.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** Expression.java 7 Jan 2005 23:49:32 -0000 1.1 --- Expression.java 5 Dec 2005 23:34:51 -0000 1.2 *************** *** 37,42 **** --- 37,46 ---- package com.sun.xacml.cond; + import com.sun.xacml.Indenter; + import java.net.URI; + import java.io.OutputStream; + /** *************** *** 48,67 **** public interface Expression { ! /** ! * Returns true if this expression is evaluatable. Typically, this ! * is any expression type except for functions, which can't be ! * evaluated directly. * ! * @return true if this expression is evaluatable */ ! public boolean isEvaluatable(); /** ! * Returns the type of the expression. * ! * @return the attribute type of the referenced expression */ ! public URI getType(); } --- 52,92 ---- public interface Expression { ! /** ! * Returns the type of the expression. This may be the data type of ! * an <code>AttributeValue</code>, the return type of a ! * <code>Function</code>, etc. * ! * @return the attribute type of the referenced expression */ ! public URI getType(); /** ! * Returns whether or not this expression returns, or evaluates to a ! * Bag. Note that <code>Evaluatable</code>, which extends this interface, ! * defines <code>evaluatesToBag</code> which is essentially the same ! * function. This method has been deprecated, and <code>returnsBag</code> ! * is now the preferred way to query all <code>Expression</code>s. ! */ ! public boolean returnsBag(); ! ! /** ! * Encodes this <code>Expression</code> into its XML representation and ! * writes this encoding to the given <code>OutputStream</code> with no ! * indentation. * ! * @param output a stream into which the XML-encoded data is written */ ! public void encode(OutputStream output); ! ! /** ! * Encodes this <code>Expression</code> into its XML representation and ! * writes this encoding to the given <code>OutputStream</code> with ! * indentation. ! * ! * @param output a stream into which the XML-encoded data is written ! * @param indenter an object that creates indentation strings ! */ ! public void encode(OutputStream output, Indenter indenter); } Index: VariableReference.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/cond/VariableReference.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** VariableReference.java 7 Jan 2005 23:49:33 -0000 1.1 --- VariableReference.java 5 Dec 2005 23:34:51 -0000 1.2 *************** *** 40,43 **** --- 40,44 ---- import com.sun.xacml.Indenter; import com.sun.xacml.ParsingException; + import com.sun.xacml.PolicyMetaData; import com.sun.xacml.ProcessingException; *************** *** 65,69 **** * @author Seth Proctor */ ! public class VariableReference implements Evaluatable { --- 66,70 ---- * @author Seth Proctor */ ! public class VariableReference implements Expression { *************** *** 124,127 **** --- 125,129 ---- * * @param root the DOM root of a VariableReferenceType XML type + * @param metaData the meta-data associated with the containing policy * @param manager the <code>VariableManager</code> used to connect this * reference to its definition *************** *** 130,133 **** --- 132,136 ---- */ public static VariableReference getInstance(Node root, + PolicyMetaData metaData, VariableManager manager) throws ParsingException *************** *** 144,156 **** /** - * Returns true since this expression is evaluatable. - * - * @return true - */ - public boolean isEvaluatable() { - return true; - } - - /** * Returns the reference identifier. * --- 147,150 ---- *************** *** 189,203 **** * * @return the result of evaluation - * - * @throws ProcessingException if the expression isn't evaluatable */ public EvaluationResult evaluate(EvaluationCtx context) { Expression xpr = getReferencedDefinition().getExpression(); ! if (xpr.isEvaluatable()) ! return ((Evaluatable)xpr).evaluate(context); ! ! throw new ProcessingException("tried to evaluate an expression " + ! "that isn't evaluatable"); } --- 183,197 ---- * * @return the result of evaluation */ public EvaluationResult evaluate(EvaluationCtx context) { Expression xpr = getReferencedDefinition().getExpression(); ! // Note that it's technically possible for this expression to ! // be something like a Function, which isn't Evaluatable. It ! // wouldn't make sense to have this, but it is possible. Because ! // it makes no sense, however, it's unlcear exactly what the ! // error should be, so raising the ClassCastException here seems ! // as good an approach as any for now... ! return ((Evaluatable)xpr).evaluate(context); } *************** *** 231,249 **** * @throws ProcessingException if the return type couldn't be resolved */ ! public boolean evaluatesToBag() { // see comment in getType() if (definition != null) { ! Expression xpr = getReferencedDefinition().getExpression(); ! ! // FIXME: for now we need to do this casting, but this should ! // change soon when the Function interface comes in line with ! // the Evaluatable type methods through the Expression interface ! if (xpr.isEvaluatable()) ! return ((Evaluatable)xpr).evaluatesToBag(); ! else ! return ((Function)xpr).returnsBag(); } else { if (manager != null) ! return manager.evaluatesToBag(variableId); } --- 225,235 ---- * @throws ProcessingException if the return type couldn't be resolved */ ! public boolean returnsBag() { // see comment in getType() if (definition != null) { ! return getReferencedDefinition().getExpression().returnsBag(); } else { if (manager != null) ! return manager.returnsBag(variableId); } *************** *** 252,255 **** --- 238,255 ---- /** + * Tells whether evaluation will return a bag or a single value. + * + * @return true if evaluation will return a bag, false otherwise + * + * @deprecated As of 2.0, you should use the <code>returnsBag</code> + * method from the super-interface <code>Expression</code>. + * + * @throws ProcessingException if the return type couldn't be resolved + */ + public boolean evaluatesToBag() { + return returnsBag(); + } + + /** * Always returns an empty list since references never have children in * the policy tree. Note that the referenced definition may still have --- NEW FILE: Condition.java --- /* * @(#)Condition.java * * Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistribution of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistribution in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed or intended for use in * the design, construction, operation or maintenance of any nuclear facility. */ package com.sun.xacml.cond; import com.sun.xacml.EvaluationCtx; import com.sun.xacml.Indenter; import com.sun.xacml.ParsingException; import com.sun.xacml.PolicyMetaData; import com.sun.xacml.attr.BooleanAttribute; import java.io.OutputStream; import java.io.PrintStream; import java.net.URI; import java.util.ArrayList; import java.util.Collections; import java.util.Iterator; import java.util.List; import org.w3c.dom.Node; import org.w3c.dom.NodeList; /** * Represents the XACML ConditionType type. It contains exactly one child * expression that is boolean and returns a single value. This class was * added in XACML 2.0 * * @since 2.0 * @author Seth Proctor */ public class Condition implements Evaluatable { // a local Boolean URI that is used as the return type private static URI booleanIdentifier; // regardless of version, this contains the Condition's children private List children; // regardless of version, this is an expression that can be evaluated // directly private Expression expression; // the condition function, which is only used if this is a 1.x condition private Function function; // flags whether this is XACML 1.x or 2.0 private boolean isVersionOne; // initialize the boolean identifier static { try { booleanIdentifier = new URI(BooleanAttribute.identifier); } catch (Exception e) { // we ignore this, since it cannot happen, but it should be // flagged in case something changes to trip this case booleanIdentifier = null; } } /** * Constructs a <code>Condition</code> as used in XACML 1.x. * * @param function the <code>Function</code> to use in evaluating the * elements in the Condition * @param xprs the contents of the Condition which will be the parameters * to the function, each of which is an * <code>Expression</code> * * @throws IllegalArgumentException if the input expressions don't * match the signature of the function or * if the function is invalid for use * in a Condition */ public Condition(Function function, List expressions) throws IllegalArgumentException { isVersionOne = true; // check that the function is valid for a Condition checkExpression(function); // turn the parameters into an Apply for simplicity expression = new Apply(function, expressions); // keep track of the function and the children this.function = function; children = ((Apply)expression).getChildren(); } /** * Constructs a <code>Condition</code> as used in XACML 2.0. * * @param expression the child <code>Expression</code> * * @throws IllegalArgumentException if the expression is not boolean or * returns a bag */ public Condition(Expression expression) throws IllegalArgumentException { isVersionOne = false; // check that the function is valid for a Condition checkExpression(expression); // store the expression this.expression = expression; // there is no function in a 2.0 Condition function = null; // store the expression as the child List list = new ArrayList(); list.add(this.expression); children = Collections.unmodifiableList(list); } /** * Private helper for the constructors that checks if a given expression * is valid for the root of a Condition */ private void checkExpression(Expression xpr) { // make sure it's a boolean expression... if (! xpr.getType().equals(booleanIdentifier)) throw new IllegalArgumentException("A Condition must return a " + "boolean...cannot create " + "with " + xpr.getType()); // ...and that it never returns a bag if (xpr.returnsBag()) throw new IllegalArgumentException("A Condition must not return " + "a Bag"); } /** * Returns an instance of <code>Condition</code> based on the given * DOM root. * * @param root the DOM root of a ConditionType XML type * @param metaData the meta-data associated with the containing policy * @param manager <code>VariableManager</code> used to connect references * and definitions while parsing * * @throws ParsingException if this is not a valid ConditionType */ public static Condition getInstance(Node root, PolicyMetaData metaData, VariableManager manager) throws ParsingException { if (metaData.getXACMLVersion() < PolicyMetaData.XACML_VERSION_2_0) { Apply cond = Apply.getConditionInstance(root, metaData.getXPathIdentifier(), manager); return new Condition(cond.getFunction(), cond.getChildren()); } else { Expression xpr = null; NodeList nodes = root.getChildNodes(); for (int i = 0; i < nodes.getLength(); i++) { if (nodes.item(i).getNodeType() == Node.ELEMENT_NODE) { xpr = ExpressionHandler. parseExpression(nodes.item(i), metaData, manager); break; } } return new Condition(xpr); } } /** * Returns the <code>Function</code> used by this <code>Condition</code> * if this is a 1.x condition, or null if this is a 2.0 condition. * * @return a <code>Function</code> or null */ public Function getFunction() { return function; } /** * Returns the <code>List</code> of children for this * <code>Condition</code>. The <code>List</code> contains * <code>Expression</code>s. The list is unmodifiable. * * @return a <code>List</code> of <code>Expression</code>s */ public List getChildren() { return children; } /** * Returns the type of attribute that this object will return on a call * to <code>evaluate</code>. This is always a boolean, since that's * all that a Condition is allowed to return. * * @return the boolean type */ public URI getType() { return booleanIdentifier; } /** * Returns whether or not this <code>Condition</code> will return a bag * of values on evaluation. This always returns false, since a Condition * isn't allowed to return a bag. * * @return false */ public boolean returnsBag() { return false; } /** * Returns whether or not this <code>Condition</code> will return a bag * of values on evaluation. This always returns false, since a Condition * isn't allowed to return a bag. * * @deprecated As of 2.0, you should use the <code>returnsBag</code> * method from the super-interface <code>Expression</code>. * * @return false */ public boolean evaluatesToBag() { return false; } /** * Evaluates the <code>Condition</code> by evaluating its child * <code>Expression</code>. * * @param context the representation of the request * * @return the result of trying to evaluate this condition object */ public EvaluationResult evaluate(EvaluationCtx context) { // Note that it's technically possible for this expression to // be something like a Function, which isn't Evaluatable. It // wouldn't make sense to have this, but it is possible. Because // it makes no sense, however, it's unlcear exactly what the // error should be, so raising the ClassCastException here seems // as good an approach as any for now... return ((Evaluatable)expression).evaluate(context); } /** * Encodes this <code>Condition</code> into its XML representation and * writes this encoding to the given <code>OutputStream</code> with no * indentation. * * @param output a stream into which the XML-encoded data is written */ public void encode(OutputStream output) { encode(output, new Indenter(0)); } /** * Encodes this <code>Condition</code> into its XML representation and * writes this encoding to the given <code>OutputStream</code> with * indentation. * * @param output a stream into which the XML-encoded data is written * @param indenter an object that creates indentation strings */ public void encode(OutputStream output, Indenter indenter) { PrintStream out = new PrintStream(output); String indent = indenter.makeString(); if (isVersionOne) { out.println(indent + "<Condition FunctionId=\"" + function.getIdentifier() + "\">"); indenter.in(); Iterator it = children.iterator(); while (it.hasNext()) { Expression xpr = (Expression)(it.next()); xpr.encode(output, indenter); } } else { out.println(indent + "<Condition>"); indenter.in(); expression.encode(output, indenter); } indenter.out(); out.println(indent + "</Condition>"); } } Index: Apply.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/cond/Apply.java,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** Apply.java 7 Jan 2005 23:49:31 -0000 1.9 --- Apply.java 5 Dec 2005 23:34:51 -0000 1.10 *************** *** 40,49 **** import com.sun.xacml.Indenter; import com.sun.xacml.ParsingException; ! import com.sun.xacml.UnknownIdentifierException; - import com.sun.xacml.attr.AttributeDesignator; import com.sun.xacml.attr.AttributeFactory; - import com.sun.xacml.attr.AttributeSelector; - import com.sun.xacml.attr.AttributeValue; import java.io.OutputStream; --- 40,46 ---- import com.sun.xacml.Indenter; import com.sun.xacml.ParsingException; ! import com.sun.xacml.PolicyMetaData; import com.sun.xacml.attr.AttributeFactory; import java.io.OutputStream; *************** *** 63,66 **** --- 60,75 ---- /** * Represents the XACML ApplyType and ConditionType XML types. + * <p> + * Note well: as of 2.0, there is no longer a notion of a separate higher- + * order bag function. Instead, if needed, it is supplied as one of the + * <code>Expression</code>s in the parameter list. As such, when this + * <code>Apply</code> is evaluated, it no longer pre-evaluates all the + * parameters if a bag function is used. It is now up to the implementor + * of a higher-order function to do this. + * <p> + * Also, as of 2.0, the <code>Apply</code> is no longer used to represent + * a Condition, since the XACML 2.0 specification changed how Condition + * works. Instead, there is now a <code>Condition</code> class that + * represents both 1.x and 2.0 style Conditions. * * @since 1.0 *************** *** 74,138 **** // the paramaters to the function...ie, the contents of the apply ! private List evals; ! ! // an apply may have an entry that's a function for bag operations ! private Function bagFunction; ! ! // whether or not this is a condition ! private boolean isCondition; /** ! * Constructs an <code>Apply</code> object. Throws an ! * <code>IllegalArgumentException</code> if the given parameter list ! * isn't valid for the given function. ! * * @param function the <code>Function</code> to use in evaluating the * elements in the apply ! * @param evals the contents of the apply which will be the parameters * to the function, each of which is an ! * <code>Evaluatable</code> ! * @param isCondition true if this <code>Apply</code> is a Condition, ! * false otherwise */ ! public Apply(Function function, List evals, boolean isCondition) throws IllegalArgumentException { ! this(function, evals, null, isCondition); } /** ! * Constructs an <code>Apply</code> object that contains a higher-order ! * bag function. Throws an <code>IllegalArgumentException</code> if the ! * given parameter list isn't valid for the given function. * * @param function the <code>Function</code> to use in evaluating the * elements in the apply ! * @param evals the contents of the apply which will be the parameters * to the function, each of which is an ! * <code>Evaluatable</code> ! * @param bagFunction the higher-order function to use ! * @param isCondition true if this <code>Apply</code> is a Condition, ! * false otherwise */ ! public Apply(Function function, List evals, Function bagFunction, ! boolean isCondition) throws IllegalArgumentException { // check that the given inputs work for the function ! List inputs = evals; ! if (bagFunction != null) { ! inputs = new ArrayList(); ! inputs.add(bagFunction); ! inputs.addAll(evals); ! } ! function.checkInputs(inputs); // if everything checks out, then store the inputs this.function = function; ! this.evals = Collections.unmodifiableList(new ArrayList(evals)); ! this.bagFunction = bagFunction; ! this.isCondition = isCondition; } ! /** * Returns an instance of an <code>Apply</code> based on the given DOM --- 83,148 ---- // the paramaters to the function...ie, the contents of the apply ! private List xprs; /** ! * Constructs an <code>Apply</code> instance. ! * * @param function the <code>Function</code> to use in evaluating the * elements in the apply ! * @param xprs the contents of the apply which will be the parameters * to the function, each of which is an ! * <code>Expression</code> ! * ! * @throws IllegalArgumentException if the input expressions don't ! * match the signature of the function */ ! public Apply(Function function, List xprs) throws IllegalArgumentException { ! // check that the given inputs work for the function ! function.checkInputs(xprs); ! ! // if everything checks out, then store the inputs ! this.function = function; ! this.xprs = Collections.unmodifiableList(new ArrayList(xprs)); } /** ! * Constructs an <code>Apply</code> instance. * + * @deprecated As of 2.0 <code>Apply</code> is no longer used for + * Conditions, so the <code>isCondition</code> parameter + * is no longer needed. You should now use the 2 parameter + * constructor. This constructor will be removed in a + * future release. + * * @param function the <code>Function</code> to use in evaluating the * elements in the apply ! * @param xprs the contents of the apply which will be the parameters * to the function, each of which is an ! * <code>Expression</code> ! * @param isCondition as of 2.0, this must always be false ! * ! * @throws IllegalArgumentException if the input expressions don't ! * match the signature of the function or ! * if <code>isCondition</code> is true */ ! public Apply(Function function, List xprs, boolean isCondition) throws IllegalArgumentException { + // make sure that no is using this constructor to create a Condition + if (isCondition) + throw new IllegalArgumentException("As of version 2.0 an Apply" + + " may not represent a" + + " Condition"); + // check that the given inputs work for the function ! function.checkInputs(xprs); // if everything checks out, then store the inputs this.function = function; ! this.xprs = Collections.unmodifiableList(new ArrayList(xprs)); } ! /** * Returns an instance of an <code>Apply</code> based on the given DOM *************** *** 142,145 **** --- 152,164 ---- * as an ApplyType except that it must use a FunctionId that returns * a boolean value. + * <p> + * Note that as of 2.0 there is a separate <code>Condition</code> class + * used to support the different kinds of Conditions in XACML 1.x and + * 2.0. As such, the system no longer treats a ConditionType as a + * special kind of ApplyType. You may still use this method to get a + * 1.x style ConditionType, but you will need to convert it into a + * <code>Condition</code> to use it in evaluation. The preferred way + * to create a Condition is now through the <code>getInstance</code> + * method on <code>Condition</code>. * * @param root the DOM root of a ConditionType XML type *************** *** 156,170 **** throws ParsingException { ! return getInstance(root, FunctionFactory.getConditionInstance(), true, ! xpathVersion, manager); } /** ! * Returns an instance of <code>Apply</code> based on the given DOM root. * ! * @param root the DOM root of an ApplyType XML type * @param xpathVersion the XPath version to use in any selectors or XPath * functions, or null if this is unspecified (ie, not * supplied in the defaults section of the policy) * @param manager <code>VariableManager</code> used to connect references * and definitions while parsing --- 175,222 ---- throws ParsingException { ! return getInstance(root, FunctionFactory.getConditionInstance(), ! new PolicyMetaData( ! PolicyMetaData.XACML_1_0_IDENTIFIER, ! xpathVersion), ! manager); } /** ! * Returns an instance of an <code>Apply</code> based on the given DOM ! * root node. This will actually return a special kind of ! * <code>Apply</code>, namely an XML ConditionType, which is the root ! * of the condition logic in a RuleType. A ConditionType is the same ! * as an ApplyType except that it must use a FunctionId that returns ! * a boolean value. * ! * @deprecated As of 2.0 you should avoid using this method, since it ! * does not provide a <code>Condition</code> instance and ! * does not handle XACML 2.0 policies correctly. If you need ! * a similar method you can use the new version that ! * accepts a <code>VariableManager</code>. This will return ! * an <code>Apply</code> instance for XACML 1.x policies. ! * ! * @param root the DOM root of a ConditionType XML type * @param xpathVersion the XPath version to use in any selectors or XPath * functions, or null if this is unspecified (ie, not * supplied in the defaults section of the policy) + * + * @throws ParsingException if this is not a valid ConditionType + */ + public static Apply getConditionInstance(Node root, String xpathVersion) + throws ParsingException + { + return getInstance(root, FunctionFactory.getConditionInstance(), + new PolicyMetaData( + PolicyMetaData.XACML_1_0_IDENTIFIER, + xpathVersion), + null); + } + + /** + * Returns an instance of <code>Apply</code> based on the given DOM root. + * + * @param root the DOM root of an ApplyType XML type + * @param metaData the meta-data associated with the containing policy * @param manager <code>VariableManager</code> used to connect references * and definitions while parsing *************** *** 172,181 **** * @throws ParsingException if this is not a valid ApplyType */ ! public static Apply getInstance(Node root, String xpathVersion, VariableManager manager) throws ParsingException { ! return getInstance(root, FunctionFactory.getGeneralInstance(), false, ! xpathVersion, manager); } --- 224,259 ---- * @throws ParsingException if this is not a valid ApplyType */ ! public static Apply getInstance(Node root, PolicyMetaData metaData, VariableManager manager) throws ParsingException { ! return getInstance(root, FunctionFactory.getGeneralInstance(), ! metaData, manager); ! } ! ! /** ! * Returns an instance of <code>Apply</code> based on the given DOM root. ! * ! * @deprecated As of 2.0 you should avoid using this method, since it ! * does not handle XACML 2.0 policies correctly. If you need ! * a similar method you can use the new version that ! * accepts a <code>VariableManager</code>. This will return ! * an <code>Apply</code> instance for XACML 1.x policies. ! * ! * @param root the DOM root of an ApplyType XML type ! * @param xpathVersion the XPath version to use in any selectors or XPath ! * functions, or null if this is unspecified (ie, not ! * supplied in the defaults section of the policy) ! * ! * @throws ParsingException if this is not a valid ApplyType ! */ ! public static Apply getInstance(Node root, String xpathVersion) ! throws ParsingException ! { ! return getInstance(root, FunctionFactory.getGeneralInstance(), ! new PolicyMetaData( ! PolicyMetaData.XACML_1_0_IDENTIFIER, ! xpathVersion), ! null); } *************** *** 186,236 **** */ private static Apply getInstance(Node root, FunctionFactory factory, ! boolean isCondition, String xpathVersion, VariableManager manager) throws ParsingException { ! Function function = ExpressionHandler. ! getFunction(root, xpathVersion, factory); ! Function bagFunction = null; ! List evals = new ArrayList(); ! ! AttributeFactory attrFactory = AttributeFactory.getInstance(); NodeList nodes = root.getChildNodes(); for (int i = 0; i < nodes.getLength(); i++) { Expression xpr = ExpressionHandler. ! parseExpression(nodes.item(i), xpathVersion, manager); ! if (xpr != null) { ! if (! xpr.isEvaluatable()) { ! // see if it's a function... ! if (xpr instanceof Function) { ! // while the schema doesn't enforce this, it's illegal ! // to have more than one FunctionType in a given ! // ApplyType ... FIXME: should I remove this? ! if (bagFunction != null) ! throw new ! ParsingException("Too many FunctionTypes"); ! ! bagFunction = (Function)xpr; ! } else { ! evals.add(xpr); ! } ! } else { ! evals.add(xpr); ! } ! } } ! return new Apply(function, evals, bagFunction, isCondition); ! } ! ! /** ! * Returns true since this expression is evaluatable. ! * ! * @return true ! */ ! public boolean isEvaluatable() { ! return true; } --- 264,285 ---- */ private static Apply getInstance(Node root, FunctionFactory factory, ! PolicyMetaData metaData, VariableManager manager) throws ParsingException { ! Function function = ! ExpressionHandler.getFunction(root, metaData, factory); ! List xprs = new ArrayList(); NodeList nodes = root.getChildNodes(); for (int i = 0; i < nodes.getLength(); i++) { Expression xpr = ExpressionHandler. ! parseExpression(nodes.item(i), metaData, manager); ! if (xpr != null) ! xprs.add(xpr); } ! return new Apply(function, xprs); } *************** *** 246,275 **** /** * Returns the <code>List</code> of children for this <code>Apply</code>. ! * The <code>List</code> contains <code>Evaluatable</code>s. The list is * unmodifiable, and may be empty. * ! * @return a <code>List</code> of <code>Evaluatable</code>s */ public List getChildren() { ! return evals; } /** ! * Returns the higher order bag function used by this <code>Apply</code> ! * if it exists, or null if no higher order function is used. * ! * @return the higher order <code>Function</code> or null ! */ ! public Function getHigherOrderFunction() { ! return bagFunction; ! } ! ! /** ! * Returns whether or not this ApplyType is actually a ConditionType. * ! * @return whether or not this represents a ConditionType */ public boolean isCondition() { ! return isCondition; } --- 295,318 ---- /** * Returns the <code>List</code> of children for this <code>Apply</code>. ! * The <code>List</code> contains <code>Expression</code>s. The list is * unmodifiable, and may be empty. * ! * @return a <code>List</code> of <code>Expression</code>s */ public List getChildren() { ! return xprs; } /** ! * Returns whether or not this ApplyType is actually a ConditionType. As ! * of 2.0 this always returns false; * ! * @deprecated As of 2.0 this method should not be used, since an ! * <code>Apply</code> is never a Condition. * ! * @return false */ public boolean isCondition() { ! return false; } *************** *** 284,315 **** */ public EvaluationResult evaluate(EvaluationCtx context) { ! List parameters = evals; ! ! // see if there is a higher-order function in here ! if (bagFunction != null) { ! // this is a special case, so we setup the parameters, starting ! // with the function ! parameters = new ArrayList(); ! parameters.add(bagFunction); ! ! // now we evaluate all the parameters, returning INDETERMINATE ! // if that's what any of them return, and otherwise tracking ! // all the AttributeValues that get returned ! Iterator it = evals.iterator(); ! while (it.hasNext()) { ! Evaluatable eval = (Evaluatable)(it.next()); ! EvaluationResult result = eval.evaluate(context); ! ! // in a higher-order case, if anything is INDETERMINATE, then ! // we stop right away ! if (result.indeterminate()) ! return result; ! ! parameters.add(result.getAttributeValue()); ! } ! } ! ! // now we can call the base function ! return function.evaluate(parameters, context); } --- 327,337 ---- */ public EvaluationResult evaluate(EvaluationCtx context) { ! // Note that prior to the 2.0 codebase, this method was much more ! // complex, pre-evaluating the higher-order functions. Because this ! // was never really the right behavior (there's no reason that a ! // function can only be at the start of an Apply), we no longer make ! // assumptions at this point, so the higher order functions are ! // left to evaluate their own parameters. ! return function.evaluate(xprs, context); } *************** *** 332,335 **** --- 354,371 ---- * @return true if evaluation will return a bag of values, false otherwise */ + public boolean returnsBag() { + return function.returnsBag(); + } + + /** + * Returns whether or not the <code>Function</code> will return a bag + * of values on evaluation. + * + * + * @deprecated As of 2.0, you should use the <code>returnsBag</code> + * method from the super-interface <code>Expression</code>. + * + * @return true if evaluation will return a bag of values, false otherwise + */ public boolean evaluatesToBag() { return function.returnsBag(); *************** *** 359,385 **** String indent = indenter.makeString(); ! if (isCondition) ! out.println(indent + "<Condition FunctionId=\"" + ! function.getIdentifier() + "\">"); ! else ! out.println(indent + "<Apply FunctionId=\"" + ! function.getIdentifier() + "\">"); indenter.in(); ! if (bagFunction != null) ! out.println(indenter.makeString() + "<Function FunctionId=\"" + ! bagFunction.getIdentifier() + "\"/>"); ! ! Iterator it = evals.iterator(); while (it.hasNext()) { ! Evaluatable eval = (Evaluatable)(it.next()); ! eval.encode(output, indenter); } indenter.out(); ! if (isCondition) ! out.println(indent + "</Condition>"); ! else ! out.println(indent + "</Apply>"); } --- 395,410 ---- String indent = indenter.makeString(); ! out.println(indent + "<Apply FunctionId=\"" + ! function.getIdentifier() + "\">"); indenter.in(); ! Iterator it = xprs.iterator(); while (it.hasNext()) { ! Expression xpr = (Expression)(it.next()); ! xpr.encode(output, indenter); } indenter.out(); ! out.println(indent + "</Apply>"); } Index: VariableDefinition.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/cond/VariableDefinition.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** VariableDefinition.java 7 Jan 2005 23:49:32 -0000 1.1 --- VariableDefinition.java 5 Dec 2005 23:34:51 -0000 1.2 *************** *** 39,42 **** --- 39,43 ---- import com.sun.xacml.Indenter; import com.sun.xacml.ParsingException; + import com.sun.xacml.PolicyMetaData; import java.io.OutputStream; *************** *** 84,90 **** * * @param root the DOM root of a VariableDefinitionType XML type ! * @param xpathVersion the XPath version to use in any selectors or XPath ! * functions, or null if this is unspecified (ie, not ! * supplied in the defaults section of the policy) * @param manager <code>VariableManager</code> used to connect references * to this definition --- 85,89 ---- * * @param root the DOM root of a VariableDefinitionType XML type ! * @param metaData the meta-data associated with the containing policy * @param manager <code>VariableManager</code> used to connect references * to this definition *************** *** 93,97 **** */ public static VariableDefinition getInstance(Node root, ! String xpathVersion, VariableManager manager) throws ParsingException --- 92,96 ---- */ public static VariableDefinition getInstance(Node root, ! PolicyMetaData metaData, VariableManager manager) throws ParsingException *************** *** 109,113 **** // use that node to get the expression Expression xpr = ExpressionHandler. ! parseExpression(xprNode, xpathVersion, manager); return new VariableDefinition(variableId, xpr); --- 108,112 ---- // use that node to get the expression Expression xpr = ExpressionHandler. ! parseExpression(xprNode, metaData, manager); return new VariableDefinition(variableId, xpr); *************** *** 157,167 **** indenter.in(); ! if (expression.isEvaluatable()) { ! ((Evaluatable)expression).encode(output, indenter); ! } else { ! Function function = (Function)expression; ! out.println(indenter.makeString() + "<Function FunctionId=\"" + ! function.getIdentifier() + "\"/>"); ! } out.println("</VariableDefinition>"); --- 156,160 ---- indenter.in(); ! expression.encode(output, indenter); out.println("</VariableDefinition>"); Index: ExpressionHandler.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/cond/ExpressionHandler.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** ExpressionHandler.java 7 Jan 2005 23:49:32 -0000 1.1 --- ExpressionHandler.java 5 Dec 2005 23:34:51 -0000 1.2 *************** *** 11,14 **** --- 11,16 ---- package com.sun.xacml.cond; + import com.sun.xacml.PolicyMetaData; + import com.sun.xacml.ParsingException; import com.sun.xacml.UnknownIdentifierException; *************** *** 37,44 **** * Parses an expression, recursively handling any sub-elements. This is * provided as a utility class, but in practice is used only by ! * <code>Apply</code> and <code>VariableDefinition</code>. * */ ! public static Expression parseExpression(Node root, String xpathVersion, VariableManager manager) throws ParsingException --- 39,55 ---- * Parses an expression, recursively handling any sub-elements. This is * provided as a utility class, but in practice is used only by ! * <code>Apply</code>, <code>Condition</code>, and ! * <code>VariableDefinition</code>. * + * @param root the DOM root of an ExpressionType XML type + * @param metaData the meta-data associated with the containing policy + * @param manager <code>VariableManager</code> used to connect references + * and definitions while parsing + * + * @return an <code>Expression</code> or null if the root node cannot be + * parsed as a valid Expression */ ! public static Expression parseExpression(Node root, ! PolicyMetaData metaData, VariableManager manager) throws ParsingException *************** *** 47,51 **** if (name.equals("Apply")) { ! return Apply.getInstance(root, xpathVersion, manager); } else if (name.equals("AttributeValue")) { try { --- 58,62 ---- if (name.equals("Apply")) { ! return Apply.getInstance(root, metaData, manager); } else if (name.equals("AttributeValue")) { try { *************** *** 56,76 **** } else if (name.equals("SubjectAttributeDesignator")) { return AttributeDesignator. ! getInstance(root, AttributeDesignator.SUBJECT_TARGET); } else if (name.equals("ResourceAttributeDesignator")) { return AttributeDesignator. ! getInstance(root, AttributeDesignator.RESOURCE_TARGET); } else if (name.equals("ActionAttributeDesignator")) { return AttributeDesignator. ! getInstance(root, AttributeDesignator.ACTION_TARGET); } else if (name.equals("EnvironmentAttributeDesignator")) { return AttributeDesignator. ! getInstance(root, AttributeDesignator.ENVIRONMENT_TARGET); } else if (name.equals("AttributeSelector")) { ! return AttributeSelector.getInstance(root, xpathVersion); } else if (name.equals("Function")) { ! return getFunction(root, xpathVersion, FunctionFactory.getGeneralInstance()); } else if (name.equals("VariableReference")) { ! return VariableReference.getInstance(root, manager); } --- 67,91 ---- } else if (name.equals("SubjectAttributeDesignator")) { return AttributeDesignator. ! getInstance(root, AttributeDesignator.SUBJECT_TARGET, ! metaData); } else if (name.equals("ResourceAttributeDesig... [truncated message content] |
|
From: Seth P. <se...@us...> - 2005-12-05 23:35:00
|
Update of /cvsroot/sunxacml/sunxacml/com/sun/xacml/attr In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21866/com/sun/xacml/attr Modified Files: AttributeDesignator.java AttributeSelector.java AttributeValue.java Log Message: substantial update to align 2.0 features (Target and Condition) and code re-factoring to better handle Expression/Evaluatable, versions, Target, etc. Index: AttributeDesignator.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/attr/AttributeDesignator.java,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** AttributeDesignator.java 7 Jan 2005 23:49:31 -0000 1.8 --- AttributeDesignator.java 5 Dec 2005 23:34:51 -0000 1.9 *************** *** 41,44 **** --- 41,45 ---- import com.sun.xacml.MatchResult; import com.sun.xacml.ParsingException; + import com.sun.xacml.PolicyMetaData; import com.sun.xacml.TargetMatch; *************** *** 184,188 **** if (target == SUBJECT_TARGET) subjectCategory = category; ! } /** --- 185,189 ---- if (target == SUBJECT_TARGET) subjectCategory = category; ! } /** *************** *** 190,193 **** --- 191,199 ---- * root of the XML data. * + * @deprecated As of 2.0 you should avoid using this method and should + * instead use the version that takes a + * <code>PolicyMetaData</code> instance. This method will + * only work for XACML 1.x policies. + * * @param root the DOM root of the AttributeDesignatorType XML type * @param target the type of designator to create as specified in the *************** *** 201,204 **** --- 207,233 ---- throws ParsingException { + return getInstance(root, target, + new PolicyMetaData( + PolicyMetaData.XACML_VERSION_1_0, + PolicyMetaData.XPATH_VERSION_UNSPECIFIED)); + } + + /** + * Creates a new <code>AttributeDesignator</code> based on the DOM + * root of the XML data. + * + * @param root the DOM root of the AttributeDesignatorType XML type + * @param target the type of designator to create as specified in the + * four member *_TARGET fields + * @param metaData the meta-data associated with the containing policy + * + * @return the designator + * + * @throws ParsingException if the AttributeDesignatorType was invalid + */ + public static AttributeDesignator getInstance(Node root, int target, + PolicyMetaData metaData) + throws ParsingException + { URI type = null; URI id = null; *************** *** 260,272 **** /** - * Returns true since this expression is evaluatable. - * - * @return true - */ - public boolean isEvaluatable() { - return true; - } - - /** * Returns the type of this designator as specified by the *_TARGET * fields. --- 289,292 ---- *************** *** 335,338 **** --- 355,371 ---- * @return true */ + public boolean returnsBag() { + return true; + } + + /** + * Always returns true, since a designator always returns a bag of + * attribute values. + * + * @deprecated As of 2.0, you should use the <code>returnsBag</code> + * method from the super-interface <code>Expression</code>. + * + * @return true + */ public boolean evaluatesToBag() { return true; Index: AttributeValue.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/attr/AttributeValue.java,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** AttributeValue.java 7 Jan 2005 23:49:31 -0000 1.7 --- AttributeValue.java 5 Dec 2005 23:34:51 -0000 1.8 *************** *** 80,92 **** /** - * Returns true since this expression is evaluatable. - * - * @return true - */ - public boolean isEvaluatable() { - return true; - } - - /** * Returns the type of this attribute value. By default this always * returns the type passed to the constructor. --- 80,83 ---- *************** *** 100,103 **** --- 91,107 ---- /** * Returns whether or not this value is actually a bag of values. This + * is a required interface from <code>Expression</code>, but the + * more meaningful <code>isBag</code> method is used by + * <code>AttributeValue</code>s, so this method is declared as final + * and calls the <code>isBag</code> method for this value. + * + * @return true if this is a bag of values, false otherwise + */ + public final boolean returnsBag() { + return isBag(); + } + + /** + * Returns whether or not this value is actually a bag of values. This * is a required interface from <code>Evaluatable</code>, but the * more meaningful <code>isBag</code> method is used by *************** *** 105,108 **** --- 109,116 ---- * and calls the <code>isBag</code> method for this value. * + * + * @deprecated As of 2.0, you should use the <code>returnsBag</code> + * method from the super-interface <code>Expression</code>. + * * @return true if this is a bag of values, false otherwise */ Index: AttributeSelector.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/attr/AttributeSelector.java,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** AttributeSelector.java 7 Jan 2005 23:49:31 -0000 1.11 --- AttributeSelector.java 5 Dec 2005 23:34:51 -0000 1.12 *************** *** 40,43 **** --- 40,44 ---- import com.sun.xacml.Indenter; import com.sun.xacml.ParsingException; + import com.sun.xacml.PolicyMetaData; import com.sun.xacml.cond.Evaluatable; *************** *** 102,106 **** * @param xpathVersion the XPath version to use, which must be a valid * XPath version string (the identifier for XPath 1.0 ! * is provided in <code>AbstractPolicy</code>) */ public AttributeSelector(URI type, String contextPath, --- 103,107 ---- * @param xpathVersion the XPath version to use, which must be a valid * XPath version string (the identifier for XPath 1.0 ! * is provided in <code>PolicyMetaData</code>) */ public AttributeSelector(URI type, String contextPath, *************** *** 120,124 **** * @param xpathVersion the XPath version to use, which must be a valid * XPath version string (the identifier for XPath 1.0 ! * is provided in <code>AbstractPolicy</code>) */ public AttributeSelector(URI type, String contextPath, Node policyRoot, --- 121,125 ---- * @param xpathVersion the XPath version to use, which must be a valid * XPath version string (the identifier for XPath 1.0 ! * is provided in <code>PolicyMetaData</code>) */ public AttributeSelector(URI type, String contextPath, Node policyRoot, *************** *** 138,141 **** --- 139,147 ---- * an exception. * + * @deprecated As of 2.0 you should avoid using this method and should + * instead use the version that takes a + * <code>PolicyMetaData</code> instance. This method will + * only work for XACML 1.x policies. + * * @param root the root of the DOM tree for the XML AttributeSelectorType * XML type *************** *** 151,157 **** --- 157,189 ---- throws ParsingException { + return getInstance(root, + new PolicyMetaData( + PolicyMetaData.XACML_1_0_IDENTIFIER, + xpathVersion)); + } + + /** + * Creates a new <code>AttributeSelector</code> based on the DOM root + * of the XML type. Note that as of XACML 1.1 the XPathVersion element + * is required in any policy that uses a selector, so if the + * <code>xpathVersion</code> string is null, then this will throw + * an exception. + * + * @param root the root of the DOM tree for the XML AttributeSelectorType + * XML type + * @param metaData the meta-data associated with the containing policy + * + * @return an <code>AttributeSelector</code> + * + * @throws ParsingException if the AttributeSelectorType was invalid + */ + public static AttributeSelector getInstance(Node root, + PolicyMetaData metaData) + throws ParsingException + { URI type = null; String contextPath = null; boolean mustBePresent = false; + String xpathVersion = metaData.getXPathIdentifier(); // make sure we were given an xpath version *************** *** 210,222 **** /** - * Returns true since this expression is evaluatable. - * - * @return true - */ - public boolean isEvaluatable() { - return true; - } - - /** * Returns the data type of the attribute values that this selector * will resolve --- 242,245 ---- *************** *** 253,256 **** --- 276,292 ---- * @return true */ + public boolean returnsBag() { + return true; + } + + /** + * Always returns true, since a selector always returns a bag of + * attribute values. + * + * @deprecated As of 2.0, you should use the <code>returnsBag</code> + * method from the super-interface <code>Expression</code>. + * + * @return true + */ public boolean evaluatesToBag() { return true; |
|
From: Seth P. <se...@us...> - 2005-12-05 23:34:59
|
Update of /cvsroot/sunxacml/sunxacml/com/sun/xacml/finder/impl In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21866/com/sun/xacml/finder/impl Modified Files: FilePolicyModule.java SelectorModule.java Log Message: substantial update to align 2.0 features (Target and Condition) and code re-factoring to better handle Expression/Evaluatable, versions, Target, etc. Index: SelectorModule.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/finder/impl/SelectorModule.java,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** SelectorModule.java 9 Jun 2004 20:12:21 -0000 1.9 --- SelectorModule.java 5 Dec 2005 23:34:51 -0000 1.10 *************** *** 37,43 **** package com.sun.xacml.finder.impl; - import com.sun.xacml.AbstractPolicy; import com.sun.xacml.EvaluationCtx; import com.sun.xacml.ParsingException; import com.sun.xacml.UnknownIdentifierException; --- 37,43 ---- package com.sun.xacml.finder.impl; import com.sun.xacml.EvaluationCtx; import com.sun.xacml.ParsingException; + import com.sun.xacml.PolicyMetaData; import com.sun.xacml.UnknownIdentifierException; *************** *** 127,131 **** String xpathVersion) { // we only support 1.0 ! if (! xpathVersion.equals(AbstractPolicy.XPATH_1_0_VERSION)) return new EvaluationResult(BagAttribute.createEmptyBag(type)); --- 127,131 ---- String xpathVersion) { // we only support 1.0 ! if (! xpathVersion.equals(PolicyMetaData.XPATH_1_0_IDENTIFIER)) return new EvaluationResult(BagAttribute.createEmptyBag(type)); Index: FilePolicyModule.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/finder/impl/FilePolicyModule.java,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** FilePolicyModule.java 4 Jun 2004 17:50:40 -0000 1.6 --- FilePolicyModule.java 5 Dec 2005 23:34:51 -0000 1.7 *************** *** 294,298 **** throw new Exception("Unknown root document type: " + name); } - } catch (Exception e) { if (logger.isLoggable(Level.WARNING)) --- 294,297 ---- |
|
From: Seth P. <se...@us...> - 2005-12-05 23:34:59
|
Update of /cvsroot/sunxacml/sunxacml/com/sun/xacml In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21866/com/sun/xacml Modified Files: AbstractPolicy.java Policy.java PolicyReference.java PolicySet.java Rule.java Target.java TargetMatch.java VersionConstraints.java Added Files: PolicyMetaData.java TargetMatchGroup.java TargetSection.java Log Message: substantial update to align 2.0 features (Target and Condition) and code re-factoring to better handle Expression/Evaluatable, versions, Target, etc. Index: PolicySet.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/PolicySet.java,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** PolicySet.java 7 Jan 2005 23:46:33 -0000 1.6 --- PolicySet.java 5 Dec 2005 23:34:51 -0000 1.7 *************** *** 261,264 **** --- 261,265 ---- HashMap policyParameters = new HashMap(); HashMap policySetParameters = new HashMap(); + PolicyMetaData metaData = getMetaData(); // collect the PolicySet-specific elements *************** *** 273,279 **** policies.add(Policy.getInstance(child)); } else if (name.equals("PolicySetIdReference")) { ! policies.add(PolicyReference.getInstance(child, finder)); } else if (name.equals("PolicyIdReference")) { ! policies.add(PolicyReference.getInstance(child, finder)); } else if (name.equals("PolicyCombinerParameters")) { paramaterHelper(policyParameters, child, "Policy"); --- 274,282 ---- policies.add(Policy.getInstance(child)); } else if (name.equals("PolicySetIdReference")) { ! policies.add(PolicyReference.getInstance(child, finder, ! metaData)); } else if (name.equals("PolicyIdReference")) { ! policies.add(PolicyReference.getInstance(child, finder, ! metaData)); } else if (name.equals("PolicyCombinerParameters")) { paramaterHelper(policyParameters, child, "Policy"); Index: TargetMatch.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/TargetMatch.java,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** TargetMatch.java 17 Mar 2004 18:03:37 -0000 1.6 --- TargetMatch.java 5 Dec 2005 23:34:51 -0000 1.7 *************** *** 3,7 **** * @(#)TargetMatch.java * ! * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)TargetMatch.java * ! * Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 70,77 **** /** ! * Represents the SubjectMatch, ResourceMatch, or ActionMatch XML types in ! * XACML, depending on the value of the type field. This is the part of the ! * Target that actually evaluates whether the specified attribute values in the ! * Target match the corresponding attribute values in the request context. * * @since 1.0 --- 70,78 ---- /** ! * Represents the SubjectMatch, ResourceMatch, ActionMatch, or EnvironmentMatch ! * (in XACML 2.0 and later) XML types in XACML, depending on the value of the ! * type field. This is the part of the Target that actually evaluates whether ! * the specified attribute values in the Target match the corresponding ! * attribute values in the request context. * * @since 1.0 *************** *** 96,103 **** public static final int ACTION = 2; ! // private int type; private Function function; private Evaluatable eval; private AttributeValue attrValue; --- 97,122 ---- public static final int ACTION = 2; ! /** ! * An integer value indicating that this class represents an ! * EnvironmentMatch ! */ ! public static final int ENVIRONMENT = 3; ! ! /** ! * Mapping from the 4 match types to their string representations ! */ ! public static final String [] NAMES = { "Subject", "Resource", "Action", ! "Environment" }; ! ! // the type of this target match private int type; + + // the function used for matching private Function function; + + // the designator or selector private Evaluatable eval; + + // the value private AttributeValue attrValue; *************** *** 122,126 **** if ((type != SUBJECT) && (type != RESOURCE) && ! (type != ACTION)) throw new IllegalArgumentException("Unknown TargetMatch type"); --- 141,146 ---- if ((type != SUBJECT) && (type != RESOURCE) && ! (type != ACTION) && ! (type != ENVIRONMENT)) throw new IllegalArgumentException("Unknown TargetMatch type"); *************** *** 136,139 **** --- 156,164 ---- * or ActionMatch. * + * @deprecated As of 2.0 you should avoid using this method and should + * instead use the version that takes a + * <code>PolicyMetaData</code> instance. This method will + * only work for XACML 1.x policies. + * * @param root the node to parse for the <code>TargetMatch</code> * @param prefix a String indicating what type of <code>TargetMatch</code> *************** *** 152,156 **** throws ParsingException, IllegalArgumentException { ! int type; Function function; Evaluatable eval = null; --- 177,211 ---- throws ParsingException, IllegalArgumentException { ! int i = 0; ! while ((i < NAMES.length) && (! NAMES[i].equals(prefix))) ! i++; ! ! if (i == NAMES.length) ! throw new IllegalArgumentException("Unknown TargetMatch type"); ! ! return getInstance(root, i, ! new PolicyMetaData( ! PolicyMetaData.XACML_1_0_IDENTIFIER, ! xpathVersion)); ! } ! ! /** ! * Creates a <code>TargetMatch</code> by parsing a node, using the ! * input prefix to determine whether this is a SubjectMatch, ResourceMatch, ! * or ActionMatch. ! * ! * @param root the node to parse for the <code>TargetMatch</code> ! * @param matchType the type of <code>TargetMatch</code> as specified by ! * the SUBJECT, RESOURCE, ACTION, or ENVIRONMENT fields ! * @param metaData the policy's meta-data ! * ! * @return a new <code>TargetMatch</code> constructed by parsing ! * ! * @throws ParsingException if there was an error during parsing ! */ ! public static TargetMatch getInstance(Node root, int matchType, ! PolicyMetaData metaData) ! throws ParsingException ! { Function function; Evaluatable eval = null; *************** *** 159,174 **** AttributeFactory attrFactory = AttributeFactory.getInstance(); ! // first off, figure out which of three types we are ! if (prefix.equals("Subject")) { ! type = SUBJECT; ! } else if (prefix.equals("Resource")) { ! type = RESOURCE; ! } else if (prefix.equals("Action")) { ! type = ACTION; ! } else { ! throw new IllegalArgumentException("Unknown TargetMatch type"); ! } ! ! // now get the function type, making sure that it's really a correct // Target function String funcName = root.getAttributes(). --- 214,218 ---- AttributeFactory attrFactory = AttributeFactory.getInstance(); ! // get the function type, making sure that it's really a correct // Target function String funcName = root.getAttributes(). *************** *** 200,207 **** String name = node.getNodeName(); ! if (name.equals(prefix + "AttributeDesignator")) { ! eval = AttributeDesignator.getInstance(node, type); } else if (name.equals("AttributeSelector")) { ! eval = AttributeSelector.getInstance(node, xpathVersion); } else if (name.equals("AttributeValue")) { try { --- 244,252 ---- String name = node.getNodeName(); ! if (name.equals(NAMES[matchType] + "AttributeDesignator")) { ! eval = AttributeDesignator.getInstance(node, matchType, ! metaData); } else if (name.equals("AttributeSelector")) { ! eval = AttributeSelector.getInstance(node, metaData); } else if (name.equals("AttributeValue")) { try { *************** *** 219,228 **** function.checkInputsNoBag(inputs); ! return new TargetMatch(type, function, eval, attrValue); } /** * Returns the type of this <code>TargetMatch</code>, either ! * <code>SUBJECT</code>, <code>RESOURCE</code>, or <code>ACTION</code>. * * @return the type --- 264,274 ---- function.checkInputsNoBag(inputs); ! return new TargetMatch(matchType, function, eval, attrValue); } /** * Returns the type of this <code>TargetMatch</code>, either ! * <code>SUBJECT</code>, <code>RESOURCE</code>, <code>ACTION</code>, or ! * <code>ENVIRONMENT</code>. * * @return the type *************** *** 373,386 **** PrintStream out = new PrintStream(output); String indent = indenter.makeString(); ! String tagName = null; ! ! switch (type) { ! case SUBJECT: tagName = "SubjectMatch"; ! break; ! case RESOURCE: tagName = "ResourceMatch"; ! break; ! case ACTION: tagName = "ActionMatch"; ! break; ! } out.println(indent + "<" + tagName + " MatchId=\"" + --- 419,423 ---- PrintStream out = new PrintStream(output); String indent = indenter.makeString(); ! String tagName = NAMES[type] + "Match"; out.println(indent + "<" + tagName + " MatchId=\"" + Index: AbstractPolicy.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/AbstractPolicy.java,v retrieving revision 1.13 retrieving revision 1.14 diff -C2 -d -r1.13 -r1.14 *** AbstractPolicy.java 17 Feb 2005 15:58:24 -0000 1.13 --- AbstractPolicy.java 5 Dec 2005 23:34:50 -0000 1.14 *************** *** 76,85 **** { - /** - * XPath 1.0 identifier, the only version we support right now - */ - public static final String XPATH_1_0_VERSION = - "http://www.w3.org/TR/1999/Rec-xpath-19991116"; - // atributes associated with this policy private URI idAttr; --- 76,79 ---- *************** *** 94,97 **** --- 88,94 ---- private String defaultVersion; + // the meta-data associated with this policy + private PolicyMetaData metaData; + // the child elements under this policy represented simply as the // PolicyTreeElements... *************** *** 181,184 **** --- 178,184 ---- this.version = version; + // FIXME: this needs to fill in the meta-data correctly + metaData = null; + if (obligations == null) this.obligations = Collections.EMPTY_SET; *************** *** 249,257 **** } obligations = new HashSet(); parameters = new ArrayList(); - // now read the policy elements - NodeList children = root.getChildNodes(); for (int i = 0; i < children.getLength(); i++) { Node child = children.item(i); --- 249,271 ---- } + // do an initial pass through the elements to pull out the + // defaults, if any, so we can setup the meta-data + NodeList children = root.getChildNodes(); + String xpathVersion = null; + + for (int i = 0; i < children.getLength(); i++) { + Node child = children.item(i); + if (child.getNodeName().equals(policyPrefix + "Defaults")) + handleDefaults(child); + } + + // with the defaults read, create the meta-data + metaData = new PolicyMetaData(root.getNamespaceURI(), defaultVersion); + + // now read the remaining policy elements obligations = new HashSet(); parameters = new ArrayList(); + children = root.getChildNodes(); for (int i = 0; i < children.getLength(); i++) { Node child = children.item(i); *************** *** 261,269 **** description = child.getFirstChild().getNodeValue(); } else if (cname.equals("Target")) { ! target = Target.getInstance(child, defaultVersion); } else if (cname.equals("Obligations")) { parseObligations(child); - } else if (cname.equals(policyPrefix + "Defaults")) { - handleDefaults(child); } else if (cname.equals("CombinerParameters")) { handleParameters(child); --- 275,281 ---- description = child.getFirstChild().getNodeValue(); } else if (cname.equals("Target")) { ! target = Target.getInstance(child, metaData); } else if (cname.equals("Obligations")) { parseObligations(child); } else if (cname.equals("CombinerParameters")) { handleParameters(child); *************** *** 271,276 **** } ! // finally, make sure the set of obligations is immutable obligations = Collections.unmodifiableSet(obligations); } --- 283,289 ---- } ! // finally, make sure the obligations and parameters are immutable obligations = Collections.unmodifiableSet(obligations); + parameters = Collections.unmodifiableList(parameters); } *************** *** 300,309 **** for (int i = 0; i < nodes.getLength(); i++) { Node node = nodes.item(i); ! if (node.getNodeName().equals("XPathVersion")) { defaultVersion = node.getFirstChild().getNodeValue(); - if (! defaultVersion.equals(XPATH_1_0_VERSION)) { - throw new ParsingException("Unknown XPath version"); - } - } } } --- 313,318 ---- for (int i = 0; i < nodes.getLength(); i++) { Node node = nodes.item(i); ! if (node.getNodeName().equals("XPathVersion")) defaultVersion = node.getFirstChild().getNodeValue(); } } *************** *** 332,336 **** /** ! * Returns the version of this policy * * @return the policy version --- 341,346 ---- /** ! * Returns the version of this policy. If this is an XACML 1.x policy ! * then this will always return <code>"1.0"</code>. * * @return the policy version *************** *** 350,353 **** --- 360,373 ---- /** + * Returns the list of input parameters for the combining algorithm. If + * this is an XACML 1.x policy then the list will always be empty. + * + * @return a <code>List</code> of <code>CombinerParameter</code>s + */ + public List getCombiningParameters() { + return parameters; + } + + /** * Returns the given description of this policy or null if there is no * description *************** *** 411,414 **** --- 431,441 ---- /** + * Returns the meta-data associated with this policy + */ + public PolicyMetaData getMetaData() { + return metaData; + } + + /** * Given the input context sees whether or not the request matches this * policy. This must be called by combining algorithms before they --- NEW FILE: PolicyMetaData.java --- /* * @(#)PolicyMetaData.java * * Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistribution of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistribution in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed or intended for use in * the design, construction, operation or maintenance of any nuclear facility. */ package com.sun.xacml; /** * This is used to share polcy meta-data throughout the policy tree. Examples * of common meta-data include the version of XACML or XPath being used in * a policy. * * @since 2.0 * @author Seth Proctor */ public class PolicyMetaData { /** * XACML 1.0 identifier */ public static final String XACML_1_0_IDENTIFIER = "urn:oasis:names:tc:xacml:1.0:policy"; /** * XACML 2.0 identifier */ public static final String XACML_2_0_IDENTIFIER = "urn:oasis:names:tc:xacml:2.0:policy:schema:os"; /** * Version identifier for XACML 1.0 */ public static final int XACML_VERSION_1_0 = 0; /** * Version identifier for XACML 1.1 (which isn't a formal release * so has no namespace string, but still exists as a separate * specification) */ public static final int XACML_VERSION_1_1 = 1; /** * Version identifier for XACML 1.2 */ public static final int XACML_VERSION_2_0 = 2; /** * The default version of XACML, 1.0, used if no namespace string * is specified */ public static final int XACML_DEFAULT_VERSION = XACML_VERSION_1_0; // private mapping from XACML version number to identifier string private static String [] xacmlIdentifiers = { XACML_1_0_IDENTIFIER, XACML_1_0_IDENTIFIER, XACML_2_0_IDENTIFIER }; /** * XPath 1.0 identifier */ public static final String XPATH_1_0_IDENTIFIER = "http://www.w3.org/TR/1999/Rec-xpath-19991116"; /** * Version identifier for an unspecified version of XPath */ public static final int XPATH_VERSION_UNSPECIFIED = 0; /** * Version identifier for XPath 1.0 */ public static final int XPATH_VERSION_1_0 = 1; // private mapping from XPath version number to identifier string private static String [] xpathIdentifiers = { null, XPATH_1_0_IDENTIFIER }; // the version of XACML private int xacmlVersion; // the version of XPath, or null if none is specified private int xpathVersion; /** * Creates a <code>PolicyMetaData</code> instance with the given * parameters. * * @param xacmlVersion the version of XACML used in a policy * @param xpathVersion the XPath version to use in any selectors */ public PolicyMetaData(int xacmlVersion, int xpathVersion) { this.xacmlVersion = xacmlVersion; this.xpathVersion = xpathVersion; } /** * Creates a <code>PolicyMetaData</code> instance with the given * parameters. * * @param xacmlVersion the version of XACML used in a policy * @param xpathVersion the XPath version to use in any selectors, or * null if this is unspecified (ie, not supplied in * the defaults section of the policy) * * @throws IllegalArgumentException if the identifier strings are unknown */ public PolicyMetaData(String xacmlVersion, String xpathVersion) { if (xacmlVersion == null) this.xacmlVersion = XACML_DEFAULT_VERSION; else if (xacmlVersion.equals(XACML_1_0_IDENTIFIER)) this.xacmlVersion = XACML_VERSION_1_0; else if (xacmlVersion.equals(XACML_2_0_IDENTIFIER)) this.xacmlVersion = XACML_VERSION_2_0; else throw new IllegalArgumentException("Unknown XACML version " + "string: " + xacmlVersion); if (xpathVersion != null) { if (! xpathVersion.equals(XPATH_1_0_IDENTIFIER)) throw new IllegalArgumentException("Unsupported XPath " + " version: " + xpathVersion); this.xpathVersion = XPATH_VERSION_1_0; } else { this.xpathVersion = XPATH_VERSION_UNSPECIFIED; } } /** * Returns which version of XACML is specified in this meta-data. * * @return the XACML version */ public int getXACMLVersion() { return xacmlVersion; } /** * Returns the identifier string for the specified version of XACML. * * @return the identifier string */ public String getXACMLIdentifier() { return xacmlIdentifiers[xacmlVersion]; } /** * Returns which version of XPath is specified in this meta-data. * * @return the XPath version or null */ public int getXPathVersion() { return xpathVersion; } /** * Returns the identifier string for the specified version of XPath, or * null if no version is specified. * * @return the identifier string or null */ public String getXPathIdentifier() { return xpathIdentifiers[xpathVersion]; } } Index: Target.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/Target.java,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** Target.java 4 Jun 2004 17:50:39 -0000 1.8 --- Target.java 5 Dec 2005 23:34:51 -0000 1.9 *************** *** 3,7 **** * @(#)Target.java * ! * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)Target.java * ! * Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 37,50 **** package com.sun.xacml; - import com.sun.xacml.ctx.Status; - import java.io.OutputStream; import java.io.PrintStream; - import java.util.ArrayList; - import java.util.Collections; - import java.util.Iterator; - import java.util.List; - import java.util.logging.Level; import java.util.logging.Logger; --- 37,43 ---- *************** *** 56,62 **** /** * Represents the TargetType XML type in XACML. This also stores several ! * other XML types: Subjects, Resources, and Actions. The target is ! * used to quickly identify whether the parent element (a policy set, ! * policy, or rule) is applicable to a given request. * * @since 1.0 --- 49,55 ---- /** * Represents the TargetType XML type in XACML. This also stores several ! * other XML types: Subjects, Resources, Actions, and Environments (in XACML ! * 2.0 and later). The target is used to quickly identify whether the parent ! * element (a policy set, policy, or rule) is applicable to a given request. * * @since 1.0 *************** *** 66,73 **** { ! // the elements in a Target, all of which are required ! private List subjects; ! private List resources; ! private List actions; // the logger we'll use for all messages --- 59,70 ---- { ! // the four sections of a Target ! private TargetSection subjectsSection; ! private TargetSection resourcesSection; ! private TargetSection actionsSection; ! private TargetSection environmentsSection; ! ! // the version of XACML of the policy containing this target ! private int xacmlVersion; // the logger we'll use for all messages *************** *** 76,109 **** /** ! * Constructor that creates a <code>Target</code> from components. * ! * @param subjects A <code>List</code> containing the subjects or null ! * if this represents AnySubject. The list is of the ! * form described in <code>getSubjects</code>. ! * @param resources A <code>List</code> containing the resources or null ! * if this represents AnyResource The list is of the ! * form described in <code>getResources</code>. ! * @param actions A <code>List</code> containing the actions or null ! * if this represents AnyAction The list is of the ! * form described in <code>getActions</code>. */ ! public Target(List subjects, List resources, List actions) { ! if (subjects == null) ! this.subjects = subjects; ! else ! this.subjects = Collections. ! unmodifiableList(new ArrayList(subjects)); ! if (resources == null) ! this.resources = resources; ! else ! this.resources = Collections. ! unmodifiableList(new ArrayList(resources)); ! if (actions == null) ! this.actions = actions; ! else ! this.actions = Collections. ! unmodifiableList(new ArrayList(actions)); } --- 73,134 ---- /** ! * Constructor that creates an XACML 1.x <code>Target</code> from ! * components. Each of the sections must be non-null, but they may match ! * any request. Because this is only used for 1.x Targets, there is no ! * Environments section. * ! * @param subjectsSection a <code>TargetSection</code> representing ! * the Subjects section of this target ! * @param resourcesSection a <code>TargetSection</code> representing ! * the Resources section of this target ! * @param actionsSection a <code>TargetSection</code> representing ! * the Actions section of this target */ ! public Target(TargetSection subjectsSection, ! TargetSection resourcesSection, ! TargetSection actionsSection) { ! if ((subjectsSection == null) || (resourcesSection == null) || ! (actionsSection == null)) ! throw new ProcessingException("All sections of a Target must " + ! "be non-null"); ! ! this.subjectsSection = subjectsSection; ! this.resourcesSection = resourcesSection; ! this.actionsSection = actionsSection; ! this.environmentsSection = ! new TargetSection(null, TargetMatch.ENVIRONMENT, ! PolicyMetaData.XACML_VERSION_1_0); ! this.xacmlVersion = PolicyMetaData.XACML_VERSION_1_0; ! } ! /** ! * Constructor that creates an XACML 2.0 <code>Target</code> from ! * components. Each of the sections must be non-null, but they may ! * match any request. ! * ! * @param subjectsSection a <code>TargetSection</code> representing ! * the Subjects section of this target ! * @param resourcesSection a <code>TargetSection</code> representing ! * the Resources section of this target ! * @param actionsSection a <code>TargetSection</code> representing ! * the Actions section of this target ! * @param environmentsSection a <code>TargetSection</code> representing ! * the Environments section of this target ! */ ! public Target(TargetSection subjectsSection, ! TargetSection resourcesSection, ! TargetSection actionsSection, ! TargetSection environmentsSection) ! { ! if ((subjectsSection == null) || (resourcesSection == null) || ! (actionsSection == null) || (environmentsSection == null)) ! throw new ProcessingException("All sections of a Target must " + ! "be non-null"); ! this.subjectsSection = subjectsSection; ! this.resourcesSection = resourcesSection; ! this.actionsSection = actionsSection; ! this.environmentsSection = environmentsSection; ! this.xacmlVersion = PolicyMetaData.XACML_VERSION_2_0; } *************** *** 111,114 **** --- 136,144 ---- * Creates a <code>Target</code> by parsing a node. * + * @deprecated As of 2.0 you should avoid using this method and should + * instead use the version that takes a + * <code>PolicyMetaData</code> instance. This method will + * only work for XACML 1.x policies. + * * @param root the node to parse for the <code>Target</code> * @param xpathVersion the XPath version to use in any selectors, or *************** *** 123,129 **** throws ParsingException { ! List subjects = null; ! List resources = null; ! List actions = null; NodeList children = root.getChildNodes(); --- 153,177 ---- throws ParsingException { ! return getInstance(root, ! new PolicyMetaData( ! PolicyMetaData.XACML_1_0_IDENTIFIER, ! xpathVersion)); ! } ! ! /** ! * Creates a <code>Target</code> by parsing a node. ! * ! * @param root the node to parse for the <code>Target</code> ! * @return a new <code>Target</code> constructed by parsing ! * ! * @throws ParsingException if the DOM node is invalid ! */ ! public static Target getInstance(Node root, PolicyMetaData metaData) ! throws ParsingException ! { ! TargetSection subjects = null; ! TargetSection resources = null; ! TargetSection actions = null; ! TargetSection environments = null; NodeList children = root.getChildNodes(); *************** *** 133,247 **** if (name.equals("Subjects")) { ! subjects = getAttributes(child, "Subject", xpathVersion); } else if (name.equals("Resources")) { ! resources = getAttributes(child, "Resource", xpathVersion); } else if (name.equals("Actions")) { ! actions = getAttributes(child, "Action", xpathVersion); } } ! return new Target(subjects, resources, actions); ! } ! ! /** ! * Helper method that parses the contents of the Subjects, ! * Resources, or Actions types, depending on the input prefix, ! * which must be either "Subject", "Resource", or "Action". ! * A null List specifies any attributes will match; ! * it represents AnySubject, AnyResource, or AnyAction. ! */ ! private static List getAttributes(Node root, String prefix, ! String xpathVersion) ! throws ParsingException ! { ! List matches = new ArrayList(); ! NodeList children = root.getChildNodes(); ! for (int i = 0; i < children.getLength(); i++) { ! Node child = children.item(i); ! String name = child.getNodeName(); ! if (name.equals(prefix)) { ! matches.add(getMatches(child, prefix, xpathVersion)); ! } else if (name.equals("Any" + prefix)) { ! return null; ! } } - - return matches; } /** ! * Helper method that parses the contents of a SubjectMatch, ! * ResourceMatch, or ActionMatch type, depending on the input ! * prefix, which must be either "Subject", "Resource" or "Action" */ ! private static List getMatches(Node root, String prefix, ! String xpathVersion) ! throws ParsingException ! { ! List list = new ArrayList(); ! NodeList children = root.getChildNodes(); ! ! for (int i = 0; i < children.getLength(); i++) { ! Node child = children.item(i); ! String name = child.getNodeName(); ! ! if (name.equals(prefix + "Match")) ! list.add(TargetMatch.getInstance(child, prefix, xpathVersion)); ! } ! return Collections.unmodifiableList(list); } /** ! * Returns an unmodifiable <code>List</code> that represents the Subjects ! * section of this target. Each entry in the <code>List</code> is ! * another <code>List</code> that represents the Subject section. In turn, ! * each of these <code>List</code>s contains <code>TargetMatch</code> ! * objects that represent SubjectMatch XML structures. ! * <p> ! * Note that future versions of this code may use intermediary classes to ! * make the structure clearer, but this depends on the future structure ! * of XACML Targets. * ! * @return the matching elements or null of the match is any */ ! public List getSubjects() { ! return subjects; } /** ! * Returns an unmodifiable <code>List</code> that represents the Resources ! * section of this target. Each entry in the <code>List</code> is ! * another <code>List</code> that represents the Resource section. In turn, ! * each of these <code>List</code>s contains <code>TargetMatch</code> ! * objects that represent ResourceMatch XML structures. ! * <p> ! * Note that future versions of this code may use intermediary classes to ! * make the structure clearer, but this depends on the future structure ! * of XACML Targets. * ! * @return the matching elements or null of the match is any */ ! public List getResources() { ! return resources; } /** ! * Returns an unmodifiable <code>List</code> that represents the Actions ! * section of this target. Each entry in the <code>List</code> is ! * another <code>List</code> that represents the Action section. In turn, ! * each of these <code>List</code>s contains <code>TargetMatch</code> ! * objects that represent ActionMatch XML structures. ! * <p> ! * Note that future versions of this code may use intermediary classes to ! * make the structure clearer, but this depends on the future structure ! * of XACML Targets. * ! * @return the matching elements or null of the match is any */ ! public List getActions() { ! return actions; } --- 181,270 ---- if (name.equals("Subjects")) { ! subjects = ! TargetSection.getInstance(child, TargetMatch.SUBJECT, ! metaData); } else if (name.equals("Resources")) { ! resources = ! TargetSection.getInstance(child, TargetMatch.RESOURCE, ! metaData); } else if (name.equals("Actions")) { ! actions = ! TargetSection.getInstance(child, TargetMatch.ACTION, ! metaData); ! } else if (name.equals("Environments")) { ! environments = ! TargetSection.getInstance(child, TargetMatch.ENVIRONMENT, ! metaData); } } ! // starting in 2.0 an any-matching section is represented by a ! // missing element, and in 1.x there were no Environments elements, ! // so these need to get turned into non-null arguments ! int version = metaData.getXACMLVersion(); ! if (subjects == null) ! subjects = new TargetSection(null, TargetMatch.SUBJECT, version); ! if (resources == null) ! resources = new TargetSection(null, TargetMatch.RESOURCE, version); ! if (actions == null) ! actions = new TargetSection(null, TargetMatch.ACTION, version); ! if (version == PolicyMetaData.XACML_VERSION_2_0) { ! if (environments == null) ! environments = new TargetSection(null, TargetMatch.ENVIRONMENT, ! version); ! return new Target(subjects, resources, actions, environments); ! } else { ! return new Target(subjects, resources, actions); } } /** ! * Returns the Subjects section of this Target. ! * ! * @return a <code>TargetSection</code> representing the Subjects */ ! public TargetSection getSubjectsSection() { ! return subjectsSection; ! } ! /** ! * Returns the Resources section of this Target. ! * ! * @return a <code>TargetSection</code> representing the Resources ! */ ! public TargetSection getResourcesSection() { ! return resourcesSection; } /** ! * Returns the Actions section of this Target. * ! * @return a <code>TargetSection</code> representing the Actions */ ! public TargetSection getActionsSection() { ! return actionsSection; } /** ! * Returns the Environments section of this Target. Note that if this is ! * an XACML 1.x policy, then the section will always match anything, ! * since XACML 1.x doesn't support matching on the Environment. * ! * @return a <code>TargetSection</code> representing the Environments */ ! public TargetSection getEnvironmentsSection() { ! return environmentsSection; } /** ! * Returns whether or not this <code>Target</code> matches any request. * ! * @return true if this Target matches any request, false otherwise */ ! public boolean matchesAny() { ! return subjectsSection.matchesAny() && resourcesSection.matchesAny() && ! actionsSection.matchesAny() && environmentsSection.matchesAny(); } *************** *** 255,338 **** */ public MatchResult match(EvaluationCtx context) { ! // first look to see if there are any subjects to match ! if (subjects != null) { ! MatchResult result = checkSet(subjects, context); ! if (result.getResult() != MatchResult.MATCH) { ! logger.finer("failed to match Subjects section of Target"); ! return result; ! } ! } ! // now look to see if there is a resource to match ! if (resources != null) { ! MatchResult result = checkSet(resources, context); ! if (result.getResult() != MatchResult.MATCH) { ! logger.finer("failed to match Resources section of Target"); ! return result; ! } ! } ! // finally, see if there are any actions to match ! if (actions != null) { ! MatchResult result = checkSet(actions, context); ! if (result.getResult() != MatchResult.MATCH) { ! logger.finer("failed to match Actions section of Target"); ! return result; ! } } ! // if we got here, then everything matched ! return new MatchResult(MatchResult.MATCH); ! } ! ! /** ! * Helper function that determines whether there is at least ! * one positive match between each section of the Target element ! * and the input request ! */ ! private MatchResult checkSet(List matchList, EvaluationCtx context) { ! Iterator it = matchList.iterator(); ! boolean allFalse = true; ! Status firstIndeterminateStatus = null; ! ! // for each item in this loop, there must be at least one match ! while (it.hasNext()) { ! // first off, get the next set of objects ! List list = (List)(it.next()); ! Iterator it2 = list.iterator(); ! MatchResult result = null; ! ! // now we go through the set, every one of which must match ! while (it2.hasNext()) { ! TargetMatch tm = (TargetMatch)(it2.next()); ! result = tm.match(context); ! if (result.getResult() != MatchResult.MATCH) ! break; ! } ! ! // if the last one was a MATCH, then all of the matches ! // matched, so we're done ! if (result.getResult() == MatchResult.MATCH) ! return result; ! // if we didn't match then it was either a NO_MATCH or ! // INDETERMINATE...in the second case, we need to remember ! // it happened, 'cause if we don't get a MATCH, then we'll ! // be returning INDETERMINATE ! if (result.getResult() == MatchResult.INDETERMINATE) { ! allFalse = false; ! if (firstIndeterminateStatus == null) ! firstIndeterminateStatus = result.getStatus(); ! } } ! // if we got here, then none of the sub-matches passed, so ! // we have to see if we got any INDETERMINATE cases ! if (allFalse) ! return new MatchResult(MatchResult.NO_MATCH); ! else ! return new MatchResult(MatchResult.INDETERMINATE, ! firstIndeterminateStatus); } --- 278,317 ---- */ public MatchResult match(EvaluationCtx context) { ! MatchResult result = null; ! // before matching, see if this target matches any request ! if (matchesAny()) ! return new MatchResult(MatchResult.MATCH); ! // first, try matching the Subjects section ! result = subjectsSection.match(context); ! if (result.getResult() != MatchResult.MATCH) { ! logger.finer("failed to match Subjects section of Target"); ! return result; } ! // now try matching the Resources section ! result = resourcesSection.match(context); ! if (result.getResult() != MatchResult.MATCH) { ! logger.finer("failed to match Resources section of Target"); ! return result; ! } ! // next, look at the Actions section ! result = actionsSection.match(context); ! if (result.getResult() != MatchResult.MATCH) { ! logger.finer("failed to match Actions section of Target"); ! return result; ! } ! // finally, match the Environments section ! result = environmentsSection.match(context); ! if (result.getResult() != MatchResult.MATCH) { ! logger.finer("failed to match Environments section of Target"); ! return result; } ! // if we got here, then everything matched ! return result; } *************** *** 360,413 **** String indent = indenter.makeString(); ! out.println(indent + "<Target>"); ! indenter.in(); ! ! encodeSection(out, indenter, "Subject", subjects); ! encodeSection(out, indenter, "Resource", resources); ! encodeSection(out, indenter, "Action", actions); ! ! indenter.out(); ! out.println(indent + "</Target>"); ! } ! ! /** ! * Helper function that encodes a section of the target. ! */ ! private void encodeSection(PrintStream output, Indenter indenter, ! String name, List list) { ! String indent = indenter.makeString(); ! ! output.println(indent + "<" + name + "s>"); ! ! indenter.in(); ! String indentNext = indenter.makeString(); ! if (list == null) { ! // the match is any ! output.println(indentNext + "<Any" + name + "/>"); } else { ! String nextIndent = indenter.makeString(); ! ! Iterator it = list.iterator(); indenter.in(); ! while (it.hasNext()) { ! List items = (List)(it.next()); ! output.println(indentNext + "<" + name + ">"); ! ! Iterator matchIterator = items.iterator(); ! while (matchIterator.hasNext()) { ! TargetMatch tm = (TargetMatch)(matchIterator.next()); ! tm.encode(output, indenter); ! } ! ! output.println(indentNext + "</" + name + ">"); ! } ! indenter.out(); } - - indenter.out(); - output.println(indent + "</" + name + "s>"); } --- 339,367 ---- String indent = indenter.makeString(); ! // see if this Target matches anything ! boolean matchesAny = (subjectsSection.matchesAny() && ! resourcesSection.matchesAny() && ! actionsSection.matchesAny() && ! environmentsSection.matchesAny()); ! if (matchesAny && (xacmlVersion == PolicyMetaData.XACML_VERSION_2_0)) { ! // in 2.0, if all the sections match any request, then the Target ! // element is empty and should be encoded simply as en empty tag ! out.println("<Target/>"); } else { ! out.println(indent + "<Target>"); indenter.in(); ! subjectsSection.encode(output, indenter); ! resourcesSection.encode(output, indenter); ! actionsSection.encode(output, indenter); ! ! // we should only do this if we're a 2.0 policy ! if (xacmlVersion == PolicyMetaData.XACML_VERSION_2_0) ! environmentsSection.encode(output, indenter); ! indenter.out(); + out.println(indent + "</Target>"); } } Index: PolicyReference.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/PolicyReference.java,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** PolicyReference.java 7 Jan 2005 23:47:42 -0000 1.8 --- PolicyReference.java 5 Dec 2005 23:34:51 -0000 1.9 *************** *** 109,113 **** /** ! * Creates a new <code>PolicyReference</code>. * * @param reference the reference to the policy --- 109,133 ---- /** ! * Creates a new <code>PolicyReference</code> instance. This has no ! * constraints on version matching. Note that an XACML 1.x reference may ! * not have any constraints. ! * ! * @param reference the reference to the policy ! * @param policyType one of the two fields in this class ! * @param finder the <code>PolicyFinder</code> used to handle the reference ! * ! * @throws IllegalArgumentException if the input policyType isn't valid ! */ ! public PolicyReference(URI reference, int policyType, PolicyFinder finder) ! throws IllegalArgumentException ! { ! this(reference, policyType, new VersionConstraints(null, null, null), ! finder); ! } ! ! /** ! * Creates a new <code>PolicyReference</code> instance with version ! * constraints. Note that an XACML 1.x reference may not have any ! * constraints. * * @param reference the reference to the policy *************** *** 142,145 **** --- 162,170 ---- * a DOM node. * + * @deprecated As of 2.0 you should avoid using this method and should + * instead use the version that takes a + * <code>PolicyMetaData</code> instance. This method will + * only work for XACML 1.x policies. + * * @param root the DOM root of a PolicyIdReference or a * PolicySetIdReference XML type *************** *** 151,154 **** --- 176,200 ---- throws ParsingException { + return getInstance(root, finder, + new PolicyMetaData( + PolicyMetaData.XACML_VERSION_1_0, + PolicyMetaData.XPATH_VERSION_UNSPECIFIED)); + } + + /** + * Creates an instance of a <code>PolicyReference</code> object based on + * a DOM node. + * + * @param root the DOM root of a PolicyIdReference or a + * PolicySetIdReference XML type + * @param finder the <code>PolicyFinder</code> used to handle the reference + * @param metaData the meta-data associated with the containing policy + * + * @exception ParsingException if the node is invalid + */ + public static PolicyReference getInstance(Node root, PolicyFinder finder, + PolicyMetaData metaData) + throws ParsingException + { URI reference = null; int policyType; *************** *** 339,342 **** --- 385,400 ---- /** + * Returns the meta-data associated with this policy. If the policy is + * invalid or can't be retrieved, then a runtime exception is thrown. + * + * @return the policy's meta-data + * + * @throws ProcessingException if the referenced policy can't be retrieved + */ + public PolicyMetaData getMetaData() { + return resolvePolicy().getMetaData(); + } + + /** * Given the input context sees whether or not the request matches this * policy. This must be called by combining algorithms before they *************** *** 456,460 **** /** ! * Private helper method that encodes the variable constraints info */ private String encodeConstraints() { --- 514,520 ---- /** ! * Private helper method that encodes the variable constraints info. Note ! * that if this is a pre-2.0 policy the constraints are always null, so ! * nothing will be added here. */ private String encodeConstraints() { Index: VersionConstraints.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/VersionConstraints.java,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** VersionConstraints.java 7 Jan 2005 23:47:42 -0000 1.1 --- VersionConstraints.java 5 Dec 2005 23:34:51 -0000 1.2 *************** *** 172,177 **** // ...and a version too if (version == null) ! return false; // setup tokenizers --- 172,180 ---- // ...and a version too + // FIXME: this originally returned false, but I think it should + // return true, since we always match if the contstraint is + // unbound (null) ... is that right? if (version == null) ! return true; // setup tokenizers --- NEW FILE: TargetSection.java --- /* * @(#)TargetSection.java * * Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistribution of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistribution in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed or intended for use in * the design, construction, operation or maintenance of any nuclear facility. */ package com.sun.xacml; import com.sun.xacml.ctx.Status; import java.io.OutputStream; import java.io.PrintStream; import java.util.ArrayList; import java.util.Collections; import java.util.Iterator; import java.util.List; import org.w3c.dom.Node; import org.w3c.dom.NodeList; /** * This is a container class for instances of <code>TargetMatchGroup</code> * and represents the Subjects, Resources, Actions, and Environments * sections of an XACML Target. This section may apply to any request. * * @since 2.0 * @author Seth Proctor */ public class TargetSection { // the list of match groups private List matchGroups; // the match type contained in this group private int matchType; // the version of XACML used by the containing Target private int xacmlVersion; /** * Constructor that takes a group and a version. The if the group is * null or empty, then this represents a section that matches any request. * * @param matchGroups a possibly null <code>List</code> of * <code>TargetMatchGroup</code>s * @param xacmlVersion the version XACML being used * @param matchType */ public TargetSection(List matchGroups, int matchType, int xacmlVersion) { if (matchGroups == null) this.matchGroups = Collections.unmodifiableList(new ArrayList()); else this.matchGroups = Collections. unmodifiableList(new ArrayList(matchGroups)); this.matchType = matchType; this.xacmlVersion = xacmlVersion; } /** * Creates a <code>Target</code> by parsing a node. * * @param root the node to parse for the <code>Target</code> * @param matchType * @param metaData * * @return a new <code>Target</code> constructed by parsing * * @throws ParsingException if the DOM node is invalid */ public static TargetSection getInstance(Node root, int matchType, PolicyMetaData metaData) throws ParsingException { List groups = new ArrayList(); NodeList children = root.getChildNodes(); for (int i = 0; i < children.getLength(); i++) { Node child = children.item(i); String name = child.getNodeName(); String typeName = TargetMatch.NAMES[matchType]; if (name.equals(typeName)) { groups.add(TargetMatchGroup.getInstance(child, matchType, metaData)); } else if (name.equals("Any" + typeName)) { // in a schema-valid policy, the Any element will always be // the only element, so if we find this we stop break; } } // at this point the list is non-empty (it has specific groups to // match) or is empty (it applies to any request using the 1.x or // 2.0 syntax) return new TargetSection(groups, matchType, metaData.getXACMLVersion()); } /** * Returns the <code>TargetMatchGroup</code>s contained in this group. * * @return a <code>List</code> of <code>TargetMatchGroup</code>s */ public List getMatchGroups() { return matchGroups; } /** * Returns whether this section matches any request. * * @return true if this section matches any request, false otherwise */ public boolean matchesAny() { return matchGroups.isEmpty(); } /** * Determines whether this <code>TargetSection</code> matches * the input request (whether it is applicable). * * @param context the representation of the request * * @return the result of trying to match the target and the request */ public MatchResult match(EvaluationCtx context) { // if we apply to anything, then we always match if (matchGroups.isEmpty()) return new MatchResult(MatchResult.MATCH); // there are specific matching elements, so prepare to iterate // through the list Iterator it = matchGroups.iterator(); Status firstIndeterminateStatus = null; // in order for this section to match, one of the groups must match while (it.hasNext()) { // get the next group and try matching it TargetMatchGroup group = (TargetMatchGroup)(it.next()); MatchResult result = group.match(context); // we only need one match, so if this matched, then we're done if (result.getResult() == MatchResult.MATCH) return result; // if we didn't match then it was either a NO_MATCH or // INDETERMINATE...in the second case, we need to remember // it happened, 'cause if we don't get a MATCH, then we'll // be returning INDETERMINATE if (result.getResult() == MatchResult.INDETERMINATE) { if (firstIndeterminateStatus == null) firstIndeterminateStatus = result.getStatus(); } } // if we got here, then none of the sub-matches passed, so // we have to see if we got any INDETERMINATE cases if (firstIndeterminateStatus == null) return new MatchResult(MatchResult.NO_MATCH); else return new MatchResult(MatchResult.INDETERMINATE, firstIndeterminateStatus); } /** * Encodes this <code>TargetSection</code> into its XML representation * and writes this encoding to the given <code>OutputStream</code> with * no indentation. * * @param output a stream into which the XML-encoded data is written */ public void encode(OutputStream output) { ... [truncated message content] |
|
From: Seth P. <se...@us...> - 2005-02-17 16:02:05
|
Update of /cvsroot/sunxacml/sunxacml/com/sun/xacml/attr In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15290/com/sun/xacml/attr Modified Files: StringAttribute.java Log Message: merged in small bug fixes from the 1.2 branch Index: StringAttribute.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/attr/StringAttribute.java,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** StringAttribute.java 17 Mar 2004 18:03:38 -0000 1.4 --- StringAttribute.java 17 Feb 2005 16:01:26 -0000 1.5 *************** *** 3,7 **** * @(#)StringAttribute.java * ! * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)StringAttribute.java * ! * Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 118,122 **** throw earlyException; ! this.value = value; } --- 118,125 ---- throw earlyException; ! if (value == null) ! this.value = ""; ! else ! this.value = value; } |
|
From: Seth P. <se...@us...> - 2005-02-17 16:02:04
|
Update of /cvsroot/sunxacml/sunxacml/com/sun/xacml In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15290/com/sun/xacml Modified Files: ConfigurationStore.java Log Message: merged in small bug fixes from the 1.2 branch Index: ConfigurationStore.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/ConfigurationStore.java,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** ConfigurationStore.java 13 Jul 2004 22:39:34 -0000 1.9 --- ConfigurationStore.java 17 Feb 2005 16:01:25 -0000 1.10 *************** *** 3,7 **** * @(#)ConfigurationStore.java * ! * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)ConfigurationStore.java * ! * Copyright 2004-2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 145,148 **** --- 145,151 ---- private HashMap functionMap; + // the classloader we'll use for loading classes + private ClassLoader loader; + // the logger we'll use for all messages private static final Logger logger = *************** *** 211,214 **** --- 214,220 ---- logger.config("Loading runtime configuration"); + // load our classloader + loader = getClass().getClassLoader(); + // get the root node from the configuration file Node root = getRootNode(configFile); *************** *** 584,592 **** logger.config("Loading [ " + prefix + ": " + className + " ]"); ! // use the system classloader to load the given class ! ClassLoader cl = ClassLoader.getSystemClassLoader(); Class c = null; try { ! c = cl.loadClass(className); } catch (ClassNotFoundException cnfe) { throw new ParsingException("couldn't load class " + className, --- 590,597 ---- logger.config("Loading [ " + prefix + ": " + className + " ]"); ! // load the given class using the local classloader Class c = null; try { ! c = loader.loadClass(className); } catch (ClassNotFoundException cnfe) { throw new ParsingException("couldn't load class " + className, |
|
From: Seth P. <se...@us...> - 2005-02-17 16:01:47
|
Update of /cvsroot/sunxacml/sunxacml/com/sun/xacml/ctx In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15290/com/sun/xacml/ctx Modified Files: Result.java Log Message: merged in small bug fixes from the 1.2 branch Index: Result.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/ctx/Result.java,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** Result.java 17 Mar 2004 18:03:39 -0000 1.3 --- Result.java 17 Feb 2005 16:01:26 -0000 1.4 *************** *** 3,7 **** * @(#)Result.java * ! * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)Result.java * ! * Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 419,423 **** out.println(indent + "<Result>"); else ! out.println(indent + "<Result ResourceID=\"" + resource + "\">"); // encode the decision --- 419,423 ---- out.println(indent + "<Result>"); else ! out.println(indent + "<Result ResourceId=\"" + resource + "\">"); // encode the decision |
|
From: Seth P. <se...@us...> - 2005-02-17 15:58:33
|
Update of /cvsroot/sunxacml/sunxacml/com/sun/xacml In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv14683/com/sun/xacml Modified Files: AbstractPolicy.java Log Message: fixed a bug in encodeCommonElements where the wrong child list was used Index: AbstractPolicy.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/AbstractPolicy.java,v retrieving revision 1.12 retrieving revision 1.13 diff -C2 -d -r1.12 -r1.13 *** AbstractPolicy.java 7 Jan 2005 23:46:32 -0000 1.12 --- AbstractPolicy.java 17 Feb 2005 15:58:24 -0000 1.13 *************** *** 94,100 **** private String defaultVersion; ! // the elements we run through the combining algorithm and the same list ! // paired with with their cooresponding elements private List children; private List childElements; --- 94,101 ---- private String defaultVersion; ! // the child elements under this policy represented simply as the ! // PolicyTreeElements... private List children; + // ...or the CombinerElements that are passed to combining algorithms private List childElements; *************** *** 431,435 **** * contain both types of elements. * ! * @param children the child elements used by the combining algorithm */ protected void setChildren(List children) { --- 432,438 ---- * contain both types of elements. * ! * @param children a <code>List</code> of <code>CombinerElement</code>s ! * representing the child elements used by the combining ! * algorithm */ protected void setChildren(List children) { *************** *** 502,506 **** protected void encodeCommonElements(OutputStream output, Indenter indenter) { ! Iterator it = children.iterator(); while (it.hasNext()) { ((CombinerElement)(it.next())).encode(output, indenter); --- 505,509 ---- protected void encodeCommonElements(OutputStream output, Indenter indenter) { ! Iterator it = childElements.iterator(); while (it.hasNext()) { ((CombinerElement)(it.next())).encode(output, indenter); |
|
From: Seth P. <se...@us...> - 2005-02-17 15:53:50
|
Update of /cvsroot/sunxacml/sunxacml/com/sun/xacml In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv13672/com/sun/xacml Modified Files: Tag: branch_1_2 ConfigurationStore.java Log Message: use local class loader instead of system class loader to support web envs Index: ConfigurationStore.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/ConfigurationStore.java,v retrieving revision 1.9.2.1 retrieving revision 1.9.2.2 diff -C2 -d -r1.9.2.1 -r1.9.2.2 *** ConfigurationStore.java 17 Jan 2005 04:03:48 -0000 1.9.2.1 --- ConfigurationStore.java 17 Feb 2005 15:53:41 -0000 1.9.2.2 *************** *** 3,7 **** * @(#)ConfigurationStore.java * ! * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)ConfigurationStore.java * ! * Copyright 2004-2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without |
|
From: Seth P. <se...@us...> - 2005-01-17 04:06:43
|
Update of /cvsroot/sunxacml/sunxacml/com/sun/xacml/ctx In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15727/com/sun/xacml/ctx Modified Files: Tag: branch_1_2 Result.java Log Message: fixed encoding to say ResourceId not ResourceID Index: Result.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/ctx/Result.java,v retrieving revision 1.3 retrieving revision 1.3.2.1 diff -C2 -d -r1.3 -r1.3.2.1 *** Result.java 17 Mar 2004 18:03:39 -0000 1.3 --- Result.java 17 Jan 2005 04:06:28 -0000 1.3.2.1 *************** *** 3,7 **** * @(#)Result.java * ! * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)Result.java * ! * Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 419,423 **** out.println(indent + "<Result>"); else ! out.println(indent + "<Result ResourceID=\"" + resource + "\">"); // encode the decision --- 419,423 ---- out.println(indent + "<Result>"); else ! out.println(indent + "<Result ResourceId=\"" + resource + "\">"); // encode the decision |
|
From: Seth P. <se...@us...> - 2005-01-17 04:06:02
|
Update of /cvsroot/sunxacml/sunxacml/com/sun/xacml/attr In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15614/com/sun/xacml/attr Modified Files: Tag: branch_1_2 StringAttribute.java Log Message: updated to accept null string correctly in constructor Index: StringAttribute.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/attr/StringAttribute.java,v retrieving revision 1.4 retrieving revision 1.4.2.1 diff -C2 -d -r1.4 -r1.4.2.1 *** StringAttribute.java 17 Mar 2004 18:03:38 -0000 1.4 --- StringAttribute.java 17 Jan 2005 04:05:52 -0000 1.4.2.1 *************** *** 3,7 **** * @(#)StringAttribute.java * ! * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)StringAttribute.java * ! * Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 118,122 **** throw earlyException; ! this.value = value; } --- 118,125 ---- throw earlyException; ! if (value == null) ! this.value = ""; ! else ! this.value = value; } |
|
From: Seth P. <se...@us...> - 2005-01-17 04:04:00
|
Update of /cvsroot/sunxacml/sunxacml/com/sun/xacml In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15334/com/sun/xacml Modified Files: Tag: branch_1_2 ConfigurationStore.java Log Message: changed to use the local classloader Index: ConfigurationStore.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/ConfigurationStore.java,v retrieving revision 1.9 retrieving revision 1.9.2.1 diff -C2 -d -r1.9 -r1.9.2.1 *** ConfigurationStore.java 13 Jul 2004 22:39:34 -0000 1.9 --- ConfigurationStore.java 17 Jan 2005 04:03:48 -0000 1.9.2.1 *************** *** 145,148 **** --- 145,151 ---- private HashMap functionMap; + // the classloader we'll use for loading classes + private ClassLoader loader; + // the logger we'll use for all messages private static final Logger logger = *************** *** 211,214 **** --- 214,220 ---- logger.config("Loading runtime configuration"); + // load our classloader + loader = getClass().getClassLoader(); + // get the root node from the configuration file Node root = getRootNode(configFile); *************** *** 584,592 **** logger.config("Loading [ " + prefix + ": " + className + " ]"); ! // use the system classloader to load the given class ! ClassLoader cl = ClassLoader.getSystemClassLoader(); Class c = null; try { ! c = cl.loadClass(className); } catch (ClassNotFoundException cnfe) { throw new ParsingException("couldn't load class " + className, --- 590,597 ---- logger.config("Loading [ " + prefix + ": " + className + " ]"); ! // load the given class using the local classloader Class c = null; try { ! c = loader.loadClass(className); } catch (ClassNotFoundException cnfe) { throw new ParsingException("couldn't load class " + className, |
|
From: Seth P. <se...@us...> - 2005-01-07 23:55:26
|
Update of /cvsroot/sunxacml/tests/com/sun/xacml/test In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv19309/com/sun/xacml/test Modified Files: TestPolicyFinderModule.java Log Message: updated to support the new VersionConstraints parameter Index: TestPolicyFinderModule.java =================================================================== RCS file: /cvsroot/sunxacml/tests/com/sun/xacml/test/TestPolicyFinderModule.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -C2 -d -r1.1.1.1 -r1.2 *** TestPolicyFinderModule.java 18 May 2004 21:20:50 -0000 1.1.1.1 --- TestPolicyFinderModule.java 7 Jan 2005 23:55:17 -0000 1.2 *************** *** 43,46 **** --- 43,47 ---- import com.sun.xacml.PolicyReference; import com.sun.xacml.PolicySet; + import com.sun.xacml.VersionConstraints; import com.sun.xacml.ctx.Status; *************** *** 238,245 **** * @param idReference the reference to resolve * @param type policy or policy set * * @return the referenced policy, if one exists, or an error */ ! public PolicyFinderResult findPolicy(URI idReference, int type) { String fileName = null; --- 239,248 ---- * @param idReference the reference to resolve * @param type policy or policy set + * @param constraints ignored since this test uses only pre-2.0 policies * * @return the referenced policy, if one exists, or an error */ ! public PolicyFinderResult findPolicy(URI idReference, int type, ! VersionConstraints constraints) { String fileName = null; |
|
From: Seth P. <se...@us...> - 2005-01-07 23:51:44
|
Update of /cvsroot/sunxacml/sunxacml In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv18447 Modified Files: build.xml overview.html Log Message: updated coppyright dates and SunXACML version strings Index: overview.html =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/overview.html,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** overview.html 13 Jun 2004 23:20:17 -0000 1.3 --- overview.html 7 Jan 2005 23:51:33 -0000 1.4 *************** *** 1,7 **** <body> ! This is an implementation of the OASIS XACML 1.0/1.1 standard. It supports ! the full specification including parsing policies, managing requests and ! responses, processing policies against requests, adding new attribute ! types and functions, and providing modules for hooking into external services. This is an OpenSource project started by Sun Microsystems. <p> --- 1,7 ---- <body> ! This is an implementation of the OASIS XACML 1.x and 2.0 standards. It ! supports the full specification including parsing policies, managing ! requests and responses, processing policies against requests, adding new ! datatypes and functions, and providing modules for hooking into external services. This is an OpenSource project started by Sun Microsystems. <p> Index: build.xml =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/build.xml,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** build.xml 18 Mar 2004 21:12:23 -0000 1.4 --- build.xml 7 Jan 2005 23:51:33 -0000 1.5 *************** *** 1,5 **** <!-- ! Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved. Redistribution and use in source and binary forms, with or without --- 1,5 ---- <!-- ! Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. Redistribution and use in source and binary forms, with or without *************** *** 49,53 **** <!-- Values for the JavaDocs --> <property name="projName" value="Sun's XACML Implementation"/> ! <property name="projVersion" value="1.2"/> <!-- Builds the project into debug-enabled class files --> --- 49,53 ---- <!-- Values for the JavaDocs --> <property name="projName" value="Sun's XACML Implementation"/> ! <property name="projVersion" value="2.0"/> <!-- Builds the project into debug-enabled class files --> *************** *** 82,86 **** </footer> <bottom> ! <![CDATA[<font size="-1">Copyright 2003-2004 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms.<p>Sun, Sun Microsystems, the Sun Logo, and Java are --- 82,86 ---- </footer> <bottom> ! <![CDATA[<font size="-1">Copyright 2003-2005 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms.<p>Sun, Sun Microsystems, the Sun Logo, and Java are |
Update of /cvsroot/sunxacml/sunxacml/com/sun/xacml/combine In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv18114/com/sun/xacml/combine Modified Files: CombiningAlgorithm.java DenyOverridesPolicyAlg.java DenyOverridesRuleAlg.java FirstApplicablePolicyAlg.java FirstApplicableRuleAlg.java OnlyOneApplicablePolicyAlg.java PermitOverridesPolicyAlg.java PermitOverridesRuleAlg.java PolicyCombiningAlgorithm.java RuleCombiningAlgorithm.java Added Files: CombinerElement.java CombinerParameter.java PolicyCombinerElement.java RuleCombinerElement.java Log Message: introduced support for combining algorithm parameters, a new XACML 2.0 feature Index: CombiningAlgorithm.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/combine/CombiningAlgorithm.java,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** CombiningAlgorithm.java 17 Mar 2004 18:03:38 -0000 1.3 --- CombiningAlgorithm.java 7 Jan 2005 23:50:47 -0000 1.4 *************** *** 3,7 **** * @(#)CombiningAlgorithm.java * ! * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)CombiningAlgorithm.java * ! * Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 43,46 **** --- 43,48 ---- import java.net.URI; + import java.util.ArrayList; + import java.util.Collections; import java.util.List; *************** *** 69,81 **** /** ! * Combines the inputs based on the context to produce some unified ! * result. This is the one function of a combining algorithm. * * @param context the representation of the request ! * @param inputs the things to combine (policies or rules) * * @return a single unified result based on the combining logic */ ! public abstract Result combine(EvaluationCtx context, List inputs); /** --- 71,88 ---- /** ! * Combines the results of the inputs based on the context to produce ! * some unified result. This is the one function of a combining algorithm. * * @param context the representation of the request ! * @param parameters a (possibly empty) non-null <code>List</code> of ! * <code>CombinerParameter<code>s provided for general ! * use (for all pre-2.0 policies this must be empty) ! * @param inputs a <code>List</code> of <code>CombinerElements</code>s to ! * evaluate and combine * * @return a single unified result based on the combining logic */ ! public abstract Result combine(EvaluationCtx context, List parameters, ! List inputs); /** Index: OnlyOneApplicablePolicyAlg.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/combine/OnlyOneApplicablePolicyAlg.java,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** OnlyOneApplicablePolicyAlg.java 23 Mar 2004 23:38:55 -0000 1.4 --- OnlyOneApplicablePolicyAlg.java 7 Jan 2005 23:50:47 -0000 1.5 *************** *** 3,7 **** * @(#)OnlyOneApplicablePolicyAlg.java * ! * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)OnlyOneApplicablePolicyAlg.java * ! * Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 99,113 **** * * @param context the context from the request ! * @param policies the policies to combine * * @return the result of running the combining algorithm */ ! public Result combine(EvaluationCtx context, List policies) { boolean atLeastOne = false; AbstractPolicy selectedPolicy = null; ! Iterator it = policies.iterator(); while (it.hasNext()) { ! AbstractPolicy policy = (AbstractPolicy)(it.next()); // see if the policy matches the context --- 99,117 ---- * * @param context the context from the request ! * @param parameters a (possibly empty) non-null <code>List</code> of ! * <code>CombinerParameter<code>s ! * @param policyElements the policies to combine * * @return the result of running the combining algorithm */ ! public Result combine(EvaluationCtx context, List parameters, ! List policyElements) { boolean atLeastOne = false; AbstractPolicy selectedPolicy = null; ! Iterator it = policyElements.iterator(); while (it.hasNext()) { ! AbstractPolicy policy = ! ((PolicyCombinerElement)(it.next())).getPolicy(); // see if the policy matches the context Index: DenyOverridesPolicyAlg.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/combine/DenyOverridesPolicyAlg.java,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** DenyOverridesPolicyAlg.java 23 Mar 2004 23:38:52 -0000 1.5 --- DenyOverridesPolicyAlg.java 7 Jan 2005 23:50:47 -0000 1.6 *************** *** 3,7 **** * @(#)DenyOverridesPolicyAlg.java * ! * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)DenyOverridesPolicyAlg.java * ! * Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 111,125 **** * * @param context the context from the request ! * @param policies the policies to combine * * @return the result of running the combining algorithm */ ! public Result combine(EvaluationCtx context, List policies) { boolean atLeastOnePermit = false; Set permitObligations = new HashSet(); ! Iterator it = policies.iterator(); while (it.hasNext()) { ! AbstractPolicy policy = (AbstractPolicy)(it.next()); // make sure that the policy matches the context --- 111,129 ---- * * @param context the context from the request ! * @param parameters a (possibly empty) non-null <code>List</code> of ! * <code>CombinerParameter<code>s ! * @param policyElements the policies to combine * * @return the result of running the combining algorithm */ ! public Result combine(EvaluationCtx context, List parameters, ! List policyElements) { boolean atLeastOnePermit = false; Set permitObligations = new HashSet(); ! Iterator it = policyElements.iterator(); while (it.hasNext()) { ! AbstractPolicy policy = ! ((PolicyCombinerElement)(it.next())).getPolicy(); // make sure that the policy matches the context --- NEW FILE: RuleCombinerElement.java --- /* * @(#)RuleCombinerElement.java * * Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistribution of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistribution in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed or intended for use in * the design, construction, operation or maintenance of any nuclear facility. */ package com.sun.xacml.combine; import com.sun.xacml.Indenter; import com.sun.xacml.Rule; import java.io.OutputStream; import java.io.PrintStream; import java.util.Iterator; import java.util.List; /** * Specific version of <code>CombinerElement</code> used for rule combining. * * @since 2.0 * @author Seth Proctor */ public class RuleCombinerElement extends CombinerElement { /** * Constructor that only takes a <code>Rule</code. No parameters are * associated with this <code>Rule</code> when combining. * * @param rule a <code>Rule</code> to use in combining */ public RuleCombinerElement(Rule rule) { super(rule); } /** * Constructor that takes both the <code>Rule</code> to combine and its * associated combiner parameters. * * @param rule a <code>Rule</code> to use in combining * @param parameters a (possibly empty) non-null <code>List</code> of * <code>CombinerParameter<code>s provided for general * use (for all pre-2.0 policies this must be empty) */ public RuleCombinerElement(Rule rule, List parameters) { super(rule, parameters); } /** * Returns the <code>Rule</code> in this element. * * @return the element's <code>Rule</code> */ public Rule getRule() { return (Rule)(getElement()); } /** * Encodes this element's <code>Rule</code> and parameters into their * XML representation and writes this encoding to the given * <code>OutputStream</code> with indentation. * * @param output a stream into which the XML-encoded data is written * @param indenter an object that creates indentation strings */ public void encode(OutputStream output, Indenter indenter) { Iterator it = getParameters().iterator(); if (it.hasNext()) { PrintStream out = new PrintStream(output); String indent = indenter.makeString(); out.println(indent + "<RuleCombinerParameters RuleIdRef=\"" + getRule().getId() + "\">"); indenter.in(); while (it.hasNext()) { CombinerParameter param = (CombinerParameter)(it.next()); param.encode(output, indenter); } out.println(indent + "</RuleCombinerParameters>"); indenter.out(); } getRule().encode(output, indenter); } } --- NEW FILE: CombinerParameter.java --- /* * @(#)CombinerParameter.java * * Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistribution of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistribution in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed or intended for use in * the design, construction, operation or maintenance of any nuclear facility. */ package com.sun.xacml.combine; import com.sun.xacml.Indenter; import com.sun.xacml.ParsingException; import com.sun.xacml.UnknownIdentifierException; import com.sun.xacml.attr.AttributeFactory; import com.sun.xacml.attr.AttributeValue; import java.io.OutputStream; import java.io.PrintStream; import org.w3c.dom.NamedNodeMap; import org.w3c.dom.Node; import org.w3c.dom.NodeList; /** * Represents a single named parameter to a combining algorithm. Parameters * are only used by XACML 2.0 and later policies. * * @since 2.0 * @author Seth Proctor */ public class CombinerParameter { // the name of this parameter private String name; // the value of this parameter private AttributeValue value; /** * Creates a new CombinerParameter. * * @param name the parameter's name * @param value the parameter's value */ public CombinerParameter(String name, AttributeValue value) { this.name = name; this.value = value; } /** * Returns a new instance of the <code>CombinerParameter</code> class * based on a DOM node. The node must be the root of an XML * CombinerParameterType. * * @param root the DOM root of a CombinerParameterType XML type * * @throws ParsingException if the CombinerParameterType is invalid */ public static CombinerParameter getInstance(Node root) throws ParsingException { // get the name, which is a required attribute String name = root.getAttributes().getNamedItem("ParameterName"). getNodeValue(); // get the attribute value, the only child of this element AttributeFactory attrFactory = AttributeFactory.getInstance(); AttributeValue value = null; try { value = attrFactory.createValue(root.getFirstChild()); } catch (UnknownIdentifierException uie) { throw new ParsingException("Unknown AttributeId", uie); } return new CombinerParameter(name, value); } /** * Returns the name of this parameter. * * @return the name of this parameter */ public String getName() { return name; } /** * Returns the value provided by this parameter. * * @return the value provided by this parameter */ public AttributeValue getValue() { return value; } /** * Encodes this parameter into its XML representation and writes this * encoding to the given <code>OutputStream</code> with indentation. * * @param output a stream into which the XML-encoded data is written * @param indenter an object that creates indentation strings */ public void encode(OutputStream output, Indenter indenter) { PrintStream out = new PrintStream(output); String indent = indenter.makeString(); out.println(indent + "<CombinerParameter ParameterName=\"" + getName() + "\">"); indenter.in(); getValue().encode(output, indenter); out.println(indent + "</CombinerParameter>"); indenter.out(); } } Index: FirstApplicablePolicyAlg.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/combine/FirstApplicablePolicyAlg.java,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** FirstApplicablePolicyAlg.java 23 Mar 2004 23:38:55 -0000 1.4 --- FirstApplicablePolicyAlg.java 7 Jan 2005 23:50:47 -0000 1.5 *************** *** 3,7 **** * @(#)FirstApplicablePolicyAlg.java * ! * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)FirstApplicablePolicyAlg.java * ! * Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 98,110 **** * * @param context the context from the request ! * @param policies the policies to combine * * @return the result of running the combining algorithm */ ! public Result combine(EvaluationCtx context, List policies) { ! Iterator it = policies.iterator(); while (it.hasNext()) { ! AbstractPolicy policy = (AbstractPolicy)(it.next()); // make sure that the policy matches the context --- 98,114 ---- * * @param context the context from the request ! * @param parameters a (possibly empty) non-null <code>List</code> of ! * <code>CombinerParameter<code>s ! * @param policyElements the policies to combine * * @return the result of running the combining algorithm */ ! public Result combine(EvaluationCtx context, List parameters, ! List policyElements) { ! Iterator it = policyElements.iterator(); while (it.hasNext()) { ! AbstractPolicy policy = ! ((PolicyCombinerElement)(it.next())).getPolicy(); // make sure that the policy matches the context --- NEW FILE: CombinerElement.java --- /* * @(#)CombinerElement.java * * Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistribution of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistribution in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed or intended for use in * the design, construction, operation or maintenance of any nuclear facility. */ package com.sun.xacml.combine; import com.sun.xacml.Indenter; import com.sun.xacml.PolicyTreeElement; import java.util.ArrayList; import java.util.Collections; import java.util.Iterator; import java.util.List; import java.io.OutputStream; /** * Represents one input (a Rule, Policy, PolicySet, or reference) to a * combining algorithm and combiner parameters associated with that input. * * @since 2.0 * @author Seth Proctor */ public abstract class CombinerElement { // the element to be combined private PolicyTreeElement element; // the parameters used with this element private List parameters; /** * Constructor that only takes an element. No parameters are associated * with this element when combining. * * @param element a <code>PolicyTreeElement</code> to use in combining */ public CombinerElement(PolicyTreeElement element) { this(element, null); } /** * Constructor that takes both the element to combine and its associated * combiner parameters. * * @param element a <code>PolicyTreeElement</code> to use in combining * @param parameters a (possibly empty) non-null <code>List</code> of * <code>CombinerParameter<code>s provided for general * use (for all pre-2.0 policies this must be empty) */ public CombinerElement(PolicyTreeElement element, List parameters) { this.element = element; if (parameters == null) this.parameters = Collections.unmodifiableList(new ArrayList()); else this.parameters = Collections. unmodifiableList(new ArrayList(parameters)); } /** * Returns the <code>PolicyTreeElement</code> in this element. * * @return the <code>PolicyTreeElement</code> */ public PolicyTreeElement getElement() { return element; } /** * Returns the <code>CombinerParameter</code>s associated with this * element. * * @return a <code>List</code> of <code>CombinerParameter</code>s */ public List getParameters() { return parameters; } /** * Encodes the element and parameters in this <code>CombinerElement</code> * into their XML representation and writes this encoding to the given * <code>OutputStream</code> with indentation. * * @param output a stream into which the XML-encoded data is written * @param indenter an object that creates indentation strings */ public abstract void encode(OutputStream output, Indenter indenter); } Index: FirstApplicableRuleAlg.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/combine/FirstApplicableRuleAlg.java,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** FirstApplicableRuleAlg.java 23 Mar 2004 23:38:55 -0000 1.4 --- FirstApplicableRuleAlg.java 7 Jan 2005 23:50:47 -0000 1.5 *************** *** 3,7 **** * @(#)FirstApplicableRuleAlg.java * ! * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)FirstApplicableRuleAlg.java * ! * Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 97,109 **** * * @param context the context from the request ! * @param rules the rules to combine * * @return the result of running the combining algorithm */ ! public Result combine(EvaluationCtx context, List rules) { ! Iterator it = rules.iterator(); while (it.hasNext()) { ! Rule rule = (Rule)(it.next()); Result result = rule.evaluate(context); int value = result.getDecision(); --- 97,112 ---- * * @param context the context from the request ! * @param parameters a (possibly empty) non-null <code>List</code> of ! * <code>CombinerParameter<code>s ! * @param ruleElements the rules to combine * * @return the result of running the combining algorithm */ ! public Result combine(EvaluationCtx context, List parameters, ! List ruleElements) { ! Iterator it = ruleElements.iterator(); while (it.hasNext()) { ! Rule rule = ((RuleCombinerElement)(it.next())).getRule(); Result result = rule.evaluate(context); int value = result.getDecision(); Index: PermitOverridesRuleAlg.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/combine/PermitOverridesRuleAlg.java,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** PermitOverridesRuleAlg.java 23 Mar 2004 23:38:55 -0000 1.5 --- PermitOverridesRuleAlg.java 7 Jan 2005 23:50:47 -0000 1.6 *************** *** 3,7 **** * @(#)PermitOverridesRuleAlg.java * ! * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)PermitOverridesRuleAlg.java * ! * Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 108,124 **** * * @param context the context from the request ! * @param rules the rules to combine * * @return the result of running the combining algorithm */ ! public Result combine(EvaluationCtx context, List rules) { boolean atLeastOneError = false; boolean potentialPermit = false; boolean atLeastOneDeny = false; Result firstIndeterminateResult = null; ! Iterator it = rules.iterator(); while (it.hasNext()) { ! Rule rule = (Rule)(it.next()); Result result = rule.evaluate(context); int value = result.getDecision(); --- 108,127 ---- * * @param context the context from the request ! * @param parameters a (possibly empty) non-null <code>List</code> of ! * <code>CombinerParameter<code>s ! * @param ruleElements the rules to combine * * @return the result of running the combining algorithm */ ! public Result combine(EvaluationCtx context, List parameters, ! List ruleElements) { boolean atLeastOneError = false; boolean potentialPermit = false; boolean atLeastOneDeny = false; Result firstIndeterminateResult = null; ! Iterator it = ruleElements.iterator(); while (it.hasNext()) { ! Rule rule = ((RuleCombinerElement)(it.next())).getRule(); Result result = rule.evaluate(context); int value = result.getDecision(); Index: DenyOverridesRuleAlg.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/combine/DenyOverridesRuleAlg.java,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** DenyOverridesRuleAlg.java 23 Mar 2004 23:38:55 -0000 1.5 --- DenyOverridesRuleAlg.java 7 Jan 2005 23:50:47 -0000 1.6 *************** *** 3,7 **** * @(#)DenyOverridesRuleAlg.java * ! * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)DenyOverridesRuleAlg.java * ! * Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 108,124 **** * * @param context the context from the request ! * @param rules the rules to combine * * @return the result of running the combining algorithm */ ! public Result combine(EvaluationCtx context, List rules) { boolean atLeastOneError = false; boolean potentialDeny = false; boolean atLeastOnePermit = false; Result firstIndeterminateResult = null; ! Iterator it = rules.iterator(); while (it.hasNext()) { ! Rule rule = (Rule)(it.next()); Result result = rule.evaluate(context); int value = result.getDecision(); --- 108,127 ---- * * @param context the context from the request ! * @param parameters a (possibly empty) non-null <code>List</code> of ! * <code>CombinerParameter<code>s ! * @param ruleElements the rules to combine * * @return the result of running the combining algorithm */ ! public Result combine(EvaluationCtx context, List parameters, ! List ruleElements) { boolean atLeastOneError = false; boolean potentialDeny = false; boolean atLeastOnePermit = false; Result firstIndeterminateResult = null; ! Iterator it = ruleElements.iterator(); while (it.hasNext()) { ! Rule rule = ((RuleCombinerElement)(it.next())).getRule(); Result result = rule.evaluate(context); int value = result.getDecision(); Index: PermitOverridesPolicyAlg.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/combine/PermitOverridesPolicyAlg.java,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** PermitOverridesPolicyAlg.java 23 Mar 2004 23:38:55 -0000 1.5 --- PermitOverridesPolicyAlg.java 7 Jan 2005 23:50:47 -0000 1.6 *************** *** 3,7 **** * @(#)PermitOverridesPolicyAlg.java * ! * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)PermitOverridesPolicyAlg.java * ! * Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 111,127 **** * * @param context the context from the request ! * @param policies the policies to combine * * @return the result of running the combining algorithm */ ! public Result combine(EvaluationCtx context, List policies) { boolean atLeastOneError = false; boolean atLeastOneDeny = false; Set denyObligations = new HashSet(); Status firstIndeterminateStatus = null; ! Iterator it = policies.iterator(); while (it.hasNext()) { ! AbstractPolicy policy = (AbstractPolicy)(it.next()); // make sure that the policy matches the context --- 111,131 ---- * * @param context the context from the request ! * @param parameters a (possibly empty) non-null <code>List</code> of ! * <code>CombinerParameter<code>s ! * @param policyElements the policies to combine * * @return the result of running the combining algorithm */ ! public Result combine(EvaluationCtx context, List parameters, ! List policyElements) { boolean atLeastOneError = false; boolean atLeastOneDeny = false; Set denyObligations = new HashSet(); Status firstIndeterminateStatus = null; ! Iterator it = policyElements.iterator(); while (it.hasNext()) { ! AbstractPolicy policy = ! ((PolicyCombinerElement)(it.next())).getPolicy(); // make sure that the policy matches the context Index: RuleCombiningAlgorithm.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/combine/RuleCombiningAlgorithm.java,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** RuleCombiningAlgorithm.java 17 Mar 2004 18:03:38 -0000 1.4 --- RuleCombiningAlgorithm.java 7 Jan 2005 23:50:48 -0000 1.5 *************** *** 3,7 **** * @(#)RuleCombiningAlgorithm.java * ! * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)RuleCombiningAlgorithm.java * ! * Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 70,78 **** * * @param context the representation of the request ! * @param rules the rules to combine * * @return a single unified result based on the combining logic */ ! public abstract Result combine(EvaluationCtx context, List rules); } --- 70,81 ---- * * @param context the representation of the request ! * @param parameters a (possibly empty) non-null <code>List</code> of ! * <code>CombinerParameter<code>s ! * @param ruleElements a <code>List</code> of <code>CombinerElement<code>s * * @return a single unified result based on the combining logic */ ! public abstract Result combine(EvaluationCtx context, List parameters, ! List ruleElements); } --- NEW FILE: PolicyCombinerElement.java --- /* * @(#)PolicyCombinerElement.java * * Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistribution of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistribution in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed or intended for use in * the design, construction, operation or maintenance of any nuclear facility. */ package com.sun.xacml.combine; import com.sun.xacml.AbstractPolicy; import com.sun.xacml.Indenter; import com.sun.xacml.Policy; import com.sun.xacml.PolicyReference; import com.sun.xacml.PolicySet; import java.io.OutputStream; import java.io.PrintStream; import java.util.Iterator; import java.util.List; /** * Specific version of <code>CombinerElement</code> used for policy combining. * * @since 2.0 * @author Seth Proctor */ public class PolicyCombinerElement extends CombinerElement { /** * Constructor that only takes an <code>AbstractPolicy</code. No parameters * are associated with this <code>AbstractPolicy</code> when combining. * * @param policy an <code>AbstractPolicy</code> to use in combining */ public PolicyCombinerElement(AbstractPolicy policy) { super(policy); } /** * Constructor that takes both the <code>AbstractPolicy</code> to combine * and its associated combiner parameters. * * @param policy an <code>AbstractPolicy</code> to use in combining * @param parameters a (possibly empty) non-null <code>List</code> of * <code>CombinerParameter<code>s provided for general * use (for all pre-2.0 policies this must be empty) */ public PolicyCombinerElement(AbstractPolicy policy, List parameters) { super(policy, parameters); } /** * Returns the <code>AbstractPolicy</code> in this element. * * @return the element's <code>AbstractPolicy</code> */ public AbstractPolicy getPolicy() { return (AbstractPolicy)(getElement()); } /** * Encodes this element's <code>AbstractPolicy</code> and parameters into * their XML representation and writes this encoding to the given * <code>OutputStream</code> with indentation. * * @param output a stream into which the XML-encoded data is written * @param indenter an object that creates indentation strings */ public void encode(OutputStream output, Indenter indenter) { if (! getParameters().isEmpty()) { AbstractPolicy policy = getPolicy(); // FIXME: This is ugly and happens in several places...maybe this // should get folded into the AbstractPolicy API? if (policy instanceof Policy) { encodeParamaters(output, indenter, "Policy", policy.getId().toString()); } else if (policy instanceof PolicySet) { encodeParamaters(output, indenter, "PolicySet", policy.getId().toString()); } else { PolicyReference ref = (PolicyReference)policy; if (ref.getReferenceType() == PolicyReference.POLICY_REFERENCE) encodeParamaters(output, indenter, "Policy", ref.getReference().toString()); else encodeParamaters(output, indenter, "PolicySet", ref.getReference().toString()); } } getPolicy().encode(output, indenter); } /** * Private helper that encodes the parameters based on the type */ private void encodeParamaters(OutputStream output, Indenter indenter, String prefix, String id) { PrintStream out = new PrintStream(output); String indent = indenter.makeString(); Iterator it = getParameters().iterator(); out.println(indent + "<" + prefix + "CombinerParameters " + prefix + "IdRef=\"" + id + "\">"); indenter.in(); while (it.hasNext()) { CombinerParameter param = (CombinerParameter)(it.next()); param.encode(output, indenter); } out.println(indent + "</" + prefix + "CombinerParameters>"); indenter.out(); } } Index: PolicyCombiningAlgorithm.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/combine/PolicyCombiningAlgorithm.java,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** PolicyCombiningAlgorithm.java 17 Mar 2004 18:03:38 -0000 1.3 --- PolicyCombiningAlgorithm.java 7 Jan 2005 23:50:48 -0000 1.4 *************** *** 82,90 **** * * @param context the representation of the request ! * @param policies the policies to combine * * @return a single unified result based on the combining logic */ ! public abstract Result combine(EvaluationCtx context, List policies); } --- 82,94 ---- * * @param context the representation of the request ! * @param parameters a (possibly empty) non-null <code>List</code> of ! * <code>CombinerParameter<code>s ! * @param policyElements a <code>List</code> of ! * <code>CombinerElement<code>s * * @return a single unified result based on the combining logic */ ! public abstract Result combine(EvaluationCtx context, List parameters, ! List policyElements); } |
|
From: Seth P. <se...@us...> - 2005-01-07 23:49:43
|
Update of /cvsroot/sunxacml/sunxacml/com/sun/xacml/cond In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv17448/com/sun/xacml/cond Modified Files: Apply.java Evaluatable.java Function.java FunctionBase.java HigherOrderFunction.java MapFunction.java Added Files: Expression.java ExpressionHandler.java VariableDefinition.java VariableManager.java VariableReference.java Log Message: introduced support for variable referencing and definition, one of the major new features in XACML 2.0 Index: HigherOrderFunction.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/cond/HigherOrderFunction.java,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** HigherOrderFunction.java 20 Dec 2004 21:21:07 -0000 1.8 --- HigherOrderFunction.java 7 Jan 2005 23:49:32 -0000 1.9 *************** *** 3,7 **** * @(#)HigherOrderFunction.java * ! * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)HigherOrderFunction.java * ! * Copyright 2003-20045Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 180,183 **** --- 180,192 ---- /** + * Returns false since functions aren't directly evaluatable. + * + * @return false + */ + public boolean isEvaluatable() { + return false; + } + + /** * Returns a <code>Set</code> containing all the function identifiers * supported by this class. *************** *** 199,202 **** --- 208,221 ---- /** + * Returns the same value as <code>getReturnType</code>. This is here + * to support the <code>Expression</code> interface. + * + * @return the return type + */ + public URI getType() { + return getReturnType(); + } + + /** * Returns the type of attribute value that will be returned by * this function. *************** *** 236,240 **** // get the first arg, which is the function ! Function function = (Function)(iterator.next()); // get the two inputs ... note that unlike other functions, we don't --- 255,267 ---- // get the first arg, which is the function ! Expression xpr = (Expression)(iterator.next()); ! Function function = null; ! ! if (xpr instanceof Function) { ! function = (Function)xpr; ! } else { ! function = (Function)(((VariableReference)xpr). ! getReferencedDefinition().getExpression()); ! } // get the two inputs ... note that unlike other functions, we don't *************** *** 375,384 **** // now, try to cast the first element into a function ! if (! (list[0] instanceof Function)) throw new IllegalArgumentException("first arg to higher-order " + " function must be a function"); // check that the function returns a boolean ! if (! ((Function)(list[0])).getReturnType().toString(). equals(BooleanAttribute.identifier)) throw new IllegalArgumentException("higher-order function must " + --- 402,422 ---- // now, try to cast the first element into a function ! Function function = null; ! ! if (list[0] instanceof Function) { ! function = (Function)(list[0]); ! } else if (list[0] instanceof VariableReference) { ! Expression xpr = ((VariableReference)(list[0])). ! getReferencedDefinition().getExpression(); ! if (xpr instanceof Function) ! function = (Function)xpr; ! } ! ! if (function == null) throw new IllegalArgumentException("first arg to higher-order " + " function must be a function"); // check that the function returns a boolean ! if (! function.getReturnType().toString(). equals(BooleanAttribute.identifier)) throw new IllegalArgumentException("higher-order function must " + *************** *** 407,411 **** args.add(eval1); args.add(eval2); ! ((Function)(list[0])).checkInputsNoBag(args); } --- 445,449 ---- args.add(eval1); args.add(eval2); ! function.checkInputsNoBag(args); } Index: FunctionBase.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/cond/FunctionBase.java,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** FunctionBase.java 17 Mar 2004 18:03:38 -0000 1.3 --- FunctionBase.java 7 Jan 2005 23:49:32 -0000 1.4 *************** *** 3,7 **** * @(#)FunctionBase.java * ! * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)FunctionBase.java * ! * Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 223,226 **** --- 223,235 ---- /** + * Returns false since functions aren't directly evaluatable. + * + * @return false + */ + public boolean isEvaluatable() { + return false; + } + + /** * Returns the full identifier of this function, as known by the factories. * *************** *** 261,264 **** --- 270,283 ---- /** + * Returns the same value as <code>getReturnType</code>. This is here + * to support the <code>Expression</code> interface. + * + * @return the return type + */ + public URI getType() { + return getReturnType(); + } + + /** * Get the attribute type returned by this function. * --- NEW FILE: Expression.java --- /* * @(#)Expression.java * * Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistribution of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistribution in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed or intended for use in * the design, construction, operation or maintenance of any nuclear facility. */ package com.sun.xacml.cond; import java.net.URI; /** * This interface represents the expression type in the XACML 2.0 schema. * * @since 2.0 * @author Seth Proctor */ public interface Expression { /** * Returns true if this expression is evaluatable. Typically, this * is any expression type except for functions, which can't be * evaluated directly. * * @return true if this expression is evaluatable */ public boolean isEvaluatable(); /** * Returns the type of the expression. * * @return the attribute type of the referenced expression */ public URI getType(); } --- NEW FILE: VariableReference.java --- /* * @(#)VariableReference.java * * Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistribution of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistribution in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed or intended for use in * the design, construction, operation or maintenance of any nuclear facility. */ package com.sun.xacml.cond; import com.sun.xacml.EvaluationCtx; import com.sun.xacml.Indenter; import com.sun.xacml.ParsingException; import com.sun.xacml.ProcessingException; import com.sun.xacml.attr.AttributeValue; import java.io.OutputStream; import java.io.PrintStream; import java.net.URI; import java.util.Collections; import java.util.List; import org.w3c.dom.Node; /** * This class supports the VariableReferenceType type introuced in XACML * 2.0. It allows an expression to reference a variable definition. If there * is no such definition then the Policy is invalid. A reference can be * included anywwhere in an expression where the referenced expression would * be valid. * * @since 2.0 * @author Seth Proctor */ public class VariableReference implements Evaluatable { // the identifier used to resolve the reference private String variableId; // the actual definition we refernce, if it's known private VariableDefinition definition = null; // a manager for resolving references, if it's been provided private VariableManager manager = null; /** * Simple constructor that takes only the identifier. This is provided * for tools that want to build policies only for the sake of encoding * or displaying them. This constructor will not create a reference * that can be followed to its associated definition, so it cannot be * used in evaluation. * * @param variableId the reference identifier */ public VariableReference(String variableId) { this.variableId = variableId; } /** * Constructor that takes the definition referenced by this class. If * you're building policies programatically, this is typically the form * you use. It does make the connection from reference to definition, * so this will result in an evaluatable reference. * * @param definition the definition this class references */ public VariableReference(VariableDefinition definition) { this.variableId = definition.getVariableId(); this.definition = definition; } /** * Constructor that takes the reference identifier and a manager. This * is typically only used by parsing code, since the manager is used * to handle out-of-order definitions and circular references. * * @param variableId the reference identifier * @param manager a <code>VariableManager</code> used to handle the * dependencies between references and definitions during * parsing */ public VariableReference(String variableId, VariableManager manager) { this.variableId = variableId; this.manager = manager; } /** * Returns a new instance of the <code>VariableReference</code> class * based on a DOM node. The node must be the root of an XML * VariableReferenceType. * * @param root the DOM root of a VariableReferenceType XML type * @param manager the <code>VariableManager</code> used to connect this * reference to its definition * * @throws ParsingException if the VariableReferenceType is invalid */ public static VariableReference getInstance(Node root, VariableManager manager) throws ParsingException { // pretty easy, since there's just an attribute... String variableId = root.getAttributes().getNamedItem("VariableId"). getNodeValue(); // ...but we keep the manager since after this we'll probably get // asked for our type, etc., and the manager will also be used to // resolve the actual definition return new VariableReference(variableId, manager); } /** * Returns true since this expression is evaluatable. * * @return true */ public boolean isEvaluatable() { return true; } /** * Returns the reference identifier. * * @return the reference's identifier */ public String getVariableId() { return variableId; } /** * Returns the <code>VariableDefinition</code> referenced by this class, * or null if the definition cannot be resolved. * * @return the referenced definition or null */ public VariableDefinition getReferencedDefinition() { // if this was created with a concrete definition, then that's what // we return, otherwise we query the manager (if we have one) if (definition != null) { return definition; } else if (manager != null) { return manager.getDefinition(variableId); } // if the simple constructor was used, then we have nothing return null; } /** * Evaluates the referenced expression using the given context, and either * returns an error or a resulting value. If this doesn't reference an * evaluatable expression (eg, a single Function) then this will throw * an exception. * * @param context the representation of the request * * @return the result of evaluation * * @throws ProcessingException if the expression isn't evaluatable */ public EvaluationResult evaluate(EvaluationCtx context) { Expression xpr = getReferencedDefinition().getExpression(); if (xpr.isEvaluatable()) return ((Evaluatable)xpr).evaluate(context); throw new ProcessingException("tried to evaluate an expression " + "that isn't evaluatable"); } /** * Returns the type of the referenced expression. * * @return the attribute return type of the referenced expression * * @throws ProcessingException if the type couldn't be resolved */ public URI getType() { // if we have a concrete definition, then ask it for the type, // otherwise query the manager using the getVariableType method, // since this handles type-checking for definitions that haven't // been parsed yet if (definition != null) { return definition.getExpression().getType(); } else { if (manager != null) return manager.getVariableType(variableId); } throw new ProcessingException("couldn't resolve the type"); } /** * Tells whether evaluation will return a bag or a single value. * * @return true if evaluation will return a bag, false otherwise * * @throws ProcessingException if the return type couldn't be resolved */ public boolean evaluatesToBag() { // see comment in getType() if (definition != null) { Expression xpr = getReferencedDefinition().getExpression(); // FIXME: for now we need to do this casting, but this should // change soon when the Function interface comes in line with // the Evaluatable type methods through the Expression interface if (xpr.isEvaluatable()) return ((Evaluatable)xpr).evaluatesToBag(); else return ((Function)xpr).returnsBag(); } else { if (manager != null) return manager.evaluatesToBag(variableId); } throw new ProcessingException("couldn't resolve the return type"); } /** * Always returns an empty list since references never have children in * the policy tree. Note that the referenced definition may still have * children, so tools may want to treat these as children of this * reference, but must take care since circular references could create * a tree of infinite depth. * * @return an empty <code>List</code> */ public List getChildren() { return Collections.EMPTY_LIST; } /** * Encodes this class into its XML representation and writes this * encoding to the given <code>OutputStream</code> with no indentation. * * @param output a stream into which the XML-encoded data is written */ public void encode(OutputStream output) { encode(output, new Indenter(0)); } /** * Encodes this class into its XML representation and writes this * encoding to the given <code>OutputStream</code> with indentation. * * @param output a stream into which the XML-encoded data is written * @param indenter an object that creates indentation strings */ public void encode(OutputStream output, Indenter indenter) { PrintStream out = new PrintStream(output); String indent = indenter.makeString(); out.println(indent + "<VariableReference VariableId=\"" + variableId + "\"/>"); } } --- NEW FILE: VariableManager.java --- /* * @(#)VariableManager.java * * Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistribution of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistribution in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed or intended for use in * the design, construction, operation or maintenance of any nuclear facility. */ package com.sun.xacml.cond; import com.sun.xacml.ParsingException; import com.sun.xacml.ProcessingException; import java.net.URI; import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; import java.util.Map; import java.util.Set; import org.w3c.dom.Node; import org.w3c.dom.NodeList; /** * This class is used by the parsing routines to handle the relationships * between variable references and definitions. Specifically, it takes care * of the fact that definitions can be placed after their first reference, * and can use references to create circular or recursive relationships. It * keeps track of what's in the process of being parsed and will pre-parse * elements as needed. * <p> * Note that you should never have to use this class directly. It is really * meant only as a utility for the internal parsing routines. Also, note that * the operations on this class are not thread-safe. Typically this doesn't * matter, since the code doesn't support using more than one thread to * parse a single Policy. * * @since 2.0 * @author Seth Proctor */ public class VariableManager { // the map from identifiers to internal data private Map idMap; // the version of xpath defined in the policy, if any private String xpathVersion; /** * Creates a manager with a fixed set of supported identifiers. For * each of these identifiers, the map supplies a cooresponding DOM node * used to parse the definition. This is used if, in the course of * parsing one definition, a reference requires that you have information * about another definition available. All parsed definitions are cached * so that each is only parsed once. If a node is not provided, then the * parsing code may throw an exception if out-of-order or circular * refereces are used. * <p> * Note that the use of a DOM node may change to an arbitrary interface, * so that you could use your own mechanism, but this is still being * hashed out. This interface will be forzed before a 2.0 release. * * @param variableIds a <code>Map</code> from an identifier to the * <code>Node</code> that is the root of the * cooresponding variable definition, or null */ public VariableManager(Map variableIds, String xpathVersion) { idMap = new HashMap(); Iterator it = variableIds.keySet().iterator(); while (it.hasNext()) { Object key = it.next(); Node node = (Node)(variableIds.get(key)); idMap.put(key, new VariableState(null, node, null, false, false)); } this.xpathVersion = xpathVersion; } /** * Returns the definition with the given identifier. If the definition * is not available, then this method will try to get the definition * based on the DOM node given for this identifier. If parsing the * definition requires loading another definition (because of a reference) * then this method will be recursively invoked. This may make it slow * to call this method once, but all retrieved definitions are cached, * and once this manager has started parsing a definition it will never * try parsing that definition again. If the definition cannot be * retrieved, then an exception is thrown. * * @param variableId the definition's identifier * * @return the identified definition * * @throws ProcessingException if the definition cannot be resolved */ public VariableDefinition getDefinition(String variableId) { VariableState state = (VariableState)(idMap.get(variableId)); // make sure this is an identifier we handle if (state == null) throw new ProcessingException("variable is unsupported: " + variableId); // if we've resolved the definition before, then we're done if (state.definition != null) return state.definition; // we don't have the definition, so get the DOM node Node node = state.rootNode; // we can't keep going unless we have a node to work with if (node != null) { // if we've already started parsing this node before, then // don't start again if (state.handled) // FIXME: should we use a different exception here? throw new ProcessingException("processing in progress"); // keep track of the fact that we're parsing this node, and // also get the type (if it's an Apply node) state.handled = true; discoverApplyType(node, state); try { // now actually try parsing the definition...remember that // if its expression has a reference, we could end up // calling this manager method again state.definition = VariableDefinition.getInstance(state.rootNode, xpathVersion, this); return state.definition; } catch (ParsingException pe) { // we failed to parse the definition for some reason throw new ProcessingException("failed to parse the definition", pe); } } // we couldn't figure out how to resolve the definition throw new ProcessingException("couldn't retrieve definition: " + variableId); } /** * Private helper method to get the type of an expression, but only if * that expression is an Apply. Basically, if there is a circular * reference, then we'll need to know the types before we're done * parsing one of the definitions. But, a circular reference that * requires type-checking can only happen if the definition's expression * is an Apply. So, we look here, and if it's an Apply, we get the * type information and store that for later use, just in case. * <p> * Note that we could wait until later to try this, or we could check * first to see if there will be a circular reference. Comparatively, * however, this isn't too expensive, and it makes the system much * simpler. Still, it's worth re-examining this to see if there's a * way that makes more sense. */ private void discoverApplyType(Node root, VariableState state) { // get the first element, which is the expression node NodeList nodes = root.getChildNodes(); Node xprNode = nodes.item(0); int i = 1; while (xprNode.getNodeType() != Node.ELEMENT_NODE) xprNode = nodes.item(i++); // now see if the node is an Apply if (xprNode.getNodeName().equals("Apply")) { try { // get the function in the Apply... Function function = ExpressionHandler. getFunction(xprNode, xpathVersion, FunctionFactory.getGeneralInstance()); // ...and store the type information in the variable state state.type = function.getReturnType(); state.evaluatesToBag = function.returnsBag(); } catch (ParsingException pe) { // we can just ignore this...if there really is an error, // then it will come up during parsing in a code path that // can handle the error cleanly } } } /** * Returns the datatype that the identified definition's expression * resolves to on evaluation. Note that this method makes every attempt * to discover this value, including parsing dependent definitions if * needed and possible. * * @param variableId the identifier for the definition * * @return the datatype that the identified definition's expression * evaluates to * * @throws ProcessingException if the identifier is not supported or if * the result cannot be resolved */ public URI getVariableType(String variableId) { VariableState state = (VariableState)(idMap.get(variableId)); // make sure the variable is supported if (state == null) throw new ProcessingException("variable not supported: " + variableId); // if we've previously figured out the type, then return that if (state.type != null) return state.type; // we haven't figured out the type already, so see if we have or // can resolve the definition VariableDefinition definition = state.definition; if (definition == null) definition = getDefinition(variableId); // if we could get the definition, then ask it for the type if (definition != null) return definition.getExpression().getType(); // we exhausted all our ways to get the right answer throw new ProcessingException("we couldn't establish the type: " + variableId); } /** * Returns true if the identified definition's expression resolves to * a bag on evaluation. Note that this method makes every attempt to * discover this value, including parsing dependent definitions if * needed and possible. * * @param variableId the identifier for the definition * * @return true if the identified definition's expression evaluates * to a bag * * @throws ProcessingException if the identifier is not supported or if * the result cannot be resolved */ public boolean evaluatesToBag(String variableId) { VariableState state = (VariableState)(idMap.get(variableId)); // make sure the variable is supported if (state == null) throw new ProcessingException("variable not supported: " + variableId); // the flag is only valid if a type has also been determined if (state.type != null) return state.evaluatesToBag; // we haven't figured out the type already, so see if we have or // can resolve the definition VariableDefinition definition = state.definition; if (definition == null) definition = getDefinition(variableId); // if we could get the definition, then ask it for the bag return if (definition != null) { Expression xpr = definition.getExpression(); // FIXME: remove this casing once the Function and Expression // interfaces are updated if (xpr.isEvaluatable()) return ((Evaluatable)xpr).evaluatesToBag(); else return ((Function)xpr).returnsBag(); } // we exhausted all our ways to get the right answer throw new ProcessingException("couldn't establish bag return for " + variableId); } /** * Inner class that is used simply to manage fields associated with a * given identifier. */ class VariableState { // the resolved definition for the identifier public VariableDefinition definition; // the DOM node used to parse the definition public Node rootNode; // the datatype returned when evaluating the definition public URI type; // whether the definition's root evaluates to a Bag public boolean evaluatesToBag; // whether the definition is being parsed and constructed public boolean handled; public VariableState() { this.definition = null; this.rootNode = null; this.type = null; this.evaluatesToBag = false; this.handled = false; } public VariableState(VariableDefinition definition, Node rootNode, URI type, boolean evaluatesToBag, boolean handled) { this.definition = definition; this.rootNode = rootNode; this.type = type; this.evaluatesToBag = evaluatesToBag; this.handled = handled; } } } --- NEW FILE: VariableDefinition.java --- /* * @(#)VariableDefinition.java * * Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistribution of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistribution in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed or intended for use in * the design, construction, operation or maintenance of any nuclear facility. */ package com.sun.xacml.cond; import com.sun.xacml.Indenter; import com.sun.xacml.ParsingException; import java.io.OutputStream; import java.io.PrintStream; import org.w3c.dom.Node; import org.w3c.dom.NodeList; /** * This class supports the VariableDefinitionType type introuced in XACML * 2.0. It allows a Policy to pre-define any number of expression blocks for * general use. Note that it's legal (though not usually useful) to define * expressions that don't get referenced within the Policy. It is illegal to * have more than one definition with the same identifier within a Policy. * * @since 2.0 * @author Seth Proctor */ public class VariableDefinition { // the identitifer for this definition private String variableId; // the actual expression defined here private Expression expression; /** * Creates a new <code>VariableDefinition</code> with the given * identifier and expression. * * @param variableId the identifier for this definition * @param expression the expression defined here */ public VariableDefinition(String variableId, Expression expression) { this.variableId = variableId; this.expression = expression; } /** * Returns a new instance of the <code>VariableDefinition</code> class * based on a DOM node. The node must be the root of an XML * VariableDefinitionType. * * @param root the DOM root of a VariableDefinitionType XML type * @param xpathVersion the XPath version to use in any selectors or XPath * functions, or null if this is unspecified (ie, not * supplied in the defaults section of the policy) * @param manager <code>VariableManager</code> used to connect references * to this definition * * @throws ParsingException if the VariableDefinitionType is invalid */ public static VariableDefinition getInstance(Node root, String xpathVersion, VariableManager manager) throws ParsingException { String variableId = root.getAttributes().getNamedItem("VariableId"). getNodeValue(); // get the first element, which is the expression node NodeList nodes = root.getChildNodes(); Node xprNode = nodes.item(0); int i = 1; while (xprNode.getNodeType() != Node.ELEMENT_NODE) xprNode = nodes.item(i++); // use that node to get the expression Expression xpr = ExpressionHandler. parseExpression(xprNode, xpathVersion, manager); return new VariableDefinition(variableId, xpr); } /** * Returns the identifier for this definition. * * @return the definition's identifier */ public String getVariableId() { return variableId; } /** * Returns the expression provided by this definition. * * @return the definition's expression */ public Expression getExpression() { return expression; } /** * Encodes this class into its XML representation and writes this * encoding to the given <code>OutputStream</code> with no indentation. * * @param output a stream into which the XML-encoded data is written */ public void encode(OutputStream output) { encode(output, new Indenter(0)); } /** * Encodes this class into its XML representation and writes this * encoding to the given <code>OutputStream</code> with indentation. * * @param output a stream into which the XML-encoded data is written * @param indenter an object that creates indentation strings */ public void encode(OutputStream output, Indenter indenter) { PrintStream out = new PrintStream(output); String indent = indenter.makeString(); out.println(indent + "<VariableDefinition VariableId=\"" + variableId + "\">"); indenter.in(); if (expression.isEvaluatable()) { ((Evaluatable)expression).encode(output, indenter); } else { Function function = (Function)expression; out.println(indenter.makeString() + "<Function FunctionId=\"" + function.getIdentifier() + "\"/>"); } out.println("</VariableDefinition>"); indenter.out(); } } Index: Apply.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/cond/Apply.java,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** Apply.java 14 May 2004 20:43:07 -0000 1.8 --- Apply.java 7 Jan 2005 23:49:31 -0000 1.9 *************** *** 3,7 **** * @(#)Apply.java * ! * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)Apply.java * ! * Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 147,158 **** * functions, or null if this is unspecified (ie, not * supplied in the defaults section of the policy) * * @throws ParsingException if this is not a valid ConditionType */ ! public static Apply getConditionInstance(Node root, String xpathVersion) throws ParsingException { return getInstance(root, FunctionFactory.getConditionInstance(), true, ! xpathVersion); } --- 147,161 ---- * functions, or null if this is unspecified (ie, not * supplied in the defaults section of the policy) + * @param manager <code>VariableManager</code> used to connect references + * and definitions while parsing * * @throws ParsingException if this is not a valid ConditionType */ ! public static Apply getConditionInstance(Node root, String xpathVersion, ! VariableManager manager) throws ParsingException { return getInstance(root, FunctionFactory.getConditionInstance(), true, ! xpathVersion, manager); } *************** *** 164,175 **** * functions, or null if this is unspecified (ie, not * supplied in the defaults section of the policy) * * @throws ParsingException if this is not a valid ApplyType */ ! public static Apply getInstance(Node root, String xpathVersion) throws ParsingException { return getInstance(root, FunctionFactory.getGeneralInstance(), false, ! xpathVersion); } --- 167,181 ---- * functions, or null if this is unspecified (ie, not * supplied in the defaults section of the policy) + * @param manager <code>VariableManager</code> used to connect references + * and definitions while parsing * * @throws ParsingException if this is not a valid ApplyType */ ! public static Apply getInstance(Node root, String xpathVersion, ! VariableManager manager) throws ParsingException { return getInstance(root, FunctionFactory.getGeneralInstance(), false, ! xpathVersion, manager); } *************** *** 180,187 **** */ private static Apply getInstance(Node root, FunctionFactory factory, ! boolean isCondition, String xpathVersion) throws ParsingException { ! Function function = getFunction(root, xpathVersion, factory); Function bagFunction = null; List evals = new ArrayList(); --- 186,195 ---- */ private static Apply getInstance(Node root, FunctionFactory factory, ! boolean isCondition, String xpathVersion, ! VariableManager manager) throws ParsingException { ! Function function = ExpressionHandler. ! getFunction(root, xpathVersion, factory); Function bagFunction = null; List evals = new ArrayList(); *************** *** 191,232 **** NodeList nodes = root.getChildNodes(); for (int i = 0; i < nodes.getLength(); i++) { ! Node node = nodes.item(i); ! String name = node.getNodeName(); ! if (name.equals("Apply")) { ! evals.add(Apply.getInstance(node, xpathVersion)); ! } else if (name.equals("AttributeValue")) { ! try { ! evals.add(attrFactory.createValue(node)); ! } catch (UnknownIdentifierException uie) { ! throw new ParsingException("Unknown DataType", uie); } - } else if (name.equals("SubjectAttributeDesignator")) { - evals.add(AttributeDesignator. - getInstance(node, - AttributeDesignator.SUBJECT_TARGET)); - } else if (name.equals("ResourceAttributeDesignator")) { - evals.add(AttributeDesignator. - getInstance(node, - AttributeDesignator.RESOURCE_TARGET)); - } else if (name.equals("ActionAttributeDesignator")) { - evals.add(AttributeDesignator. - getInstance(node, - AttributeDesignator.ACTION_TARGET)); - } else if (name.equals("EnvironmentAttributeDesignator")) { - evals.add(AttributeDesignator. - getInstance(node, - AttributeDesignator.ENVIRONMENT_TARGET)); - } else if (name.equals("AttributeSelector")) { - evals.add(AttributeSelector.getInstance(node, xpathVersion)); - } else if (name.equals("Function")) { - // while the schema doesn't enforce this, it's illegal to - // have more than one FunctionType in a given ApplyType - if (bagFunction != null) - throw new ParsingException("Too many FunctionTypes"); - - bagFunction = - getFunction(node, xpathVersion, - FunctionFactory.getGeneralInstance()); } } --- 199,223 ---- NodeList nodes = root.getChildNodes(); for (int i = 0; i < nodes.getLength(); i++) { ! Expression xpr = ExpressionHandler. ! parseExpression(nodes.item(i), xpathVersion, manager); ! if (xpr != null) { ! if (! xpr.isEvaluatable()) { ! // see if it's a function... ! if (xpr instanceof Function) { ! // while the schema doesn't enforce this, it's illegal ! // to have more than one FunctionType in a given ! // ApplyType ... FIXME: should I remove this? ! if (bagFunction != null) ! throw new ! ParsingException("Too many FunctionTypes"); ! ! bagFunction = (Function)xpr; ! } else { ! evals.add(xpr); ! } ! } else { ! evals.add(xpr); } } } *************** *** 236,264 **** /** ! * Helper method that tries to get a function instance */ ! private static Function getFunction(Node root, String version, ! FunctionFactory factory) ! throws ParsingException ! { ! Node functionNode = root.getAttributes().getNamedItem("FunctionId"); ! String functionName = functionNode.getNodeValue(); ! ! try { ! // try to get an instance of the given function ! return factory.createFunction(functionName); ! } catch (UnknownIdentifierException uie) { ! throw new ParsingException("Unknown FunctionId in Apply", uie); ! } catch (FunctionTypeException fte) { ! // try creating as an abstract function, using a general factory ! try { ! FunctionFactory ff = FunctionFactory.getGeneralInstance(); ! return ff.createAbstractFunction(functionName, root, version); ! } catch (Exception e) { ! // any exception at this point is a failure ! throw new ParsingException("failed to create abstract function" ! + " " + functionName, e); ! } ! } } --- 227,236 ---- /** ! * Returns true since this expression is evaluatable. ! * ! * @return true */ ! public boolean isEvaluatable() { ! return true; } *************** *** 396,400 **** if (bagFunction != null) ! out.println("<Function FunctionId=\"" + bagFunction.getIdentifier() + "\"/>"); --- 368,372 ---- if (bagFunction != null) ! out.println(indenter.makeString() + "<Function FunctionId=\"" + bagFunction.getIdentifier() + "\"/>"); Index: Evaluatable.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/cond/Evaluatable.java,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** Evaluatable.java 14 May 2004 20:43:07 -0000 1.4 --- Evaluatable.java 7 Jan 2005 23:49:32 -0000 1.5 *************** *** 58,62 **** * @author Seth Proctor */ ! public interface Evaluatable { --- 58,62 ---- * @author Seth Proctor */ ! public interface Evaluatable extends Expression { Index: Function.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/cond/Function.java,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** Function.java 17 Mar 2004 18:03:38 -0000 1.4 --- Function.java 7 Jan 2005 23:49:32 -0000 1.5 *************** *** 3,7 **** * @(#)Function.java * ! * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)Function.java * ! * Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 52,56 **** * @author Seth Proctor */ ! public interface Function { --- 52,56 ---- * @author Seth Proctor */ ! public interface Function extends Expression { Index: MapFunction.java =================================================================== RCS file: /cvsroot/sunxacml/sunxacml/com/sun/xacml/cond/MapFunction.java,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** MapFunction.java 18 Mar 2004 21:13:09 -0000 1.4 --- MapFunction.java 7 Jan 2005 23:49:32 -0000 1.5 *************** *** 3,7 **** * @(#)MapFunction.java 1.4 01/30/03 * ! * Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without --- 3,7 ---- * @(#)MapFunction.java 1.4 01/30/03 * ! * Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without *************** *** 100,103 **** --- 100,112 ---- /** + * Returns false since functions aren't directly evaluatable. + * + * @return false + */ + public boolean isEvaluatable() { + return false; + } + + /** * Returns a <code>Set</code> containing all the function identifiers * supported by this class. *************** *** 178,181 **** --- 187,200 ---- /** + * Returns the same value as <code>getReturnType</code>. This is here + * to support the <code>Expression</code> interface. + * + * @return the return type + */ + public URI getType() { + return getReturnType(); + } + + /** * Returns the attribute type returned by this function. * *************** *** 217,221 **** // get the inputs, which we expect to be correct Iterator iterator = inputs.iterator(); ! Function function = (Function)(iterator.next()); BagAttribute bag = (BagAttribute)(iterator.next()); --- 236,249 ---- // get the inputs, which we expect to be correct Iterator iterator = inputs.iterator(); ! Function function = null; ! ! Expression xpr = (Expression)(iterator.next()); ! if (xpr instanceof Function) { ! function = (Function)xpr; ! } else { ! function = (Function)(((VariableReference)xpr). ! getReferencedDefinition().getExpression()); ! } ! BagAttribute bag = (BagAttribute)(iterator.next()); *************** *** 258,262 **** // now check that we've got the right types for map ! if (! (list[0] instanceof Function)) throw new IllegalArgumentException("first argument to map must " + "be a Function"); --- 286,301 ---- // now check that we've got the right types for map ! Function function = null; ! ! if (list[0] instanceof Function) { ! function = (Function)(list[0]); ! } else if (list[0] instanceof VariableReference) { ! Expression xpr = ((VariableReference)(list[0])). ! getReferencedDefinition().getExpression(); ! if (xpr instanceof Function) ! function = (Function)xpr; ! } ! ! if (function == null) throw new IllegalArgumentException("first argument to map must " + "be a Function"); *************** *** 269,273 **** List input = new ArrayList(); input.add(list[1]); ! ((Function)(list[0])).checkInputsNoBag(input); } --- 308,312 ---- List input = new ArrayList(); input.add(list[1]); ! function.checkInputsNoBag(input); } --- NEW FILE: ExpressionHandler.java --- /* * ExpressionHandler.java * * Created by: seth proctor (stp) * Created on: Wed Dec 29, 2004 8:24:30 PM * Desc: * */ package com.sun.xacml.cond; import com.sun.xacml.ParsingException; import com.sun.xacml.UnknownIdentifierException; import com.sun.xacml.attr.AttributeDesignator; import com.sun.xacml.attr.AttributeFactory; import com.sun.xacml.attr.AttributeSelector; import org.w3c.dom.Node; /** * This is a package-private utility class that handles parsing all the * possible expression types. It was added becuase in 2.0 multiple classes * needed this. Note that this could also be added to Expression and * that interface could be made an abstract class, but that would require * substantial change. * * @since 2.0 * @author Seth Proctor */ class ExpressionHandler { /** * Parses an expression, recursively handling any sub-elements. This is * provided as a utility class, but in practice is used only by * <code>Apply</code> and <code>VariableDefinition</code>. * */ public static Expression parseExpression(Node root, String xpathVersion, VariableManager manager) throws ParsingException { String name = root.getNodeName(); if (name.equals("Apply")) { return Apply.getInstance(root, xpathVersion, manager); } else if (name.equals("AttributeValue")) { try { return AttributeFactory.getInstance().createValue(root); } catch (UnknownIdentifierException uie) { throw new ParsingException("Unknown DataType", uie); } } else if (name.equals("SubjectAttributeDesignator")) { return AttributeDesignator. getInstance(root, AttributeDesignator.SUBJECT_TARGET); } else if (name.equals("ResourceAttributeDesignator")) { return AttributeDesignator. getInstance(root, AttributeDesignator.RESOURCE_TARGET); } else if (name.equals("ActionAttributeDesignator")) { return AttributeDesignator. getInstance(root, AttributeDesignator.ACTION_TARGET); } else if (name.equals("EnvironmentAttributeDesignator")) { return AttributeDesignator. getInstance(root, AttributeDesignator.ENVIRONMENT_TARGET); } else if (name.equals("AttributeSelector")) { return AttributeSelector.getInstance(root, xpathVersion); } else if (name.equals("Function")) { return getFunction(root, xpathVersion, FunctionFactory.getGeneralInstance()); } else if (name.equals("VariableReference")) { return VariableReference.getInstance(root, manager); } // return null if it was none of these return null; } /** * Helper method that tries to get a function instance */ public static Function getFunction(Node root, String version, FunctionFactory factory) throws ParsingException { Node functionNode = root.getAttributes().getNamedItem("FunctionId"); String functionName = functionNode.getNodeValue(); try { // try to get an instance of the given function return factory.createFunction(functionName); } catch (UnknownIdentifierException uie) { throw new ParsingException("Unknown FunctionId", uie); } catch (FunctionTypeException fte) { // try creating as an abstract function try { FunctionFactory ff = FunctionFactory.getGeneralInstance(); return ff.createAbstractFunction(functionName, root, version); } catch (Exception e) { // any exception at this point is a failure throw new ParsingException("failed to create abstract function" + " " + functionName, e); } } } } |
