You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openaz.apache.org by pd...@apache.org on 2016/03/17 01:41:01 UTC
[1/2] incubator-openaz git commit: Include PolicyIdentifiers for non
Deny/Permit
Repository: incubator-openaz
Updated Branches:
refs/heads/master 29d029c0c -> 5c9ab8cdd
Include PolicyIdentifiers for non Deny/Permit
The Policy and PolicySet will always include the PolicyIdentifiers
when the Request returns true for getReturnPolicyIdList() and not
only when the Decision is Permit or Deny.
This allowes a Policy Enforcement Point to access / log the policy
in case of an Indeterminate.
Project: http://git-wip-us.apache.org/repos/asf/incubator-openaz/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-openaz/commit/e8a4d6c9
Tree: http://git-wip-us.apache.org/repos/asf/incubator-openaz/tree/e8a4d6c9
Diff: http://git-wip-us.apache.org/repos/asf/incubator-openaz/diff/e8a4d6c9
Branch: refs/heads/master
Commit: e8a4d6c9f5664f5d3070a3571850309dce86ce13
Parents: 29d029c
Author: oharsta <oh...@zilverline.com>
Authored: Thu Dec 3 09:59:37 2015 +0100
Committer: Pamela Dragosh <pd...@apache.org>
Committed: Wed Mar 16 15:39:43 2016 -0400
----------------------------------------------------------------------
openaz-xacml-pdp/pom.xml | 8 ++
.../apache/openaz/xacml/pdp/policy/Policy.java | 13 +--
.../openaz/xacml/pdp/policy/PolicySet.java | 13 +--
.../openaz/xacml/pdp/policy/PolicySetTest.java | 65 +++++++++++++
.../openaz/xacml/pdp/policy/PolicyTest.java | 97 ++++++++++++++++++++
pom.xml | 7 ++
6 files changed, 191 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/e8a4d6c9/openaz-xacml-pdp/pom.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/pom.xml b/openaz-xacml-pdp/pom.xml
index 55c6085..6326a75 100644
--- a/openaz-xacml-pdp/pom.xml
+++ b/openaz-xacml-pdp/pom.xml
@@ -40,5 +40,13 @@
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
</dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-core</artifactId>
+ </dependency>
</dependencies>
</project>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/e8a4d6c9/openaz-xacml-pdp/src/main/java/org/apache/openaz/xacml/pdp/policy/Policy.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/org/apache/openaz/xacml/pdp/policy/Policy.java b/openaz-xacml-pdp/src/main/java/org/apache/openaz/xacml/pdp/policy/Policy.java
index b5135a6..5a66ae4 100644
--- a/openaz-xacml-pdp/src/main/java/org/apache/openaz/xacml/pdp/policy/Policy.java
+++ b/openaz-xacml-pdp/src/main/java/org/apache/openaz/xacml/pdp/policy/Policy.java
@@ -310,16 +310,17 @@ public class Policy extends PolicyDef {
.combine(evaluationContext, ruleCombiningElements, this.getCombinerParameterList());
assert evaluationResultCombined != null;
+ /*
+ * Add my id to the policy identifiers
+ */
+ if (evaluationContext.getRequest().getReturnPolicyIdList()) {
+ evaluationResultCombined.addPolicyIdentifier(this.getIdReference());
+ }
+
if (evaluationResultCombined.getDecision() == Decision.DENY
|| evaluationResultCombined.getDecision() == Decision.PERMIT) {
this.updateResult(evaluationResultCombined, evaluationContext);
- /*
- * Add my id to the policy identifiers
- */
- if (evaluationContext.getRequest().getReturnPolicyIdList()) {
- evaluationResultCombined.addPolicyIdentifier(this.getIdReference());
- }
}
if (evaluationContext.isTracing()) {
evaluationContext.trace(new StdTraceEvent<Result>("Result", this, evaluationResultCombined));
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/e8a4d6c9/openaz-xacml-pdp/src/main/java/org/apache/openaz/xacml/pdp/policy/PolicySet.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/org/apache/openaz/xacml/pdp/policy/PolicySet.java b/openaz-xacml-pdp/src/main/java/org/apache/openaz/xacml/pdp/policy/PolicySet.java
index 91f95c1..3acf119 100644
--- a/openaz-xacml-pdp/src/main/java/org/apache/openaz/xacml/pdp/policy/PolicySet.java
+++ b/openaz-xacml-pdp/src/main/java/org/apache/openaz/xacml/pdp/policy/PolicySet.java
@@ -232,16 +232,17 @@ public class PolicySet extends PolicyDef {
.combine(evaluationContext, listCombiningElements, getCombinerParameterList());
assert evaluationResultCombined != null;
+ /*
+ * Add my id to the policy set identifiers
+ */
+ if (evaluationContext.getRequest().getReturnPolicyIdList()) {
+ evaluationResultCombined.addPolicySetIdentifier(this.getIdReference());
+ }
+
if (evaluationResultCombined.getDecision() == Decision.DENY
|| evaluationResultCombined.getDecision() == Decision.PERMIT) {
this.updateResult(evaluationResultCombined, evaluationContext);
- /*
- * Add my id to the policy set identifiers
- */
- if (evaluationContext.getRequest().getReturnPolicyIdList()) {
- evaluationResultCombined.addPolicySetIdentifier(this.getIdReference());
- }
}
if (evaluationContext.isTracing()) {
evaluationContext.trace(new StdTraceEvent<Result>("Result", this, evaluationResultCombined));
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/e8a4d6c9/openaz-xacml-pdp/src/test/java/org/apache/openaz/xacml/pdp/policy/PolicySetTest.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/test/java/org/apache/openaz/xacml/pdp/policy/PolicySetTest.java b/openaz-xacml-pdp/src/test/java/org/apache/openaz/xacml/pdp/policy/PolicySetTest.java
new file mode 100644
index 0000000..1acb37f
--- /dev/null
+++ b/openaz-xacml-pdp/src/test/java/org/apache/openaz/xacml/pdp/policy/PolicySetTest.java
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+
+package org.apache.openaz.xacml.pdp.policy;
+
+import org.apache.openaz.xacml.api.Decision;
+import org.apache.openaz.xacml.api.IdReference;
+import org.apache.openaz.xacml.api.Request;
+import org.apache.openaz.xacml.api.XACML1;
+import org.apache.openaz.xacml.pdp.eval.EvaluationContext;
+import org.apache.openaz.xacml.pdp.eval.EvaluationException;
+import org.apache.openaz.xacml.pdp.eval.EvaluationResult;
+import org.apache.openaz.xacml.pdp.eval.MatchResult;
+import org.apache.openaz.xacml.pdp.std.combiners.CombiningAlgorithmBase;
+import org.apache.openaz.xacml.std.StdStatusCode;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.util.Collection;
+import java.util.List;
+
+import static junit.framework.TestCase.assertEquals;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+public class PolicySetTest extends PolicyTest {
+
+ @Override
+ protected PolicyDef createPolicy() {
+ PolicySet policySet = new PolicySet(StdStatusCode.STATUS_CODE_OK);
+ policySet.addChild(super.createPolicy());
+ policySet.setTarget(createTarget());
+ CombiningAlgorithmBase<PolicySetChild> ruleCombiningAlgorithm = new CombiningAlgorithmBase<PolicySetChild>(XACML1.ID_RULE_COMBINING_ALGORITHM) {
+ @Override
+ public EvaluationResult combine(EvaluationContext evaluationContext, List<CombiningElement<PolicySetChild>> combiningElements, List<CombinerParameter> combinerParameters) throws EvaluationException {
+ return new EvaluationResult(Decision.INDETERMINATE);
+ }
+ };
+ policySet.setPolicyCombiningAlgorithm(ruleCombiningAlgorithm);
+ return policySet;
+ }
+
+ @Override
+ protected Collection<IdReference> getPolicyIdentifiers(EvaluationResult evaluationResult) {
+ return evaluationResult.getPolicySetIdentifiers();
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/e8a4d6c9/openaz-xacml-pdp/src/test/java/org/apache/openaz/xacml/pdp/policy/PolicyTest.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/test/java/org/apache/openaz/xacml/pdp/policy/PolicyTest.java b/openaz-xacml-pdp/src/test/java/org/apache/openaz/xacml/pdp/policy/PolicyTest.java
new file mode 100644
index 0000000..88e6da8
--- /dev/null
+++ b/openaz-xacml-pdp/src/test/java/org/apache/openaz/xacml/pdp/policy/PolicyTest.java
@@ -0,0 +1,97 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+
+package org.apache.openaz.xacml.pdp.policy;
+
+import org.apache.openaz.xacml.api.Decision;
+import org.apache.openaz.xacml.api.IdReference;
+import org.apache.openaz.xacml.api.Request;
+import org.apache.openaz.xacml.api.XACML1;
+import org.apache.openaz.xacml.pdp.eval.EvaluationContext;
+import org.apache.openaz.xacml.pdp.eval.EvaluationException;
+import org.apache.openaz.xacml.pdp.eval.EvaluationResult;
+import org.apache.openaz.xacml.pdp.eval.MatchResult;
+import org.apache.openaz.xacml.pdp.std.combiners.CombiningAlgorithmBase;
+import org.apache.openaz.xacml.std.StdStatusCode;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.util.Collection;
+import java.util.List;
+
+import static junit.framework.TestCase.assertEquals;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+public class PolicyTest {
+
+ private EvaluationContext evaluationContext;
+
+ @Before
+ public void before() {
+ // Individual tests can override the default behaviour
+ this.evaluationContext = mock(EvaluationContext.class);
+
+ Request request = mock(Request.class);
+ when(evaluationContext.getRequest()).thenReturn(request);
+ when(request.getReturnPolicyIdList()).thenReturn(true);
+ }
+
+ @Test
+ public void testIncludePolicyIdentifierForIndeterminate() throws EvaluationException {
+ PolicyDef policy = createPolicy();
+
+ EvaluationResult evaluationResult = policy.evaluate(evaluationContext);
+
+ Collection<IdReference> policyIdentifiers = getPolicyIdentifiers(evaluationResult);
+
+ assertEquals(1, policyIdentifiers.size());
+ assertEquals(Decision.INDETERMINATE, evaluationResult.getDecision());
+ }
+
+ protected Collection<IdReference> getPolicyIdentifiers(EvaluationResult evaluationResult) {
+ return evaluationResult.getPolicyIdentifiers();
+ }
+
+ protected PolicyDef createPolicy() {
+ Policy policy = new Policy(StdStatusCode.STATUS_CODE_OK);
+ CombiningAlgorithmBase<Rule> ruleCombiningAlgorithm = new CombiningAlgorithmBase<Rule>(XACML1.ID_RULE_COMBINING_ALGORITHM) {
+ @Override
+ public EvaluationResult combine(EvaluationContext evaluationContext, List<CombiningElement<Rule>> combiningElements, List<CombinerParameter> combinerParameters) throws EvaluationException {
+ return new EvaluationResult(Decision.INDETERMINATE);
+
+ }
+ };
+ policy.setRuleCombiningAlgorithm(ruleCombiningAlgorithm);
+ Target target = createTarget();
+ policy.setTarget(target);
+ return policy;
+ }
+
+ protected Target createTarget() {
+ return new Target() {
+ @Override
+ public MatchResult match(EvaluationContext evaluationContext) throws EvaluationException {
+ return new MatchResult(MatchResult.MatchCode.MATCH);
+ }
+ };
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/e8a4d6c9/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index fc0fe53..eca4b38 100644
--- a/pom.xml
+++ b/pom.xml
@@ -52,6 +52,7 @@
<version.commons.codec>1.10</version.commons.codec>
<version.commons.cli>1.3.1</version.commons.cli>
<version.junit>4.12</version.junit>
+ <version.mockito>1.10.19</version.mockito>
<version.log4j>1.2.17</version.log4j>
<version.xmlapi>1.4.01</version.xmlapi>
</properties>
@@ -199,6 +200,12 @@
<version>${version.junit}</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-core</artifactId>
+ <version>1.10.19</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</dependencyManagement>
<build>
[2/2] incubator-openaz git commit: adding .DS_Store to ignore
Posted by pd...@apache.org.
adding .DS_Store to ignore
Project: http://git-wip-us.apache.org/repos/asf/incubator-openaz/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-openaz/commit/5c9ab8cd
Tree: http://git-wip-us.apache.org/repos/asf/incubator-openaz/tree/5c9ab8cd
Diff: http://git-wip-us.apache.org/repos/asf/incubator-openaz/diff/5c9ab8cd
Branch: refs/heads/master
Commit: 5c9ab8cdd87655889c86f2ec7d59e7535a38c74c
Parents: e8a4d6c
Author: Pamela Dragosh <pd...@apache.org>
Authored: Wed Mar 16 15:57:57 2016 -0400
Committer: Pamela Dragosh <pd...@apache.org>
Committed: Wed Mar 16 15:57:57 2016 -0400
----------------------------------------------------------------------
.gitignore | 1 +
1 file changed, 1 insertion(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/5c9ab8cd/.gitignore
----------------------------------------------------------------------
diff --git a/.gitignore b/.gitignore
index 4ebc016..f7b27b2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
+.DS_Store
target
.project
.classpath