You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openaz.apache.org by pd...@apache.org on 2015/04/13 17:38:35 UTC
[35/51] [partial] incubator-openaz git commit: Initial seed of merged
of AT&T and JP Morgan code
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMVariableDefinition.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMVariableDefinition.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMVariableDefinition.java
new file mode 100755
index 0000000..d1d32f3
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/DOMVariableDefinition.java
@@ -0,0 +1,94 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.policy.dom;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import com.att.research.xacml.api.XACML3;
+import com.att.research.xacml.std.StdStatusCode;
+import com.att.research.xacml.std.dom.DOMProperties;
+import com.att.research.xacml.std.dom.DOMStructureException;
+import com.att.research.xacml.std.dom.DOMUtil;
+import com.att.research.xacmlatt.pdp.policy.Policy;
+import com.att.research.xacmlatt.pdp.policy.VariableDefinition;
+
+/**
+ * DOMVariableDefinition extends {@link com.att.research.xacmlatt.pdp.policy.VariableDefinition} with methods
+ * for creation from DOM {@link org.w3c.dom.Node}s.
+ *
+ * @author car
+ * @version $Revision: 1.2 $
+ */
+public class DOMVariableDefinition extends VariableDefinition {
+ private static final Log logger = LogFactory.getLog(DOMVariableDefinition.class);
+
+ protected DOMVariableDefinition() {
+ }
+
+ /**
+ * Creates a new <code>VariableDefinition</code> by parsing the given <code>Node</code> representing a XACML VariableDefinition element.
+ *
+ * @param nodeVariableDefinition the <code>Node</code> representing the XACML VariableDefinition element
+ * @param policy the <code>Policy</code> encompassing the VariableDefinition element
+ * @return a new <code>VariableDefinition</code> parsed from the given <code>Node</code>
+ * @throws DOMStructureException if there is an error parsing the <code>Node</code>
+ */
+ public static VariableDefinition newInstance(Node nodeVariableDefinition, Policy policy) throws DOMStructureException {
+ Element elementVariableDefinition = DOMUtil.getElement(nodeVariableDefinition);
+ boolean bLenient = DOMProperties.isLenient();
+
+ DOMVariableDefinition domVariableDefinition = new DOMVariableDefinition();
+
+ try {
+ Element elementExpression = DOMUtil.getFirstChildElement(elementVariableDefinition);
+ if (elementExpression != null) {
+ if (DOMExpression.isExpression(elementExpression)) {
+ domVariableDefinition.setExpression(DOMExpression.newInstance(elementExpression, policy));
+ } else if (!bLenient) {
+ throw DOMUtil.newUnexpectedElementException(elementExpression, elementVariableDefinition);
+ }
+ } else if (!bLenient) {
+ throw DOMUtil.newMissingElementException(elementVariableDefinition, XACML3.XMLNS, XACML3.ELEMENT_EXPRESSION);
+ }
+ domVariableDefinition.setId(DOMUtil.getStringAttribute(elementVariableDefinition, XACML3.ATTRIBUTE_VARIABLEID, !bLenient));
+ } catch (DOMStructureException ex) {
+ domVariableDefinition.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, ex.getMessage());
+ if (DOMProperties.throwsExceptions()) {
+ throw ex;
+ }
+ }
+ return domVariableDefinition;
+ }
+
+ public static boolean repair(Node nodeVariableDefinition) throws DOMStructureException {
+ Element elementVariableDefinition = DOMUtil.getElement(nodeVariableDefinition);
+ boolean result = false;
+
+ Element elementExpression = DOMUtil.getFirstChildElement(elementVariableDefinition);
+ if (elementExpression != null) {
+ if (DOMExpression.isExpression(elementExpression)) {
+ result = result || DOMExpression.repair(elementExpression);
+ } else {
+ logger.warn("Unexpected element " + elementExpression.getNodeName());
+ elementVariableDefinition.removeChild(elementExpression);
+ result = true;
+ }
+ } else {
+ throw DOMUtil.newMissingElementException(elementVariableDefinition, XACML3.XMLNS, XACML3.ELEMENT_EXPRESSION);
+ }
+
+ result = result || DOMUtil.repairStringAttribute(elementVariableDefinition, XACML3.ATTRIBUTE_VARIABLEID, "variable", logger);
+ return result;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/package-info.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/package-info.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/package-info.java
new file mode 100755
index 0000000..f42ce1e
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/dom/package-info.java
@@ -0,0 +1,20 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+
+package com.att.research.xacmlatt.pdp.policy.dom;
+
+/**
+ * com.att.research.xacmlatt.pdp.policy.dom contains class definitions that extend {@link com.att.research.xacmlatt.pdp.policy} classes
+ * with methods for creation from DOM {@link org.w3c.dom.Node}s.
+ *
+ * @author car
+ * @version $Revision: 1.1 $
+ */
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/Apply.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/Apply.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/Apply.java
new file mode 100755
index 0000000..08064fd
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/Apply.java
@@ -0,0 +1,170 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.policy.expressions;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+
+import com.att.research.xacml.api.Identifier;
+import com.att.research.xacml.api.StatusCode;
+import com.att.research.xacml.std.StdStatus;
+import com.att.research.xacml.std.StdStatusCode;
+import com.att.research.xacml.util.FactoryException;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContext;
+import com.att.research.xacmlatt.pdp.eval.EvaluationException;
+import com.att.research.xacmlatt.pdp.policy.Expression;
+import com.att.research.xacmlatt.pdp.policy.ExpressionResult;
+import com.att.research.xacmlatt.pdp.policy.FunctionArgument;
+import com.att.research.xacmlatt.pdp.policy.FunctionArgumentExpression;
+import com.att.research.xacmlatt.pdp.policy.FunctionDefinition;
+import com.att.research.xacmlatt.pdp.policy.FunctionDefinitionFactory;
+import com.att.research.xacmlatt.pdp.policy.PolicyDefaults;
+
+/**
+ * Apply extends {@link com.att.research.xacmlatt.pdp.policy.Expression} to implement the XACML Apply Expression element.
+ *
+ * @author car
+ * @version $Revision: 1.3 $
+ */
+public class Apply extends Expression {
+ private Identifier functionId;
+ private FunctionDefinition functionDefinition;
+ private String description;
+ private List<Expression> arguments = new ArrayList<Expression>();
+
+ protected List<Expression> getArgumentList() {
+ return this.arguments;
+ }
+
+ protected void clearArgumentList() {
+ this.getArgumentList().clear();
+ }
+
+ public Apply(StatusCode statusCodeIn, String statusMessageIn) {
+ super(statusCodeIn, statusMessageIn);
+ }
+
+ public Apply(StatusCode statusCodeIn) {
+ super(statusCodeIn);
+ }
+
+ public Apply() {
+ }
+
+ public Apply(Identifier functionIdIn, String descriptionIn, Collection<Expression> argumentsIn) {
+ this.functionId = functionIdIn;
+ this.description = descriptionIn;
+ if (argumentsIn != null) {
+ this.arguments.addAll(argumentsIn);
+ }
+ }
+
+ public Identifier getFunctionId() {
+ return this.functionId;
+ }
+
+ public void setFunctionId(Identifier identifier) {
+ this.functionId = identifier;
+ this.functionDefinition = null;
+ }
+
+ /**
+ * Gets and caches the {@link com.att.research.xacmlatt.pdp.policy.FunctionDefinition} matching the
+ * <code>Identifier</code> for the FunctionId in this <code>Apply</code>.
+ *
+ * @return the <code>FunctionDefinition</code> for the <code>Identifier</code> for the Function Id for this <code>Apply</code>
+ */
+ public FunctionDefinition getFunctionDefinition() {
+ if (this.functionDefinition == null) {
+ Identifier thisFunctionId = this.getFunctionId();
+ if (thisFunctionId != null) {
+ try {
+ this.functionDefinition = FunctionDefinitionFactory.newInstance().getFunctionDefinition(thisFunctionId);
+ } catch (FactoryException ex) {
+ this.setStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "FactoryException getting FunctionDefinition");
+ }
+ }
+ }
+ return this.functionDefinition;
+ }
+
+ public String getDescription() {
+ return this.description;
+ }
+
+ public void setDescription(String string) {
+ this.description = string;
+ }
+
+ public Iterator<Expression> getArguments() {
+ return this.getArgumentList().iterator();
+ }
+
+ public void setArguments(Collection<Expression> listExpressions) {
+ this.clearArgumentList();
+ if (listExpressions != null) {
+ this.addArguments(listExpressions);
+ }
+ }
+
+ public void addArgument(Expression expression) {
+ this.getArgumentList().add(expression);
+ }
+
+ public void addArguments(Collection<Expression> listExpressions) {
+ this.getArgumentList().addAll(listExpressions);
+ }
+
+ @Override
+ public ExpressionResult evaluate(EvaluationContext evaluationContext, PolicyDefaults policyDefaults) throws EvaluationException {
+ if (!this.validate()) {
+ return ExpressionResult.newError(new StdStatus(this.getStatusCode(), this.getStatusMessage()));
+ }
+
+ /*
+ * Get the FunctionDefinition
+ */
+ FunctionDefinition thisFunctionDefinition = this.getFunctionDefinition();
+ if (thisFunctionDefinition == null) {
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "Unknown Function \"" + this.getFunctionId().toString() + "\""));
+ }
+
+ /*
+ * Get all of the arguments and convert them into FunctionArgument objects.
+ */
+ List<FunctionArgument> listFunctionArguments = new ArrayList<FunctionArgument>();
+ Iterator<Expression> iterExpressionArguments = this.getArguments();
+ if (iterExpressionArguments != null) {
+ while (iterExpressionArguments.hasNext()) {
+ listFunctionArguments.add(new FunctionArgumentExpression(iterExpressionArguments.next(), evaluationContext, policyDefaults));
+ }
+ }
+
+ /*
+ * Apply the FunctionDefinition to the arguments
+ */
+ return thisFunctionDefinition.evaluate(evaluationContext, listFunctionArguments);
+ }
+
+ @Override
+ protected boolean validateComponent() {
+ if (this.getFunctionId() == null) {
+ this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing FunctionId");
+ return false;
+ } else {
+ this.setStatus(StdStatusCode.STATUS_CODE_OK, null);
+ return true;
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeDesignator.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeDesignator.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeDesignator.java
new file mode 100755
index 0000000..2a3e530
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeDesignator.java
@@ -0,0 +1,215 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.policy.expressions;
+
+import java.util.Collection;
+
+import com.att.research.xacml.api.Attribute;
+import com.att.research.xacml.api.AttributeValue;
+import com.att.research.xacml.api.Identifier;
+import com.att.research.xacml.api.MissingAttributeDetail;
+import com.att.research.xacml.api.Status;
+import com.att.research.xacml.api.StatusCode;
+import com.att.research.xacml.api.StatusDetail;
+import com.att.research.xacml.api.pip.PIPException;
+import com.att.research.xacml.api.pip.PIPRequest;
+import com.att.research.xacml.api.pip.PIPResponse;
+import com.att.research.xacml.std.StdMutableMissingAttributeDetail;
+import com.att.research.xacml.std.StdStatus;
+import com.att.research.xacml.std.StdStatusCode;
+import com.att.research.xacml.std.StdStatusDetail;
+import com.att.research.xacml.std.pip.StdPIPRequest;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContext;
+import com.att.research.xacmlatt.pdp.eval.EvaluationException;
+import com.att.research.xacmlatt.pdp.policy.Bag;
+import com.att.research.xacmlatt.pdp.policy.ExpressionResult;
+import com.att.research.xacmlatt.pdp.policy.PolicyDefaults;
+
+/**
+ * AttributeDesignator extends {@link com.att.research.xacmlatt.pdp.policy.expression.AttributeRetrievalBase} to represent the
+ * XACML AttributeDesignator element.
+ *
+ * @author car
+ * @version $Revision: 1.2 $
+ */
+public class AttributeDesignator extends AttributeRetrievalBase {
+ private Identifier attributeId;
+ private String issuer;
+ private PIPRequest pipRequestCached;
+ private MissingAttributeDetail missingAttributeDetail;
+ private StatusDetail statusDetail;
+
+ protected PIPRequest getPIPRequest() {
+ if (this.pipRequestCached == null) {
+ this.pipRequestCached = new StdPIPRequest(this.getCategory(), this.getAttributeId(), this.getDataTypeId(), this.getIssuer());
+ }
+ return this.pipRequestCached;
+ }
+
+ protected MissingAttributeDetail getMissingAttributeDetail() {
+ if (this.missingAttributeDetail == null) {
+ this.missingAttributeDetail = new StdMutableMissingAttributeDetail(this.getCategory(), this.getAttributeId(), this.getDataTypeId(), this.getIssuer());
+ }
+ return this.missingAttributeDetail;
+ }
+
+ protected StatusDetail getStatusDetail() {
+ if (this.statusDetail == null) {
+ this.statusDetail = new StdStatusDetail(this.getMissingAttributeDetail());
+ }
+ return this.statusDetail;
+ }
+
+ public AttributeDesignator(StatusCode statusCodeIn, String statusMessageIn) {
+ super(statusCodeIn, statusMessageIn);
+ }
+
+ public AttributeDesignator(StatusCode statusCodeIn) {
+ super(statusCodeIn);
+ }
+
+ public AttributeDesignator() {
+ }
+
+ public Identifier getAttributeId() {
+ return this.attributeId;
+ }
+
+ public void setAttributeId(Identifier identifierAttributeId) {
+ this.attributeId = identifierAttributeId;
+ }
+
+ public String getIssuer() {
+ return this.issuer;
+ }
+
+ public void setIssuer(String issuerIn) {
+ this.issuer = issuerIn;
+ }
+
+ @Override
+ protected boolean validateComponent() {
+ if (!super.validateComponent()) {
+ return false;
+ } else if (this.getAttributeId() == null) {
+ this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing AttributeId");
+ return false;
+ } else {
+ return true;
+ }
+ }
+
+ /**
+ * Determines if the given <code>Attribute</code> has the same category, attribute id, and issuer as this
+ * <code>AttributeDesignator</code>.
+ *
+ * @param attribute the <code>Attribute</code> to test
+ * @return true if the <code>Attribute</code> matches, else false
+ */
+ protected boolean match(Attribute attribute) {
+ if (!this.getCategory().equals(attribute.getCategory())) {
+ return false;
+ } else if (!this.getAttributeId().equals(attribute.getAttributeId())) {
+ return false;
+ } else if (this.getIssuer() != null && !this.getIssuer().equals(attribute.getIssuer())) {
+ return false;
+ } else {
+ return true;
+ }
+ }
+
+ /**
+ * Determines if the given <code>AttributeValue</code> has the same data type id as this
+ * <code>AttributeDesignator</code>.
+ *
+ * @param attributeValue the <code>AttributeValue</code> to test
+ * @return true if the <code>AttributeValue</code> maches, else false
+ */
+ protected boolean match(AttributeValue<?> attributeValue) {
+ if (!this.getDataTypeId().equals(attributeValue.getDataTypeId())) {
+ return false;
+ } else {
+ return true;
+ }
+ }
+
+ @Override
+ public ExpressionResult evaluate(EvaluationContext evaluationContext, PolicyDefaults policyDefaults) throws EvaluationException {
+ if (!this.validate()) {
+ return ExpressionResult.newInstance(new StdStatus(this.getStatusCode(), this.getStatusMessage()));
+ }
+
+ /*
+ * Set up the PIPRequest representing this
+ */
+ PIPRequest pipRequest = this.getPIPRequest();
+ assert(pipRequest != null);
+
+ /*
+ * Query the evaluation context for results
+ */
+ PIPResponse pipResponse = null;
+ try {
+ pipResponse = evaluationContext.getAttributes(pipRequest);
+ } catch (PIPException ex) {
+ throw new EvaluationException("PIPException getting Attributes", ex);
+ }
+ assert(pipResponse != null);
+
+ /*
+ * See if the request was successful
+ */
+ Status pipStatus = pipResponse.getStatus();
+ if (pipStatus != null && !pipStatus.getStatusCode().equals(StdStatusCode.STATUS_CODE_OK)) {
+ return ExpressionResult.newInstance(pipStatus);
+ }
+
+ /*
+ * See if there were any results
+ */
+ Bag bagAttributeValues = new Bag();
+ Collection<Attribute> listAttributes = pipResponse.getAttributes();
+ for (Attribute attribute : listAttributes) {
+ if (this.match(attribute)) {
+ for (AttributeValue<?> attributeValue: attribute.getValues()) {
+ if (this.match(attributeValue)) {
+ bagAttributeValues.add(attributeValue);
+ }
+ }
+ }
+ }
+ if (this.getMustBePresent() && bagAttributeValues.size() == 0) {
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_MISSING_ATTRIBUTE, "Missing required attribute", new StdStatusDetail(this.getMissingAttributeDetail())));
+ } else {
+ return ExpressionResult.newBag(bagAttributeValues);
+ }
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder stringBuilder = new StringBuilder("{");
+
+ stringBuilder.append("super=");
+ stringBuilder.append(super.toString());
+
+ Object objectToDump;
+ if ((objectToDump = this.getAttributeId()) != null) {
+ stringBuilder.append(",attributeId=");
+ stringBuilder.append(objectToDump.toString());
+ }
+ if ((objectToDump = this.getIssuer()) != null) {
+ stringBuilder.append(",issuer=");
+ stringBuilder.append((String)objectToDump);
+ }
+ stringBuilder.append('}');
+ return stringBuilder.toString();
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeRetrievalBase.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeRetrievalBase.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeRetrievalBase.java
new file mode 100755
index 0000000..21ac724
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeRetrievalBase.java
@@ -0,0 +1,170 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.policy.expressions;
+
+import com.att.research.xacml.api.Identifier;
+import com.att.research.xacml.api.StatusCode;
+import com.att.research.xacml.api.StatusDetail;
+import com.att.research.xacml.api.XACML;
+import com.att.research.xacml.std.StdStatus;
+import com.att.research.xacml.std.StdStatusCode;
+import com.att.research.xacml.std.datatypes.DataTypes;
+import com.att.research.xacmlatt.pdp.policy.Expression;
+import com.att.research.xacmlatt.pdp.policy.ExpressionResult;
+
+/**
+ * AttributeRetrievalBase extends {@link com.att.research.xacmlatt.pdp.policy.PolicyComponent} and
+ * implements {@link com.att.research.xacmlatt.pdp.eval.Evaluatable} to serve as an abstract base class
+ * for the {@link com.att.research.xacmlatt.pdp.policy.AttributeSelector} and {@link com.att.research.xacmlatt.pdp.policy.AttributeDesignator}
+ * classes.
+ *
+ * @author car
+ * @version $Revision: 1.1 $
+ */
+public abstract class AttributeRetrievalBase extends Expression {
+ private Identifier category;
+ private Identifier dataTypeId;
+ private Boolean mustBePresent;
+
+ protected AttributeRetrievalBase(StatusCode statusCodeIn,
+ String statusMessageIn) {
+ super(statusCodeIn, statusMessageIn);
+ }
+
+ protected AttributeRetrievalBase(StatusCode statusCodeIn) {
+ super(statusCodeIn);
+ }
+
+ protected AttributeRetrievalBase() {
+ }
+
+ protected AttributeRetrievalBase(Identifier categoryIn, Identifier dataTypeIdIn, Boolean mustBePresentIn) {
+ this.category = categoryIn;
+ this.dataTypeId = dataTypeIdIn;
+ this.mustBePresent = mustBePresentIn;
+ }
+
+ /**
+ * Gets the {@link com.att.research.xacml.api.Identifier} for the category associated with this
+ * <code>AttributeRetrievalBase</code>.
+ *
+ * @return the <code>Identifier</code> for the category of this <code>AttributeRetrievalBase</code>.
+ */
+ public Identifier getCategory() {
+ return this.category;
+ }
+
+ /**
+ * Sets the <code>Identifier</code> for the category associated with this <code>AttributeRetrievalBase</code>.
+ *
+ * @param categoryIn the <code>Identifier</code> for the category associated with this <code>AttributeRetrievalBase</code>
+ */
+ public void setCategory(Identifier categoryIn) {
+ this.category = categoryIn;
+ }
+
+ /**
+ * Gets the <code>Identifier</code> for the data type associated with this <code>AttributeRetrievalBase</code>.
+ *
+ * @return the <code>Identifier</code> for the data type associated with this <code>AttributeRetrievalBase</code>
+ */
+ public Identifier getDataTypeId() {
+ return this.dataTypeId;
+ }
+
+ /**
+ * Sets the <code>Identifier</code> for the data type associated with this <code>AttributeRetrievalBase</code>.
+ *
+ * @param dataTypeIn the <code>Identifier</code> for the data type associated with this <code>AttributeRetrievalBase</code>
+ */
+ public void setDataTypeId(Identifier dataTypeIn) {
+ // allow old-style Ids for Durations since there is no structural or semantic changes, just a different Id.
+ if (dataTypeIn.equals(XACML.ID_DATATYPE_WD_DAYTIMEDURATION)) {
+ dataTypeIn = DataTypes.DT_DAYTIMEDURATION.getId();
+ } else if (dataTypeIn.equals(XACML.ID_DATATYPE_WD_YEARMONTHDURATION)) {
+ dataTypeIn = DataTypes.DT_YEARMONTHDURATION.getId();
+ }
+ this.dataTypeId = dataTypeIn;
+ }
+
+ /**
+ * Determines if a value must be found for this <code>AttributeRetrievalBase</code> when it is evaluated. If true,
+ * and no value is found, an indeterminate result is returned, otherwise an empty bag is returned.
+ *
+ * @return true if the value of this <code>AttributeRetrievalBase</code> must be found, else false
+ */
+ public Boolean getMustBePresent() {
+ return this.mustBePresent;
+ }
+
+ /**
+ * Sets the flag indicating whether a value must be found for this <code>AttributeRetrievalBase</code>.
+ *
+ * @param b the boolean value for the flag
+ */
+ public void setMustBePresent(boolean b) {
+ this.mustBePresent = b;
+ }
+
+ @Override
+ protected boolean validateComponent() {
+ if (this.getCategory() == null) {
+ this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing Category");
+ return false;
+ } else if (this.getDataTypeId() == null) {
+ this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing DataType");
+ return false;
+ } else if (this.getMustBePresent() == null) {
+ this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing MustBePresent");
+ return false;
+ } else {
+ this.setStatus(StdStatusCode.STATUS_CODE_OK, null);
+ return true;
+ }
+ }
+
+ @Override public String toString() {
+ StringBuilder stringBuilder = new StringBuilder("{");
+ stringBuilder.append("super=");
+ stringBuilder.append(super.toString());
+
+ Object objectToDump;
+ if ((objectToDump = this.getCategory()) != null) {
+ stringBuilder.append(",category=");
+ stringBuilder.append(objectToDump.toString());
+ }
+ if ((objectToDump = this.getDataTypeId()) != null) {
+ stringBuilder.append(",dataType=");
+ stringBuilder.append(objectToDump.toString());
+ }
+ if ((objectToDump = this.getMustBePresent()) != null) {
+ stringBuilder.append(",mustBePresent=");
+ stringBuilder.append(objectToDump.toString());
+ }
+ stringBuilder.append('}');
+ return stringBuilder.toString();
+ }
+
+ /**
+ * Creates the appropriate {@link com.att.research.xacmlatt.pdp.policy.ExpressionResult} for an empty list based
+ * on the <code>getMustBePresent</code> value.
+ *
+ * @return an appropriate <code>ExpressionResult</code>
+ */
+ protected ExpressionResult getEmptyResult(String statusMessage, StatusDetail statusDetail) {
+ if (this.getMustBePresent() != null && this.getMustBePresent().booleanValue()) {
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_MISSING_ATTRIBUTE, statusMessage, statusDetail));
+ } else {
+ return ExpressionResult.newEmpty();
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeSelector.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeSelector.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeSelector.java
new file mode 100755
index 0000000..d5f94e2
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeSelector.java
@@ -0,0 +1,283 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.policy.expressions;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathExpression;
+import javax.xml.xpath.XPathExpressionException;
+import javax.xml.xpath.XPathFactory;
+
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import com.att.research.xacml.api.Attribute;
+import com.att.research.xacml.api.AttributeValue;
+import com.att.research.xacml.api.DataType;
+import com.att.research.xacml.api.DataTypeException;
+import com.att.research.xacml.api.DataTypeFactory;
+import com.att.research.xacml.api.Identifier;
+import com.att.research.xacml.api.Request;
+import com.att.research.xacml.api.RequestAttributes;
+import com.att.research.xacml.api.StatusCode;
+import com.att.research.xacml.std.StdStatus;
+import com.att.research.xacml.std.StdStatusCode;
+import com.att.research.xacml.std.datatypes.DataTypes;
+import com.att.research.xacml.std.datatypes.NodeNamespaceContext;
+import com.att.research.xacml.std.datatypes.XPathExpressionWrapper;
+import com.att.research.xacml.std.dom.DOMStructureException;
+import com.att.research.xacml.std.dom.DOMUtil;
+import com.att.research.xacml.util.FactoryException;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContext;
+import com.att.research.xacmlatt.pdp.eval.EvaluationException;
+import com.att.research.xacmlatt.pdp.policy.Bag;
+import com.att.research.xacmlatt.pdp.policy.ExpressionResult;
+import com.att.research.xacmlatt.pdp.policy.PolicyDefaults;
+
+/**
+ * AttributeSelector extends {@link com.att.research.xacmlatt.pdp.policy.expressions.AttributeRetrievalBase} to implement
+ * the XACML AttributeSelector element.
+ *
+ * @author car
+ * @version $Revision: 1.2 $
+ */
+public class AttributeSelector extends AttributeRetrievalBase {
+ private Identifier contextSelectorId;
+ private String path;
+ @SuppressWarnings("unused")
+ private DataType<?> dataType;
+
+ protected DataType<?> getDataType() {
+ Identifier dataTypeIdThis = this.getDataTypeId();
+ if (dataTypeIdThis == null) {
+ return null;
+ } else {
+ DataTypeFactory dataTypeFactory = null;
+ try {
+ dataTypeFactory = DataTypeFactory.newInstance();
+ if (dataTypeFactory == null) {
+ return null;
+ }
+ } catch (FactoryException ex) {
+ return null;
+ }
+ return (this.dataType = dataTypeFactory.getDataType(dataTypeIdThis));
+ }
+ }
+
+ public AttributeSelector(StatusCode statusCodeIn, String statusMessageIn) {
+ super(statusCodeIn, statusMessageIn);
+ }
+
+ public AttributeSelector(StatusCode statusCodeIn) {
+ super(statusCodeIn);
+ }
+
+ public AttributeSelector() {
+ }
+
+ public Identifier getContextSelectorId() {
+ return this.contextSelectorId;
+ }
+
+ public void setContextSelectorId(Identifier identifier) {
+ this.contextSelectorId = identifier;
+ }
+
+ public String getPath() {
+ return this.path;
+ }
+
+ public void setPath(String pathIn) {
+ this.path = pathIn;
+ }
+
+ @Override
+ protected boolean validateComponent() {
+ if (!super.validateComponent()) {
+ return false;
+ } else if (this.getPath() == null) {
+ this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing Path");
+ return false;
+ } else {
+ return true;
+ }
+ }
+
+ /**
+ * If there is a context selector ID, get the attributes from the given <code>RequestAttributes</code> with that
+ * ID, ensure they are <code>XPathExpression</code>s and return them.
+ *
+ * @param requestAttributes
+ * @return
+ */
+ protected List<XPathExpression> getContextSelectorValues(RequestAttributes requestAttributes) {
+ Identifier thisContextSelectorId = this.getContextSelectorId();
+ if (thisContextSelectorId == null) {
+ return null;
+ }
+ List<XPathExpression> listXPathExpressions = null;
+ Iterator<Attribute> iterAttributes = requestAttributes.getAttributes(thisContextSelectorId);
+ if (iterAttributes != null) {
+ while (iterAttributes.hasNext()) {
+ Attribute attribute = iterAttributes.next();
+ Iterator<AttributeValue<XPathExpressionWrapper>> iterXPathExpressions = attribute.findValues(DataTypes.DT_XPATHEXPRESSION);
+ if (iterXPathExpressions != null && iterXPathExpressions.hasNext()) {
+ if (listXPathExpressions == null) {
+ listXPathExpressions = new ArrayList<XPathExpression>();
+ }
+ listXPathExpressions.add(iterXPathExpressions.next().getValue());
+ }
+ }
+ }
+ return listXPathExpressions;
+ }
+
+ @Override
+ public ExpressionResult evaluate(EvaluationContext evaluationContext, PolicyDefaults policyDefaults) throws EvaluationException {
+ if (!this.validate()) {
+ return ExpressionResult.newError(new StdStatus(this.getStatusCode(), this.getStatusMessage()));
+ }
+
+ /*
+ * Get the DataType for this AttributeSelector for converting the resulting nodes into AttributeValues
+ */
+ DataType<?> thisDataType = this.getDataType();
+
+ /*
+ * Get the Request so we can find the XPathExpression to locate the root node and to find the Content element
+ * of the requested category.
+ */
+ Request request = evaluationContext.getRequest();
+ assert(request != null);
+
+ /*
+ * Get the RequestAttributes objects for our Category. If none are found, then we abort quickly with either
+ * an empty or indeterminate result.
+ */
+ Iterator<RequestAttributes> iterRequestAttributes = request.getRequestAttributes(this.getCategory());
+ if (iterRequestAttributes == null || !iterRequestAttributes.hasNext()) {
+ return this.getEmptyResult("No Attributes with Category " + this.getCategory().toString(), null);
+ }
+
+ /*
+ * Section 5.30 of the XACML 3.0 specification is a little vague about how to use the
+ * ContextSelectorId in the face of having multiple Attributes elements with the same CategoryId. My interpretation
+ * is that each is distinct, so we look for an attribute matching the ContextSelectorId in each matching Attributes element
+ * and use that to search the Content in that particular Attributes element. If either an Attribute matching the context selector id
+ * is not found or there is no Content, then that particular Attributes element is skipped.
+ */
+ Bag bagAttributeValues = new Bag();
+ StdStatus statusFirstError = null;
+ while (iterRequestAttributes.hasNext()) {
+ RequestAttributes requestAttributes = iterRequestAttributes.next();
+
+ /*
+ * See if we have a Content element to query.
+ */
+ Node nodeContentRoot = requestAttributes.getContentRoot();
+ if (nodeContentRoot != null) {
+ List<Node> listNodesToQuery = new ArrayList<Node>();
+ List<XPathExpression> listXPathExpressions = this.getContextSelectorValues(requestAttributes);
+ if (listXPathExpressions == null) {
+ listNodesToQuery.add(nodeContentRoot);
+ } else {
+ Iterator<XPathExpression> iterXPathExpressions = listXPathExpressions.iterator();
+ while (iterXPathExpressions.hasNext()) {
+ XPathExpression xpathExpression = iterXPathExpressions.next();
+ Node nodeContent = requestAttributes.getContentNodeByXpathExpression(xpathExpression);
+ if (nodeContent != null) {
+ listNodesToQuery.add(nodeContent);
+ }
+ }
+ }
+
+ /*
+ * If there are any nodes to query, do so now and add the results
+ */
+ if (listNodesToQuery.size() > 0) {
+ for (Node nodeToQuery : listNodesToQuery) {
+ NodeList nodeList = null;
+ try {
+ XPath xPath = XPathFactory.newInstance().newXPath();
+ xPath.setNamespaceContext(new NodeNamespaceContext(nodeToQuery.getOwnerDocument()));
+ XPathExpression xPathExpression = xPath.compile(this.getPath());
+ Node nodeToQueryDocumentRoot = null;
+ try {
+ nodeToQueryDocumentRoot = DOMUtil.getDirectDocumentChild(nodeToQuery);
+ } catch (DOMStructureException ex) {
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "Exception processing context node: " + ex.getMessage()));
+ }
+ nodeList = (NodeList)xPathExpression.evaluate(nodeToQueryDocumentRoot, XPathConstants.NODESET);
+ } catch (XPathExpressionException ex) {
+ if (statusFirstError == null) {
+ statusFirstError = new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "XPathExpressionException: " + ex.getMessage());
+ }
+ }
+ if (nodeList != null && nodeList.getLength() > 0) {
+ for (int i = 0 ; i < nodeList.getLength() ; i++) {
+ AttributeValue<?> attributeValueNode = null;
+ try {
+ attributeValueNode = thisDataType.createAttributeValue(nodeList.item(i));
+ } catch (DataTypeException ex) {
+ if (statusFirstError == null) {
+ statusFirstError = new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, ex.getMessage());
+ }
+ }
+ if (attributeValueNode != null) {
+ bagAttributeValues.add(attributeValueNode);
+ } else if (statusFirstError == null) {
+ statusFirstError = new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "Unable to convert node to " + this.getDataTypeId().toString());
+ }
+ }
+ }
+ }
+ }
+ }
+
+ }
+
+ if (bagAttributeValues.size() == 0) {
+ if (statusFirstError == null) {
+ return this.getEmptyResult("No Content found", null);
+ } else {
+ return ExpressionResult.newError(statusFirstError);
+ }
+ } else {
+ return ExpressionResult.newBag(bagAttributeValues);
+ }
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder stringBuilder = new StringBuilder("{");
+
+ stringBuilder.append("super=");
+ stringBuilder.append(super.toString());
+
+ Object objectToDump;
+ if ((objectToDump = this.getContextSelectorId()) != null) {
+ stringBuilder.append(",contextSelectorId=");
+ stringBuilder.append(objectToDump.toString());
+ }
+ if ((objectToDump = this.getPath()) != null) {
+ stringBuilder.append(",path=");
+ stringBuilder.append((String)objectToDump);
+ }
+ stringBuilder.append('}');
+ return stringBuilder.toString();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeValueExpression.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeValueExpression.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeValueExpression.java
new file mode 100755
index 0000000..73cf5b8
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/AttributeValueExpression.java
@@ -0,0 +1,89 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.policy.expressions;
+
+import com.att.research.xacml.api.AttributeValue;
+import com.att.research.xacml.api.StatusCode;
+import com.att.research.xacml.std.StdStatus;
+import com.att.research.xacml.std.StdStatusCode;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContext;
+import com.att.research.xacmlatt.pdp.eval.EvaluationException;
+import com.att.research.xacmlatt.pdp.policy.Expression;
+import com.att.research.xacmlatt.pdp.policy.ExpressionResult;
+import com.att.research.xacmlatt.pdp.policy.PolicyDefaults;
+
+/**
+ * AttributeValueExpression extends {@link com.att.research.xacmlatt.pdp.policy.Expression} to represent XACML
+ * AttributeValue elements in an Expression context.
+ *
+ * @author car
+ * @version $Revision: 1.1 $
+ */
+public class AttributeValueExpression extends Expression {
+ private AttributeValue<?> attributeValue;
+
+ public AttributeValueExpression(StatusCode statusCodeIn, String statusMessageIn) {
+ super(statusCodeIn, statusMessageIn);
+ }
+
+ public AttributeValueExpression(StatusCode statusCodeIn) {
+ super(statusCodeIn);
+ }
+
+ public AttributeValueExpression() {
+ }
+
+ public AttributeValueExpression(AttributeValue<?> attributeValueIn) {
+ this.attributeValue = attributeValueIn;
+ }
+
+ public AttributeValue<?> getAttributeValue() {
+ return this.attributeValue;
+ }
+
+ public void setAttributeValue(AttributeValue<?> attributeValueIn) {
+ this.attributeValue = attributeValueIn;
+ }
+
+ @Override
+ public ExpressionResult evaluate(EvaluationContext evaluationContext, PolicyDefaults policyDefaults) throws EvaluationException {
+ if (!this.validate()) {
+ return ExpressionResult.newError(new StdStatus(this.getStatusCode(), this.getStatusMessage()));
+ }
+
+ return ExpressionResult.newSingle(this.getAttributeValue());
+ }
+
+ @Override
+ protected boolean validateComponent() {
+ if (this.getAttributeValue() == null) {
+ this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing AttributeValue");
+ return false;
+ } else {
+ this.setStatus(StdStatusCode.STATUS_CODE_OK, null);
+ return true;
+ }
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder stringBuilder = new StringBuilder("{");
+
+ Object objectToDump;
+ if ((objectToDump = this.getAttributeValue()) != null) {
+ stringBuilder.append("attributeValue=");
+ stringBuilder.append(objectToDump.toString());
+ }
+ stringBuilder.append('}');
+ return stringBuilder.toString();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/Function.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/Function.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/Function.java
new file mode 100755
index 0000000..16cf506
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/Function.java
@@ -0,0 +1,105 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.policy.expressions;
+
+import java.net.URI;
+
+import com.att.research.xacml.api.AttributeValue;
+import com.att.research.xacml.api.DataTypeException;
+import com.att.research.xacml.api.Identifier;
+import com.att.research.xacml.api.StatusCode;
+import com.att.research.xacml.std.StdStatus;
+import com.att.research.xacml.std.StdStatusCode;
+import com.att.research.xacml.std.datatypes.DataTypes;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContext;
+import com.att.research.xacmlatt.pdp.eval.EvaluationException;
+import com.att.research.xacmlatt.pdp.policy.Expression;
+import com.att.research.xacmlatt.pdp.policy.ExpressionResult;
+import com.att.research.xacmlatt.pdp.policy.PolicyDefaults;
+
+/**
+ * Function extends {@link com.att.research.xacmlatt.pdp.policy.Expression} to implement the XACML Function element.
+ *
+ * @author car
+ * @version $Revision: 1.1 $
+ */
+public class Function extends Expression {
+ private Identifier functionId;
+ private AttributeValue<URI> attributeValue;
+ private ExpressionResult expressionResultOk;
+
+ protected ExpressionResult getExpressionResultOk() {
+ if (this.expressionResultOk == null) {
+ this.expressionResultOk = ExpressionResult.newSingle(this.getAttributeValue());
+ }
+ return this.expressionResultOk;
+ }
+
+ public Function(StatusCode statusCodeIn, String statusMessageIn) {
+ super(statusCodeIn, statusMessageIn);
+ }
+
+ public Function(StatusCode statusCodeIn) {
+ super(statusCodeIn);
+ }
+
+ public Function() {
+ }
+
+ public Function(Identifier functionIdIn) {
+ this.functionId = functionIdIn;
+ }
+
+ public Identifier getFunctionId() {
+ return this.functionId;
+ }
+
+ public void setFunctionId(Identifier identifier) {
+ this.functionId = identifier;
+ this.attributeValue = null;
+ this.expressionResultOk = null;
+ }
+
+ public AttributeValue<URI> getAttributeValue() {
+ if (this.attributeValue == null) {
+ Identifier thisFunctionId = this.getFunctionId();
+ if (thisFunctionId != null) {
+ try {
+ this.attributeValue = DataTypes.DT_ANYURI.createAttributeValue(thisFunctionId);
+ } catch (DataTypeException ex) {
+ this.attributeValue = null;
+ }
+ }
+ }
+ return this.attributeValue;
+ }
+
+ @Override
+ public ExpressionResult evaluate(EvaluationContext evaluationContext, PolicyDefaults policyDefaults) throws EvaluationException {
+ if (!this.validate()) {
+ return ExpressionResult.newError(new StdStatus(this.getStatusCode(), this.getStatusMessage()));
+ } else {
+ return this.getExpressionResultOk();
+ }
+ }
+
+ @Override
+ protected boolean validateComponent() {
+ if (this.getFunctionId() == null) {
+ this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing FunctionId");
+ return false;
+ } else {
+ this.setStatus(StdStatusCode.STATUS_CODE_OK, null);
+ return true;
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/VariableReference.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/VariableReference.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/VariableReference.java
new file mode 100755
index 0000000..be322e9
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/VariableReference.java
@@ -0,0 +1,149 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.policy.expressions;
+
+import com.att.research.xacml.api.StatusCode;
+import com.att.research.xacml.api.trace.Traceable;
+import com.att.research.xacml.std.StdStatus;
+import com.att.research.xacml.std.StdStatusCode;
+import com.att.research.xacml.std.trace.StdTraceEvent;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContext;
+import com.att.research.xacmlatt.pdp.eval.EvaluationException;
+import com.att.research.xacmlatt.pdp.policy.Expression;
+import com.att.research.xacmlatt.pdp.policy.ExpressionResult;
+import com.att.research.xacmlatt.pdp.policy.Policy;
+import com.att.research.xacmlatt.pdp.policy.PolicyDefaults;
+import com.att.research.xacmlatt.pdp.policy.VariableDefinition;
+
+/**
+ * VariableReference extends {@link com.att.research.xacmlatt.pdp.policy.Expression} to implement the XACML VariableReference
+ * element.
+ *
+ * @author car
+ * @version $Revision: 1.1 $
+ */
+public class VariableReference extends Expression implements Traceable {
+ private static final ExpressionResult ER_SE_NO_EXPRESSION = ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing Expression for VariableDefinition"));
+
+ private Policy policy;
+ private String variableId;
+ private VariableDefinition variableDefinition;
+
+ protected VariableDefinition getVariableDefinition() {
+ if (this.variableDefinition == null) {
+ Policy thisPolicy = this.getPolicy();
+ if (thisPolicy != null) {
+ String thisVariableId = this.getVariableId();
+ if (thisVariableId != null) {
+ this.variableDefinition = thisPolicy.getVariableDefinition(thisVariableId);
+ }
+ }
+ }
+ return this.variableDefinition;
+ }
+
+ public VariableReference(StatusCode statusCodeIn, String statusMessageIn) {
+ super(statusCodeIn, statusMessageIn);
+ }
+
+ public VariableReference(StatusCode statusCodeIn) {
+ super(statusCodeIn);
+ }
+
+ public VariableReference() {
+ }
+
+ public VariableReference(Policy policyIn, String variableIdIn) {
+ this.policy = policyIn;
+ this.variableId = variableIdIn;
+ }
+
+ public Policy getPolicy() {
+ return this.policy;
+ }
+
+ public void setPolicy(Policy policyIn) {
+ this.policy = policyIn;
+ }
+
+ public String getVariableId() {
+ return this.variableId;
+ }
+
+ public void setVariableId(String variableIdIn) {
+ this.variableId = variableIdIn;
+ }
+
+ @Override
+ public ExpressionResult evaluate(EvaluationContext evaluationContext, PolicyDefaults policyDefaults) throws EvaluationException {
+ if (!this.validate()) {
+ return ExpressionResult.newError(new StdStatus(this.getStatusCode(), this.getStatusMessage()));
+ }
+
+ VariableDefinition variableDefinition = this.getVariableDefinition();
+ if (variableDefinition == null) {
+ return ExpressionResult.newError(new StdStatus(StdStatusCode.STATUS_CODE_PROCESSING_ERROR, "No VariableDefinition found for \"" + this.getVariableId() + "\""));
+ }
+ Expression expression = variableDefinition.getExpression();
+ if (expression == null) {
+ return ER_SE_NO_EXPRESSION;
+ }
+
+ ExpressionResult result = expression.evaluate(evaluationContext, policyDefaults);
+
+ if (evaluationContext.isTracing()) {
+ evaluationContext.trace(new StdTraceEvent<ExpressionResult>("Variable", this, result));
+ }
+
+ return result;
+ }
+
+ @Override
+ protected boolean validateComponent() {
+ if (this.getVariableId() == null) {
+ this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing VariableId");
+ return false;
+ } else if (this.getPolicy() == null) {
+ this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "VariableReference not in a Policy");
+ return false;
+ } else {
+ this.setStatus(StdStatusCode.STATUS_CODE_OK, null);
+ return true;
+ }
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder stringBuilder = new StringBuilder("{");
+
+ stringBuilder.append("super=");
+ stringBuilder.append(super.toString());
+
+ String stringToDump;
+ if ((stringToDump = this.getVariableId()) != null) {
+ stringBuilder.append(",variableId=");
+ stringBuilder.append(stringToDump);
+ }
+ stringBuilder.append('}');
+ return stringBuilder.toString();
+ }
+
+ @Override
+ public String getTraceId() {
+ return this.variableId;
+ }
+
+ @Override
+ public Traceable getCause() {
+ return this.policy;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/package-info.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/package-info.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/package-info.java
new file mode 100755
index 0000000..0abd0ec
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/expressions/package-info.java
@@ -0,0 +1,20 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+
+package com.att.research.xacmlatt.pdp.policy.expressions;
+
+/**
+ * com.att.research.xacmlatt.pdp.policy.expressions contains class definitions that represent specific XACML elements sub-typed from
+ * the Expression element.
+ *
+ * @author car
+ * @version $Revision: 1.1 $
+ */
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/package-info.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/package-info.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/package-info.java
new file mode 100755
index 0000000..bb4a5ba
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/policy/package-info.java
@@ -0,0 +1,20 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+
+package com.att.research.xacmlatt.pdp.policy;
+
+/**
+ * com.att.research.xacmlatt.pdp.policy contains class definitions that represent a XACML 3.0 Policy such that it can be
+ * used to implement the {@link com.att.research.xacml.pdp.PDPEngine} <code>decide</code> method.
+ *
+ * @author car
+ * @version $Revision: 1.1 $
+ */
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdCombiningAlgorithmFactory.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdCombiningAlgorithmFactory.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdCombiningAlgorithmFactory.java
new file mode 100755
index 0000000..9312e31
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdCombiningAlgorithmFactory.java
@@ -0,0 +1,89 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.std;
+
+import java.lang.reflect.Field;
+import java.lang.reflect.Modifier;
+import java.util.HashMap;
+import java.util.Map;
+
+import com.att.research.xacml.api.Identifier;
+import com.att.research.xacmlatt.pdp.policy.CombiningAlgorithm;
+import com.att.research.xacmlatt.pdp.policy.CombiningAlgorithmFactory;
+import com.att.research.xacmlatt.pdp.policy.PolicySetChild;
+import com.att.research.xacmlatt.pdp.policy.Rule;
+
+/**
+ * StdCombiningAlgorithmFactory extends {@link com.att.research.xacmlatt.pdp.policy.CombiningAlgorithmFactory} to implement
+ * a mapping from {@link com.att.research.xacml.api.Identifier}s to
+ * the standard {@link com.att.research.xacmlatt.pdp.policy.CombiningAlgorithm} implementations.
+ *
+ * @author car
+ * @version $Revision: 1.2 $
+ */
+public class StdCombiningAlgorithmFactory extends CombiningAlgorithmFactory {
+ private static Map<Identifier,CombiningAlgorithm<Rule>> mapRuleCombiningAlgorithms
+ = new HashMap<Identifier,CombiningAlgorithm<Rule>>();
+ private static Map<Identifier,CombiningAlgorithm<PolicySetChild>> mapPolicyCombiningAlgorithms
+ = new HashMap<Identifier,CombiningAlgorithm<PolicySetChild>>();
+ private static boolean needInit = true;
+
+ protected static void registerRuleCombiningAlgorithm(CombiningAlgorithm<Rule> ruleCombiningAlgorithm) {
+ mapRuleCombiningAlgorithms.put(ruleCombiningAlgorithm.getId(), ruleCombiningAlgorithm);
+ }
+
+ protected static void registerPolicyCombiningAlgorithm(CombiningAlgorithm<PolicySetChild> policyCombiningAlgorithm) {
+ mapPolicyCombiningAlgorithms.put(policyCombiningAlgorithm.getId(), policyCombiningAlgorithm);
+ }
+
+ @SuppressWarnings("unchecked")
+ private static void initMap() {
+ if (needInit) {
+ synchronized(mapRuleCombiningAlgorithms) {
+ if (needInit) {
+ needInit = false;
+ Field[] declaredFields = StdCombiningAlgorithms.class.getFields();
+ for (Field field : declaredFields) {
+ if (Modifier.isStatic(field.getModifiers()) &&
+ Modifier.isPublic(field.getModifiers()) &&
+ field.getName().startsWith(StdCombiningAlgorithms.PREFIX_CA) &&
+ CombiningAlgorithm.class.isAssignableFrom(field.getType())
+ ) {
+ try {
+ if (field.getName().startsWith(StdCombiningAlgorithms.PREFIX_RULE)) {
+ registerRuleCombiningAlgorithm((CombiningAlgorithm<Rule>)field.get(null));
+ } else if (field.getName().startsWith(StdCombiningAlgorithms.PREFIX_POLICY)) {
+ registerPolicyCombiningAlgorithm((CombiningAlgorithm<PolicySetChild>)field.get(null));
+ }
+ } catch (IllegalAccessException ex) {
+
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+
+ public StdCombiningAlgorithmFactory() {
+ initMap();
+ }
+
+ @Override
+ public CombiningAlgorithm<Rule> getRuleCombiningAlgorithm(Identifier combiningAlgorithmId) {
+ return mapRuleCombiningAlgorithms.get(combiningAlgorithmId);
+ }
+
+ @Override
+ public CombiningAlgorithm<PolicySetChild> getPolicyCombiningAlgorithm(Identifier combiningAlgorithmId) {
+ return mapPolicyCombiningAlgorithms.get(combiningAlgorithmId);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdCombiningAlgorithms.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdCombiningAlgorithms.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdCombiningAlgorithms.java
new file mode 100755
index 0000000..450c1f2
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdCombiningAlgorithms.java
@@ -0,0 +1,125 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.std;
+
+import com.att.research.xacml.api.XACML1;
+import com.att.research.xacml.api.XACML3;
+import com.att.research.xacmlatt.pdp.policy.CombiningAlgorithm;
+import com.att.research.xacmlatt.pdp.policy.PolicySetChild;
+import com.att.research.xacmlatt.pdp.policy.Rule;
+import com.att.research.xacmlatt.pdp.std.combiners.CombinedPermitOverrides;
+import com.att.research.xacmlatt.pdp.std.combiners.DenyOverrides;
+import com.att.research.xacmlatt.pdp.std.combiners.DenyUnlessPermit;
+import com.att.research.xacmlatt.pdp.std.combiners.FirstApplicable;
+import com.att.research.xacmlatt.pdp.std.combiners.LegacyDenyOverridesPolicy;
+import com.att.research.xacmlatt.pdp.std.combiners.LegacyDenyOverridesRule;
+import com.att.research.xacmlatt.pdp.std.combiners.LegacyPermitOverridesPolicy;
+import com.att.research.xacmlatt.pdp.std.combiners.LegacyPermitOverridesRule;
+import com.att.research.xacmlatt.pdp.std.combiners.OnlyOneApplicable;
+import com.att.research.xacmlatt.pdp.std.combiners.PermitOverrides;
+import com.att.research.xacmlatt.pdp.std.combiners.PermitUnlessDeny;
+import com.att.research.xacmlatt.pdp.util.ATTPDPProperties;
+
+/**
+ * StdCombiningAlgorithms contains single instances of each of the {@link com.att.research.xacmlatt.pdp.policy.CombiningAlgorithm}
+ * implementations in the {@link com.att.research.xacmlatt.pdp.std.combiners} package.
+ *
+ * @author car
+ * @version $Revision: 1.2 $
+ */
+public class StdCombiningAlgorithms {
+
+ protected StdCombiningAlgorithms() {
+ }
+
+ public static final String PREFIX_CA = "CA_";
+ public static final String PREFIX_RULE = PREFIX_CA + "RULE_";
+ public static final String PREFIX_POLICY = PREFIX_CA + "POLICY_";
+
+ // C.2 Deny-overrides
+ public static final CombiningAlgorithm<Rule> CA_RULE_DENY_OVERRIDES
+ = new DenyOverrides<Rule>(XACML3.ID_RULE_DENY_OVERRIDES);
+ public static final CombiningAlgorithm<PolicySetChild> CA_POLICY_DENY_OVERRIDES
+ = new DenyOverrides<PolicySetChild>(XACML3.ID_POLICY_DENY_OVERRIDES);
+
+ // C.3 Ordered-deny-overrides
+ public static final CombiningAlgorithm<Rule> CA_RULE_ORDERED_DENY_OVERRIDES
+ = new DenyOverrides<Rule>(XACML3.ID_RULE_ORDERED_DENY_OVERRIDES);
+ public static final CombiningAlgorithm<PolicySetChild> CA_POLICY_ORDERED_DENY_OVERRIDES
+ = new DenyOverrides<PolicySetChild>(XACML3.ID_POLICY_ORDERED_DENY_OVERRIDES);
+
+ // C.4 Permit-overrides
+ public static final CombiningAlgorithm<Rule> CA_RULE_PERMIT_OVERRIDES
+ = new PermitOverrides<Rule>(XACML3.ID_RULE_PERMIT_OVERRIDES);
+ public static final CombiningAlgorithm<PolicySetChild> CA_POLICY_PERMIT_OVERRIDES
+ = new PermitOverrides<PolicySetChild>(XACML3.ID_POLICY_PERMIT_OVERRIDES);
+
+ // C.5 Ordered-permit-overrides
+ public static final CombiningAlgorithm<Rule> CA_RULE_ORDERED_PERMIT_OVERRIDES
+ = new PermitOverrides<Rule>(XACML3.ID_RULE_ORDERED_PERMIT_OVERRIDES);
+ public static final CombiningAlgorithm<PolicySetChild> CA_POLICY_ORDERED_PERMIT_OVERRIDES
+ = new PermitOverrides<PolicySetChild>(XACML3.ID_POLICY_ORDERED_PERMIT_OVERRIDES);
+
+ // C.6 Deny-unless-permit
+ public static final CombiningAlgorithm<Rule> CA_RULE_DENY_UNLESS_PERMIT
+ = new DenyUnlessPermit<Rule>(XACML3.ID_RULE_DENY_UNLESS_PERMIT);
+ public static final CombiningAlgorithm<PolicySetChild> CA_POLICY_DENY_UNLESS_PERMIT
+ = new DenyUnlessPermit<PolicySetChild>(XACML3.ID_POLICY_DENY_UNLESS_PERMIT);
+
+ // C.7 Permit-unles-deny
+ public static final CombiningAlgorithm<Rule> CA_RULE_PERMIT_UNLESS_DENY
+ = new PermitUnlessDeny<Rule>(XACML3.ID_RULE_PERMIT_UNLESS_DENY);
+ public static final CombiningAlgorithm<PolicySetChild> CA_POLICY_PERMIT_UNLESS_DENY
+ = new PermitUnlessDeny<PolicySetChild>(XACML3.ID_POLICY_PERMIT_UNLESS_DENY);
+
+ // C.8 First-applicable
+ public static final CombiningAlgorithm<Rule> CA_RULE_FIRST_APPLICABLE
+ = new FirstApplicable<Rule>(XACML1.ID_RULE_FIRST_APPLICABLE);
+ public static final CombiningAlgorithm<PolicySetChild> CA_POLICY_FIRST_APPLICABLE
+ = new FirstApplicable<PolicySetChild>(XACML1.ID_POLICY_FIRST_APPLICABLE);
+
+ // C.9 Only-one-applicable
+ //public static final CombiningAlgorithm<Rule> CA_RULE_ONLY_ONE_APPLICABLE
+ // = new OnlyOneApplicable<Rule>(XACML1.ID_RULE_ONLY_ONE_APPLICABLE);
+ public static final CombiningAlgorithm<PolicySetChild> CA_POLICY_ONLY_ONE_APPLICABLE
+ = new OnlyOneApplicable(XACML1.ID_POLICY_ONLY_ONE_APPLICABLE);
+
+ // C.10 Legacy Deny-overrides
+ public static final CombiningAlgorithm<Rule> CA_RULE_LEGACY_DENY_OVERRIDES
+ = new LegacyDenyOverridesRule(XACML1.ID_RULE_DENY_OVERRIDES);
+ public static final CombiningAlgorithm<PolicySetChild> CA_POLICY_LEGACY_DENY_OVERRIDES
+ = new LegacyDenyOverridesPolicy(XACML1.ID_POLICY_DENY_OVERRIDES);
+
+ // C.11 Legacy Ordered-deny-overrides
+ public static final CombiningAlgorithm<Rule> CA_RULE_LEGACY_ORDERED_DENY_OVERRIDES
+ = new LegacyDenyOverridesRule(XACML1.ID_RULE_ORDERED_DENY_OVERRIDES);
+ public static final CombiningAlgorithm<PolicySetChild> CA_POLICY_LEGACY_ORDERED_DENY_OVERRIDES
+ = new LegacyDenyOverridesPolicy(XACML1.ID_POLICY_ORDERED_DENY_OVERRIDES);
+
+ // C.12 Legacy Permit-overrides
+ public static final CombiningAlgorithm<Rule> CA_RULE_LEGACY_PERMIT_OVERRIDES
+ = new LegacyPermitOverridesRule(XACML1.ID_RULE_PERMIT_OVERRIDES);
+ public static final CombiningAlgorithm<PolicySetChild> CA_POLICY_LEGACY_PERMIT_OVERRIDES
+ = new LegacyPermitOverridesPolicy(XACML1.ID_POLICY_PERMIT_OVERRIDES);
+
+ // C.13 Legacy Ordered-permit-overrides
+ public static final CombiningAlgorithm<Rule> CA_RULE_LEGACY_ORDERED_PERMIT_OVERRIDES
+ = new LegacyPermitOverridesRule(XACML1.ID_RULE_ORDERED_PERMIT_OVERRIDES);
+ public static final CombiningAlgorithm<PolicySetChild> CA_POLICY_LEGACY_ORDERED_PERMIT_OVERRIDES
+ = new LegacyPermitOverridesPolicy(XACML1.ID_POLICY_ORDERED_PERMIT_OVERRIDES);
+
+ //
+ // Custom AT&T Policy Combing Algorithms
+ //
+ public static final CombiningAlgorithm<PolicySetChild> CA_POLICY_COMBINED_PERMIT_OVERRIDES
+ = new CombinedPermitOverrides<PolicySetChild>(ATTPDPProperties.ID_POLICY_COMBINEDPERMITOVERRIDES);
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdEvaluationContext.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdEvaluationContext.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdEvaluationContext.java
new file mode 100755
index 0000000..7266227
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdEvaluationContext.java
@@ -0,0 +1,150 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.std;
+
+import com.att.research.xacml.api.IdReferenceMatch;
+import com.att.research.xacml.api.Request;
+import com.att.research.xacml.api.pip.*;
+import com.att.research.xacml.api.trace.TraceEngine;
+import com.att.research.xacml.api.trace.TraceEngineFactory;
+import com.att.research.xacml.api.trace.TraceEvent;
+import com.att.research.xacml.std.pip.engines.RequestEngine;
+import com.att.research.xacml.std.pip.finders.RequestFinder;
+import com.att.research.xacml.util.FactoryException;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContext;
+import com.att.research.xacmlatt.pdp.policy.*;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import java.util.Collection;
+import java.util.Properties;
+
+/**
+ * StdEvaluationContext implements the {@link com.att.research.xacmlatt.pdp.eval.EvaluationContext} interface using
+ * default factories to load the XACML policies, and get the PIP engines.
+ *
+ * @author car
+ * @version $Revision: 1.1 $
+ */
+public class StdEvaluationContext implements EvaluationContext {
+ private Log logger = LogFactory.getLog(this.getClass());
+ private Properties properties;
+ private Request request;
+ private RequestFinder requestFinder;
+ private PolicyFinder policyFinder;
+ private TraceEngine traceEngine;
+
+ /**
+ * Creates a new <code>StdEvaluationContext</code> with the given {@link com.att.research.xacml.api.Request} and
+ * {@link com.att.research.xacmlatt.pdp.policy.PolicyDef}.
+ *
+ * @param requestIn the <code>Request</code>
+ * @param policyDef the <code>PolicyDef</code>
+ */
+ public StdEvaluationContext(Request requestIn, PolicyFinder policyFinderIn, PIPFinder pipFinder, TraceEngine traceEngineIn, Properties properties) {
+ this.properties = properties;
+ this.request = requestIn;
+ this.policyFinder = policyFinderIn;
+ if (traceEngineIn != null) {
+ this.traceEngine = traceEngineIn;
+ } else {
+ try {
+ if (this.properties == null) {
+ this.traceEngine = TraceEngineFactory.newInstance().getTraceEngine();
+ } else {
+ this.traceEngine = TraceEngineFactory.newInstance(this.properties).getTraceEngine(this.properties);
+ }
+ } catch (FactoryException ex) {
+ this.logger.error("FactoryException creating TraceEngine: " + ex.toString(), ex);
+ }
+ }
+
+ if (pipFinder == null) {
+ this.requestFinder = new RequestFinder(null, new RequestEngine(requestIn));
+ } else {
+ if (pipFinder instanceof RequestFinder) {
+ this.requestFinder = (RequestFinder)pipFinder;
+ } else {
+ this.requestFinder = new RequestFinder(pipFinder, new RequestEngine(requestIn));
+ }
+ }
+ }
+
+ public StdEvaluationContext(Request requestIn, PolicyFinder policyFinderIn, PIPFinder pipFinder, TraceEngine traceEngineIn) {
+ this(requestIn, policyFinderIn, pipFinder, traceEngineIn, null);
+ }
+
+ public StdEvaluationContext(Request requestIn, PolicyFinder policyFinderIn, PIPFinder pipFinder) {
+ this(requestIn, policyFinderIn, pipFinder, null);
+ }
+
+ @Override
+ public Request getRequest() {
+ return this.request;
+ }
+
+ @Override
+ public PIPResponse getAttributes(PIPRequest pipRequest) throws PIPException {
+ return this.requestFinder.getAttributes(pipRequest, null);
+ }
+
+ @Override
+ public PIPResponse getAttributes(PIPRequest pipRequest, PIPEngine exclude) throws PIPException {
+ return this.requestFinder.getAttributes(pipRequest, exclude);
+ }
+
+ @Override
+ public PIPResponse getAttributes(PIPRequest pipRequest, PIPEngine exclude, PIPFinder pipFinderRoot) throws PIPException {
+ return this.requestFinder.getAttributes(pipRequest, exclude, pipFinderRoot);
+ }
+
+ @Override
+ public PolicyFinderResult<PolicyDef> getRootPolicyDef() {
+ return this.policyFinder.getRootPolicyDef(this);
+ }
+
+ @Override
+ public PolicyFinderResult<Policy> getPolicy(IdReferenceMatch idReferenceMatch) {
+ return this.policyFinder.getPolicy(idReferenceMatch);
+ }
+
+ @Override
+ public PolicyFinderResult<PolicySet> getPolicySet(IdReferenceMatch idReferenceMatch) {
+ return this.policyFinder.getPolicySet(idReferenceMatch);
+ }
+
+ @Override
+ public void trace(TraceEvent<?> traceEvent) {
+ if (this.traceEngine != null) {
+ this.traceEngine.trace(traceEvent);
+ }
+ }
+
+ @Override
+ public boolean isTracing() {
+ return (this.traceEngine == null ? false : this.traceEngine.isTracing());
+ }
+
+ @Override
+ public PIPResponse getMatchingAttributes(PIPRequest pipRequest, PIPEngine exclude) throws PIPException {
+ return this.requestFinder.getMatchingAttributes(pipRequest, exclude);
+ }
+
+ @Override
+ public PIPResponse getMatchingAttributes(PIPRequest pipRequest, PIPEngine exclude, PIPFinder pipFinderParent) throws PIPException {
+ return this.requestFinder.getMatchingAttributes(pipRequest, exclude, pipFinderParent);
+ }
+
+ @Override
+ public Collection<PIPEngine> getPIPEngines() {
+ return this.requestFinder.getPIPEngines();
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdEvaluationContextFactory.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdEvaluationContextFactory.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdEvaluationContextFactory.java
new file mode 100755
index 0000000..ea68162
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdEvaluationContextFactory.java
@@ -0,0 +1,163 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.std;
+
+import java.util.Properties;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import com.att.research.xacml.api.Request;
+import com.att.research.xacml.api.pip.PIPFinder;
+import com.att.research.xacml.api.pip.PIPFinderFactory;
+import com.att.research.xacml.api.trace.TraceEngine;
+import com.att.research.xacml.api.trace.TraceEngineFactory;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContext;
+import com.att.research.xacmlatt.pdp.eval.EvaluationContextFactory;
+import com.att.research.xacmlatt.pdp.policy.PolicyFinder;
+import com.att.research.xacmlatt.pdp.policy.PolicyFinderFactory;
+
+/**
+ * StdEvaluationContextFactory extends {@link com.att.research.xacmlatt.pdp.eval.EvaluationContextFactory} to implement
+ * the <code>getEvaluationContext</code> method with a standard {@link com.att.research.xacmlatt.pdp.eval.EvaluationContext}.
+ *
+ * @author car
+ * @version $Revision: 1.1 $
+ */
+public class StdEvaluationContextFactory extends EvaluationContextFactory {
+ private Log logger = LogFactory.getLog(this.getClass());
+ private PolicyFinder policyFinder;
+ private PIPFinder pipFinder;
+ private TraceEngine traceEngine;
+
+ /**
+ * Should this properties file be passed onward when instantiating the PolicyFinder
+ * and the PIPFinder?
+ *
+ * If yes, then we are assuming that the given properties were not just meant to
+ * configure the evaluation context, but all the other engines that get created.
+ *
+ * If no, then we are assuming the given properties were only meant for the evaluation
+ * context. But this implementation as of 7/14 does not even need the properties for
+ * configuring itseof.
+ *
+ * The problem is, the caller does not have the ability to instantiate the PIPFinder
+ * and PolicyFinder engines. This is done internally by the evaluation context. So how
+ * can they have the ability to customize PIP/Policy factories with their own properties
+ * object if the properties file isn't passed on?
+ *
+ * Thus, this class will pass on the properties file if given in the constructor.
+ *
+ */
+ protected Properties properties = null;
+
+ protected PolicyFinder getPolicyFinder() {
+ if (this.policyFinder == null) {
+ synchronized(this) {
+ if (this.policyFinder == null) {
+ try {
+ if (this.properties == null) {
+ if (this.logger.isDebugEnabled()) {
+ this.logger.debug("getting Policy finder using default properties");
+ }
+ PolicyFinderFactory policyFinderFactory = PolicyFinderFactory.newInstance();
+ this.policyFinder = policyFinderFactory.getPolicyFinder();
+ } else {
+ if (this.logger.isDebugEnabled()) {
+ this.logger.debug("getting Policy finder using properties: " + this.properties);
+ }
+ PolicyFinderFactory policyFinderFactory = PolicyFinderFactory.newInstance(this.properties);
+ this.policyFinder = policyFinderFactory.getPolicyFinder(this.properties);
+ }
+ } catch (Exception ex) {
+ this.logger.error("Exception getting PolicyFinder: " + ex.getMessage(), ex);
+ }
+ }
+ }
+ }
+ return this.policyFinder;
+ }
+
+ protected PIPFinder getPIPFinder() {
+ if (this.pipFinder == null) {
+ synchronized(this) {
+ if (this.pipFinder == null) {
+ try {
+ if (this.properties == null) {
+ if (this.logger.isDebugEnabled()) {
+ this.logger.debug("getting PIP finder using default properties");
+ }
+ PIPFinderFactory pipFinderFactory = PIPFinderFactory.newInstance();
+ this.pipFinder = pipFinderFactory.getFinder();
+ } else {
+ if (this.logger.isDebugEnabled()) {
+ this.logger.debug("getting PIP finder using properties: " + this.properties);
+ }
+ PIPFinderFactory pipFinderFactory = PIPFinderFactory.newInstance(this.properties);
+ this.pipFinder = pipFinderFactory.getFinder(this.properties);
+ }
+ } catch (Exception ex) {
+ this.logger.error("Exception getting PIPFinder: " + ex.toString(), ex);
+ }
+ }
+ }
+ }
+ return this.pipFinder;
+ }
+
+ protected TraceEngine getTraceEngine() {
+ if (this.traceEngine == null) {
+ synchronized(this) {
+ if (this.traceEngine == null) {
+ try {
+ if (this.properties == null) {
+ TraceEngineFactory traceEngineFactory = TraceEngineFactory.newInstance();
+ this.traceEngine = traceEngineFactory.getTraceEngine();
+ } else {
+ TraceEngineFactory traceEngineFactory = TraceEngineFactory.newInstance(this.properties);
+ this.traceEngine = traceEngineFactory.getTraceEngine(this.properties);
+ }
+ } catch (Exception ex) {
+ this.logger.error("Exception getting TraceEngine: " + ex.toString(), ex);
+ }
+ }
+ }
+ }
+ return this.traceEngine;
+ }
+
+ public StdEvaluationContextFactory() {
+ }
+
+ public StdEvaluationContextFactory(Properties properties) {
+ this.properties = properties;
+ }
+
+ @Override
+ public EvaluationContext getEvaluationContext(Request request) {
+ if (this.properties == null) {
+ return new StdEvaluationContext(request, this.getPolicyFinder(), this.getPIPFinder(), this.getTraceEngine());
+ } else {
+ return new StdEvaluationContext(request, this.getPolicyFinder(), this.getPIPFinder(), this.getTraceEngine(), this.properties);
+ }
+ }
+
+ @Override
+ public void setPolicyFinder(PolicyFinder policyFinderIn) {
+ this.policyFinder = policyFinderIn;
+ }
+
+ @Override
+ public void setPIPFinder(PIPFinder pipFinderIn) {
+ this.pipFinder = pipFinderIn;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdFunctionDefinitionFactory.java
----------------------------------------------------------------------
diff --git a/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdFunctionDefinitionFactory.java b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdFunctionDefinitionFactory.java
new file mode 100755
index 0000000..04f8001
--- /dev/null
+++ b/openaz-xacml-pdp/src/main/java/com/att/research/xacmlatt/pdp/std/StdFunctionDefinitionFactory.java
@@ -0,0 +1,70 @@
+/*
+ * AT&T - PROPRIETARY
+ * THIS FILE CONTAINS PROPRIETARY INFORMATION OF
+ * AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
+ * ACCORDANCE WITH APPLICABLE AGREEMENTS.
+ *
+ * Copyright (c) 2013 AT&T Knowledge Ventures
+ * Unpublished and Not for Publication
+ * All Rights Reserved
+ */
+package com.att.research.xacmlatt.pdp.std;
+
+import java.lang.reflect.Field;
+import java.lang.reflect.Modifier;
+import java.util.HashMap;
+import java.util.Map;
+
+import com.att.research.xacml.api.Identifier;
+import com.att.research.xacmlatt.pdp.policy.FunctionDefinition;
+import com.att.research.xacmlatt.pdp.policy.FunctionDefinitionFactory;
+
+/**
+ * StdFunctionDefinitionFactory is the default {@link com.att.research.xacmlatt.pdp.policy.FunctionDefinitionFactory} implementation
+ * used if no other <code>FunctionDefinitionFactory</code> implementation is supplied. It contains all of the standard XACML 3.0
+ * functions.
+ *
+ * @author car
+ * @version $Revision: 1.2 $
+ */
+public class StdFunctionDefinitionFactory extends FunctionDefinitionFactory {
+ private static Map<Identifier,FunctionDefinition> mapFunctionDefinitions = new HashMap<Identifier,FunctionDefinition>();
+ private static boolean needMapInit = true;
+
+ private static void register(FunctionDefinition functionDefinition) {
+ mapFunctionDefinitions.put(functionDefinition.getId(), functionDefinition);
+ }
+
+ private static void initMap() {
+ if (needMapInit) {
+ synchronized(mapFunctionDefinitions) {
+ if (needMapInit) {
+ needMapInit = false;
+ Field[] declaredFields = StdFunctions.class.getDeclaredFields();
+ for (Field field : declaredFields) {
+ if (Modifier.isStatic(field.getModifiers()) &&
+ field.getName().startsWith(StdFunctions.FD_PREFIX) &&
+ FunctionDefinition.class.isAssignableFrom(field.getType()) &&
+ Modifier.isPublic(field.getModifiers())
+ ) {
+ try {
+ register((FunctionDefinition)(field.get(null)));
+ } catch (IllegalAccessException ex) {
+
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+
+ public StdFunctionDefinitionFactory() {
+ initMap();
+ }
+
+ @Override
+ public FunctionDefinition getFunctionDefinition(Identifier functionId) {
+ return mapFunctionDefinitions.get(functionId);
+ }
+}