com.att.research.xacmlatt.pdp.policy.Policy Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of xacml-pdp Show documentation
Show all versions of xacml-pdp Show documentation
ATT reference implementation of XACML PDP engine
/*
*
* Copyright (c) 2013,2019 AT&T Knowledge Ventures
* SPDX-License-Identifier: MIT
*/
package com.att.research.xacmlatt.pdp.policy;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import com.att.research.xacml.api.Decision;
import com.att.research.xacml.api.Result;
import com.att.research.xacml.api.StatusCode;
import com.att.research.xacml.std.StdStatus;
import com.att.research.xacml.std.StdStatusCode;
import com.att.research.xacml.std.trace.StdTraceEvent;
import com.att.research.xacml.util.StringUtils;
import com.att.research.xacmlatt.pdp.eval.EvaluationContext;
import com.att.research.xacmlatt.pdp.eval.EvaluationException;
import com.att.research.xacmlatt.pdp.eval.EvaluationResult;
import com.att.research.xacmlatt.pdp.eval.MatchResult;
/**
* Policy extends {@link com.att.research.xacmlatt.pdp.policy.PolicyDef} to represent a XACML 3.0 Policy element.
*
* @author car
* @version $Revision: 1.2 $
*/
public class Policy extends PolicyDef {
private TargetedCombinerParameterMap ruleCombinerParameters = new TargetedCombinerParameterMap<>();
private VariableMap variableMap = new VariableMap();
private List rules = new ArrayList<>();
private List> combiningRules;
private CombiningAlgorithm ruleCombiningAlgorithm;
@Override
protected boolean validateComponent() {
if (super.validateComponent()) {
if (this.getRuleCombiningAlgorithm() == null) {
this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing rule combining algorithm");
return false;
} else {
return true;
}
} else {
return false;
}
}
/**
* Performs lazy evaluation of the combining parameters from this Policy.
*
* @return the List of CombiningElements for all of the Rules
*/
protected List> getCombiningRules() {
if (this.combiningRules == null) {
this.combiningRules = new ArrayList>();
Iterator iterRules = this.getRules();
while (iterRules.hasNext()) {
Rule rule = iterRules.next();
this.combiningRules.add(new CombiningElement(rule, this.ruleCombinerParameters.getCombinerParameters(rule)));
}
}
return this.combiningRules;
}
public Policy(PolicySet policySetParent, StatusCode statusCodeIn, String statusMessageIn) {
super(policySetParent, statusCodeIn, statusMessageIn);
}
public Policy(StatusCode statusCodeIn, String statusMessageIn) {
super(statusCodeIn, statusMessageIn);
}
public Policy(StatusCode statusCodeIn) {
super(statusCodeIn);
}
public Policy(PolicySet policySetParent) {
super(policySetParent);
}
public Policy() {
super();
ruleCombinerParameters.getTargetedCombinerParameters();
}
/**
* Gets an Iterator over the {@link com.att.research.xacmlatt.pdp.policy.TargetedCombinerParameter}s for
* the {@link com.att.research.xacmlatt.pdp.policy.Rule}s in this Policy.
*
* @return an Iterator over the TargetedCombinerParameters for this Policy.
*/
public Iterator> getRuleCombinerParameters() {
return this.ruleCombinerParameters.getTargetedCombinerParameters();
}
/**
* Sets the Rule combiner parameters for this Policy to the contents of the given Collection of
* TargetedCombinerParameters.
*
* @param ruleCombinerParameters the Collection of TargetedCombinerParameters to set
*/
public void setRuleCombinerParameters(Collection> ruleCombinerParameters) {
this.ruleCombinerParameters.setCombinerParameters(ruleCombinerParameters);
}
/**
* Adds the given TargetedCombinerParameter to the set of Rule combiner parameters for this Policy.
* @param ruleCombinerParameter the TargetedCombinerParameter for Rules to add.
*/
public void addRuleCombinerParameter(TargetedCombinerParameter ruleCombinerParameter) {
this.ruleCombinerParameters.addCombinerParameter(ruleCombinerParameter);
}
/**
* Adds the contents of the given Collection of TargetedCombinerParameters to the set of Rule combiner parameters
* for this Policy.
*
* @param ruleCombinerParameters the Collection of TargetedCombinerParameters to add
*/
public void addRuleCombinerParameters(Collection> ruleCombinerParameters) {
this.ruleCombinerParameters.addCombinerParameters(ruleCombinerParameters);
}
/**
* Gets an Iterator over the {@link com.att.research.xacmlatt.pdp.policy.VariableDefinition}s in this Policy.
*
* @return an Iterator over the VariableDefinitions in this Policy
*/
public Iterator getVariableDefinitions() {
return this.variableMap.getVariableDefinitions();
}
/**
* Gets the VariableDefinition for the given String variable identifier.
*
* @param variableId the String variable identifier
* @return the VariableDefinition with the given String identifier or null if not found
*/
public VariableDefinition getVariableDefinition(String variableId) {
return this.variableMap.getVariableDefinition(variableId);
}
/**
* Sets the VariableDefinitions in this Policy to the contents of the given Collection.
*
* @param listVariableDefinitions the Collection of VariableDefinitions to set
*/
public void setVariableDefinitions(Collection listVariableDefinitions) {
this.variableMap.setVariableDefinitions(listVariableDefinitions);
}
/**
* Adds the given VariableDefinition to the set of VariableDefinitions for this Policy.
*
* @param variableDefinition the VariableDefinition to add
*/
public void addVariableDefinition(VariableDefinition variableDefinition) {
this.variableMap.add(variableDefinition);
}
/**
* Adds the contents of the given Collection of VariableDefinitions to this Policy.
*
* @param variableDefinitions the Collection of VariableDefinitions to add.
*/
public void addVariableDefinitions(Collection variableDefinitions) {
this.variableMap.addVariableDefinitions(variableDefinitions);
}
/**
* Gets an Iterator over the Rules in this Policy or null if there are none.
*
* @return an Iterator over the Rules in this Policy or null if there are none.
*/
public Iterator getRules() {
return this.rules.iterator();
}
/**
* Sets the Rules for this Policy to the contents of the given Collection of
* Rules. If the Collection is null, the set of Rules for this Policy is set to null.
*
* @param listRules the Collection of Rules or null
*/
public void setRules(Collection listRules) {
this.rules.clear();
if (listRules != null) {
this.addRules(listRules);
}
}
/**
* Adds the given Rule to the set of Rules for this Policy.
*
* @param rule the Rule to add
*/
public void addRule(Rule rule) {
this.rules.add(rule);
}
/**
* Adds the contents of the given Collection of Rules to the set of Rules for
* this Policy.
*
* @param listRules the Collection of Rules to add
*/
public void addRules(Collection listRules) {
this.rules.addAll(listRules);
}
/**
* Gets the CombiningAlgorithm for Rules for this Policy.
*
* @return the CombiningAlgorithm for Rules for this Policy.
*/
public CombiningAlgorithm getRuleCombiningAlgorithm() {
return this.ruleCombiningAlgorithm;
}
/**
* Sets the CombiningAlgorithm for Rules for this Policy>
*
* @param ruleCombiningAlgorithmIn the CombiningAlgorithm for Rules for this Policy
*/
public void setRuleCombiningAlgorithm(CombiningAlgorithm ruleCombiningAlgorithmIn) {
this.ruleCombiningAlgorithm = ruleCombiningAlgorithmIn;
}
@Override
public EvaluationResult evaluate(EvaluationContext evaluationContext) throws EvaluationException {
/*
* First check to see if we are valid. If not, return an error status immediately
*/
if (!this.validate()) {
return new EvaluationResult(new StdStatus(this.getStatusCode(), this.getStatusMessage()));
}
/*
* See if we match
*/
MatchResult thisMatchResult = this.match(evaluationContext);
assert(thisMatchResult != null);
if (evaluationContext.isTracing()) {
evaluationContext.trace(new StdTraceEvent("Match", this, thisMatchResult));
}
switch(thisMatchResult.getMatchCode()) {
case INDETERMINATE:
return new EvaluationResult(Decision.INDETERMINATE, thisMatchResult.getStatus());
case MATCH:
break;
case NOMATCH:
return new EvaluationResult(Decision.NOTAPPLICABLE);
}
/*
* Get the combining elements
*/
List> ruleCombiningElements = this.getCombiningRules();
assert(ruleCombiningElements != null);
/*
* Run the combining algorithm
*/
assert(this.getRuleCombiningAlgorithm() != null);
EvaluationResult evaluationResultCombined = this.getRuleCombiningAlgorithm().combine(evaluationContext, ruleCombiningElements, this.getCombinerParameterList());
assert(evaluationResultCombined != null);
if (evaluationResultCombined.getDecision() == Decision.DENY || evaluationResultCombined.getDecision() == Decision.PERMIT) {
this.updateResult(evaluationResultCombined, evaluationContext);
/*
* Add my id to the policy identifiers
*/
if (evaluationContext.getRequest().getReturnPolicyIdList()) {
evaluationResultCombined.addPolicyIdentifier(this.getIdReference());
}
}
if (evaluationContext.isTracing()) {
evaluationContext.trace(new StdTraceEvent("Result", this, evaluationResultCombined));
}
return evaluationResultCombined;
}
@Override
public String toString() {
StringBuilder stringBuilder = new StringBuilder("{");
stringBuilder.append("super=");
stringBuilder.append(super.toString());
String iteratorToDump;
if ((iteratorToDump = StringUtils.toString(this.getRuleCombinerParameters())) != null) {
stringBuilder.append(",ruleCombinerParameters=");
stringBuilder.append(iteratorToDump);
}
if ((iteratorToDump = StringUtils.toString(this.getVariableDefinitions())) != null) {
stringBuilder.append(",variableDefinitions=");
stringBuilder.append(iteratorToDump);
}
if ((iteratorToDump = StringUtils.toString(this.getRules())) != null) {
stringBuilder.append(",rules=");
stringBuilder.append(iteratorToDump);
}
Object objectToDump;
if ((objectToDump = this.getRuleCombiningAlgorithm()) != null) {
stringBuilder.append(",ruleCombiningAlgorithm=");
stringBuilder.append(objectToDump.toString());
}
stringBuilder.append('}');
return stringBuilder.toString();
}
}