com.att.research.xacmlatt.pdp.policy.PolicySet Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of xacml-pdp Show documentation
Show all versions of xacml-pdp Show documentation
ATT reference implementation of XACML PDP engine
/*
*
* Copyright (c) 2013,2019 AT&T Knowledge Ventures
* SPDX-License-Identifier: MIT
*/
package com.att.research.xacmlatt.pdp.policy;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import com.att.research.xacml.api.Decision;
import com.att.research.xacml.api.Identifier;
import com.att.research.xacml.api.StatusCode;
import com.att.research.xacml.api.trace.Traceable;
import com.att.research.xacml.std.StdStatus;
import com.att.research.xacml.std.StdStatusCode;
import com.att.research.xacml.std.trace.StdTraceEvent;
import com.att.research.xacml.util.StringUtils;
import com.att.research.xacmlatt.pdp.eval.EvaluationContext;
import com.att.research.xacmlatt.pdp.eval.EvaluationException;
import com.att.research.xacmlatt.pdp.eval.EvaluationResult;
import com.att.research.xacmlatt.pdp.eval.MatchResult;
/**
* PolicySet extends {@link com.att.research.xacmlatt.pdp.policy.PolicyDef} to represent a XACML PolicySet element.
*
* @author car
* @version $Revision: 1.2 $
*/
public class PolicySet extends PolicyDef {
private TargetedCombinerParameterMap policyCombinerParameters = new TargetedCombinerParameterMap<>();
private List children;
private List> combiningPolicies;
private CombiningAlgorithm combiningAlgorithm;
private void ensureChildren() {
if (this.children == null) {
this.children = new ArrayList<>();
}
}
/**
* Performs lazy evaluation of the combining parameters from this Policy.
*
* @return the List of CombiningElements for all of the Rules
*/
protected List> getCombiningPolicies() {
if (this.combiningPolicies == null) {
this.combiningPolicies = new ArrayList<>();
Iterator iterPolicies = this.getChildren();
if (iterPolicies != null) {
while (iterPolicies.hasNext()) {
PolicySetChild policySetChild = iterPolicies.next();
this.combiningPolicies.add(new CombiningElement<>(policySetChild, this.policyCombinerParameters.getCombinerParameters(policySetChild)));
}
}
}
return this.combiningPolicies;
}
@Override
protected boolean validateComponent() {
if (super.validateComponent()) {
if (this.getPolicyCombiningAlgorithm() == null) {
this.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "Missing policy combining algorithm");
return false;
} else {
return true;
}
} else {
return false;
}
}
public PolicySet(StatusCode statusCodeIn, String statusMessageIn) {
super(statusCodeIn, statusMessageIn);
}
public PolicySet(StatusCode statusCodeIn) {
super(statusCodeIn);
}
public PolicySet(PolicySet policySetParent) {
super(policySetParent);
}
public PolicySet() {
}
/**
* Gets an Iterator over the {@link com.att.research.xacmlatt.pdp.policy.TargetedCombinerParameter}s
* for {@link com.att.research.xacmlatt.pdp.policy.Policy} elements in this
* PolicySet.
*
* @return an Iterator over the TargetedCombinerParameters for Policy elements in this
* PolicySet.
*/
public Iterator> getPolicyCombinerParameters() {
return this.policyCombinerParameters.getTargetedCombinerParameters();
}
/**
* Sets the Policy combiner parameters for this PolicySet from the contents of the given Collection
* of TargetedCombinerParameters.
*
* @param policyCombinerParametersIn the Collection of TargetedCombinerParameters.
*/
public void setPolicyCombinerParameters(Collection> policyCombinerParametersIn) {
this.policyCombinerParameters.setCombinerParameters(policyCombinerParametersIn);
}
public void addPolicyCombinerParameter(TargetedCombinerParameter policyCombinerParameter) {
this.policyCombinerParameters.addCombinerParameter(policyCombinerParameter);
}
public void addPolicyCombinerParameters(Collection> policyCombinerParametersIn) {
this.policyCombinerParameters.addCombinerParameters(policyCombinerParametersIn);
}
/**
* Gets an Iterator over the PolicySetChild children of this PolicySet.
*
* @return an Iterator over the PolicySetChild children of this PolicySet or null if there are none.
*/
public Iterator getChildren() {
return (this.children == null ? null : this.children.iterator());
}
public void setChildren(Collection policySetChildren) {
this.children = null;
if (policySetChildren != null) {
this.addChildren(policySetChildren);
}
}
public void addChild(PolicySetChild policySetChild) {
this.ensureChildren();
this.children.add(policySetChild);
}
public void addChildren(Collection policySetChildren) {
this.ensureChildren();
this.children.addAll(policySetChildren);
}
/**
* Gets the {@link com.att.research.xacmlatt.pdp.policy.CombiningAlgorithm} for PolicySetChild children for this PolicySet.
*
* @return the CombiningAlgorithm for PolicySetChild children for this PolicySet.
*/
public CombiningAlgorithm getPolicyCombiningAlgorithm() {
return this.combiningAlgorithm;
}
public void setPolicyCombiningAlgorithm(CombiningAlgorithm combiningAlgorithmIn) {
this.combiningAlgorithm = combiningAlgorithmIn;
}
@Override
public EvaluationResult evaluate(EvaluationContext evaluationContext) throws EvaluationException {
/*
* First check to see if we are valid. If not, return an error status immediately
*/
if (evaluationContext.isTracing()) {
evaluationContext.trace(new StdTraceEvent<>("PolicySet", this, null));
}
if (!this.validate()) {
return new EvaluationResult(new StdStatus(this.getStatusCode(), this.getStatusMessage()));
}
/*
* See if we match
*/
MatchResult thisMatchResult = this.match(evaluationContext);
assert(thisMatchResult != null);
if (evaluationContext.isTracing()) {
evaluationContext.trace(new StdTraceEvent<>("Match", this, thisMatchResult));
}
switch(thisMatchResult.getMatchCode()) {
case INDETERMINATE:
return new EvaluationResult(Decision.INDETERMINATE, thisMatchResult.getStatus());
case MATCH:
break;
case NOMATCH:
return new EvaluationResult(Decision.NOTAPPLICABLE);
}
/*
* Get the combining elements
*/
List> listCombiningElements = this.getCombiningPolicies();
assert(listCombiningElements != null);
/*
* Run the PolicyCombiningAlgorithm
*/
assert(this.getPolicyCombiningAlgorithm() != null);
EvaluationResult evaluationResultCombined = this.getPolicyCombiningAlgorithm().combine(evaluationContext, listCombiningElements, getCombinerParameterList());
assert(evaluationResultCombined != null);
if (evaluationResultCombined.getDecision() == Decision.DENY || evaluationResultCombined.getDecision() == Decision.PERMIT) {
this.updateResult(evaluationResultCombined, evaluationContext);
/*
* Add my id to the policy set identifiers
*/
if (evaluationContext.getRequest().getReturnPolicyIdList()) {
evaluationResultCombined.addPolicySetIdentifier(this.getIdReference());
}
}
if (evaluationContext.isTracing()) {
evaluationContext.trace(new StdTraceEvent<>("Result", this, evaluationResultCombined));
}
return evaluationResultCombined;
}
@Override
public String toString() {
StringBuilder stringBuilder = new StringBuilder("{");
stringBuilder.append("super=");
stringBuilder.append(super.toString());
String iteratorToDump;
if ((iteratorToDump = StringUtils.toString(this.getPolicyCombinerParameters())) != null) {
stringBuilder.append(",policyCombinerParameters=");
stringBuilder.append(iteratorToDump);
}
if ((iteratorToDump = StringUtils.toString(this.getChildren())) != null) {
stringBuilder.append(",children=");
stringBuilder.append(iteratorToDump);
}
Object objectToDump;
if ((objectToDump = this.getPolicyCombiningAlgorithm()) != null) {
stringBuilder.append(",policyCombiningAlgorithm=");
stringBuilder.append(objectToDump.toString());
}
stringBuilder.append('}');
return stringBuilder.toString();
}
@Override
public String getTraceId() {
return this.getIdentifier().stringValue();
}
@Override
public Traceable getCause() {
return null;
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy