Java Code Examples for org.wso2.balana.cond.EvaluationResult#indeterminate()
The following examples show how to use
org.wso2.balana.cond.EvaluationResult#indeterminate() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: TargetMatch.java From balana with Apache License 2.0 | 6 votes |
|
/**
* Private helper that evaluates an individual match.
*
* @param inputs <code>List</code> of <code>Evaluatable</code>
* @param context <code>EvaluationCtx</code>
* @return match result as <code>MatchResult</code>
*/
private MatchResult evaluateMatch(List inputs, EvaluationCtx context) {
// first off, evaluate the function
EvaluationResult result = function.evaluate(inputs, context);
// if it was indeterminate, then that's what we return immediately
if (result.indeterminate())
return new MatchResult(MatchResult.INDETERMINATE, result.getStatus());
// otherwise, we figure out if it was a match
BooleanAttribute bool = (BooleanAttribute) (result.getAttributeValue());
if (bool.getValue())
return new MatchResult(MatchResult.MATCH);
else
return new MatchResult(MatchResult.NO_MATCH);
}
Example 2
| Source File: XACML3HigherOrderFunction.java From balana with Apache License 2.0 | 6 votes |
|
private EvaluationResult getEvaluationResult(EvaluationCtx context, Function function, AttributeValue val1,
AttributeValue val2, boolean isAllFunction) {
List<Evaluatable> params = new ArrayList<>();
params.add(val1);
params.add(val2);
EvaluationResult result = function.evaluate(params, context);
if (result.indeterminate()) {
return result;
}
BooleanAttribute bool = (BooleanAttribute) (result.getAttributeValue());
if (bool.getValue() != isAllFunction) {
return result;
}
return null;
}
Example 3
| Source File: AttributeSelector.java From balana with Apache License 2.0 | 5 votes |
|
/**
* Invokes the <code>AttributeFinder</code> used by the given <code>EvaluationCtx</code> to try
* to resolve an attribute value. If the selector is defined with MustBePresent as true, then
* failure to find a matching value will result in Indeterminate, otherwise it will result in an
* empty bag. To support the basic selector functionality defined in the XACML specification,
* use a finder that has only the <code>SelectorModule</code> as a module that supports selector
* finding.
*
* @param context representation of the request to search
*
* @return a result containing a bag either empty because no values were found or containing at
* least one value, or status associated with an Indeterminate result
*/
public EvaluationResult evaluate(EvaluationCtx context) {
// query the context
EvaluationResult result = context.getAttribute(contextPath, type, null, null, xpathVersion);
// see if we got anything
if (!result.indeterminate()) {
BagAttribute bag = (BagAttribute) (result.getAttributeValue());
// see if it's an empty bag
if (bag.isEmpty()) {
// see if this is an error or not
if (mustBePresent) {
// this is an error
if (logger.isDebugEnabled()) {
logger.debug("AttributeSelector failed to resolve a "
+ "value for a required attribute: " + contextPath);
}
ArrayList code = new ArrayList();
code.add(Status.STATUS_MISSING_ATTRIBUTE);
String message = "couldn't resolve XPath expression " + contextPath
+ " for type " + type.toString();
return new EvaluationResult(new Status(code, message));
} else {
// return the empty bag
return result;
}
} else {
// return the values
return result;
}
} else {
// return the error
return result;
}
}
Example 4
| Source File: AttributeSelector.java From balana with Apache License 2.0 | 5 votes |
|
/**
* Invokes the <code>AttributeFinder</code> used by the given <code>EvaluationCtx</code> to try
* to resolve an attribute value. If the selector is defined with MustBePresent as true, then
* failure to find a matching value will result in Indeterminate, otherwise it will result in an
* empty bag. To support the basic selector functionality defined in the XACML specification,
* use a finder that has only the <code>SelectorModule</code> as a module that supports selector
* finding.
*
* @param context representation of the request to search
*
* @return a result containing a bag either empty because no values were found or containing at
* least one value, or status associated with an Indeterminate result
*/
public EvaluationResult evaluate(EvaluationCtx context) {
// query the context
EvaluationResult result = context.getAttribute(path, type, category,
contextSelectorId, xpathVersion);
// see if we got anything
if (!result.indeterminate()) {
BagAttribute bag = (BagAttribute) (result.getAttributeValue());
// see if it's an empty bag
if (bag.isEmpty()) {
// see if this is an error or not
if (mustBePresent) {
// this is an error
if (logger.isDebugEnabled()) {
logger.debug("AttributeSelector failed to resolve a "
+ "value for a required attribute: " + path);
}
ArrayList<String> code = new ArrayList<String>();
code.add(Status.STATUS_MISSING_ATTRIBUTE);
String message = "couldn't resolve XPath expression " + path
+ " for type " + type.toString();
return new EvaluationResult(new Status(code, message));
} else {
// return the empty bag
return result;
}
} else {
// return the values
return result;
}
} else {
// return the error
return result;
}
}
Example 5
| Source File: XACML3HigherOrderFunction.java From balana with Apache License 2.0 | 4 votes |
|
@Override
public EvaluationResult evaluate(List inputs, EvaluationCtx context) {
Iterator iterator = inputs.iterator();
// Get the first arg, which is the function.
Expression xpr = (Expression) (iterator.next());
Function function = null;
if (xpr instanceof Function) {
function = (Function) xpr;
}
// Separate the remaining inputs into primitive data types or bags of primitive types.
List<AttributeValue> args = new ArrayList<>();
List<BagAttribute> bagArgs = new ArrayList<>();
while (iterator.hasNext()) {
Evaluatable eval = (Evaluatable) (iterator.next());
EvaluationResult result = eval.evaluate(context);
if (result.indeterminate()) {
return result;
}
if (result.getAttributeValue().returnsBag()) {
bagArgs.add((BagAttribute) (result.getAttributeValue()));
} else {
args.add(result.getAttributeValue());
}
}
switch (functionId) {
case ID_ANY_OF:
return anyAndAllHelper(context, function, args, bagArgs.get(0), false);
case ID_ALL_OF:
return anyAndAllHelper(context, function, args, bagArgs.get(0), true);
case ID_ANY_OF_ANY:
return anyOfAny(context, function, args, bagArgs);
}
return null;
}
Example 6
| Source File: XACML3HigherOrderFunction.java From balana with Apache License 2.0 | 4 votes |
|
private EvaluationResult anyOfAny(EvaluationCtx context, Function function, List<AttributeValue> args,
List<BagAttribute> bagArgs) {
// The expression SHALL be evaluated as if the function named in the <Function> argument was applied
// between every tuple of the cross product on all bags and the primitive values, and the results were
// combined using “urn:oasis:names:tc:xacml:1.0:function:or”
EvaluationResult result = new EvaluationResult(BooleanAttribute.getInstance(false));
if (!args.isEmpty()) {
for (int i = 0; i < args.size() - 1; i++) {
AttributeValue value = args.get(i);
List<AttributeValue> bagValue = new ArrayList<>();
bagValue.add(value);
BagAttribute bagArg = new BagAttribute(value.getType(), bagValue);
result = anyAndAllHelper(context, function, args.subList(i + 1, args.size()), bagArg, false);
if (result.indeterminate() || ((BooleanAttribute) (result.getAttributeValue())).getValue()) {
return result;
}
}
return new EvaluationResult(BooleanAttribute.getInstance(false));
}
if (!bagArgs.isEmpty()) {
for (int i = 0; i < bagArgs.size(); i++) {
for (int j = i + 1; j < bagArgs.size(); j++) {
Iterator iIterator = bagArgs.get(i).iterator();
while (iIterator.hasNext()) {
AttributeValue iValue = (AttributeValue) (iIterator.next());
Iterator jIterator = bagArgs.get(j).iterator();
while (jIterator.hasNext()) {
AttributeValue jValue = (AttributeValue) (jIterator.next());
result = getEvaluationResult(context, function, jValue, iValue, false);
if (result != null && (result.indeterminate() ||
((BooleanAttribute) (result.getAttributeValue())).getValue())) {
return result;
}
}
}
}
}
return new EvaluationResult(BooleanAttribute.getInstance(false));
}
return null;
}
Example 7
| Source File: AttributeDesignator.java From balana with Apache License 2.0 | 4 votes |
|
/**
* Evaluates the pre-assigned meta-data against the given context, trying to find some matching
* values.
*
* @param context the representation of the request
* @return a result containing a bag either empty because no values were found or containing at
* least one value, or status associated with an Indeterminate result
*/
public EvaluationResult evaluate(EvaluationCtx context) {
EvaluationResult result = null;
// look in attribute values
result = context.getAttribute(type, id, issuer, category);
// if the lookup was indeterminate, then we return immediately
if (result.indeterminate()){
return result;
}
BagAttribute bag = (BagAttribute) (result.getAttributeValue());
if (bag.isEmpty()) {
// if it's empty, this may be an error
if (mustBePresent) {
if (logger.isDebugEnabled()) {
logger.debug("AttributeDesignator failed to resolve a "
+ "value for a required attribute: " + id.toString());
}
ArrayList<String> code = new ArrayList<String>();
code.add(Status.STATUS_MISSING_ATTRIBUTE);
ArrayList<MissingAttributeDetail> missingAttributes = new ArrayList<MissingAttributeDetail>();
MissingAttributeDetail missingAttribute = new MissingAttributeDetail(id, type,
category, issuer, null, XACMLConstants.XACML_VERSION_3_0);
missingAttributes.add(missingAttribute);
StatusDetail detail = new StatusDetail(missingAttributes);
String message = "Couldn't find AttributeDesignator attribute";
// Note that there is a bug in the XACML spec. You can't
// specify an identifier without specifying acceptable
// values. Until this is fixed, this code will only
// return the status code, and not any hints about what
// was missing
/*
* List attrs = new ArrayList(); attrs.add(new Attribute(id, ((issuer == null) ?
* null : issuer.toString()), null, null)); StatusDetail detail = new
* StatusDetail(attrs);
*/
return new EvaluationResult(new Status(code, message, detail));
}
}
// if we got here the bag wasn't empty, or mustBePresent was false,
// so we just return the result
return result;
}
