Java Code Examples for org.wso2.balana.AbstractPolicy#match()
The following examples show how to use
org.wso2.balana.AbstractPolicy#match() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: DenyUnlessPermitPolicyAlg.java From balana with Apache License 2.0 | 5 votes |
@Override public AbstractResult combine(EvaluationCtx context, List parameters, List policyElements) { List<ObligationResult> denyObligations = new ArrayList<ObligationResult>(); List<Advice> denyAdvices = new ArrayList<Advice>(); for (Object policyElement : policyElements) { AbstractPolicy policy = ((PolicyCombinerElement) (policyElement)).getPolicy(); MatchResult match = policy.match(context); if (match.getResult() == MatchResult.MATCH) { AbstractResult result = policy.evaluate(context); int value = result.getDecision(); // if there was a value of PERMIT, then regardless of what else // we've seen, we always return PERMIT if (value == AbstractResult.DECISION_PERMIT) { return result; } else if(value == AbstractResult.DECISION_DENY){ denyObligations.addAll(result.getObligations()); denyAdvices.addAll(result.getAdvices()); } } } // if there is not any value of PERMIT. The return DENY return ResultFactory.getFactory().getResult(AbstractResult.DECISION_DENY, denyObligations, denyAdvices, context); }
Example 2
Source File: PermitUnlessDenyPolicyAlg.java From balana with Apache License 2.0 | 5 votes |
@Override public AbstractResult combine(EvaluationCtx context, List parameters, List policyElements) { List<ObligationResult> permitObligations = new ArrayList<ObligationResult>(); List<Advice> permitAdvices= new ArrayList<Advice>(); for (Object policyElement : policyElements) { AbstractPolicy policy = ((PolicyCombinerElement) (policyElement)).getPolicy(); MatchResult match = policy.match(context); if (match.getResult() == MatchResult.MATCH) { AbstractResult result = policy.evaluate(context); int value = result.getDecision(); // if there was a value of DENY, then regardless of what else // we've seen, we always return DENY if (value == AbstractResult.DECISION_DENY) { return result; } else if (value == AbstractResult.DECISION_PERMIT) { permitObligations.addAll(result.getObligations()); permitAdvices.addAll(result.getAdvices()); } } } // if there is not any value of DENY. The return PERMIT return ResultFactory.getFactory().getResult(AbstractResult.DECISION_PERMIT, permitObligations, permitAdvices, context); }
Example 3
Source File: FirstApplicablePolicyAlg.java From balana with Apache License 2.0 | 5 votes |
/** * Applies the combining rule to the set of policies based on the evaluation context. * * @param context the context from the request * @param parameters a (possibly empty) non-null <code>List</code> of * <code>CombinerParameter<code>s * @param policyElements the policies to combine * * @return the result of running the combining algorithm */ public AbstractResult combine(EvaluationCtx context, List parameters, List policyElements) { Iterator it = policyElements.iterator(); while (it.hasNext()) { AbstractPolicy policy = ((PolicyCombinerElement) (it.next())).getPolicy(); // make sure that the policy matches the context MatchResult match = policy.match(context); if (match.getResult() == MatchResult.INDETERMINATE) return ResultFactory.getFactory().getResult(AbstractResult.DECISION_INDETERMINATE, match.getStatus(), context); if (match.getResult() == MatchResult.MATCH) { // evaluate the policy AbstractResult result = policy.evaluate(context); int effect = result.getDecision(); // in the case of PERMIT, DENY, or INDETERMINATE, we always // just return that result, so only on a rule that doesn't // apply do we keep going... if (effect != Result.DECISION_NOT_APPLICABLE && !context.isSearching()) { return result; } } } // if we got here, then none of the rules applied return ResultFactory.getFactory().getResult(AbstractResult.DECISION_NOT_APPLICABLE, context); }
Example 4
Source File: SimplePolicyCollection.java From carbon-identity-framework with Apache License 2.0 | 4 votes |
@Override public AbstractPolicy getEffectivePolicy(EvaluationCtx context) throws EntitlementException { // setup a list of matching policies ArrayList<AbstractPolicy> list = new ArrayList<AbstractPolicy>(); for (Map.Entry<URI, AbstractPolicy> entry : policyCollection.entrySet()) { AbstractPolicy policy = entry.getValue(); // see if we match MatchResult match = policy.match(context); int result = match.getResult(); // if there was an error, we stop right away if (result == MatchResult.INDETERMINATE) { log.error(match.getStatus().getMessage()); throw new EntitlementException(match.getStatus().getMessage()); } // if we matched, we keep track of the matching policy... if (result == MatchResult.MATCH) { // ...first checking if this is the first match and if // we automatically nest policies if (log.isDebugEnabled()) { log.debug("Matching XACML policy found " + policy.getId().toString()); } if ((combiningAlg == null) && (list.size() > 0)) { log.error("Too many applicable top-level policies"); throw new EntitlementException("Too many applicable top-level policies"); } list.add(policy); } } // no errors happened during the search, so now take the right // action based on how many policies we found switch (list.size()) { case 0: if (log.isDebugEnabled()) { log.debug("No matching XACML policy found"); } return null; case 1: return ((AbstractPolicy) (list.get(0))); default: return new PolicySet(parentId, combiningAlg, null, list); } }
Example 5
Source File: DefaultPolicyCollection.java From carbon-identity-framework with Apache License 2.0 | 4 votes |
/** * Attempts to retrieve a policy based on the given context. If multiple policies match then * this will either throw an exception or wrap the policies under a new PolicySet (depending on * how this instance was constructed). If no policies match, then this will return null. See the * comment in the class header about how this behaves when multiple versions of the same policy * exist. * * @param context * @return * @throws EntitlementException */ public AbstractPolicy getEffectivePolicy(EvaluationCtx context) throws EntitlementException { // setup a list of matching policies ArrayList<AbstractPolicy> list = new ArrayList<AbstractPolicy>(); // get an iterator over all the identifiers Iterator<TreeSet<AbstractPolicy>> it = policies.values().iterator(); while (it.hasNext()) { // for each identifier, get only the most recent policy AbstractPolicy policy = it.next().first(); // see if we match MatchResult match = policy.match(context); int result = match.getResult(); // if there was an error, we stop right away if (result == MatchResult.INDETERMINATE) { log.error(match.getStatus().getMessage()); throw new EntitlementException(match.getStatus().getMessage()); } // if we matched, we keep track of the matching policy... if (result == MatchResult.MATCH) { // ...first checking if this is the first match and if // we automatically nest policies if (log.isDebugEnabled()) { log.debug("Matching XACML policy found " + policy.getId().toString()); } if ((combiningAlg == null) && (list.size() > 0)) { ArrayList<String> code = new ArrayList<String>(); code.add(Status.STATUS_PROCESSING_ERROR); Status status = new Status(code, "too many applicable top-level policies"); //throw new EntitlementException(status); // TODO } list.add(policy); } } // no errors happened during the search, so now take the right // action based on how many policies we found switch (list.size()) { case 0: if (log.isDebugEnabled()) { log.debug("No matching XACML policy found"); } return null; case 1: return ((AbstractPolicy) (list.get(0))); default: return new PolicySet(parentId, combiningAlg, null, list); } }
Example 6
Source File: SimplePolicyCollection.java From carbon-identity with Apache License 2.0 | 4 votes |
@Override public AbstractPolicy getEffectivePolicy(EvaluationCtx context) throws EntitlementException { // setup a list of matching policies ArrayList<AbstractPolicy> list = new ArrayList<AbstractPolicy>(); for (Map.Entry<URI, AbstractPolicy> entry : policyCollection.entrySet()) { AbstractPolicy policy = entry.getValue(); // see if we match MatchResult match = policy.match(context); int result = match.getResult(); // if there was an error, we stop right away if (result == MatchResult.INDETERMINATE) { log.error(match.getStatus().getMessage()); throw new EntitlementException(match.getStatus().getMessage()); } // if we matched, we keep track of the matching policy... if (result == MatchResult.MATCH) { // ...first checking if this is the first match and if // we automatically nest policies if (log.isDebugEnabled()) { log.debug("Matching XACML policy found " + policy.getId().toString()); } if ((combiningAlg == null) && (list.size() > 0)) { log.error("Too many applicable top-level policies"); throw new EntitlementException("Too many applicable top-level policies"); } list.add(policy); } } // no errors happened during the search, so now take the right // action based on how many policies we found switch (list.size()) { case 0: if (log.isDebugEnabled()) { log.debug("No matching XACML policy found"); } return null; case 1: return ((AbstractPolicy) (list.get(0))); default: return new PolicySet(parentId, combiningAlg, null, list); } }
Example 7
Source File: DefaultPolicyCollection.java From carbon-identity with Apache License 2.0 | 4 votes |
/** * Attempts to retrieve a policy based on the given context. If multiple policies match then * this will either throw an exception or wrap the policies under a new PolicySet (depending on * how this instance was constructed). If no policies match, then this will return null. See the * comment in the class header about how this behaves when multiple versions of the same policy * exist. * * @param context * @return * @throws EntitlementException */ public AbstractPolicy getEffectivePolicy(EvaluationCtx context) throws EntitlementException { // setup a list of matching policies ArrayList<AbstractPolicy> list = new ArrayList<AbstractPolicy>(); // get an iterator over all the identifiers Iterator<TreeSet<AbstractPolicy>> it = policies.values().iterator(); while (it.hasNext()) { // for each identifier, get only the most recent policy AbstractPolicy policy = it.next().first(); // see if we match MatchResult match = policy.match(context); int result = match.getResult(); // if there was an error, we stop right away if (result == MatchResult.INDETERMINATE) { log.error(match.getStatus().getMessage()); throw new EntitlementException(match.getStatus().getMessage()); } // if we matched, we keep track of the matching policy... if (result == MatchResult.MATCH) { // ...first checking if this is the first match and if // we automatically nest policies if (log.isDebugEnabled()) { log.debug("Matching XACML policy found " + policy.getId().toString()); } if ((combiningAlg == null) && (list.size() > 0)) { ArrayList<String> code = new ArrayList<String>(); code.add(Status.STATUS_PROCESSING_ERROR); Status status = new Status(code, "too many applicable top-level policies"); //throw new EntitlementException(status); // TODO } list.add(policy); } } // no errors happened during the search, so now take the right // action based on how many policies we found switch (list.size()) { case 0: if (log.isDebugEnabled()) { log.debug("No matching XACML policy found"); } return null; case 1: return ((AbstractPolicy) (list.get(0))); default: return new PolicySet(parentId, combiningAlg, null, list); } }
Example 8
Source File: FileBasedPolicyFinderModule.java From balana with Apache License 2.0 | 4 votes |
@Override public PolicyFinderResult findPolicy(EvaluationCtx context) { ArrayList<AbstractPolicy> selectedPolicies = new ArrayList<AbstractPolicy>(); Set<Map.Entry<URI, AbstractPolicy>> entrySet = policies.entrySet(); // iterate through all the policies we currently have loaded for (Map.Entry<URI, AbstractPolicy> entry : entrySet) { AbstractPolicy policy = entry.getValue(); MatchResult match = policy.match(context); int result = match.getResult(); // if target matching was indeterminate, then return the error if (result == MatchResult.INDETERMINATE) return new PolicyFinderResult(match.getStatus()); // see if the target matched if (result == MatchResult.MATCH) { if ((combiningAlg == null) && (selectedPolicies.size() > 0)) { // we found a match before, so this is an error ArrayList<String> code = new ArrayList<String>(); code.add(Status.STATUS_PROCESSING_ERROR); Status status = new Status(code, "too many applicable " + "top-level policies"); return new PolicyFinderResult(status); } // this is the first match we've found, so remember it selectedPolicies.add(policy); } } // no errors happened during the search, so now take the right // action based on how many policies we found switch (selectedPolicies.size()) { case 0: if (log.isDebugEnabled()) { log.debug("No matching XACML policy found"); } return new PolicyFinderResult(); case 1: return new PolicyFinderResult((selectedPolicies.get(0))); default: return new PolicyFinderResult(new PolicySet(null, combiningAlg, null, selectedPolicies)); } }
Example 9
Source File: OnlyOneApplicablePolicyAlg.java From balana with Apache License 2.0 | 4 votes |
/** * Applies the combining rule to the set of policies based on the evaluation context. * * @param context the context from the request * @param parameters a (possibly empty) non-null <code>List</code> of * <code>CombinerParameter<code>s * @param policyElements the policies to combine * * @return the result of running the combining algorithm */ public AbstractResult combine(EvaluationCtx context, List parameters, List policyElements) { boolean atLeastOne = false; AbstractPolicy selectedPolicy = null; Iterator it = policyElements.iterator(); while (it.hasNext()) { AbstractPolicy policy = ((PolicyCombinerElement) (it.next())).getPolicy(); // see if the policy matches the context MatchResult match = policy.match(context); int result = match.getResult(); // if there is an error in trying to match any of the targets, // we always return INDETERMINATE immediately if (result == MatchResult.INDETERMINATE){ return ResultFactory.getFactory().getResult(AbstractResult.DECISION_INDETERMINATE, match.getStatus(),context); } if (result == MatchResult.MATCH) { // if this isn't the first match, then this is an error if (atLeastOne) { List code = new ArrayList(); code.add(Status.STATUS_PROCESSING_ERROR); String message = "Too many applicable policies"; return ResultFactory.getFactory(). getResult(AbstractResult.DECISION_INDETERMINATE, new Status(code, message), context); } // if this was the first applicable policy in the set, then // remember it for later atLeastOne = true; selectedPolicy = policy; } } // if we got through the loop and found exactly one match, then // we return the evaluation result of that policy if (atLeastOne){ return selectedPolicy.evaluate(context); } // if we didn't find a matching policy, then we don't apply return ResultFactory.getFactory().getResult(AbstractResult.DECISION_NOT_APPLICABLE, context); }