org.wso2.balana.AbstractPolicy Java Examples
The following examples show how to use
org.wso2.balana.AbstractPolicy.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: PolicyCombinerElement.java From balana with Apache License 2.0 | 6 votes |
/** * Encodes this <code>PolicyCombinerElement</code> into its XML form and writes this out to the provided * <code>StringBuilder<code> * * @param builder string stream into which the XML-encoded data is written */ public void encode(StringBuilder builder) { if (!getParameters().isEmpty()) { AbstractPolicy policy = getPolicy(); // FIXME: This is ugly and happens in several places...maybe this // should get folded into the AbstractPolicy API? if (policy instanceof Policy) { encodeParamaters(builder, "Policy", policy.getId().toString()); } else if (policy instanceof PolicySet) { encodeParamaters(builder, "PolicySet", policy.getId().toString()); } else { PolicyReference ref = (PolicyReference) policy; if (ref.getReferenceType() == PolicyReference.POLICY_REFERENCE) encodeParamaters(builder, "Policy", ref.getReference().toString()); else encodeParamaters(builder, "PolicySet", ref.getReference().toString()); } } getPolicy().encode(builder); }
Example #2
Source File: SimplePolicyCollection.java From carbon-identity with Apache License 2.0 | 6 votes |
@Override public AbstractPolicy getPolicy(URI identifier, int type, VersionConstraints constraints) { AbstractPolicy policy = policyCollection.get(identifier); if (policy != null) { // we found a valid version, so see if it's the right kind, // and if it is then we return it if (type == PolicyReference.POLICY_REFERENCE) { if (policy instanceof Policy) return policy; } else { if (policy instanceof PolicySet) return policy; } } return null; }
Example #3
Source File: SimplePolicyCollection.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
@Override public AbstractPolicy getPolicy(URI identifier, int type, VersionConstraints constraints) { AbstractPolicy policy = policyCollection.get(identifier); if (policy != null) { // we found a valid version, so see if it's the right kind, // and if it is then we return it if (type == PolicyReference.POLICY_REFERENCE) { if (policy instanceof Policy) { return policy; } } else { if (policy instanceof PolicySet) { return policy; } } } return null; }
Example #4
Source File: DefaultPolicyCollection.java From carbon-identity with Apache License 2.0 | 6 votes |
/** * Get Policy or Policy Set for given applicable policies * * @param policies applicable policies as array list * @return Policy or Policy Set as AbstractPolicy * @throws EntitlementException throws if no policy combiningAlg is defined */ public AbstractPolicy getEffectivePolicy(ArrayList<AbstractPolicy> policies) throws EntitlementException { if ((combiningAlg == null) && (policies.size() > 0)) { log.error("Too many applicable top-level policies"); throw new EntitlementException("Too many applicable top-level policies"); } switch (policies.size()) { case 0: if (log.isDebugEnabled()) { log.debug("No matching XACML policy found"); } return null; case 1: return ((AbstractPolicy) (policies.get(0))); default: return new PolicySet(parentId, combiningAlg, target, policies); } }
Example #5
Source File: DefaultPolicyCollection.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
/** * Get Policy or Policy Set for given applicable policies * * @param policies applicable policies as array list * @return Policy or Policy Set as AbstractPolicy * @throws EntitlementException throws if no policy combiningAlg is defined */ public AbstractPolicy getEffectivePolicy(ArrayList<AbstractPolicy> policies) throws EntitlementException { if ((combiningAlg == null) && (policies.size() > 0)) { log.error("Too many applicable top-level policies"); throw new EntitlementException("Too many applicable top-level policies"); } switch (policies.size()) { case 0: if (log.isDebugEnabled()) { log.debug("No matching XACML policy found"); } return null; case 1: return ((AbstractPolicy) (policies.get(0))); default: return new PolicySet(parentId, combiningAlg, target, policies); } }
Example #6
Source File: FileBasedPolicyFinderModule.java From balana with Apache License 2.0 | 6 votes |
@Override public PolicyFinderResult findPolicy(URI idReference, int type, VersionConstraints constraints, PolicyMetaData parentMetaData) { AbstractPolicy policy = policies.get(idReference); if (policy != null) { if (type == PolicyReference.POLICY_REFERENCE) { if (policy instanceof Policy) { return new PolicyFinderResult(policy); } } else { if (policy instanceof PolicySet) { return new PolicyFinderResult(policy); } } } // if there was an error loading the policy, return the error ArrayList<String> code = new ArrayList<String>(); code.add(Status.STATUS_PROCESSING_ERROR); Status status = new Status(code, "couldn't load referenced policy"); return new PolicyFinderResult(status); }
Example #7
Source File: PAPPolicyFinder.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
public PolicyFinderResult findPolicy(URI idReference, int type, VersionConstraints constraints, PolicyMetaData parentMetaData) { // clear all current policies policies.getPolicies().clear(); AbstractPolicy policy = null; try { AbstractPolicy policyFromStore = policyReader.readPolicy(idReference.toString(), this.policyFinder); if (policyFromStore != null) { if (type == PolicyReference.POLICY_REFERENCE) { if (policyFromStore instanceof Policy) { policy = policyFromStore; policies.addPolicy(policy); } } else { if (policyFromStore instanceof PolicySet) { policy = policyFromStore; policies.addPolicy(policy); } } } } catch (EntitlementException e) { // ignore and just log the error. log.error(e); } if (policy == null) { return new PolicyFinderResult(); } else { return new PolicyFinderResult(policy); } }
Example #8
Source File: CarbonPolicyFinder.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
private void orderPolicyCache() { LinkedHashMap<URI, AbstractPolicy> policyMap = policyCollection.getPolicyMap(); Collections.sort(policyCollectionOrder, new PolicyOrderComparator()); LinkedHashMap<URI, AbstractPolicy> newPolicyMap = new LinkedHashMap<URI, AbstractPolicy>(); Iterator<PolicyDTO> policyDTOIterator = policyCollectionOrder.iterator(); while (policyDTOIterator.hasNext()) { try { URI policyURI = new URI(policyDTOIterator.next().getPolicyId()); newPolicyMap.put(policyURI, policyMap.get(policyURI)); } catch (URISyntaxException e) { e.printStackTrace(); } } }
Example #9
Source File: CarbonPolicyFinder.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
private AbstractPolicy loadPolicy(String policyId) { if (this.finderModules != null) { for (PolicyFinderModule finderModule : this.finderModules) { String policyString = finderModule.getPolicy(policyId); if (policyString != null) { AbstractPolicy policy = policyReader.getPolicy(policyString); if (policy != null) { return policy; } } } } return null; }
Example #10
Source File: DefaultPolicyCollection.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
/** * Get Policy using policyId * * @param policyId policyId as a URI * @return AbstractPolicy */ public AbstractPolicy getPolicy(URI policyId) { if (policies.containsKey(policyId.toString())) { return policies.get(policyId.toString()).first(); } return null; }
Example #11
Source File: CarbonPolicyFinder.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
@Override public PolicyFinderResult findPolicy(URI idReference, int type, VersionConstraints constraints, PolicyMetaData parentMetaData) { AbstractPolicy policy = policyReferenceCache.get(idReference); if (policy == null) { if (this.finderModules != null) { for (PolicyFinderModule finderModule : this.finderModules) { String policyString = finderModule.getReferencedPolicy(idReference.toString()); if (policyString != null) { policy = policyReader.getPolicy(policyString); if (policy != null) { policyReferenceCache.put(idReference, policy); break; } } } } } if (policy != null) { // we found a valid version, so see if it's the right kind, // and if it is then we return it if (type == PolicyReference.POLICY_REFERENCE) { if (policy instanceof Policy) { return new PolicyFinderResult(policy); } } else { if (policy instanceof PolicySet) { return new PolicyFinderResult(policy); } } } return new PolicyFinderResult(); }
Example #12
Source File: RegistryPolicyReader.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
/** * Reads PolicyDTO for given registry resource * * @param resource Registry resource * @return PolicyDTO * @throws EntitlementException throws, if fails */ private PolicyDTO readPolicy(Resource resource) throws EntitlementException { String policy = null; AbstractPolicy absPolicy = null; PolicyDTO dto = null; try { if (resource.getContent() == null) { throw new EntitlementException("Error while loading entitlement policy. Policy content is null"); } policy = new String((byte[]) resource.getContent(), Charset.forName("UTF-8")); absPolicy = PAPPolicyReader.getInstance(null).getPolicy(policy); dto = new PolicyDTO(); dto.setPolicyId(absPolicy.getId().toASCIIString()); dto.setPolicy(policy); String policyOrder = resource.getProperty("order"); if (policyOrder != null) { dto.setPolicyOrder(Integer.parseInt(policyOrder)); } else { dto.setPolicyOrder(0); } String policyActive = resource.getProperty("active"); if (policyActive != null) { dto.setActive(Boolean.parseBoolean(policyActive)); } PolicyAttributeBuilder policyAttributeBuilder = new PolicyAttributeBuilder(); dto.setAttributeDTOs(policyAttributeBuilder. getPolicyMetaDataFromRegistryProperties(resource.getProperties())); return dto; } catch (RegistryException e) { log.error("Error while loading entitlement policy", e); throw new EntitlementException("Error while loading entitlement policy", e); } }
Example #13
Source File: PAPPolicyReader.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
/** * @param doc * @return * @throws org.wso2.balana.ParsingException */ private AbstractPolicy handleDocument(Document doc) throws ParsingException { // handle the policy, if it's a known type Element root = doc.getDocumentElement(); String name = root.getLocalName(); // see what type of policy this is if (name.equals("Policy")) { return Policy.getInstance(root); } else if (name.equals("PolicySet")) { return PolicySet.getInstance(root, policyFinder); } else { // this isn't a root type that we know how to handle throw new ParsingException("Unknown root document type: " + name); } }
Example #14
Source File: PolicyReader.java From carbon-identity with Apache License 2.0 | 5 votes |
/** * @param doc * @return * @throws ParsingException */ private AbstractPolicy handleDocument(Document doc) throws ParsingException { // handle the policy, if it's a known type Element root = doc.getDocumentElement(); String name = root.getLocalName(); // see what type of policy this is if (name.equals("Policy")) { return Policy.getInstance(root); } else if (name.equals("PolicySet")) { return PolicySet.getInstance(root, policyFinder); } else { // this isn't a root type that we know how to handle throw new ParsingException("Unknown root document type: " + name); } }
Example #15
Source File: BalanaPDPTest.java From mobi with GNU Affero General Public License v3.0 | 5 votes |
private void loadPolicy(IRI policyId) throws Exception { try (InputStream in = getClass().getResourceAsStream("/" + policyId.getLocalName() + ".xml")) { DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance(); docFactory.setNamespaceAware(true); Document doc = docFactory.newDocumentBuilder().parse(in); AbstractPolicy abstractPolicy = org.wso2.balana.Policy.getInstance(doc.getDocumentElement()); Policy policy = new BalanaPolicy(abstractPolicy, VALUE_FACTORY); Cache.Entry<String, Policy> entry = mock(Cache.Entry.class); when(entry.getKey()).thenReturn(policyId.stringValue()); when(entry.getValue()).thenReturn(policy); entries.add(entry); } }
Example #16
Source File: PAPPolicyReader.java From carbon-identity with Apache License 2.0 | 5 votes |
/** * @param doc * @return * @throws org.wso2.balana.ParsingException */ private AbstractPolicy handleDocument(Document doc) throws ParsingException { // handle the policy, if it's a known type Element root = doc.getDocumentElement(); String name = root.getLocalName(); // see what type of policy this is if (name.equals("Policy")) { return Policy.getInstance(root); } else if (name.equals("PolicySet")) { return PolicySet.getInstance(root, policyFinder); } else { // this isn't a root type that we know how to handle throw new ParsingException("Unknown root document type: " + name); } }
Example #17
Source File: PolicyReader.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
/** * @param doc * @return * @throws ParsingException */ private AbstractPolicy handleDocument(Document doc) throws ParsingException { // handle the policy, if it's a known type Element root = doc.getDocumentElement(); String name = root.getLocalName(); // see what type of policy this is if (name.equals("Policy")) { return Policy.getInstance(root); } else if (name.equals("PolicySet")) { return PolicySet.getInstance(root, policyFinder); } else { // this isn't a root type that we know how to handle throw new ParsingException("Unknown root document type: " + name); } }
Example #18
Source File: PAPPolicyStoreReader.java From carbon-identity with Apache License 2.0 | 5 votes |
/** * @param policyId * @param finder * @return * @throws EntitlementException */ public synchronized AbstractPolicy readPolicy(String policyId, PolicyFinder finder) throws EntitlementException { Resource resource = store.getPolicy(policyId, PDPConstants.ENTITLEMENT_POLICY_PAP); if (resource != null) { try { String policy = new String((byte[]) resource.getContent(), Charset.forName("UTF-8")); return PAPPolicyReader.getInstance(null).getPolicy(policy); } catch (RegistryException e) { log.error("Error while parsing entitlement policy", e); throw new EntitlementException("Error while loading entitlement policy"); } } return null; }
Example #19
Source File: PAPPolicyFinder.java From carbon-identity with Apache License 2.0 | 5 votes |
public PolicyFinderResult findPolicy(URI idReference, int type, VersionConstraints constraints, PolicyMetaData parentMetaData) { // clear all current policies policies.getPolicies().clear(); AbstractPolicy policy = null; try { AbstractPolicy policyFromStore = policyReader.readPolicy(idReference.toString(), this.policyFinder); if (policyFromStore != null) { if (type == PolicyReference.POLICY_REFERENCE) { if (policyFromStore instanceof Policy) { policy = policyFromStore; policies.addPolicy(policy); } } else { if (policyFromStore instanceof PolicySet) { policy = policyFromStore; policies.addPolicy(policy); } } } } catch (EntitlementException e) { // ignore and just log the error. log.error(e); } if (policy == null) { return new PolicyFinderResult(); } else { return new PolicyFinderResult(policy); } }
Example #20
Source File: DefaultPolicyCollection.java From carbon-identity with Apache License 2.0 | 5 votes |
/** * Get Policy using policyId * * @param policyId policyId as a URI * @return AbstractPolicy */ public AbstractPolicy getPolicy(URI policyId) { if (policies.containsKey(policyId.toString())) { return policies.get(policyId.toString()).first(); } return null; }
Example #21
Source File: DefaultPolicyCollection.java From carbon-identity with Apache License 2.0 | 5 votes |
/** * Get Policy using policyId * * @param policyId policyId as a String * @return AbstractPolicy */ public AbstractPolicy getPolicy(String policyId) { if (policies.containsKey(policyId)) { return policies.get(policyId).first(); } return null; }
Example #22
Source File: DefaultPolicyCollection.java From carbon-identity with Apache License 2.0 | 5 votes |
/** * Attempts to retrieve a policy based on the given identifier and other constraints. If there * are multiple versions of the identified policy that meet the version constraints, then the * most recent version is returned. * * @param identifier * @param type * @param constraints * @return */ public AbstractPolicy getPolicy(URI identifier, int type, VersionConstraints constraints) { TreeSet<AbstractPolicy> set = policies.get(identifier.toString()); // if we don't know about this identifier then there's nothing to do if (set == null) return null; // walk through the set starting with the most recent version, looking // for a match until we exhaust all known versions Iterator<AbstractPolicy> it = set.iterator(); while (it.hasNext()) { AbstractPolicy policy = (AbstractPolicy) (it.next()); if (constraints.meetsConstraint(policy.getVersion())) { // we found a valid version, so see if it's the right kind, // and if it is then we return it if (type == PolicyReference.POLICY_REFERENCE) { if (policy instanceof Policy) return policy; } else { if (policy instanceof PolicySet) return policy; } } } // we didn't find a match return null; }
Example #23
Source File: CarbonPolicyFinder.java From carbon-identity with Apache License 2.0 | 5 votes |
private void orderPolicyCache() { LinkedHashMap<URI, AbstractPolicy> policyMap = policyCollection.getPolicyMap(); Collections.sort(policyCollectionOrder, new PolicyOrderComparator()); LinkedHashMap<URI, AbstractPolicy> newPolicyMap = new LinkedHashMap<URI, AbstractPolicy>(); Iterator<PolicyDTO> policyDTOIterator = policyCollectionOrder.iterator(); while (policyDTOIterator.hasNext()) { try { URI policyURI = new URI(policyDTOIterator.next().getPolicyId()); newPolicyMap.put(policyURI, policyMap.get(policyURI)); } catch (URISyntaxException e) { e.printStackTrace(); } } }
Example #24
Source File: CarbonPolicyFinder.java From carbon-identity with Apache License 2.0 | 5 votes |
private AbstractPolicy loadPolicy(String policyId) { if (this.finderModules != null) { for (PolicyFinderModule finderModule : this.finderModules) { String policyString = finderModule.getPolicy(policyId); if (policyString != null) { AbstractPolicy policy = policyReader.getPolicy(policyString); if (policy != null) { return policy; } } } } return null; }
Example #25
Source File: CarbonPolicyFinder.java From carbon-identity with Apache License 2.0 | 5 votes |
@Override public PolicyFinderResult findPolicy(URI idReference, int type, VersionConstraints constraints, PolicyMetaData parentMetaData) { AbstractPolicy policy = policyReferenceCache.get(idReference); if (policy == null) { if (this.finderModules != null) { for (PolicyFinderModule finderModule : this.finderModules) { String policyString = finderModule.getReferencedPolicy(idReference.toString()); if (policyString != null) { policy = policyReader.getPolicy(policyString); if (policy != null) { policyReferenceCache.put(idReference, policy); break; } } } } } if (policy != null) { // we found a valid version, so see if it's the right kind, // and if it is then we return it if (type == PolicyReference.POLICY_REFERENCE) { if (policy instanceof Policy) { return new PolicyFinderResult(policy); } } else { if (policy instanceof PolicySet) { return new PolicyFinderResult(policy); } } } return new PolicyFinderResult(); }
Example #26
Source File: RegistryPolicyReader.java From carbon-identity with Apache License 2.0 | 5 votes |
/** * Reads PolicyDTO for given registry resource * * @param resource Registry resource * @return PolicyDTO * @throws EntitlementException throws, if fails */ private PolicyDTO readPolicy(Resource resource) throws EntitlementException { String policy = null; AbstractPolicy absPolicy = null; PolicyDTO dto = null; try { if (resource.getContent() == null) { throw new EntitlementException("Error while loading entitlement policy. Policy content is null"); } policy = new String((byte[]) resource.getContent(), Charset.forName("UTF-8")); absPolicy = PAPPolicyReader.getInstance(null).getPolicy(policy); dto = new PolicyDTO(); dto.setPolicyId(absPolicy.getId().toASCIIString()); dto.setPolicy(policy); String policyOrder = resource.getProperty("order"); if (policyOrder != null) { dto.setPolicyOrder(Integer.parseInt(policyOrder)); } else { dto.setPolicyOrder(0); } String policyActive = resource.getProperty("active"); if (policyActive != null) { dto.setActive(Boolean.parseBoolean(policyActive)); } PolicyAttributeBuilder policyAttributeBuilder = new PolicyAttributeBuilder(); dto.setAttributeDTOs(policyAttributeBuilder. getPolicyMetaDataFromRegistryProperties(resource.getProperties())); return dto; } catch (RegistryException e) { log.error("Error while loading entitlement policy", e); throw new EntitlementException("Error while loading entitlement policy", e); } }
Example #27
Source File: FileBasedPolicyFinderModule.java From balana with Apache License 2.0 | 5 votes |
public FileBasedPolicyFinderModule() { policies = new HashMap<URI, AbstractPolicy>(); if (System.getProperty(POLICY_DIR_PROPERTY) != null) { policyLocations = new HashSet<String>(); policyLocations.add(System.getProperty(POLICY_DIR_PROPERTY)); } }
Example #28
Source File: DenyUnlessPermitPolicyAlg.java From balana with Apache License 2.0 | 5 votes |
@Override public AbstractResult combine(EvaluationCtx context, List parameters, List policyElements) { List<ObligationResult> denyObligations = new ArrayList<ObligationResult>(); List<Advice> denyAdvices = new ArrayList<Advice>(); for (Object policyElement : policyElements) { AbstractPolicy policy = ((PolicyCombinerElement) (policyElement)).getPolicy(); MatchResult match = policy.match(context); if (match.getResult() == MatchResult.MATCH) { AbstractResult result = policy.evaluate(context); int value = result.getDecision(); // if there was a value of PERMIT, then regardless of what else // we've seen, we always return PERMIT if (value == AbstractResult.DECISION_PERMIT) { return result; } else if(value == AbstractResult.DECISION_DENY){ denyObligations.addAll(result.getObligations()); denyAdvices.addAll(result.getAdvices()); } } } // if there is not any value of PERMIT. The return DENY return ResultFactory.getFactory().getResult(AbstractResult.DECISION_DENY, denyObligations, denyAdvices, context); }
Example #29
Source File: PermitUnlessDenyPolicyAlg.java From balana with Apache License 2.0 | 5 votes |
@Override public AbstractResult combine(EvaluationCtx context, List parameters, List policyElements) { List<ObligationResult> permitObligations = new ArrayList<ObligationResult>(); List<Advice> permitAdvices= new ArrayList<Advice>(); for (Object policyElement : policyElements) { AbstractPolicy policy = ((PolicyCombinerElement) (policyElement)).getPolicy(); MatchResult match = policy.match(context); if (match.getResult() == MatchResult.MATCH) { AbstractResult result = policy.evaluate(context); int value = result.getDecision(); // if there was a value of DENY, then regardless of what else // we've seen, we always return DENY if (value == AbstractResult.DECISION_DENY) { return result; } else if (value == AbstractResult.DECISION_PERMIT) { permitObligations.addAll(result.getObligations()); permitAdvices.addAll(result.getAdvices()); } } } // if there is not any value of DENY. The return PERMIT return ResultFactory.getFactory().getResult(AbstractResult.DECISION_PERMIT, permitObligations, permitAdvices, context); }
Example #30
Source File: FirstApplicablePolicyAlg.java From balana with Apache License 2.0 | 5 votes |
/** * Applies the combining rule to the set of policies based on the evaluation context. * * @param context the context from the request * @param parameters a (possibly empty) non-null <code>List</code> of * <code>CombinerParameter<code>s * @param policyElements the policies to combine * * @return the result of running the combining algorithm */ public AbstractResult combine(EvaluationCtx context, List parameters, List policyElements) { Iterator it = policyElements.iterator(); while (it.hasNext()) { AbstractPolicy policy = ((PolicyCombinerElement) (it.next())).getPolicy(); // make sure that the policy matches the context MatchResult match = policy.match(context); if (match.getResult() == MatchResult.INDETERMINATE) return ResultFactory.getFactory().getResult(AbstractResult.DECISION_INDETERMINATE, match.getStatus(), context); if (match.getResult() == MatchResult.MATCH) { // evaluate the policy AbstractResult result = policy.evaluate(context); int effect = result.getDecision(); // in the case of PERMIT, DENY, or INDETERMINATE, we always // just return that result, so only on a rule that doesn't // apply do we keep going... if (effect != Result.DECISION_NOT_APPLICABLE && !context.isSearching()) { return result; } } } // if we got here, then none of the rules applied return ResultFactory.getFactory().getResult(AbstractResult.DECISION_NOT_APPLICABLE, context); }