Examples of org.jboss.security.xacml.sunxacml.AbstractPolicy

• org.jboss.security.xacml.sunxacml.AbstractPolicy
  Represents an instance of an XACML policy. @since 1.0 @author Seth Proctor @author Marco Barreno

      try
      {
         if (this.encounteredParsingException)
            return new PolicyFinderResult(new Status(aList));
         AbstractPolicy policy = policies.getPolicy(context);

         if (policy == null)
            return new PolicyFinderResult();
         else
            return new PolicyFinderResult(policy);

        this.finder = finder;

        Iterator it = fileNames.iterator();
        while (it.hasNext()) {
            String fname = (String)(it.next());
            AbstractPolicy policy = loadPolicy(fname, finder,
                                               schemaFile, this);
            if (policy != null)
                policies.add(policy);
        }
    }

     * @param context the representation of the request data
     *
     * @return the result of trying to find an applicable policy
     */
    public PolicyFinderResult findPolicy(EvaluationCtx context) {
        AbstractPolicy selectedPolicy = null;
        Iterator it = policies.iterator();

        while (it.hasNext()) {
            AbstractPolicy policy = (AbstractPolicy)(it.next());

            // see if we match
            MatchResult match = policy.match(context);
            int result = match.getResult();

            // if there was an error, we stop right away
            if (result == MatchResult.INDETERMINATE)
                return new PolicyFinderResult(match.getStatus());

     * @return the result of running the combining algorithm
     */
    public Result combine(EvaluationCtx context, List parameters,
                          List policyElements) {
        boolean atLeastOne = false;
        AbstractPolicy selectedPolicy = null;
        Iterator it = policyElements.iterator();

        while (it.hasNext()) {
            AbstractPolicy policy =
                ((PolicyCombinerElement)(it.next())).getPolicy();

            // see if the policy matches the context
            MatchResult match = policy.match(context);
            int result = match.getResult();

            // if there is an error in trying to match any of the targets,
            // we always return INDETERMINATE immediately
            if (result == MatchResult.INDETERMINATE)

    public Result combine(EvaluationCtx context, List parameters,
                          List policyElements) {
        Iterator it = policyElements.iterator();

        while (it.hasNext()) {
            AbstractPolicy policy =
                ((PolicyCombinerElement)(it.next())).getPolicy();

            // make sure that the policy matches the context
            MatchResult match = policy.match(context);

            if (match.getResult() == MatchResult.INDETERMINATE)
                return new Result(Result.DECISION_INDETERMINATE,
                                  match.getStatus(),
                                  context.getResourceId().encode());

            if (match.getResult() == MatchResult.MATCH) {
                // evaluate the policy
                Result result = policy.evaluate(context);
                int effect = result.getDecision();

                // in the case of PERMIT, DENY, or INDETERMINATE, we always
                // just return that result, so only on a rule that doesn't
                // apply do we keep going...

        Set denyObligations = new HashSet();
        Status firstIndeterminateStatus = null;
        Iterator it = policyElements.iterator();

        while (it.hasNext()) {
            AbstractPolicy policy =
                ((PolicyCombinerElement)(it.next())).getPolicy();

            // make sure that the policy matches the context
            MatchResult match = policy.match(context);

            if (match.getResult() == MatchResult.INDETERMINATE) {
                atLeastOneError = true;

                // keep track of the first error, regardless of cause
                if (firstIndeterminateStatus == null)
                    firstIndeterminateStatus = match.getStatus();
            } else if (match.getResult() == MatchResult.MATCH) {
                // now we evaluate the policy
                Result result = policy.evaluate(context);
                int effect = result.getDecision();

                // this is a little different from DenyOverrides...

                if (effect == Result.DECISION_PERMIT)

    * @throws Exception
    * @see XACMLConstants
    */
   public JBossXACMLPolicy(InputStream is, int type) throws Exception
   {
      AbstractPolicy policy = null;
      XACMLPolicyUtil xpu = new XACMLPolicyUtil();
      this.policyType = type;
      if (type == XACMLPolicy.POLICYSET)
      {
         policy = xpu.createPolicySet(is, finder);

    * @throws Exception
    * @see XACMLConstants
    */
   public JBossXACMLPolicy(InputStream is, int type, JBossPolicyFinder theFinder) throws Exception
   {
      AbstractPolicy policy = null;
      XACMLPolicyUtil xpu = new XACMLPolicyUtil();
      this.policyType = type;
      if (type == XACMLPolicy.POLICYSET)
      {
         if (theFinder == null)

     * @return an applicable policy, if one exists, or an error
     */
   @Override
   public PolicyFinderResult findPolicy(EvaluationCtx context)
   {
      AbstractPolicy selectedPolicy = null;
      MatchResult match = policySet.match(context);
      int result = match.getResult();

      // if target matching was indeterminate, then return the error
      if (result == MatchResult.INDETERMINATE)

   private void recursivePopulate(XACMLPolicy policy, List<AbstractPolicy> policies, PolicySetFinderModule psfm)
   {
      List<XACMLPolicy> policyList = policy.getEnclosingPolicies();
      for (XACMLPolicy xp : policyList)
      {
         AbstractPolicy p = xp.get(XACMLConstants.UNDERLYING_POLICY);
         policies.add(p);
         if (p instanceof PolicySet)
            this.recursivePopulate(xp, policies, psfm);
      }