Examples of org.jboss.security.xacml.sunxacml.cond.EvaluationResult

Package org.jboss.security.xacml.sunxacml.cond

Examples of org.jboss.security.xacml.sunxacml.cond.EvaluationResult

org.jboss.security.xacml.sunxacml.cond.EvaluationResult
This is used in cases where a normal result is some AttributeValue, but if an attribute couldn't be resolved (or some other problem occurred), then a Status object needs to be returned instead. This is used instead of throwing an exception for performance, but mainly because failure to resolve an attribute is not an error case for the code, merely for the evaluation, and represents normal operation. Separate exception types will be added later to represent errors in pdp operation. @since 1.0 @author Seth Proctor

     * found or containing at least one value, or status associated with an
     * Indeterminate result
     */
    public EvaluationResult evaluate(EvaluationCtx context) {
        // query the context
        EvaluationResult result = context.getAttribute(contextPath, policyRoot,
                                                       type, xpathVersion);


        // see if we got anything
        if (! result.indeterminate()) {
            BagAttribute bag = (BagAttribute)(result.getAttributeValue());


            // see if it's an empty bag
            if (bag.isEmpty()) {
                // see if this is an error or not
                if (mustBePresent) {
                    // this is an error
                    if (logger.isLoggable(Level.INFO))
                        logger.info("AttributeSelector failed to resolve a " +
                                    "value for a required attribute: " +
                                    contextPath);


                    ArrayList code = new ArrayList();
                    code.add(Status.STATUS_MISSING_ATTRIBUTE);
                    String message = "couldn't resolve XPath expression " +
                        contextPath + " for type " + type.toString();
                    return new EvaluationResult(new Status(code, message));
                } else {
                    // return the empty bag
                    return result;
                }
            } else {

View Full Code Here

            // see if the module supports this type
            Set types = module.getSupportedDesignatorTypes();
            if ((types == null) || (types.
                                    contains(new Integer(designatorType)))) {
                // see if the module can find an attribute value
                EvaluationResult result =
                    module.findAttribute(attributeType, attributeId, issuer,
                                         subjectCategory, context,
                                         designatorType);


                // if there was an error, we stop right away
                if (result.indeterminate()) {
                    if (logger.isLoggable(Level.INFO))
                        logger.info("Error while trying to resolve values: " +
                                    result.getStatus().getMessage());
                    return result;
                }


                // if the result wasn't empty, then return the result
                BagAttribute bag = (BagAttribute)(result.getAttributeValue());
                if (! bag.isEmpty())
                    return result;
            }
        }


        // if we got here then there were no errors but there were also no
        // matches, so we have to return an empty bag
        if (logger.isLoggable(Level.INFO))
            logger.info("Failed to resolve any values for " +
                        attributeId.toString());


        return new EvaluationResult(BagAttribute.
                                    createEmptyBag(attributeType));
    }

View Full Code Here

        // go through each module in order
        while (it.hasNext()) {
            AttributeFinderModule module = (AttributeFinderModule)(it.next());
            
            // see if the module can find an attribute value
            EvaluationResult result =
                module.findAttribute(contextPath, namespaceNode, attributeType,
                                     context, xpathVersion);


            // if there was an error, we stop right away
            if (result.indeterminate()) {
                if (logger.isLoggable(Level.INFO))
                    logger.info("Error while trying to resolve values: " +
                                result.getStatus().getMessage());
                return result;
            }


            // if the result wasn't empty, then return the result
            BagAttribute bag = (BagAttribute)(result.getAttributeValue());
            if (! bag.isEmpty())
                return result;
        }


        // if we got here then there were no errors but there were also no
        // matches, so we have to return an empty bag
        if (logger.isLoggable(Level.INFO))
            logger.info("Failed to resolve any values for " + contextPath);


        return new EvaluationResult(BagAttribute.
                                    createEmptyBag(attributeType));
    }

View Full Code Here

        // if there's no condition, then we just return the effect...
        if (condition == null)
            return new Result(effectAttr, context.getResourceId().encode());


        // ...otherwise we evaluate the condition
        EvaluationResult result = condition.evaluate(context);
        
        if (result.indeterminate()) {
            // if it was INDETERMINATE, then that's what we return
            return new Result(Result.DECISION_INDETERMINATE,
                              result.getStatus(),
                              context.getResourceId().encode()); 
        } else {
            // otherwise we return the effect on true, and NA on false
            BooleanAttribute bool =
                (BooleanAttribute)(result.getAttributeValue());


            if (bool.getValue())
                return new Result(effectAttr,
                                  context.getResourceId().encode());
            else

View Full Code Here

   public EvaluationResult findAttribute(URI attributeType, URI attributeId, URI issuer, URI subjectLogger,
         EvaluationCtx context, int designatorType)
   {
      // Check the identifier 
      if (!attributeId.toString().equals(ROLE_IDENTIFIER))
         return new EvaluationResult(BagAttribute.createEmptyBag(attributeType));


      // Did they ask for a String??
      if (!attributeType.toString().equals(StringAttribute.identifier))
         return new EvaluationResult(BagAttribute.createEmptyBag(attributeType));


      // Retrieve the subject identifer from the context
      EvaluationResult result = context.getSubjectAttribute(attributeType, SUBJECT_IDENTIFIER, issuer, subjectLogger);
      if (result.indeterminate())
         return result;


      // Check that we succeeded in getting the subject identifier
      BagAttribute bag = (BagAttribute) (result.getAttributeValue());
      if (bag.isEmpty())
      {
         ArrayList code = new ArrayList();
         code.add(Status.STATUS_MISSING_ATTRIBUTE);
         Status status = new Status(code, "missing subject-id");
         return new EvaluationResult(status);
      }


      // Finally search for the subject with the role-mapping defined,
      // and if there is a match, add their role
      BagAttribute returnBag = null;
      Iterator it = bag.iterator();
      while (it.hasNext())
      {
         StringAttribute attr = (StringAttribute) (it.next());
         if (attr.getValue().equals("Anil Saldhana"))
         {
            Set set = new HashSet();
            set.add(new StringAttribute("Developer"));
            returnBag = new BagAttribute(attributeType, set);
            break;
         }
      }


      return new EvaluationResult(returnBag);
   }

View Full Code Here

     * @return a result containing a bag either empty because no values were
     * found or containing at least one value, or status associated with an
     * Indeterminate result
     */
    public EvaluationResult evaluate(EvaluationCtx context) {
        EvaluationResult result = null;


        // look in the right section for some attribute values
        switch(target) {
        case SUBJECT_TARGET:
            result = context.getSubjectAttribute(type, id,
                                                 issuer, subjectCategory);
            break;
        case RESOURCE_TARGET:
            result = context.getResourceAttribute(type, id, issuer);
            break;
        case ACTION_TARGET:
            result = context.getActionAttribute(type, id, issuer);
            break;
        case ENVIRONMENT_TARGET:
            result = context.getEnvironmentAttribute(type, id, issuer);
            break;
        }


        // if the lookup was indeterminate, then we return immediately
        if (result.indeterminate())
            return result;


        BagAttribute bag = (BagAttribute)(result.getAttributeValue());


        if (bag.isEmpty()) {
            // if it's empty, this may be an error
            if (mustBePresent) {
                if (logger.isLoggable(Level.INFO))
                    logger.info("AttributeDesignator failed to resolve a " +
                                "value for a required attribute: " +
                                id.toString());


                ArrayList code = new ArrayList();
                code.add(Status.STATUS_MISSING_ATTRIBUTE);
                
                String message = "Couldn't find " + targetTypes[target] +
                    "AttributeDesignator attribute";


                // Note that there is a bug in the XACML spec. You can't
                // specify an identifier without specifying acceptable
                // values. Until this is fixed, this code will only
                // return the status code, and not any hints about what
                // was missing


                /*List attrs = new ArrayList();
                  attrs.add(new Attribute(id,
                  ((issuer == null) ? null :
                  issuer.toString()),
                  null, null));
                  StatusDetail detail = new StatusDetail(attrs);*/


                return new EvaluationResult(new Status(code, message));
            }
        }


        // if we got here the bag wasn't empty, or mustBePresent was false,
        // so we just return the result

View Full Code Here

     * Private helper to create a new processing error status result
     */
    private EvaluationResult createProcessingError(String msg) {
        ArrayList code = new ArrayList();
        code.add(Status.STATUS_PROCESSING_ERROR);
        return new EvaluationResult(new Status(code, msg));
    }

View Full Code Here

    public EvaluationResult findAttribute(String path, Node namespaceNode,
                                          URI type, EvaluationCtx context,
                                          String xpathVersion) {
        // we only support 1.0
        if (! xpathVersion.equals(PolicyMetaData.XPATH_1_0_IDENTIFIER))
            return new EvaluationResult(BagAttribute.createEmptyBag(type));


        // get the DOM root of the request document
        Node root = context.getRequestRoot();


        // if we were provided with a non-null namespace node, then use it
        // to resolve namespaces, otherwise use the context root node
        Node nsNode = (namespaceNode != null) ? namespaceNode : root;


        // setup the root path (pre-pended to the context path), which...
        String rootPath = "";


        // ...only has content if the context path is relative
        if (path.charAt(0) != '/') {
            String rootName = root.getLocalName();


            // see if the request root is in a namespace
            String namespace = root.getNamespaceURI();
            
            if (namespace == null) {
                // no namespacing, so we're done
                rootPath = "/" + rootName + "/";
            } else {
                // namespaces are used, so we need to lookup the correct
                // prefix to use in the search string
                NamedNodeMap nmap = namespaceNode.getAttributes();
                rootPath = null;


                for (int i = 0; i < nmap.getLength(); i++) {
                    Node n = nmap.item(i);
                    if (n.getNodeValue().equals(namespace)) {
                        // we found the matching namespace, so get the prefix
                        // and then break out
                        String name = SunxacmlUtil.getNodeName(n);
                        int pos = name.indexOf(':');


                        if (pos == -1) {
                            // the namespace was the default namespace
                            rootPath = "/";
                        } else {
                            // we found a prefixed namespace
                            rootPath = "/" + name.substring(pos + 1);
                        }


                        // finish off the string
                        rootPath += ":" + rootName + "/";


                        break;
                    }
                }


                // if the rootPath is still null, then we don't have any
                // definitions for the namespace
                if (rootPath == null)
                    return createProcessingError("Failed to map a namespace" +
                                                 " in an XPath expression");
            }
        }


        // now do the query, pre-pending the root path to the context path
        NodeList matches = null;
        try {
            // NOTE: see comments in XALAN docs about why this is slow
            matches = XPathAPI.selectNodeList(root, rootPath + path, nsNode);
        } catch (Exception e) {
            // in the case of any exception, we need to return an error
            return createProcessingError("error in XPath: " + e.getMessage());
        }


        if (matches.getLength() == 0) {
            // we didn't find anything, so we return an empty bag
            return new EvaluationResult(BagAttribute.createEmptyBag(type));
        }


        // there was at least one match, so try to generate the values
        try {
            ArrayList list = new ArrayList();
            AttributeFactory attrFactory = AttributeFactory.getInstance();
            
            for (int i = 0; i < matches.getLength(); i++) {
                String text = null;
                Node node = matches.item(i);
                short nodeType = node.getNodeType();


                // see if this is straight text, or a node with data under
                // it and then get the values accordingly
                if ((nodeType == Node.CDATA_SECTION_NODE) ||
                    (nodeType == Node.COMMENT_NODE) ||
                    (nodeType == Node.TEXT_NODE) ||
                    (nodeType == Node.ATTRIBUTE_NODE)) {
                    // there is no child to this node
                    text = node.getNodeValue();
                } else {
                    // the data is in a child node
                    text = node.getFirstChild().getNodeValue();
                }


                list.add(attrFactory.createValue(type, text));
            }
            
            return new EvaluationResult(new BagAttribute(type, list));
        } catch (ParsingException pe) {
            return createProcessingError(pe.getMessage());
        } catch (UnknownIdentifierException uie) {
            return createProcessingError("unknown attribute type: " + type);
        }

View Full Code Here

                                          URI issuer, URI subjectCategory,
                                          EvaluationCtx context,
                                          int designatorType) {
        // we only know about environment attributes
        if (designatorType != AttributeDesignator.ENVIRONMENT_TARGET)
            return new EvaluationResult(BagAttribute.
                                        createEmptyBag(attributeType));


        // figure out which attribute we're looking for
        String attrName = attributeId.toString();


        if (attrName.equals(ENVIRONMENT_CURRENT_TIME)) {
            return handleTime(attributeType, issuer, context);
        } else if (attrName.equals(ENVIRONMENT_CURRENT_DATE)) {
            return handleDate(attributeType, issuer, context);
        } else if (attrName.equals(ENVIRONMENT_CURRENT_DATETIME)) {
            return handleDateTime(attributeType, issuer, context);
        }


        // if we got here, then it's an attribute that we don't know
        return new EvaluationResult(BagAttribute.
                                    createEmptyBag(attributeType));
    }

View Full Code Here

     */
    private EvaluationResult handleTime(URI type, URI issuer,
                                        EvaluationCtx context) {
        // make sure they're asking for a time attribute
        if (! type.toString().equals(TimeAttribute.identifier))
            return new EvaluationResult(BagAttribute.
                                        createEmptyBag(type));


        // get the value from the context
        return makeBag(context.getCurrentTime());
    }

View Full Code Here

0 1 2 3 4

TOP

Related Classes of org.jboss.security.xacml.sunxacml.cond.EvaluationResult

org.jboss.security.xacml.sunxacml.attr.AttributeDesignator

org.jboss.security.xacml.sunxacml.attr.AttributeSelector

org.jboss.security.xacml.sunxacml.attr.AttributeValue

org.jboss.security.xacml.sunxacml.BasicEvaluationCtx

org.jboss.security.xacml.sunxacml.finder.AttributeFinder

org.jboss.security.xacml.sunxacml.finder.AttributeFinderModule

org.jboss.security.xacml.sunxacml.finder.impl.CurrentEnvModule

org.jboss.security.xacml.sunxacml.finder.impl.SelectorModule

org.jboss.security.xacml.sunxacml.Rule

org.jboss.security.xacml.sunxacml.TargetMatch

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.