Package org.jboss.security.xacml.sunxacml.ctx

Examples of org.jboss.security.xacml.sunxacml.ctx.Result

102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
    public Result combine(EvaluationCtx context, List parameters,
                          List ruleElements) {
        boolean atLeastOneError = false;
        boolean potentialDeny = false;
        boolean atLeastOnePermit = false;
        Result firstIndeterminateResult = null;
        Iterator it = ruleElements.iterator();

        while (it.hasNext()) {
            Rule rule = ((RuleCombinerElement)(it.next())).getRule();
            Result result = rule.evaluate(context);
            int value = result.getDecision();
           
            logger.log(Level.FINE, "Rule id:"+rule.getId().toASCIIString()+":result="+value);
           
            // if there was a value of DENY, then regardless of what else
            // we've seen, we always return DENY
            if (value == Result.DECISION_DENY)
                return result;
           
            // if it was INDETERMINATE, then we couldn't figure something
            // out, so we keep track of these cases...
            if (value == Result.DECISION_INDETERMINATE) {
                atLeastOneError = true;

                // there are no rules about what to do if multiple cases
                // cause errors, so we'll just return the first one
                if (firstIndeterminateResult == null)
                    firstIndeterminateResult = result;

                // if the Rule's effect is DENY, then we can't let this
                // alg return PERMIT, since this Rule might have denied
                // if it could do its stuff
                if (rule.getEffect() == Result.DECISION_DENY)
                    potentialDeny = true;
            } else {
                // keep track of whether we had at least one rule that
                // actually pertained to the request
                if (value == Result.DECISION_PERMIT)
                    atLeastOnePermit = true;
            }
        }
       
        // we didn't explicitly DENY, but we might have had some Rule
        // been evaluated, so we have to return INDETERMINATE
        if (potentialDeny)
            return firstIndeterminateResult;
       
        // some Rule said PERMIT, so since nothing could have denied,
        // we return PERMIT
        if (atLeastOnePermit)
            return new Result(Result.DECISION_PERMIT,
                              context.getResourceId().encode());
       
        // we didn't find anything that said PERMIT, but if we had a
        // problem with one of the Rules, then we're INDETERMINATE
        if (atLeastOneError)
            return firstIndeterminateResult;
       
        // if we hit this point, then none of the rules actually applied
        // to us, so we return NOT_APPLICABLE
        return new Result(Result.DECISION_NOT_APPLICABLE,
                          context.getResourceId().encode());
    }
View Full Code Here
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
            MatchResult match = target.match(context);
            int result = match.getResult();

            // if the target didn't match, then this Rule doesn't apply
            if (result == MatchResult.NO_MATCH)
                return new Result(Result.DECISION_NOT_APPLICABLE,
                                  context.getResourceId().encode());

            // if the target was indeterminate, we can't go on
            if (result == MatchResult.INDETERMINATE)
                return new Result(Result.DECISION_INDETERMINATE,
                                  match.getStatus(),
                                  context.getResourceId().encode());
        }

        // if there's no condition, then we just return the effect...
        if (condition == null)
            return new Result(effectAttr, context.getResourceId().encode());

        // ...otherwise we evaluate the condition
        EvaluationResult result = condition.evaluate(context);
       
        if (result.indeterminate()) {
            // if it was INDETERMINATE, then that's what we return
            return new Result(Result.DECISION_INDETERMINATE,
                              result.getStatus(),
                              context.getResourceId().encode());
        } else {
            // otherwise we return the effect on true, and NA on false
            BooleanAttribute bool =
                (BooleanAttribute)(result.getAttributeValue());

            if (bool.getValue())
                return new Result(effectAttr,
                                  context.getResourceId().encode());
            else
                return new Result(Result.DECISION_NOT_APPLICABLE,
                                  context.getResourceId().encode());
        }
    }
View Full Code Here
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
                // keep track of the first error, regardless of cause
                if (firstIndeterminateStatus == null)
                    firstIndeterminateStatus = match.getStatus();
            } else if (match.getResult() == MatchResult.MATCH) {
                // now we evaluate the policy
                Result result = policy.evaluate(context);
                int effect = result.getDecision();
               
                // this is a little different from DenyOverrides...

                if (effect == Result.DECISION_PERMIT)
                    return result;
               
                if (effect == Result.DECISION_DENY) {
                    atLeastOneDeny = true;
                    denyObligations.addAll(result.getObligations());
                } else if (effect == Result.DECISION_INDETERMINATE) {
                    atLeastOneError = true;

                    // keep track of the first error, regardless of cause
                    if (firstIndeterminateStatus == null)
                        firstIndeterminateStatus = result.getStatus();
                }
            }
        }

        // if we got a DENY, return it
        if (atLeastOneDeny)
            return new Result(Result.DECISION_DENY,
                              context.getResourceId().encode(),
                              denyObligations);
       
        // if we got an INDETERMINATE, return it
        if (atLeastOneError)
            return new Result(Result.DECISION_INDETERMINATE,
                              firstIndeterminateStatus,
                              context.getResourceId().encode());
       
        // if we got here, then nothing applied to us
        return new Result(Result.DECISION_NOT_APPLICABLE,
                          context.getResourceId().encode());
    }
View Full Code Here
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
     * @return the result of evaluation
     */
    public Result evaluate(EvaluationCtx context) {
        // if there is no finder, then we return NotApplicable
        if (finder == null)
            return new Result(Result.DECISION_NOT_APPLICABLE,
                              context.getResourceId().encode());

        PolicyFinderResult pfr = finder.findPolicy(reference, policyType,
                                                   constraints,
                                                   parentMetaData);

        // if we found nothing, then we return NotApplicable
        if (pfr.notApplicable())
            return new Result(Result.DECISION_NOT_APPLICABLE,
                              context.getResourceId().encode());

        // if there was an error, we return that status data
        if (pfr.indeterminate())
            return new Result(Result.DECISION_INDETERMINATE, pfr.getStatus(),
                              context.getResourceId().encode());

        // we must have found a policy
        return pfr.getPolicy().evaluate(context);
    }
View Full Code Here
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
     *
     * @return the result of evaluation
     */
    public Result evaluate(EvaluationCtx context) {
        // evaluate
        Result result = combiningAlg.combine(context, parameters,
                                             childElements);

        // if we have no obligations, we're done
        if (obligations.size() == 0)
            return result;

        // now, see if we should add any obligations to the set
        int effect = result.getDecision();

        if ((effect == Result.DECISION_INDETERMINATE) ||
            (effect == Result.DECISION_NOT_APPLICABLE)) {
            // we didn't permit/deny, so we never return obligations
            return result;
        }

        Iterator it = obligations.iterator();
        while (it.hasNext()) {
            Obligation obligation = (Obligation)(it.next());
            if (obligation.getFulfillOn() == effect)
                result.addObligation(obligation);
        }

        // finally, return the result
        return result;
    }
View Full Code Here
129
130
131
132
133
134
135
136
137
            // may change if a more appropriate status type exists
            ArrayList code = new ArrayList();
            code.add(Status.STATUS_SYNTAX_ERROR);
            Status status = new Status(code, pe.getMessage());

            return new ResponseCtx(new Result(Result.DECISION_INDETERMINATE,
                                              status));
        }
    }
View Full Code Here
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
                ArrayList code = new ArrayList();
                code.add(Status.STATUS_PROCESSING_ERROR);
                String msg = "Couldn't find any resources to work on.";
               
                return new
                    ResponseCtx(new Result(Result.DECISION_INDETERMINATE,
                                           new Status(code, msg),
                                           context.getResourceId().encode()));
            }

            // setup a set to keep track of the results
            HashSet results = new HashSet();

            // at this point, we need to go through all the resources we
            // successfully found and start collecting results
            Iterator it = resourceResult.getResources().iterator();
            while (it.hasNext()) {
                // get the next resource, and set it in the EvaluationCtx
                AttributeValue resource = (AttributeValue)(it.next());
                context.setResourceId(resource);
               
                // do the evaluation, and set the resource in the result
                Result result = evaluateContext(context);
                result.setResource(resource.encode());

                // add the result
                results.add(result);
            }

            // now that we've done all the successes, we add all the failures
            // from the finder result
            Map failureMap = resourceResult.getFailures();
            it = failureMap.keySet().iterator();
            while (it.hasNext()) {
                // get the next resource, and use it to get its Status data
                AttributeValue resource = (AttributeValue)(it.next());
                Status status = (Status)(failureMap.get(resource));

                // add a new result
                results.add(new Result(Result.DECISION_INDETERMINATE,
                                       status, resource.encode()));
            }

            // return the set of results
            return new ResponseCtx(results);
View Full Code Here
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
        // first off, try to find a policy
        PolicyFinderResult finderResult = policyFinder.findPolicy(context);

        // see if there weren't any applicable policies
        if (finderResult.notApplicable())
            return new Result(Result.DECISION_NOT_APPLICABLE,
                              context.getResourceId().encode());

        // see if there were any errors in trying to get a policy
        if (finderResult.indeterminate())
            return new Result(Result.DECISION_INDETERMINATE,
                              finderResult.getStatus(),
                              context.getResourceId().encode());

        // we found a valid policy, so we can do the evaluation
        return finderResult.getPolicy().evaluate(context);
View Full Code Here
272
273
274
275
276
277
278
279
280
281
282
            code.add(Status.STATUS_SYNTAX_ERROR);
            Status status = new Status(code, "invalid request: " +
                                       pe.getMessage());

            response =
                new ResponseCtx(new Result(Result.DECISION_INDETERMINATE,
                                           status));
        }

        // if we didn't have a problem above, then we should go ahead
        // with the evaluation
View Full Code Here
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
            MatchResult match = target.match(context);
            int result = match.getResult();

            // if the target didn't match, then this Rule doesn't apply
            if (result == MatchResult.NO_MATCH)
                return new Result(Result.DECISION_NOT_APPLICABLE,
                                  context.getResourceId().encode());

            // if the target was indeterminate, we can't go on
            if (result == MatchResult.INDETERMINATE)
                return new Result(Result.DECISION_INDETERMINATE,
                                  match.getStatus(),
                                  context.getResourceId().encode());
        }

        // if there's no condition, then we just return the effect...
        if (condition == null)
            return new Result(effectAttr, context.getResourceId().encode());

        // ...otherwise we evaluate the condition
        EvaluationResult result = condition.evaluate(context);
       
        if (result.indeterminate()) {
            // if it was INDETERMINATE, then that's what we return
            return new Result(Result.DECISION_INDETERMINATE,
                              result.getStatus(),
                              context.getResourceId().encode());
        } else {
            // otherwise we return the effect on true, and NA on false
            BooleanAttribute bool =
                (BooleanAttribute)(result.getAttributeValue());

            if (bool.getValue())
                return new Result(effectAttr,
                                  context.getResourceId().encode());
            else
                return new Result(Result.DECISION_NOT_APPLICABLE,
                                  context.getResourceId().encode());
        }
    }
View Full Code Here
TOP

Related Classes of org.jboss.security.xacml.sunxacml.ctx.Result

  • org.jboss.security.xacml.core.JBossResponseContext
  • org.jboss.security.xacml.sunxacml.AbstractPolicy
  • org.jboss.security.xacml.sunxacml.combine.DenyOverridesPolicyAlg
  • org.jboss.security.xacml.sunxacml.combine.DenyOverridesRuleAlg
  • org.jboss.security.xacml.sunxacml.combine.FirstApplicablePolicyAlg
  • org.jboss.security.xacml.sunxacml.combine.FirstApplicableRuleAlg
  • org.jboss.security.xacml.sunxacml.combine.OnlyOneApplicablePolicyAlg
  • org.jboss.security.xacml.sunxacml.combine.PermitOverridesPolicyAlg
  • org.jboss.security.xacml.sunxacml.combine.PermitOverridesRuleAlg
  • org.jboss.security.xacml.sunxacml.Indenter
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.