Package org.exist.security.xacml

Source Code of org.exist.security.xacml.ExistPolicyModule

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
package org.exist.security.xacml;

import java.net.URI;
import java.util.Iterator;

import org.apache.log4j.Logger;
import org.exist.EXistException;
import org.exist.dom.DocumentImpl;
import org.exist.dom.DocumentSet;
import org.exist.storage.BrokerPool;
import org.exist.storage.DBBroker;

import com.sun.xacml.AbstractPolicy;
import com.sun.xacml.EvaluationCtx;
import com.sun.xacml.MatchResult;
import com.sun.xacml.ParsingException;
import com.sun.xacml.finder.PolicyFinder;
import com.sun.xacml.finder.PolicyFinderModule;
import com.sun.xacml.finder.PolicyFinderResult;
import org.exist.security.PermissionDeniedException;

/*
*Added new constructor to AnyURIValue to accept a URI
*/
/**
* This class finds Policy and PolicySet documents located in
* the /db/system/policies collection.  It implements both of the
* <code>findPolicy</code> methods of <code>PolicyFinderModule</code>.
* Finding policies by reference uses a range index on PolicySetId
* and PolicyId, so that must be set up for references to work.
* Finding policies for a given request is not yet optimized, but
* just loads all policies in the policies collection, parses them,
* and determines if they match the request.
*
* @see XACMLConstants
*/
public class ExistPolicyModule extends PolicyFinderModule
{
  @SuppressWarnings("unused")
  private static final Logger LOG = Logger.getLogger(ExistPolicyModule.class);

  private ExistPDP pdp;

  @SuppressWarnings("unused")
  private ExistPolicyModule() {}
  /**
  * Creates a new <code>ExistPolicyModule</code>.  Retains a reference
  * to the specified <code>BrokerPool</code>.
  *
  * @param pdp The <code>ExistPDP</code> for this database instance.
  */
  public ExistPolicyModule(ExistPDP pdp)
  {
    if(pdp == null)
      {throw new NullPointerException("BrokerPool cannot be null");}
    this.pdp = pdp;
  }

  public boolean isRequestSupported()
  {
    return true;
  }
  public boolean isIdReferenceSupported()
  {
    return true;
  }
  public void init(PolicyFinder finder) {}

  public PolicyFinderResult findPolicy(EvaluationCtx context)
  {
    final BrokerPool pool = pdp.getBrokerPool();
    DBBroker broker = null;
    try
    {
      broker = pool.get(pool.getSecurityManager().getSystemSubject());
      return findPolicy(broker, context);
    }
                catch(final PermissionDeniedException pde) {
                      return XACMLUtil.errorResult("Error while finding policy: " + pde.getMessage(), pde);
                }
    catch(final EXistException ee)
    {
      return XACMLUtil.errorResult("Error while finding policy: " + ee.getMessage(), ee);
    }
    finally
    {
      pool.release(broker);
    }
  }
  private PolicyFinderResult findPolicy(DBBroker broker, EvaluationCtx context) throws PermissionDeniedException
  {
    final DocumentSet mainPolicyDocs = XACMLUtil.getPolicyDocuments(broker, false);
    if(mainPolicyDocs == null)
      {return new PolicyFinderResult();}

    AbstractPolicy matchedPolicy = null;
    AbstractPolicy policy;
    MatchResult match;
    int result;
    try
    {
      final XACMLUtil util = pdp.getUtil();
      for(final Iterator<DocumentImpl> it = mainPolicyDocs.getDocumentIterator(); it.hasNext();)
      {
        policy = util.getPolicyDocument(it.next());
        match = policy.match(context);
        result = match.getResult();
        if(result == MatchResult.INDETERMINATE)
          {return new PolicyFinderResult(match.getStatus());}
        else if(result == MatchResult.MATCH)
        {
          if(matchedPolicy == null)
            {matchedPolicy = policy;}
          else
            {return XACMLUtil.errorResult("Matched multiple policies for reqest", null);}
        }
      }
    }
    catch(final ParsingException pe)
    {
      return XACMLUtil.errorResult("Error retrieving policies: " + pe.getMessage(), pe);
    }

    if(matchedPolicy == null)
      {return new PolicyFinderResult();}
    else
      {return new PolicyFinderResult(matchedPolicy);}
  }
  public PolicyFinderResult findPolicy(URI idReference, int type)
  {
    final BrokerPool pool = pdp.getBrokerPool();
    DBBroker broker = null;
    try
    {
      broker = pool.get(pool.getSecurityManager().getSystemSubject());
      final AbstractPolicy policy = pdp.getUtil().findPolicy(broker, idReference, type);
      return (policy == null) ? new PolicyFinderResult() : new PolicyFinderResult(policy);
    }
    catch(final Exception e)
    {
      return XACMLUtil.errorResult("Error resolving id '" + idReference.toString() + "': " + e.getMessage(), e);
    }
    finally
    {
      pool.release(broker);
    }
  }
}
TOP

Related Classes of org.exist.security.xacml.ExistPolicyModule

  • com.sun.xacml.AbstractPolicy
  • com.sun.xacml.finder.PolicyFinderResult
  • com.sun.xacml.MatchResult
  • org.exist.dom.DocumentSet
  • org.exist.storage.BrokerPool
  • org.exist.storage.DBBroker
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.