Java源码示例:org.wso2.balana.PolicySet
示例1
@Override
public AbstractPolicy getPolicy(URI identifier, int type, VersionConstraints constraints) {
AbstractPolicy policy = policyCollection.get(identifier);
if (policy != null) {
// we found a valid version, so see if it's the right kind,
// and if it is then we return it
if (type == PolicyReference.POLICY_REFERENCE) {
if (policy instanceof Policy) {
return policy;
}
} else {
if (policy instanceof PolicySet) {
return policy;
}
}
}
return null;
}
示例2
/**
* Get Policy or Policy Set for given applicable policies
*
* @param policies applicable policies as array list
* @return Policy or Policy Set as AbstractPolicy
* @throws EntitlementException throws if no policy combiningAlg is defined
*/
public AbstractPolicy getEffectivePolicy(ArrayList<AbstractPolicy> policies) throws EntitlementException {
if ((combiningAlg == null) && (policies.size() > 0)) {
log.error("Too many applicable top-level policies");
throw new EntitlementException("Too many applicable top-level policies");
}
switch (policies.size()) {
case 0:
if (log.isDebugEnabled()) {
log.debug("No matching XACML policy found");
}
return null;
case 1:
return ((AbstractPolicy) (policies.get(0)));
default:
return new PolicySet(parentId, combiningAlg, target, policies);
}
}
示例3
@Override
public AbstractPolicy getPolicy(URI identifier, int type, VersionConstraints constraints) {
AbstractPolicy policy = policyCollection.get(identifier);
if (policy != null) {
// we found a valid version, so see if it's the right kind,
// and if it is then we return it
if (type == PolicyReference.POLICY_REFERENCE) {
if (policy instanceof Policy)
return policy;
} else {
if (policy instanceof PolicySet)
return policy;
}
}
return null;
}
示例4
/**
* Get Policy or Policy Set for given applicable policies
*
* @param policies applicable policies as array list
* @return Policy or Policy Set as AbstractPolicy
* @throws EntitlementException throws if no policy combiningAlg is defined
*/
public AbstractPolicy getEffectivePolicy(ArrayList<AbstractPolicy> policies) throws EntitlementException {
if ((combiningAlg == null) && (policies.size() > 0)) {
log.error("Too many applicable top-level policies");
throw new EntitlementException("Too many applicable top-level policies");
}
switch (policies.size()) {
case 0:
if (log.isDebugEnabled()) {
log.debug("No matching XACML policy found");
}
return null;
case 1:
return ((AbstractPolicy) (policies.get(0)));
default:
return new PolicySet(parentId, combiningAlg, target, policies);
}
}
示例5
@Override
public PolicyFinderResult findPolicy(URI idReference, int type, VersionConstraints constraints,
PolicyMetaData parentMetaData) {
AbstractPolicy policy = policies.get(idReference);
if (policy != null) {
if (type == PolicyReference.POLICY_REFERENCE) {
if (policy instanceof Policy) {
return new PolicyFinderResult(policy);
}
} else {
if (policy instanceof PolicySet) {
return new PolicyFinderResult(policy);
}
}
}
// if there was an error loading the policy, return the error
ArrayList<String> code = new ArrayList<String>();
code.add(Status.STATUS_PROCESSING_ERROR);
Status status = new Status(code,
"couldn't load referenced policy");
return new PolicyFinderResult(status);
}
示例6
/**
* Encodes this <code>PolicyCombinerElement</code> into its XML form and writes this out to the provided
* <code>StringBuilder<code>
*
* @param builder string stream into which the XML-encoded data is written
*/
public void encode(StringBuilder builder) {
if (!getParameters().isEmpty()) {
AbstractPolicy policy = getPolicy();
// FIXME: This is ugly and happens in several places...maybe this
// should get folded into the AbstractPolicy API?
if (policy instanceof Policy) {
encodeParamaters(builder, "Policy", policy.getId().toString());
} else if (policy instanceof PolicySet) {
encodeParamaters(builder, "PolicySet", policy.getId().toString());
} else {
PolicyReference ref = (PolicyReference) policy;
if (ref.getReferenceType() == PolicyReference.POLICY_REFERENCE)
encodeParamaters(builder, "Policy", ref.getReference().toString());
else
encodeParamaters(builder, "PolicySet", ref.getReference().toString());
}
}
getPolicy().encode(builder);
}
示例7
/**
* @param doc
* @return
* @throws org.wso2.balana.ParsingException
*/
private AbstractPolicy handleDocument(Document doc) throws ParsingException {
// handle the policy, if it's a known type
Element root = doc.getDocumentElement();
String name = root.getLocalName();
// see what type of policy this is
if (name.equals("Policy")) {
return Policy.getInstance(root);
} else if (name.equals("PolicySet")) {
return PolicySet.getInstance(root, policyFinder);
} else {
// this isn't a root type that we know how to handle
throw new ParsingException("Unknown root document type: " + name);
}
}
示例8
public PolicyFinderResult findPolicy(URI idReference, int type, VersionConstraints constraints,
PolicyMetaData parentMetaData) {
// clear all current policies
policies.getPolicies().clear();
AbstractPolicy policy = null;
try {
AbstractPolicy policyFromStore = policyReader.readPolicy(idReference.toString(),
this.policyFinder);
if (policyFromStore != null) {
if (type == PolicyReference.POLICY_REFERENCE) {
if (policyFromStore instanceof Policy) {
policy = policyFromStore;
policies.addPolicy(policy);
}
} else {
if (policyFromStore instanceof PolicySet) {
policy = policyFromStore;
policies.addPolicy(policy);
}
}
}
} catch (EntitlementException e) {
// ignore and just log the error.
log.error(e);
}
if (policy == null) {
return new PolicyFinderResult();
} else {
return new PolicyFinderResult(policy);
}
}
示例9
/**
* @param doc
* @return
* @throws ParsingException
*/
private AbstractPolicy handleDocument(Document doc) throws ParsingException {
// handle the policy, if it's a known type
Element root = doc.getDocumentElement();
String name = root.getLocalName();
// see what type of policy this is
if (name.equals("Policy")) {
return Policy.getInstance(root);
} else if (name.equals("PolicySet")) {
return PolicySet.getInstance(root, policyFinder);
} else {
// this isn't a root type that we know how to handle
throw new ParsingException("Unknown root document type: " + name);
}
}
示例10
/**
* Attempts to retrieve a policy based on the given identifier and other constraints. If there
* are multiple versions of the identified policy that meet the version constraints, then the
* most recent version is returned.
*
* @param identifier
* @param type
* @param constraints
* @return
*/
public AbstractPolicy getPolicy(URI identifier, int type, VersionConstraints constraints) {
TreeSet<AbstractPolicy> set = policies.get(identifier.toString());
// if we don't know about this identifier then there's nothing to do
if (set == null)
return null;
// walk through the set starting with the most recent version, looking
// for a match until we exhaust all known versions
Iterator<AbstractPolicy> it = set.iterator();
while (it.hasNext()) {
AbstractPolicy policy = (AbstractPolicy) (it.next());
if (constraints.meetsConstraint(policy.getVersion())) {
// we found a valid version, so see if it's the right kind,
// and if it is then we return it
if (type == PolicyReference.POLICY_REFERENCE) {
if (policy instanceof Policy)
return policy;
} else {
if (policy instanceof PolicySet)
return policy;
}
}
}
// we didn't find a match
return null;
}
示例11
@Override
public PolicyFinderResult findPolicy(URI idReference, int type, VersionConstraints constraints,
PolicyMetaData parentMetaData) {
AbstractPolicy policy = policyReferenceCache.get(idReference);
if (policy == null) {
if (this.finderModules != null) {
for (PolicyFinderModule finderModule : this.finderModules) {
String policyString = finderModule.getReferencedPolicy(idReference.toString());
if (policyString != null) {
policy = policyReader.getPolicy(policyString);
if (policy != null) {
policyReferenceCache.put(idReference, policy);
break;
}
}
}
}
}
if (policy != null) {
// we found a valid version, so see if it's the right kind,
// and if it is then we return it
if (type == PolicyReference.POLICY_REFERENCE) {
if (policy instanceof Policy) {
return new PolicyFinderResult(policy);
}
} else {
if (policy instanceof PolicySet) {
return new PolicyFinderResult(policy);
}
}
}
return new PolicyFinderResult();
}
示例12
/**
* @param doc
* @return
* @throws org.wso2.balana.ParsingException
*/
private AbstractPolicy handleDocument(Document doc) throws ParsingException {
// handle the policy, if it's a known type
Element root = doc.getDocumentElement();
String name = root.getLocalName();
// see what type of policy this is
if (name.equals("Policy")) {
return Policy.getInstance(root);
} else if (name.equals("PolicySet")) {
return PolicySet.getInstance(root, policyFinder);
} else {
// this isn't a root type that we know how to handle
throw new ParsingException("Unknown root document type: " + name);
}
}
示例13
public PolicyFinderResult findPolicy(URI idReference, int type, VersionConstraints constraints,
PolicyMetaData parentMetaData) {
// clear all current policies
policies.getPolicies().clear();
AbstractPolicy policy = null;
try {
AbstractPolicy policyFromStore = policyReader.readPolicy(idReference.toString(),
this.policyFinder);
if (policyFromStore != null) {
if (type == PolicyReference.POLICY_REFERENCE) {
if (policyFromStore instanceof Policy) {
policy = policyFromStore;
policies.addPolicy(policy);
}
} else {
if (policyFromStore instanceof PolicySet) {
policy = policyFromStore;
policies.addPolicy(policy);
}
}
}
} catch (EntitlementException e) {
// ignore and just log the error.
log.error(e);
}
if (policy == null) {
return new PolicyFinderResult();
} else {
return new PolicyFinderResult(policy);
}
}
示例14
/**
* @param doc
* @return
* @throws ParsingException
*/
private AbstractPolicy handleDocument(Document doc) throws ParsingException {
// handle the policy, if it's a known type
Element root = doc.getDocumentElement();
String name = root.getLocalName();
// see what type of policy this is
if (name.equals("Policy")) {
return Policy.getInstance(root);
} else if (name.equals("PolicySet")) {
return PolicySet.getInstance(root, policyFinder);
} else {
// this isn't a root type that we know how to handle
throw new ParsingException("Unknown root document type: " + name);
}
}
示例15
/**
* Attempts to retrieve a policy based on the given identifier and other constraints. If there
* are multiple versions of the identified policy that meet the version constraints, then the
* most recent version is returned.
*
* @param identifier
* @param type
* @param constraints
* @return
*/
public AbstractPolicy getPolicy(URI identifier, int type, VersionConstraints constraints) {
TreeSet<AbstractPolicy> set = policies.get(identifier.toString());
// if we don't know about this identifier then there's nothing to do
if (set == null)
return null;
// walk through the set starting with the most recent version, looking
// for a match until we exhaust all known versions
Iterator<AbstractPolicy> it = set.iterator();
while (it.hasNext()) {
AbstractPolicy policy = (AbstractPolicy) (it.next());
if (constraints.meetsConstraint(policy.getVersion())) {
// we found a valid version, so see if it's the right kind,
// and if it is then we return it
if (type == PolicyReference.POLICY_REFERENCE) {
if (policy instanceof Policy)
return policy;
} else {
if (policy instanceof PolicySet)
return policy;
}
}
}
// we didn't find a match
return null;
}
示例16
@Override
public PolicyFinderResult findPolicy(URI idReference, int type, VersionConstraints constraints,
PolicyMetaData parentMetaData) {
AbstractPolicy policy = policyReferenceCache.get(idReference);
if (policy == null) {
if (this.finderModules != null) {
for (PolicyFinderModule finderModule : this.finderModules) {
String policyString = finderModule.getReferencedPolicy(idReference.toString());
if (policyString != null) {
policy = policyReader.getPolicy(policyString);
if (policy != null) {
policyReferenceCache.put(idReference, policy);
break;
}
}
}
}
}
if (policy != null) {
// we found a valid version, so see if it's the right kind,
// and if it is then we return it
if (type == PolicyReference.POLICY_REFERENCE) {
if (policy instanceof Policy) {
return new PolicyFinderResult(policy);
}
} else {
if (policy instanceof PolicySet) {
return new PolicyFinderResult(policy);
}
}
}
return new PolicyFinderResult();
}
示例17
@Override
public AbstractPolicy getEffectivePolicy(EvaluationCtx context) throws EntitlementException {
// setup a list of matching policies
ArrayList<AbstractPolicy> list = new ArrayList<AbstractPolicy>();
for (Map.Entry<URI, AbstractPolicy> entry : policyCollection.entrySet()) {
AbstractPolicy policy = entry.getValue();
// see if we match
MatchResult match = policy.match(context);
int result = match.getResult();
// if there was an error, we stop right away
if (result == MatchResult.INDETERMINATE) {
log.error(match.getStatus().getMessage());
throw new EntitlementException(match.getStatus().getMessage());
}
// if we matched, we keep track of the matching policy...
if (result == MatchResult.MATCH) {
// ...first checking if this is the first match and if
// we automatically nest policies
if (log.isDebugEnabled()) {
log.debug("Matching XACML policy found " + policy.getId().toString());
}
if ((combiningAlg == null) && (list.size() > 0)) {
log.error("Too many applicable top-level policies");
throw new EntitlementException("Too many applicable top-level policies");
}
list.add(policy);
}
}
// no errors happened during the search, so now take the right
// action based on how many policies we found
switch (list.size()) {
case 0:
if (log.isDebugEnabled()) {
log.debug("No matching XACML policy found");
}
return null;
case 1:
return ((AbstractPolicy) (list.get(0)));
default:
return new PolicySet(parentId, combiningAlg, null, list);
}
}
示例18
/**
* Attempts to retrieve a policy based on the given context. If multiple policies match then
* this will either throw an exception or wrap the policies under a new PolicySet (depending on
* how this instance was constructed). If no policies match, then this will return null. See the
* comment in the class header about how this behaves when multiple versions of the same policy
* exist.
*
* @param context
* @return
* @throws EntitlementException
*/
public AbstractPolicy getEffectivePolicy(EvaluationCtx context) throws EntitlementException {
// setup a list of matching policies
ArrayList<AbstractPolicy> list = new ArrayList<AbstractPolicy>();
// get an iterator over all the identifiers
Iterator<TreeSet<AbstractPolicy>> it = policies.values().iterator();
while (it.hasNext()) {
// for each identifier, get only the most recent policy
AbstractPolicy policy = it.next().first();
// see if we match
MatchResult match = policy.match(context);
int result = match.getResult();
// if there was an error, we stop right away
if (result == MatchResult.INDETERMINATE) {
log.error(match.getStatus().getMessage());
throw new EntitlementException(match.getStatus().getMessage());
}
// if we matched, we keep track of the matching policy...
if (result == MatchResult.MATCH) {
// ...first checking if this is the first match and if
// we automatically nest policies
if (log.isDebugEnabled()) {
log.debug("Matching XACML policy found " + policy.getId().toString());
}
if ((combiningAlg == null) && (list.size() > 0)) {
ArrayList<String> code = new ArrayList<String>();
code.add(Status.STATUS_PROCESSING_ERROR);
Status status = new Status(code, "too many applicable top-level policies");
//throw new EntitlementException(status); // TODO
}
list.add(policy);
}
}
// no errors happened during the search, so now take the right
// action based on how many policies we found
switch (list.size()) {
case 0:
if (log.isDebugEnabled()) {
log.debug("No matching XACML policy found");
}
return null;
case 1:
return ((AbstractPolicy) (list.get(0)));
default:
return new PolicySet(parentId, combiningAlg, null, list);
}
}
示例19
@Override
public AbstractPolicy getEffectivePolicy(EvaluationCtx context) throws EntitlementException {
// setup a list of matching policies
ArrayList<AbstractPolicy> list = new ArrayList<AbstractPolicy>();
for (Map.Entry<URI, AbstractPolicy> entry : policyCollection.entrySet()) {
AbstractPolicy policy = entry.getValue();
// see if we match
MatchResult match = policy.match(context);
int result = match.getResult();
// if there was an error, we stop right away
if (result == MatchResult.INDETERMINATE) {
log.error(match.getStatus().getMessage());
throw new EntitlementException(match.getStatus().getMessage());
}
// if we matched, we keep track of the matching policy...
if (result == MatchResult.MATCH) {
// ...first checking if this is the first match and if
// we automatically nest policies
if (log.isDebugEnabled()) {
log.debug("Matching XACML policy found " + policy.getId().toString());
}
if ((combiningAlg == null) && (list.size() > 0)) {
log.error("Too many applicable top-level policies");
throw new EntitlementException("Too many applicable top-level policies");
}
list.add(policy);
}
}
// no errors happened during the search, so now take the right
// action based on how many policies we found
switch (list.size()) {
case 0:
if (log.isDebugEnabled()) {
log.debug("No matching XACML policy found");
}
return null;
case 1:
return ((AbstractPolicy) (list.get(0)));
default:
return new PolicySet(parentId, combiningAlg, null, list);
}
}
示例20
/**
* Attempts to retrieve a policy based on the given context. If multiple policies match then
* this will either throw an exception or wrap the policies under a new PolicySet (depending on
* how this instance was constructed). If no policies match, then this will return null. See the
* comment in the class header about how this behaves when multiple versions of the same policy
* exist.
*
* @param context
* @return
* @throws EntitlementException
*/
public AbstractPolicy getEffectivePolicy(EvaluationCtx context) throws EntitlementException {
// setup a list of matching policies
ArrayList<AbstractPolicy> list = new ArrayList<AbstractPolicy>();
// get an iterator over all the identifiers
Iterator<TreeSet<AbstractPolicy>> it = policies.values().iterator();
while (it.hasNext()) {
// for each identifier, get only the most recent policy
AbstractPolicy policy = it.next().first();
// see if we match
MatchResult match = policy.match(context);
int result = match.getResult();
// if there was an error, we stop right away
if (result == MatchResult.INDETERMINATE) {
log.error(match.getStatus().getMessage());
throw new EntitlementException(match.getStatus().getMessage());
}
// if we matched, we keep track of the matching policy...
if (result == MatchResult.MATCH) {
// ...first checking if this is the first match and if
// we automatically nest policies
if (log.isDebugEnabled()) {
log.debug("Matching XACML policy found " + policy.getId().toString());
}
if ((combiningAlg == null) && (list.size() > 0)) {
ArrayList<String> code = new ArrayList<String>();
code.add(Status.STATUS_PROCESSING_ERROR);
Status status = new Status(code, "too many applicable top-level policies");
//throw new EntitlementException(status); // TODO
}
list.add(policy);
}
}
// no errors happened during the search, so now take the right
// action based on how many policies we found
switch (list.size()) {
case 0:
if (log.isDebugEnabled()) {
log.debug("No matching XACML policy found");
}
return null;
case 1:
return ((AbstractPolicy) (list.get(0)));
default:
return new PolicySet(parentId, combiningAlg, null, list);
}
}
示例21
@Override
public PolicyFinderResult findPolicy(EvaluationCtx context) {
ArrayList<AbstractPolicy> selectedPolicies = new ArrayList<AbstractPolicy>();
Set<Map.Entry<URI, AbstractPolicy>> entrySet = policies.entrySet();
// iterate through all the policies we currently have loaded
for (Map.Entry<URI, AbstractPolicy> entry : entrySet) {
AbstractPolicy policy = entry.getValue();
MatchResult match = policy.match(context);
int result = match.getResult();
// if target matching was indeterminate, then return the error
if (result == MatchResult.INDETERMINATE)
return new PolicyFinderResult(match.getStatus());
// see if the target matched
if (result == MatchResult.MATCH) {
if ((combiningAlg == null) && (selectedPolicies.size() > 0)) {
// we found a match before, so this is an error
ArrayList<String> code = new ArrayList<String>();
code.add(Status.STATUS_PROCESSING_ERROR);
Status status = new Status(code, "too many applicable "
+ "top-level policies");
return new PolicyFinderResult(status);
}
// this is the first match we've found, so remember it
selectedPolicies.add(policy);
}
}
// no errors happened during the search, so now take the right
// action based on how many policies we found
switch (selectedPolicies.size()) {
case 0:
if (log.isDebugEnabled()) {
log.debug("No matching XACML policy found");
}
return new PolicyFinderResult();
case 1:
return new PolicyFinderResult((selectedPolicies.get(0)));
default:
return new PolicyFinderResult(new PolicySet(null, combiningAlg, null, selectedPolicies));
}
}
