org.wso2.balana.PolicySet Java Examples
The following examples show how to use
org.wso2.balana.PolicySet.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: PolicyCombinerElement.java From balana with Apache License 2.0 | 6 votes |
|
/**
* Encodes this <code>PolicyCombinerElement</code> into its XML form and writes this out to the provided
* <code>StringBuilder<code>
*
* @param builder string stream into which the XML-encoded data is written
*/
public void encode(StringBuilder builder) {
if (!getParameters().isEmpty()) {
AbstractPolicy policy = getPolicy();
// FIXME: This is ugly and happens in several places...maybe this
// should get folded into the AbstractPolicy API?
if (policy instanceof Policy) {
encodeParamaters(builder, "Policy", policy.getId().toString());
} else if (policy instanceof PolicySet) {
encodeParamaters(builder, "PolicySet", policy.getId().toString());
} else {
PolicyReference ref = (PolicyReference) policy;
if (ref.getReferenceType() == PolicyReference.POLICY_REFERENCE)
encodeParamaters(builder, "Policy", ref.getReference().toString());
else
encodeParamaters(builder, "PolicySet", ref.getReference().toString());
}
}
getPolicy().encode(builder);
}
Example #2
| Source File: FileBasedPolicyFinderModule.java From balana with Apache License 2.0 | 6 votes |
|
@Override
public PolicyFinderResult findPolicy(URI idReference, int type, VersionConstraints constraints,
PolicyMetaData parentMetaData) {
AbstractPolicy policy = policies.get(idReference);
if (policy != null) {
if (type == PolicyReference.POLICY_REFERENCE) {
if (policy instanceof Policy) {
return new PolicyFinderResult(policy);
}
} else {
if (policy instanceof PolicySet) {
return new PolicyFinderResult(policy);
}
}
}
// if there was an error loading the policy, return the error
ArrayList<String> code = new ArrayList<String>();
code.add(Status.STATUS_PROCESSING_ERROR);
Status status = new Status(code,
"couldn't load referenced policy");
return new PolicyFinderResult(status);
}
Example #3
| Source File: SimplePolicyCollection.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
|
@Override
public AbstractPolicy getPolicy(URI identifier, int type, VersionConstraints constraints) {
AbstractPolicy policy = policyCollection.get(identifier);
if (policy != null) {
// we found a valid version, so see if it's the right kind,
// and if it is then we return it
if (type == PolicyReference.POLICY_REFERENCE) {
if (policy instanceof Policy) {
return policy;
}
} else {
if (policy instanceof PolicySet) {
return policy;
}
}
}
return null;
}
Example #4
| Source File: DefaultPolicyCollection.java From carbon-identity-framework with Apache License 2.0 | 6 votes |
|
/**
* Get Policy or Policy Set for given applicable policies
*
* @param policies applicable policies as array list
* @return Policy or Policy Set as AbstractPolicy
* @throws EntitlementException throws if no policy combiningAlg is defined
*/
public AbstractPolicy getEffectivePolicy(ArrayList<AbstractPolicy> policies) throws EntitlementException {
if ((combiningAlg == null) && (policies.size() > 0)) {
log.error("Too many applicable top-level policies");
throw new EntitlementException("Too many applicable top-level policies");
}
switch (policies.size()) {
case 0:
if (log.isDebugEnabled()) {
log.debug("No matching XACML policy found");
}
return null;
case 1:
return ((AbstractPolicy) (policies.get(0)));
default:
return new PolicySet(parentId, combiningAlg, target, policies);
}
}
Example #5
| Source File: DefaultPolicyCollection.java From carbon-identity with Apache License 2.0 | 6 votes |
|
/**
* Get Policy or Policy Set for given applicable policies
*
* @param policies applicable policies as array list
* @return Policy or Policy Set as AbstractPolicy
* @throws EntitlementException throws if no policy combiningAlg is defined
*/
public AbstractPolicy getEffectivePolicy(ArrayList<AbstractPolicy> policies) throws EntitlementException {
if ((combiningAlg == null) && (policies.size() > 0)) {
log.error("Too many applicable top-level policies");
throw new EntitlementException("Too many applicable top-level policies");
}
switch (policies.size()) {
case 0:
if (log.isDebugEnabled()) {
log.debug("No matching XACML policy found");
}
return null;
case 1:
return ((AbstractPolicy) (policies.get(0)));
default:
return new PolicySet(parentId, combiningAlg, target, policies);
}
}
Example #6
| Source File: SimplePolicyCollection.java From carbon-identity with Apache License 2.0 | 6 votes |
|
@Override
public AbstractPolicy getPolicy(URI identifier, int type, VersionConstraints constraints) {
AbstractPolicy policy = policyCollection.get(identifier);
if (policy != null) {
// we found a valid version, so see if it's the right kind,
// and if it is then we return it
if (type == PolicyReference.POLICY_REFERENCE) {
if (policy instanceof Policy)
return policy;
} else {
if (policy instanceof PolicySet)
return policy;
}
}
return null;
}
Example #7
| Source File: PAPPolicyFinder.java From carbon-identity with Apache License 2.0 | 5 votes |
|
public PolicyFinderResult findPolicy(URI idReference, int type, VersionConstraints constraints,
PolicyMetaData parentMetaData) {
// clear all current policies
policies.getPolicies().clear();
AbstractPolicy policy = null;
try {
AbstractPolicy policyFromStore = policyReader.readPolicy(idReference.toString(),
this.policyFinder);
if (policyFromStore != null) {
if (type == PolicyReference.POLICY_REFERENCE) {
if (policyFromStore instanceof Policy) {
policy = policyFromStore;
policies.addPolicy(policy);
}
} else {
if (policyFromStore instanceof PolicySet) {
policy = policyFromStore;
policies.addPolicy(policy);
}
}
}
} catch (EntitlementException e) {
// ignore and just log the error.
log.error(e);
}
if (policy == null) {
return new PolicyFinderResult();
} else {
return new PolicyFinderResult(policy);
}
}
Example #8
| Source File: CarbonPolicyFinder.java From carbon-identity with Apache License 2.0 | 5 votes |
|
@Override
public PolicyFinderResult findPolicy(URI idReference, int type, VersionConstraints constraints,
PolicyMetaData parentMetaData) {
AbstractPolicy policy = policyReferenceCache.get(idReference);
if (policy == null) {
if (this.finderModules != null) {
for (PolicyFinderModule finderModule : this.finderModules) {
String policyString = finderModule.getReferencedPolicy(idReference.toString());
if (policyString != null) {
policy = policyReader.getPolicy(policyString);
if (policy != null) {
policyReferenceCache.put(idReference, policy);
break;
}
}
}
}
}
if (policy != null) {
// we found a valid version, so see if it's the right kind,
// and if it is then we return it
if (type == PolicyReference.POLICY_REFERENCE) {
if (policy instanceof Policy) {
return new PolicyFinderResult(policy);
}
} else {
if (policy instanceof PolicySet) {
return new PolicyFinderResult(policy);
}
}
}
return new PolicyFinderResult();
}
Example #9
| Source File: DefaultPolicyCollection.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* Attempts to retrieve a policy based on the given identifier and other constraints. If there
* are multiple versions of the identified policy that meet the version constraints, then the
* most recent version is returned.
*
* @param identifier
* @param type
* @param constraints
* @return
*/
public AbstractPolicy getPolicy(URI identifier, int type, VersionConstraints constraints) {
TreeSet<AbstractPolicy> set = policies.get(identifier.toString());
// if we don't know about this identifier then there's nothing to do
if (set == null)
return null;
// walk through the set starting with the most recent version, looking
// for a match until we exhaust all known versions
Iterator<AbstractPolicy> it = set.iterator();
while (it.hasNext()) {
AbstractPolicy policy = (AbstractPolicy) (it.next());
if (constraints.meetsConstraint(policy.getVersion())) {
// we found a valid version, so see if it's the right kind,
// and if it is then we return it
if (type == PolicyReference.POLICY_REFERENCE) {
if (policy instanceof Policy)
return policy;
} else {
if (policy instanceof PolicySet)
return policy;
}
}
}
// we didn't find a match
return null;
}
Example #10
| Source File: PolicyReader.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* @param doc
* @return
* @throws ParsingException
*/
private AbstractPolicy handleDocument(Document doc) throws ParsingException {
// handle the policy, if it's a known type
Element root = doc.getDocumentElement();
String name = root.getLocalName();
// see what type of policy this is
if (name.equals("Policy")) {
return Policy.getInstance(root);
} else if (name.equals("PolicySet")) {
return PolicySet.getInstance(root, policyFinder);
} else {
// this isn't a root type that we know how to handle
throw new ParsingException("Unknown root document type: " + name);
}
}
Example #11
| Source File: PAPPolicyReader.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
/**
* @param doc
* @return
* @throws org.wso2.balana.ParsingException
*/
private AbstractPolicy handleDocument(Document doc) throws ParsingException {
// handle the policy, if it's a known type
Element root = doc.getDocumentElement();
String name = root.getLocalName();
// see what type of policy this is
if (name.equals("Policy")) {
return Policy.getInstance(root);
} else if (name.equals("PolicySet")) {
return PolicySet.getInstance(root, policyFinder);
} else {
// this isn't a root type that we know how to handle
throw new ParsingException("Unknown root document type: " + name);
}
}
Example #12
| Source File: PAPPolicyReader.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* @param doc
* @return
* @throws org.wso2.balana.ParsingException
*/
private AbstractPolicy handleDocument(Document doc) throws ParsingException {
// handle the policy, if it's a known type
Element root = doc.getDocumentElement();
String name = root.getLocalName();
// see what type of policy this is
if (name.equals("Policy")) {
return Policy.getInstance(root);
} else if (name.equals("PolicySet")) {
return PolicySet.getInstance(root, policyFinder);
} else {
// this isn't a root type that we know how to handle
throw new ParsingException("Unknown root document type: " + name);
}
}
Example #13
| Source File: CarbonPolicyFinder.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
@Override
public PolicyFinderResult findPolicy(URI idReference, int type, VersionConstraints constraints,
PolicyMetaData parentMetaData) {
AbstractPolicy policy = policyReferenceCache.get(idReference);
if (policy == null) {
if (this.finderModules != null) {
for (PolicyFinderModule finderModule : this.finderModules) {
String policyString = finderModule.getReferencedPolicy(idReference.toString());
if (policyString != null) {
policy = policyReader.getPolicy(policyString);
if (policy != null) {
policyReferenceCache.put(idReference, policy);
break;
}
}
}
}
}
if (policy != null) {
// we found a valid version, so see if it's the right kind,
// and if it is then we return it
if (type == PolicyReference.POLICY_REFERENCE) {
if (policy instanceof Policy) {
return new PolicyFinderResult(policy);
}
} else {
if (policy instanceof PolicySet) {
return new PolicyFinderResult(policy);
}
}
}
return new PolicyFinderResult();
}
Example #14
| Source File: DefaultPolicyCollection.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
/**
* Attempts to retrieve a policy based on the given identifier and other constraints. If there
* are multiple versions of the identified policy that meet the version constraints, then the
* most recent version is returned.
*
* @param identifier
* @param type
* @param constraints
* @return
*/
public AbstractPolicy getPolicy(URI identifier, int type, VersionConstraints constraints) {
TreeSet<AbstractPolicy> set = policies.get(identifier.toString());
// if we don't know about this identifier then there's nothing to do
if (set == null)
return null;
// walk through the set starting with the most recent version, looking
// for a match until we exhaust all known versions
Iterator<AbstractPolicy> it = set.iterator();
while (it.hasNext()) {
AbstractPolicy policy = (AbstractPolicy) (it.next());
if (constraints.meetsConstraint(policy.getVersion())) {
// we found a valid version, so see if it's the right kind,
// and if it is then we return it
if (type == PolicyReference.POLICY_REFERENCE) {
if (policy instanceof Policy)
return policy;
} else {
if (policy instanceof PolicySet)
return policy;
}
}
}
// we didn't find a match
return null;
}
Example #15
| Source File: PolicyReader.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
/**
* @param doc
* @return
* @throws ParsingException
*/
private AbstractPolicy handleDocument(Document doc) throws ParsingException {
// handle the policy, if it's a known type
Element root = doc.getDocumentElement();
String name = root.getLocalName();
// see what type of policy this is
if (name.equals("Policy")) {
return Policy.getInstance(root);
} else if (name.equals("PolicySet")) {
return PolicySet.getInstance(root, policyFinder);
} else {
// this isn't a root type that we know how to handle
throw new ParsingException("Unknown root document type: " + name);
}
}
Example #16
| Source File: PAPPolicyFinder.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
public PolicyFinderResult findPolicy(URI idReference, int type, VersionConstraints constraints,
PolicyMetaData parentMetaData) {
// clear all current policies
policies.getPolicies().clear();
AbstractPolicy policy = null;
try {
AbstractPolicy policyFromStore = policyReader.readPolicy(idReference.toString(),
this.policyFinder);
if (policyFromStore != null) {
if (type == PolicyReference.POLICY_REFERENCE) {
if (policyFromStore instanceof Policy) {
policy = policyFromStore;
policies.addPolicy(policy);
}
} else {
if (policyFromStore instanceof PolicySet) {
policy = policyFromStore;
policies.addPolicy(policy);
}
}
}
} catch (EntitlementException e) {
// ignore and just log the error.
log.error(e);
}
if (policy == null) {
return new PolicyFinderResult();
} else {
return new PolicyFinderResult(policy);
}
}
Example #17
| Source File: SimplePolicyCollection.java From carbon-identity with Apache License 2.0 | 4 votes |
|
@Override
public AbstractPolicy getEffectivePolicy(EvaluationCtx context) throws EntitlementException {
// setup a list of matching policies
ArrayList<AbstractPolicy> list = new ArrayList<AbstractPolicy>();
for (Map.Entry<URI, AbstractPolicy> entry : policyCollection.entrySet()) {
AbstractPolicy policy = entry.getValue();
// see if we match
MatchResult match = policy.match(context);
int result = match.getResult();
// if there was an error, we stop right away
if (result == MatchResult.INDETERMINATE) {
log.error(match.getStatus().getMessage());
throw new EntitlementException(match.getStatus().getMessage());
}
// if we matched, we keep track of the matching policy...
if (result == MatchResult.MATCH) {
// ...first checking if this is the first match and if
// we automatically nest policies
if (log.isDebugEnabled()) {
log.debug("Matching XACML policy found " + policy.getId().toString());
}
if ((combiningAlg == null) && (list.size() > 0)) {
log.error("Too many applicable top-level policies");
throw new EntitlementException("Too many applicable top-level policies");
}
list.add(policy);
}
}
// no errors happened during the search, so now take the right
// action based on how many policies we found
switch (list.size()) {
case 0:
if (log.isDebugEnabled()) {
log.debug("No matching XACML policy found");
}
return null;
case 1:
return ((AbstractPolicy) (list.get(0)));
default:
return new PolicySet(parentId, combiningAlg, null, list);
}
}
Example #18
| Source File: DefaultPolicyCollection.java From carbon-identity with Apache License 2.0 | 4 votes |
|
/**
* Attempts to retrieve a policy based on the given context. If multiple policies match then
* this will either throw an exception or wrap the policies under a new PolicySet (depending on
* how this instance was constructed). If no policies match, then this will return null. See the
* comment in the class header about how this behaves when multiple versions of the same policy
* exist.
*
* @param context
* @return
* @throws EntitlementException
*/
public AbstractPolicy getEffectivePolicy(EvaluationCtx context) throws EntitlementException {
// setup a list of matching policies
ArrayList<AbstractPolicy> list = new ArrayList<AbstractPolicy>();
// get an iterator over all the identifiers
Iterator<TreeSet<AbstractPolicy>> it = policies.values().iterator();
while (it.hasNext()) {
// for each identifier, get only the most recent policy
AbstractPolicy policy = it.next().first();
// see if we match
MatchResult match = policy.match(context);
int result = match.getResult();
// if there was an error, we stop right away
if (result == MatchResult.INDETERMINATE) {
log.error(match.getStatus().getMessage());
throw new EntitlementException(match.getStatus().getMessage());
}
// if we matched, we keep track of the matching policy...
if (result == MatchResult.MATCH) {
// ...first checking if this is the first match and if
// we automatically nest policies
if (log.isDebugEnabled()) {
log.debug("Matching XACML policy found " + policy.getId().toString());
}
if ((combiningAlg == null) && (list.size() > 0)) {
ArrayList<String> code = new ArrayList<String>();
code.add(Status.STATUS_PROCESSING_ERROR);
Status status = new Status(code, "too many applicable top-level policies");
//throw new EntitlementException(status); // TODO
}
list.add(policy);
}
}
// no errors happened during the search, so now take the right
// action based on how many policies we found
switch (list.size()) {
case 0:
if (log.isDebugEnabled()) {
log.debug("No matching XACML policy found");
}
return null;
case 1:
return ((AbstractPolicy) (list.get(0)));
default:
return new PolicySet(parentId, combiningAlg, null, list);
}
}
Example #19
| Source File: DefaultPolicyCollection.java From carbon-identity-framework with Apache License 2.0 | 4 votes |
|
/**
* Attempts to retrieve a policy based on the given context. If multiple policies match then
* this will either throw an exception or wrap the policies under a new PolicySet (depending on
* how this instance was constructed). If no policies match, then this will return null. See the
* comment in the class header about how this behaves when multiple versions of the same policy
* exist.
*
* @param context
* @return
* @throws EntitlementException
*/
public AbstractPolicy getEffectivePolicy(EvaluationCtx context) throws EntitlementException {
// setup a list of matching policies
ArrayList<AbstractPolicy> list = new ArrayList<AbstractPolicy>();
// get an iterator over all the identifiers
Iterator<TreeSet<AbstractPolicy>> it = policies.values().iterator();
while (it.hasNext()) {
// for each identifier, get only the most recent policy
AbstractPolicy policy = it.next().first();
// see if we match
MatchResult match = policy.match(context);
int result = match.getResult();
// if there was an error, we stop right away
if (result == MatchResult.INDETERMINATE) {
log.error(match.getStatus().getMessage());
throw new EntitlementException(match.getStatus().getMessage());
}
// if we matched, we keep track of the matching policy...
if (result == MatchResult.MATCH) {
// ...first checking if this is the first match and if
// we automatically nest policies
if (log.isDebugEnabled()) {
log.debug("Matching XACML policy found " + policy.getId().toString());
}
if ((combiningAlg == null) && (list.size() > 0)) {
ArrayList<String> code = new ArrayList<String>();
code.add(Status.STATUS_PROCESSING_ERROR);
Status status = new Status(code, "too many applicable top-level policies");
//throw new EntitlementException(status); // TODO
}
list.add(policy);
}
}
// no errors happened during the search, so now take the right
// action based on how many policies we found
switch (list.size()) {
case 0:
if (log.isDebugEnabled()) {
log.debug("No matching XACML policy found");
}
return null;
case 1:
return ((AbstractPolicy) (list.get(0)));
default:
return new PolicySet(parentId, combiningAlg, null, list);
}
}
Example #20
| Source File: SimplePolicyCollection.java From carbon-identity-framework with Apache License 2.0 | 4 votes |
|
@Override
public AbstractPolicy getEffectivePolicy(EvaluationCtx context) throws EntitlementException {
// setup a list of matching policies
ArrayList<AbstractPolicy> list = new ArrayList<AbstractPolicy>();
for (Map.Entry<URI, AbstractPolicy> entry : policyCollection.entrySet()) {
AbstractPolicy policy = entry.getValue();
// see if we match
MatchResult match = policy.match(context);
int result = match.getResult();
// if there was an error, we stop right away
if (result == MatchResult.INDETERMINATE) {
log.error(match.getStatus().getMessage());
throw new EntitlementException(match.getStatus().getMessage());
}
// if we matched, we keep track of the matching policy...
if (result == MatchResult.MATCH) {
// ...first checking if this is the first match and if
// we automatically nest policies
if (log.isDebugEnabled()) {
log.debug("Matching XACML policy found " + policy.getId().toString());
}
if ((combiningAlg == null) && (list.size() > 0)) {
log.error("Too many applicable top-level policies");
throw new EntitlementException("Too many applicable top-level policies");
}
list.add(policy);
}
}
// no errors happened during the search, so now take the right
// action based on how many policies we found
switch (list.size()) {
case 0:
if (log.isDebugEnabled()) {
log.debug("No matching XACML policy found");
}
return null;
case 1:
return ((AbstractPolicy) (list.get(0)));
default:
return new PolicySet(parentId, combiningAlg, null, list);
}
}
Example #21
| Source File: FileBasedPolicyFinderModule.java From balana with Apache License 2.0 | 4 votes |
|
@Override
public PolicyFinderResult findPolicy(EvaluationCtx context) {
ArrayList<AbstractPolicy> selectedPolicies = new ArrayList<AbstractPolicy>();
Set<Map.Entry<URI, AbstractPolicy>> entrySet = policies.entrySet();
// iterate through all the policies we currently have loaded
for (Map.Entry<URI, AbstractPolicy> entry : entrySet) {
AbstractPolicy policy = entry.getValue();
MatchResult match = policy.match(context);
int result = match.getResult();
// if target matching was indeterminate, then return the error
if (result == MatchResult.INDETERMINATE)
return new PolicyFinderResult(match.getStatus());
// see if the target matched
if (result == MatchResult.MATCH) {
if ((combiningAlg == null) && (selectedPolicies.size() > 0)) {
// we found a match before, so this is an error
ArrayList<String> code = new ArrayList<String>();
code.add(Status.STATUS_PROCESSING_ERROR);
Status status = new Status(code, "too many applicable "
+ "top-level policies");
return new PolicyFinderResult(status);
}
// this is the first match we've found, so remember it
selectedPolicies.add(policy);
}
}
// no errors happened during the search, so now take the right
// action based on how many policies we found
switch (selectedPolicies.size()) {
case 0:
if (log.isDebugEnabled()) {
log.debug("No matching XACML policy found");
}
return new PolicyFinderResult();
case 1:
return new PolicyFinderResult((selectedPolicies.get(0)));
default:
return new PolicyFinderResult(new PolicySet(null, combiningAlg, null, selectedPolicies));
}
}
