org.wso2.balana.finder.PolicyFinderResult Java Examples

The following examples show how to use org.wso2.balana.finder.PolicyFinderResult. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: PolicyReference.java    From balana with Apache License 2.0 6 votes vote down vote up
/**
 * Private helper method that tried to resolve the policy
 */
private AbstractPolicy resolvePolicy() {
    // see if this reference was setup with a finder
    if (finder == null) {
        if (logger.isWarnEnabled()) {
            logger.warn("PolicyReference with id " + reference.toString()
                    + " was queried but was " + "not configured with a PolicyFinder");
        }

        throw new ProcessingException("couldn't find the policy with " + "a null finder");
    }

    PolicyFinderResult pfr = finder.findPolicy(reference, policyType, constraints,
            parentMetaData);

    if (pfr.notApplicable())
        throw new ProcessingException("couldn't resolve the policy");

    if (pfr.indeterminate())
        throw new ProcessingException("error resolving the policy");

    return pfr.getPolicy();
}
 
Example #2
Source File: PolicyReference.java    From balana with Apache License 2.0 6 votes vote down vote up
/**
     * Tries to evaluate the policy by calling the combining algorithm on the given policies or
     * rules. The <code>match</code> method must always be called first, and must always return
     * MATCH, before this method is called.
     * 
     * @param context the representation of the request
     * 
     * @return the result of evaluation
     */
    public AbstractResult evaluate(EvaluationCtx context) {
        // if there is no finder, then we return NotApplicable
        if (finder == null){
            //return new Result(Result.DECISION_NOT_APPLICABLE, context.getResourceId().encode());
            return ResultFactory.getFactory().getResult(Result.DECISION_NOT_APPLICABLE, context);
        }

        PolicyFinderResult pfr = finder.findPolicy(reference, policyType, constraints,
                parentMetaData);

        // if we found nothing, then we return NotApplicable
        if (pfr.notApplicable()){
            //return new Result(Result.DECISION_NOT_APPLICABLE, context.getResourceId().encode());
            return ResultFactory.getFactory().getResult(Result.DECISION_NOT_APPLICABLE, context);
        }
        // if there was an error, we return that status data
        if (pfr.indeterminate()){
//            return new Result(Result.DECISION_INDETERMINATE, pfr.getStatus(), context
//                    .getResourceId().encode());
            return ResultFactory.getFactory().getResult(Result.DECISION_INDETERMINATE, pfr.getStatus(), context);
        }
        // we must have found a policy
        return pfr.getPolicy().evaluate(context);
    }
 
Example #3
Source File: FileBasedPolicyFinderModule.java    From balana with Apache License 2.0 6 votes vote down vote up
@Override
public PolicyFinderResult findPolicy(URI idReference, int type, VersionConstraints constraints,
                                     PolicyMetaData parentMetaData) {

    AbstractPolicy policy = policies.get(idReference);
    if (policy != null) {
        if (type == PolicyReference.POLICY_REFERENCE) {
            if (policy instanceof Policy) {
                return new PolicyFinderResult(policy);
            }
        } else {
            if (policy instanceof PolicySet) {
                return new PolicyFinderResult(policy);
            }
        }
    }

    // if there was an error loading the policy, return the error
    ArrayList<String> code = new ArrayList<String>();
    code.add(Status.STATUS_PROCESSING_ERROR);
    Status status = new Status(code,
            "couldn't load referenced policy");
    return new PolicyFinderResult(status);
}
 
Example #4
Source File: PAPPolicyFinder.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
public PolicyFinderResult findPolicy(URI idReference, int type, VersionConstraints constraints,
                                     PolicyMetaData parentMetaData) {

    // clear all current policies
    policies.getPolicies().clear();

    AbstractPolicy policy = null;

    try {
        AbstractPolicy policyFromStore = policyReader.readPolicy(idReference.toString(),
                this.policyFinder);

        if (policyFromStore != null) {
            if (type == PolicyReference.POLICY_REFERENCE) {
                if (policyFromStore instanceof Policy) {
                    policy = policyFromStore;
                    policies.addPolicy(policy);
                }
            } else {
                if (policyFromStore instanceof PolicySet) {
                    policy = policyFromStore;
                    policies.addPolicy(policy);
                }
            }
        }
    } catch (EntitlementException e) {
        // ignore and just log the error.
        log.error(e);
    }

    if (policy == null) {
        return new PolicyFinderResult();
    } else {
        return new PolicyFinderResult(policy);
    }
}
 
Example #5
Source File: CarbonPolicyFinder.java    From carbon-identity-framework with Apache License 2.0 5 votes vote down vote up
@Override
public PolicyFinderResult findPolicy(URI idReference, int type, VersionConstraints constraints,
                                     PolicyMetaData parentMetaData) {

    AbstractPolicy policy = policyReferenceCache.get(idReference);

    if (policy == null) {
        if (this.finderModules != null) {
            for (PolicyFinderModule finderModule : this.finderModules) {
                String policyString = finderModule.getReferencedPolicy(idReference.toString());
                if (policyString != null) {
                    policy = policyReader.getPolicy(policyString);
                    if (policy != null) {
                        policyReferenceCache.put(idReference, policy);
                        break;
                    }
                }
            }
        }
    }

    if (policy != null) {
        // we found a valid version, so see if it's the right kind,
        // and if it is then we return it
        if (type == PolicyReference.POLICY_REFERENCE) {
            if (policy instanceof Policy) {
                return new PolicyFinderResult(policy);
            }
        } else {
            if (policy instanceof PolicySet) {
                return new PolicyFinderResult(policy);
            }
        }
    }

    return new PolicyFinderResult();
}
 
Example #6
Source File: PAPPolicyFinder.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
public PolicyFinderResult findPolicy(URI idReference, int type, VersionConstraints constraints,
                                     PolicyMetaData parentMetaData) {

    // clear all current policies
    policies.getPolicies().clear();

    AbstractPolicy policy = null;

    try {
        AbstractPolicy policyFromStore = policyReader.readPolicy(idReference.toString(),
                this.policyFinder);

        if (policyFromStore != null) {
            if (type == PolicyReference.POLICY_REFERENCE) {
                if (policyFromStore instanceof Policy) {
                    policy = policyFromStore;
                    policies.addPolicy(policy);
                }
            } else {
                if (policyFromStore instanceof PolicySet) {
                    policy = policyFromStore;
                    policies.addPolicy(policy);
                }
            }
        }
    } catch (EntitlementException e) {
        // ignore and just log the error.
        log.error(e);
    }

    if (policy == null) {
        return new PolicyFinderResult();
    } else {
        return new PolicyFinderResult(policy);
    }
}
 
Example #7
Source File: CarbonPolicyFinder.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
@Override
public PolicyFinderResult findPolicy(URI idReference, int type, VersionConstraints constraints,
                                     PolicyMetaData parentMetaData) {

    AbstractPolicy policy = policyReferenceCache.get(idReference);

    if (policy == null) {
        if (this.finderModules != null) {
            for (PolicyFinderModule finderModule : this.finderModules) {
                String policyString = finderModule.getReferencedPolicy(idReference.toString());
                if (policyString != null) {
                    policy = policyReader.getPolicy(policyString);
                    if (policy != null) {
                        policyReferenceCache.put(idReference, policy);
                        break;
                    }
                }
            }
        }
    }

    if (policy != null) {
        // we found a valid version, so see if it's the right kind,
        // and if it is then we return it
        if (type == PolicyReference.POLICY_REFERENCE) {
            if (policy instanceof Policy) {
                return new PolicyFinderResult(policy);
            }
        } else {
            if (policy instanceof PolicySet) {
                return new PolicyFinderResult(policy);
            }
        }
    }

    return new PolicyFinderResult();
}
 
Example #8
Source File: PDP.java    From balana with Apache License 2.0 5 votes vote down vote up
/**
 * A private helper routine that resolves a policy for the given context, and then tries to
 * evaluate based on the policy
 *
 * @param context context
 * @return a response
 */
private AbstractResult evaluateContext(EvaluationCtx context) {
    // first off, try to find a policy
    PolicyFinderResult finderResult = policyFinder.findPolicy(context);

    // see if there weren't any applicable policies
    if (finderResult.notApplicable()) {
        return ResultFactory.getFactory().getResult(AbstractResult.DECISION_NOT_APPLICABLE, context);
    }
    // see if there were any errors in trying to get a policy
    if (finderResult.indeterminate()) {
        return ResultFactory.getFactory().getResult(AbstractResult.DECISION_INDETERMINATE,
                finderResult.getStatus(), context);
    }

    // we found a valid policy,

    // list all found policies if XACML 3.0
    if (context instanceof XACML3EvaluationCtx && ((RequestCtx) context.getRequestCtx()).
            isReturnPolicyIdList()) {
        Set<PolicyReference> references = new HashSet<PolicyReference>();
        processPolicyReferences(finderResult.getPolicy(), references);
        ((XACML3EvaluationCtx) context).setPolicyReferences(references);
    }

    // so we can do the evaluation
    return finderResult.getPolicy().evaluate(context);
}
 
Example #9
Source File: FileBasedPolicyFinderModule.java    From balana with Apache License 2.0 4 votes vote down vote up
@Override
public PolicyFinderResult findPolicy(EvaluationCtx context) {

    ArrayList<AbstractPolicy> selectedPolicies = new ArrayList<AbstractPolicy>();
    Set<Map.Entry<URI, AbstractPolicy>> entrySet = policies.entrySet();

    // iterate through all the policies we currently have loaded
    for (Map.Entry<URI, AbstractPolicy> entry : entrySet) {

        AbstractPolicy policy = entry.getValue();
        MatchResult match = policy.match(context);
        int result = match.getResult();

        // if target matching was indeterminate, then return the error
        if (result == MatchResult.INDETERMINATE)
            return new PolicyFinderResult(match.getStatus());

        // see if the target matched
        if (result == MatchResult.MATCH) {

            if ((combiningAlg == null) && (selectedPolicies.size() > 0)) {
                // we found a match before, so this is an error
                ArrayList<String> code = new ArrayList<String>();
                code.add(Status.STATUS_PROCESSING_ERROR);
                Status status = new Status(code, "too many applicable "
                        + "top-level policies");
                return new PolicyFinderResult(status);
            }

            // this is the first match we've found, so remember it
            selectedPolicies.add(policy);
        }
    }

    // no errors happened during the search, so now take the right
    // action based on how many policies we found
    switch (selectedPolicies.size()) {
        case 0:
            if (log.isDebugEnabled()) {
                log.debug("No matching XACML policy found");
            }
            return new PolicyFinderResult();
        case 1:
            return new PolicyFinderResult((selectedPolicies.get(0)));
        default:
            return new PolicyFinderResult(new PolicySet(null, combiningAlg, null, selectedPolicies));
    }
}