org.wso2.balana.finder.PolicyFinderResult Java Examples
The following examples show how to use
org.wso2.balana.finder.PolicyFinderResult.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: PolicyReference.java From balana with Apache License 2.0 | 6 votes |
|
/**
* Private helper method that tried to resolve the policy
*/
private AbstractPolicy resolvePolicy() {
// see if this reference was setup with a finder
if (finder == null) {
if (logger.isWarnEnabled()) {
logger.warn("PolicyReference with id " + reference.toString()
+ " was queried but was " + "not configured with a PolicyFinder");
}
throw new ProcessingException("couldn't find the policy with " + "a null finder");
}
PolicyFinderResult pfr = finder.findPolicy(reference, policyType, constraints,
parentMetaData);
if (pfr.notApplicable())
throw new ProcessingException("couldn't resolve the policy");
if (pfr.indeterminate())
throw new ProcessingException("error resolving the policy");
return pfr.getPolicy();
}
Example #2
| Source File: PolicyReference.java From balana with Apache License 2.0 | 6 votes |
|
/**
* Tries to evaluate the policy by calling the combining algorithm on the given policies or
* rules. The <code>match</code> method must always be called first, and must always return
* MATCH, before this method is called.
*
* @param context the representation of the request
*
* @return the result of evaluation
*/
public AbstractResult evaluate(EvaluationCtx context) {
// if there is no finder, then we return NotApplicable
if (finder == null){
//return new Result(Result.DECISION_NOT_APPLICABLE, context.getResourceId().encode());
return ResultFactory.getFactory().getResult(Result.DECISION_NOT_APPLICABLE, context);
}
PolicyFinderResult pfr = finder.findPolicy(reference, policyType, constraints,
parentMetaData);
// if we found nothing, then we return NotApplicable
if (pfr.notApplicable()){
//return new Result(Result.DECISION_NOT_APPLICABLE, context.getResourceId().encode());
return ResultFactory.getFactory().getResult(Result.DECISION_NOT_APPLICABLE, context);
}
// if there was an error, we return that status data
if (pfr.indeterminate()){
// return new Result(Result.DECISION_INDETERMINATE, pfr.getStatus(), context
// .getResourceId().encode());
return ResultFactory.getFactory().getResult(Result.DECISION_INDETERMINATE, pfr.getStatus(), context);
}
// we must have found a policy
return pfr.getPolicy().evaluate(context);
}
Example #3
| Source File: FileBasedPolicyFinderModule.java From balana with Apache License 2.0 | 6 votes |
|
@Override
public PolicyFinderResult findPolicy(URI idReference, int type, VersionConstraints constraints,
PolicyMetaData parentMetaData) {
AbstractPolicy policy = policies.get(idReference);
if (policy != null) {
if (type == PolicyReference.POLICY_REFERENCE) {
if (policy instanceof Policy) {
return new PolicyFinderResult(policy);
}
} else {
if (policy instanceof PolicySet) {
return new PolicyFinderResult(policy);
}
}
}
// if there was an error loading the policy, return the error
ArrayList<String> code = new ArrayList<String>();
code.add(Status.STATUS_PROCESSING_ERROR);
Status status = new Status(code,
"couldn't load referenced policy");
return new PolicyFinderResult(status);
}
Example #4
| Source File: PAPPolicyFinder.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
public PolicyFinderResult findPolicy(URI idReference, int type, VersionConstraints constraints,
PolicyMetaData parentMetaData) {
// clear all current policies
policies.getPolicies().clear();
AbstractPolicy policy = null;
try {
AbstractPolicy policyFromStore = policyReader.readPolicy(idReference.toString(),
this.policyFinder);
if (policyFromStore != null) {
if (type == PolicyReference.POLICY_REFERENCE) {
if (policyFromStore instanceof Policy) {
policy = policyFromStore;
policies.addPolicy(policy);
}
} else {
if (policyFromStore instanceof PolicySet) {
policy = policyFromStore;
policies.addPolicy(policy);
}
}
}
} catch (EntitlementException e) {
// ignore and just log the error.
log.error(e);
}
if (policy == null) {
return new PolicyFinderResult();
} else {
return new PolicyFinderResult(policy);
}
}
Example #5
| Source File: CarbonPolicyFinder.java From carbon-identity-framework with Apache License 2.0 | 5 votes |
|
@Override
public PolicyFinderResult findPolicy(URI idReference, int type, VersionConstraints constraints,
PolicyMetaData parentMetaData) {
AbstractPolicy policy = policyReferenceCache.get(idReference);
if (policy == null) {
if (this.finderModules != null) {
for (PolicyFinderModule finderModule : this.finderModules) {
String policyString = finderModule.getReferencedPolicy(idReference.toString());
if (policyString != null) {
policy = policyReader.getPolicy(policyString);
if (policy != null) {
policyReferenceCache.put(idReference, policy);
break;
}
}
}
}
}
if (policy != null) {
// we found a valid version, so see if it's the right kind,
// and if it is then we return it
if (type == PolicyReference.POLICY_REFERENCE) {
if (policy instanceof Policy) {
return new PolicyFinderResult(policy);
}
} else {
if (policy instanceof PolicySet) {
return new PolicyFinderResult(policy);
}
}
}
return new PolicyFinderResult();
}
Example #6
| Source File: PAPPolicyFinder.java From carbon-identity with Apache License 2.0 | 5 votes |
|
public PolicyFinderResult findPolicy(URI idReference, int type, VersionConstraints constraints,
PolicyMetaData parentMetaData) {
// clear all current policies
policies.getPolicies().clear();
AbstractPolicy policy = null;
try {
AbstractPolicy policyFromStore = policyReader.readPolicy(idReference.toString(),
this.policyFinder);
if (policyFromStore != null) {
if (type == PolicyReference.POLICY_REFERENCE) {
if (policyFromStore instanceof Policy) {
policy = policyFromStore;
policies.addPolicy(policy);
}
} else {
if (policyFromStore instanceof PolicySet) {
policy = policyFromStore;
policies.addPolicy(policy);
}
}
}
} catch (EntitlementException e) {
// ignore and just log the error.
log.error(e);
}
if (policy == null) {
return new PolicyFinderResult();
} else {
return new PolicyFinderResult(policy);
}
}
Example #7
| Source File: CarbonPolicyFinder.java From carbon-identity with Apache License 2.0 | 5 votes |
|
@Override
public PolicyFinderResult findPolicy(URI idReference, int type, VersionConstraints constraints,
PolicyMetaData parentMetaData) {
AbstractPolicy policy = policyReferenceCache.get(idReference);
if (policy == null) {
if (this.finderModules != null) {
for (PolicyFinderModule finderModule : this.finderModules) {
String policyString = finderModule.getReferencedPolicy(idReference.toString());
if (policyString != null) {
policy = policyReader.getPolicy(policyString);
if (policy != null) {
policyReferenceCache.put(idReference, policy);
break;
}
}
}
}
}
if (policy != null) {
// we found a valid version, so see if it's the right kind,
// and if it is then we return it
if (type == PolicyReference.POLICY_REFERENCE) {
if (policy instanceof Policy) {
return new PolicyFinderResult(policy);
}
} else {
if (policy instanceof PolicySet) {
return new PolicyFinderResult(policy);
}
}
}
return new PolicyFinderResult();
}
Example #8
| Source File: PDP.java From balana with Apache License 2.0 | 5 votes |
|
/**
* A private helper routine that resolves a policy for the given context, and then tries to
* evaluate based on the policy
*
* @param context context
* @return a response
*/
private AbstractResult evaluateContext(EvaluationCtx context) {
// first off, try to find a policy
PolicyFinderResult finderResult = policyFinder.findPolicy(context);
// see if there weren't any applicable policies
if (finderResult.notApplicable()) {
return ResultFactory.getFactory().getResult(AbstractResult.DECISION_NOT_APPLICABLE, context);
}
// see if there were any errors in trying to get a policy
if (finderResult.indeterminate()) {
return ResultFactory.getFactory().getResult(AbstractResult.DECISION_INDETERMINATE,
finderResult.getStatus(), context);
}
// we found a valid policy,
// list all found policies if XACML 3.0
if (context instanceof XACML3EvaluationCtx && ((RequestCtx) context.getRequestCtx()).
isReturnPolicyIdList()) {
Set<PolicyReference> references = new HashSet<PolicyReference>();
processPolicyReferences(finderResult.getPolicy(), references);
((XACML3EvaluationCtx) context).setPolicyReferences(references);
}
// so we can do the evaluation
return finderResult.getPolicy().evaluate(context);
}
Example #9
| Source File: FileBasedPolicyFinderModule.java From balana with Apache License 2.0 | 4 votes |
|
@Override
public PolicyFinderResult findPolicy(EvaluationCtx context) {
ArrayList<AbstractPolicy> selectedPolicies = new ArrayList<AbstractPolicy>();
Set<Map.Entry<URI, AbstractPolicy>> entrySet = policies.entrySet();
// iterate through all the policies we currently have loaded
for (Map.Entry<URI, AbstractPolicy> entry : entrySet) {
AbstractPolicy policy = entry.getValue();
MatchResult match = policy.match(context);
int result = match.getResult();
// if target matching was indeterminate, then return the error
if (result == MatchResult.INDETERMINATE)
return new PolicyFinderResult(match.getStatus());
// see if the target matched
if (result == MatchResult.MATCH) {
if ((combiningAlg == null) && (selectedPolicies.size() > 0)) {
// we found a match before, so this is an error
ArrayList<String> code = new ArrayList<String>();
code.add(Status.STATUS_PROCESSING_ERROR);
Status status = new Status(code, "too many applicable "
+ "top-level policies");
return new PolicyFinderResult(status);
}
// this is the first match we've found, so remember it
selectedPolicies.add(policy);
}
}
// no errors happened during the search, so now take the right
// action based on how many policies we found
switch (selectedPolicies.size()) {
case 0:
if (log.isDebugEnabled()) {
log.debug("No matching XACML policy found");
}
return new PolicyFinderResult();
case 1:
return new PolicyFinderResult((selectedPolicies.get(0)));
default:
return new PolicyFinderResult(new PolicySet(null, combiningAlg, null, selectedPolicies));
}
}
