use of org.ow2.authzforce.core.pdp.api.expression.BasicImmutableXPathCompilerProxy in project core by authzforce.
the class BaseXacmlJsonRequestPreprocessor method process.
@Override
public final List<IndividualXacmlJsonRequest> process(final JSONObject request, final Map<String, String> namespaceURIsByPrefix) throws IndeterminateEvaluationException {
if (request == null) {
throw NULL_REQUEST_ARGUMENT_EXCEPTION;
}
try {
XacmlJsonUtils.REQUEST_SCHEMA.validate(request);
} catch (final ValidationException e) {
LOGGER.debug(e.toJSON().toString(4));
throw new IndeterminateEvaluationException(INVALID_REQ_ERR_STATUS, e);
}
final JSONObject requestJsonObj = request.optJSONObject("Request");
if (requestJsonObj == null) {
throw MISSING_REQUEST_OBJECT_EXCEPTION;
}
/*
* No support for MultiRequests (§2.4 of Multiple Decision Profile).
*/
if (requestJsonObj.has("MultiRequests")) {
/*
* According to 7.19.1 Unsupported functionality, return Indeterminate with syntax-error code for unsupported element
*/
throw UNSUPPORTED_MULTI_REQUESTS_EXCEPTION;
}
/*
* No support for CombinedDecision = true if result processor does not support it. (The use of the CombinedDecision attribute is specified in Multiple Decision Profile.)
*/
final boolean combinedDecisionRequested;
if (requestJsonObj.optBoolean("CombinedDecision", false)) {
if (!this.isCombinedDecisionSupported) {
/*
* According to XACML core spec, 5.42, <i>If the PDP does not implement the relevant functionality in [Multiple Decision Profile], then the PDP must return an Indeterminate with a status
* code of urn:oasis:names:tc:xacml:1.0:status:processing-error if it receives a request with this attribute set to "true".</i>
*/
throw UNSUPPORTED_COMBINED_DECISION_EXCEPTION;
}
combinedDecisionRequested = true;
} else {
combinedDecisionRequested = false;
}
final boolean returnPolicyIdList = requestJsonObj.optBoolean("ReturnPolicyIdList", false);
final Map<String, String> newNsPrefixToUriMap;
final Optional<XPathCompilerProxy> xPathCompiler;
if (requestJsonObj.has("XPathVersion")) {
try {
final XPathVersion xPathVersion = XPathVersion.fromURI(requestJsonObj.getString("XPathVersion"));
xPathCompiler = Optional.of(new BasicImmutableXPathCompilerProxy(xPathVersion, namespaceURIsByPrefix));
/*
namespaceURIsByPrefix already held by xPathCompiler and retrievable from it with getDeclaredNamespacePrefixToUriMap().
*/
newNsPrefixToUriMap = Map.of();
} catch (IllegalArgumentException e) {
throw new IllegalArgumentException("Invalid/unsupported XPathVersion in JSON Request/XPathVersion", e);
}
} else {
xPathCompiler = Optional.empty();
newNsPrefixToUriMap = namespaceURIsByPrefix;
}
final SingleCategoryXacmlAttributesParser<JSONObject> xacmlAttrsParser = xacmlAttrsParserFactory.getInstance();
return process(requestJsonObj.optJSONArray("Category"), xacmlAttrsParser, returnPolicyIdList, combinedDecisionRequested, xPathCompiler, newNsPrefixToUriMap);
}
use of org.ow2.authzforce.core.pdp.api.expression.BasicImmutableXPathCompilerProxy in project core-pdp-api by authzforce.
the class BaseXacmlJaxbRequestPreprocessor method process.
@Override
public final List<IndividualXacmlJaxbRequest> process(final Request jaxbRequest, final Map<String, String> namespaceURIsByPrefix) throws IndeterminateEvaluationException {
if (jaxbRequest == null) {
throw NULL_REQUEST_EXCEPTION;
}
/*
* No support for MultiRequests (§2.4 of Multiple Decision Profile).
*/
if (jaxbRequest.getMultiRequests() != null) {
/*
* According to 7.19.1 Unsupported functionality, return Indeterminate with syntax-error code for unsupported element
*/
throw UNSUPPORTED_MULTI_REQUESTS_EXCEPTION;
}
/*
* No support for CombinedDecision = true if no decisionCombiner defined. (The use of the CombinedDecision attribute is specified in Multiple Decision Profile.)
*/
if (jaxbRequest.isCombinedDecision() && !this.isCombinedDecisionSupported) {
/*
* According to XACML core spec, 5.42, <i>If the PDP does not implement the relevant functionality in [Multiple Decision Profile], then the PDP must return an Indeterminate with a status
* code of urn:oasis:names:tc:xacml:1.0:status:processing-error if it receives a request with this attribute set to "true"</i>.
*/
throw UNSUPPORTED_COMBINED_DECISION_EXCEPTION;
}
final RequestDefaults jaxbReqDefaults = jaxbRequest.getRequestDefaults();
final Optional<XPathCompilerProxy> xPathCompiler;
final Map<String, String> newNsPrefixToUriMap;
if (jaxbReqDefaults == null) {
xPathCompiler = Optional.empty();
newNsPrefixToUriMap = namespaceURIsByPrefix;
} else {
try {
final XPathVersion xPathVersion = XPathVersion.fromURI(jaxbReqDefaults.getXPathVersion());
xPathCompiler = Optional.of(new BasicImmutableXPathCompilerProxy(xPathVersion, namespaceURIsByPrefix));
/*
namespaceURIsByPrefix already held by xPathCompiler and retrievable from it with getDeclaredNamespacePrefixToUriMap().
*/
newNsPrefixToUriMap = Map.of();
} catch (IllegalArgumentException e) {
throw new IllegalArgumentException("Invalid/unsupported XPathVersion in Request/RequestDefaults", e);
}
}
final SingleCategoryXacmlAttributesParser<Attributes> xacmlAttrsParser = xacmlAttrsParserFactory.getInstance();
return process(jaxbRequest.getAttributes(), xacmlAttrsParser, jaxbRequest.isReturnPolicyIdList(), jaxbRequest.isCombinedDecision(), xPathCompiler, newNsPrefixToUriMap);
}
Aggregations