Search in sources :

Example 1 with BasicImmutableXPathCompilerProxy

use of org.ow2.authzforce.core.pdp.api.expression.BasicImmutableXPathCompilerProxy in project core by authzforce.

the class BaseXacmlJsonRequestPreprocessor method process.

@Override
public final List<IndividualXacmlJsonRequest> process(final JSONObject request, final Map<String, String> namespaceURIsByPrefix) throws IndeterminateEvaluationException {
    if (request == null) {
        throw NULL_REQUEST_ARGUMENT_EXCEPTION;
    }
    try {
        XacmlJsonUtils.REQUEST_SCHEMA.validate(request);
    } catch (final ValidationException e) {
        LOGGER.debug(e.toJSON().toString(4));
        throw new IndeterminateEvaluationException(INVALID_REQ_ERR_STATUS, e);
    }
    final JSONObject requestJsonObj = request.optJSONObject("Request");
    if (requestJsonObj == null) {
        throw MISSING_REQUEST_OBJECT_EXCEPTION;
    }
    /*
		 * No support for MultiRequests (§2.4 of Multiple Decision Profile).
		 */
    if (requestJsonObj.has("MultiRequests")) {
        /*
			 * According to 7.19.1 Unsupported functionality, return Indeterminate with syntax-error code for unsupported element
			 */
        throw UNSUPPORTED_MULTI_REQUESTS_EXCEPTION;
    }
    /*
		 * No support for CombinedDecision = true if result processor does not support it. (The use of the CombinedDecision attribute is specified in Multiple Decision Profile.)
		 */
    final boolean combinedDecisionRequested;
    if (requestJsonObj.optBoolean("CombinedDecision", false)) {
        if (!this.isCombinedDecisionSupported) {
            /*
				 * According to XACML core spec, 5.42, <i>If the PDP does not implement the relevant functionality in [Multiple Decision Profile], then the PDP must return an Indeterminate with a status
				 * code of urn:oasis:names:tc:xacml:1.0:status:processing-error if it receives a request with this attribute set to "true".</i>
				 */
            throw UNSUPPORTED_COMBINED_DECISION_EXCEPTION;
        }
        combinedDecisionRequested = true;
    } else {
        combinedDecisionRequested = false;
    }
    final boolean returnPolicyIdList = requestJsonObj.optBoolean("ReturnPolicyIdList", false);
    final Map<String, String> newNsPrefixToUriMap;
    final Optional<XPathCompilerProxy> xPathCompiler;
    if (requestJsonObj.has("XPathVersion")) {
        try {
            final XPathVersion xPathVersion = XPathVersion.fromURI(requestJsonObj.getString("XPathVersion"));
            xPathCompiler = Optional.of(new BasicImmutableXPathCompilerProxy(xPathVersion, namespaceURIsByPrefix));
            /*
				namespaceURIsByPrefix already held by xPathCompiler and retrievable from it with getDeclaredNamespacePrefixToUriMap().
				 */
            newNsPrefixToUriMap = Map.of();
        } catch (IllegalArgumentException e) {
            throw new IllegalArgumentException("Invalid/unsupported XPathVersion in JSON Request/XPathVersion", e);
        }
    } else {
        xPathCompiler = Optional.empty();
        newNsPrefixToUriMap = namespaceURIsByPrefix;
    }
    final SingleCategoryXacmlAttributesParser<JSONObject> xacmlAttrsParser = xacmlAttrsParserFactory.getInstance();
    return process(requestJsonObj.optJSONArray("Category"), xacmlAttrsParser, returnPolicyIdList, combinedDecisionRequested, xPathCompiler, newNsPrefixToUriMap);
}
Also used : ValidationException(org.everit.json.schema.ValidationException) JSONObject(org.json.JSONObject) BasicImmutableXPathCompilerProxy(org.ow2.authzforce.core.pdp.api.expression.BasicImmutableXPathCompilerProxy) BasicImmutableXPathCompilerProxy(org.ow2.authzforce.core.pdp.api.expression.BasicImmutableXPathCompilerProxy) XPathCompilerProxy(org.ow2.authzforce.core.pdp.api.expression.XPathCompilerProxy) XPathVersion(org.ow2.authzforce.xacml.identifiers.XPathVersion)

Example 2 with BasicImmutableXPathCompilerProxy

use of org.ow2.authzforce.core.pdp.api.expression.BasicImmutableXPathCompilerProxy in project core-pdp-api by authzforce.

the class BaseXacmlJaxbRequestPreprocessor method process.

@Override
public final List<IndividualXacmlJaxbRequest> process(final Request jaxbRequest, final Map<String, String> namespaceURIsByPrefix) throws IndeterminateEvaluationException {
    if (jaxbRequest == null) {
        throw NULL_REQUEST_EXCEPTION;
    }
    /*
         * No support for MultiRequests (§2.4 of Multiple Decision Profile).
         */
    if (jaxbRequest.getMultiRequests() != null) {
        /*
             * According to 7.19.1 Unsupported functionality, return Indeterminate with syntax-error code for unsupported element
             */
        throw UNSUPPORTED_MULTI_REQUESTS_EXCEPTION;
    }
    /*
         * No support for CombinedDecision = true if no decisionCombiner defined. (The use of the CombinedDecision attribute is specified in Multiple Decision Profile.)
         */
    if (jaxbRequest.isCombinedDecision() && !this.isCombinedDecisionSupported) {
        /*
             * According to XACML core spec, 5.42, <i>If the PDP does not implement the relevant functionality in [Multiple Decision Profile], then the PDP must return an Indeterminate with a status
             * code of urn:oasis:names:tc:xacml:1.0:status:processing-error if it receives a request with this attribute set to "true"</i>.
             */
        throw UNSUPPORTED_COMBINED_DECISION_EXCEPTION;
    }
    final RequestDefaults jaxbReqDefaults = jaxbRequest.getRequestDefaults();
    final Optional<XPathCompilerProxy> xPathCompiler;
    final Map<String, String> newNsPrefixToUriMap;
    if (jaxbReqDefaults == null) {
        xPathCompiler = Optional.empty();
        newNsPrefixToUriMap = namespaceURIsByPrefix;
    } else {
        try {
            final XPathVersion xPathVersion = XPathVersion.fromURI(jaxbReqDefaults.getXPathVersion());
            xPathCompiler = Optional.of(new BasicImmutableXPathCompilerProxy(xPathVersion, namespaceURIsByPrefix));
            /*
				namespaceURIsByPrefix already held by xPathCompiler and retrievable from it with getDeclaredNamespacePrefixToUriMap().
				 */
            newNsPrefixToUriMap = Map.of();
        } catch (IllegalArgumentException e) {
            throw new IllegalArgumentException("Invalid/unsupported XPathVersion in Request/RequestDefaults", e);
        }
    }
    final SingleCategoryXacmlAttributesParser<Attributes> xacmlAttrsParser = xacmlAttrsParserFactory.getInstance();
    return process(jaxbRequest.getAttributes(), xacmlAttrsParser, jaxbRequest.isReturnPolicyIdList(), jaxbRequest.isCombinedDecision(), xPathCompiler, newNsPrefixToUriMap);
}
Also used : BasicImmutableXPathCompilerProxy(org.ow2.authzforce.core.pdp.api.expression.BasicImmutableXPathCompilerProxy) BasicImmutableXPathCompilerProxy(org.ow2.authzforce.core.pdp.api.expression.BasicImmutableXPathCompilerProxy) XPathCompilerProxy(org.ow2.authzforce.core.pdp.api.expression.XPathCompilerProxy) Attributes(oasis.names.tc.xacml._3_0.core.schema.wd_17.Attributes) RequestDefaults(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestDefaults) XPathVersion(org.ow2.authzforce.xacml.identifiers.XPathVersion)

Aggregations

BasicImmutableXPathCompilerProxy (org.ow2.authzforce.core.pdp.api.expression.BasicImmutableXPathCompilerProxy)2 XPathCompilerProxy (org.ow2.authzforce.core.pdp.api.expression.XPathCompilerProxy)2 XPathVersion (org.ow2.authzforce.xacml.identifiers.XPathVersion)2 Attributes (oasis.names.tc.xacml._3_0.core.schema.wd_17.Attributes)1 RequestDefaults (oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestDefaults)1 ValidationException (org.everit.json.schema.ValidationException)1 JSONObject (org.json.JSONObject)1