Example 1 with SingleCategoryAttributes
use of org.ow2.authzforce.core.pdp.api.io.SingleCategoryAttributes in project core by authzforce.
the class SingleDecisionXacmlJsonRequestPreprocessor method process.
@Override
public List<IndividualXacmlJsonRequest> process(final JSONArray jsonArrayOfRequestAttributeCategoryObjects, final SingleCategoryXacmlAttributesParser<JSONObject> xacmlAttrsParser, final boolean isApplicablePolicyIdListReturned, final boolean combinedDecision, final Optional<XPathCompilerProxy> xPathCompiler, final Map<String, String> namespaceURIsByPrefix) throws IndeterminateEvaluationException {
final Map<AttributeFqn, AttributeBag<?>> namedAttributes = HashCollections.newUpdatableMap(jsonArrayOfRequestAttributeCategoryObjects.length());
/*
* TODO: Content object not supported yet (optional in XACML)
*/
final Map<String, XdmNode> extraContentsByCategory = Collections.emptyMap();
/*
* requestAttributeCategoryObjectsIncludedInResult.size() <= jsonArrayOfRequestAttributeCategoryObjects.size()
*/
final List<JSONObject> requestAttributeCategoryObjectsIncludedInResult = new ArrayList<>(jsonArrayOfRequestAttributeCategoryObjects.length());
for (final Object requestAttributeCategoryObject : jsonArrayOfRequestAttributeCategoryObjects) {
if (!(requestAttributeCategoryObject instanceof JSONObject)) {
throw INVALID_REQUEST_CATEGORY_ARRAY_ELEMENT_TYPE_EXCEPTION;
}
final JSONObject requestAttCatJsonObj = (JSONObject) requestAttributeCategoryObject;
final SingleCategoryAttributes<?, JSONObject> categorySpecificAttributes = xacmlAttrsParser.parseAttributes(requestAttCatJsonObj, xPathCompiler);
if (categorySpecificAttributes == null) {
// skip this empty Attributes
continue;
}
/*
* Convert growable (therefore mutable) bag of attribute values to immutable ones. Indeed, we must guarantee that attribute values remain constant during the evaluation of the request, as
* mandated by the XACML spec, section 7.3.5: <p> <i>
* "Regardless of any dynamic modifications of the request context during policy evaluation, the PDP SHALL behave as if each bag of attribute values is fully populated in the context before it is first tested, and is thereafter immutable during evaluation. (That is, every subsequent test of that attribute shall use the same bag of values that was initially tested.)"
* </i></p>
*/
for (final Entry<AttributeFqn, AttributeBag<?>> attrEntry : categorySpecificAttributes) {
namedAttributes.put(attrEntry.getKey(), attrEntry.getValue());
}
final JSONObject catSpecificAttrsToIncludeInResult = categorySpecificAttributes.getAttributesToIncludeInResult();
if (catSpecificAttrsToIncludeInResult != null) {
requestAttributeCategoryObjectsIncludedInResult.add(catSpecificAttrsToIncludeInResult);
}
}
final ImmutableDecisionRequest pdpEngineReq = reqFactory.getInstance(namedAttributes, extraContentsByCategory, isApplicablePolicyIdListReturned);
return Collections.singletonList(new IndividualXacmlJsonRequest(pdpEngineReq, ImmutableList.copyOf(requestAttributeCategoryObjectsIncludedInResult)));
}
Also used :
XdmNode(net.sf.saxon.s9api.XdmNode)
JSONObject(org.json.JSONObject)
JSONObject(org.json.JSONObject)
AttributeBag(org.ow2.authzforce.core.pdp.api.value.AttributeBag)
Example 2 with SingleCategoryAttributes
use of org.ow2.authzforce.core.pdp.api.io.SingleCategoryAttributes in project core by authzforce.
the class SingleDecisionXacmlJaxbRequestPreprocessor method process.
@Override
public List<IndividualXacmlJaxbRequest> process(final List<Attributes> attributesList, final SingleCategoryXacmlAttributesParser<Attributes> xacmlAttrsParser, final boolean isApplicablePolicyIdListReturned, final boolean combinedDecision, final Optional<XPathCompilerProxy> xPathCompiler, final Map<String, String> namespaceURIsByPrefix) throws IndeterminateEvaluationException {
final Map<AttributeFqn, AttributeBag<?>> namedAttributes = HashCollections.newUpdatableMap(attributesList.size());
final Map<String, XdmNode> extraContentsByCategory = HashCollections.newUpdatableMap(attributesList.size());
/*
* attributesToIncludeInResult.size() <= attributesList.size()
*/
final List<Attributes> attributesToIncludeInResult = new ArrayList<>(attributesList.size());
for (final Attributes jaxbAttributes : attributesList) {
final SingleCategoryAttributes<?, Attributes> categorySpecificAttributes = xacmlAttrsParser.parseAttributes(jaxbAttributes, xPathCompiler);
if (categorySpecificAttributes == null) {
// skip this empty Attributes
continue;
}
final String categoryId = categorySpecificAttributes.getCategoryId();
final XdmNode newContentNode = categorySpecificAttributes.getExtraContent();
if (newContentNode != null) {
final XdmNode duplicate = extraContentsByCategory.putIfAbsent(categoryId, newContentNode);
/*
* No support for Multiple Decision Profile -> no support for repeated categories as specified in Multiple Decision Profile. So we must check duplicate attribute categories.
*/
if (duplicate != null) {
throw new IndeterminateEvaluationException("Unsupported repetition of Attributes[@Category='" + categoryId + "'] (feature 'urn:oasis:names:tc:xacml:3.0:profile:multiple:repeated-attribute-categories' is not supported)", XacmlStatusCode.SYNTAX_ERROR.value());
}
}
/*
* Convert growable (therefore mutable) bag of attribute values to immutable ones. Indeed, we must guarantee that attribute values remain constant during the evaluation of the request, as
* mandated by the XACML spec, section 7.3.5: <p> <i>
* "Regardless of any dynamic modifications of the request context during policy evaluation, the PDP SHALL behave as if each bag of attribute values is fully populated in the context before it is first tested, and is thereafter immutable during evaluation. (That is, every subsequent test of that attribute shall use the same bag of values that was initially tested.)"
* </i></p>
*/
for (final Entry<AttributeFqn, AttributeBag<?>> attrEntry : categorySpecificAttributes) {
namedAttributes.put(attrEntry.getKey(), attrEntry.getValue());
}
final Attributes catSpecificAttrsToIncludeInResult = categorySpecificAttributes.getAttributesToIncludeInResult();
if (catSpecificAttrsToIncludeInResult != null) {
attributesToIncludeInResult.add(catSpecificAttrsToIncludeInResult);
}
}
return Collections.singletonList(new IndividualXacmlJaxbRequest(reqFactory.getInstance(namedAttributes, extraContentsByCategory, isApplicablePolicyIdListReturned), ImmutableList.copyOf(attributesToIncludeInResult)));
}
Also used :
SingleCategoryAttributes(org.ow2.authzforce.core.pdp.api.io.SingleCategoryAttributes)
Attributes(oasis.names.tc.xacml._3_0.core.schema.wd_17.Attributes)
XdmNode(net.sf.saxon.s9api.XdmNode)
IndividualXacmlJaxbRequest(org.ow2.authzforce.core.pdp.api.io.IndividualXacmlJaxbRequest)
AttributeBag(org.ow2.authzforce.core.pdp.api.value.AttributeBag)
Aggregations
XdmNode (net.sf.saxon.s9api.XdmNode)2
AttributeBag (org.ow2.authzforce.core.pdp.api.value.AttributeBag)2
Attributes (oasis.names.tc.xacml._3_0.core.schema.wd_17.Attributes)1
JSONObject (org.json.JSONObject)1
IndividualXacmlJaxbRequest (org.ow2.authzforce.core.pdp.api.io.IndividualXacmlJaxbRequest)1
SingleCategoryAttributes (org.ow2.authzforce.core.pdp.api.io.SingleCategoryAttributes)1
