Class BaseStaticPolicyProvider
- java.lang.Object
-
- org.ow2.authzforce.core.pdp.api.policy.BaseStaticPolicyProvider
-
- All Implemented Interfaces:
Closeable
,AutoCloseable
,CloseablePolicyProvider<StaticTopLevelPolicyElementEvaluator>
,CloseableStaticPolicyProvider
,PolicyProvider<StaticTopLevelPolicyElementEvaluator>
,StaticPolicyProvider
public abstract class BaseStaticPolicyProvider extends Object implements CloseableStaticPolicyProvider
Convenient base class forCloseableStaticPolicyProvider
implementations
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.ow2.authzforce.core.pdp.api.policy.CloseablePolicyProvider
CloseablePolicyProvider.Factory<CONF_T extends org.ow2.authzforce.xmlns.pdp.ext.AbstractPolicyProvider>
-
-
Field Summary
-
Fields inherited from interface org.ow2.authzforce.core.pdp.api.policy.PolicyProvider
NULL_POLICYREF_CHAIN1_ARGUMENT_EXCEPTION, UNLIMITED_POLICY_REF_DEPTH
-
-
Constructor Summary
Constructors Constructor Description BaseStaticPolicyProvider(int maxPolicySetRefDepth)
Creates RefPolicyProvider instance
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description StaticTopLevelPolicyElementEvaluator
get(TopLevelPolicyElementType refPolicyType, String policyIdRef, Optional<PolicyVersionPatterns> constraints, Deque<String> policySetRefChain)
Finds a policy based on an ID reference.StaticTopLevelPolicyElementEvaluator
get(TopLevelPolicyElementType policyType, String policyId, Optional<PolicyVersionPatterns> policyVersionConstraints, Deque<String> policySetRefChain, EvaluationContext evaluationCtx)
Finds a policy based on an ID reference.protected abstract StaticTopLevelPolicyElementEvaluator
getPolicy(String policyIdRef, Optional<PolicyVersionPatterns> constraints)
Resolve reference to Policy, e.g.protected abstract StaticTopLevelPolicyElementEvaluator
getPolicySet(String policyIdRef, Optional<PolicyVersionPatterns> constraints, Deque<String> policySetRefChainWithPolicyIdRef)
Resolve reference to PolicySet, e.g.Deque<String>
joinPolicyRefChains(Deque<String> policyRefChain1, List<String> policyRefChain2)
Join chains of policy references, after checking whether the joined chain does not result in a circular reference (loop) or excessive length.-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.ow2.authzforce.core.pdp.api.policy.PolicyProvider
getCandidateRootPolicy
-
-
-
-
Method Detail
-
joinPolicyRefChains
public final Deque<String> joinPolicyRefChains(Deque<String> policyRefChain1, List<String> policyRefChain2) throws IllegalArgumentException
Description copied from interface:PolicyProvider
Join chains of policy references, after checking whether the joined chain does not result in a circular reference (loop) or excessive length.policyRefChain1
andpolicyRefChain2
are chains of PolicySets linked via PolicySetIdReferences. Each item is a PolicySetId of a PolicySet that is referenced by the previous item (except the first item which is the root policy) and references the next one. This chain is used to control PolicySetIdReferences found within the result policy, in order to detect loops (circular references) and prevent exceeding reference depth.Beware that we only keep the IDs in the chain, and not the versions, because we consider that a reference loop on the same policy ID is not allowed, no matter what the version is.
(Do not use a Queue for
policySetRefChain
as it is FIFO, and we need LIFO and iteration in order of insertion, so different from Collections.asLifoQueue(Deque) as well.)- Specified by:
joinPolicyRefChains
in interfacePolicyProvider<StaticTopLevelPolicyElementEvaluator>
- Parameters:
policyRefChain1
- mandatory/non-null first part of the joined chainpolicyRefChain2
- chain (list of policy identifiers) to append topolicyRefChain1
(typically a result ofPolicyEvaluator.getPolicyRefsMetadata(EvaluationContext)
(#getLongestPolicyRefChain) to create the joined chain- Returns:
- new joined chain that is
policyRefChain1
ifpolicyRefChain2 == null || policyRefChain2.isEmpty()
, elsepolicyRefChain2
appended topolicyRefChain1
- Throws:
IllegalArgumentException
-policyRefChain1 == null
, or circular reference (same ID in both chains) detected or resulting length (sum of the lengths of the two chains) is greater thanmaxPolicyRefDepth
-
getPolicy
protected abstract StaticTopLevelPolicyElementEvaluator getPolicy(String policyIdRef, Optional<PolicyVersionPatterns> constraints) throws IndeterminateEvaluationException
Resolve reference to Policy, e.g. PolicyIdReference- Parameters:
policyIdRef
- target PolicyIdconstraints
- policy version match rules- Returns:
- policy evaluator the policy matching the policy reference; or null if no match
- Throws:
IndeterminateEvaluationException
- error resolving policy
-
getPolicySet
protected abstract StaticTopLevelPolicyElementEvaluator getPolicySet(String policyIdRef, Optional<PolicyVersionPatterns> constraints, Deque<String> policySetRefChainWithPolicyIdRef) throws IndeterminateEvaluationException
Resolve reference to PolicySet, e.g. PolicySetIdReference. This may involve using the reference as indexing data to lookup a policy.- Parameters:
policyIdRef
- the target PolicySetIdWARNING: java.net.URI cannot be used here, because not equivalent to XML schema anyURI type. Spaces are allowed in XSD anyURI [1], not in java.net.URI.
[1] http://www.w3.org/TR/xmlschema-2/#anyURI That's why we use String instead.
See also:
https://java.net/projects/jaxb/lists/users/archive/2011-07/ message/16
From the JAXB spec: "xs:anyURI is not bound to java.net.URI by default since not all possible values of xs:anyURI can be passed to the java.net.URI constructor.
constraints
- any optional constraints on the version of the target policy, matched against its Version attributepolicySetRefChainWithPolicyIdRef
- null iff this is not called to resolve a PolicySetIdReference; else this is the chain of PolicySets linked via PolicySetIdReference(s), from the root PolicySet up to (and including)policyIdRef
. Each item in the chain is a PolicySetId of a PolicySet that is referenced by the previous item (except the first item which is the root policy) and references the next one. This chain is used to control PolicySetIdReferences found within the result policy, in order to detect loops (circular references) and prevent exceeding reference depth.Beware that we only keep the IDs in the chain, and not the version, because we consider that a reference loop on the same policy ID is not allowed, no matter what the version is.
(Do not use a Queue for
policySetRefChain
as it is FIFO, and we need LIFO and iteration in order of insertion, so different from Collections.asLifoQueue(Deque) as well.)- Returns:
- the policySet matching the policySet reference; or null if no match
- Throws:
IndeterminateEvaluationException
- if error determining a matching policy of typepolicyType
-
get
public final StaticTopLevelPolicyElementEvaluator get(TopLevelPolicyElementType refPolicyType, String policyIdRef, Optional<PolicyVersionPatterns> constraints, Deque<String> policySetRefChain) throws IndeterminateEvaluationException
Description copied from interface:StaticPolicyProvider
Finds a policy based on an ID reference. This may involve using the reference as indexing data to lookup a policy.- Specified by:
get
in interfaceStaticPolicyProvider
- Parameters:
refPolicyType
- type of requested policy element (Policy or PolicySet)policyIdRef
- the requested Policy(Set)IdWARNING: java.net.URI cannot be used here, because not equivalent to XML schema anyURI type. Spaces are allowed in XSD anyURI [1], not in java.net.URI.
[1] http://www.w3.org/TR/xmlschema-2/#anyURI That's why we use String instead.
See also:
https://java.net/projects/jaxb/lists/users/archive/2011-07/ message/16
From the JAXB spec: "xs:anyURI is not bound to java.net.URI by default since not all possible values of xs:anyURI can be passed to the java.net.URI constructor.
constraints
- any optional constraints on the version of the referenced policy, matched against its Version attributepolicySetRefChain
- null iff this is not called to resolve a PolicySetIdReference; else (policyType == TopLevelPolicyElementType#POLICY_SET
) this is the chain of PolicySets linked via PolicySetIdReference(s), from the root PolicySet up to (and including)policyId
. Each item in the chain is a PolicySetId of a PolicySet that is referenced by the previous item (except the first item which is the root policy) and references the next one. This chain is used to control PolicySetIdReferences found within the result policy, in order to detect loops (circular references) and prevent exceeding reference depth.Beware that we only keep the IDs in the chain, and not the version, because we consider that a reference loop on the same policy ID is not allowed, no matter what the version is.
(Do not use a Queue for
policySetRefChain
as it is FIFO, and we need LIFO and iteration in order of insertion, so different from Collections.asLifoQueue(Deque) as well.)- Returns:
- the policy matching the policy reference; or null if no match
- Throws:
IndeterminateEvaluationException
- error resolving the policy
-
get
public final StaticTopLevelPolicyElementEvaluator get(TopLevelPolicyElementType policyType, String policyId, Optional<PolicyVersionPatterns> policyVersionConstraints, Deque<String> policySetRefChain, EvaluationContext evaluationCtx) throws IllegalArgumentException, IndeterminateEvaluationException
Description copied from interface:PolicyProvider
Finds a policy based on an ID reference. This may involve using the reference as indexing data to lookup a policy.- Specified by:
get
in interfacePolicyProvider<StaticTopLevelPolicyElementEvaluator>
- Specified by:
get
in interfaceStaticPolicyProvider
- Parameters:
policyType
- type of policy element requested (policy or policySet)policyId
- the identifier used to resolve the policy by its Policy(Set)IdWARNING: java.net.URI cannot be used here, because not equivalent to XML schema anyURI type. Spaces are allowed in XSD anyURI [1], not in java.net.URI.
[1] http://www.w3.org/TR/xmlschema-2/#anyURI That's why we use String instead.
See also:
https://java.net/projects/jaxb/lists/users/archive/2011-07/ message/16
From the JAXB spec: "xs:anyURI is not bound to java.net.URI by default since not all possible values of xs:anyURI can be passed to the java.net.URI constructor.
policyVersionConstraints
- any optional constraints on the version of the referenced policy, matched against its Version attributepolicySetRefChain
- null iff this is not called to resolve a PolicySetIdReference; else (policyType == TopLevelPolicyElementType#POLICY_SET
) this is the chain of PolicySets linked via PolicySetIdReference(s), from the root PolicySet up to (and including)policyId
. Each item is a PolicySetId of a PolicySet that is referenced by the previous item (except the first item which is the root policy) and references the next one. This chain is used to control PolicySetIdReferences found within the result policy, in order to detect loops (circular references) and prevent exceeding reference depth.Beware that we only keep the IDs in the chain, and not the version, because we consider that a reference loop on the same policy ID is not allowed, no matter what the version is.
(Do not use a Queue for
policySetRefChain
as it is FIFO, and we need LIFO and iteration in order of insertion, so different from Collections.asLifoQueue(Deque) as well.)evaluationCtx
- evaluation context; the policy may be resolved dynamically for each evaluation request. Still, the implementation must guarantee that the same reference (samerefPolicyType
,policyIdRef
,constraints
arguments) always resolves to the same policy in the same evaluation context (for the same request) to preserve evaluation consistency. Therefore, it is recommended that the implementation caches the resolved policy matching given Policy(Set)IdReference parameters (policy type, ID, version constraints) in the request contextevaluationCtx
once and for all usingEvaluationContext.putOther(String, Object)
, and retrieves it in the same context usingEvaluationContext.getOther(String)
if necessary.- Returns:
- the policy matching the policy reference; or null if no match
- Throws:
IllegalArgumentException
- The resolved policy is invalid. The policy Provider module may parse policies lazily or on the fly, i.e. only when the policy is requested/looked for.IndeterminateEvaluationException
- if error determining a matching policy of typepolicyType
-
-