Class CoreStaticPolicyProvider
- java.lang.Object
-
- org.ow2.authzforce.core.pdp.api.policy.BaseStaticPolicyProvider
-
- org.ow2.authzforce.core.pdp.impl.policy.CoreStaticPolicyProvider
-
- All Implemented Interfaces:
Closeable
,AutoCloseable
,org.ow2.authzforce.core.pdp.api.policy.CloseablePolicyProvider<org.ow2.authzforce.core.pdp.api.policy.StaticTopLevelPolicyElementEvaluator>
,org.ow2.authzforce.core.pdp.api.policy.CloseableStaticPolicyProvider
,org.ow2.authzforce.core.pdp.api.policy.PolicyProvider<org.ow2.authzforce.core.pdp.api.policy.StaticTopLevelPolicyElementEvaluator>
,org.ow2.authzforce.core.pdp.api.policy.StaticPolicyProvider
public class CoreStaticPolicyProvider extends org.ow2.authzforce.core.pdp.api.policy.BaseStaticPolicyProvider
This is the core implementation ofBaseStaticPolicyProvider
that supports static retrieval of the policies referenced by Policy(Set)IdReference. It is configured by a list of locations that represent Spring-compatible resource URLs, corresponding to XACML Policy(Set) files - each file content is expected to be a XACML Policy(Set) document - when the module is initialized. Beyond this, there is no modifying or re-loading of the policies.A policy location may also be a file pattern in the following form: "file://DIRECTORY_PATH/*SUFFIX" using wilcard character '*'; in which case the location is expanded to all regular files (not subdirectories) in directory located at DIRECTORY_PATH with suffix SUFFIX (SUFFIX may be empty, i.e. no suffix). The files are NOT searched recursively on subdirectories.
- Version:
- $Id: $
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
CoreStaticPolicyProvider.Factory
Module factorystatic class
CoreStaticPolicyProvider.PolicyWithNamespaces<P>
Policy wrapper to keep the association between the namespace prefix-URIs from a XACML policy document and the Java instance of the policy resulting from parsing the same document
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description void
close()
Optional<org.ow2.authzforce.core.pdp.api.policy.PrimaryPolicyMetadata>
getCandidateRootPolicy()
Returns the candidate root policy which is in this case determined as follows: if there is one and only one Policy provided, return the latest version of this Policy; else if there is one and only one PolicySet, return the latest version of this PolicySet; else none.static CoreStaticPolicyProvider
getInstance(List<CoreStaticPolicyProvider.PolicyWithNamespaces<oasis.names.tc.xacml._3_0.core.schema.wd_17.Policy>> jaxbPolicies, List<CoreStaticPolicyProvider.PolicyWithNamespaces<oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySet>> jaxbPolicySets, int maxPolicySetRefDepth, org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory expressionFactory, org.ow2.authzforce.core.pdp.api.combining.CombiningAlgRegistry combiningAlgRegistry, Optional<org.ow2.authzforce.core.pdp.api.policy.StaticPolicyProvider> otherPolicyProvider)
Creates an instance from XACML/JAXB Policy(Set) elementsstatic CoreStaticPolicyProvider
getInstance(List<org.ow2.authzforce.core.pdp.impl.policy.CoreStaticPolicyProvider.StaticPolicyProviderInParam> providerParams, boolean ignoreOldPolicyVersions, org.ow2.authzforce.core.pdp.api.XmlUtils.XmlnsFilteringParserFactory xacmlParserFactory, int maxPolicySetRefDepth, org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory expressionFactory, org.ow2.authzforce.core.pdp.api.combining.CombiningAlgRegistry combiningAlgRegistry, Optional<org.ow2.authzforce.core.pdp.api.policy.StaticPolicyProvider> otherPolicyProvider)
Creates an instance from policy locationsprotected org.ow2.authzforce.core.pdp.api.policy.StaticTopLevelPolicyElementEvaluator
getPolicy(String id, Optional<org.ow2.authzforce.core.pdp.api.policy.PolicyVersionPatterns> constraints)
protected org.ow2.authzforce.core.pdp.api.policy.StaticTopLevelPolicyElementEvaluator
getPolicySet(String id, Optional<org.ow2.authzforce.core.pdp.api.policy.PolicyVersionPatterns> constraints, Deque<String> policySetRefChainIncludingResult)
-
-
-
Method Detail
-
getInstance
public static CoreStaticPolicyProvider getInstance(List<CoreStaticPolicyProvider.PolicyWithNamespaces<oasis.names.tc.xacml._3_0.core.schema.wd_17.Policy>> jaxbPolicies, List<CoreStaticPolicyProvider.PolicyWithNamespaces<oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySet>> jaxbPolicySets, int maxPolicySetRefDepth, org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory expressionFactory, org.ow2.authzforce.core.pdp.api.combining.CombiningAlgRegistry combiningAlgRegistry, Optional<org.ow2.authzforce.core.pdp.api.policy.StaticPolicyProvider> otherPolicyProvider) throws IllegalArgumentException
Creates an instance from XACML/JAXB Policy(Set) elements- Parameters:
jaxbPolicies
- XACML PoliciesjaxbPolicySets
- XACML PolicySetsmaxPolicySetRefDepth
- maximum allowed depth of PolicySet reference chain (via PolicySetIdReference): PolicySet1 -> PolicySet2 -> ...combiningAlgRegistry
- registry of policy/rule combining algorithmsexpressionFactory
- Expression factory for parsing Expressions used in the policy(set)otherPolicyProvider
- other (supporting) policy provider, used to resolve policy references that match neitherjaxbPolicies
norjaxbPolicySets
- Returns:
- instance of this module
- Throws:
IllegalArgumentException
- if bothjaxbPolicies
andjaxbPolicySets
are null/empty, or expressionFactory/combiningAlgRegistry undefined; or one of the Policy(Set)s is not valid or conflicts with another because it has same Policy(Set)Id and Version.
-
getInstance
public static CoreStaticPolicyProvider getInstance(List<org.ow2.authzforce.core.pdp.impl.policy.CoreStaticPolicyProvider.StaticPolicyProviderInParam> providerParams, boolean ignoreOldPolicyVersions, org.ow2.authzforce.core.pdp.api.XmlUtils.XmlnsFilteringParserFactory xacmlParserFactory, int maxPolicySetRefDepth, org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory expressionFactory, org.ow2.authzforce.core.pdp.api.combining.CombiningAlgRegistry combiningAlgRegistry, Optional<org.ow2.authzforce.core.pdp.api.policy.StaticPolicyProvider> otherPolicyProvider) throws IllegalArgumentException
Creates an instance from policy locations- Parameters:
providerParams
- location of Policy(Set) elements (JAXB) to be parsed for future reference by Policy(Set)IdReferencesignoreOldPolicyVersions
- for any given policy ID, ignore all versions except the last one if there are multiple versions of the policyxacmlParserFactory
- XACML parser factory for parsing any XACML Policy(Set)maxPolicySetRefDepth
- maximum allowed depth of PolicySet reference chain (via PolicySetIdReference): PolicySet1 -> PolicySet2 -> ...; a strictly negative value means no limitcombiningAlgRegistry
- registry of policy/rule combining algorithmsexpressionFactory
- Expression factory for parsing Expressions used in the policy(set)otherPolicyProvider
- other (supporting) policy provider, used to resolve policy references that do not match any ofproviderParams
- Returns:
- instance of this class
- Throws:
IllegalArgumentException
- ifpolicyURLs == null || policyURLs.length == 0 || xacmlParserFactory == null || expressionFactory == null || combiningAlgRegistry == null
; or one ofpolicyURLs
is null or is not a valid XACML Policy(Set) or conflicts with another because it has same Policy(Set)Id and Version. Beware that the Policy(Set)Issuer is ignored from this check!
-
getPolicy
protected org.ow2.authzforce.core.pdp.api.policy.StaticTopLevelPolicyElementEvaluator getPolicy(String id, Optional<org.ow2.authzforce.core.pdp.api.policy.PolicyVersionPatterns> constraints)
- Specified by:
getPolicy
in classorg.ow2.authzforce.core.pdp.api.policy.BaseStaticPolicyProvider
-
getPolicySet
protected org.ow2.authzforce.core.pdp.api.policy.StaticTopLevelPolicyElementEvaluator getPolicySet(String id, Optional<org.ow2.authzforce.core.pdp.api.policy.PolicyVersionPatterns> constraints, Deque<String> policySetRefChainIncludingResult)
- Specified by:
getPolicySet
in classorg.ow2.authzforce.core.pdp.api.policy.BaseStaticPolicyProvider
-
getCandidateRootPolicy
public Optional<org.ow2.authzforce.core.pdp.api.policy.PrimaryPolicyMetadata> getCandidateRootPolicy()
Returns the candidate root policy which is in this case determined as follows: if there is one and only one Policy provided, return the latest version of this Policy; else if there is one and only one PolicySet, return the latest version of this PolicySet; else none.
-
close
public void close()
-
-