Package org.ow2.authzforce.core.pdp.impl.policy

Class CoreStaticPolicyProvider

  • All Implemented Interfaces:
    Closeable, AutoCloseable, org.ow2.authzforce.core.pdp.api.policy.CloseablePolicyProvider<org.ow2.authzforce.core.pdp.api.policy.StaticTopLevelPolicyElementEvaluator>, org.ow2.authzforce.core.pdp.api.policy.CloseableStaticPolicyProvider, org.ow2.authzforce.core.pdp.api.policy.PolicyProvider<org.ow2.authzforce.core.pdp.api.policy.StaticTopLevelPolicyElementEvaluator>, org.ow2.authzforce.core.pdp.api.policy.StaticPolicyProvider
    public class CoreStaticPolicyProvider
extends org.ow2.authzforce.core.pdp.api.policy.BaseStaticPolicyProvider
    This is the core implementation of BaseStaticPolicyProvider that supports static retrieval of the policies referenced by Policy(Set)IdReference. It is configured by a list of locations that represent Spring-compatible resource URLs, corresponding to XACML Policy(Set) files - each file content is expected to be a XACML Policy(Set) document - when the module is initialized. Beyond this, there is no modifying or re-loading of the policies.

    A policy location may also be a file pattern in the following form: "file://DIRECTORY_PATH/*SUFFIX" using wilcard character '*'; in which case the location is expanded to all regular files (not subdirectories) in directory located at DIRECTORY_PATH with suffix SUFFIX (SUFFIX may be empty, i.e. no suffix). The files are NOT searched recursively on subdirectories.

    Version:
    $Id: $

    • Field Summary

      • Fields inherited from interface org.ow2.authzforce.core.pdp.api.policy.PolicyProvider

        NULL_POLICYREF_CHAIN1_ARGUMENT_EXCEPTION, UNLIMITED_POLICY_REF_DEPTH

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void close()  
      Optional<org.ow2.authzforce.core.pdp.api.policy.PrimaryPolicyMetadata> getCandidateRootPolicy()
      Returns the candidate root policy which is in this case determined as follows: if there is one and only one Policy provided, return the latest version of this Policy; else if there is one and only one PolicySet, return the latest version of this PolicySet; else none.
      static CoreStaticPolicyProvider getInstance​(List<CoreStaticPolicyProvider.PolicyWithNamespaces<oasis.names.tc.xacml._3_0.core.schema.wd_17.Policy>> jaxbPolicies, List<CoreStaticPolicyProvider.PolicyWithNamespaces<oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySet>> jaxbPolicySets, int maxPolicySetRefDepth, org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory expressionFactory, org.ow2.authzforce.core.pdp.api.combining.CombiningAlgRegistry combiningAlgRegistry, Optional<org.ow2.authzforce.core.pdp.api.policy.StaticPolicyProvider> otherPolicyProvider)
      Creates an instance from XACML/JAXB Policy(Set) elements
      static CoreStaticPolicyProvider getInstance​(List<org.ow2.authzforce.core.pdp.impl.policy.CoreStaticPolicyProvider.StaticPolicyProviderInParam> providerParams, boolean ignoreOldPolicyVersions, org.ow2.authzforce.core.pdp.api.XmlUtils.XmlnsFilteringParserFactory xacmlParserFactory, int maxPolicySetRefDepth, org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory expressionFactory, org.ow2.authzforce.core.pdp.api.combining.CombiningAlgRegistry combiningAlgRegistry, Optional<org.ow2.authzforce.core.pdp.api.policy.StaticPolicyProvider> otherPolicyProvider)
      Creates an instance from policy locations
      protected org.ow2.authzforce.core.pdp.api.policy.StaticTopLevelPolicyElementEvaluator getPolicy​(String id, Optional<org.ow2.authzforce.core.pdp.api.policy.PolicyVersionPatterns> constraints)  
      protected org.ow2.authzforce.core.pdp.api.policy.StaticTopLevelPolicyElementEvaluator getPolicySet​(String id, Optional<org.ow2.authzforce.core.pdp.api.policy.PolicyVersionPatterns> constraints, Deque<String> policySetRefChainIncludingResult)  

      • Methods inherited from class org.ow2.authzforce.core.pdp.api.policy.BaseStaticPolicyProvider

        get, get, joinPolicyRefChains

    • Method Detail

      • getInstance

        public static CoreStaticPolicyProvider getInstance​(List<CoreStaticPolicyProvider.PolicyWithNamespaces<oasis.names.tc.xacml._3_0.core.schema.wd_17.Policy>> jaxbPolicies,
                                                   List<CoreStaticPolicyProvider.PolicyWithNamespaces<oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySet>> jaxbPolicySets,
                                                   int maxPolicySetRefDepth,
                                                   org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory expressionFactory,
                                                   org.ow2.authzforce.core.pdp.api.combining.CombiningAlgRegistry combiningAlgRegistry,
                                                   Optional<org.ow2.authzforce.core.pdp.api.policy.StaticPolicyProvider> otherPolicyProvider)
                                            throws IllegalArgumentException
        Creates an instance from XACML/JAXB Policy(Set) elements
        Parameters:
        jaxbPolicies - XACML Policies
        jaxbPolicySets - XACML PolicySets
        maxPolicySetRefDepth - maximum allowed depth of PolicySet reference chain (via PolicySetIdReference): PolicySet1 -> PolicySet2 -> ...
        combiningAlgRegistry - registry of policy/rule combining algorithms
        expressionFactory - Expression factory for parsing Expressions used in the policy(set)
        otherPolicyProvider - other (supporting) policy provider, used to resolve policy references that match neither jaxbPolicies nor jaxbPolicySets
        Returns:
        instance of this module
        Throws:
        IllegalArgumentException - if both jaxbPolicies and jaxbPolicySets are null/empty, or expressionFactory/combiningAlgRegistry undefined; or one of the Policy(Set)s is not valid or conflicts with another because it has same Policy(Set)Id and Version.

      • getInstance

        public static CoreStaticPolicyProvider getInstance​(List<org.ow2.authzforce.core.pdp.impl.policy.CoreStaticPolicyProvider.StaticPolicyProviderInParam> providerParams,
                                                   boolean ignoreOldPolicyVersions,
                                                   org.ow2.authzforce.core.pdp.api.XmlUtils.XmlnsFilteringParserFactory xacmlParserFactory,
                                                   int maxPolicySetRefDepth,
                                                   org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory expressionFactory,
                                                   org.ow2.authzforce.core.pdp.api.combining.CombiningAlgRegistry combiningAlgRegistry,
                                                   Optional<org.ow2.authzforce.core.pdp.api.policy.StaticPolicyProvider> otherPolicyProvider)
                                            throws IllegalArgumentException
        Creates an instance from policy locations
        Parameters:
        providerParams - location of Policy(Set) elements (JAXB) to be parsed for future reference by Policy(Set)IdReferences
        ignoreOldPolicyVersions - for any given policy ID, ignore all versions except the last one if there are multiple versions of the policy
        xacmlParserFactory - XACML parser factory for parsing any XACML Policy(Set)
        maxPolicySetRefDepth - maximum allowed depth of PolicySet reference chain (via PolicySetIdReference): PolicySet1 -> PolicySet2 -> ...; a strictly negative value means no limit
        combiningAlgRegistry - registry of policy/rule combining algorithms
        expressionFactory - Expression factory for parsing Expressions used in the policy(set)
        otherPolicyProvider - other (supporting) policy provider, used to resolve policy references that do not match any of providerParams
        Returns:
        instance of this class
        Throws:
        IllegalArgumentException - if policyURLs == null || policyURLs.length == 0 || xacmlParserFactory == null || expressionFactory == null || combiningAlgRegistry == null; or one of policyURLs is null or is not a valid XACML Policy(Set) or conflicts with another because it has same Policy(Set)Id and Version. Beware that the Policy(Set)Issuer is ignored from this check!

      • getPolicy

        protected org.ow2.authzforce.core.pdp.api.policy.StaticTopLevelPolicyElementEvaluator getPolicy​(String id,
                                                                                                Optional<org.ow2.authzforce.core.pdp.api.policy.PolicyVersionPatterns> constraints)
        Specified by:
        getPolicy in class org.ow2.authzforce.core.pdp.api.policy.BaseStaticPolicyProvider

      • getPolicySet

        protected org.ow2.authzforce.core.pdp.api.policy.StaticTopLevelPolicyElementEvaluator getPolicySet​(String id,
                                                                                                   Optional<org.ow2.authzforce.core.pdp.api.policy.PolicyVersionPatterns> constraints,
                                                                                                   Deque<String> policySetRefChainIncludingResult)
        Specified by:
        getPolicySet in class org.ow2.authzforce.core.pdp.api.policy.BaseStaticPolicyProvider

      • getCandidateRootPolicy

        public Optional<org.ow2.authzforce.core.pdp.api.policy.PrimaryPolicyMetadata> getCandidateRootPolicy()
        Returns the candidate root policy which is in this case determined as follows: if there is one and only one Policy provided, return the latest version of this Policy; else if there is one and only one PolicySet, return the latest version of this PolicySet; else none.

      • close

        public void close()