Class PolicyEvaluators
- java.lang.Object
-
- org.ow2.authzforce.core.pdp.impl.policy.PolicyEvaluators
-
public final class PolicyEvaluators extends Object
This class consists exclusively of static methods that operate on or returnPolicyEvaluator
s- Version:
- $Id: $
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
PolicyEvaluators.BaseCombiningAlgParameter<T extends org.ow2.authzforce.core.pdp.api.Decidable>
Represents a set of CombinerParameters to a combining algorithm that may or may not be associated with a policy/rule
-
Constructor Summary
Constructors Constructor Description PolicyEvaluators()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static org.ow2.authzforce.core.pdp.api.policy.StaticTopLevelPolicyElementEvaluator
getInstance(oasis.names.tc.xacml._3_0.core.schema.wd_17.Policy policyElement, org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory expressionFactory, org.ow2.authzforce.core.pdp.api.combining.CombiningAlgRegistry combiningAlgRegistry, Optional<org.ow2.authzforce.core.pdp.api.expression.XPathCompilerProxy> parentDefaultXPathCompiler, Map<String,String> namespacePrefixToUriMap)
Creates Policy handler from XACML Policy elementstatic org.ow2.authzforce.core.pdp.api.policy.TopLevelPolicyElementEvaluator
getInstance(oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySet policyElement, org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory expressionFactory, org.ow2.authzforce.core.pdp.api.combining.CombiningAlgRegistry combiningAlgorithmRegistry, org.ow2.authzforce.core.pdp.api.policy.PolicyProvider<?> refPolicyProvider, Deque<String> ancestorPolicySetRefChain, Optional<org.ow2.authzforce.core.pdp.api.expression.XPathCompilerProxy> parentDefaultXPathCompiler, Map<String,String> namespacePrefixToUriMap)
Creates PolicySet handler from XACML PolicySet element with additional check of duplicate Policy(Set)Ids against a list of Policy(Set)s parsed during the PDP initialization so farstatic org.ow2.authzforce.core.pdp.impl.policy.PolicyEvaluators.PolicyRefEvaluator
getInstance(org.ow2.authzforce.core.pdp.api.policy.TopLevelPolicyElementType refPolicyType, oasis.names.tc.xacml._3_0.core.schema.wd_17.IdReferenceType idRef, org.ow2.authzforce.core.pdp.api.policy.PolicyProvider<?> refPolicyProvider, Deque<String> policySetRefChainWithIdRefIfPolicySet)
Instantiates Policy(Set) Reference evaluator from XACML Policy(Set)IdReferencestatic org.ow2.authzforce.core.pdp.api.policy.StaticTopLevelPolicyElementEvaluator
getInstanceStatic(oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySet policyElement, org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory expressionFactory, org.ow2.authzforce.core.pdp.api.combining.CombiningAlgRegistry combiningAlgorithmRegistry, org.ow2.authzforce.core.pdp.api.policy.StaticPolicyProvider refPolicyProvider, Deque<String> policySetRefChainWithPolicyElementIfRefTarget, Optional<org.ow2.authzforce.core.pdp.api.expression.XPathCompilerProxy> parentDefaultXPathCompiler, Map<String,String> namespacePrefixToUriMap)
Creates statically defined PolicySet handler from XACML PolicySet elementstatic org.ow2.authzforce.core.pdp.impl.policy.PolicyEvaluators.StaticPolicyRefEvaluator
getInstanceStatic(org.ow2.authzforce.core.pdp.api.policy.TopLevelPolicyElementType refPolicyType, oasis.names.tc.xacml._3_0.core.schema.wd_17.IdReferenceType idRef, org.ow2.authzforce.core.pdp.api.policy.StaticPolicyProvider refPolicyProvider, Deque<String> ancestorPolicySetRefChain)
Instantiates Static Policy(Set) Reference evaluator from XACML Policy(Set)IdReference, "static" meaning that givenidRef
andrefPolicyType
, the returned policy is always the same statically defined policy
-
-
-
Method Detail
-
getInstance
public static org.ow2.authzforce.core.pdp.api.policy.StaticTopLevelPolicyElementEvaluator getInstance(oasis.names.tc.xacml._3_0.core.schema.wd_17.Policy policyElement, org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory expressionFactory, org.ow2.authzforce.core.pdp.api.combining.CombiningAlgRegistry combiningAlgRegistry, Optional<org.ow2.authzforce.core.pdp.api.expression.XPathCompilerProxy> parentDefaultXPathCompiler, Map<String,String> namespacePrefixToUriMap) throws IllegalArgumentException
Creates Policy handler from XACML Policy element- Parameters:
policyElement
- Policy (XACML)parentDefaultXPathCompiler
- XPath compiler corresponding to parent PolicyDefaults/XPathVersion; undefined if this Policy has no parent Policy (root), or none defined in parent, or XPath disabled by PDP configurationnamespacePrefixToUriMap
- namespace prefix-URI mappings from the original XACML Policy (XML) document, to be used for namespace-aware XPath evaluation; empty iff XPath support disabled or:parentDefaultXPathCompiler.isPresent()
and they can be retrieved already fromparentDefaultXPathCompiler.get().getDeclaredNamespacePrefixToUriMap()
expressionFactory
- Expression factory/parsercombiningAlgRegistry
- rule/policy combining algorithm registry- Returns:
- instance
- Throws:
IllegalArgumentException
- if any argument is invalid
-
getInstance
public static org.ow2.authzforce.core.pdp.impl.policy.PolicyEvaluators.PolicyRefEvaluator getInstance(org.ow2.authzforce.core.pdp.api.policy.TopLevelPolicyElementType refPolicyType, oasis.names.tc.xacml._3_0.core.schema.wd_17.IdReferenceType idRef, org.ow2.authzforce.core.pdp.api.policy.PolicyProvider<?> refPolicyProvider, Deque<String> policySetRefChainWithIdRefIfPolicySet) throws IllegalArgumentException
Instantiates Policy(Set) Reference evaluator from XACML Policy(Set)IdReference- Parameters:
idRef
- Policy(Set)IdReferencerefPolicyProvider
- Policy(Set)IdReference resolver/ProviderrefPolicyType
- type of policy referenced, i.e. whether it refers to Policy or PolicySetpolicySetRefChainWithIdRefIfPolicySet
- null ifrefPolicyType == TopLevelPolicyElementType.POLICY
; else it is the chain of PolicySets linked via PolicySetIdReferences, from the root PolicySet up to this reference target (last item is theidRef
value). Each item is a PolicySetId of a PolicySet that is referenced by the previous item (except the first item which is the root policy) and references the next one. This chain is used to control PolicySetIdReferences found within the result policy, in order to detect loops (circular references) and prevent exceeding reference depth.Beware that we only keep the IDs in the chain, and not the version, because we consider that a reference loop on the same policy ID is not allowed, no matter what the version is.
(Do not use a Queue for
ancestorPolicySetRefChain
as it is FIFO, and we need LIFO and iteration in order of insertion, so different from Collections.asLifoQueue(Deque) as well.)- Returns:
- instance of PolicyReference
- Throws:
IllegalArgumentException
- ifrefPolicyProvider
undefined, or there is no policy of typerefPolicyType
matchingidRef
to be found byrefPolicyProvider
, or PolicySetIdReference loop detected or PolicySetIdReference depth exceeds the max enforced bypolicyProvider
-
getInstanceStatic
public static org.ow2.authzforce.core.pdp.impl.policy.PolicyEvaluators.StaticPolicyRefEvaluator getInstanceStatic(org.ow2.authzforce.core.pdp.api.policy.TopLevelPolicyElementType refPolicyType, oasis.names.tc.xacml._3_0.core.schema.wd_17.IdReferenceType idRef, org.ow2.authzforce.core.pdp.api.policy.StaticPolicyProvider refPolicyProvider, Deque<String> ancestorPolicySetRefChain) throws IllegalArgumentException
Instantiates Static Policy(Set) Reference evaluator from XACML Policy(Set)IdReference, "static" meaning that givenidRef
andrefPolicyType
, the returned policy is always the same statically defined policy- Parameters:
idRef
- Policy(Set)IdReferencerefPolicyProvider
- Policy(Set)IdReference resolver/ProviderrefPolicyType
- type of policy referenced, i.e. whether it refers to Policy or PolicySetancestorPolicySetRefChain
- chain of ancestor PolicySets linked via PolicySetIdReferences, from the root PolicySet up to the Policy(Set) reference being resolved by this method (excluded). Null/empty ifpolicyElement
this method is used to resolve the root PolicySet (no ancestor). Each item is a PolicySetId of a PolicySet that is referenced by the previous item (except the first item which is the root policy) and references the next one. This chain is used to control PolicySetIdReferences found within the result policy, in order to detect loops (circular references) and prevent exceeding reference depth.Beware that we only keep the IDs in the chain, and not the version, because we consider that a reference loop on the same policy ID is not allowed, no matter what the version is.
(Do not use a Queue for
ancestorPolicySetRefChain
as it is FIFO, and we need LIFO and iteration in order of insertion, so different from Collections.asLifoQueue(Deque) as well.)- Returns:
- instance of PolicyReference
- Throws:
IllegalArgumentException
- ifrefPolicyProvider
undefined, or there is no policy of typerefPolicyType
matchingidRef
to be found byrefPolicyProvider
, or PolicySetIdReference loop detected or PolicySetIdReference depth exceeds the max enforced bypolicyProvider
-
getInstanceStatic
public static org.ow2.authzforce.core.pdp.api.policy.StaticTopLevelPolicyElementEvaluator getInstanceStatic(oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySet policyElement, org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory expressionFactory, org.ow2.authzforce.core.pdp.api.combining.CombiningAlgRegistry combiningAlgorithmRegistry, org.ow2.authzforce.core.pdp.api.policy.StaticPolicyProvider refPolicyProvider, Deque<String> policySetRefChainWithPolicyElementIfRefTarget, Optional<org.ow2.authzforce.core.pdp.api.expression.XPathCompilerProxy> parentDefaultXPathCompiler, Map<String,String> namespacePrefixToUriMap) throws IllegalArgumentException
Creates statically defined PolicySet handler from XACML PolicySet element- Parameters:
policyElement
- PolicySet (XACML) without any dynamic policy referencesparentDefaultXPathCompiler
- XPath compiler corresponding to parent PolicySet's default XPath version, or null if either no parent or no default XPath version defined in parentnamespacePrefixToUriMap
- namespace prefix-URI mappings from the original XACML PolicySet (XML) document, to be used for namespace-aware XPath evaluation; null or empty iff XPath support disabledexpressionFactory
- Expression factory/parsercombiningAlgorithmRegistry
- policy/rule combining algorithm registryrefPolicyProvider
- static policy-by-reference (Policy(Set)IdReference) Provider - all references statically resolved - to find references used in this policysetpolicySetRefChainWithPolicyElementIfRefTarget
- null/empty ifpolicyElement
is a root PolicySet; else it is the chain of top-level (as opposed to nested inline) PolicySets linked via PolicySetIdReferences, from the root PolicySet up to - and including - the top-level PolicySet that encloses or is apolicyElement
(i.e. a reference's target). Each item is a PolicySetId of a PolicySet that is referenced by the previous item (except the first item which is the root policy) and references the next one. This chain is used to control PolicySetIdReferences found within the result policy, in order to detect loops (circular references) and prevent exceeding reference depth.Beware that we only keep the IDs in the chain, and not the version, because we consider that a reference loop on the same policy ID is not allowed, no matter what the version is.
(Do not use a Queue for
ancestorPolicySetRefChain
as it is FIFO, and we need LIFO and iteration in order of insertion, so different from Collections.asLifoQueue(Deque) as well.)- Returns:
- instance
- Throws:
IllegalArgumentException
- if any argument (e.g.policyElement
) is invalid
-
getInstance
public static org.ow2.authzforce.core.pdp.api.policy.TopLevelPolicyElementEvaluator getInstance(oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySet policyElement, org.ow2.authzforce.core.pdp.api.expression.ExpressionFactory expressionFactory, org.ow2.authzforce.core.pdp.api.combining.CombiningAlgRegistry combiningAlgorithmRegistry, org.ow2.authzforce.core.pdp.api.policy.PolicyProvider<?> refPolicyProvider, Deque<String> ancestorPolicySetRefChain, Optional<org.ow2.authzforce.core.pdp.api.expression.XPathCompilerProxy> parentDefaultXPathCompiler, Map<String,String> namespacePrefixToUriMap) throws IllegalArgumentException
Creates PolicySet handler from XACML PolicySet element with additional check of duplicate Policy(Set)Ids against a list of Policy(Set)s parsed during the PDP initialization so far- Parameters:
policyElement
- PolicySet (XACML)parentDefaultXPathCompiler
- XPath compiler corresponding to parent PolicySet's default XPath version, or null if either no parent or no default XPath version defined in parentnamespacePrefixToUriMap
- namespace prefix-URI mappings from the original XACML PolicySet (XML) document, to be used for namespace-aware XPath evaluation; null or empty iff XPath support disabledexpressionFactory
- Expression factory/parsercombiningAlgorithmRegistry
- policy/rule combining algorithm registryrefPolicyProvider
- policy-by-reference (Policy(Set)IdReference) Provider to find references used in this policysetancestorPolicySetRefChain
- chain of ancestor PolicySets linked via PolicySetIdReferences, from the root PolicySet up topolicyElement
(excluded). Null/empty ifpolicyElement
is the root PolicySet (no ancestor). Each item is a PolicySetId of a PolicySet that is referenced by the previous item (except the first item which is the root policy) and references the next one. This chain is used to control PolicySetIdReferences found within the result policy, in order to detect loops (circular references) and prevent exceeding reference depth.Beware that we only keep the IDs in the chain, and not the version, because we consider that a reference loop on the same policy ID is not allowed, no matter what the version is.
(Do not use a Queue for
ancestorPolicySetRefChain
as it is FIFO, and we need LIFO and iteration in order of insertion, so different from Collections.asLifoQueue(Deque) as well.)- Returns:
- instance
- Throws:
IllegalArgumentException
- if any argument (e.g.policyElement
) is invalid
-
-