Package com.sun.xacml.ctx

Examples of com.sun.xacml.ctx.Result

99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
            int result = match.getResult();

            // if there is an error in trying to match any of the targets,
            // we always return INDETERMINATE immediately
            if (result == MatchResult.INDETERMINATE)
                return new Result(Result.DECISION_INDETERMINATE, match.getStatus(), context
                        .getResourceId().encode());

            if (result == MatchResult.MATCH) {
                // if this isn't the first match, then this is an error
                if (atLeastOne) {
                    List<String> code = new ArrayList<String>();
                    code.add(Status.STATUS_PROCESSING_ERROR);
                    String message = "Too many applicable policies";
                    return new Result(Result.DECISION_INDETERMINATE, new Status(code, message),
                            context.getResourceId().encode());
                }

                // if this was the first applicable policy in the set, then
                // remember it for later
                atLeastOne = true;
                selectedPolicy = policy;
            }
        }

        // if we got through the loop and found exactly one match, then
        // we return the evaluation result of that policy
        if (atLeastOne)
            return selectedPolicy.evaluate(context);

        // if we didn't find a matching policy, then we don't apply
        return new Result(Result.DECISION_NOT_APPLICABLE, context.getResourceId().encode());
    }
View Full Code Here
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
            // make sure that the policy matches the context
            MatchResult match = policy.match(context);

            if (match.getResult() == MatchResult.INDETERMINATE)
                return new Result(Result.DECISION_INDETERMINATE, match.getStatus(), context
                        .getResourceId().encode());

            if (match.getResult() == MatchResult.MATCH) {
                // evaluate the policy
                Result result = policy.evaluate(context);
                int effect = result.getDecision();

                // in the case of PERMIT, DENY, or INDETERMINATE, we always
                // just return that result, so only on a rule that doesn't
                // apply do we keep going...
                if (effect != Result.DECISION_NOT_APPLICABLE)
                    return result;
            }
        }

        // if we got here, then none of the rules applied
        return new Result(Result.DECISION_NOT_APPLICABLE, context.getResourceId().encode());
    }
View Full Code Here
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
    public Result combine(EvaluationCtx context, List<CombinerParameter> parameters,
            List<? extends CombinerElement> ruleElements) {
        boolean atLeastOneError = false;
        boolean potentialDeny = false;
        boolean atLeastOnePermit = false;
        Result firstIndeterminateResult = null;
        Iterator<? extends CombinerElement> it = ruleElements.iterator();

        while (it.hasNext()) {
            Rule rule = ((RuleCombinerElement) (it.next())).getRule();
            Result result = rule.evaluate(context);
            int value = result.getDecision();

            // if there was a value of DENY, then regardless of what else
            // we've seen, we always return DENY
            if (value == Result.DECISION_DENY)
                return result;

            // if it was INDETERMINATE, then we couldn't figure something
            // out, so we keep track of these cases...
            if (value == Result.DECISION_INDETERMINATE) {
                atLeastOneError = true;

                // there are no rules about what to do if multiple cases
                // cause errors, so we'll just return the first one
                if (firstIndeterminateResult == null)
                    firstIndeterminateResult = result;

                // if the Rule's effect is DENY, then we can't let this
                // alg return PERMIT, since this Rule might have denied
                // if it could do its stuff
                if (rule.getEffect() == Result.DECISION_DENY)
                    potentialDeny = true;
            } else {
                // keep track of whether we had at least one rule that
                // actually pertained to the request
                if (value == Result.DECISION_PERMIT)
                    atLeastOnePermit = true;
            }
        }

        // we didn't explicitly DENY, but we might have had some Rule
        // been evaluated, so we have to return INDETERMINATE
        if (potentialDeny)
            return firstIndeterminateResult;

        // some Rule said PERMIT, so since nothing could have denied,
        // we return PERMIT
        if (atLeastOnePermit)
            return new Result(Result.DECISION_PERMIT, context.getResourceId().encode());

        // we didn't find anything that said PERMIT, but if we had a
        // problem with one of the Rules, then we're INDETERMINATE
        if (atLeastOneError)
            return firstIndeterminateResult;

        // if we hit this point, then none of the rules actually applied
        // to us, so we return NOT_APPLICABLE
        return new Result(Result.DECISION_NOT_APPLICABLE, context.getResourceId().encode());
    }
View Full Code Here
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
                // keep track of the first error, regardless of cause
                if (firstIndeterminateStatus == null)
                    firstIndeterminateStatus = match.getStatus();
            } else if (match.getResult() == MatchResult.MATCH) {
                // now we evaluate the policy
                Result result = policy.evaluate(context);
                int effect = result.getDecision();

                // this is a little different from DenyOverrides...

                if (effect == Result.DECISION_PERMIT)
                    return result;

                if (effect == Result.DECISION_DENY) {
                    atLeastOneDeny = true;
                    denyObligations.addAll(result.getObligations());
                } else if (effect == Result.DECISION_INDETERMINATE) {
                    atLeastOneError = true;

                    // keep track of the first error, regardless of cause
                    if (firstIndeterminateStatus == null)
                        firstIndeterminateStatus = result.getStatus();
                }
            }
        }

        // if we got a DENY, return it
        if (atLeastOneDeny)
            return new Result(Result.DECISION_DENY, context.getResourceId().encode(),
                    denyObligations);

        // if we got an INDETERMINATE, return it
        if (atLeastOneError)
            return new Result(Result.DECISION_INDETERMINATE, firstIndeterminateStatus, context
                    .getResourceId().encode());

        // if we got here, then nothing applied to us
        return new Result(Result.DECISION_NOT_APPLICABLE, context.getResourceId().encode());
    }
View Full Code Here
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
            List<? extends CombinerElement> ruleElements) {
        Iterator<? extends CombinerElement> it = ruleElements.iterator();

        while (it.hasNext()) {
            Rule rule = ((RuleCombinerElement) (it.next())).getRule();
            Result result = rule.evaluate(context);
            int value = result.getDecision();

            // in the case of PERMIT, DENY, or INDETERMINATE, we always
            // just return that result, so only on a rule that doesn't
            // apply do we keep going...
            if (value != Result.DECISION_NOT_APPLICABLE)
                return result;
        }

        // if we got here, then none of the rules applied
        return new Result(Result.DECISION_NOT_APPLICABLE, context.getResourceId().encode());
    }
View Full Code Here
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
            // make sure that the policy matches the context
            MatchResult match = policy.match(context);

            if (match.getResult() == MatchResult.INDETERMINATE)
                return new Result(Result.DECISION_DENY, context.getResourceId().encode());

            if (match.getResult() == MatchResult.MATCH) {
                // evaluate the policy
                Result result = policy.evaluate(context);
                int effect = result.getDecision();

                // unlike in the RuleCombining version of this alg, we always
                // return DENY if any Policy returns DENY or INDETERMINATE
                if ((effect == Result.DECISION_DENY) || (effect == Result.DECISION_INDETERMINATE))
                    return new Result(Result.DECISION_DENY, context.getResourceId().encode(),
                            result.getObligations());

                // remember if at least one Policy said PERMIT
                if (effect == Result.DECISION_PERMIT) {
                    atLeastOnePermit = true;
                    permitObligations.addAll(result.getObligations());
                }
            }
        }

        // if we got a PERMIT, return it, otherwise it's NOT_APPLICABLE
        if (atLeastOnePermit)
            return new Result(Result.DECISION_PERMIT, context.getResourceId().encode(),
                    permitObligations);
        else
            return new Result(Result.DECISION_NOT_APPLICABLE, context.getResourceId().encode());
    }
View Full Code Here
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
            MatchResult match = target.match(context);
            int result = match.getResult();

            // if the target didn't match, then this Rule doesn't apply
            if (result == MatchResult.NO_MATCH)
                return new Result(Result.DECISION_NOT_APPLICABLE, context.getResourceId().encode());

            // if the target was indeterminate, we can't go on
            if (result == MatchResult.INDETERMINATE)
                return new Result(Result.DECISION_INDETERMINATE, match.getStatus(), context
                        .getResourceId().encode());
        }

        // if there's no condition, then we just return the effect...
        if (condition == null)
            return new Result(effectAttr, context.getResourceId().encode());

        // ...otherwise we evaluate the condition
        EvaluationResult result = condition.evaluate(context);

        if (result.indeterminate()) {
            // if it was INDETERMINATE, then that's what we return
            return new Result(Result.DECISION_INDETERMINATE, result.getStatus(), context
                    .getResourceId().encode());
        } else {
            // otherwise we return the effect on tue, and NA on false
            BooleanAttribute bool = (BooleanAttribute) (result.getAttributeValue());

            if (bool.getValue())
                return new Result(effectAttr, context.getResourceId().encode());
            else
                return new Result(Result.DECISION_NOT_APPLICABLE, context.getResourceId().encode());
        }
    }
View Full Code Here
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
     * @return the result of evaluation
     */
    public Result evaluate(EvaluationCtx context) {
        // if there is no finder, then we return NotApplicable
        if (finder == null)
            return new Result(Result.DECISION_NOT_APPLICABLE, context.getResourceId().encode());

        PolicyFinderResult pfr = finder.findPolicy(reference, policyType, constraints,
                parentMetaData);

        // if we found nothing, then we return NotApplicable
        if (pfr.notApplicable())
            return new Result(Result.DECISION_NOT_APPLICABLE, context.getResourceId().encode());

        // if there was an error, we return that status data
        if (pfr.indeterminate())
            return new Result(Result.DECISION_INDETERMINATE, pfr.getStatus(), context
                    .getResourceId().encode());

        // we must have found a policy
        return pfr.getPolicy().evaluate(context);
    }
View Full Code Here
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
        Set<Result> set2 = new HashSet<Result>(results2);

        // consider each Result in the first Response, and try to find an
        // equivalent one in the second Response
        while (it1.hasNext()) {
            Result result1 = it1.next();
            Iterator<Result> it2 = set2.iterator();
            boolean matched = false;

            // go through the second list, and see if there's a matching Result
            while (it2.hasNext() && (!matched)) {
                Result result2 = it2.next();

                // two results are equivalent if they have the same decision,
                // the same resource (or none in both cases), and if their
                // status and obligations are also equivalent
                if ((result1.getDecision() == result2.getDecision())
                        && (equals(result1.getResource(), result2.getResource()))
                        && areEquivalent(result1.getStatus(), result2.getStatus())
                        && areEquivalent(result1.getObligations(), result2.getObligations())) {
                    matched = true;
                }
            }

            // if there was a match, remove it from the list...otherwise these
View Full Code Here
147
148
149
150
151
152
153
154
155
156
157
158
159
    private void dumpRequestCtx(RequestCtx request) {
        Logger.getAnonymousLogger().info(XACMLUtil.asXMLString(request));
    }

    private void checkForObligation(ResponseCtx response) {
        Result result = response.getResults().iterator().next();
        assertNotNull(result);
        Obligation obligation = result.getObligations().iterator().next();
        assertNotNull(obligation);
        Attribute assignment = obligation.getAssignments().iterator().next();
        GeometryAttribute geomAttr = (GeometryAttribute) assignment.getValue();
        assertNotNull(geomAttr.getGeometry());
View Full Code Here
TOP

Related Classes of com.sun.xacml.ctx.Result

  • com.sun.xacml.AbstractPolicy
  • com.sun.xacml.combine.DenyOverridesPolicyAlg
  • com.sun.xacml.combine.DenyOverridesRuleAlg
  • com.sun.xacml.combine.FirstApplicablePolicyAlg
  • com.sun.xacml.combine.FirstApplicableRuleAlg
  • com.sun.xacml.combine.OnlyOneApplicablePolicyAlg
  • com.sun.xacml.combine.PermitOverridesPolicyAlg
  • com.sun.xacml.combine.PermitOverridesRuleAlg
  • com.sun.xacml.Indenter
  • com.sun.xacml.PDP
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.