Examples of org.exist.security.xacml.ExistPDP

• org.exist.security.xacml.ExistPDP
  This class is responsible for creating the XACML Policy Decision Point (PDP) for a database instance. The PDP is the entity that accepts access requests and makes a decision whether the access is allowed. The PDP returns a decision to the requesting entity (called a Policy Enforcement Point, or PEP). This decision is either Permit, Deny, Indeterminate, or Not Applicable. Not Applicable occurs if no policy could be found that applied to the request. Indeterminate occurs if there was an error processing the request or the request was invalid.

  This class also provides convenience methods for most uses. The main method is evaluate, which will throw a PermissionDeniedException unless the decision was Permit and no Obligations were required. An Obligation is a conditional access decision. If the PEP cannot perform the Obligation, then it cannot accept the decision.

  RequestHelper provides methods for creating a RequestCtx, which is then passed to the PDP either indirectly by calling evaluate or directly by calling getPDP().evaluate(). The first method can probably be used in most cases, while the second one allows more flexibility in handling the response. @see XACMLConstants @see ExistPolicyModule @see RequestHelper

            realm.start(broker);
        }

        enableXACML = (Boolean)broker.getConfiguration().getProperty("xacml.enable");
        if(enableXACML != null && enableXACML.booleanValue()) {
            pdp = new ExistPDP(pool);
            LOG.debug("XACML enabled");
        }
    }

        final XQueryContext context = expression.getContext();

        //check access to the query
        final XACMLSource source = expression.getSource();
        try {
            final ExistPDP pdp = context.getPDP();
            if(pdp != null) {
                final RequestCtx request = pdp.getRequestHelper().createQueryRequest(context, source);
                pdp.evaluate(request);
            }
        } catch(final PermissionDeniedException pde) {
            throw new XPathException("Permission to execute query: " + source.createId() + " denied.", pde);
        }

                {context.getProfiler().message(this, Profiler.START_SEQUENCES, "CONTEXT ITEM", contextItem.toSequence());}
        }

    //check access to the method
    try {
      final ExistPDP pdp = context.getPDP();
      if(pdp != null) {
        final RequestCtx request = pdp.getRequestHelper().createReflectionRequest(context, null, myClass.getName(), name);
        pdp.evaluate(request);
      }
    } catch (final PermissionDeniedException pde) {
      throw new XPathException(this, "Access to method '" + name + "' in class '" + myClass.getName() + "' denied.", pde);
    }

            }
        }

        //check access to the method
        try {
            final ExistPDP pdp = context.getPDP();
            if(pdp != null) {
                final RequestCtx request = pdp.getRequestHelper().createFunctionRequest(context, null, getName());
                //if request is null, this function belongs to a main module and is allowed to be called
                //otherwise, the access must be checked
                if(request != null) {
                    pdp.evaluate(request);
                }
            }
        } catch(final PermissionDeniedException pde) {
            final XPathException xe = new XPathException(this, "Access to function '" + getName() + "'  denied.", pde);
            xe.addFunctionCall(functionDef, this);

  {
        context.proceed(this);
    final QName functionName = function.getName();
    //check access to the method
    try {
      final ExistPDP pdp = getContext().getPDP();
      if(pdp != null) {
        final RequestCtx request = pdp.getRequestHelper().createFunctionRequest(context, null, functionName);
        if(request != null)
          {pdp.evaluate(request);}
      }
    } catch (final PermissionDeniedException pde) {
      throw new XPathException(function, "Access to function '" + functionName + "'  denied.", pde);
    }
        final long start = System.currentTimeMillis();