Merge remote-tracking branch 'phrinx/master' into wip-merge-resource-location-changes
diff --git a/openaz-pep/src/main/java/org/apache/openaz/pepapi/Action.java b/openaz-pep/src/main/java/org/apache/openaz/pepapi/Action.java
index 0477945..a4bdd0d 100644
--- a/openaz-pep/src/main/java/org/apache/openaz/pepapi/Action.java
+++ b/openaz-pep/src/main/java/org/apache/openaz/pepapi/Action.java
@@ -42,30 +42,29 @@
return new Action();
}
-
/**
- * Creates a new Action instance with id
+ * Creates a new Subject instance containing a single default attribute with the given String value.
*
* @param id
* @return
*/
public static Action newInstance(String id) {
- Action a = newInstance().withId(id);
- a.addAttribute(XACML3.ID_ACTION_ACTION_ID.stringValue(), id);
- return a;
+ return newInstance().withId(id);
}
/**
+ * Sets the Id of the action
*
* @param id
* @return
*/
public Action withId(String id) {
this.id = id;
+ addAttribute(XACML3.ID_ACTION_ACTION_ID.stringValue(), id);
return this;
}
-
- /**
+/**
+ * Returns the value of the id
*
* @return
*/
diff --git a/openaz-pep/src/main/java/org/apache/openaz/pepapi/PepConfig.java b/openaz-pep/src/main/java/org/apache/openaz/pepapi/PepConfig.java
index e09f291..bafa19c 100644
--- a/openaz-pep/src/main/java/org/apache/openaz/pepapi/PepConfig.java
+++ b/openaz-pep/src/main/java/org/apache/openaz/pepapi/PepConfig.java
@@ -34,21 +34,6 @@
/**
* @return
*/
- String getDefaultSubjectId();
-
- /**
- * @return
- */
- String getDefaultResourceId();
-
- /**
- * @return
- */
- String getDefaultActionId();
-
- /**
- * @return
- */
PepResponseBehavior getIndeterminateBehavior();
/**
diff --git a/openaz-pep/src/main/java/org/apache/openaz/pepapi/Resource.java b/openaz-pep/src/main/java/org/apache/openaz/pepapi/Resource.java
index 7e374e3..8d8e379 100644
--- a/openaz-pep/src/main/java/org/apache/openaz/pepapi/Resource.java
+++ b/openaz-pep/src/main/java/org/apache/openaz/pepapi/Resource.java
@@ -29,8 +29,7 @@
*/
public final class Resource extends CategoryContainer {
- // only java.lang.String or java.net.URI
- private Object id;
+ private Object id; // only java.lang.String or java.net.URI
private URI location;
private Resource() {
@@ -53,9 +52,7 @@
* @return
*/
public static Resource newInstance(String id) {
- Resource r = newInstance().withId(id);
- r.addAttribute(XACML3.ID_RESOURCE_RESOURCE_ID.stringValue(), id);
- return r;
+ return newInstance().withId(id);
}
/**
@@ -65,43 +62,47 @@
* @return
*/
public static Resource newInstance(URI id) {
- Resource r = newInstance().withId(id);
- r.addAttribute(XACML3.ID_RESOURCE_RESOURCE_ID.stringValue(), id);
- return r;
+ return newInstance().withId(id);
}
/**
* Sets resource id value
*
+ * @param id
* @return this
*/
public Resource withId(URI id) {
this.id = id;
+ addAttribute(XACML3.ID_RESOURCE_RESOURCE_ID.stringValue(), id);
return this;
}
/**
* Sets resource id value
*
+ * @param id
* @return this
*/
public Resource withId(String id) {
this.id = id;
+ addAttribute(XACML3.ID_RESOURCE_RESOURCE_ID.stringValue(), id);
return this;
}
/**
* Sets resource location
*
+ * @param location
* @return this
*/
public Resource withLocation(URI location) {
+ this.location = location;
addAttribute(XACML3.ID_RESOURCE_RESOURCE_LOCATION.stringValue(), location);
return this;
}
/**
- * Returns the value of the default id attribute
+ * Returns the value of the id attribute
*
* @return
*/
diff --git a/openaz-pep/src/main/java/org/apache/openaz/pepapi/Subject.java b/openaz-pep/src/main/java/org/apache/openaz/pepapi/Subject.java
index 1059bce..9f19a57 100644
--- a/openaz-pep/src/main/java/org/apache/openaz/pepapi/Subject.java
+++ b/openaz-pep/src/main/java/org/apache/openaz/pepapi/Subject.java
@@ -49,24 +49,23 @@
* @return
*/
public static Subject newInstance(String id) {
- Subject s = newInstance().withId(id);
- s.addAttribute(XACML3.ID_SUBJECT_SUBJECT_ID.stringValue(), id);
- return s;
+ return newInstance().withId(id);
}
-
/**
- * Sets resource id value
+ * Sets the Id of the subject
*
- * @return this
+ * @param id
+ * @return
*/
public Subject withId(String id) {
this.id = id;
+ addAttribute(XACML3.ID_SUBJECT_SUBJECT_ID.stringValue(), id);
return this;
}
/**
- * Returns the value of the default subjectIdValue attribute
+ * Returns the value of the id
*
* @return
*/
diff --git a/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/ActionMapper.java b/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/ActionMapper.java
index a18ccb7..41b8b2f 100644
--- a/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/ActionMapper.java
+++ b/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/ActionMapper.java
@@ -21,28 +21,10 @@
package org.apache.openaz.pepapi.std;
import org.apache.openaz.pepapi.Action;
-import org.apache.openaz.pepapi.PepRequest;
-import org.apache.openaz.pepapi.PepRequestAttributes;
-import org.apache.openaz.xacml.api.XACML3;
public class ActionMapper extends CategoryContainerMapper {
public ActionMapper() {
super(Action.class);
}
-
- @Override
- public void map(Object o, PepRequest pepRequest) {
- Action a = (Action) o;
- String id = a.getId();
- if (id == null) {
- id = getPepConfig().getDefaultActionId();
- if (id != null) {
- PepRequestAttributes resourceAttributes = pepRequest
- .getPepRequestAttributes(XACML3.ID_ATTRIBUTE_CATEGORY_ACTION);
- resourceAttributes.addAttribute(XACML3.ID_ACTION_ACTION_ID.stringValue(), (String) id);
- }
- }
- super.map(o, pepRequest);
- }
}
diff --git a/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/ResourceMapper.java b/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/ResourceMapper.java
index 3298b8f..ce7e436 100644
--- a/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/ResourceMapper.java
+++ b/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/ResourceMapper.java
@@ -20,38 +20,11 @@
package org.apache.openaz.pepapi.std;
-import org.apache.openaz.pepapi.PepRequest;
-import org.apache.openaz.pepapi.PepRequestAttributes;
import org.apache.openaz.pepapi.Resource;
-import org.apache.openaz.xacml.api.XACML3;
-
-import java.net.URI;
public class ResourceMapper extends CategoryContainerMapper {
public ResourceMapper() {
super(Resource.class);
}
-
- @Override
- public void map(Object o, PepRequest pepRequest) {
- Resource r = (Resource) o;
- Object id = r.getId();
- if (id == null) {
- id = getPepConfig().getDefaultResourceId();
-
- if (id != null) {
- PepRequestAttributes resourceAttributes = pepRequest
- .getPepRequestAttributes(XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
- if (id instanceof String)
- resourceAttributes.addAttribute(XACML3.ID_RESOURCE_RESOURCE_ID.stringValue(), (String) id);
- else if (id instanceof URI)
- resourceAttributes.addAttribute(XACML3.ID_RESOURCE_RESOURCE_ID.stringValue(), (URI) id);
- else
- throw new IllegalStateException("resource id is not an instance of String nor java.net.URI but " +
- r.getClass().getName());
- }
- }
- super.map(o, pepRequest);
- }
}
diff --git a/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/StdPepConfig.java b/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/StdPepConfig.java
index 2c79e95..9debb7f 100644
--- a/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/StdPepConfig.java
+++ b/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/StdPepConfig.java
@@ -38,12 +38,6 @@
private static final String PEP_ISSUER = "pep.issuer";
- private static final String PEP_DEFAULT_SUBJECT_ID = "pep.subject.id";
-
- private static final String PEP_DEFAULT_ACTION_ID = "pep.action.id";
-
- private static final String PEP_DEFAULT_RESOURCE_ID = "pep.resource.id";
-
private static final String PEP_INDETERMINATE_BEHAVIOR = "pep.indeterminate.behavior";
private static final String PEP_NOTAPPLICABLE_BEHAVIOR = "pep.notapplicable.behavior";
@@ -52,12 +46,6 @@
private String issuer;
- private String subjectIdURI;
-
- private String actionIdURI;
-
- private String resourceIdURI;
-
private PepResponseBehavior indeterminateBehavior;
private PepResponseBehavior notApplicableBehavior;
@@ -75,21 +63,6 @@
this();
issuer = properties.getProperty(PEP_ISSUER);
- String subjectIdURI = properties.getProperty(PEP_DEFAULT_SUBJECT_ID);
- if (!StringUtils.isEmpty(subjectIdURI)) {
- this.subjectIdURI = subjectIdURI;
- }
-
- String actionIdURI = properties.getProperty(PEP_DEFAULT_ACTION_ID);
- if (!StringUtils.isEmpty(actionIdURI)) {
- this.actionIdURI = actionIdURI;
- }
-
- String resourceIdURI = properties.getProperty(PEP_DEFAULT_RESOURCE_ID);
- if (!StringUtils.isEmpty(resourceIdURI)) {
- this.resourceIdURI = resourceIdURI;
- }
-
String indeterminateString = properties.getProperty(PEP_INDETERMINATE_BEHAVIOR);
if (!StringUtils.isEmpty(indeterminateString)) {
PepResponseBehavior indeterminateBehavior = PepResponseBehavior.valueOf(indeterminateString);
@@ -128,21 +101,6 @@
}
@Override
- public String getDefaultSubjectId() {
- return subjectIdURI;
- }
-
- @Override
- public String getDefaultResourceId() {
- return resourceIdURI;
- }
-
- @Override
- public String getDefaultActionId() {
- return actionIdURI;
- }
-
- @Override
public PepResponseBehavior getIndeterminateBehavior() {
return indeterminateBehavior;
}
diff --git a/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/SubjectMapper.java b/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/SubjectMapper.java
index ffb2be0..e98b5a2 100644
--- a/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/SubjectMapper.java
+++ b/openaz-pep/src/main/java/org/apache/openaz/pepapi/std/SubjectMapper.java
@@ -20,29 +20,11 @@
package org.apache.openaz.pepapi.std;
-import org.apache.openaz.pepapi.PepRequest;
-import org.apache.openaz.pepapi.PepRequestAttributes;
import org.apache.openaz.pepapi.Subject;
-import org.apache.openaz.xacml.api.XACML3;
public class SubjectMapper extends CategoryContainerMapper {
public SubjectMapper() {
super(Subject.class);
}
-
- @Override
- public void map(Object o, PepRequest pepRequest) {
- Subject s = (Subject) o;
- String id = s.getId();
- if (id == null) {
- id = getPepConfig().getDefaultSubjectId();
- if (id != null) {
- PepRequestAttributes resourceAttributes = pepRequest
- .getPepRequestAttributes(XACML3.ID_SUBJECT_CATEGORY_ACCESS_SUBJECT);
- resourceAttributes.addAttribute(XACML3.ID_SUBJECT_SUBJECT_ID.stringValue(), (String) id);
- }
- }
- super.map(o, pepRequest);
- }
}
\ No newline at end of file
diff --git a/openaz-pep/src/test/java/org/apache/openaz/pepapi/std/test/TestAPI.java b/openaz-pep/src/test/java/org/apache/openaz/pepapi/std/test/TestAPI.java
index 85ce0c1..9c16caf 100644
--- a/openaz-pep/src/test/java/org/apache/openaz/pepapi/std/test/TestAPI.java
+++ b/openaz-pep/src/test/java/org/apache/openaz/pepapi/std/test/TestAPI.java
@@ -65,7 +65,8 @@
public void testPermitWithLocationMatch() {
Subject subject = Subject.newInstance("Bob");
Action action = Action.newInstance("read");
- Resource resource = Resource.newInstance(URI.create("/record/patient/Alice")).withLocation(URI.create("http://medical-records.com/"));
+ Resource resource = Resource.newInstance(URI.create("/record/patient/Alice"))
+ .withLocation(URI.create("http://medical-records.com/"));
PepResponse response = getPepAgent().decide(subject, action, resource);
Assert.assertNotNull(response);
Assert.assertEquals(true, response.allowed());
@@ -78,7 +79,8 @@
public void testPermitWithLocationMismatch() {
Subject subject = Subject.newInstance("Bob");
Action action = Action.newInstance("read");
- Resource resource = Resource.newInstance(URI.create("/record/patient/Alice")).withLocation(URI.create("http://restricted-records.com/"));
+ Resource resource = Resource.newInstance(URI.create("/record/patient/Alice"))
+ .withLocation(URI.create("http://restricted-records.com/"));
PepResponse response = getPepAgent().decide(subject, action, resource);
Assert.assertNotNull(response);
Assert.assertEquals(false, response.allowed());
diff --git a/openaz-pep/src/test/java/org/apache/openaz/pepapi/std/test/TestConfig.java b/openaz-pep/src/test/java/org/apache/openaz/pepapi/std/test/TestConfig.java
deleted file mode 100644
index 5d8a68b..0000000
--- a/openaz-pep/src/test/java/org/apache/openaz/pepapi/std/test/TestConfig.java
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-
-package org.apache.openaz.pepapi.std.test;
-
-import org.apache.openaz.pepapi.*;
-import org.apache.openaz.pepapi.std.StdPepAgentFactory;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Test;
-
-import java.net.URI;
-import java.util.ArrayList;
-import java.util.List;
-
-public class TestConfig {
-
- private PepAgentFactory pepAgentFactory;
-
- @Before
- public void setup() {
- pepAgentFactory = new StdPepAgentFactory("properties/testconfig.xacml.properties");
- }
-
- /**
- *
- */
- @Test
- public void testPepAgent() {
- Assert.assertNotNull(getPepAgent());
- }
-
- /**
- *
- */
- @Test
- public void testPermitWithDefaultsMatch() {
- Subject subject = Subject.newInstance();
- Action action = Action.newInstance();
- Resource resource = Resource.newInstance();
- PepResponse response = getPepAgent().decide(subject, action, resource);
- Assert.assertNotNull(response);
- Assert.assertEquals(true, response.allowed());
- }
-
- /**
- *
- */
- @Test
- public void testPermitWithDefaultsMismatch() {
- Subject subject = Subject.newInstance("non-default-subject-id");
- Action action = Action.newInstance("non-default-action-id");
- Resource resource = Resource.newInstance("non-default-resource-id");
- PepResponse response = getPepAgent().decide(subject, action, resource);
- Assert.assertNotNull(response);
- Assert.assertEquals(false, response.allowed());
- }
-
- public PepAgent getPepAgent() {
- return pepAgentFactory.getPepAgent();
- }
-}
diff --git a/openaz-pep/src/test/resources/policies/testconfig.xml b/openaz-pep/src/test/resources/policies/testconfig.xml
deleted file mode 100755
index 23a8bdc..0000000
--- a/openaz-pep/src/test/resources/policies/testconfig.xml
+++ /dev/null
@@ -1,59 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- PolicyId="urn:oasis:names:tc:xacml:2.0:testconfig:policy"
- RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0"
- xsi:schemaLocation="">
- <Description></Description>
- <Target/>
- <Rule RuleId="urn:oasis:names:tc:xacml:1.0:testconfig:rule-1" Effect="Permit">
- <Description />
- <Target>
- <AnyOf>
- <AllOf>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">default-subject-id</AttributeValue>
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
- AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
- </Match>
- </AllOf>
- </AnyOf>
- <AnyOf>
- <AllOf>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">default-resource-id</AttributeValue>
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
- AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
- </Match>
- </AllOf>
- </AnyOf>
- <AnyOf>
- <AllOf>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">default-action-id</AttributeValue>
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
- AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
- DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
- </Match>
- </AllOf>
- </AnyOf>
- </Target>
- </Rule>
-</Policy>
diff --git a/openaz-pep/src/test/resources/properties/testconfig.xacml.properties b/openaz-pep/src/test/resources/properties/testconfig.xacml.properties
deleted file mode 100755
index f4f71d4..0000000
--- a/openaz-pep/src/test/resources/properties/testconfig.xacml.properties
+++ /dev/null
@@ -1,21 +0,0 @@
-# Default XACML Properties File
-# Standard API Factories
-#
-xacml.dataTypeFactory=org.apache.openaz.xacml.std.StdDataTypeFactory
-xacml.pdpEngineFactory=org.apache.openaz.xacml.pdp.OpenAZPDPEngineFactory
-xacml.pepEngineFactory=org.apache.openaz.xacml.std.pep.StdEngineFactory
-xacml.pipFinderFactory=org.apache.openaz.xacml.std.pip.StdPIPFinderFactory
-
-# OpenAZ PDP Implementation Factories
-#
-xacml.openaz.evaluationContextFactory=org.apache.openaz.xacml.pdp.std.StdEvaluationContextFactory
-xacml.openaz.combiningAlgorithmFactory=org.apache.openaz.xacml.pdp.std.StdCombiningAlgorithmFactory
-xacml.openaz.functionDefinitionFactory=org.apache.openaz.xacml.pdp.std.StdFunctionDefinitionFactory
-xacml.openaz.policyFinderFactory=org.apache.openaz.xacml.pdp.std.StdPolicyFinderFactory
-
-xacml.rootPolicies=testPolicy
-testPolicy.file=src/test/resources/policies/testconfig.xml
-
-pep.subject.id=default-subject-id
-pep.action.id=default-action-id
-pep.resource.id=default-resource-id
\ No newline at end of file
