xmlpolicyparser.java

一个完整的XACML工程,学习XACML技术的好例子!

/*
 * Copyright (c) 2000-2005, University of Salford
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * Redistributions of source code must retain the above copyright notice, this
 * list of conditions and the following disclaimer.
 *
 * Redistributions in binary form must reproduce the above copyright notice,
 * this list of conditions and the following disclaimer in the documentation
 * and/or other materials provided with the distribution.
 *
 * Neither the name of the University of Salford nor the names of its
 * contributors may be used to endorse or promote products derived from this
 * software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

package issrg.pba.rbac.xmlpolicy;

import issrg.pba.rbac.policies.*;  // added for MSoD
import issrg.pba.rbac.*;
import issrg.pba.Obligations;
import issrg.pba.SimpleObligations;

import org.xml.sax.Attributes;
import javax.xml.parsers.SAXParserFactory;

import issrg.pba.rbac.policies.DITSubtree;
import issrg.pba.rbac.policies.Subtree;

import issrg.pba.rbac.PolicyParsingException;
import issrg.pba.rbac.LDAPDNPrincipal;
import issrg.pba.rbac.BadURLException;
import issrg.pba.rbac.URLHandler;


import java.security.Principal;

import java.util.ArrayList;
import java.util.Vector;
import java.util.Map;
import java.util.Enumeration; //added for MSoD

/**
 * This class parses the given XML into an internal representation.
 * It creates rules for the DelegationPolicy and AccessPolicy objects. 
 *
 * <p>The parser was written in 2000 when XML DOM3 parsers were not readily
 * available with JDK, so we went for a (lightweight) SAX API. Effectively,
 * this parser converts XML into a tree of PolicyXMLNode objects or its
 * subclasses, very much like modern DOM3 parsers convert XML into a tree of
 * Nodes.
 *
 * <p>To extend the set of XML elements understood by XML Parser, you need to
 * extend the PolicyXMLNode class and provide a special constructor that 
 * contains two arguments: XMLPolicyParser and org.xml.sax.Attributes. Note 
 * that the inner classes will have an additional implied argument that is of 
 * the type
 * of the containing class (for example, this is why the extensions of the
 * PolicyXMLNode internal to this class do not have 
 * XMLPolicyParser as one of their parameters to the constructor - it is there
 * implicitly).
 *
 * <p>This is a Role based implementation, so it constructs the RoleHierarchy
 * along with Role based rules for the Delegation and Access policy objects.
 *
 * <p>Note that if the XML complies to a different syntax, the results are
 * unpredictable.
 *
 * @author A Otenko
 * @version 1.0
 */

public class XMLPolicyParser implements issrg.pba.PolicyParser,
        org.xml.sax.ContentHandler,
        org.xml.sax.ErrorHandler {

    /**
     * This method registers a set of default XML Nodes understood by XML
     * Parser. The general XML syntax does not need to be extensible, but
     * the IF-statement is extensible through this mechanism. You do not have
     * to call this method, if you have registered other classes to handle
     * the nodes that appear in the IF-statement; otherwise, you need to 
     * call this method to use the default implementation.
     *
     * @see #registerXMLNode
     */
    public static void registerDefaultNodes(){
        issrg.pba.rbac.xmlpolicy.ifstatement.ArgNode.register();
        issrg.pba.rbac.xmlpolicy.ifstatement.ConstantNode.register();
        issrg.pba.rbac.xmlpolicy.ifstatement.EnvironmentNode.register();
        
        issrg.pba.rbac.xmlpolicy.ifstatement.OperatorNode.register();
        
        issrg.pba.rbac.xmlpolicy.ifstatement.PresentNode.register();  // this one registers a default interpreter as well
        issrg.pba.rbac.xmlpolicy.ifstatement.NotNode.register();  // this one registers a default interpreter as well
        
        issrg.pba.rbac.xmlpolicy.ifstatement.AndNode.register();  // this one registers a default interpreter as well
        issrg.pba.rbac.xmlpolicy.ifstatement.OrNode.register();  // this one registers a default interpreter as well
        
        issrg.pba.rbac.xmlpolicy.ifstatement.EqNode.register();  // this node also has a default interpreter
        issrg.pba.rbac.xmlpolicy.ifstatement.GeNode.register();
        issrg.pba.rbac.xmlpolicy.ifstatement.LeNode.register();
        issrg.pba.rbac.xmlpolicy.ifstatement.GtNode.register();
        issrg.pba.rbac.xmlpolicy.ifstatement.LtNode.register();
        issrg.pba.rbac.xmlpolicy.ifstatement.SubstringsNode.register();
        
        issrg.pba.rbac.xmlpolicy.ifstatement.IntegerInterpreter.register();
        issrg.pba.rbac.xmlpolicy.ifstatement.StringInterpreter.register();
        
        issrg.pba.rbac.Time.register();
        issrg.pba.rbac.TimeInterpreter.register();
    }

    /**
     * This is a utility method that parses the policy provided as a String.
     *
     * @param policy - the XML text of the PERMIS XML Policy
     *
     * @return XMLPolicyParser that has successfully parsed the policy; use its
     *   methods to retrieve the subpolicies and other rules 
     * @throws PbaException, if there was a problem parsing the policy
     */
    public static XMLPolicyParser getXMLPolicyParser(String policy) throws issrg.pba.PbaException{
        return new XMLPolicyParser(policy);
    }
    

    /**
     * This is a utility method that parses the policy provided as a 
     * InputStream.
     *
     * @param is - the InputStream with the XML text of the PERMIS XML Policy
     *
     * @return XMLPolicyParser that has successfully parsed the policy; use its
     *   methods to retrieve the subpolicies and other rules 
     */
    public static XMLPolicyParser getXMLPolicyParser(java.io.InputStream is) throws issrg.pba.PbaException{
        return new XMLPolicyParser(new org.xml.sax.InputSource(is));
    }
    
    /**
     * This is a collection of all known nodes. It is useful for quick lookup of
     * the needed node to create for a given node name.
     */
    protected final static java.util.Map knownNodes = new java.util.Hashtable();
    private static Class [] defaultConstr = new Class[]{XMLPolicyParser.class, org.xml.sax.Attributes.class};
    static{
        try{
            registerXMLNode(XMLTags.ROLE_HIERARCHY_POLICY_NODE, RoleHierarchyPolicyNode.class);
            registerXMLNode(XMLTags.ROLE_SPEC_NODE, RoleSpecNode.class);
            registerXMLNode(XMLTags.SUP_ROLE_NODE, RoleHierarchyNode.class);
            registerXMLNode(XMLTags.SUBJECT_POLICY_NODE, SubjectDomainPolicyNode.class);
            registerXMLNode(XMLTags.SUBJECT_DOMAIN_SPEC_NODE, SubjectDomainSpecNode.class);
            registerXMLNode(XMLTags.SOA_POLICY_NODE, SOAPolicyNode.class);
            registerXMLNode(XMLTags.REPOSITORY_POLICY_NODE, RepositoryPolicyNode.class);
            registerXMLNode(XMLTags.TARGET_ACCESS_POLICY_NODE, TargetAccessPolicyNode.class);
            registerXMLNode(XMLTags.TARGET_POLICY_NODE, TargetDomainPolicyNode.class);
            registerXMLNode(XMLTags.TARGET_DOMAIN_SPEC_NODE, TargetDomainSpecNode.class);
            registerXMLNode(XMLTags.ACTION_POLICY_NODE, ActionPolicyNode.class);
            registerXMLNode(XMLTags.ROLE_ASSIGNMENT_POLICY_NODE, RoleAssignmentPolicyNode.class);
            registerXMLNode(XMLTags.ROLE_LIST_NODE, RoleListNode.class);
            registerXMLNode(XMLTags.X_509_PMI_RBAC_POLICY_NODE, PMIXMLPolicyNode.class);
//      registerXMLNode(XMLTags.ROLE_MAPPING_POLICY_NODE, RoleMappingPolicyNode.class);
            registerXMLNode(XMLTags.MSoD_POLICY_SET_NODE, MSoDPolicySetNode.class); // added for MSoD
            
        }catch (NoSuchMethodException nsme){
            nsme.printStackTrace(); // this shouldn't happen
        }
    }
    
    /**
     * For debugging purposes. It prints out the names of all known nodes to
     * System.out.
     */
    public static void printNodes(){
        System.out.println("The nodes registered with the XML Policy parser:");
        Object [] keys = knownNodes.keySet().toArray();
        
        for (int i=0; i<keys.length; i++){
            System.out.println(keys[i]);
        }
        System.out.println();
    }
    
    /**
     * This method can register any PolicyXMLNode constructor with parameters 
     * XMLPolicyParser and org.xml.sax.Attributes
     * to it.
     *
     * @param nodeName is the name of the XML element the provided class can 
     *    parse
     * @param nodeClass is the class of the parser; it must have a constructor 
     *    with the first parameter
     *    being XMLPolicyParser and the other being org.xml.sax.Attributes, 
     *    where XMLPolicyParser will be the reference to the XMLPolicyParser
     *    that performs parsing, and the Attributes is the set of attributes of
     *    the element being parsed
     */
    public static void registerXMLNode(String nodeName, Class nodeClass) throws NoSuchMethodException {
        knownNodes.put(nodeName, nodeClass.getConstructor(defaultConstr));
    }
    
    /**
     * This is the whole Policy as a parsed tree of XML nodes.
     */
    protected PMIXMLPolicyNode pmiXMLPolicy;
    
    /**
     * The node stack represents the current state of the parsing tree. The 
     * nodes
     * are inserted at the beginning, its parent is the object number 1, etc.
     */
    protected java.util.Vector nodeStack;
    
    /**
     * This is a reference to a &lt;RoleHierarchyPolicy&gt; XML node. However,
     * it is functional on its own.
     */
    protected RoleHierarchyPolicyNode roleHierarchyPolicy;        // this is just a bunch of Roles we know
    // they are linked into a hierarchy when parsing
    
    /**
     * This variable is used by the RoleList node to assign the correct 
     * validity period to the
     * roles in the role list. This value is changed by the 
     * RoleAssignmentPolicy and by the
     * TargetAccessPolicy.
     */
    protected issrg.pba.rbac.ValidityPeriod validityForRoleList;
    
    /**
     * This is used when parsing the RoleSpec entity. It holds the collection of
     * roles, defined within one RoleSpec. Note that embedded RoleSpecs are not
     * allowed: there can be only one open RoleSpec at a time.
     */
    private java.util.Map rolespec;
    
    /**
     * This is used when parsing the SubjectPolicy entry. It holds the 
     * SubjectPolicy
     * object until the Assignment Policy has been created.
     */
    private DomainPolicyNode subjectPolicy;
    
    /**
     * This is used when parsing the SOAPolicy entry. It holds a collection of all
     * known SOAs and their DNs. Note that it is used in AssignmentPolicy only.
     */
    private SOAPolicyNode soaPolicy;
    
    /**
     * This is used when parsing the Target policy
     */
    private DomainPolicyNode targetPolicy;
    
    /**
     * This is used when parsing the Action policy, and later will be referred 
     * by
     * the Target Access policy.
     */
    private ActionPolicyNode actionPolicy;
    
    /**
     * This is used when parsing the Target Access policy
     */
    private TargetAccessPolicyNode targetAccessPolicy;
    
   /**
    * This is where MSoDPolicy goes, added for MSoD 
    */
    private MSoDPolicySetNode msodPolicySetNode;
    
    /**
     * This is where Repository Policy goes
     */
    private RepositoryPolicyNode repositoryPolicy;
    
    /**
     * This is a parsing-specific variable. It is used to locate the error 
     * point.
     */
    protected org.xml.sax.Locator locator;  // this is for parsing
    
    /**
     * This is the reference to the object, containing the rules for role
     * assignment
     */
    protected RoleAssignmentPolicyNode delegationPolicy;
    
    /**
     * This is used when creating new nodes
     */
    protected org.xml.sax.Attributes attrs;