📄 xmlpolicyparser.java
字号:
/**
* Returns the role with the given value from the RoleHierarchy.
*
* @param roleType - the type of the role, as defined in the
* RoleHierarchyPolicy; if there is no RoleSpec with this type, null is
* returned
* @param roleValue - the value of the role of the given type, as defined
* in the RoleSpec defining the role hierarchy of the given type
*
* @return RoleHierarchyNode representing the role, or null, if there is
* no such type defined in the policy, or no such value for the given
* type
*/
public RoleHierarchyNode getRole(String roleType, String roleValue){
RoleSpecNode rsn = roleHierarchyPolicy.getByType(roleType);
return rsn==null?null:rsn.getRole(roleValue);
}
/**
* This method returns a Map of Target Access Rules, indexed by action name.
* There are other entries as well, as explained in TargetAccessPolicyNode
* documentation.
*
* @return Map of Target Access Rules
*/
public java.util.Map getAccessRules(){
//System.out.println("target access policy: "+targetAccessPolicy);//****
return targetAccessPolicy.getRules();
}
/**
* This method returns the set of delegation and assignment rules, as
* specified by RoleHierarchyPolicy.
*
* @see AssignmentRule
*/
public java.util.Map getAssignmentRules(){
return delegationPolicy.getRules();
}
/**
* This method returns a Role Hierarchy Policy as the only rule. The key in
* the map is
* issrg.pba.rbac.RoleHierarchyPolicy.class, and the object is the
* RoleHierarchyPolicy. These rules are used by AuthTokenParsers to extract
* valid roles from Authorisation Tokens.
*/
public java.util.Map getAuthTokenParsingRules(){
java.util.Map h = new java.util.Hashtable();
h.put(issrg.pba.rbac.RoleHierarchyPolicy.class, roleHierarchyPolicy);
return h;
}
/**
* This method returns the ID of the parsed Policy.
*
* @return the String identifier of the policy (the string representation of
* the OID in the dotted form for PERMIS XML policies)
*/
public String getPolicyID(){
return pmiXMLPolicy.getOID();
}
/**
* This method returns the URLs of the repositories specified in the
* RepositoryPolicy.
*
* @return array of Strings, each being a non-null URL; may return an empty
* array or null, if no repositories are defined in the policy
*/
public String [] getRepositoryURLs(){
if (repositoryPolicy==null) return null;
return repositoryPolicy.getURLs();
}
/**
* This method returns the domain covering all the allowed subjects. This
* is a union of all Subject Domains declared in the policy.
*
* @return Subtree that is a union of all Subject Domains.
*/
public Subtree getSubjectDomains() {
return subjectPolicy.getCoverageDomain();
}
/**
*This method returns the SOA policy of the current XML policy
*@return the soa policy
*/
public java.util.Map getSOAs() {
return soaPolicy.getSOAs();
}
/*
* POLICY XML NODE CLASSES
*/
/**
* The class representing an ActionPolicy XML node. It holds a collection of
* action definitions, indexed by the action name. The definitions include
* parameter names and order, and the return type name.
*
* @see #getActionDefinition(String)
* @author A Otenko
* @version 1.0
*/
public class ActionPolicyNode extends PolicyXMLNode{
/**
* This is the string, containing all the delimiter characters between
* arguments in NMTOKENS.
*/
//public final static String ARGS_SEPARATORS = ",";
public final static char ARGS_SEPARATORS = ',';
/**
* This is the storage of the defined actions
*/
private java.util.Map actions = new java.util.Hashtable();
/**
* This is the default constructor used by the XMLPolicyParser.
*/
public ActionPolicyNode(Attributes attrs) {
super(XMLTags.ACTION_POLICY_NODE, attrs);
actionPolicy = this;
}
/**
* This method gets information from the child nodes and sticks them in
* the
* actions map. The definitions are created as specified in <code>{@link
* #getActionDefinition(String) getActionDefinition}</code>
*/
public void construct(){
/**
* TODO: treat no children case
*/
for (int i=children.size(); i-->0;){
PolicyXMLNode c = (PolicyXMLNode)children.get(i);
if (c.getName().intern()!=XMLTags.ACTION_NODE){
/**
* TODO: signal a syntax error
*/
}
java.util.Map m = c.getAttributes();
String n = (String)m.get(XMLTags.NAME_ATTRIBUTE);
String ret = (String)m.get(XMLTags.RETURN_TYPE_ATTRIBUTE);
String args = (String)m.get(XMLTags.ARGS_ATTRIBUTE);
String [] def = new String [] {ret};
if (args!=null){
java.util.Vector v = split(args);
def = new String[1+v.size()];
def[0]=ret;
if (def.length>1){
System.arraycopy(v.toArray(), 0, def, 1, def.length-1);
}
}
actions.put(n, def);
}
}
/**
* Returns the action definition as an array of strings. Can be null,
* if no
* such method has been defined. The definition is as follows: the 0-th
* element
* is the return type name, or null, if no return type has been
* specified; the
* rest of the array elements name the parameters in the order they
* appeared
* in the XML.
*
* TODO: check for duplicate parameter identifiers, when constructing?
*
* @param name - the action name
*
* @return an array of String, where the 0-th element is the return type
* and the others are types of the action parameters
*/
public String [] getActionDefinition(String name){
return (String [])actions.get(name);
}
/**
* This method just splits an NMTOKENS string into a Vector of strings.
*
* @param args - a comma- and/or space-separated list of arguments
*
* @return Vector of arguments; each element is a String
*/
private java.util.Vector split(String args){
java.util.Vector v = new java.util.Vector();
if (args!=null){
java.util.Enumeration st = new EscapedStringTokenizer(args, ARGS_SEPARATORS);
while (st.hasMoreElements()){
v.add(st.nextElement());
}
}
return v;
}
}
/**
* This class represents the object that can store many Subject or Target
* Domain specifications. As part of its operation it also constructs a
* collective domain of all Subjects or all Targets, so that it will be easy
* to determine whether an arbitrary entity is part of any domain declared
* in the policy.
*
* @author A Otenko
* @version 1.0
*/
public class DomainPolicyNode extends PolicyXMLNode{
/**
* This is the end of the name of a Policy XML node.
*/
public final static String NODE_NAME = "Policy";
protected java.util.Map domains;
protected issrg.pba.rbac.policies.Subtree coverageDomain;
/**
* This constructor builds a DomainPolicyNode given the prefix of
* nodes to look for ("Subject" or "Target") and the set of attributes.
*
* @param prefix - the prefix to use before "Policy"; meaningful values
* are "Subject" and "Target"
* @param attrs - the attributes of the XML element
*/
public DomainPolicyNode(String prefix, Attributes attrs) {
super(prefix+NODE_NAME, attrs);
}
/**
* This method constructs a table of domains indexed by their ID and an
* aggregated domain that is a union of all domains. The latter is used
* to see if a particular entity matches any of the domains in the
* policy (to tell if the policy is applicable at all).
*/
public void construct(){
/**
* TODO: if a ClassCast exception is thrown,then a Syntax error must have
* occurred
*/
DomainSpecNode [] s = new DomainSpecNode[children.size()];
System.arraycopy(children.toArray(), 0, s, 0, s.length);
domains = new java.util.Hashtable();
java.util.Vector coverage = new java.util.Vector();
//System.out.println("\t\t*** BUILDING A DOMAIN POLICY ***"); //*******
for (int i=0; i<s.length; i++){
//System.out.println("\t"+s[i].getID()+" "+s[i].getSubtree()); //*******
domains.put(s[i].getID(), s[i].getSubtree());
coverage.add(s[i].getSubtree());
}
coverageDomain = new issrg.pba.rbac.policies.ComplexSubtree(coverage, null);
//System.out.println("\t***"+domains); //*******
}
/**
* Returns the given domain; can be null, if no such domain has been
* specified.
*
* @param id is the domain id
*
* @return the Subtree object with this ID; can be null, if no such
* domain has been defined
*/
public issrg.pba.rbac.policies.Subtree getDomain(String id){
//System.out.println("\t*** getting domain: "+id); //*******
return (issrg.pba.rbac.policies.Subtree)domains.get(id);
}
/**
* Returns the domain covering all domains declared in this policy.
* Subject and Target domains are treated separately, so there are
* two coverage domains available: one for Subjects, one for Targets
* (query the corresponding policies).
*/
public issrg.pba.rbac.policies.Subtree getCoverageDomain(){
return coverageDomain;
}
}
/**
* This is a simple extension of DomainPolicyNode that makes sure that
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -