📄 xmlpolicyparser.java
字号:
* SubjectPolicy is constructed correctly. When an instance of this object
* is created, subjectPolicy is set in XMLPolicyParser.
*/
public class SubjectDomainPolicyNode extends DomainPolicyNode{
public SubjectDomainPolicyNode(Attributes attrs){
super(XMLTags.SUBJECT_PREFIX, attrs);
subjectPolicy = this;
}
}
/**
* This is a simple extension of DomainPolicyNode that makes sure that
* TargetPolicy is constructed correctly. When an instance of this object
* is created, targetPolicy is set in XMLPolicyParser.
*/
public class TargetDomainPolicyNode extends DomainPolicyNode{
public TargetDomainPolicyNode(Attributes attrs){
super(XMLTags.TARGET_PREFIX, attrs);
targetPolicy = this;
}
}
/**
* This class represents the abstract DomainSpec, of which there are two
* extensions: SubjectDomainSpec and TargetDomainSpec.
* It simply creates a ComplexSubtree object and gives it a name.
*
* @author A Otenko
* @version 1.0
*/
public class DomainSpecNode extends PolicyXMLNode {
/**
* This is the end of the name of the DomainSpec node.
*/
public static final String NODE_NAME = "DomainSpec";
private String domainID;
private issrg.pba.rbac.policies.Subtree subTree;
/**
* This variable says whether or not the Object Class statements should
* follow.
*/
private boolean expectObjClasses;
/**
* This constructor builds a DomainSpecNode, given the prefix in the
* node name ("Subject" or "Target"), the flag whether Object Classes
* should be expected, and the other attributes of the XML element.
*
* @param prefix - the prefix of the DomainSpec XML elements; the only
* meaningful values are "Subject" and "Target", but this is not
* checked
* @param objClass - the flag indicating whether ObjectClass elements
* are allowed in this DomainSpec; if true, they are allowed;
* otherwise a signal error is signaled, when such elements are
* encountered in XML
* @param attrs - the attributes of the XML element
*/
public DomainSpecNode(String prefix, boolean objClass, Attributes attrs) {
super(prefix+NODE_NAME, attrs);
expectObjClasses = objClass;
}
/**
* This method uses gatherSubtrees method to construct a ComplexSubtree
* representing the Domain Specification.
*/
public void construct() throws PolicyParsingException{
try{
subTree = new issrg.pba.rbac.policies.ComplexSubtree(gatherSubtrees(children, true), null);
domainID = (String)this.attributes.get(XMLTags.ID_ATTRIBUTE);
//System.out.println("\t"+attributes); //*******
}catch(issrg.utils.RFC2253ParsingException rpe){
throw new PolicyParsingException(rpe.getMessage(), rpe);
}catch(BadURLException bue){
throw new PolicyParsingException(bue.getMessage(), bue);
}catch(java.lang.NumberFormatException nfe){
throw new PolicyParsingException("Error parsing integer", nfe);
}
}
/**
* This method gathers all subtrees defined by the vector of nodes.
* It supports both nested Excludes and sequences of Include and
* Exclude nodes.
* As the result, the following construct is supported:
* <Include ...><Exclude .../>..</Include><Exclude .../>,
* where both Excludes are excluded from the same Include. The nested
* Excludes is the preferred method, whilst the other is kept for
* historic reasons.
*
* @param children the Vector of Include and Exclude nodes
* @param includes the boolean value telling whether Includes should be
* expected; if true, it is the first level of nodes and Includes
* are allowed (as well as the Excludes); otherwise, it is the second
* level of nodes (inside the Includes) and Includes are not allowed
* (whilst the Excludes are still allowed)
*/
protected java.util.Vector gatherSubtrees(java.util.Vector children, boolean includes) throws PolicyParsingException, issrg.utils.RFC2253ParsingException, BadURLException {
java.util.Vector subtrees = new java.util.Vector();
java.util.Vector excl = includes?new java.util.Vector():subtrees; // if includes are not expected, collect the excludes into the subtrees - that's what should be returned
java.util.Vector classes = null;
int i=children.size();
boolean objClasses = includes && expectObjClasses; //true; only if includes is true, i.e. it is the first level of nodes, objClasses can be expected
//System.out.println("\t\t*** BUILDING A DOMAIN SPEC ***"); //*******
while(i-->0){ // start from tail - gather ObjectClasses first
PolicyXMLNode child = (PolicyXMLNode)children.get(i);
String s = child.getName().intern();
// the attributes are collected without checking the name
// of the XML element - that's fine, they can be null
String minmax = (String)child.getAttributes().get(XMLTags.MIN_ATTRIBUTE);
int min=minmax==null?0:Integer.parseInt(minmax);
minmax = (String)child.getAttributes().get(XMLTags.MAX_ATTRIBUTE);
int max=minmax==null?-1:Integer.parseInt(minmax);
//System.out.println("\t"+s); //*******
String dn = (String)child.getAttributes().get(XMLTags.LDAPDN_ATTRIBUTE);
String url = (String)child.getAttributes().get(XMLTags.URL_ATTRIBUTE);
if (dn!=null && url!=null){
throw new PolicyParsingException("Invalid subtree specification: cannot have "+XMLTags.LDAPDN_ATTRIBUTE+" and "+XMLTags.URL_ATTRIBUTE+" attributes at the same time.");
}
if (dn==null && url==null){ // if both were not specified, imply "world" LDAPDN (DN="")
dn="";
}
Subtree sub=null;
objClasses &= s==XMLTags.OBJECT_CLASS_NODE; // as soon as no more ObjectClasses are there, let no more appear
if (s==XMLTags.INCLUDE_NODE){
if (!includes) throw new PolicyParsingException(s+" nodes cannot be nested"); // !includes => second level of nodes, inside an Include
//System.out.println("\t\tchildren: "+child.getChildren()); //*********
if (child.getChildren().size()!=0){ // if include node has children, all of them should be Exclude nodes - add them all to the list of already collected Exclude nodes
excl.addAll(0, gatherSubtrees(child.getChildren(), false));
}
Subtree [] exclude = (Subtree[])excl.toArray(new Subtree[0]);
excl = new java.util.Vector(); // reset the list of Excludes once it has been used
if (dn==null){ // URL is not null then! if dn==null and url==null, then dn="";
//System.out.print("\t\t\turl: "+url); //*********
sub=issrg.pba.rbac.URLHandler.getSubtreeByURL(url, min, max, exclude);
}else{
sub=new DITSubtree(new LDAPDNPrincipal(dn), min, max, classes==null?null:(String[])classes.toArray(new String[0]), exclude);
}
//System.out.println("\tsubtree: "+sub); //*********
// this should never happen - just a sanity check
if (sub==null) throw new PolicyParsingException("Invalid subtree specification: DN="+dn+", URL="+url);
// adding from before, so the array will look as a copy of the actual
// XML: note, that the XML child nodes are passed in the reverse order
subtrees.add(0, sub);
}else if (s==XMLTags.EXCLUDE_NODE){
if (dn==null){ // URL is not null then! if dn==null and url==null, then dn="";
sub=issrg.pba.rbac.URLHandler.getSubtreeByURL(url, min, max, null);
}else{
sub=new DITSubtree(new LDAPDNPrincipal(dn), min, max, null, null);
}
// this should never happen - just a sanity check
if (sub==null) throw new PolicyParsingException("Invalid subtree specification: DN="+dn+", URL="+url);
excl.add(0, sub);
}else if (objClasses){// && s==OBJECT_CLASS_NODE){ -- this comparison is superficial, when objClasses is already tracking this
if (classes==null){
classes = new java.util.Vector();
}
s=(String)child.getAttributes().get(XMLTags.NAME_ATTRIBUTE);
if (s==null){
throw new PolicyParsingException(XMLTags.NAME_ATTRIBUTE+" is required, but not found");
}
classes.add(s);
}else{
throw new PolicyParsingException(s+" node was found, but was not expected");
}
}
// TODO: check that includes==true and excl.size()==0? i.e. unused Excludes were found - they should never go before Includes?
// and complain?
return subtrees;
}
/**
* Returns the ID of the Domain.
*/
public String getID(){
return domainID;
}
/**
* Returns the Subtree of this Domain specification.
*/
public Subtree getSubtree(){
return subTree;
}
}
/**
* This is a simple extension of DomainSpecNode that makes sure that only
* SubjectDomainSpecs are interpreted, and no ObjectClasses are allowed.
*/
public class SubjectDomainSpecNode extends DomainSpecNode{
public SubjectDomainSpecNode(Attributes attrs){
super(XMLTags.SUBJECT_PREFIX, false, attrs);
}
}
/**
* This is a simple extension of DomainSpecNode that makes sure that only
* TargetDomainSpecs are interpreted, and ObjectClasses are allowed.
*/
public class TargetDomainSpecNode extends DomainSpecNode{
public TargetDomainSpecNode(Attributes attrs){
super(XMLTags.TARGET_PREFIX, true, attrs);
}
}
/**
* This node implements the RoleAssignmentPolicy XML node. It is intelligent
* enough to walk through its children and retrieve all the information to
* build an index of AssignmentRule vectors by SOA DNs.
*
* @author A Otenko
* @version 1.0
*/
public class RoleAssignmentPolicyNode extends PolicyXMLNode{
/**
* These numbers are the position of the nodes under the RoleAssignment node.
*/
public static final int SUBJECT_DOMAIN_NODE_SEQUENCE = 0;
public static final int ROLE_LIST_NODE_SEQUENCE = 1;
public static final int DELEGATE_NODE_SEQUENCE = 2;
public static final int SOA_NODE_SEQUENCE = 3;
public static final int VALIDITY_NODE_SEQUENCE = 4;
public static final int ABSOLUTE_VALIDITY_NODE_SEQUENCE = 0;
public static final int AGE_VALIDITY_NODE_SEQUENCE = 1;
public static final int MAXIMUM_VALIDITY_NODE_SEQUENCE = 2;
public static final int MINIMUM_VALIDITY_NODE_SEQUENCE = 3;
/**
* Temporary storage for different policies.
*/
private DomainPolicyNode subjectPol;
private SOAPolicyNode soas;
/**
* This is where the final rules are stored, indexed by SOA DN.
*/
protected java.util.Map rules;
/**
* This constructor builds a RoleAssingmentPolicyNode, given the
* attributes of the XML element. It uses the Subject Policy and
* SOA Policy constructed by XMLPolicyParser, so these must already be
* known at the time of constructing the object.
*
* @param attrs - the attributes of this XML element
*/
public RoleAssignmentPolicyNode(Attributes attrs){
this(subjectPolicy, soaPolicy, attrs);
}
/**
* This constructor builds the object from explicitly specified
* Subject Policy, SOA Policy and the attributes of the XML element.
*
* @param subjectPolicy - the Subject Policy to be used
* @param soaPolicy - the SOA Policy to be used
* @param attrs - the attributes of this XML element
*/
public RoleAssignmentPolicyNode(DomainPolicyNode subjectPolicy,
SOAPolicyNode soaPolicy, Attributes attrs) {
super(XMLTags.ROLE_ASSIGNMENT_POLICY_NODE, attrs);
this.subjectPol = subjectPolicy;
soas = soaPolicy;
delegationPolicy = this;
}
/**
* This method finishes the construction of the Role Assignment Policy.
* During this process it checks that the right XML statements appear
* in the policy and in the correct sequence. It checks that the SOA
* and the Subject domain with the specified IDs have been declared in
* the corresponding policies.
*/
public void construct() throws PolicyParsingException{
rules = new java.util.Hashtable();
rules.put(issrg.pba.rbac.policies.Subtree.class, subjectPol.getCoverageDomain());
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -