accesspolicy.java

一个完整的XACML工程,学习XACML技术的好例子!

/*
* Copyright (c) 2000-2005, University of Salford
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without 
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this 
* list of conditions and the following disclaimer.
* 
* Redistributions in binary form must reproduce the above copyright notice, 
* this list of conditions and the following disclaimer in the documentation 
* and/or other materials provided with the distribution. 
*
* Neither the name of the University of Salford nor the names of its 
* contributors may be used to endorse or promote products derived from this 
* software without specific prior written permission. 
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
* POSSIBILITY OF SUCH DAMAGE.
*/

package issrg.pba.rbac.policies;

import issrg.pba.DecisionWithObligationException;
import issrg.pba.Obligations;
import issrg.utils.repository.Entry;
import issrg.pba.PbaException;
import issrg.pba.Response;
import issrg.pba.PERMISResponse;
import issrg.pba.rbac.xmlpolicy.XMLPolicyParser;
import java.util.Map;
import java.util.Hashtable;
import java.util.Vector;

/**
 * This is the class representing the Target Access Policy. It delivers the 
 * decision
 * on whether a user with a certain set of credentials is allowed to access a 
 * target.
 * <p>
 * It knows the rules for accessing targets, and can make a decision based on
 * those rules, when passed the set of credentials, the action and the target
 * parameters.
 * <p>
 * It is aware of the Target domains and all Target Access Policy statements,
 * including the IF statement.
 * <p>
 *
 * @see AccessRule
 *
 * @author A Otenko
 * @version 1.0
 */

public class AccessPolicy {

  /**
   * This is where the action policy is stored for internal purposes
   */
  protected XMLPolicyParser.ActionPolicyNode actionPolicy;

  /**
   * This is where the target domain policy is stored for internal purposes
   */
  protected XMLPolicyParser.DomainPolicyNode targetPolicy;

  /**
   * This is where the Access Rules are stored
   */
  protected java.util.Map rules;

  /**
   * This is added for MSoD. 
   *
   */
  MSoDPolicySet msodPolicySet; 

  /**
   * This is used to determine where the parameters start in the action
   * definition String array. It is 1 now, but can be 0 if we decide to remove
   * the return type of the action.
   */
  private final static int SHIFT_ACTIONS=1;

  protected AccessPolicy(){}

  /**
   * This constructor creates the object out of a set of the access Rules. There
   * are two special kinds of rules. One of the rules is
   * the Action Policy that defines the methods. To find it among the rules,
   * the XMLPolicyParser.ActionPolicyNode.class is used as the key, and the 
   * value is assumed to be an XMLPolicyParser.ActionPolicyNode object 
   * containing the
   * action definitions accessible by the action name. 
   *
   * <p>The other special rule is the Target Policy, specifying the domains of
   * targets. To find it among the rules, XMLPolicyParser.DomainPolicyNode.class
   * is used as the key and the value is assumed to be a 
   * XMLPolicyParser.DomainPolicyNode
   *
   * <p>All the other rules are indexed by Action name and constitute Vectors
   * of AccessRule objects. There is a special action with an empty name ("").
   * The entry for this action contains the rules that allow any action to be
   * executed, without explicitly naming them. So to make a decision, the 
   * AccessPolicy finds all the rules that belong to the named action 
   * (i.e.&nbsp;the TargetAccess names the action explicitly) and all the rules
   * that do not name any action (i.e.&nbsp;the TargetAccess allows any action
   * to be executed, if the condition is met). If there is a rule that can be
   * satisfied (the Subject has the required Credentials and the IF-condition
   * evaluates to true, if present), then access can be granted.
   *
   * @param accessRules is a map of rules, created by the PolicyParser; the map
   *    is indexed by Action name, and contains
   *    Vectors of Target access rules for each of them, including the
   *    specification of what targets can execute this action, and what is the
   *    minimal set of credentials for gaining that access; 
   */
  public AccessPolicy(java.util.Map accessRules) {
    rules = accessRules;
    actionPolicy = (XMLPolicyParser.ActionPolicyNode)accessRules.get(XMLPolicyParser.ActionPolicyNode.class);
    targetPolicy = (XMLPolicyParser.DomainPolicyNode)accessRules.get(XMLPolicyParser.DomainPolicyNode.class);
  }


  /**
   * This constructor is for MSoD.
   * DONT YOU EVER COPY PASTE IN YOUR LIFE! IT IS A SIN!
   */
  public AccessPolicy(java.util.Map accessRules, MSoDPolicySet msodPS) {
    this(accessRules); // this is the right way to ensure this constructor does the same as the other one
    msodPolicySet = msodPS;   // added for MSoD 
    //rules = accessRules; 
    //actionPolicy = (XMLPolicyParser.ActionPolicyNode)accessRules.get(XMLPolicyParser.ActionPolicyNode.class);
    //targetPolicy = (XMLPolicyParser.DomainPolicyNode)accessRules.get(XMLPolicyParser.DomainPolicyNode.class);
  }


  /**
   * This method performs the actual access control. Given a set of credentials,
   * it checks whether there is any statement in the TargetAccessPolicy that
   * allows to perform the given Action on the given Target. After matching
   * the set of credentials and the Target domain, the IF statement is 
   * evaluated,
   * involving the Environment and the arguments to the Action.
   *
   * <p>Note that the IF statement is the interpretation tree, which is built
   * by the PolicyParser, and it can evaluate itself.
   *
   * <p>To find the rules, the rule set provided to the constructor is searched
   * for rules mentioning the Action explicitly, and for the rules implying the
   * Action (i.e.&nbsp;the rules allowing "any" action).
   *
   * @param creds is the set of credentials the user possesses
   * @param a is the action the user wants to perform (name + action ADI)
   * @param t is the target the user wants to perform (name + target ADI); 
   *   Target must return TargetADI implementing Entry interface
   * @param environment is the collection of environmental parameters to the
   *      action; contextual ADI
   *
   * @return true, if the requested access can be granted; false, if the access 
   *    is denied by the policy
   * @throws PbaException in any case of error; for example, malformed 
   *    parameters
   *    to the method, or an error in decision evaluation, thrown by an Access
   *    Rule
   * @throws DecisionWithObligationException, if the policy requires some 
   *    Obligations to be enforced along with the decision; either handle this
   *    case specially to enforce the obligations, or use response method
   * @see AccessPolicy#response
   */
  public boolean decision(issrg.pba.Credentials creds, issrg.pba.Action a,
                          issrg.pba.Target t, java.util.Map environment)
			throws PbaException{
      Response resp = response(creds,a,t,environment);
      Obligations oblgs=resp.getObligations();
      if((oblgs!=null)||(oblgs.isEmpty()==false)){
          //thorw an error here, telling that the decision shall be enforced with obligations.
          throw new DecisionWithObligationException("There are obligations associated with this decision, which must be fulfiled with the enforcement of the decision.",resp);
      }      
      
      return resp.isAuthorised();      
      
  }
   
  /**
   * This method makes a decision, and returns a response regarding to the 
   * request represented by a set of Credentials, an Action, the Target and 
   * the Environment. The response may contain obligations.
   *
   * @param creds is the set of credentials the user possesses
   * @param a is the action the user wants to perform (name + action ADI)
   * @param t is the target the user wants to perform (name + target ADI); 
   *   Target 
   *   must return TargetADI implementing Entry interface
   * @param environment is the collection of environmental parameters to the
   *      action; contextual ADI
   *
   * @return a Response that contains the authorisation decision and the 
   *   obligations that must be enforced along with it.
   */
  public Response response(issrg.pba.Credentials creds, issrg.pba.Action a,
                          issrg.pba.Target t, java.util.Map environment)
			throws PbaException{

      //System.out.println("\t\t*** ACCESS POLICY INVOCATION ***\n\t"+rules); //*****

    Object targetADI = t.getTargetADI();

    PERMISResponse sd;

    if (!(targetADI instanceof Entry) || !targetPolicy.getCoverageDomain().contains((Entry)targetADI)){
      throw new TargetOutOfDomainException("Target is out of target domain");
    }

    if ((a==null) ^ (actionPolicy==null)){
      // the condition reads: the action cannot be null, if actionPolicy is not null
      // however, it must be null, if the actionPolicy is null
      throw new PbaException("Unacceptable Action for this Policy");
    }

    Map actionADI = new Hashtable();
    String aName="\0";    // the default action name, if the action is null
                          // the first loop (see below) will always skip in that case
                          // (because the actionPolicy would be null)

    if (a!=null){
      // actionPolicy is not null here
      aName=a.getActionName();
      String [] paramNames = actionPolicy.getActionDefinition(aName);
      Object o = a.getContextualADI();  // this should be an array of actual parameters, within Permis RBAC
      if (o==null) o=new Object[0];
      Object [] o1;

      //String hihix = (!(o instanceof Object[]))?"contextual ADI is not an Argument[]: "+o:
      //               (paramNames==null?"paramNames==null":
      //               (
      //                ((o1=((Argument[])o)).length!=paramNames.length-SHIFT_ACTIONS)?
      //                ("array lengths do not match: "+o1.length+"!="+paramNames.length+"-"+SHIFT_ACTIONS)
      //                :null
      //               )
      //               );
      if (!(o instanceof Object[]) || // is it an array of parameters?
          paramNames==null ||         // is there such an action?
          (o1 = (Object [])o).length!=paramNames.length-SHIFT_ACTIONS){ // are the arrays of actual parameters and argument names of the same length?
        throw new PbaException("Unacceptable Action for this Policy: "+aName);
      }

      // prepare the actionADI now
      // array index ranges are checked
      for (int i=0; i<o1.length; i++){
        actionADI.put(paramNames[i+SHIFT_ACTIONS], o1[i]);
      }
    }

    for(String bName=""; aName!=null; aName=bName, bName=null){ // loop twice: once for the real action name, the second time for "" name: any Action
      // look for rules applicable to this action (either aName or AnyAction)

      Vector accessRules = (Vector)rules.get(aName);  // they are vectors there
	//System.out.println("access rules for action: "+aName+" - "+accessRules);//***************
          /**
           * TODO: check class cast there ^^^ and throw an exception on error
           */

      if (accessRules==null){
        continue;     // it may happen that there is no rule for this action
                      // alone, but there can be a rule for AnyAction; or vice versa
      }

      for (int i=accessRules.size(); i-->0; ){
        AccessRule ar = (AccessRule)accessRules.get(i);
        if (ar.decide(creds, targetADI, actionADI, environment)){
	  //System.out.println("granted access because: "+ar); //************** this should be turned into a logging message - by which authority access has been granted
          
            //return true;  // found one rule that is applicable and grants access
          
          //@todo this is where we found the rule that can be applied to the current request.


        // This line is changed to insert MSoD. added for MSoD
        if (msodPolicySet == null)     {
            return new PERMISResponse(true, ar.getObligations());
        }
        else {
            return new PERMISResponse(
                !msodPolicySet.separationOfDutiesApplies(creds,  /*ar.getCreds(),*/ /*subject, */a, t, environment) , 
                ar.getObligations());
            //when msodPolicySet.separationOfDutiesApplies() returns true, it means a Separation of Duty rule applies here, 
            // this rule should forbid the user to get the access, i.e. the access request should be forbidden. 
            // So please note that "true" here means to deny access, "false" here means to grant access. 
        }
        }

        //System.out.println("access rule "+ar+" denied access"); //**************
      }
    }

    
    return new PERMISResponse(false);
    
    //return false;
  }
}