policyfinder.java

一个完整的XACML工程,学习XACML技术的好例子!

/*
* Copyright (c) 2006, University of Kent
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without 
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this 
* list of conditions and the following disclaimer.
* 
* Redistributions in binary form must reproduce the above copyright notice, 
* this list of conditions and the following disclaimer in the documentation 
* and/or other materials provided with the distribution. 
*
* 1. Neither the name of the University of Kent nor the names of its 
* contributors may be used to endorse or promote products derived from this 
* software without specific prior written permission. 
*
* 2. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS  
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
* PURPOSE ARE DISCLAIMED. 
*
* 3. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
* POSSIBILITY OF SUCH DAMAGE.
*
* 4. YOU AGREE THAT THE EXCLUSIONS IN PARAGRAPHS 2 AND 3 ABOVE ARE REASONABLE
* IN THE CIRCUMSTANCES.  IN PARTICULAR, YOU ACKNOWLEDGE (1) THAT THIS
* SOFTWARE HAS BEEN MADE AVAILABLE TO YOU FREE OF CHARGE, (2) THAT THIS
* SOFTWARE IS NOT "PRODUCT" QUALITY, BUT HAS BEEN PRODUCED BY A RESEARCH
* GROUP WHO DESIRE TO MAKE THIS SOFTWARE FREELY AVAILABLE TO PEOPLE WHO WISH
* TO USE IT, AND (3) THAT BECAUSE THIS SOFTWARE IS NOT OF "PRODUCT" QUALITY
* IT IS INEVITABLE THAT THERE WILL BE BUGS AND ERRORS, AND POSSIBLY MORE
* SERIOUS FAULTS, IN THIS SOFTWARE.
*
* 5. This license is governed, except to the extent that local laws
* necessarily apply, by the laws of England and Wales.
*/

package issrg.pba.rbac;


import issrg.pba.rbac.policies.*;
import java.security.Principal;
import issrg.utils.repository.AttributeRepository;
import issrg.pba.PolicyParser;
import issrg.pba.Subject;
import issrg.pba.Target;
import issrg.pba.Action;
import issrg.pba.PbaException;
import issrg.pba.CredentialsService;
import issrg.pba.repository.AuthTokenRepository;

import issrg.pba.rbac.URLHandler;

import issrg.SAWS.*; // added for MSoD


/**
 * This is an abstract class that is designed for the PermisRBAC class to 
 * retrieve policies from different formats. It defines the way of retrieving 
 * policies, as well as providing some basic implementation of all the sucessive 
 * SubClass.
 *
 * @author Gansen
 */
public abstract class PolicyFinder {
    
    /** This is the Authorisation token repository that keeps the policy*/
  protected AuthTokenRepository Repository=null;
  
  /** This is the signature verifier that verifies the signature over the policy */
  protected SignatureVerifier sv=null; //MultiRepository
  
  /** This is the parsed form of the loaded policy */
  protected PolicyParser parsedPolicy; 
  
  /** This is the authorisation token parser that is used to parse the authorisation tokens*/
  protected issrg.pba.AuthTokenParser tokenParser;// = CustomisePERMIS.getAuthTokenParser();  
  
  /** This is the allocation policy object */
  protected issrg.pba.rbac.policies.AllocationPolicy allocationPolicy;
  
  /** This is the access policy object.*/
  protected issrg.pba.rbac.policies.AccessPolicy accessPolicy;

  protected issrg.pba.rbac.policies.MSoDPolicySet msodPolicySet;  // added for MSoD
  protected SAWSServer sawsServer = null;  // added for MSoD


  // change ObjectID into String
  // date 15/11/2005
  protected String policyOID;
    
    // this statement registers the XML nodes of the IF-statement and interpreters
    static {
        issrg.pba.rbac.xmlpolicy.XMLPolicyParser.registerDefaultNodes();
    }
      
  /**
   * This method returns the object that is the parsed form of the loaded policy
   */
    public PolicyParser getParsedPolicy(){
        return parsedPolicy;
    }

   
    /**
     * This method returns the allocation policy.
     */
    public AllocationPolicy getAllocationPolicy(){
        return allocationPolicy;
    }
    
    /**
     *This method returns the access policy.
     */
    public AccessPolicy getAccessPolicy(){
        return accessPolicy;
    }
    
    /**
     *This method returns the access policy. added for MSoD
     */
    public MSoDPolicySet getMSoDPolicy(){
        return msodPolicySet; 
    }

    /**
     * This method retrieves the repository object.
     */
    public AuthTokenRepository getRepository(){
        return Repository;
    }
    
    /**
     * This method retrieve the signature verifier object.
     */
    public SignatureVerifier getSV(){
        return sv;
    }
    
    // change ObjectID getPolicyOID() into String getPolicyOID()
    // date : 15/11/2005
    public String getPolicyOID(){
      return policyOID;
    }
    
    private static final String DOCTYPE = "<!DOCTYPE";
    private static final String SYSTEM = "SYSTEM";
    private static final String DOCTYPE_C = ">";
    private static final String COMMENT_O = "<!--";
    private static final String COMMENT_C = "-->";
    
    

  /**
   * This method does simplistic XML policy pre-processing to remove a &lt;!DOCTYPE
   * SYSTEM&gt; tag from it. The tag is intended to point to the DTD location,
   * and the XML parsers attempt to validate the XML policy using it. Note that
   * the location is very often machine-specific and only confuses the XML 
   * parser. It is safe to remove the pointer to the DTD, since the 
   * XMLPolicyParser validates the semantics of the XML.
   *
   * @param xml - the XML to remove the SYSTEM tag from
   * @return the XML without the SYSTEM tag in it
   */    
  public static String removeSystemTag(String xml){
    int doctypeIdx=0;
    int commentIdx=0;

    while (true){
      doctypeIdx=xml.indexOf(DOCTYPE, doctypeIdx);
      if (doctypeIdx==-1) break;

      while (true){
        commentIdx=xml.indexOf(COMMENT_O, commentIdx);
        int e=xml.length();

        if (commentIdx>=0){
          e=xml.indexOf(COMMENT_C, commentIdx+COMMENT_O.length());
        }else{
          commentIdx=e;
        }

        if (doctypeIdx<e){
          break;
        }

        commentIdx=e+COMMENT_C.length();
      }

      if (doctypeIdx<commentIdx){
        int e=xml.indexOf(DOCTYPE_C, doctypeIdx);
        int s=xml.indexOf(SYSTEM, doctypeIdx);

	if (e>=0 && s>=0 && s<e && xml.charAt(s-1)<=' '
		&& xml.charAt(s+SYSTEM.length())<=' '){

		char [] chr=new char[xml.length()];
		StringBuffer sb = new StringBuffer(xml);
		sb.getChars(0, chr.length, chr, 0);

		sb=new StringBuffer(new String(chr, 0, s));
		sb.append(new String(chr, e, chr.length-e));

		xml=sb.toString();

	}
	commentIdx=doctypeIdx;
	doctypeIdx++;
      }
    }

    return xml;
  }    
}