attributedesignator.java

sunxacml源码

            throw new ParsingException("Required DataType missing in " +
                                       "AttributeDesignator", e);
        }
        
        try {
            // there might be an issuer
            Node node = attrs.getNamedItem("Issuer");
            if (node != null)
                issuer = new URI(node.getNodeValue());

            // if it's for the Subject section, there's another attr
            if (target == SUBJECT_TARGET) {
                Node scnode = attrs.getNamedItem("SubjectCategory");
                if (scnode != null)
                    subjectCategory = new URI(scnode.getNodeValue());
                else
                    subjectCategory = new URI(SUBJECT_CATEGORY_DEFAULT);
            }

            // there might be a mustBePresent flag
            node = attrs.getNamedItem("MustBePresent");
            if (node != null)
                if (node.getNodeValue().equals("true"))
                    mustBePresent = true;
        } catch (Exception e) {
            // this shouldn't ever happen, but in theory something could go
            // wrong in the code in this try block
            throw new ParsingException("Error parsing AttributeDesignator " +
                                       "optional attributes", e);
        }

        AttributeDesignator ad =
            new AttributeDesignator(target, type, id, mustBePresent, issuer);
        ad.setSubjectCategory(subjectCategory);

        return ad;
    }

    /**
     * Returns the type of this designator as specified by the *_TARGET
     * fields.
     *
     * @return the designator type
     */
    public int getDesignatorType() {
        return target;
    }

    /**
     * Returns the type of attribute that is resolved by this designator.
     * While an AD will always return a bag, this method will always return
     * the type that is stored in the bag.
     *
     * @return the attribute type
     */
    public URI getType() {
        return type;
    }

    /**
     * Returns the AttributeId of the values resolved by this designator.
     *
     * @return identifier for the values to resolve
     */
    public URI getId() {
        return id;
    }

    /**
     * Returns the subject category for this designator. If this is not a
     * SubjectAttributeDesignator then this will always return null.
     *
     * @return the subject category or null if this isn't a
     *         SubjectAttributeDesignator
     */
    public URI getCategory() {
        return subjectCategory;
    }

    /**
     * Returns the issuer of the values resolved by this designator if
     * specified.
     *
     * @return the attribute issuer or null if unspecified
     */
    public URI getIssuer() {
        return issuer;
    }

    /**
     * Returns whether or not a value is required to be resolved by this
     * designator.
     *
     * @return true if a value is required, false otherwise
     */
    public boolean mustBePresent() {
        return mustBePresent;
    }

    /**
     * Always returns true, since a designator always returns a bag of
     * attribute values.
     *
     * @return true
     */
    public boolean returnsBag() {
        return true;
    }

    /**
     * Always returns true, since a designator always returns a bag of
     * attribute values.
     *
     * @deprecated As of 2.0, you should use the <code>returnsBag</code>
     *             method from the super-interface <code>Expression</code>.
     *
     * @return true
     */
    public boolean evaluatesToBag() {
        return true;
    }

    /**
     * Always returns an empty list since designators never have children.
     *
     * @return an empty <code>List</code>
     */
    public List getChildren() {
        return Collections.EMPTY_LIST;
    }

    /**
     * Evaluates the pre-assigned meta-data against the given context,
     * trying to find some matching values.
     *
     * @param context the representation of the request
     *
     * @return a result containing a bag either empty because no values were
     * found or containing at least one value, or status associated with an
     * Indeterminate result
     */
    public EvaluationResult evaluate(EvaluationCtx context) {
        EvaluationResult result = null;

        // look in the right section for some attribute values
        switch(target) {
        case SUBJECT_TARGET:
            result = context.getSubjectAttribute(type, id,
                                                 issuer, subjectCategory);
            break;
        case RESOURCE_TARGET:
            result = context.getResourceAttribute(type, id, issuer);
            break;
        case ACTION_TARGET:
            result = context.getActionAttribute(type, id, issuer);
            break;
        case ENVIRONMENT_TARGET:
            result = context.getEnvironmentAttribute(type, id, issuer);
            break;
        }

        // if the lookup was indeterminate, then we return immediately
        if (result.indeterminate())
            return result;

        BagAttribute bag = (BagAttribute)(result.getAttributeValue());

        if (bag.isEmpty()) {
            // if it's empty, this may be an error
            if (mustBePresent) {
                if (logger.isLoggable(Level.INFO))
                    logger.info("AttributeDesignator failed to resolve a " +
                                "value for a required attribute: " +
                                id.toString());

                ArrayList code = new ArrayList();
                code.add(Status.STATUS_MISSING_ATTRIBUTE);
                
                String message = "Couldn't find " + targetTypes[target] +
                    "AttributeDesignator attribute";

                // Note that there is a bug in the XACML spec. You can't
                // specify an identifier without specifying acceptable
                // values. Until this is fixed, this code will only
                // return the status code, and not any hints about what
                // was missing

                /*List attrs = new ArrayList();
                  attrs.add(new Attribute(id,
                  ((issuer == null) ? null :
                  issuer.toString()),
                  null, null));
                  StatusDetail detail = new StatusDetail(attrs);*/

                return new EvaluationResult(new Status(code, message));
            }
        }

        // if we got here the bag wasn't empty, or mustBePresent was false,
        // so we just return the result
        return result;
    }

    /**
     * Encodes this designator into its XML representation and
     * writes this encoding to the given <code>OutputStream</code> with no
     * indentation.
     *
     * @param output a stream into which the XML-encoded data is written
     */
    public void encode(OutputStream output) {
        encode(output, new Indenter(0));
    }

    /**
     * Encodes this designator into its XML representation and
     * writes this encoding to the given <code>OutputStream</code> with
     * indentation.
     *
     * @param output a stream into which the XML-encoded data is written
     * @param indenter an object that creates indentation strings
     */
    public void encode(OutputStream output, Indenter indenter) {
        PrintStream out = new PrintStream(output);
        String indent = indenter.makeString();

        String tag = "<" + targetTypes[target] + "AttributeDesignator";

        if ((target == SUBJECT_TARGET) && (subjectCategory != null))
            tag += " SubjectCategory=\"" + subjectCategory.toString() + "\"";
        
        tag += " AttributeId=\"" + id.toString() + "\"";
        tag += " DataType=\"" + type.toString() + "\"";

        if (issuer != null)
            tag += " Issuer=\"" + issuer.toString() + "\"";

        if (mustBePresent)
            tag += " MustBePresent=\"true\"";

        tag += "/>";

        out.println(indent + tag);
    }

}