targetmatch.java

sunxacml源码

/*
 * @(#)TargetMatch.java
 *
 * Copyright 2003-2005 Sun Microsystems, Inc. All Rights Reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 *   1. Redistribution of source code must retain the above copyright notice,
 *      this list of conditions and the following disclaimer.
 * 
 *   2. Redistribution in binary form must reproduce the above copyright
 *      notice, this list of conditions and the following disclaimer in the
 *      documentation and/or other materials provided with the distribution.
 *
 * Neither the name of Sun Microsystems, Inc. or the names of contributors may
 * be used to endorse or promote products derived from this software without
 * specific prior written permission.
 * 
 * This software is provided "AS IS," without a warranty of any kind. ALL
 * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
 * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
 * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
 * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
 * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
 * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
 * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
 * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY
 * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
 * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
 *
 * You acknowledge that this software is not designed or intended for use in
 * the design, construction, operation or maintenance of any nuclear facility.
 */

package com.sun.xacml;

import com.sun.xacml.EvaluationCtx;

import com.sun.xacml.attr.AttributeDesignator;
import com.sun.xacml.attr.AttributeFactory;
import com.sun.xacml.attr.AttributeSelector;
import com.sun.xacml.attr.AttributeValue;
import com.sun.xacml.attr.BagAttribute;
import com.sun.xacml.attr.BooleanAttribute;

import com.sun.xacml.cond.Evaluatable;
import com.sun.xacml.cond.EvaluationResult;
import com.sun.xacml.cond.Function;
import com.sun.xacml.cond.FunctionFactory;
import com.sun.xacml.cond.FunctionTypeException;

import com.sun.xacml.ctx.Status;

import java.io.OutputStream;
import java.io.PrintStream;

import java.net.URI;
import java.net.URISyntaxException;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;


/**
 * Represents the SubjectMatch, ResourceMatch, ActionMatch, or EnvironmentMatch
 * (in XACML 2.0 and later) XML types in XACML, depending on the value of the
 * type field. This is the part of the Target that actually evaluates whether
 * the specified attribute values in the Target match the corresponding
 * attribute values in the request context.
 *
 * @since 1.0
 * @author Seth Proctor
 */
public class TargetMatch
{

    /**
     * An integer value indicating that this class represents a SubjectMatch
     */
    public static final int SUBJECT = 0;

    /**
     * An integer value indicating that this class represents a ResourceMatch
     */
    public static final int RESOURCE = 1;

    /**
     * An integer value indicating that this class represents an ActionMatch
     */
    public static final int ACTION = 2;

    /**
     * An integer value indicating that this class represents an
     * EnvironmentMatch
     */
    public static final int ENVIRONMENT = 3;
    
    /**
     * Mapping from the 4 match types to their string representations
     */
    public static final String [] NAMES = { "Subject", "Resource", "Action",
                                            "Environment" };

    // the type of this target match
    private int type;

    // the function used for matching
    private Function function;

    // the designator or selector
    private Evaluatable eval;

    // the value
    private AttributeValue attrValue;

    /**
     * Constructor that creates a <code>TargetMatch</code> from components.
     *
     * @param type an integer indicating whether this class represents a
     *             SubjectMatch, ResourceMatch, or ActionMatch
     * @param function the <code>Function</code> that represents the MatchId
     * @param eval the <code>AttributeDesignator</code> or 
     *             <code>AttributeSelector</code> to be used to select 
     *             attributes from the request context
     * @param attrValue the <code>AttributeValue</code> to compare against
     *
     * @throws IllegalArgumentException if the input type isn't a valid value
     */
    public TargetMatch(int type, Function function, Evaluatable eval,
                       AttributeValue attrValue) 
        throws IllegalArgumentException {

        // check if input type is a valid value
        if ((type != SUBJECT) && 
            (type != RESOURCE) &&
            (type != ACTION) &&
            (type != ENVIRONMENT))
            throw new IllegalArgumentException("Unknown TargetMatch type");

        this.type = type;
        this.function = function;
        this.eval = eval;
        this.attrValue = attrValue;
    }

    /**
     * Creates a <code>TargetMatch</code> by parsing a node, using the
     * input prefix to determine whether this is a SubjectMatch, ResourceMatch,
     * or ActionMatch.
     *
     * @deprecated As of 2.0 you should avoid using this method and should
     *             instead use the version that takes a
     *             <code>PolicyMetaData</code> instance. This method will
     *             only work for XACML 1.x policies.
     *
     * @param root the node to parse for the <code>TargetMatch</code>
     * @param prefix a String indicating what type of <code>TargetMatch</code>
     *               to instantiate (Subject, Resource, or Action)
     * @param xpathVersion the XPath version to use in any selectors, or
     *                     null if this is unspecified (ie, not supplied in
     *                     the defaults section of the policy)
     * 
     * @return a new <code>TargetMatch</code> constructed by parsing
     *
     * @throws ParsingException if there was an error during parsing
     * @throws IllegalArgumentException if the input prefix isn't a valid value
     */
    public static TargetMatch getInstance(Node root, String prefix,
                                          String xpathVersion)
        throws ParsingException, IllegalArgumentException
    {
        int i = 0;
        while ((i < NAMES.length) && (! NAMES[i].equals(prefix)))
            i++;

        if (i == NAMES.length)
            throw new IllegalArgumentException("Unknown TargetMatch type");

        return getInstance(root, i,
                           new PolicyMetaData(
                                   PolicyMetaData.XACML_1_0_IDENTIFIER,
                                   xpathVersion));
    }

    /**
     * Creates a <code>TargetMatch</code> by parsing a node, using the
     * input prefix to determine whether this is a SubjectMatch, ResourceMatch,
     * or ActionMatch.
     *
     * @param root the node to parse for the <code>TargetMatch</code>
     * @param matchType the type of <code>TargetMatch</code> as specified by
     *                  the SUBJECT, RESOURCE, ACTION, or ENVIRONMENT fields
     * @param metaData the policy's meta-data
     * 
     * @return a new <code>TargetMatch</code> constructed by parsing
     *
     * @throws ParsingException if there was an error during parsing
     */
    public static TargetMatch getInstance(Node root, int matchType,
                                          PolicyMetaData metaData)
        throws ParsingException
    {
        Function function;
        Evaluatable eval = null;
        AttributeValue attrValue = null;

        AttributeFactory attrFactory = AttributeFactory.getInstance();

        // get the function type, making sure that it's really a correct
        // Target function
        String funcName = root.getAttributes().