📄 abstractpolicy.java
字号:
parseObligations(child);
} else if (cname.equals("CombinerParameters")) {
handleParameters(child);
}
}
// finally, make sure the obligations and parameters are immutable
obligations = Collections.unmodifiableSet(obligations);
parameters = Collections.unmodifiableList(parameters);
}
/**
* Helper routine to parse the obligation data
*/
private void parseObligations(Node root) throws ParsingException {
NodeList nodes = root.getChildNodes();
for (int i = 0; i < nodes.getLength(); i++) {
Node node = nodes.item(i);
if (node.getNodeName().equals("Obligation"))
obligations.add(Obligation.getInstance(node));
}
}
/**
* There used to be multiple things in the defaults type, but now
* there's just the one string that must be a certain value, so it
* doesn't seem all that useful to have a class for this...we could
* always bring it back, however, if it started to do more
*/
private void handleDefaults(Node root) throws ParsingException {
defaultVersion = null;
NodeList nodes = root.getChildNodes();
for (int i = 0; i < nodes.getLength(); i++) {
Node node = nodes.item(i);
if (node.getNodeName().equals("XPathVersion"))
defaultVersion = node.getFirstChild().getNodeValue();
}
}
/**
* Handles all the CombinerParameters in the policy or policy set
*/
private void handleParameters(Node root) throws ParsingException {
NodeList nodes = root.getChildNodes();
for (int i = 0; i < nodes.getLength(); i++) {
Node node = nodes.item(i);
if (node.getNodeName().equals("CombinerParameter"))
parameters.add(CombinerParameter.getInstance(node));
}
}
/**
* Returns the id of this policy
*
* @return the policy id
*/
public URI getId() {
return idAttr;
}
/**
* Returns the version of this policy. If this is an XACML 1.x policy
* then this will always return <code>"1.0"</code>.
*
* @return the policy version
*/
public String getVersion() {
return version;
}
/**
* Returns the combining algorithm used by this policy
*
* @return the combining algorithm
*/
public CombiningAlgorithm getCombiningAlg() {
return combiningAlg;
}
/**
* Returns the list of input parameters for the combining algorithm. If
* this is an XACML 1.x policy then the list will always be empty.
*
* @return a <code>List</code> of <code>CombinerParameter</code>s
*/
public List getCombiningParameters() {
return parameters;
}
/**
* Returns the given description of this policy or null if there is no
* description
*
* @return the description or null
*/
public String getDescription() {
return description;
}
/**
* Returns the target for this policy
*
* @return the policy's target
*/
public Target getTarget() {
return target;
}
/**
* Returns the XPath version to use or null if none was specified
*
* @return XPath version or null
*/
public String getDefaultVersion() {
return defaultVersion;
}
/**
* Returns the <code>List</code> of children under this node in the
* policy tree. Depending on what kind of policy this node represents
* the children will either be <code>AbstractPolicy</code> objects
* or <code>Rule</code>s.
*
* @return a <code>List</code> of child nodes
*/
public List getChildren() {
return children;
}
/**
* Returns the <code>List</code> of <code>CombinerElement</code>s that
* is provided to the combining algorithm. This returns the same set
* of children that <code>getChildren</code> provides along with any
* associated combiner parameters.
*
* @return a <code>List</code> of <code>CombinerElement</code>s
*/
public List getChildElements() {
return childElements;
}
/**
* Returns the Set of obligations for this policy, which may be empty
*
* @return the policy's obligations
*/
public Set getObligations() {
return obligations;
}
/**
* Returns the meta-data associated with this policy
*/
public PolicyMetaData getMetaData() {
return metaData;
}
/**
* Given the input context sees whether or not the request matches this
* policy. This must be called by combining algorithms before they
* evaluate a policy. This is also used in the initial policy finding
* operation to determine which top-level policies might apply to the
* request.
*
* @param context the representation of the request
*
* @return the result of trying to match the policy and the request
*/
public MatchResult match(EvaluationCtx context) {
return target.match(context);
}
/**
* Sets the child policy tree elements for this node, which are passed
* to the combining algorithm on evaluation. The <code>List</code> must
* contain <code>CombinerElement</code>s, which in turn will contain
* <code>Rule</code>s or <code>AbstractPolicy</code>s, but may not
* contain both types of elements.
*
* @param children a <code>List</code> of <code>CombinerElement</code>s
* representing the child elements used by the combining
* algorithm
*/
protected void setChildren(List children) {
// we always want a concrete list, since we're going to pass it to
// a combiner that expects a non-null input
if (children == null) {
this.children = Collections.EMPTY_LIST;
} else {
// NOTE: since this is only getting called by known child
// classes we don't check that the types are all the same
List list = new ArrayList();
Iterator it = children.iterator();
while (it.hasNext()) {
CombinerElement element = (CombinerElement)(it.next());
list.add(element.getElement());
}
this.children = Collections.unmodifiableList(list);
childElements = Collections.unmodifiableList(children);
}
}
/**
* Tries to evaluate the policy by calling the combining algorithm on
* the given policies or rules. The <code>match</code> method must always
* be called first, and must always return MATCH, before this method
* is called.
*
* @param context the representation of the request
*
* @return the result of evaluation
*/
public Result evaluate(EvaluationCtx context) {
// evaluate
Result result = combiningAlg.combine(context, parameters,
childElements);
// if we have no obligations, we're done
if (obligations.size() == 0)
return result;
// now, see if we should add any obligations to the set
int effect = result.getDecision();
if ((effect == Result.DECISION_INDETERMINATE) ||
(effect == Result.DECISION_NOT_APPLICABLE)) {
// we didn't permit/deny, so we never return obligations
return result;
}
Iterator it = obligations.iterator();
while (it.hasNext()) {
Obligation obligation = (Obligation)(it.next());
if (obligation.getFulfillOn() == effect)
result.addObligation(obligation);
}
// finally, return the result
return result;
}
/**
* Routine used by <code>Policy</code> and <code>PolicySet</code> to
* encode some common elements.
*
* @param output a stream into which the XML-encoded data is written
* @param indenter an object that creates indentation strings
*/
protected void encodeCommonElements(OutputStream output,
Indenter indenter) {
Iterator it = childElements.iterator();
while (it.hasNext()) {
((CombinerElement)(it.next())).encode(output, indenter);
}
if (obligations.size() != 0) {
PrintStream out = new PrintStream(output);
String indent = indenter.makeString();
out.println(indent + "<Obligations>");
indenter.in();
it = obligations.iterator();
while (it.hasNext()) {
((Obligation)(it.next())).encode(output, indenter);
}
out.println(indent + "</Obligations>");
indenter.out();
}
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -