* ============LICENSE_START=======================================================
* ONAP-XACML
* ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeSelectorType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.ConditionType;
-import oasis.names.tc.xacml._3_0.core.schema.wd_17.IdReferenceType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionsType;
if (this.policyObject == null) {
return null;
}
- if (this.callback != null) {
- if (this.callback.onBeginScan(this.policyObject) == CallbackResult.STOP) {
- return this.policyObject;
- }
+ if (this.callback != null && this.callback.onBeginScan(this.policyObject) == CallbackResult.STOP) {
+ return this.policyObject;
}
if (this.policyObject instanceof PolicyType) {
this.scanPolicy(null, (PolicyType) this.policyObject);
if (logger.isTraceEnabled()) {
logger.trace("scanning policy set: " + policySet.getPolicySetId() + " " + policySet.getDescription());
}
- if (this.callback != null) {
- if (this.callback.onPreVisitPolicySet(parent, policySet) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
+ if (this.callback != null && this.callback.onPreVisitPolicySet(parent, policySet) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
}
//
// Scan its info
//
List<JAXBElement<?>> list = policySet.getPolicySetOrPolicyOrPolicySetIdReference();
for (JAXBElement<?> element: list) {
- if ("PolicySet".equals(element.getName().getLocalPart())) {
- if (this.scanPolicySet(policySet, (PolicySetType)element.getValue()) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
- } else if ("Policy".equals(element.getName().getLocalPart())) {
- if (this.scanPolicy(policySet, (PolicyType)element.getValue()) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
- } else if (element.getValue() instanceof IdReferenceType) {
- if ("PolicySetIdReference".equals(element.getName().getLocalPart())) {
-
- } else if ("PolicyIdReference".equals(element.getName().getLocalPart())) {
-
- }
+ if ("PolicySet".equals(element.getName().getLocalPart()) &&
+ this.scanPolicySet(policySet, (PolicySetType)element.getValue()) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
+ } else if ("Policy".equals(element.getName().getLocalPart()) &&
+ this.scanPolicy(policySet, (PolicyType)element.getValue()) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
} else {
logger.warn("generating policy sets found unsupported element: " + element.getName().getNamespaceURI());
}
}
- if (this.callback != null) {
- if (this.callback.onPostVisitPolicySet(parent, policySet) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
+ if (this.callback != null && this.callback.onPostVisitPolicySet(parent, policySet) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
}
return CallbackResult.CONTINUE;
}
if (logger.isTraceEnabled()) {
logger.trace("scanning policy: " + policy.getPolicyId() + " " + policy.getDescription());
}
- if (this.callback != null) {
- if (this.callback.onPreVisitPolicy(parent, policy) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
+ if (this.callback != null && this.callback.onPreVisitPolicy(parent, policy) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
}
//
// Scan its info
if (logger.isTraceEnabled()) {
logger.trace("scanning rule: " + rule.getRuleId() + " " + rule.getDescription());
}
- if (this.callback != null) {
- if (this.callback.onPreVisitRule(policy, rule) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
+ if (this.callback != null && this.callback.onPreVisitRule(policy, rule) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
}
if (this.scanTarget(rule, rule.getTarget()) == CallbackResult.STOP) {
return CallbackResult.STOP;
if (this.scanAdvice(rule, rule.getAdviceExpressions()) == CallbackResult.STOP) {
return CallbackResult.STOP;
}
- if (this.callback != null) {
- if (this.callback.onPostVisitRule(policy, rule) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
+ if (this.callback != null && this.callback.onPostVisitRule(policy, rule) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
}
} else if (o instanceof VariableDefinitionType) {
- if (this.callback != null) {
- if (this.callback.onVariable(policy, (VariableDefinitionType) o) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
+ if (this.callback != null && this.callback.onVariable(policy, (VariableDefinitionType) o) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
}
} else {
if (logger.isDebugEnabled()) {
}
}
}
- if (this.callback != null) {
- if (this.callback.onPostVisitPolicy(parent, policy) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
+ if (this.callback != null && this.callback.onPostVisitPolicy(parent, policy) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
}
return CallbackResult.CONTINUE;
}
} else {
logger.warn("NULL designator/selector or value for match.");
}
- if (attribute != null && this.callback != null) {
- if (this.callback.onAttribute(parent, target, attribute) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
+ if (attribute != null && this.callback != null && this.callback.onAttribute(parent, target, attribute) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
}
}
}
ob.addAttributeAssignment(attribute);
}
}
- if (this.callback != null) {
- if (this.callback.onObligation(parent, expression, ob) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
+ if (this.callback != null && this.callback.onObligation(parent, expression, ob) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
}
}
return CallbackResult.CONTINUE;
ob.addAttributeAssignment(attribute);
}
}
- if (this.callback != null) {
- if (this.callback.onAdvice(parent, expression, ob) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
+ if (this.callback != null && this.callback.onAdvice(parent, expression, ob) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
}
}
return CallbackResult.CONTINUE;
return CallbackResult.CONTINUE;
}
for (Object o : list) {
- if (o instanceof VariableDefinitionType) {
- if (this.callback != null) {
- if (this.callback.onVariable(policy, (VariableDefinitionType) o) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
- }
+ if (o instanceof VariableDefinitionType && this.callback != null && this.callback.onVariable(policy, (VariableDefinitionType) o) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
}
}
* @return
*/
protected CallbackResult scanConditions(RuleType rule, ConditionType condition) {
- if (condition != null) {
- if (this.callback != null) {
- if (this.callback.onCondition(rule, condition) == CallbackResult.STOP) {
- return CallbackResult.STOP;
- }
- }
+ if (condition != null && this.callback != null && this.callback.onCondition(rule, condition) == CallbackResult.STOP) {
+ return CallbackResult.STOP;
}
return CallbackResult.CONTINUE;
}
// Parse the policy file
//
Document doc = db.parse(is);
- //
- // Because there is no root defined in xacml,
- // find the first element
- //
- NodeList nodes = doc.getChildNodes();
- Node node = nodes.item(0);
- if (node.getNodeType() == Node.ELEMENT_NODE) {
- Element e = (Element) node;
+ Element e = doc.getDocumentElement();
+ //
+ // Is it a 3.0 policy?
+ //
+ if ("urn:oasis:names:tc:xacml:3.0:core:schema:wd-17".equals(e.getNamespaceURI())) {
//
- // Is it a 3.0 policy?
+ // A policyset or policy could be the root
//
- if ("urn:oasis:names:tc:xacml:3.0:core:schema:wd-17".equals(e.getNamespaceURI())) {
+ if (e.getNodeName().endsWith("Policy")) {
//
- // A policyset or policy could be the root
+ // Now we can create the context for the policy set
+ // and unmarshall the policy into a class.
//
- if (e.getNodeName().endsWith("Policy")) {
- //
- // Now we can create the context for the policy set
- // and unmarshall the policy into a class.
- //
- JAXBContext context = JAXBContext.newInstance(PolicyType.class);
- Unmarshaller um = context.createUnmarshaller();
- JAXBElement<PolicyType> root = um.unmarshal(e, PolicyType.class);
- //
- // Here is our policy set class
- //
- return root.getValue();
- } else if (e.getNodeName().endsWith("PolicySet")) {
- //
- // Now we can create the context for the policy set
- // and unmarshall the policy into a class.
- //
- JAXBContext context = JAXBContext.newInstance(PolicySetType.class);
- Unmarshaller um = context.createUnmarshaller();
- JAXBElement<PolicySetType> root = um.unmarshal(e, PolicySetType.class);
- //
- // Here is our policy set class
- //
- return root.getValue();
- } else {
- if (logger.isDebugEnabled()) {
- logger.debug("Not supported yet: " + e.getNodeName());
- }
- }
+ JAXBContext context = JAXBContext.newInstance(PolicyType.class);
+ Unmarshaller um = context.createUnmarshaller();
+ JAXBElement<PolicyType> root = um.unmarshal(e, PolicyType.class);
+ //
+ // Here is our policy set class
+ //
+ return root.getValue();
+ } else if (e.getNodeName().endsWith("PolicySet")) {
+ //
+ // Now we can create the context for the policy set
+ // and unmarshall the policy into a class.
+ //
+ JAXBContext context = JAXBContext.newInstance(PolicySetType.class);
+ Unmarshaller um = context.createUnmarshaller();
+ JAXBElement<PolicySetType> root = um.unmarshal(e, PolicySetType.class);
+ //
+ // Here is our policy set class
+ //
+ return root.getValue();
} else {
- logger.warn("unsupported namespace: " + e.getNamespaceURI());
+ if (logger.isDebugEnabled()) {
+ logger.debug("Not supported yet: " + e.getNodeName());
+ }
}
} else {
- if (logger.isDebugEnabled()) {
- logger.debug("No root element contained in policy " +
- " Name: " + node.getNodeName() + " type: " + node.getNodeType() +
- " Value: " + node.getNodeValue());
- }
+ logger.warn("unsupported namespace: " + e.getNamespaceURI());
}
} catch (Exception e) {
PolicyLogger.error(MessageCodes.ERROR_SCHEMA_INVALID, e, "XACMLPolicyScanner", "Exception in readPolicy");