2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.policy.pap.xacml.rest.components;
23 import com.att.research.xacml.api.XACML3;
24 import com.att.research.xacml.api.pap.PAPException;
25 import com.att.research.xacml.std.IdentifierImpl;
27 import java.io.ByteArrayInputStream;
29 import java.io.IOException;
31 import java.net.URISyntaxException;
32 import java.nio.charset.StandardCharsets;
33 import java.nio.file.Files;
34 import java.nio.file.Path;
35 import java.nio.file.Paths;
36 import java.util.ArrayList;
37 import java.util.Arrays;
38 import java.util.HashMap;
39 import java.util.LinkedList;
40 import java.util.List;
42 import java.util.UUID;
44 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AdviceExpressionType;
45 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AdviceExpressionsType;
46 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AllOfType;
47 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
48 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ApplyType;
49 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeAssignmentExpressionType;
50 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
51 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType;
52 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ConditionType;
53 import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType;
54 import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType;
55 import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory;
56 import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySetType;
57 import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
58 import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType;
59 import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType;
60 import oasis.names.tc.xacml._3_0.core.schema.wd_17.VariableDefinitionType;
61 import oasis.names.tc.xacml._3_0.core.schema.wd_17.VariableReferenceType;
63 import org.apache.commons.lang3.StringEscapeUtils;
64 import org.onap.policy.common.logging.eelf.MessageCodes;
65 import org.onap.policy.common.logging.eelf.PolicyLogger;
66 import org.onap.policy.common.logging.flexlogger.FlexLogger;
67 import org.onap.policy.common.logging.flexlogger.Logger;
68 import org.onap.policy.controlloop.policy.builder.BuilderException;
69 import org.onap.policy.controlloop.policy.builder.Results;
70 import org.onap.policy.controlloop.policy.guard.Constraint;
71 import org.onap.policy.controlloop.policy.guard.ControlLoopGuard;
72 import org.onap.policy.controlloop.policy.guard.Guard;
73 import org.onap.policy.controlloop.policy.guard.GuardPolicy;
74 import org.onap.policy.controlloop.policy.guard.MatchParameters;
75 import org.onap.policy.controlloop.policy.guard.builder.ControlLoopGuardBuilder;
76 import org.onap.policy.rest.adapter.PolicyRestAdapter;
77 import org.onap.policy.rest.dao.CommonClassDao;
78 import org.onap.policy.rest.jpa.DecisionSettings;
79 import org.onap.policy.rest.jpa.FunctionDefinition;
80 import org.onap.policy.utils.PolicyUtils;
81 import org.onap.policy.xacml.api.XACMLErrorConstants;
82 import org.onap.policy.xacml.std.pip.engines.aaf.AAFEngine;
83 import org.onap.policy.xacml.util.XACMLPolicyScanner;
84 import org.springframework.beans.factory.annotation.Autowired;
85 import org.springframework.stereotype.Component;
88 public class DecisionPolicy extends Policy {
90 private static final Logger LOGGER = FlexLogger.getLogger(DecisionPolicy.class);
92 public static final String FUNCTION_NOT = "urn:oasis:names:tc:xacml:1.0:function:not";
93 private static final String AAFPROVIDER = "AAF";
94 public static final String GUARD_YAML = "GUARD_YAML";
95 public static final String GUARD_BL_YAML = "GUARD_BL_YAML";
96 public static final String GUARD_MIN_MAX = "GUARD_MIN_MAX";
97 public static final String RAINY_DAY = "Rainy_Day";
98 public static final String MS_MODEL = "MicroService_Model";
99 private static final String XACML_GUARD_TEMPLATE = "Decision_GuardPolicyTemplate.xml";
100 private static final String XACML_BLGUARD_TEMPLATE = "Decision_GuardBLPolicyTemplate.xml";
101 private static final String XACML_GUARD_MIN_MAX_TEMPLATE = "Decision_GuardMinMaxPolicyTemplate.xml";
103 private static final String ONAPNAME = "ONAPName";
104 private static final String POLICY_NAME = "PolicyName";
105 private static final String DESCRIPTION = "description";
107 List<String> dynamicLabelRuleAlgorithms = new LinkedList<>();
108 List<String> dynamicFieldComboRuleAlgorithms = new LinkedList<>();
109 List<String> dynamicFieldOneRuleAlgorithms = new LinkedList<>();
110 List<String> dynamicFieldTwoRuleAlgorithms = new LinkedList<>();
111 List<String> dataTypeList = new LinkedList<>();
113 private static CommonClassDao commonClassDao;
115 public DecisionPolicy() {
120 public DecisionPolicy(CommonClassDao commonClassDao) {
121 DecisionPolicy.commonClassDao = commonClassDao;
124 public DecisionPolicy(PolicyRestAdapter policyAdapter) {
125 this.policyAdapter = policyAdapter;
126 this.commonClassDao = commonClassDao;
130 public Map<String, String> savePolicies() throws PAPException {
132 Map<String, String> successMap = new HashMap<>();
133 if (isPolicyExists()) {
134 successMap.put("EXISTS", "This Policy already exist on the PAP");
138 if (!isPreparedToSave()) {
139 // Prep and configure the policy for saving
143 // Until here we prepared the data and here calling the method to create xml.
144 Path newPolicyPath = null;
145 newPolicyPath = Paths.get(policyAdapter.getNewFileName());
147 successMap = createPolicy(newPolicyPath, getCorrectPolicyDataObject());
152 * Scan the Raw Policy data and set to PolicyAdapter.
154 private void readRawPolicyData() {
156 if ("API".equalsIgnoreCase(policyAdapter.getApiflag())) {
157 policy = XACMLPolicyScanner.readPolicy(new ByteArrayInputStream(
158 StringEscapeUtils.unescapeXml(policyAdapter.getRawXacmlPolicy()).getBytes(StandardCharsets.UTF_8)));
160 policy = XACMLPolicyScanner.readPolicy(
161 new ByteArrayInputStream(policyAdapter.getRawXacmlPolicy().getBytes(StandardCharsets.UTF_8)));
163 String policyRawDesc;
164 if (policy instanceof PolicySetType) {
165 policyRawDesc = ((PolicySetType) policy).getDescription() + "@#RuleProvider@#Decision_Raw@#RuleProvider@#";
166 ((PolicySetType) policy).setDescription(policyRawDesc);
168 policyRawDesc = ((PolicyType) policy).getDescription() + "@#RuleProvider@#Decision_Raw@#RuleProvider@#";
169 ((PolicyType) policy).setDescription(policyRawDesc);
171 policyAdapter.setPolicyData(policy);
172 policyAdapter.setData(policy);
173 setPreparedToSave(true);
177 // This is the method for preparing the policy for saving. We have broken it out
178 // separately because the fully configured policy is used for multiple things
180 public boolean prepareToSave() throws PAPException {
182 if (isPreparedToSave()) {
183 // we have already done this
188 String policyID = policyAdapter.getPolicyID();
189 version = policyAdapter.getHighestVersion();
191 if ("Raw".equals(policyAdapter.getRuleProvider())) {
195 // Create the Instance for pojo, PolicyType object is used in marshalling.
196 if ("Decision".equals(policyAdapter.getPolicyType())) {
197 PolicyType policyConfig = new PolicyType();
199 policyConfig.setVersion(Integer.toString(version));
200 policyConfig.setPolicyId(policyID);
201 policyConfig.setTarget(new TargetType());
202 policyAdapter.setData(policyConfig);
204 policyName = policyAdapter.getNewFileName();
206 if (policyAdapter.getRuleProvider().equals(GUARD_YAML) || policyAdapter.getRuleProvider().equals(GUARD_BL_YAML)
207 || policyAdapter.getRuleProvider().equals(GUARD_MIN_MAX)) {
209 Map<String, String> yamlParams = new HashMap<>();
210 String blackListEntryType =
211 policyAdapter.getBlackListEntryType() != null ? policyAdapter.getBlackListEntryType()
212 : "Use Manual Entry";
213 String description = policyAdapter.getPolicyDescription() != null ? policyAdapter.getPolicyDescription()
214 : "YAML Guard Policy";
215 yamlParams.put(DESCRIPTION, description + "@blEntry@" + blackListEntryType + "@blEntry@");
216 String fileName = policyAdapter.getNewFileName();
217 String name = fileName.substring(fileName.lastIndexOf('\\') + 1, fileName.length());
218 if ((name == null) || ("".equals(name))) {
219 name = fileName.substring(fileName.lastIndexOf('/') + 1, fileName.length());
221 yamlParams.put(POLICY_NAME, name);
222 yamlParams.put(ONAPNAME, policyAdapter.getOnapName());
223 Map<String, String> params = policyAdapter.getDynamicFieldConfigAttributes();
224 yamlParams.putAll(params);
225 // Call YAML to XACML
227 PolicyType decisionPolicy = getGuardPolicy(yamlParams, policyAdapter.getRuleProvider());
228 decisionPolicy.setRuleCombiningAlgId(policyAdapter.getRuleCombiningAlgId());
229 decisionPolicy.setVersion(Integer.toString(version));
230 policyAdapter.setPolicyData(decisionPolicy);
231 policyAdapter.setData(decisionPolicy);
232 } catch (BuilderException e) {
234 throw new PAPException(e);
236 } else if (policyAdapter.getData() != null) {
237 PolicyType decisionPolicy = (PolicyType) policyAdapter.getData();
239 decisionPolicy.setDescription(policyAdapter.getPolicyDescription());
241 decisionPolicy.setRuleCombiningAlgId(policyAdapter.getRuleCombiningAlgId());
242 AllOfType allOfOne = new AllOfType();
243 String fileName = policyAdapter.getNewFileName();
244 String name = fileName.substring(fileName.lastIndexOf('\\') + 1, fileName.length());
245 if ((name == null) || ("".equals(name))) {
246 name = fileName.substring(fileName.lastIndexOf('/') + 1, fileName.length());
248 allOfOne.getMatch().add(createMatch(POLICY_NAME, name));
250 AllOfType allOf = new AllOfType();
253 allOf.getMatch().add(createMatch(ONAPNAME, (policyAdapter.getOnapName())));
255 Map<String, String> dynamicFieldComponentAttributes = policyAdapter.getDynamicFieldConfigAttributes();
256 if (policyAdapter.getRuleProvider() != null && policyAdapter.getRuleProvider().equals(AAFPROVIDER)) {
257 dynamicFieldComponentAttributes = new HashMap<>();
260 // If there is any dynamic field attributes create the matches here
261 for (String keyField : dynamicFieldComponentAttributes.keySet()) {
262 String key = keyField;
263 String value = dynamicFieldComponentAttributes.get(key);
264 MatchType dynamicMatch = createDynamicMatch(key, value);
265 allOf.getMatch().add(dynamicMatch);
268 AnyOfType anyOf = new AnyOfType();
269 anyOf.getAllOf().add(allOfOne);
270 anyOf.getAllOf().add(allOf);
272 TargetType target = new TargetType();
273 target.getAnyOf().add(anyOf);
274 decisionPolicy.setTarget(target);
276 Map<String, String> dynamicFieldDecisionSettings = policyAdapter.getDynamicSettingsMap();
277 if (policyAdapter.getRuleProvider() != null && (policyAdapter.getRuleProvider().equals(AAFPROVIDER)
278 || policyAdapter.getRuleProvider().equals(RAINY_DAY))) {
279 dynamicFieldDecisionSettings = new HashMap<>();
282 // settings are dynamic so check how many rows are added and add all
283 for (String keyField : dynamicFieldDecisionSettings.keySet()) {
284 String key = keyField;
285 String value = dynamicFieldDecisionSettings.get(key);
286 String dataType = getDataType(key);
287 VariableDefinitionType dynamicVariable = createDynamicVariable(key, value, dataType);
288 decisionPolicy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(dynamicVariable);
291 Map<String, String> dynamicFieldTreatmentAttributes = policyAdapter.getRainydayMap();
292 if (policyAdapter.getRuleProvider().equals(RAINY_DAY)) {
293 for (String keyField : dynamicFieldTreatmentAttributes.keySet()) {
294 String errorcode = keyField;
295 String treatment = dynamicFieldTreatmentAttributes.get(errorcode);
296 createRainydayRule(decisionPolicy, errorcode, treatment, true);
299 createRule(decisionPolicy, true);
300 createRule(decisionPolicy, false);
304 setPreparedToSave(true);
308 public PolicyType getGuardPolicy(Map<String, String> yamlParams, String ruleProvider) throws BuilderException {
310 ControlLoopGuardBuilder builder = ControlLoopGuardBuilder.Factory.buildControlLoopGuard(new Guard());
311 MatchParameters matchParameters = new MatchParameters(yamlParams.get("actor"), yamlParams.get("recipe"));
312 matchParameters.setControlLoopName(yamlParams.get("clname"));
313 if (yamlParams.containsKey("targets")) {
314 String targetString = yamlParams.get("targets");
315 List<String> targets = null;
316 if (targetString != null && !targetString.isEmpty()) {
317 if (targetString.contains(",")) {
318 targets = Arrays.asList(targetString.split(","));
320 targets = new ArrayList<>();
321 targets.add(targetString);
324 matchParameters.setTargets(targets);
326 GuardPolicy policy1 = new GuardPolicy(
327 (policyAdapter.getUuid() != null ? policyAdapter.getUuid() : UUID.randomUUID().toString()),
328 yamlParams.get(POLICY_NAME), yamlParams.get(DESCRIPTION), matchParameters);
329 builder = builder.addGuardPolicy(policy1);
330 Map<String, String> activeTimeRange = new HashMap<>();
331 activeTimeRange.put("start", yamlParams.get("guardActiveStart"));
332 activeTimeRange.put("end", yamlParams.get("guardActiveEnd"));
333 String blackListString = yamlParams.get("blackList");
334 List<String> blackList = null;
335 if (blackListString != null && !blackListString.trim().isEmpty()) {
336 if (blackListString.contains(",")) {
337 blackList = Arrays.asList(blackListString.split(","));
339 blackList = new ArrayList<>();
340 blackList.add(blackListString);
343 if (yamlParams.containsKey("appendBlackList")) {
344 String appendBlackListString = yamlParams.get("appendBlackList");
345 List<String> appendBlackList = null;
346 if (appendBlackListString != null && !appendBlackListString.trim().isEmpty()) {
347 appendBlackList = Arrays.asList(appendBlackListString.split(","));
348 for (int i = 0; i < appendBlackList.size(); i++) {
349 blackList.remove(appendBlackList.get(i));
354 Path xacmlTemplatePath;
355 ClassLoader classLoader = getClass().getClassLoader();
356 Constraint cons = new Constraint();
357 switch (ruleProvider) {
359 templateFile = new File(classLoader.getResource(XACML_BLGUARD_TEMPLATE).getFile());
360 xacmlTemplatePath = templateFile.toPath();
361 cons.setActive_time_range(activeTimeRange);
362 if (blackList == null || blackList.isEmpty()) {
363 throw new BuilderException("blackList is required");
365 cons.setBlacklist(blackList);
368 templateFile = new File(classLoader.getResource(XACML_GUARD_MIN_MAX_TEMPLATE).getFile());
369 xacmlTemplatePath = templateFile.toPath();
370 cons = new Constraint(Integer.parseInt(yamlParams.get("min")),
371 Integer.parseInt(yamlParams.get("max")), activeTimeRange);
374 templateFile = new File(classLoader.getResource(XACML_GUARD_TEMPLATE).getFile());
375 xacmlTemplatePath = templateFile.toPath();
376 Map<String, String> timeWindow = new HashMap<>();
377 if (!PolicyUtils.isInteger(yamlParams.get("timeWindow"))) {
378 throw new BuilderException("time window is not in Integer format.");
380 String timeUnits = yamlParams.get("timeUnits");
381 if (timeUnits == null
382 || !("minute".equalsIgnoreCase(timeUnits) || "hour".equalsIgnoreCase(timeUnits)
383 || "day".equalsIgnoreCase(timeUnits) || "week".equalsIgnoreCase(timeUnits)
384 || "month".equalsIgnoreCase(timeUnits) || "year".equalsIgnoreCase(timeUnits))) {
385 throw new BuilderException("time Units is not in proper format.");
387 timeWindow.put("value", yamlParams.get("timeWindow"));
388 timeWindow.put("units", yamlParams.get("timeUnits"));
389 cons = new Constraint(Integer.parseInt(yamlParams.get("limit")), timeWindow, activeTimeRange);
393 builder = builder.addLimitConstraint(policy1.getId(), cons);
394 // Build the specification
395 Results results = builder.buildSpecification();
397 ControlLoopGuard yamlGuardObject = SafePolicyBuilder.loadYamlGuard(results.getSpecification());
398 String xacmlTemplateContent;
400 xacmlTemplateContent = new String(Files.readAllBytes(xacmlTemplatePath));
401 HashMap<String, String> yamlSpecs = new HashMap<>();
402 yamlSpecs.put(POLICY_NAME, yamlParams.get(POLICY_NAME));
403 yamlSpecs.put(DESCRIPTION, yamlParams.get(DESCRIPTION));
404 yamlSpecs.put(ONAPNAME, yamlParams.get(ONAPNAME));
405 GuardPolicy guard = yamlGuardObject.getGuards().get(0);
407 yamlSpecs.put("actor", guard.getMatch_parameters().getActor());
408 yamlSpecs.put("recipe", guard.getMatch_parameters().getRecipe());
409 yamlSpecs.put("clname", guard.getMatch_parameters().getControlLoopName());
411 Constraint constraints = guard.getLimit_constraints().get(0);
412 if (constraints.getFreq_limit_per_target() != null) {
413 yamlSpecs.put("limit", constraints.getFreq_limit_per_target().toString());
415 if (constraints.getTime_window() != null) {
416 yamlSpecs.put("twValue", constraints.getTime_window().get("value"));
417 yamlSpecs.put("twUnits", constraints.getTime_window().get("units"));
420 if (constraints.getMaxVnfCount() != null) {
421 yamlSpecs.put("max", constraints.getMaxVnfCount().toString());
423 if (constraints.getMinVnfCount() != null) {
424 yamlSpecs.put("min", constraints.getMinVnfCount().toString());
427 yamlSpecs.put("guardActiveStart", constraints.getActive_time_range().get("start"));
428 yamlSpecs.put("guardActiveEnd", constraints.getActive_time_range().get("end"));
429 String xacmlPolicyContent = SafePolicyBuilder.generateXacmlGuard(xacmlTemplateContent, yamlSpecs,
430 constraints.getBlacklist(), guard.getMatch_parameters().getTargets());
432 // Convert the Policy into Stream input to Policy Adapter.
433 Object policy = XACMLPolicyScanner
434 .readPolicy(new ByteArrayInputStream(xacmlPolicyContent.getBytes(StandardCharsets.UTF_8)));
436 return (PolicyType) policy;
437 } catch (IOException e) {
438 LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error while creating the policy " + e.getMessage(),
441 } catch (BuilderException e) {
442 LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error while creating the policy " + e.getMessage(), e);
448 private DecisionSettings findDecisionSettingsBySettingId(String settingId) {
449 return (DecisionSettings) commonClassDao.getEntityItem(DecisionSettings.class, "xacml_id", settingId);
452 private void createRule(PolicyType decisionPolicy, boolean permitRule) {
453 RuleType rule = new RuleType();
455 rule.setRuleId(policyAdapter.getRuleID());
458 rule.setEffect(EffectType.PERMIT);
460 rule.setEffect(EffectType.DENY);
462 rule.setTarget(new TargetType());
464 // Create Target in Rule
465 AllOfType allOfInRule = new AllOfType();
467 // Creating match for ACCESS in rule target
468 MatchType accessMatch = new MatchType();
469 AttributeValueType accessAttributeValue = new AttributeValueType();
470 accessAttributeValue.setDataType(STRING_DATATYPE);
471 accessAttributeValue.getContent().add("DECIDE");
472 accessMatch.setAttributeValue(accessAttributeValue);
473 AttributeDesignatorType accessAttributeDesignator = new AttributeDesignatorType();
474 URI accessURI = null;
476 accessURI = new URI(ACTION_ID);
477 } catch (URISyntaxException e) {
478 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "DecisionPolicy", "Exception creating ACCESS URI");
480 accessAttributeDesignator.setCategory(CATEGORY_ACTION);
481 accessAttributeDesignator.setDataType(STRING_DATATYPE);
482 accessAttributeDesignator.setAttributeId(new IdentifierImpl(accessURI).stringValue());
483 accessMatch.setAttributeDesignator(accessAttributeDesignator);
484 accessMatch.setMatchId(FUNCTION_STRING_EQUAL_IGNORE);
486 dynamicLabelRuleAlgorithms = policyAdapter.getDynamicRuleAlgorithmLabels();
487 dynamicFieldComboRuleAlgorithms = policyAdapter.getDynamicRuleAlgorithmCombo();
488 dynamicFieldOneRuleAlgorithms = policyAdapter.getDynamicRuleAlgorithmField1();
489 dynamicFieldTwoRuleAlgorithms = policyAdapter.getDynamicRuleAlgorithmField2();
491 if (policyAdapter.getRuleProvider() != null && policyAdapter.getRuleProvider().equals(AAFPROVIDER)) {
492 // Values for AAF Provider are here for XML Creation.
493 ConditionType condition = new ConditionType();
494 ApplyType decisionApply = new ApplyType();
496 AttributeValueType value1 = new AttributeValueType();
497 value1.setDataType(BOOLEAN_DATATYPE);
498 value1.getContent().add("true");
500 AttributeDesignatorType value2 = new AttributeDesignatorType();
501 value2.setAttributeId(AAFEngine.AAF_RESULT);
502 value2.setCategory(CATEGORY_RESOURCE);
503 value2.setDataType(BOOLEAN_DATATYPE);
504 value2.setMustBePresent(false);
506 ApplyType innerDecisionApply = new ApplyType();
507 innerDecisionApply.setFunctionId(FUNCTION_BOOLEAN_ONE_AND_ONLY);
508 innerDecisionApply.getExpression().add(new ObjectFactory().createAttributeDesignator(value2));
510 decisionApply.setFunctionId(XACML3.ID_FUNCTION_BOOLEAN_EQUAL.stringValue());
511 decisionApply.getExpression().add(new ObjectFactory().createAttributeValue(value1));
512 decisionApply.getExpression().add(new ObjectFactory().createApply(innerDecisionApply));
513 condition.setExpression(new ObjectFactory().createApply(decisionApply));
515 ApplyType notOuterApply = new ApplyType();
516 notOuterApply.setFunctionId(FUNCTION_NOT);
517 notOuterApply.getExpression().add(condition.getExpression());
518 condition.setExpression(new ObjectFactory().createApply(notOuterApply));
520 rule.setCondition(condition);
521 allOfInRule.getMatch().add(accessMatch);
523 AnyOfType anyOfInRule = new AnyOfType();
524 anyOfInRule.getAllOf().add(allOfInRule);
526 TargetType targetInRule = new TargetType();
527 targetInRule.getAnyOf().add(anyOfInRule);
529 rule.setTarget(targetInRule);
531 AdviceExpressionsType adviceExpressions = new AdviceExpressionsType();
532 AdviceExpressionType adviceExpression = new AdviceExpressionType();
533 adviceExpression.setAdviceId(AAFPROVIDER);
534 adviceExpression.setAppliesTo(EffectType.DENY);
535 AttributeAssignmentExpressionType assignment = new AttributeAssignmentExpressionType();
536 assignment.setAttributeId("aaf.response");
537 assignment.setCategory(CATEGORY_RESOURCE);
538 AttributeDesignatorType value = new AttributeDesignatorType();
539 value.setAttributeId(AAFEngine.AAF_RESPONSE);
540 value.setCategory(CATEGORY_RESOURCE);
541 value.setDataType(STRING_DATATYPE);
542 value.setMustBePresent(false);
543 assignment.setExpression(new ObjectFactory().createAttributeDesignator(value));
544 adviceExpression.getAttributeAssignmentExpression().add(assignment);
545 adviceExpressions.getAdviceExpression().add(adviceExpression);
546 rule.setAdviceExpressions(adviceExpressions);
548 decisionPolicy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
549 policyAdapter.setPolicyData(decisionPolicy);
551 } else if (dynamicLabelRuleAlgorithms != null && !dynamicLabelRuleAlgorithms.isEmpty()) {
552 boolean isCompound = false;
553 ConditionType condition = new ConditionType();
554 int index = dynamicFieldOneRuleAlgorithms.size() - 1;
556 for (String labelAttr : dynamicLabelRuleAlgorithms) {
557 // if the rule algorithm as a label means it is a compound
558 if (dynamicFieldOneRuleAlgorithms.get(index).equals(labelAttr)) {
559 ApplyType decisionApply = new ApplyType();
561 String selectedFunction = dynamicFieldComboRuleAlgorithms.get(index);
562 String value1 = dynamicFieldOneRuleAlgorithms.get(index);
563 String value2 = dynamicFieldTwoRuleAlgorithms.get(index);
564 decisionApply.setFunctionId(getFunctionDefinitionId(selectedFunction));
565 decisionApply.getExpression().add(new ObjectFactory().createApply(getInnerDecisionApply(value1)));
566 decisionApply.getExpression().add(new ObjectFactory().createApply(getInnerDecisionApply(value2)));
567 condition.setExpression(new ObjectFactory().createApply(decisionApply));
571 // if rule algorithm not a compound
573 condition.setExpression(new ObjectFactory()
574 .createApply(getInnerDecisionApply(dynamicLabelRuleAlgorithms.get(index))));
578 ApplyType notOuterApply = new ApplyType();
579 notOuterApply.setFunctionId(FUNCTION_NOT);
580 notOuterApply.getExpression().add(condition.getExpression());
581 condition.setExpression(new ObjectFactory().createApply(notOuterApply));
583 rule.setCondition(condition);
584 allOfInRule.getMatch().add(accessMatch);
586 AnyOfType anyOfInRule = new AnyOfType();
587 anyOfInRule.getAllOf().add(allOfInRule);
589 TargetType targetInRule = new TargetType();
590 targetInRule.getAnyOf().add(anyOfInRule);
592 rule.setTarget(targetInRule);
594 decisionPolicy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
595 policyAdapter.setPolicyData(decisionPolicy);
598 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + "Unsupported data object."
599 + policyAdapter.getData().getClass().getCanonicalName());
604 private void createRainydayRule(PolicyType decisionPolicy, String errorcode, String treatment, boolean permitRule) {
605 RuleType rule = new RuleType();
607 rule.setRuleId(UUID.randomUUID().toString());
610 rule.setEffect(EffectType.PERMIT);
612 rule.setEffect(EffectType.DENY);
614 rule.setTarget(new TargetType());
616 // Create Target in Rule
617 AllOfType allOfInRule = new AllOfType();
619 // Creating match for DECIDE in rule target
620 MatchType accessMatch = new MatchType();
621 AttributeValueType accessAttributeValue = new AttributeValueType();
622 accessAttributeValue.setDataType(STRING_DATATYPE);
623 accessAttributeValue.getContent().add("DECIDE");
624 accessMatch.setAttributeValue(accessAttributeValue);
625 AttributeDesignatorType accessAttributeDesignator = new AttributeDesignatorType();
626 URI accessURI = null;
628 accessURI = new URI(ACTION_ID);
629 } catch (URISyntaxException e) {
630 PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "DecisionPolicy", "Exception creating ACCESS URI");
632 accessAttributeDesignator.setCategory(CATEGORY_ACTION);
633 accessAttributeDesignator.setDataType(STRING_DATATYPE);
634 accessAttributeDesignator.setAttributeId(new IdentifierImpl(accessURI).stringValue());
635 accessMatch.setAttributeDesignator(accessAttributeDesignator);
636 accessMatch.setMatchId(FUNCTION_STRING_EQUAL_IGNORE);
638 allOfInRule.getMatch().add(accessMatch);
640 // Creating match for ErrorCode in rule target
641 MatchType errorcodeMatch = new MatchType();
642 AttributeValueType errorcodeAttributeValue = new AttributeValueType();
643 errorcodeAttributeValue.setDataType(STRING_DATATYPE);
644 errorcodeAttributeValue.getContent().add(errorcode);
645 errorcodeMatch.setAttributeValue(errorcodeAttributeValue);
646 AttributeDesignatorType errorcodeAttributeDesignator = new AttributeDesignatorType();
647 errorcodeAttributeDesignator.setCategory(CATEGORY_RESOURCE);
648 errorcodeAttributeDesignator.setDataType(STRING_DATATYPE);
649 errorcodeAttributeDesignator.setAttributeId("ErrorCode");
650 errorcodeMatch.setAttributeDesignator(errorcodeAttributeDesignator);
651 errorcodeMatch.setMatchId(FUNCTION_STRING_REGEXP_MATCH);
653 allOfInRule.getMatch().add(errorcodeMatch);
655 AnyOfType anyOfInRule = new AnyOfType();
656 anyOfInRule.getAllOf().add(allOfInRule);
658 TargetType targetInRule = new TargetType();
659 targetInRule.getAnyOf().add(anyOfInRule);
661 rule.setTarget(targetInRule);
663 AdviceExpressionsType adviceExpressions = new AdviceExpressionsType();
664 AdviceExpressionType adviceExpression = new AdviceExpressionType();
665 adviceExpression.setAdviceId(RAINY_DAY);
666 adviceExpression.setAppliesTo(EffectType.PERMIT);
668 AttributeAssignmentExpressionType assignment = new AttributeAssignmentExpressionType();
669 assignment.setAttributeId("treatment");
670 assignment.setCategory(CATEGORY_RESOURCE);
672 AttributeValueType treatmentAttributeValue = new AttributeValueType();
673 treatmentAttributeValue.setDataType(STRING_DATATYPE);
674 treatmentAttributeValue.getContent().add(treatment);
675 assignment.setExpression(new ObjectFactory().createAttributeValue(treatmentAttributeValue));
677 adviceExpression.getAttributeAssignmentExpression().add(assignment);
678 adviceExpressions.getAdviceExpression().add(adviceExpression);
679 rule.setAdviceExpressions(adviceExpressions);
680 decisionPolicy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
681 policyAdapter.setPolicyData(decisionPolicy);
685 // if compound setting the inner apply here
686 protected ApplyType getInnerDecisionApply(String value1Label) {
687 ApplyType decisionApply = new ApplyType();
689 // check the index for the label.
690 for (String labelAttr : dynamicLabelRuleAlgorithms) {
691 if (labelAttr.equals(value1Label)) {
692 String attributeId = dynamicFieldOneRuleAlgorithms.get(index);
693 populateDataTypeList(attributeId);
695 // check if the row contains label again
696 for (String labelValue : dynamicLabelRuleAlgorithms) {
697 if (labelValue.equals(attributeId)) {
698 return getCompoundDecisionApply(index);
702 // Getting the values from the form.
703 String functionKey = dynamicFieldComboRuleAlgorithms.get(index);
704 String attributeValue = dynamicFieldTwoRuleAlgorithms.get(index);
705 decisionApply.setFunctionId(getFunctionDefinitionId(functionKey));
706 // if two text field are rule attributes.
707 if ((attributeId.contains(RULE_VARIABLE)) && (attributeValue.contains(RULE_VARIABLE))) {
708 applyTwoTextFieldRuleAttribute(decisionApply, attributeId, functionKey);
710 // if either of one text field is rule attribute.
711 if (!attributeId.startsWith("S_")) {
712 ApplyType innerDecisionApply = generateApplyTypeDataType(functionKey);
713 AttributeDesignatorType attributeDesignator = generateAttributeDesignatorDataType(functionKey);
714 AttributeValueType decisionConditionAttributeValue =
715 generateAttributeValueTypeDataType(functionKey);
717 if (attributeId != null) {
718 attributeDesignator.setCategory(CATEGORY_RESOURCE);
719 attributeDesignator.setAttributeId(attributeId);
721 decisionConditionAttributeValue.getContent().add(attributeValue);
722 innerDecisionApply.getExpression()
723 .add(new ObjectFactory().createAttributeDesignator(attributeDesignator));
724 decisionApply.getExpression()
725 .add(new ObjectFactory().createAttributeValue(decisionConditionAttributeValue));
726 decisionApply.getExpression().add(new ObjectFactory().createApply(innerDecisionApply));
728 attributeId = attributeId.substring(2, attributeId.length());
729 VariableReferenceType variableReferenceType = new VariableReferenceType();
730 variableReferenceType.setVariableId(attributeId);
732 String dataType = dataTypeList.get(index);
734 AttributeValueType decisionConditionAttributeValue = new AttributeValueType();
735 decisionConditionAttributeValue.setDataType(dataType);
736 decisionConditionAttributeValue.getContent().add(attributeValue);
737 decisionApply.getExpression()
738 .add(new ObjectFactory().createVariableReference(variableReferenceType));
739 decisionApply.getExpression()
740 .add(new ObjectFactory().createAttributeValue(decisionConditionAttributeValue));
746 return decisionApply;
749 // if the rule algorithm is multiple compound one setting the apply
750 protected ApplyType getCompoundDecisionApply(int index) {
751 ApplyType decisionApply = new ApplyType();
752 String selectedFunction = dynamicFieldComboRuleAlgorithms.get(index);
753 String value1 = dynamicFieldOneRuleAlgorithms.get(index);
754 String value2 = dynamicFieldTwoRuleAlgorithms.get(index);
755 decisionApply.setFunctionId(getFunctionDefinitionId(selectedFunction));
756 decisionApply.getExpression().add(new ObjectFactory().createApply(getInnerDecisionApply(value1)));
757 decisionApply.getExpression().add(new ObjectFactory().createApply(getInnerDecisionApply(value2)));
758 return decisionApply;
761 private VariableDefinitionType createDynamicVariable(String key, String value, String dataType) {
762 VariableDefinitionType dynamicVariable = new VariableDefinitionType();
763 AttributeValueType dynamicAttributeValue = new AttributeValueType();
765 dynamicAttributeValue.setDataType(dataType);
766 dynamicAttributeValue.getContent().add(value);
768 dynamicVariable.setVariableId(key);
769 dynamicVariable.setExpression(new ObjectFactory().createAttributeValue(dynamicAttributeValue));
771 return dynamicVariable;
775 private void populateDataTypeList(String value1) {
776 String dataType = null;
777 if (value1.contains("S_")) {
778 value1 = value1.substring(2, value1.length());
779 DecisionSettings decisionSettings = findDecisionSettingsBySettingId(value1.substring(2, value1.length()));
780 if (decisionSettings != null && "string".equals(decisionSettings.getDatatypeBean().getShortName())) {
781 dataType = STRING_DATATYPE;
782 } else if (decisionSettings != null
783 && "boolean".equals(decisionSettings.getDatatypeBean().getShortName())) {
784 dataType = BOOLEAN_DATATYPE;
786 dataType = INTEGER_DATATYPE;
792 dataTypeList.add(dataType);
795 private String getDataType(String key) {
797 DecisionSettings decisionSettings = findDecisionSettingsBySettingId(key);
798 String dataType = null;
800 if (decisionSettings != null && "string".equals(decisionSettings.getDatatypeBean().getShortName())) {
801 dataType = STRING_DATATYPE;
802 } else if (decisionSettings != null && "boolean".equals(decisionSettings.getDatatypeBean().getShortName())) {
803 dataType = BOOLEAN_DATATYPE;
805 dataType = INTEGER_DATATYPE;
812 public Object getCorrectPolicyDataObject() {
813 return policyAdapter.getData();
816 public String getFunctionDefinitionId(String key) {
817 FunctionDefinition object =
818 (FunctionDefinition) commonClassDao.getEntityItem(FunctionDefinition.class, "short_name", key);
819 if (object != null) {
820 return object.getXacmlid();
825 private AttributeDesignatorType generateAttributeDesignatorDataType(String functionKey) {
826 AttributeDesignatorType attributeDesignator = new AttributeDesignatorType();
827 switch (functionKey.toLowerCase()) {
829 attributeDesignator.setDataType(INTEGER_DATATYPE);
832 attributeDesignator.setDataType(STRING_DATATYPE);
834 return attributeDesignator;
837 private ApplyType generateApplyTypeDataType(String functionKey) {
838 ApplyType applyType = new ApplyType();
839 switch (functionKey.toLowerCase()) {
841 applyType.setFunctionId(FUNTION_INTEGER_ONE_AND_ONLY);
844 applyType.setFunctionId(FUNCTION_STRING_ONE_AND_ONLY);
849 private AttributeValueType generateAttributeValueTypeDataType(String functionKey) {
850 AttributeValueType applyType = new AttributeValueType();
851 switch (functionKey.toLowerCase()) {
853 applyType.setDataType(INTEGER_DATATYPE);
856 applyType.setDataType(STRING_DATATYPE);
861 private void applyTwoTextFieldRuleAttribute(ApplyType decisionApply, String value1, String functionKey) {
862 decisionApply.getExpression()
863 .add(new ObjectFactory().createApply(generateApplyTypeDataType(value1, functionKey)));
864 decisionApply.getExpression()
865 .add(new ObjectFactory().createApply(generateApplyTypeDataType(value1, functionKey)));
868 private ApplyType generateApplyTypeDataType(String value1, String functionKey) {
869 ApplyType innerApply = generateApplyTypeDataType(functionKey);
870 AttributeDesignatorType attributeDesignator = generateAttributeDesignatorDataType(functionKey);
872 attributeDesignator.setCategory(CATEGORY_RESOURCE);
873 // Here set actual field values
874 attributeDesignator.setAttributeId(value1.contains("resource:") ? value1.substring(9) : value1.substring(8));
875 innerApply.getExpression().add(new ObjectFactory().createAttributeDesignator(attributeDesignator));
Code Review / policy / engine.git / blob