コード例 #1
0
  @Override
  public AbstractResult combine(EvaluationCtx context, List parameters, List policyElements) {

    List<ObligationResult> denyObligations = new ArrayList<ObligationResult>();
    List<Advice> denyAdvices = new ArrayList<Advice>();

    for (Object policyElement : policyElements) {
      AbstractPolicy policy = ((PolicyCombinerElement) (policyElement)).getPolicy();
      MatchResult match = policy.match(context);
      if (match.getResult() == MatchResult.MATCH) {
        AbstractResult result = policy.evaluate(context);
        int value = result.getDecision();
        // if there was a value of PERMIT, then regardless of what else
        // we've seen, we always return PERMIT
        if (value == AbstractResult.DECISION_PERMIT) {
          return result;
        } else if (value == AbstractResult.DECISION_DENY) {
          denyObligations.addAll(result.getObligations());
          denyAdvices.addAll(result.getAdvices());
        }
      }
    }

    // if there is not any value of PERMIT. The return DENY
    return ResultFactory.getFactory()
        .getResult(AbstractResult.DECISION_DENY, denyObligations, denyAdvices, context);
  }
コード例 #2
0
  public ProxyPolicy(AbstractPolicy policy) {
    if (policy == null) throw new IllegalArgumentException("policy may not be null");

    this.id = policy.getId().toString();
    this.target = policy.getTarget();

    if (policy instanceof Policy) this.refType = PolicyReference.POLICY_REFERENCE;
    if (policy instanceof PolicySet) this.refType = PolicyReference.POLICYSET_REFERENCE;
  }
コード例 #3
0
  /**
   * This method persists a new XACML policy, which was read from filesystem, in the registry
   *
   * @param policyDTO PolicyDTO object
   * @param registry Registry
   * @param promote where policy must be promote PDP or not
   * @return returns whether True/False
   * @throws org.wso2.carbon.identity.entitlement.EntitlementException throws if policy with same id
   *     is exist
   */
  public static boolean addFilesystemPolicy(PolicyDTO policyDTO, Registry registry, boolean promote)
      throws EntitlementException {

    PAPPolicyStoreManager policyAdmin;
    AbstractPolicy policyObj;

    if (policyDTO.getPolicy() != null) {
      policyDTO.setPolicy(policyDTO.getPolicy().replaceAll(">\\s+<", "><"));
    }

    policyObj = getPolicy(policyDTO.getPolicy());

    if (policyObj != null) {
      PAPPolicyStore policyStore = new PAPPolicyStore(registry);
      policyAdmin = new PAPPolicyStoreManager();
      policyDTO.setPolicyId(policyObj.getId().toASCIIString());
      policyDTO.setActive(true);

      if (isPolicyExists(policyDTO.getPolicyId(), registry)) {
        throw new EntitlementException("An Entitlement Policy with the given ID already exists");
      }

      policyDTO.setPromote(true);
      policyAdmin.addOrUpdatePolicy(policyDTO);

      PAPPolicyStoreReader reader = new PAPPolicyStoreReader(policyStore);
      policyDTO = reader.readPolicyDTO(policyDTO.getPolicyId());

      PolicyStoreDTO policyStoreDTO = new PolicyStoreDTO();
      policyStoreDTO.setPolicyId(policyDTO.getPolicyId());
      policyStoreDTO.setPolicy(policyDTO.getPolicy());
      policyStoreDTO.setPolicyOrder(policyDTO.getPolicyOrder());
      policyStoreDTO.setAttributeDTOs(policyDTO.getAttributeDTOs());

      if (promote) {
        addPolicyToPDP(policyStoreDTO);
      }

      policyAdmin.addOrUpdatePolicy(policyDTO);

      return true;
    } else {
      throw new EntitlementException("Invalid Entitlement Policy");
    }
  }