@Override
public AbstractResult combine(EvaluationCtx context, List parameters, List policyElements) {
List<ObligationResult> denyObligations = new ArrayList<ObligationResult>();
List<Advice> denyAdvices = new ArrayList<Advice>();
for (Object policyElement : policyElements) {
AbstractPolicy policy = ((PolicyCombinerElement) (policyElement)).getPolicy();
MatchResult match = policy.match(context);
if (match.getResult() == MatchResult.MATCH) {
AbstractResult result = policy.evaluate(context);
int value = result.getDecision();
// if there was a value of PERMIT, then regardless of what else
// we've seen, we always return PERMIT
if (value == AbstractResult.DECISION_PERMIT) {
return result;
} else if (value == AbstractResult.DECISION_DENY) {
denyObligations.addAll(result.getObligations());
denyAdvices.addAll(result.getAdvices());
}
}
}
// if there is not any value of PERMIT. The return DENY
return ResultFactory.getFactory()
.getResult(AbstractResult.DECISION_DENY, denyObligations, denyAdvices, context);
}
public ProxyPolicy(AbstractPolicy policy) {
if (policy == null) throw new IllegalArgumentException("policy may not be null");
this.id = policy.getId().toString();
this.target = policy.getTarget();
if (policy instanceof Policy) this.refType = PolicyReference.POLICY_REFERENCE;
if (policy instanceof PolicySet) this.refType = PolicyReference.POLICYSET_REFERENCE;
}
/**
* This method persists a new XACML policy, which was read from filesystem, in the registry
*
* @param policyDTO PolicyDTO object
* @param registry Registry
* @param promote where policy must be promote PDP or not
* @return returns whether True/False
* @throws org.wso2.carbon.identity.entitlement.EntitlementException throws if policy with same id
* is exist
*/
public static boolean addFilesystemPolicy(PolicyDTO policyDTO, Registry registry, boolean promote)
throws EntitlementException {
PAPPolicyStoreManager policyAdmin;
AbstractPolicy policyObj;
if (policyDTO.getPolicy() != null) {
policyDTO.setPolicy(policyDTO.getPolicy().replaceAll(">\\s+<", "><"));
}
policyObj = getPolicy(policyDTO.getPolicy());
if (policyObj != null) {
PAPPolicyStore policyStore = new PAPPolicyStore(registry);
policyAdmin = new PAPPolicyStoreManager();
policyDTO.setPolicyId(policyObj.getId().toASCIIString());
policyDTO.setActive(true);
if (isPolicyExists(policyDTO.getPolicyId(), registry)) {
throw new EntitlementException("An Entitlement Policy with the given ID already exists");
}
policyDTO.setPromote(true);
policyAdmin.addOrUpdatePolicy(policyDTO);
PAPPolicyStoreReader reader = new PAPPolicyStoreReader(policyStore);
policyDTO = reader.readPolicyDTO(policyDTO.getPolicyId());
PolicyStoreDTO policyStoreDTO = new PolicyStoreDTO();
policyStoreDTO.setPolicyId(policyDTO.getPolicyId());
policyStoreDTO.setPolicy(policyDTO.getPolicy());
policyStoreDTO.setPolicyOrder(policyDTO.getPolicyOrder());
policyStoreDTO.setAttributeDTOs(policyDTO.getAttributeDTOs());
if (promote) {
addPolicyToPDP(policyStoreDTO);
}
policyAdmin.addOrUpdatePolicy(policyDTO);
return true;
} else {
throw new EntitlementException("Invalid Entitlement Policy");
}
}