org.jboss.security.xacml.sunxacml.support.finder
Class StaticPolicyFinderModule

java.lang.Object
  org.jboss.security.xacml.sunxacml.finder.PolicyFinderModule
      org.jboss.security.xacml.sunxacml.support.finder.StaticPolicyFinderModule

public class StaticPolicyFinderModule
extends PolicyFinderModule

This is a simple implementation of PolicyFinderModule that supports retrieval based on context, and is designed for use with a run-time configuration. Its constructor accepts a List of Strings that represent URLs or files, and these are resolved to policies when the module is initialized. Beyond this, there is no modifying or re-loading the policies represented by this class. This class will optionally wrap multiple applicable policies into a dynamic PolicySet.

Note that this class is designed to complement StaticRefPolicyFinderModule. It would be easy to support both kinds of policy retrieval in a single class, but the functionality is instead split between two classes. The reason is that when you define a configuration for your PDP, it's easier to specify the two sets of policies by using two different finder modules. Typically, there aren't many policies that exist in both sets, so loading the sets separately isn't a problem. If this is a concern to you, simply create your own class and merge the two existing classes.

This module is provided as an example, but is still fully functional, and should be useful for many simple applications. This is provided in the support package rather than the core codebase because it implements non-standard behavior.

Since:

2.0

Author:

Seth Proctor

Constructor Summary

StaticPolicyFinderModule(List policyList)
Creates a StaticPolicyFinderModule that provides access to the given collection of policies and returns an error when more than one policy matches a given context.

StaticPolicyFinderModule(List policyList, String schemaFile)
Creates a StaticPolicyFinderModule that provides access to the given collection of policies and returns an error when more than one policy matches a given context.

StaticPolicyFinderModule(String combiningAlg, List policyList)
Creates a StaticPolicyFinderModule that provides access to the given collection of policies.

StaticPolicyFinderModule(String combiningAlg, List policyList, String schemaFile)
Creates a StaticPolicyFinderModule that provides access to the given collection of policies.

Method Summary

PolicyFinderResult	findPolicy(EvaluationCtx context) Finds a policy based on a request's context.
void	init(PolicyFinder finder) Initialize this module.
boolean	isRequestSupported() Always returns true since this module does support finding policies based on context.

Methods inherited from class org.jboss.security.xacml.sunxacml.finder.PolicyFinderModule

findPolicy, getIdentifier, invalidateCache, isIdReferenceSupported

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

StaticPolicyFinderModule

public StaticPolicyFinderModule(List policyList)

Creates a StaticPolicyFinderModule that provides access to the given collection of policies and returns an error when more than one policy matches a given context. Any policy that cannot be loaded will be noted in the log, but will not cause an error. The schema file used to validate policies is defined by the property PolicyReader.POLICY_SCHEMA_PROPERTY. If the retrieved property is null, then no schema validation will occur.

Parameters:

policyList - a List of Strings that represent URLs or files pointing to XACML policies

StaticPolicyFinderModule

public StaticPolicyFinderModule(List policyList,
                                String schemaFile)

Creates a StaticPolicyFinderModule that provides access to the given collection of policies and returns an error when more than one policy matches a given context. Any policy that cannot be loaded will be noted in the log, but will not cause an error.

Parameters:

policyList - a List of Strings that represent URLs or files pointing to XACML policies

schemaFile - the schema file to validate policies against, or null if schema validation is not desired

StaticPolicyFinderModule

public StaticPolicyFinderModule(String combiningAlg,
                                List policyList)
                         throws URISyntaxException,
                                UnknownIdentifierException

Creates a StaticPolicyFinderModule that provides access to the given collection of policies. The given combining algorithm is used to create new PolicySets when more than one policy applies. Any policy that cannot be loaded will be noted in the log, but will not cause an error. The schema file used to validate policies is defined by the property PolicyReader.POLICY_SCHEMA_PROPERTY. If the retrieved property is null, then no schema validation will occur.

Parameters:

combiningAlg - the algorithm to use in a new PolicySet when more than one policy applies

policyList - a List of Strings that represent URLs or files pointing to XACML policies

Throws:

URISyntaxException - if the combining algorithm is not a well-formed URI

UnknownIdentifierException - if the combining algorithm identifier isn't known

StaticPolicyFinderModule

public StaticPolicyFinderModule(String combiningAlg,
                                List policyList,
                                String schemaFile)
                         throws URISyntaxException,
                                UnknownIdentifierException

Creates a StaticPolicyFinderModule that provides access to the given collection of policies. The given combining algorithm is used to create new PolicySets when more than one policy applies. Any policy that cannot be loaded will be noted in the log, but will not cause an error.

Parameters:

combiningAlg - the algorithm to use in a new PolicySet when more than one policy applies

policyList - a List of Strings that represent URLs or files pointing to XACML policies

schemaFile - the schema file to validate policies against, or null if schema validation is not desired

Throws:

URISyntaxException - if the combining algorithm is not a well-formed URI

UnknownIdentifierException - if the combining algorithm identifier isn't known

Method Detail

isRequestSupported

public boolean isRequestSupported()

Always returns true since this module does support finding policies based on context.

Overrides:

isRequestSupported in class PolicyFinderModule

Returns:

true

init

public void init(PolicyFinder finder)

Initialize this module. Typically this is called by PolicyFinder when a PDP is created. This method is where the policies are actually loaded.

Specified by:

init in class PolicyFinderModule

Parameters:

finder - the PolicyFinder using this module

findPolicy

public PolicyFinderResult findPolicy(EvaluationCtx context)

Finds a policy based on a request's context. If more than one policy matches, then this either returns an error or a new policy wrapping the multiple policies (depending on which constructor was used to construct this instance).

Overrides:

findPolicy in class PolicyFinderModule

Parameters:

context - the representation of the request data

Returns:

the result of trying to find an applicable policy