perfsonar-dev - [GEANT/SA2/ps-java-services] r5711 - in branches/authRengine: . examples examples/pdp examples/pep examples/pep/sunxacml examples/perfsonar examples/pip lib src src/net src/net/geant src/net/geant/authr src/net/geant/authr/pap src/net/geant/authr/pap/sunxacml src/net/geant/authr/pdp src/net/geant/authr/pdp/sunxacml src/net/geant/authr/pep src/net/geant/authr/pep/exceptions src/net/geant/authr/pep/sunxacml src/net/geant/authr/pip stuff sunxacml sunxacml/com sunxacml/com/sun sunxacml/com/sun/xacml sunxacml/com/sun/xacml/attr sunxacml/com/sun/xacml/attr/proxy sunxacml/com/sun/xacml/combine sunxacml/com/sun/xacml/cond sunxacml/com/sun/xacml/cond/cluster sunxacml/com/sun/xacml/ctx sunxacml/com/sun/xacml/finder sunxacml/com/sun/xacml/finder/impl

Subject: perfsonar development work

List archive

[GEANT/SA2/ps-java-services] r5711 - in branches/authRengine: . examples examples/pdp examples/pep examples/pep/sunxacml examples/perfsonar examples/pip lib src src/net src/net/geant src/net/geant/authr src/net/geant/authr/pap src/net/geant/authr/pap/sunxacml src/net/geant/authr/pdp src/net/geant/authr/pdp/sunxacml src/net/geant/authr/pep src/net/geant/authr/pep/exceptions src/net/geant/authr/pep/sunxacml src/net/geant/authr/pip stuff sunxacml sunxacml/com sunxacml/com/sun sunxacml/com/sun/xacml sunxacml/com/sun/xacml/attr sunxacml/com/sun/xacml/attr/proxy sunxacml/com/sun/xacml/combine sunxacml/com/sun/xacml/cond sunxacml/com/sun/xacml/cond/cluster sunxacml/com/sun/xacml/ctx sunxacml/com/sun/xacml/finder sunxacml/com/sun/xacml/finder/impl

From:
To:
Subject: [GEANT/SA2/ps-java-services] r5711 - in branches/authRengine: . examples examples/pdp examples/pep examples/pep/sunxacml examples/perfsonar examples/pip lib src src/net src/net/geant src/net/geant/authr src/net/geant/authr/pap src/net/geant/authr/pap/sunxacml src/net/geant/authr/pdp src/net/geant/authr/pdp/sunxacml src/net/geant/authr/pep src/net/geant/authr/pep/exceptions src/net/geant/authr/pep/sunxacml src/net/geant/authr/pip stuff sunxacml sunxacml/com sunxacml/com/sun sunxacml/com/sun/xacml sunxacml/com/sun/xacml/attr sunxacml/com/sun/xacml/attr/proxy sunxacml/com/sun/xacml/combine sunxacml/com/sun/xacml/cond sunxacml/com/sun/xacml/cond/cluster sunxacml/com/sun/xacml/ctx sunxacml/com/sun/xacml/finder sunxacml/com/sun/xacml/finder/impl
Date: Fri, 18 Jun 2010 09:40:02 +0100

Author: rediris.montes
Date: 2010-06-18 09:40:01 +0100 (Fri, 18 Jun 2010)
New Revision: 5711

Added:
branches/authRengine/bin/
branches/authRengine/examples/
branches/authRengine/examples/pdp/
branches/authRengine/examples/pdp/PDPExample1.java
branches/authRengine/examples/pep/
branches/authRengine/examples/pep/PEPExample1.java
branches/authRengine/examples/pep/PEPExample2.java
branches/authRengine/examples/pep/sunxacml/
branches/authRengine/examples/pep/sunxacml/PolicyEnforcementPoint1.java
branches/authRengine/examples/perfsonar/
branches/authRengine/examples/perfsonar/AuthREERequestGenerator.java
branches/authRengine/examples/pip/
branches/authRengine/examples/pip/AttributeRequestExample.java
branches/authRengine/lib/
branches/authRengine/lib/nmwg-1.0.20080529.jar
branches/authRengine/lib/nmwg-1.0.20080604.jar
branches/authRengine/lib/sunxacml-debug.jar
branches/authRengine/lib/sunxacml.jar
branches/authRengine/src/
branches/authRengine/src/net/
branches/authRengine/src/net/geant/
branches/authRengine/src/net/geant/authr/
branches/authRengine/src/net/geant/authr/pap/
branches/authRengine/src/net/geant/authr/pap/PolicyManager.java
branches/authRengine/src/net/geant/authr/pap/PolicyManagerFactory.java
branches/authRengine/src/net/geant/authr/pap/sunxacml/
branches/authRengine/src/net/geant/authr/pap/sunxacml/PolicyManagerSun.java
branches/authRengine/src/net/geant/authr/pdp/
branches/authRengine/src/net/geant/authr/pdp/Evaluator.java
branches/authRengine/src/net/geant/authr/pdp/EvaluatorFactory.java
branches/authRengine/src/net/geant/authr/pdp/sunxacml/
branches/authRengine/src/net/geant/authr/pdp/sunxacml/EvaluatorSun.java
branches/authRengine/src/net/geant/authr/pep/
branches/authRengine/src/net/geant/authr/pep/RequestFactory.java
branches/authRengine/src/net/geant/authr/pep/ResponseFactory.java
branches/authRengine/src/net/geant/authr/pep/SimpleDelegatedRequest.java
branches/authRengine/src/net/geant/authr/pep/SimpleRequest.java
branches/authRengine/src/net/geant/authr/pep/SimpleResponse.java
branches/authRengine/src/net/geant/authr/pep/exceptions/
branches/authRengine/src/net/geant/authr/pep/exceptions/PEPException.java
branches/authRengine/src/net/geant/authr/pep/sunxacml/

branches/authRengine/src/net/geant/authr/pep/sunxacml/SimpleDelegatedRequestSun.java
branches/authRengine/src/net/geant/authr/pep/sunxacml/SimpleRequestSun.java

branches/authRengine/src/net/geant/authr/pep/sunxacml/SimpleResponseSun.java
branches/authRengine/src/net/geant/authr/pip/
branches/authRengine/src/net/geant/authr/pip/Attribute.java
branches/authRengine/src/net/geant/authr/pip/IdentityRequest.java
branches/authRengine/src/net/geant/authr/pip/siledap/
branches/authRengine/stuff/
branches/authRengine/stuff/ASValidComponentsFile
branches/authRengine/stuff/basic_policy.xml
branches/authRengine/stuff/generated.xml
branches/authRengine/sunxacml/
branches/authRengine/sunxacml/com/
branches/authRengine/sunxacml/com/sun/
branches/authRengine/sunxacml/com/sun/xacml/
branches/authRengine/sunxacml/com/sun/xacml/AbstractPolicy.java
branches/authRengine/sunxacml/com/sun/xacml/BasicEvaluationCtx.java
branches/authRengine/sunxacml/com/sun/xacml/ConfigurationStore.java
branches/authRengine/sunxacml/com/sun/xacml/EvaluationCtx.java
branches/authRengine/sunxacml/com/sun/xacml/Indenter.java
branches/authRengine/sunxacml/com/sun/xacml/MatchResult.java
branches/authRengine/sunxacml/com/sun/xacml/Obligation.java
branches/authRengine/sunxacml/com/sun/xacml/PDP.java
branches/authRengine/sunxacml/com/sun/xacml/PDPConfig.java
branches/authRengine/sunxacml/com/sun/xacml/ParsingException.java
branches/authRengine/sunxacml/com/sun/xacml/Policy.java
branches/authRengine/sunxacml/com/sun/xacml/PolicyReference.java
branches/authRengine/sunxacml/com/sun/xacml/PolicySet.java
branches/authRengine/sunxacml/com/sun/xacml/PolicyTreeElement.java
branches/authRengine/sunxacml/com/sun/xacml/ProcessingException.java
branches/authRengine/sunxacml/com/sun/xacml/Rule.java
branches/authRengine/sunxacml/com/sun/xacml/Target.java
branches/authRengine/sunxacml/com/sun/xacml/TargetMatch.java
branches/authRengine/sunxacml/com/sun/xacml/UnknownIdentifierException.java
branches/authRengine/sunxacml/com/sun/xacml/attr/
branches/authRengine/sunxacml/com/sun/xacml/attr/AnyURIAttribute.java
branches/authRengine/sunxacml/com/sun/xacml/attr/AttributeDesignator.java
branches/authRengine/sunxacml/com/sun/xacml/attr/AttributeFactory.java
branches/authRengine/sunxacml/com/sun/xacml/attr/AttributeFactoryProxy.java
branches/authRengine/sunxacml/com/sun/xacml/attr/AttributeProxy.java
branches/authRengine/sunxacml/com/sun/xacml/attr/AttributeSelector.java
branches/authRengine/sunxacml/com/sun/xacml/attr/AttributeValue.java
branches/authRengine/sunxacml/com/sun/xacml/attr/BagAttribute.java
branches/authRengine/sunxacml/com/sun/xacml/attr/Base64.java
branches/authRengine/sunxacml/com/sun/xacml/attr/Base64BinaryAttribute.java
branches/authRengine/sunxacml/com/sun/xacml/attr/BaseAttributeFactory.java
branches/authRengine/sunxacml/com/sun/xacml/attr/BooleanAttribute.java
branches/authRengine/sunxacml/com/sun/xacml/attr/DateAttribute.java
branches/authRengine/sunxacml/com/sun/xacml/attr/DateTimeAttribute.java

branches/authRengine/sunxacml/com/sun/xacml/attr/DayTimeDurationAttribute.java
branches/authRengine/sunxacml/com/sun/xacml/attr/DoubleAttribute.java
branches/authRengine/sunxacml/com/sun/xacml/attr/HexBinaryAttribute.java
branches/authRengine/sunxacml/com/sun/xacml/attr/IntegerAttribute.java
branches/authRengine/sunxacml/com/sun/xacml/attr/RFC822NameAttribute.java

branches/authRengine/sunxacml/com/sun/xacml/attr/StandardAttributeFactory.java
branches/authRengine/sunxacml/com/sun/xacml/attr/StringAttribute.java
branches/authRengine/sunxacml/com/sun/xacml/attr/TimeAttribute.java
branches/authRengine/sunxacml/com/sun/xacml/attr/X500NameAttribute.java

branches/authRengine/sunxacml/com/sun/xacml/attr/YearMonthDurationAttribute.java
branches/authRengine/sunxacml/com/sun/xacml/attr/package.html
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/

branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/AnyURIAttributeProxy.java

branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/Base64BinaryAttributeProxy.java

branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/BooleanAttributeProxy.java

branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/DateAttributeProxy.java

branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/DateTimeAttributeProxy.java

branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/DayTimeDurationAttributeProxy.java

branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/DoubleAttributeProxy.java

branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/HexBinaryAttributeProxy.java

branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/IntegerAttributeProxy.java

branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/RFC822NameAttributeProxy.java

branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/StringAttributeProxy.java

branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/TimeAttributeProxy.java

branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/X500NameAttributeProxy.java

branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/YearMonthDurationAttributeProxy.java
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/package.html
branches/authRengine/sunxacml/com/sun/xacml/combine/

branches/authRengine/sunxacml/com/sun/xacml/combine/BaseCombiningAlgFactory.java

branches/authRengine/sunxacml/com/sun/xacml/combine/CombiningAlgFactory.java

branches/authRengine/sunxacml/com/sun/xacml/combine/CombiningAlgFactoryProxy.java
branches/authRengine/sunxacml/com/sun/xacml/combine/CombiningAlgorithm.java

branches/authRengine/sunxacml/com/sun/xacml/combine/DenyOverridesPolicyAlg.java

branches/authRengine/sunxacml/com/sun/xacml/combine/DenyOverridesRuleAlg.java

branches/authRengine/sunxacml/com/sun/xacml/combine/FirstApplicablePolicyAlg.java

branches/authRengine/sunxacml/com/sun/xacml/combine/FirstApplicableRuleAlg.java

branches/authRengine/sunxacml/com/sun/xacml/combine/OnlyOneApplicablePolicyAlg.java

branches/authRengine/sunxacml/com/sun/xacml/combine/OrderedDenyOverridesPolicyAlg.java

branches/authRengine/sunxacml/com/sun/xacml/combine/OrderedDenyOverridesRuleAlg.java

branches/authRengine/sunxacml/com/sun/xacml/combine/OrderedPermitOverridesPolicyAlg.java

branches/authRengine/sunxacml/com/sun/xacml/combine/OrderedPermitOverridesRuleAlg.java

branches/authRengine/sunxacml/com/sun/xacml/combine/PermitOverridesPolicyAlg.java

branches/authRengine/sunxacml/com/sun/xacml/combine/PermitOverridesRuleAlg.java

branches/authRengine/sunxacml/com/sun/xacml/combine/PolicyCombiningAlgorithm.java

branches/authRengine/sunxacml/com/sun/xacml/combine/RuleCombiningAlgorithm.java

branches/authRengine/sunxacml/com/sun/xacml/combine/StandardCombiningAlgFactory.java
branches/authRengine/sunxacml/com/sun/xacml/combine/package.html
branches/authRengine/sunxacml/com/sun/xacml/cond/
branches/authRengine/sunxacml/com/sun/xacml/cond/AbsFunction.java
branches/authRengine/sunxacml/com/sun/xacml/cond/AddFunction.java
branches/authRengine/sunxacml/com/sun/xacml/cond/Apply.java
branches/authRengine/sunxacml/com/sun/xacml/cond/BagFunction.java
branches/authRengine/sunxacml/com/sun/xacml/cond/BaseFunctionFactory.java

branches/authRengine/sunxacml/com/sun/xacml/cond/BasicFunctionFactoryProxy.java
branches/authRengine/sunxacml/com/sun/xacml/cond/ComparisonFunction.java
branches/authRengine/sunxacml/com/sun/xacml/cond/ConditionBagFunction.java
branches/authRengine/sunxacml/com/sun/xacml/cond/ConditionSetFunction.java
branches/authRengine/sunxacml/com/sun/xacml/cond/DateMathFunction.java
branches/authRengine/sunxacml/com/sun/xacml/cond/DivideFunction.java
branches/authRengine/sunxacml/com/sun/xacml/cond/EqualFunction.java
branches/authRengine/sunxacml/com/sun/xacml/cond/Evaluatable.java
branches/authRengine/sunxacml/com/sun/xacml/cond/EvaluationResult.java
branches/authRengine/sunxacml/com/sun/xacml/cond/FloorFunction.java
branches/authRengine/sunxacml/com/sun/xacml/cond/Function.java
branches/authRengine/sunxacml/com/sun/xacml/cond/FunctionBase.java
branches/authRengine/sunxacml/com/sun/xacml/cond/FunctionFactory.java
branches/authRengine/sunxacml/com/sun/xacml/cond/FunctionFactoryProxy.java
branches/authRengine/sunxacml/com/sun/xacml/cond/FunctionProxy.java
branches/authRengine/sunxacml/com/sun/xacml/cond/FunctionTypeException.java
branches/authRengine/sunxacml/com/sun/xacml/cond/GeneralBagFunction.java
branches/authRengine/sunxacml/com/sun/xacml/cond/GeneralSetFunction.java
branches/authRengine/sunxacml/com/sun/xacml/cond/HigherOrderFunction.java
branches/authRengine/sunxacml/com/sun/xacml/cond/LogicalFunction.java
branches/authRengine/sunxacml/com/sun/xacml/cond/MapFunction.java
branches/authRengine/sunxacml/com/sun/xacml/cond/MapFunctionProxy.java
branches/authRengine/sunxacml/com/sun/xacml/cond/MatchFunction.java
branches/authRengine/sunxacml/com/sun/xacml/cond/ModFunction.java
branches/authRengine/sunxacml/com/sun/xacml/cond/MultiplyFunction.java
branches/authRengine/sunxacml/com/sun/xacml/cond/NOfFunction.java
branches/authRengine/sunxacml/com/sun/xacml/cond/NotFunction.java

branches/authRengine/sunxacml/com/sun/xacml/cond/NumericConvertFunction.java
branches/authRengine/sunxacml/com/sun/xacml/cond/RoundFunction.java
branches/authRengine/sunxacml/com/sun/xacml/cond/SetFunction.java

branches/authRengine/sunxacml/com/sun/xacml/cond/StandardFunctionFactory.java

branches/authRengine/sunxacml/com/sun/xacml/cond/StringNormalizeFunction.java
branches/authRengine/sunxacml/com/sun/xacml/cond/SubtractFunction.java
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/

branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/AbsFunctionCluster.java

branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/AddFunctionCluster.java

branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/ComparisonFunctionCluster.java

branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/ConditionBagFunctionCluster.java

branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/ConditionSetFunctionCluster.java

branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/DateMathFunctionCluster.java

branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/DivideFunctionCluster.java

branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/EqualFunctionCluster.java

branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/FloorFunctionCluster.java

branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/FunctionCluster.java

branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/GeneralBagFunctionCluster.java

branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/GeneralSetFunctionCluster.java

branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/HigherOrderFunctionCluster.java

branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/LogicalFunctionCluster.java

branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/MatchFunctionCluster.java

branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/ModFunctionCluster.java

branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/MultiplyFunctionCluster.java

branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/NOfFunctionCluster.java

branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/NotFunctionCluster.java

branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/NumericConvertFunctionCluster.java

branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/RoundFunctionCluster.java

branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/StringNormalizeFunctionCluster.java

branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/SubtractFunctionCluster.java
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/package.html
branches/authRengine/sunxacml/com/sun/xacml/cond/package.html
branches/authRengine/sunxacml/com/sun/xacml/ctx/
branches/authRengine/sunxacml/com/sun/xacml/ctx/Attribute.java
branches/authRengine/sunxacml/com/sun/xacml/ctx/InputParser.java
branches/authRengine/sunxacml/com/sun/xacml/ctx/RequestCtx.java
branches/authRengine/sunxacml/com/sun/xacml/ctx/ResponseCtx.java
branches/authRengine/sunxacml/com/sun/xacml/ctx/Result.java
branches/authRengine/sunxacml/com/sun/xacml/ctx/Status.java
branches/authRengine/sunxacml/com/sun/xacml/ctx/StatusDetail.java
branches/authRengine/sunxacml/com/sun/xacml/ctx/Subject.java
branches/authRengine/sunxacml/com/sun/xacml/ctx/package.html
branches/authRengine/sunxacml/com/sun/xacml/finder/
branches/authRengine/sunxacml/com/sun/xacml/finder/AttributeFinder.java

branches/authRengine/sunxacml/com/sun/xacml/finder/AttributeFinderModule.java
branches/authRengine/sunxacml/com/sun/xacml/finder/PolicyFinder.java
branches/authRengine/sunxacml/com/sun/xacml/finder/PolicyFinderModule.java
branches/authRengine/sunxacml/com/sun/xacml/finder/PolicyFinderResult.java
branches/authRengine/sunxacml/com/sun/xacml/finder/ResourceFinder.java

branches/authRengine/sunxacml/com/sun/xacml/finder/ResourceFinderModule.java

branches/authRengine/sunxacml/com/sun/xacml/finder/ResourceFinderResult.java
branches/authRengine/sunxacml/com/sun/xacml/finder/impl/

branches/authRengine/sunxacml/com/sun/xacml/finder/impl/CurrentEnvModule.java

branches/authRengine/sunxacml/com/sun/xacml/finder/impl/FilePolicyModule.java
branches/authRengine/sunxacml/com/sun/xacml/finder/impl/SelectorModule.java
branches/authRengine/sunxacml/com/sun/xacml/finder/impl/package.html
branches/authRengine/sunxacml/com/sun/xacml/finder/package.html
branches/authRengine/sunxacml/com/sun/xacml/package.html
Log:
Initial commit

Added: branches/authRengine/examples/pdp/PDPExample1.java
===================================================================
--- branches/authRengine/examples/pdp/PDPExample1.java
(rev 0)
+++ branches/authRengine/examples/pdp/PDPExample1.java 2010-06-18 08:40:01
UTC (rev 5711)
@@ -0,0 +1,34 @@
+package pdp;
+
+import net.geant.authr.pdp.Evaluator;
+import net.geant.authr.pdp.EvaluatorFactory;
+import net.geant.authr.pep.RequestFactory;
+import net.geant.authr.pep.SimpleRequest;
+import net.geant.authr.pep.SimpleResponse;
+import net.geant.authr.pep.exceptions.PEPException;
+
+public class PDPExample1 {
+
+ public PDPExample1() throws PEPException {
+ SimpleRequest sr=RequestFactory.getDefaultSimpleRequest();
+ try {
+ sr.addSubject("kan");
+ sr.addAction("read");
+ sr.addResource("http://perfsonar.net/MA";);
+ } catch (PEPException e) {
+ e.printStackTrace();
+ }
+ System.out.println(sr.getMessage());
+ System.out.println("----");
+ Evaluator pdp=EvaluatorFactory.getDefaultEvaluator();
+ pdp.getPolicyManager().loadPolicies(new
String[]{"stuff/basic_policy.xml"});
+ SimpleResponse sresp=pdp.evaluateRequest(sr);
+ System.out.println(sresp.getMessage());
+ System.out.println("----");
+ System.out.println(sresp.getDecision());
+ }
+
+ public static void main(String[] args) throws Exception {
+ PDPExample1 e=new PDPExample1();
+ }
+}

Added: branches/authRengine/examples/pep/PEPExample1.java
===================================================================
--- branches/authRengine/examples/pep/PEPExample1.java
(rev 0)
+++ branches/authRengine/examples/pep/PEPExample1.java 2010-06-18 08:40:01
UTC (rev 5711)
@@ -0,0 +1,21 @@
+package pep;
+
+import net.geant.authr.pep.SimpleRequest;
+import net.geant.authr.pep.exceptions.PEPException;
+import net.geant.authr.pep.sunxacml.SimpleRequestSun;
+
+public class PEPExample1 {
+
+ public static void main(String[] args) {
+ SimpleRequest sr=new SimpleRequestSun();
+ try {
+ sr.setSubject("kan");
+ sr.setAction("read");
+ sr.setResource("http://perfsonar.net/MA";);
+ } catch (PEPException e) {
+ e.printStackTrace();
+ }
+
+ System.out.println(sr.getMessage());
+ }
+}

Added: branches/authRengine/examples/pep/PEPExample2.java
===================================================================
--- branches/authRengine/examples/pep/PEPExample2.java
(rev 0)
+++ branches/authRengine/examples/pep/PEPExample2.java 2010-06-18 08:40:01
UTC (rev 5711)
@@ -0,0 +1,24 @@
+package pep;
+
+import net.geant.authr.pep.SimpleDelegatedRequest;
+import net.geant.authr.pep.SimpleRequest;
+import net.geant.authr.pep.exceptions.PEPException;
+import net.geant.authr.pep.sunxacml.SimpleDelegatedRequestSun;
+import net.geant.authr.pep.sunxacml.SimpleRequestSun;
+
+public class PEPExample2 {
+
+ public static void main(String[] args) {
+ SimpleDelegatedRequest sr=new SimpleDelegatedRequestSun();
+ try {
+ sr.setSubject("kan");
+ sr.setClient("elmio");
+ sr.setAction("read");
+ sr.setResource("http://perfsonar.net/MA";);
+ } catch (PEPException e) {
+ e.printStackTrace();
+ }
+
+ System.out.println(sr.getMessage());
+ }
+}

Added: branches/authRengine/examples/pep/sunxacml/PolicyEnforcementPoint1.java
===================================================================
--- branches/authRengine/examples/pep/sunxacml/PolicyEnforcementPoint1.java
(rev 0)
+++ branches/authRengine/examples/pep/sunxacml/PolicyEnforcementPoint1.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,75 @@
+package pep.sunxacml;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.HashSet;
+import java.util.Set;
+
+import com.sun.xacml.EvaluationCtx;
+import com.sun.xacml.Indenter;
+import com.sun.xacml.attr.AnyURIAttribute;
+import com.sun.xacml.attr.RFC822NameAttribute;
+import com.sun.xacml.attr.StringAttribute;
+import com.sun.xacml.ctx.Attribute;
+import com.sun.xacml.ctx.RequestCtx;
+import com.sun.xacml.ctx.Subject;
+
+public class PolicyEnforcementPoint1 {
+
+ public static Set setupSubjects() throws URISyntaxException {
+ HashSet attributes = new HashSet();
+ // setup the id and value for the requesting subject
+ URI subjectId = new
URI("urn:oasis:names:tc:xacml:1.0:subject:subject-id");
+ RFC822NameAttribute value = new
RFC822NameAttribute("");
+ // create the subject section with two attributes, the first
with
+ // the subject's identity...
+ attributes.add(new Attribute(subjectId, null, null, value));
+ // ...and the second with the subject's group membership
+ URI groupId = new URI("group");
+ StringAttribute stringAttribValue = new
StringAttribute("owner");
+ attributes.add(new Attribute(groupId, null, null,
stringAttribValue));
+ // bundle the attributes in a Subject with the default
category
+ HashSet subjects = new HashSet();
+ subjects.add(new Subject(attributes));
+ return subjects;
+ }
+
+ public static Set setupResource() throws URISyntaxException {
+ HashSet resource = new HashSet();
+ // the resource being requested
+ AnyURIAttribute value =
+ new AnyURIAttribute(new
URI("/Users/perfsonar/perfsonar.data"));
+ // create the resource using a standard, required identifier
for
+ // the resource being requested
+ resource.add(
+ new Attribute(
+ new
URI(EvaluationCtx.RESOURCE_ID),
+ null,
+ null,
+ value));
+ return resource;
+ }
+
+ public static Set setupAction() throws URISyntaxException {
+ HashSet action = new HashSet();
+ // this is a standard URI that can optionally be used to
specify
+ // the action being requested
+ URI actionId = new
URI("urn:oasis:names:tc:xacml:1.0:action:action-id");
+ // create the action
+ action.add(
+ new Attribute(actionId, null, null, new
StringAttribute("open")));
+ return action;
+ }
+
+ /**
+ * @param args
+ */
+ public static void main(String[] args) throws Exception {
+ RequestCtx request = new RequestCtx(setupSubjects(),
setupResource(),
+ setupAction(), new HashSet());
+
+ // encode the Request and print it to standard out
+ request.encode(System.out, new Indenter());
+ }
+
+}

Added: branches/authRengine/examples/perfsonar/AuthREERequestGenerator.java
===================================================================
--- branches/authRengine/examples/perfsonar/AuthREERequestGenerator.java
(rev 0)
+++ branches/authRengine/examples/perfsonar/AuthREERequestGenerator.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,81 @@
+package perfsonar;
+
+import java.io.StringWriter;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Result;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import net.geant.authr.pep.SimpleRequest;
+import net.geant.authr.pep.exceptions.PEPException;
+import net.geant.authr.pep.sunxacml.SimpleRequestSun;
+
+import org.ggf.ns.nmwg.base.v2_0.Data;
+import org.ggf.ns.nmwg.base.v2_0.Message;
+import org.ggf.ns.nmwg.tools.org.perfsonar.service.as.authr.v1_0.Subject;
+import org.perfsonar.base.exceptions.PerfSONARException;
+import
org.perfsonar.client.base.requests.authService.AuthNEERequestGenerator;
+import org.w3c.dom.Document;
+
+public class AuthREERequestGenerator extends AuthNEERequestGenerator {
+ private static String dataId = "authN1";
+ private SimpleRequest request;
+
+ public AuthREERequestGenerator(SimpleRequest req) {
+ this.request = req;
+ }
+
+ public Message generateRequestMessage() throws PerfSONARException {
+ Message authr = super.generateRequestMessage();
+
+ try {
+ String reqString=request.getMessage();
+
+ Subject authrElement=new Subject();
+ authrElement.setSubject(reqString);
+
+
authr.getMetadata("authNmetadata").setSubject(authrElement);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ return authr;
+ }
+
+ public static String formatDocument(Document doc) throws
TransformerConfigurationException, TransformerException {
+ Source source = new DOMSource(doc);
+ StringWriter stringWriter = new StringWriter();
+ Result result = new StreamResult(stringWriter);
+ TransformerFactory factory = TransformerFactory.newInstance();
+ Transformer transformer = factory.newTransformer();
+ transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION,
"yes");
+ transformer.setOutputProperty(OutputKeys.INDENT, "yes");
+ transformer.transform(source, result);
+ return stringWriter.getBuffer().toString();
+ }
+
+ public static void main(String[] args) throws Exception {
+ SimpleRequest sr=new SimpleRequestSun();
+ try {
+ sr.addSubject("kan");
+ sr.addAction("read");
+ sr.addResource("http://perfsonar.net/MA";);
+ } catch (PEPException e) {
+ e.printStackTrace();
+ }
+ AuthREERequestGenerator authr=new AuthREERequestGenerator(sr);
+
+ DocumentBuilderFactory factory =
DocumentBuilderFactory.newInstance();
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ Document d = builder.newDocument();
+
+
System.out.println(formatDocument(authr.generateRequestMessage().getDOM(d)));
+ }
+}

Added: branches/authRengine/examples/pip/AttributeRequestExample.java
===================================================================
--- branches/authRengine/examples/pip/AttributeRequestExample.java
(rev 0)
+++ branches/authRengine/examples/pip/AttributeRequestExample.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,92 @@
+package pip;
+
+import java.io.FileInputStream;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.security.KeyStore;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Properties;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManagerFactory;
+
+import org.opensaml.SAMLConfig;
+import org.opensaml.SAMLRequest;
+
+import net.geant.edugain.base.AttributeRequest;
+import net.geant.edugain.base.AttributeRequester;
+import net.geant.edugain.base.BaseException;
+import net.geant.edugain.base.Configurator;
+
+public class AttributeRequestExample {
+
+ /**
+ * @param args
+ */
+ public static void main(String[] args) throws Exception {
+ AttributeRequest instance = new AttributeRequest();
+
+
instance.setHomeSite("http://serrano.rediris.es:8080/SAMLSOAPReceiver";);
+ instance.setSubjectHandle("aksjc7e736452829we8");
+ instance.setCacheReference("98230984908320980234");
+
+ try {
+ instance.setResource(new URI("sp.rediris.es/resource"));
+ } catch (URISyntaxException ex) {
+ ex.printStackTrace();
+ }
+
+ try {
+ instance.setProducerId(new URI("sp.rediris.es"));
+ instance.setConsumerId(new URI("idp.switch.ch"));
+
+ } catch (URISyntaxException ex) {
+ ex.printStackTrace();
+ }
+
+ List<String> attributes = new ArrayList<String>();
+
attributes.add("urn:mace:dir:attribute-def:eduPersonPrincipalName");
+ attributes.add("urn:mace:dir:attribute-def:preferredLanguage");
+
+// instance.setAttributeNameList( attributes );
+
+ SAMLRequest result = null;
+ try {
+ result = instance.toSAML();
+ System.out.println("toSAML: "+result.toString());
+
+ } catch (BaseException ex) {
+ ex.printStackTrace();
+ }
+
+ Properties props=new Properties();
+ props.put("provider", "SunRsaSign");
+ props.put(Configurator.PROPS_TRUSTSTORE_PASSWD, "12345678");
+
props.put(Configurator.PROPS_TRUSTSTORE_FILE,"stuff/perfSONARtruststoreTest.jks");
+
props.put(Configurator.PROPS_VALID_COMPONENTS,"stuff/ASValidComponentsFile");
+ Configurator config=Configurator.getInstance(props);
+/* config.loadTrustStore();
+ SAMLConfig config2=SAMLConfig.instance();
+ config2.setProperties(props);
+
+ String ts_path =
props.getProperty(Configurator.PROPS_TRUSTSTORE_FILE);
+ String ts_pwd =
config2.getProperty("org.opensaml.ssl.truststore-pwd");
+ String ts_type =
config2.getProperty("org.opensaml.ssl.truststore-type");
+ KeyStore ts = KeyStore.getInstance(ts_type != null ? ts_type :
"JKS");
+ ts.load(new FileInputStream(ts_path),(ts_pwd!=null) ?
ts_pwd.toCharArray() : null);
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
+ tmf.init(ts);
+ SSLContext context=SSLContext.getInstance("SSL");
+ context.init(null, tmf.getTrustManagers(), null); */
+
+ System.out.println("Sending!");
+ AttributeRequester areq=new AttributeRequester();
+ try {
+ areq.request(instance);
+ } catch (BaseException e) {
+ e.printStackTrace();
+ }
+ }
+
+}

Added: branches/authRengine/lib/nmwg-1.0.20080529.jar
===================================================================
(Binary files differ)

Property changes on: branches/authRengine/lib/nmwg-1.0.20080529.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream

Added: branches/authRengine/lib/nmwg-1.0.20080604.jar
===================================================================
(Binary files differ)

Property changes on: branches/authRengine/lib/nmwg-1.0.20080604.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream

Added: branches/authRengine/lib/sunxacml-debug.jar
===================================================================
(Binary files differ)

Property changes on: branches/authRengine/lib/sunxacml-debug.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream

Added: branches/authRengine/lib/sunxacml.jar
===================================================================
(Binary files differ)

Property changes on: branches/authRengine/lib/sunxacml.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream

Added: branches/authRengine/src/net/geant/authr/pap/PolicyManager.java
===================================================================
--- branches/authRengine/src/net/geant/authr/pap/PolicyManager.java
(rev 0)
+++ branches/authRengine/src/net/geant/authr/pap/PolicyManager.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,8 @@
+package net.geant.authr.pap;
+
+public interface PolicyManager {
+
+ public void clearPolicies();
+ public boolean loadPolicies(String[] filenames);
+ public Object getPolicies();
+}

Added: branches/authRengine/src/net/geant/authr/pap/PolicyManagerFactory.java
===================================================================
--- branches/authRengine/src/net/geant/authr/pap/PolicyManagerFactory.java
(rev 0)
+++ branches/authRengine/src/net/geant/authr/pap/PolicyManagerFactory.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,10 @@
+package net.geant.authr.pap;
+
+import net.geant.authr.pap.sunxacml.PolicyManagerSun;
+
+public class PolicyManagerFactory {
+
+ public static PolicyManager getDefaultPolicyManager() {
+ return new PolicyManagerSun();
+ }
+}

Added:
branches/authRengine/src/net/geant/authr/pap/sunxacml/PolicyManagerSun.java
===================================================================
---
branches/authRengine/src/net/geant/authr/pap/sunxacml/PolicyManagerSun.java
(rev 0)
+++
branches/authRengine/src/net/geant/authr/pap/sunxacml/PolicyManagerSun.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,37 @@
+package net.geant.authr.pap.sunxacml;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import com.sun.xacml.finder.PolicyFinder;
+import com.sun.xacml.finder.PolicyFinderModule;
+import com.sun.xacml.finder.impl.FilePolicyModule;
+
+import net.geant.authr.pap.PolicyManager;
+
+public class PolicyManagerSun implements PolicyManager {
+ Set<PolicyFinderModule> policyModules;
+
+ public PolicyManagerSun() {
+ policyModules=new HashSet<PolicyFinderModule>();
+ }
+
+ public void clearPolicies() {
+ policyModules.clear();
+ }
+
+ public boolean loadPolicies(String[] filenames) {
+ FilePolicyModule filePolicyModule = new FilePolicyModule();
+ for (int i = 0; i < filenames.length; i++) {
+ filePolicyModule.addPolicy(filenames[i]);
+ }
+
+ return policyModules.add(filePolicyModule);
+ }
+
+ public Object getPolicies() {
+ PolicyFinder policyFinder = new PolicyFinder();
+ policyFinder.setModules(policyModules);
+ return policyFinder;
+ }
+}

Added: branches/authRengine/src/net/geant/authr/pdp/Evaluator.java
===================================================================
--- branches/authRengine/src/net/geant/authr/pdp/Evaluator.java
(rev 0)
+++ branches/authRengine/src/net/geant/authr/pdp/Evaluator.java 2010-06-18
08:40:01 UTC (rev 5711)
@@ -0,0 +1,13 @@
+package net.geant.authr.pdp;
+
+import net.geant.authr.pap.PolicyManager;
+import net.geant.authr.pep.SimpleRequest;
+import net.geant.authr.pep.SimpleResponse;
+
+public interface Evaluator {
+
+ public void setPolicyManager(PolicyManager pm);
+ public PolicyManager getPolicyManager();
+ public SimpleResponse evaluateRequest(SimpleRequest request);
+
+}

Added: branches/authRengine/src/net/geant/authr/pdp/EvaluatorFactory.java
===================================================================
--- branches/authRengine/src/net/geant/authr/pdp/EvaluatorFactory.java
(rev 0)
+++ branches/authRengine/src/net/geant/authr/pdp/EvaluatorFactory.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,10 @@
+package net.geant.authr.pdp;
+
+import net.geant.authr.pdp.sunxacml.EvaluatorSun;
+
+public class EvaluatorFactory {
+
+ public static Evaluator getDefaultEvaluator() {
+ return new EvaluatorSun();
+ }
+}

Added: branches/authRengine/src/net/geant/authr/pdp/sunxacml/EvaluatorSun.java
===================================================================
--- branches/authRengine/src/net/geant/authr/pdp/sunxacml/EvaluatorSun.java
(rev 0)
+++ branches/authRengine/src/net/geant/authr/pdp/sunxacml/EvaluatorSun.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,48 @@
+package net.geant.authr.pdp.sunxacml;
+
+import com.sun.xacml.PDP;
+import com.sun.xacml.PDPConfig;
+import com.sun.xacml.ctx.RequestCtx;
+import com.sun.xacml.ctx.ResponseCtx;
+import com.sun.xacml.finder.PolicyFinder;
+
+import net.geant.authr.pap.PolicyManager;
+import net.geant.authr.pap.sunxacml.PolicyManagerSun;
+import net.geant.authr.pdp.Evaluator;
+import net.geant.authr.pep.SimpleRequest;
+import net.geant.authr.pep.SimpleResponse;
+import net.geant.authr.pep.sunxacml.SimpleResponseSun;
+
+public class EvaluatorSun implements Evaluator {
+ PolicyManager policyManager;
+
+ public EvaluatorSun() {
+ policyManager = new PolicyManagerSun();
+ }
+
+ public void setPolicyManager(PolicyManager pm) {
+ policyManager=pm;
+ }
+
+ public PolicyManager getPolicyManager() {
+ return policyManager;
+ }
+
+ public SimpleResponse evaluateRequest(SimpleRequest request) {
+ PDPConfig pdpConfig=new PDPConfig(null,
(PolicyFinder)policyManager.getPolicies(), null);
+ PDP pdp=new PDP(pdpConfig);
+
+ RequestCtx
requestCtx=(RequestCtx)request.getRawRequestObject();
+ ResponseCtx responseCtx=pdp.evaluate(requestCtx);
+
+ SimpleResponse sr=new SimpleResponseSun();
+ try {
+ sr.processRawResponse(responseCtx);
+ } catch (Exception e) {
+ return null;
+ }
+
+ return sr;
+ }
+
+}

Added: branches/authRengine/src/net/geant/authr/pep/RequestFactory.java
===================================================================
--- branches/authRengine/src/net/geant/authr/pep/RequestFactory.java
(rev 0)
+++ branches/authRengine/src/net/geant/authr/pep/RequestFactory.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,15 @@
+package net.geant.authr.pep;
+
+import net.geant.authr.pep.sunxacml.SimpleDelegatedRequestSun;
+import net.geant.authr.pep.sunxacml.SimpleRequestSun;
+
+public class RequestFactory {
+
+ public static SimpleRequest getDefaultSimpleRequest() {
+ return new SimpleRequestSun();
+ }
+
+ public static SimpleDelegatedRequest
getDefaultSimpleDelegatedRequest() {
+ return new SimpleDelegatedRequestSun();
+ }
+}

Added: branches/authRengine/src/net/geant/authr/pep/ResponseFactory.java
===================================================================
--- branches/authRengine/src/net/geant/authr/pep/ResponseFactory.java
(rev 0)
+++ branches/authRengine/src/net/geant/authr/pep/ResponseFactory.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,10 @@
+package net.geant.authr.pep;
+
+import net.geant.authr.pep.sunxacml.SimpleResponseSun;
+
+public class ResponseFactory {
+
+ public static SimpleResponse getDefaultSimpleResponse() {
+ return new SimpleResponseSun();
+ }
+}

Added:
branches/authRengine/src/net/geant/authr/pep/SimpleDelegatedRequest.java
===================================================================
--- branches/authRengine/src/net/geant/authr/pep/SimpleDelegatedRequest.java
(rev 0)
+++ branches/authRengine/src/net/geant/authr/pep/SimpleDelegatedRequest.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,9 @@
+package net.geant.authr.pep;
+
+import net.geant.authr.pep.exceptions.PEPException;
+
+public interface SimpleDelegatedRequest extends SimpleRequest {
+
+ public void setClient(String client) throws PEPException;
+
+}

Added: branches/authRengine/src/net/geant/authr/pep/SimpleRequest.java
===================================================================
--- branches/authRengine/src/net/geant/authr/pep/SimpleRequest.java
(rev 0)
+++ branches/authRengine/src/net/geant/authr/pep/SimpleRequest.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,18 @@
+package net.geant.authr.pep;
+
+import net.geant.authr.pep.exceptions.PEPException;
+
+public interface SimpleRequest {
+
+ public void setSubject(String subject) throws PEPException;
+ public String getSubject();
+ public void setResource(String uriResource) throws PEPException;
+ public String getResource();
+ public void setAction(String action) throws PEPException;
+ public String getAction();
+
+ public Object getRawRequestObject();
+
+ public String getMessage();
+ public void setRequestFromMessage(String message) throws PEPException;
+}

Added: branches/authRengine/src/net/geant/authr/pep/SimpleResponse.java
===================================================================
--- branches/authRengine/src/net/geant/authr/pep/SimpleResponse.java
(rev 0)
+++ branches/authRengine/src/net/geant/authr/pep/SimpleResponse.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,16 @@
+package net.geant.authr.pep;
+
+import net.geant.authr.pep.exceptions.PEPException;
+
+public interface SimpleResponse {
+ public final static int PERMIT = 0;
+ public final static int DENY = 1;
+ public final static int INDETERMINATE = 2;
+ public final static int NOT_APPLICABLE = 3;
+
+ public int getDecision();
+
+ public String getMessage() throws PEPException;
+ public Object getRawResponseObject() throws PEPException;
+ public void processRawResponse(Object response) throws PEPException;
+}

Added:
branches/authRengine/src/net/geant/authr/pep/exceptions/PEPException.java
===================================================================
--- branches/authRengine/src/net/geant/authr/pep/exceptions/PEPException.java
(rev 0)
+++ branches/authRengine/src/net/geant/authr/pep/exceptions/PEPException.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,17 @@
+package net.geant.authr.pep.exceptions;
+
+public class PEPException extends Exception {
+ private static final long serialVersionUID = -2501558966115940118L;
+
+ public PEPException() {
+ super();
+ }
+
+ public PEPException(Exception e) {
+ super(e);
+ }
+
+ public PEPException(String message) {
+ super(message);
+ }
+}

Added:
branches/authRengine/src/net/geant/authr/pep/sunxacml/SimpleDelegatedRequestSun.java
===================================================================
---
branches/authRengine/src/net/geant/authr/pep/sunxacml/SimpleDelegatedRequestSun.java
(rev 0)
+++
branches/authRengine/src/net/geant/authr/pep/sunxacml/SimpleDelegatedRequestSun.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,99 @@
+package net.geant.authr.pep.sunxacml;
+
+import java.io.ByteArrayInputStream;
+import java.net.URI;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import com.sun.xacml.ParsingException;
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.StringAttribute;
+import com.sun.xacml.ctx.Attribute;
+import com.sun.xacml.ctx.RequestCtx;
+import com.sun.xacml.ctx.Subject;
+
+import net.geant.authr.pep.SimpleDelegatedRequest;
+import net.geant.authr.pep.exceptions.PEPException;
+
+public class SimpleDelegatedRequestSun extends SimpleRequestSun implements
+ SimpleDelegatedRequest {
+ Attribute client;
+
+ public SimpleDelegatedRequestSun() {
+ client = null;
+ }
+
+ public void setClient(String client) throws PEPException {
+ if (subject==null) {
+ throw new PEPException("There isn't any user in the
request");
+ }
+ try {
+ URI clientId = new
URI("urn:geant:edugain:protocol:delegatedclient");
+ AttributeValue value=new StringAttribute(client);
+ this.client = new Attribute(clientId, null, null,
value);
+ } catch (Exception e) {
+ throw new PEPException(e);
+ }
+ }
+
+ public Object getRawRequestObject() {
+ Set<Subject> subjects=new HashSet<Subject>();
+ if (subject!=null) {
+ Set<Attribute> attributes=new HashSet<Attribute>();
+ attributes.add(subject);
+ if (client != null) {
+ attributes.add(client);
+ }
+ Subject subj=new Subject(attributes);
+ subjects.add(subj);
+ }
+ Set<Attribute> resources=new HashSet<Attribute>();
+ if (resource!=null) {
+ resources.add(resource);
+ }
+ Set<Attribute> actions=new HashSet<Attribute>();
+ if (action!=null) {
+ actions.add(action);
+ }
+ RequestCtx request = new RequestCtx(subjects, resources,
actions, new HashSet());
+ return request;
+ }
+
+ public void setRequestFromMessage(String message) throws PEPException
{
+ ByteArrayInputStream bais=new
ByteArrayInputStream(message.getBytes());
+ try {
+ RequestCtx request = RequestCtx.getInstance(bais);
+ // Subject
+ Set<Subject> subjects=request.getSubjects();
+ if (subjects.size()!=1) {
+ throw new PEPException("Too many subjects for
a SimpleRequest!");
+ }
+ Iterator<Subject> it=subjects.iterator();
+ Subject subj=it.next();
+ Set<Attribute> subjAttrs=subj.getAttributes();
+ if (subjAttrs.size()>2) {
+ throw new PEPException("Too many attributes
for the subject!");
+ }
+ Iterator<Attribute> it2=subjAttrs.iterator();
+ this.subject = it2.next();
+ // Resource
+ Set<Attribute> resources=request.getResource();
+ if (resources.size()!=1) {
+ throw new PEPException("Too many resources
for a SimpleRequest");
+ }
+ it2 = resources.iterator();
+ this.resource = it2.next();
+ // Action
+ Set<Attribute> actions=request.getAction();
+ if (actions.size()!=1) {
+ throw new PEPException("Too many actions for
a SimpleRequest");
+ }
+ it2 = actions.iterator();
+ this.action = it2.next();
+ } catch (ParsingException e) {
+ throw new PEPException(e);
+ }
+ }
+
+}

Added:
branches/authRengine/src/net/geant/authr/pep/sunxacml/SimpleRequestSun.java
===================================================================
---
branches/authRengine/src/net/geant/authr/pep/sunxacml/SimpleRequestSun.java
(rev 0)
+++
branches/authRengine/src/net/geant/authr/pep/sunxacml/SimpleRequestSun.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,165 @@
+package net.geant.authr.pep.sunxacml;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.net.URI;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import net.geant.authr.pep.exceptions.PEPException;
+
+import com.sun.xacml.EvaluationCtx;
+import com.sun.xacml.Indenter;
+import com.sun.xacml.ParsingException;
+import com.sun.xacml.attr.AnyURIAttribute;
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.RFC822NameAttribute;
+import com.sun.xacml.attr.StringAttribute;
+import com.sun.xacml.ctx.Attribute;
+import com.sun.xacml.ctx.RequestCtx;
+import com.sun.xacml.ctx.Subject;
+
+public class SimpleRequestSun implements net.geant.authr.pep.SimpleRequest {
+ protected Attribute subject;
+ protected Attribute resource;
+ protected Attribute action;
+
+ public SimpleRequestSun() {
+ subject=null;
+ resource=null;
+ action=null;
+ }
+
+ public void setAction(String action) throws PEPException {
+ try {
+ URI actionId = new
URI("urn:oasis:names:tc:xacml:1.0:action:action-id");
+ this.action = new Attribute(actionId, null, null, new
StringAttribute(action));
+ } catch (Exception e) {
+ throw new PEPException(e);
+ }
+ }
+
+ public String getAction() {
+ if (action!=null) {
+ StringAttribute sa=(StringAttribute)action.getValue();
+ return sa.getValue();
+ }
+ else {
+ return "";
+ }
+ }
+
+ public void setResource(String uriResource) throws PEPException {
+ try {
+ AnyURIAttribute value =
+ new AnyURIAttribute(new URI(uriResource));
+ resource = new Attribute(new
URI(EvaluationCtx.RESOURCE_ID), null, null, value);
+ } catch (Exception e) {
+ throw new PEPException(e);
+ }
+ }
+
+ public String getResource() {
+ if (resource!=null) {
+ AnyURIAttribute
av=(AnyURIAttribute)resource.getValue();
+ URI uri=av.getValue();
+ return uri.toString();
+ }
+ else {
+ return null;
+ }
+ }
+
+ public void setSubject(String subject) throws PEPException {
+ try {
+ URI subjectId = new
URI("urn:oasis:names:tc:xacml:1.0:subject:subject-id");
+ AttributeValue value=null;
+ if (subject.contains("@")) {
+ value=new RFC822NameAttribute(subject);
+ }
+ else {
+ value=new StringAttribute(subject);
+ }
+ this.subject = new Attribute(subjectId, null, null,
value);
+ } catch (Exception e) {
+ throw new PEPException(e);
+ }
+ }
+
+ public String getSubject() {
+ AttributeValue av=subject.getValue();
+ if (av instanceof RFC822NameAttribute) {
+ RFC822NameAttribute na=(RFC822NameAttribute)av;
+ return na.getValue();
+ }
+ else {
+ StringAttribute sa=(StringAttribute)av;
+ return sa.getValue();
+ }
+ }
+
+ public String getMessage() {
+ RequestCtx request = (RequestCtx)getRawRequestObject();
+ ByteArrayOutputStream baos=new ByteArrayOutputStream();
+ request.encode(baos, new Indenter());
+ return baos.toString();
+ }
+
+ public Object getRawRequestObject() {
+ Set<Subject> subjects=new HashSet<Subject>();
+ if (subject!=null) {
+ Set<Attribute> attributes=new HashSet<Attribute>();
+ attributes.add(subject);
+ Subject subj=new Subject(attributes);
+ subjects.add(subj);
+ }
+ Set<Attribute> resources=new HashSet<Attribute>();
+ if (resource!=null) {
+ resources.add(resource);
+ }
+ Set<Attribute> actions=new HashSet<Attribute>();
+ if (action!=null) {
+ actions.add(action);
+ }
+ RequestCtx request = new RequestCtx(subjects, resources,
actions, new HashSet());
+ return request;
+ }
+
+ public void setRequestFromMessage(String message) throws PEPException
{
+ ByteArrayInputStream bais=new
ByteArrayInputStream(message.getBytes());
+ try {
+ RequestCtx request = RequestCtx.getInstance(bais);
+ // Subject
+ Set<Subject> subjects=request.getSubjects();
+ if (subjects.size()!=1) {
+ throw new PEPException("Too many subjects for
a SimpleRequest!");
+ }
+ Iterator<Subject> it=subjects.iterator();
+ Subject subj=it.next();
+ Set<Attribute> subjAttrs=subj.getAttributes();
+ if (subjAttrs.size()!=1) {
+ throw new PEPException("Too many attributes
for the subject!");
+ }
+ Iterator<Attribute> it2=subjAttrs.iterator();
+ this.subject = it2.next();
+ // Resource
+ Set<Attribute> resources=request.getResource();
+ if (resources.size()!=1) {
+ throw new PEPException("Too many resources
for a SimpleRequest");
+ }
+ it2 = resources.iterator();
+ this.resource = it2.next();
+ // Action
+ Set<Attribute> actions=request.getAction();
+ if (actions.size()!=1) {
+ throw new PEPException("Too many actions for
a SimpleRequest");
+ }
+ it2 = actions.iterator();
+ this.action = it2.next();
+ } catch (ParsingException e) {
+ throw new PEPException(e);
+ }
+ }
+
+}

Added:
branches/authRengine/src/net/geant/authr/pep/sunxacml/SimpleResponseSun.java
===================================================================
---
branches/authRengine/src/net/geant/authr/pep/sunxacml/SimpleResponseSun.java
(rev 0)
+++
branches/authRengine/src/net/geant/authr/pep/sunxacml/SimpleResponseSun.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,69 @@
+package net.geant.authr.pep.sunxacml;
+
+import java.io.ByteArrayOutputStream;
+import java.util.Iterator;
+import java.util.Set;
+
+import com.sun.xacml.Indenter;
+import com.sun.xacml.ctx.ResponseCtx;
+import com.sun.xacml.ctx.Result;
+
+import net.geant.authr.pep.SimpleResponse;
+import net.geant.authr.pep.exceptions.PEPException;
+
+public class SimpleResponseSun implements SimpleResponse {
+ ResponseCtx responseCtx;
+ int decision;
+
+ public SimpleResponseSun() {
+ this.responseCtx = null;
+ this.decision = SimpleResponse.INDETERMINATE;
+ }
+
+ public int getDecision() {
+ return decision;
+ }
+
+ public String getMessage() throws PEPException {
+ if (responseCtx == null) {
+ throw new PEPException("");
+ }
+ ByteArrayOutputStream baos=new ByteArrayOutputStream();
+ responseCtx.encode(baos, new Indenter());
+ return baos.toString();
+ }
+
+ public void processRawResponse(Object response) throws PEPException {
+ if (!(response instanceof ResponseCtx)) {
+ throw new PEPException("Object response is not a
ResponseCtx class");
+ }
+ responseCtx=(ResponseCtx)response;
+ Set s=responseCtx.getResults();
+ Iterator it=s.iterator();
+ Result result=(Result)it.next();
+ switch (result.getDecision()) {
+ case Result.DECISION_DENY:
+ decision=SimpleResponse.DENY;
+ break;
+ case Result.DECISION_INDETERMINATE:
+ decision=SimpleResponse.INDETERMINATE;
+ break;
+ case Result.DECISION_NOT_APPLICABLE:
+ decision=SimpleResponse.NOT_APPLICABLE;
+ break;
+ case Result.DECISION_PERMIT:
+ decision=SimpleResponse.PERMIT;
+ break;
+ default:
+ decision=SimpleResponse.INDETERMINATE;
+ }
+ }
+
+ public Object getRawResponseObject() throws PEPException {
+ if (responseCtx == null) {
+ throw new PEPException("Response not valid or not
initialized");
+ }
+ return responseCtx;
+ }
+
+}

Added: branches/authRengine/src/net/geant/authr/pip/Attribute.java
===================================================================
--- branches/authRengine/src/net/geant/authr/pip/Attribute.java
(rev 0)
+++ branches/authRengine/src/net/geant/authr/pip/Attribute.java 2010-06-18
08:40:01 UTC (rev 5711)
@@ -0,0 +1,54 @@
+package net.geant.authr.pip;
+
+import java.util.HashSet;
+import java.util.Set;
+
+public class Attribute {
+ public static final String DEFAULT_ATTRIBUTE_TYPE = "String";
+
+ private String name;
+ private Set<Object> values;
+ private String type;
+
+ public Attribute() {
+ name="";
+ values=new HashSet<Object>();
+ type = Attribute.DEFAULT_ATTRIBUTE_TYPE;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public String getType() {
+ return type;
+ }
+
+ public void setType(String type) {
+ this.type = type;
+ }
+
+ public Object[] getValues() {
+ Object[] res=new Object[values.size()];
+ res=(Object[])values.toArray(res);
+ return res;
+ }
+
+ public void removeAllValues() {
+ values.clear();
+ }
+
+ public void addValue(Object o) {
+ values.add(o);
+ }
+
+ public void removeValue(Object o) {
+ if (values.contains(o)) {
+ values.remove(o);
+ }
+ }
+}

Added: branches/authRengine/src/net/geant/authr/pip/IdentityRequest.java
===================================================================
--- branches/authRengine/src/net/geant/authr/pip/IdentityRequest.java
(rev 0)
+++ branches/authRengine/src/net/geant/authr/pip/IdentityRequest.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,5 @@
+package net.geant.authr.pip;
+
+public interface IdentityRequest {
+
+}

Added: branches/authRengine/stuff/ASValidComponentsFile
===================================================================
--- branches/authRengine/stuff/ASValidComponentsFile
(rev 0)
+++ branches/authRengine/stuff/ASValidComponentsFile 2010-06-18 08:40:01
UTC (rev 5711)
@@ -0,0 +1 @@
+urn:geant:edugain:component:.*
\ No newline at end of file

Added: branches/authRengine/stuff/basic_policy.xml
===================================================================
--- branches/authRengine/stuff/basic_policy.xml (rev
0)
+++ branches/authRengine/stuff/basic_policy.xml 2010-06-18 08:40:01 UTC (rev
5711)
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ PolicyId="GeneratedPolicy"
+
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:ordered-permit-overrides">
+
+ <Description>
+ aaaaa
+ </Description>
+ <Target>
+ <Subjects>
+ <AnySubject/>
+ </Subjects>
+ <Resources>
+ <AnyResource/>
+ </Resources>
+ <Actions>
+ <AnyAction/>
+ </Actions>
+ </Target>
+
+ <Rule RuleId="CommitRule" Effect="Permit">
+ <Target>
+ <Subjects>
+ <AnySubject/>
+ </Subjects>
+ <Resources>
+ <AnyResource/>
+ </Resources>
+ <Actions>
+ <Action>
+ <ActionMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string";>commit</AttributeValue>
+ <ActionAttributeDesignator
DataType="http://www.w3.org/2001/XMLSchema#string";
+
AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"/>
+ </ActionMatch>
+ </Action>
+ </Actions>
+ </Target>
+
+ </Rule>
+
+ <Rule RuleId="FinalRule" Effect="Deny"/>
+
+</Policy>

Added: branches/authRengine/stuff/generated.xml
===================================================================
--- branches/authRengine/stuff/generated.xml (rev
0)
+++ branches/authRengine/stuff/generated.xml 2010-06-18 08:40:01 UTC (rev
5711)
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ PolicyId="GeneratedPolicy"
+
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:ordered-permit-overrides">
+
+ <Description>
+ This policy applies to any accounts at users.example.com accessing
+ server.example.com. The one Rule applies to the specific action of
+ doing a CVS commit, but other Rules could be defined that handled
+ other actions. In this case, only certain groups of people are
+ allowed to commit. There is a final fall-through rule that always
+ returns Deny.
+ </Description>
+
+ <Target>
+ <Subjects>
+ <Subject>
+ <SubjectMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:rfc822Name-match">
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string";>users.example.com</AttributeValue>
+ <SubjectAttributeDesignator
DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name"
+
AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"/>
+ </SubjectMatch>
+ </Subject>
+ </Subjects>
+ <Resources>
+ <Resource>
+ <ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://server.example.com/</AttributeValue>
+ <ResourceAttributeDesignator
DataType="http://www.w3.org/2001/XMLSchema#anyURI";
+
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ <Actions>
+ <AnyAction/>
+ </Actions>
+ </Target>
+
+ <Rule RuleId="CommitRule" Effect="Permit">
+
+ <Target>
+ <Subjects>
+ <AnySubject/>
+ </Subjects>
+ <Resources>
+ <AnyResource/>
+ </Resources>
+ <Actions>
+ <Action>
+ <ActionMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string";>commit</AttributeValue>
+ <ActionAttributeDesignator
DataType="http://www.w3.org/2001/XMLSchema#string";
+
AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"/>
+ </ActionMatch>
+ </Action>
+ </Actions>
+ </Target>
+
+ <Condition
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Apply
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <SubjectAttributeDesignator
DataType="http://www.w3.org/2001/XMLSchema#string";
+ AttributeId="group"
+
Issuer=""/>
+ </Apply>
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string";>developers</AttributeValue>
+ </Condition>
+
+ </Rule>
+
+ <Rule RuleId="FinalRule" Effect="Deny"/>
+
+</Policy>

Added: branches/authRengine/sunxacml/com/sun/xacml/AbstractPolicy.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/AbstractPolicy.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/AbstractPolicy.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,441 @@
+
+/*
+ * @(#)AbstractPolicy.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml;
+
+import com.sun.xacml.combine.CombiningAlgorithm;
+import com.sun.xacml.combine.CombiningAlgFactory;
+import com.sun.xacml.combine.PolicyCombiningAlgorithm;
+import com.sun.xacml.combine.RuleCombiningAlgorithm;
+
+import com.sun.xacml.ctx.Result;
+
+import java.io.OutputStream;
+import java.io.PrintStream;
+
+import java.net.URI;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+
+/**
+ * Represents an instance of an XACML policy.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ * @author Marco Barreno
+ */
+public abstract class AbstractPolicy implements PolicyTreeElement
+{
+
+ /**
+ * XPath 1.0 identifier, the only version we support right now
+ */
+ public static final String XPATH_1_0_VERSION =
+ "http://www.w3.org/TR/1999/Rec-xpath-19991116";;
+
+ // atributes associated with this policy
+ private URI idAttr;
+ private CombiningAlgorithm combiningAlg;
+
+ // the elements in the policy
+ private String description;
+ private Target target;
+
+ // the value in defaults, or null if there was no default value
+ private String defaultVersion;
+
+ // the elements we run through the combining algorithm
+ private List children;
+
+ // any obligations held by this policy
+ private Set obligations;
+
+ // the logger we'll use for all messages
+ private static final Logger logger =
+ Logger.getLogger(AbstractPolicy.class.getName());
+
+ /**
+ * Constructor used by <code>PolicyReference</code>, which supplies
+ * its own values for the methods in this class.
+ */
+ protected AbstractPolicy() {
+
+ }
+
+ /**
+ * Constructor used to create a policy from concrete components.
+ *
+ * @param id the policy id
+ * @param combiningAlg the combining algorithm to use
+ * @param description describes the policy or null if there is none
+ * @param target the policy's target
+ */
+ protected AbstractPolicy(URI id, CombiningAlgorithm combiningAlg,
+ String description, Target target) {
+ this(id, combiningAlg, description, target, null);
+ }
+
+ /**
+ * Constructor used to create a policy from concrete components.
+ *
+ * @param id the policy id
+ * @param combiningAlg the combining algorithm to use
+ * @param description describes the policy or null if there is none
+ * @param target the policy's target
+ * @param defaultVersion the XPath version to use for selectors
+ */
+ protected AbstractPolicy(URI id, CombiningAlgorithm combiningAlg,
+ String description, Target target,
+ String defaultVersion) {
+ this(id, combiningAlg, description, target, defaultVersion, null);
+ }
+
+ /**
+ * Constructor used to create a policy from concrete components.
+ *
+ * @param id the policy id
+ * @param combiningAlg the combining algorithm to use
+ * @param description describes the policy or null if there is none
+ * @param target the policy's target
+ * @param defaultVersion the XPath version to use for selectors
+ * @param obligations the policy's obligations
+ */
+ protected AbstractPolicy(URI id, CombiningAlgorithm combiningAlg,
+ String description, Target target,
+ String defaultVersion, Set obligations) {
+ idAttr = id;
+ this.combiningAlg = combiningAlg;
+ this.description = description;
+ this.target = target;
+ this.defaultVersion = defaultVersion;
+
+ if (obligations == null)
+ this.obligations = Collections.EMPTY_SET;
+ else
+ this.obligations = Collections.
+ unmodifiableSet(new HashSet(obligations));
+ }
+
+ /**
+ * Constructor used by child classes to initialize the shared data from
+ * a DOM root node.
+ *
+ * @param root the DOM root of the policy
+ * @param policyPrefix either "Policy" or "PolicySet"
+ * @param combiningName name of the field naming the combining alg
+ *
+ * @throws ParsingException if the policy is invalid
+ */
+ protected AbstractPolicy(Node root, String policyPrefix,
+ String combiningName) throws ParsingException {
+ // get the attributes, all of which are common to Policies
+ NamedNodeMap attrs = root.getAttributes();
+
+ try {
+ // get the attribute Id
+ idAttr = new URI(attrs.getNamedItem(policyPrefix + "Id").
+ getNodeValue());
+ } catch (Exception e) {
+ throw new ParsingException("Error parsing required attribute " +
+ policyPrefix + "Id", e);
+ }
+
+ // now get the combining algorithm...
+ try {
+ URI algId = new URI(attrs.getNamedItem(combiningName).
+ getNodeValue());
+ CombiningAlgFactory factory = CombiningAlgFactory.getInstance();
+ combiningAlg = factory.createAlgorithm(algId);
+ } catch (Exception e) {
+ throw new ParsingException("Error parsing combining algorithm" +
+ " in " + policyPrefix, e);
+ }
+
+ // ...and make sure it's the right kind
+ if (policyPrefix.equals("Policy")) {
+ if (! (combiningAlg instanceof RuleCombiningAlgorithm))
+ throw new ParsingException("Policy must use a Rule " +
+ "Combining Algorithm");
+ } else {
+ if (! (combiningAlg instanceof PolicyCombiningAlgorithm))
+ throw new ParsingException("PolicySet must use a Policy " +
+ "Combining Algorithm");
+ }
+
+ obligations = new HashSet();
+
+ // now read the policy elements
+ NodeList children = root.getChildNodes();
+ for (int i = 0; i < children.getLength(); i++) {
+ Node child = children.item(i);
+ String cname = child.getNodeName();
+
+ if (cname.equals("Description")) {
+ description = child.getFirstChild().getNodeValue();
+ } else if (cname.equals("Target")) {
+ target = Target.getInstance(child, defaultVersion);
+ } else if (cname.equals("Obligations")) {
+ parseObligations(child);
+ } else if (cname.equals(policyPrefix + "Defaults")) {
+ handleDefaults(child);
+ }
+ }
+
+ // finally, make sure the set of obligations is immutable
+ obligations = Collections.unmodifiableSet(obligations);
+ }
+
+ /**
+ * Helper routine to parse the obligation data
+ */
+ private void parseObligations(Node root) throws ParsingException {
+ NodeList nodes = root.getChildNodes();
+
+ for (int i = 0; i < nodes.getLength(); i++) {
+ Node node = nodes.item(i);
+ if (node.getNodeName().equals("Obligation"))
+ obligations.add(Obligation.getInstance(node));
+ }
+ }
+
+ /**
+ * There used to be multiple things in the defaults type, but now
+ * there's just the one string that must be a certain value, so it
+ * doesn't seem all that useful to have a class for this...we could
+ * always bring it back, however, if it started to do more
+ */
+ private void handleDefaults(Node root) throws ParsingException {
+ defaultVersion = null;
+ NodeList nodes = root.getChildNodes();
+
+ for (int i = 0; i < nodes.getLength(); i++) {
+ Node node = nodes.item(i);
+ if (node.getNodeName().equals("XPathVersion")) {
+ defaultVersion = node.getFirstChild().getNodeValue();
+ if (! defaultVersion.equals(XPATH_1_0_VERSION)) {
+ throw new ParsingException("Unknown XPath version");
+ }
+ }
+ }
+ }
+
+ /**
+ * Returns the id of this policy
+ *
+ * @return the policy id
+ */
+ public URI getId() {
+ return idAttr;
+ }
+
+ /**
+ * Returns the combining algorithm used by this policy
+ *
+ * @return the combining algorithm
+ */
+ public CombiningAlgorithm getCombiningAlg() {
+ return combiningAlg;
+ }
+
+ /**
+ * Returns the given description of this policy or null if there is no
+ * description
+ *
+ * @return the description or null
+ */
+ public String getDescription() {
+ return description;
+ }
+
+ /**
+ * Returns the target for this policy
+ *
+ * @return the policy's target
+ */
+ public Target getTarget() {
+ return target;
+ }
+
+ /**
+ * Returns the XPath version to use or null if none was specified
+ *
+ * @return XPath version or null
+ */
+ public String getDefaultVersion() {
+ return defaultVersion;
+ }
+
+ /**
+ * Returns the <code>List</code> of children under this node in the
+ * policy tree. Depending on what kind of policy this node represents
+ * the children will either be <code>AbstractPolicy</code> objects
+ * or <code>Rule</code>s.
+ *
+ * @return a <code>List</code> of child nodes
+ */
+ public List getChildren() {
+ return children;
+ }
+
+ /**
+ * Returns the Set of obligations for this policy, which may be empty
+ *
+ * @return the policy's obligations
+ */
+ public Set getObligations() {
+ return obligations;
+ }
+
+ /**
+ * Given the input context sees whether or not the request matches this
+ * policy. This must be called by combining algorithms before they
+ * evaluate a policy. This is also used in the initial policy finding
+ * operation to determine which top-level policies might apply to the
+ * request.
+ *
+ * @param context the representation of the request
+ *
+ * @return the result of trying to match the policy and the request
+ */
+ public MatchResult match(EvaluationCtx context) {
+ return target.match(context);
+ }
+
+ /**
+ * Sets the child policy tree elements for this node, which are passed
+ * to the combining algorithm on evaluation. The <code>List</code> must
+ * contain <code>Rule</code>s or <code>AbstractPolicy</code>s, but may
+ * not contain both types of elements.
+ *
+ * @param children the child elements used by the combining algorithm
+ */
+ protected void setChildren(List children) {
+ // we always want a concrete list, since we're going to pass it to
+ // a combiner that expects a non-null input
+ if (children == null) {
+ this.children = Collections.EMPTY_LIST;
+ } else {
+ // NOTE: since this is only getting called by known child
+ // classes we don't check that the types are all the same
+ this.children = Collections.unmodifiableList(children);
+ }
+ }
+
+ /**
+ * Tries to evaluate the policy by calling the combining algorithm on
+ * the given policies or rules. The <code>match</code> method must always
+ * be called first, and must always return MATCH, before this method
+ * is called.
+ *
+ * @param context the representation of the request
+ *
+ * @return the result of evaluation
+ */
+ public Result evaluate(EvaluationCtx context) {
+ // evaluate
+ Result result = combiningAlg.combine(context, children);
+
+ // if we have no obligations, we're done
+ if (obligations.size() == 0)
+ return result;
+
+ // now, see if we should add any obligations to the set
+ int effect = result.getDecision();
+
+ if ((effect == Result.DECISION_INDETERMINATE) ||
+ (effect == Result.DECISION_NOT_APPLICABLE)) {
+ // we didn't permit/deny, so we never return obligations
+ return result;
+ }
+
+ Iterator it = obligations.iterator();
+ while (it.hasNext()) {
+ Obligation obligation = (Obligation)(it.next());
+ if (obligation.getFulfillOn() == effect)
+ result.addObligation(obligation);
+ }
+
+ // finally, return the result
+ return result;
+ }
+
+ /**
+ * Routine used by <code>Policy</code> and <code>PolicySet</code> to
+ * encode some common elements.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ * @param indenter an object that creates indentation strings
+ */
+ protected void encodeCommonElements(OutputStream output,
+ Indenter indenter) {
+ target.encode(output, indenter);
+
+ Iterator it = children.iterator();
+ while (it.hasNext()) {
+ ((PolicyTreeElement)(it.next())).encode(output, indenter);
+ }
+
+ if (obligations.size() != 0) {
+ PrintStream out = new PrintStream(output);
+ String indent = indenter.makeString();
+
+ out.println(indent + "<Obligations>");
+ indenter.in();
+
+ it = obligations.iterator();
+ while (it.hasNext()) {
+ ((Obligation)(it.next())).encode(output, indenter);
+ }
+
+ out.println(indent + "</Obligations>");
+ indenter.out();
+ }
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/BasicEvaluationCtx.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/BasicEvaluationCtx.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/BasicEvaluationCtx.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,669 @@
+
+/*
+ * @(#)BasicEvaluationCtx.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml;
+
+import com.sun.xacml.attr.AttributeDesignator;
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.BagAttribute;
+import com.sun.xacml.attr.DateAttribute;
+import com.sun.xacml.attr.DateTimeAttribute;
+import com.sun.xacml.attr.StringAttribute;
+import com.sun.xacml.attr.TimeAttribute;
+
+import com.sun.xacml.cond.EvaluationResult;
+
+import com.sun.xacml.ctx.Attribute;
+import com.sun.xacml.ctx.RequestCtx;
+import com.sun.xacml.ctx.Status;
+import com.sun.xacml.ctx.Subject;
+
+import com.sun.xacml.finder.AttributeFinder;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * A basic implementation of <code>EvaluationCtx</code> that is created from
+ * an XACML Request and falls back on an AttributeFinder if a requested
+ * value isn't available in the Request.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class BasicEvaluationCtx implements EvaluationCtx
+{
+ // the finder to use if a value isn't in the request
+ private AttributeFinder finder;
+
+ // the DOM root the original RequestContext document
+ private Node requestRoot;
+
+ // the 4 maps that contain the attribute data
+ private HashMap subjectMap;
+ private HashMap resourceMap;
+ private HashMap actionMap;
+ private HashMap environmentMap;
+
+ // the resource and its scope
+ private AttributeValue resourceId;
+ private int scope;
+
+ // the cached current date, time, and datetime, which we may or may
+ // not be using depending on how this object was constructed
+ private DateAttribute currentDate;
+ private TimeAttribute currentTime;
+ private DateTimeAttribute currentDateTime;
+ private boolean useCachedEnvValues;
+
+ // the logger we'll use for all messages
+ private static final Logger logger =
+ Logger.getLogger(BasicEvaluationCtx.class.getName());
+
+ /**
+ * Constructs a new <code>BasicEvaluationCtx</code> based on the given
+ * request. The resulting context will cache current date, time, and
+ * dateTime values so they remain constant for this evaluation.
+ *
+ * @param request the request
+ *
+ * @throws ParsingException if a required attribute is missing, or if
there
+ * are any problems dealing with the request
data
+ */
+ public BasicEvaluationCtx(RequestCtx request) throws ParsingException {
+ this(request, null, true);
+ }
+
+ /**
+ * Constructs a new <code>BasicEvaluationCtx</code> based on the given
+ * request.
+ *
+ * @param request the request
+ * @param cacheEnvValues whether or not to cache the current time, date,
+ * and dateTime so they are constant for the scope
+ * of this evaluation
+ *
+ * @throws ParsingException if a required attribute is missing, or if
there
+ * are any problems dealing with the request
data
+ */
+ public BasicEvaluationCtx(RequestCtx request, boolean cacheEnvValues)
+ throws ParsingException
+ {
+ this(request, null, cacheEnvValues);
+ }
+
+ /**
+ * Constructs a new <code>BasicEvaluationCtx</code> based on the given
+ * request, and supports looking outside the original request for
attribute
+ * values using the <code>AttributeFinder</code>. The resulting context
+ * will cache current date, time, and dateTime values so they remain
+ * constant for this evaluation.
+ *
+ * @param request the request
+ * @param finder an <code>AttributeFinder</code> to use in looking for
+ * attributes that aren't in the request
+ *
+ * @throws ParsingException if a required attribute is missing, or if
there
+ * are any problems dealing with the request
data
+ */
+ public BasicEvaluationCtx(RequestCtx request, AttributeFinder finder)
+ throws ParsingException
+ {
+ this(request, finder, true);
+ }
+
+ /**
+ * Constructs a new <code>BasicEvaluationCtx</code> based on the given
+ * request, and supports looking outside the original request for
attribute
+ * values using the <code>AttributeFinder</code>.
+ *
+ * @param request the request
+ * @param finder an <code>AttributeFinder</code> to use in looking for
+ * attributes that aren't in the request
+ * @param cacheEnvValues whether or not to cache the current time, date,
+ * and dateTime so they are constant for the scope
+ * of this evaluation
+ *
+ * @throws ParsingException if a required attribute is missing, or if
there
+ * are any problems dealing with the request
data
+ */
+ public BasicEvaluationCtx(RequestCtx request, AttributeFinder finder,
+ boolean cacheEnvValues) throws
ParsingException {
+ // keep track of the finder
+ this.finder = finder;
+
+ // remember the root of the DOM tree for XPath queries
+ requestRoot = request.getDocumentRoot();
+
+ // initialize the cached date/time values so it's clear we haven't
+ // retrieved them yet
+ this.useCachedEnvValues = cacheEnvValues;
+ currentDate = null;
+ currentTime = null;
+ currentDateTime = null;
+
+ // get the subjects, make sure they're correct, and setup tables
+ subjectMap = new HashMap();
+ setupSubjects(request.getSubjects());
+
+ // next look at the Resource data, which needs to be handled
specially
+ resourceMap = new HashMap();
+ setupResource(request.getResource());
+
+ // setup the action data, which is generic
+ actionMap = new HashMap();
+ mapAttributes(request.getAction(), actionMap);
+
+ // finally, set up the environment data, which is also generic
+ environmentMap = new HashMap();
+ mapAttributes(request.getEnvironmentAttributes(), environmentMap);
+ }
+
+ /**
+ * This is quick helper function to provide a little structure for the
+ * subject attributes so we can search for them (somewhat) quickly. The
+ * basic idea is to have a map indexed by SubjectCategory that keeps
+ * Maps that in turn are indexed by id and keep the unique ctx.Attribute
+ * objects.
+ */
+ private void setupSubjects(Set subjects) throws ParsingException {
+ // make sure that there is at least one Subject
+ if (subjects.size() == 0)
+ throw new ParsingException("Request must a contain subject");
+
+ // now go through the subject attributes
+ Iterator it = subjects.iterator();
+ while (it.hasNext()) {
+ Subject subject = (Subject)(it.next());
+
+ URI category = subject.getCategory();
+ Map categoryMap = null;
+
+ // see if we've already got a map for the category
+ if (subjectMap.containsKey(category)) {
+ categoryMap = (Map)(subjectMap.get(category));
+ } else {
+ categoryMap = new HashMap();
+ subjectMap.put(category, categoryMap);
+ }
+
+ // iterate over the set of attributes
+ Iterator attrIterator = subject.getAttributes().iterator();
+
+ while (attrIterator.hasNext()) {
+ Attribute attr = (Attribute)(attrIterator.next());
+ String id = attr.getId().toString();
+
+ if (categoryMap.containsKey(id)) {
+ // add to the existing set of Attributes w/this id
+ Set existingIds = (Set)(categoryMap.get(id));
+ existingIds.add(attr);
+ } else {
+ // this is the first Attr w/this id
+ HashSet newIds = new HashSet();
+ newIds.add(attr);
+ categoryMap.put(id, newIds);
+ }
+ }
+ }
+ }
+
+ /**
+ * This basically does the same thing that the other types need
+ * to do, except that we also look for a resource-id attribute, not
+ * because we're going to use, but only to make sure that it's actually
+ * there, and for the optional scope attribute, to see what the scope
+ * of the attribute is
+ */
+ private void setupResource(Set resource) throws ParsingException {
+ mapAttributes(resource, resourceMap);
+
+ // make sure there resource-id attribute was included
+ if (! resourceMap.containsKey(RESOURCE_ID)) {
+ System.err.println("Resource must contain resource-id attr");
+ throw new ParsingException("resource missing resource-id");
+ } else {
+ // make sure there's only one value for this
+ Set set = (Set)(resourceMap.get(RESOURCE_ID));
+ if (set.size() > 1) {
+ System.err.println("Resource may contain only one " +
+ "resource-id Attribute");
+ throw new ParsingException("too many resource-id attrs");
+ } else {
+ // keep track of the resource-id attribute
+ resourceId = ((Attribute)(set.iterator().next())).getValue();
+ }
+ }
+
+ // see if a resource-scope attribute was included
+ if (resourceMap.containsKey(RESOURCE_SCOPE)) {
+ Set set = (Set)(resourceMap.get(RESOURCE_SCOPE));
+
+ // make sure there's only one value for resource-scope
+ if (set.size() > 1) {
+ System.err.println("Resource may contain only one " +
+ "resource-scope Attribute");
+ throw new ParsingException("too many resource-scope attrs");
+ }
+
+ Attribute attr = (Attribute)(set.iterator().next());
+ AttributeValue attrValue = attr.getValue();
+
+ // scope must be a string, so throw an exception otherwise
+ if (! attrValue.getType().toString().
+ equals(StringAttribute.identifier))
+ throw new ParsingException("scope attr must be a string");
+
+ String value = ((StringAttribute)attrValue).getValue();
+
+ if (value.equals("Immediate")) {
+ scope = SCOPE_IMMEDIATE;
+ } else if (value.equals("Children")) {
+ scope = SCOPE_CHILDREN;
+ } else if (value.equals("Descendants")) {
+ scope = SCOPE_DESCENDANTS;
+ } else {
+ System.err.println("Unknown scope type: " + value);
+ throw new ParsingException("invalid scope type: " + value);
+ }
+ } else {
+ // by default, the scope is always Immediate
+ scope = SCOPE_IMMEDIATE;
+ }
+ }
+
+ /**
+ * Generic routine for resource, attribute and environment attributes
+ * to build the lookup map for each. The Form is a Map that is indexed
+ * by the String form of the attribute ids, and that contains Sets at
+ * each entry with all attributes that have that id
+ */
+ private void mapAttributes(Set input, Map output) {
+ Iterator it = input.iterator();
+ while (it.hasNext()) {
+ Attribute attr = (Attribute)(it.next());
+ String id = attr.getId().toString();
+
+ if (output.containsKey(id)) {
+ Set set = (Set)(output.get(id));
+ set.add(attr);
+ } else {
+ Set set = new HashSet();
+ set.add(attr);
+ output.put(id, set);
+ }
+ }
+ }
+
+ /**
+ * Returns the <code>AttributeFinder</code> used by this context. Note
+ * that this is a deprecated method and will be removed in the next
+ * major release.
+ *
+ * @return the <code>AttributeFinder</code>
+ */
+ public AttributeFinder getAttributeFinder() {
+ return finder;
+ }
+
+ /**
+ * Returns the DOM root of the original RequestType XML document.
+ *
+ * @return the DOM root node
+ */
+ public Node getRequestRoot() {
+ return requestRoot;
+ }
+
+ /**
+ * Returns the resource named in the request as resource-id.
+ *
+ * @return the resource
+ */
+ public AttributeValue getResourceId() {
+ return resourceId;
+ }
+
+ /**
+ * Returns the resource scope of the request, which will be one of the
+ * three fields denoting Immediate, Children, or Descendants.
+ *
+ * @return the scope of the resource in the request
+ */
+ public int getScope() {
+ return scope;
+ }
+
+ /**
+ * Changes the value of the resource-id attribute in this context. This
+ * is useful when you have multiple resources (ie, a scope other than
+ * IMMEDIATE), and you need to keep changing only the resource-id to
+ * evaluate the different effective requests.
+ *
+ * @param resourceId the new resource-id value
+ */
+ public void setResourceId(AttributeValue resourceId) {
+ this.resourceId = resourceId;
+
+ // there will always be exactly one value for this attribute
+ Set attrSet = (Set)(resourceMap.get(RESOURCE_ID));
+ Attribute attr = (Attribute)(attrSet.iterator().next());
+
+ // remove the old value...
+ attrSet.remove(attr);
+
+ // ...and insert the new value
+ attrSet.add(new Attribute(attr.getId(), attr.getIssuer(),
+ attr.getIssueInstant(), resourceId));
+ }
+
+ /**
+ * Returns the cached value for the current time. If The value has never
+ * been set by a call to <code>setCurrentTime</code>, or if caching is
+ * not enabled in this instance, then this will return null. Note that
this
+ * only applies to dynamically resolved values, not those supplied in the
+ * Request.
+ *
+ * @return the current time or null
+ */
+ public TimeAttribute getCurrentTime() {
+ return currentTime;
+ }
+
+ /**
+ * Sets the current time for this evaluation. If caching is not enabled
+ * for this instance then the value is ignored.
+ *
+ * @param currentTime the dynamically resolved current time
+ */
+ public void setCurrentTime(TimeAttribute currentTime) {
+ if (useCachedEnvValues)
+ this.currentTime = currentTime;
+ }
+
+ /**
+ * Returns the cached value for the current date. If The value has never
+ * been set by a call to <code>setCurrentDate</code>, or if caching is
+ * not enabled in this instance, then this will return null. Note that
this
+ * only applies to dynamically resolved values, not those supplied in the
+ * Request.
+ *
+ * @return the current date or null
+ */
+ public DateAttribute getCurrentDate() {
+ return currentDate;
+ }
+
+ /**
+ * Sets the current date for this evaluation. If caching is not enabled
+ * for this instance then the value is ignored.
+ *
+ * @param currentDate the dynamically resolved current date
+ */
+ public void setCurrentDate(DateAttribute currentDate) {
+ if (useCachedEnvValues)
+ this.currentDate = currentDate;
+ }
+
+ /**
+ * Returns the cached value for the current dateTime. If The value has
+ * never been set by a call to <code>setCurrentDateTime</code>, or if
+ * caching is not enabled in this instance, then this will return null.
+ * Note that this only applies to dynamically resolved values, not those
+ * supplied in the Request.
+ *
+ * @return the current date or null
+ */
+ public DateTimeAttribute getCurrentDateTime() {
+ return currentDateTime;
+ }
+
+ /**
+ * Sets the current dateTime for this evaluation. If caching is not
enabled
+ * for this instance then the value is ignored.
+ *
+ * @param currentDateTime the dynamically resolved current dateTime
+ */
+ public void setCurrentDateTime(DateTimeAttribute currentDateTime) {
+ if (useCachedEnvValues)
+ this.currentDateTime = currentDateTime;
+ }
+
+ /**
+ * Returns attribute value(s) from the subject section of the request
+ * that have no issuer.
+ *
+ * @param type the type of the attribute value(s) to find
+ * @param id the id of the attribute value(s) to find
+ * @param category the category the attribute value(s) must be in
+ *
+ * @return a result containing a bag either empty because no values were
+ * found or containing at least one value, or status associated with an
+ * Indeterminate result
+ */
+ public EvaluationResult getSubjectAttribute(URI type, URI id,
+ URI category) {
+ return getSubjectAttribute(type, id, null, category);
+ }
+
+ /**
+ * Returns attribute value(s) from the subject section of the request.
+ *
+ * @param type the type of the attribute value(s) to find
+ * @param id the id of the attribute value(s) to find
+ * @param issuer the issuer of the attribute value(s) to find or null
+ * @param category the category the attribute value(s) must be in
+ *
+ * @return a result containing a bag either empty because no values were
+ * found or containing at least one value, or status associated with an
+ * Indeterminate result
+ */
+ public EvaluationResult getSubjectAttribute(URI type, URI id, URI issuer,
+ URI category) {
+ // This is the same as the other three lookups except that this
+ // has an extra level of indirection that needs to be handled first
+ Map map = (Map)(subjectMap.get(category));
+
+ if (map == null) {
+ // the request didn't have that category, so we should try asking
+ // the attribute finder
+ return callHelper(type, id, issuer, category,
+ AttributeDesignator.SUBJECT_TARGET);
+ }
+
+ return getGenericAttributes(type, id, issuer, map, category,
+ AttributeDesignator.SUBJECT_TARGET);
+ }
+
+ /**
+ * Returns attribute value(s) from the resource section of the request.
+ *
+ * @param type the type of the attribute value(s) to find
+ * @param id the id of the attribute value(s) to find
+ * @param issuer the issuer of the attribute value(s) to find or null
+ *
+ * @return a result containing a bag either empty because no values were
+ * found or containing at least one value, or status associated with an
+ * Indeterminate result
+ */
+ public EvaluationResult getResourceAttribute(URI type, URI id,
+ URI issuer) {
+ return getGenericAttributes(type, id, issuer, resourceMap, null,
+ AttributeDesignator.RESOURCE_TARGET);
+ }
+
+ /**
+ * Returns attribute value(s) from the action section of the request.
+ *
+ * @param type the type of the attribute value(s) to find
+ * @param id the id of the attribute value(s) to find
+ * @param issuer the issuer of the attribute value(s) to find or null
+ *
+ * @return a result containing a bag either empty because no values were
+ * found or containing at least one value, or status associated with an
+ * Indeterminate result
+ */
+ public EvaluationResult getActionAttribute(URI type, URI id, URI issuer)
{
+ return getGenericAttributes(type, id, issuer, actionMap, null,
+ AttributeDesignator.ACTION_TARGET);
+ }
+
+ /**
+ * Returns attribute value(s) from the environment section of the
request.
+ *
+ * @param type the type of the attribute value(s) to find
+ * @param id the id of the attribute value(s) to find
+ * @param issuer the issuer of the attribute value(s) to find or null
+ *
+ * @return a result containing a bag either empty because no values were
+ * found or containing at least one value, or status associated with an
+ * Indeterminate result
+ */
+ public EvaluationResult getEnvironmentAttribute(URI type, URI id,
+ URI issuer) {
+ return getGenericAttributes(type, id, issuer, environmentMap, null,
+ AttributeDesignator.ENVIRONMENT_TARGET);
+ }
+
+ /**
+ * Helper function for the resource, action and environment methods
+ * to get an attribute.
+ */
+ private EvaluationResult getGenericAttributes(URI type, URI id, URI
issuer,
+ Map map, URI category,
+ int designatorType) {
+ // try to find the id
+ Set attrSet = (Set)(map.get(id.toString()));
+ if (attrSet == null) {
+ // the request didn't have an attribute with that id, so we
should
+ // try asking the attribute finder
+ return callHelper(type, id, issuer, category, designatorType);
+ }
+
+ // now go through each, considering each Attribute object
+ List attributes = new ArrayList();
+ Iterator it = attrSet.iterator();
+
+ while (it.hasNext()) {
+ Attribute attr = (Attribute)(it.next());
+
+ // make sure the type and issuer are correct
+ if ((attr.getType().equals(type)) &&
+ ((issuer == null) ||
+ ((attr.getIssuer() != null) &&
+ (attr.getIssuer().equals(issuer.toString()))))) {
+
+ // if we got here, then we found a match, so we want to pull
+ // out the values and put them in out list
+ attributes.add(attr.getValue());
+ }
+ }
+
+ // see if we found any acceptable attributes
+ if (attributes.size() == 0) {
+ // we failed to find any that matched the type/issuer, or all the
+ // Attribute types were empty...so ask the finder
+ if (logger.isLoggable(Level.FINE))
+ logger.fine("Attribute not in request: " + id.toString() +
+ " ... querying AttributeFinder");
+
+ return callHelper(type, id, issuer, category, designatorType);
+ }
+
+ // if we got here, then we found at least one useful AttributeValue
+ return new EvaluationResult(new BagAttribute(type, attributes));
+ }
+
+ /**
+ * Private helper that calls the finder if it's non-null, or else returns
+ * an empty bag
+ */
+ private EvaluationResult callHelper(URI type, URI id, URI issuer,
+ URI category, int adType) {
+ if (finder != null) {
+ return finder.findAttribute(type, id, issuer, category,
+ this, adType);
+ } else {
+ logger.warning("Context tried to invoke AttributeFinder but was
" +
+ "not configured with one");
+
+ return new EvaluationResult(BagAttribute.createEmptyBag(type));
+ }
+ }
+
+ /**
+ * Returns the attribute value(s) retrieved using the given XPath
+ * expression.
+ *
+ * @param contextPath the XPath expression to search
+ * @param namespaceNode the DOM node defining namespace mappings to use,
+ * or null if mappings come from the context root
+ * @param type the type of the attribute value(s) to find
+ * @param xpathVersion the version of XPath to use
+ *
+ * @return a result containing a bag either empty because no values were
+ * found or containing at least one value, or status associated with an
+ * Indeterminate result
+ */
+ public EvaluationResult getAttribute(String contextPath,
+ Node namespaceNode, URI type,
+ String xpathVersion) {
+ if (finder != null) {
+ return finder.findAttribute(contextPath, namespaceNode, type,
this,
+ xpathVersion);
+ } else {
+ logger.warning("Context tried to invoke AttributeFinder but was
" +
+ "not configured with one");
+
+ return new EvaluationResult(BagAttribute.createEmptyBag(type));
+ }
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/ConfigurationStore.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/ConfigurationStore.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/ConfigurationStore.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,938 @@
+
+/*
+ * @(#)ConfigurationStore.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml;
+
+import com.sun.xacml.attr.AttributeFactory;
+import com.sun.xacml.attr.AttributeFactoryProxy;
+import com.sun.xacml.attr.AttributeProxy;
+import com.sun.xacml.attr.BaseAttributeFactory;
+import com.sun.xacml.attr.StandardAttributeFactory;
+
+import com.sun.xacml.combine.BaseCombiningAlgFactory;
+import com.sun.xacml.combine.CombiningAlgFactory;
+import com.sun.xacml.combine.CombiningAlgFactoryProxy;
+import com.sun.xacml.combine.CombiningAlgorithm;
+import com.sun.xacml.combine.StandardCombiningAlgFactory;
+
+import com.sun.xacml.cond.BaseFunctionFactory;
+import com.sun.xacml.cond.BasicFunctionFactoryProxy;
+import com.sun.xacml.cond.Function;
+import com.sun.xacml.cond.FunctionProxy;
+import com.sun.xacml.cond.FunctionFactory;
+import com.sun.xacml.cond.FunctionFactoryProxy;
+import com.sun.xacml.cond.StandardFunctionFactory;
+
+import com.sun.xacml.cond.cluster.FunctionCluster;
+
+import com.sun.xacml.finder.AttributeFinder;
+import com.sun.xacml.finder.PolicyFinder;
+import com.sun.xacml.finder.ResourceFinder;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+
+import java.lang.reflect.Constructor;
+import java.lang.reflect.InvocationTargetException;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.xml.sax.SAXException;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+
+/**
+ * This class supports run-time loading of configuration data. It loads the
+ * configurations from an XML file that conforms to the configuration schema.
+ * By design this class does not get used automatically, nor does it change
+ * the state of the system directly. A programmer must choose to support this
+ * mechanism in their program, and then must explicitly use loaded elements.
+ * This way, the programmer still has full control over their security model,
+ * but also has the convenience of re-using a common configuration
+ * mechanism. See http://sunxacml.sourceforge.net/schema/config-0.3.xsd for
+ * the valid schema.
+ * 
+ * Note that becuase this doesn't tie directly into the rest of the code, you
+ * are still free to design your own run-time configuration mechanisms. This
+ * is simply provided as a convenience, and so that all programmers can start
+ * from a common point.
+ * 
+ * NOTE: The name of this class, its interfaces, and they way it interacts
+ * with the rest of the code is currently unstable, so expect some changes
+ * between now and the next release.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class ConfigurationStore
+{
+
+ /**
+ * Property used to specify the configuration file.
+ */
+ public static final String PDP_CONFIG_PROPERTY =
+ "com.sun.xacml.PDPConfigFile";
+
+ // pdp elements
+ private PDPConfig defaultPDPConfig;
+ private HashMap pdpConfigMap;
+
+ // attribute factory elements
+ private AttributeFactory defaultAttributeFactory;
+ private HashMap attributeMap;
+
+ // combining algorithm factory elements
+ private CombiningAlgFactory defaultCombiningFactory;
+ private HashMap combiningMap;
+
+ // function factory elements
+ private FunctionFactoryProxy defaultFunctionFactoryProxy;
+ private HashMap functionMap;
+
+ // the logger we'll use for all messages
+ private static final Logger logger =
+ Logger.getLogger(ConfigurationStore.class.getName());
+
+ /**
+ * Default constructor. This constructor uses the
+ * <code>PDP_CONFIG_PROPERTY</code> property to load the configuration.
+ * If the property isn't set, if it names a file that can't be accessed,
+ * or if the file is invalid, then an exception is thrown.
+ *
+ * @throws ParsingException if anything goes wrong during the parsing
+ * of the configuration file, the class loading,
+ * or the factory and pdp setup
+ */
+ public ConfigurationStore() throws ParsingException {
+ String configFile = System.getProperty(PDP_CONFIG_PROPERTY);
+
+ // make sure that the right property was set
+ if (configFile == null) {
+ logger.severe("A property defining a config file was expected, "
+
+ "but none was provided");
+
+ throw new ParsingException("Config property " +
+ PDP_CONFIG_PROPERTY +
+ " needs to be set");
+ }
+
+ try {
+ setupConfig(new File(configFile));
+ } catch (ParsingException pe) {
+ logger.log(Level.SEVERE, "Runtime config file couldn't be
loaded" +
+ " so no configurations will be available", pe);
+ throw pe;
+ }
+ }
+
+ /**
+ * Constructor that explicitly specifies the configuration file to load.
+ * This is useful if your security model doesn't allow the use of
+ * properties, if you don't want to use a property to specify a
+ * configuration file, or if you want to use more then one configuration
+ * file. If the file can't be accessed, or if the file is invalid, then
+ * an exception is thrown.
+ *
+ * @throws ParsingException if anything goes wrong during the parsing
+ * of the configuration file, the class loading,
+ * or the factory and pdp setup
+ */
+ public ConfigurationStore(File configFile) throws ParsingException {
+ try {
+ setupConfig(configFile);
+ } catch (ParsingException pe) {
+ logger.log(Level.SEVERE, "Runtime config file couldn't be
loaded" +
+ " so no configurations will be available", pe);
+ throw pe;
+ }
+ }
+
+ /**
+ * Private helper function used by both constructors to actually load the
+ * configuration data. This is the root of several private methods used
+ * to setup all the pdps and factories.
+ */
+ private void setupConfig(File configFile) throws ParsingException {
+ logger.config("Loading runtime configuration");
+
+ // get the root node from the configuration file
+ Node root = getRootNode(configFile);
+
+ // initialize all the maps
+ pdpConfigMap = new HashMap();
+ attributeMap = new HashMap();
+ combiningMap = new HashMap();
+ functionMap = new HashMap();
+
+ // get the default names
+ NamedNodeMap attrs = root.getAttributes();
+ String defaultPDP = attrs.getNamedItem("defaultPDP").getNodeValue();
+ String defaultAF = attrs.getNamedItem("defaultAttributeFactory").
+ getNodeValue();
+ String defaultCAF = attrs.getNamedItem("defaultCombiningAlgFactory").
+ getNodeValue();
+ String defaultFF = attrs.getNamedItem("defaultFunctionFactory").
+ getNodeValue();
+
+ // loop through all the root-level elements, for each one getting its
+ // name and then loading the right kind of element
+ NodeList children = root.getChildNodes();
+ for (int i = 0; i < children.getLength(); i++) {
+ Node child = children.item(i);
+ String childName = child.getNodeName();
+ String elementName = null;
+
+ // get the element's name
+ if (child.getNodeType() == Node.ELEMENT_NODE)
+ elementName = child.getAttributes().
+ getNamedItem("name").getNodeValue();
+
+ // see if this is a pdp or a factory, and load accordingly,
+ // putting the new element into the respective map...make sure
+ // that we're never loading something with the same name twice
+ if (childName.equals("pdp")) {
+ if (logger.isLoggable(Level.CONFIG))
+ logger.config("Loading PDP: " + elementName);
+ if (pdpConfigMap.containsKey(elementName))
+ throw new ParsingException("more that one pdp with " +
+ "name \"" + elementName
+"\"");
+ pdpConfigMap.put(elementName, parsePDPConfig(child));
+ } else if (childName.equals("attributeFactory")) {
+ if (logger.isLoggable(Level.CONFIG))
+ logger.config("Loading AttributeFactory: " +
elementName);
+ if (attributeMap.containsKey(elementName))
+ throw new ParsingException("more that one " +
+ "attributeFactory with name "
+
+ elementName +"\"");
+ attributeMap.put(elementName, parseAttributeFactory(child));
+ } else if (childName.equals("combiningAlgFactory")) {
+ if (logger.isLoggable(Level.CONFIG))
+ logger.config("Loading CombiningAlgFactory: " +
+ elementName);
+ if (combiningMap.containsKey(elementName))
+ throw new ParsingException("more that one " +
+ "combiningAlgFactory with " +
+ "name \"" + elementName
+"\"");
+ combiningMap.put(elementName,
parseCombiningAlgFactory(child));
+ } else if (childName.equals("functionFactory")) {
+ if (logger.isLoggable(Level.CONFIG))
+ logger.config("Loading FunctionFactory: " + elementName);
+ if (functionMap.containsKey(elementName))
+ throw new ParsingException("more that one
functionFactory"
+ + " with name \"" +
+ elementName +"\"");
+ functionMap.put(elementName, parseFunctionFactory(child));
+ }
+ }
+
+ // finally, extract the default elements
+ defaultPDPConfig = (PDPConfig)(pdpConfigMap.get(defaultPDP));
+ defaultAttributeFactory = (AttributeFactory)
+ (attributeMap.get(defaultAF));
+ defaultCombiningFactory = (CombiningAlgFactory)
+ (combiningMap.get(defaultCAF));
+ defaultFunctionFactoryProxy = (FunctionFactoryProxy)
+ (functionMap.get(defaultFF));
+ }
+
+ /**
+ * Private helper that parses the file and sets up the DOM tree.
+ */
+ private Node getRootNode(File configFile) throws ParsingException {
+ DocumentBuilderFactory dbFactory =
+ DocumentBuilderFactory.newInstance();
+
+ dbFactory.setIgnoringComments(true);
+ dbFactory.setNamespaceAware(false);
+ dbFactory.setValidating(false);
+
+ DocumentBuilder db = null;
+ try {
+ db = dbFactory.newDocumentBuilder();
+ } catch (ParserConfigurationException pce) {
+ throw new ParsingException("couldn't get a document builder",
pce);
+ }
+
+ Document doc = null;
+ try {
+ doc = db.parse(new FileInputStream(configFile));
+ } catch (IOException ioe) {
+ throw new ParsingException("failed to load the file ", ioe);
+ } catch (SAXException saxe) {
+ throw new ParsingException("error parsing the XML tree", saxe);
+ } catch (IllegalArgumentException iae) {
+ throw new ParsingException("no data to parse", iae);
+ }
+
+ Element root = doc.getDocumentElement();
+
+ if (! root.getTagName().equals("config"))
+ throw new ParsingException("unknown document type: " +
+ root.getTagName());
+
+ return root;
+ }
+
+ /**
+ * Private helper that handles the pdp elements.
+ */
+ private PDPConfig parsePDPConfig(Node root) throws ParsingException {
+ ArrayList attrModules = new ArrayList();
+ HashSet policyModules = new HashSet();
+ ArrayList rsrcModules = new ArrayList();
+
+ // go through all elements of the pdp, loading the specified modules
+ NodeList children = root.getChildNodes();
+ for (int i = 0; i < children.getLength(); i++) {
+ Node child = children.item(i);
+ String name = child.getNodeName();
+
+ if (name.equals("policyFinderModule")) {
+ policyModules.add(loadClass("module", child));
+ } else if (name.equals("attributeFinderModule")) {
+ attrModules.add(loadClass("module", child));
+ } else if (name.equals("resourceFinderModule")) {
+ rsrcModules.add(loadClass("module", child));
+ }
+ }
+
+ // after loading the modules, use the collections to setup a
+ // PDPConfig based on this pdp element
+
+ AttributeFinder attrFinder = new AttributeFinder();
+ attrFinder.setModules(attrModules);
+
+ PolicyFinder policyFinder = new PolicyFinder();
+ policyFinder.setModules(policyModules);
+
+ ResourceFinder rsrcFinder = new ResourceFinder();
+ rsrcFinder.setModules(rsrcModules);
+
+ return new PDPConfig(attrFinder, policyFinder, rsrcFinder);
+ }
+
+ /**
+ * Private helper that handles the attributeFactory elements.
+ */
+ private AttributeFactory parseAttributeFactory(Node root)
+ throws ParsingException
+ {
+ AttributeFactory factory = null;
+
+ // check if we're starting with the standard factory setup
+ if (useStandard(root, "useStandardDatatypes")) {
+ logger.config("Starting with standard Datatypes");
+
+ StandardAttributeFactory sf =
+ StandardAttributeFactory.getFactory();
+ factory = new BaseAttributeFactory(sf.getStandardDatatypes());
+ } else {
+ factory = new BaseAttributeFactory();
+ }
+
+ // now look for all datatypes specified for this factory, adding
+ // them as we go
+ NodeList children = root.getChildNodes();
+ for (int i = 0; i < children.getLength(); i++) {
+ Node child = children.item(i);
+
+ if (child.getNodeName().equals("datatype")) {
+ // a datatype is a class with an identifier
+ String identifier = child.getAttributes().
+ getNamedItem("identifier").getNodeValue();
+ AttributeProxy proxy =
+ (AttributeProxy)(loadClass("datatype", child));
+
+ try {
+ factory.addDatatype(identifier, proxy);
+ } catch (IllegalArgumentException iae) {
+ throw new ParsingException("duplicate datatype: " +
+ identifier, iae);
+ }
+ }
+ }
+
+ return factory;
+ }
+
+ /**
+ * Private helper that handles the combiningAlgFactory elements.
+ */
+ private CombiningAlgFactory parseCombiningAlgFactory(Node root)
+ throws ParsingException
+ {
+ CombiningAlgFactory factory = null;
+
+ // check if we're starting with the standard factory setup
+ if (useStandard(root, "useStandardAlgorithms")) {
+ logger.config("Starting with standard Combining Algorithms");
+
+ StandardCombiningAlgFactory sf =
+ StandardCombiningAlgFactory.getFactory();
+ factory = new
BaseCombiningAlgFactory(sf.getStandardAlgorithms());
+ } else {
+ factory = new BaseCombiningAlgFactory();
+ }
+
+ // now look for all algorithms specified for this factory, adding
+ // them as we go
+ NodeList children = root.getChildNodes();
+ for (int i = 0; i < children.getLength(); i++) {
+ Node child = children.item(i);
+
+ if (child.getNodeName().equals("algorithm")) {
+ // an algorithm is a simple class element
+ CombiningAlgorithm alg =
+ (CombiningAlgorithm)(loadClass("algorithm", child));
+ try {
+ factory.addAlgorithm(alg);
+ } catch (IllegalArgumentException iae) {
+ throw new ParsingException("duplicate combining " +
+ "algorithm: " +
+
alg.getIdentifier().toString(),
+ iae);
+ }
+ }
+ }
+
+ return factory;
+ }
+
+ /**
+ * Private helper that handles the functionFactory elements. This one
+ * is a little more complex than the other two factory helper methods,
+ * since it consists of three factories (target, condition, and general).
+ */
+ private FunctionFactoryProxy parseFunctionFactory(Node root)
+ throws ParsingException
+ {
+ FunctionFactoryProxy proxy = null;
+ FunctionFactory generalFactory = null;
+ FunctionFactory conditionFactory = null;
+ FunctionFactory targetFactory = null;
+
+ // check if we're starting with the standard factory setup, and
+ // make sure that the proxy is pre-configured
+ if (useStandard(root, "useStandardFunctions")) {
+ logger.config("Starting with standard Functions");
+
+ proxy = StandardFunctionFactory.getNewFactoryProxy();
+
+ targetFactory = proxy.getTargetFactory();
+ conditionFactory = proxy.getConditionFactory();
+ generalFactory = proxy.getGeneralFactory();
+ } else {
+ generalFactory = new BaseFunctionFactory();
+ conditionFactory = new BaseFunctionFactory(generalFactory);
+ targetFactory = new BaseFunctionFactory(conditionFactory);
+
+ proxy = new BasicFunctionFactoryProxy(targetFactory,
+ conditionFactory,
+ generalFactory);
+ }
+
+ // go through and load the three sections, putting the loaded
+ // functions into the appropriate factory
+ NodeList children = root.getChildNodes();
+ for (int i = 0; i < children.getLength(); i++) {
+ Node child = children.item(i);
+ String name = child.getNodeName();
+
+ if (name.equals("target")) {
+ logger.config("Loading [TARGET] functions");
+ functionParserHelper(child, targetFactory);
+ } else if (name.equals("condition")) {
+ logger.config("Loading [CONDITION] functions");
+ functionParserHelper(child, conditionFactory);
+ } else if (name.equals("general")) {
+ logger.config("Loading [GENERAL] functions");
+ functionParserHelper(child, generalFactory);
+ }
+ }
+
+ return proxy;
+ }
+
+ /**
+ * Private helper used by the function factory code to load a specific
+ * target, condition, or general section.
+ */
+ private void functionParserHelper(Node root, FunctionFactory factory)
+ throws ParsingException
+ {
+ // go through all elements in the section
+ NodeList children = root.getChildNodes();
+ for (int i = 0; i < children.getLength(); i++) {
+ Node child = children.item(i);
+ String name = child.getNodeName();
+
+ if (name.equals("function")) {
+ // a function section is a simple class element
+ Function function =
+ (Function)(loadClass("function", child));
+ try {
+ factory.addFunction(function);
+ } catch (IllegalArgumentException iae) {
+ throw new ParsingException("duplicate function", iae);
+ }
+ } else if (name.equals("abstractFunction")) {
+ // an abstract function is a class with an identifier
+ URI identifier = null;
+ try {
+ identifier = new URI(child.getAttributes().
+ getNamedItem("identifier").
+ getNodeValue());
+ } catch (URISyntaxException urise) {
+ throw new ParsingException("invalid function identifier",
+ urise);
+ }
+
+ FunctionProxy proxy =
+ (FunctionProxy)(loadClass("abstract function", child));
+ try {
+ factory.addAbstractFunction(proxy, identifier);
+ } catch (IllegalArgumentException iae) {
+ throw new ParsingException("duplicate abstract function",
+ iae);
+ }
+ } else if (name.equals("functionCluster")) {
+ // a cluster is a class that will give us a collection of
+ // functions that need to be added one by one into the
factory
+ FunctionCluster cluster =
+ (FunctionCluster)(loadClass("function cluster", child));
+
+ Iterator it = cluster.getSupportedFunctions().iterator();
+ while (it.hasNext()) {
+ try {
+ factory.addFunction((Function)(it.next()));
+ } catch (IllegalArgumentException iae) {
+ throw new ParsingException("duplicate function",
iae);
+ }
+ }
+ }
+ }
+ }
+
+ /**
+ * Private helper that is used by all the code to load an instance of
+ * the given class...this assumes that the class is in the classpath,
+ * both for simplicity and for stronger security
+ */
+ private Object loadClass(String prefix, Node root)
+ throws ParsingException
+ {
+ // get the name of the class
+ String className =
+ root.getAttributes().getNamedItem("class").getNodeValue();
+
+ if (logger.isLoggable(Level.CONFIG))
+ logger.config("Loading [ " + prefix + ": " + className + " ]");
+
+ // use the system classloader to load the given class
+ ClassLoader cl = ClassLoader.getSystemClassLoader();
+ Class c = null;
+ try {
+ c = cl.loadClass(className);
+ } catch (ClassNotFoundException cnfe) {
+ throw new ParsingException("couldn't load class " + className,
+ cnfe);
+ }
+ Object instance = null;
+
+ // figure out if there are any parameters to the constructor
+ if (! root.hasChildNodes()) {
+ // we're using a null constructor, so this is easy
+ try {
+ instance = c.newInstance();
+ } catch (InstantiationException ie) {
+ throw new ParsingException("couldn't instantiate " +
className
+ + " with empty constructor", ie);
+ } catch (IllegalAccessException iae) {
+ throw new ParsingException("couldn't get access to instance
" +
+ "of " + className, iae);
+ }
+ } else {
+ // parse the arguments to the constructor
+ List args = null;
+ try {
+ args = getArgs(root);
+ } catch (IllegalArgumentException iae) {
+ throw new ParsingException("illegal class arguments", iae);
+ }
+ int argLength = args.size();
+
+ // next we need to see if there's a constructor that matches the
+ // arguments provided...this has to be done by hand since
+ // Class.getConstructor(Class []) doesn't handle sub-classes and
+ // generic types (for instance, a constructor taking List won't
+ // match a parameter list containing ArrayList)
+
+ // get the list of all available constructors
+ Constructor [] cons = c.getConstructors();
+ Constructor constructor = null;
+
+ for (int i = 0; i < cons.length; i++) {
+ // get the parameters for this constructor
+ Class [] params = cons[i].getParameterTypes();
+ if (params.length == argLength) {
+ Iterator it = args.iterator();
+ int j = 0;
+
+ // loop through the parameters and see if each one is
+ // assignable from the coresponding input argument
+ while (it.hasNext()) {
+ if (!
params[j].isAssignableFrom(it.next().getClass()))
+ break;
+ j++;
+ }
+
+ // if we looked at all the parameters, then this
+ // constructor matches the input
+ if (j == argLength)
+ constructor = cons[i];
+ }
+
+ // if we've found a matching constructor then stop looping
+ if (constructor != null)
+ break;
+ }
+
+ // make sure we found a matching constructor
+ if (constructor == null)
+ throw new ParsingException("couldn't find a matching " +
+ "constructor");
+
+ // finally, instantiate the class
+ try {
+ instance = constructor.newInstance(args.toArray());
+ } catch (InstantiationException ie) {
+ throw new ParsingException("couldn't instantiate " +
className,
+ ie);
+ } catch (IllegalAccessException iae) {
+ throw new ParsingException("couldn't get access to instance
" +
+ "of " + className, iae);
+ } catch (InvocationTargetException ite) {
+ throw new ParsingException("couldn't create " + className,
+ ite);
+ }
+ }
+
+ return instance;
+ }
+
+ /**
+ * Private helper that gets the constructor arguments for a given class.
+ * Right now this just supports String and List, but it's trivial to
+ * add support for other types should that be needed. Right now, it's not
+ * clear that there's any need for other types.
+ */
+ private List getArgs(Node root) {
+ List args = new ArrayList();
+ NodeList children = root.getChildNodes();
+
+ for (int i = 0; i < children.getLength(); i++) {
+ Node child = children.item(i);
+ String name = child.getNodeName();
+
+ if (child.getNodeType() == Node.ELEMENT_NODE) {
+ if (name.equals("string")) {
+ args.add(child.getFirstChild().getNodeValue());
+ } else if (name.equals("list")) {
+ args.add(getArgs(child));
+ } else {
+ throw new IllegalArgumentException("unkown arg type: " +
+ name);
+ }
+ }
+ }
+
+ return args;
+ }
+
+ /**
+ * Private helper used by the three factory routines to see if the
+ * given factory should be based on the standard setup
+ */
+ private boolean useStandard(Node node, String attributeName) {
+ NamedNodeMap map = node.getAttributes();
+ if (map == null)
+ return true;
+
+ Node attrNode = map.getNamedItem(attributeName);
+ if (attrNode == null)
+ return true;
+
+ return attrNode.getNodeValue().equals("true");
+ }
+
+ /**
+ * Returns the default PDP configuration. If no default was specified
+ * then this throws an exception.
+ *
+ * @return the default PDP configuration
+ *
+ * @throws UnknownIdentifierException if there is no default config
+ */
+ public PDPConfig getDefaultPDPConfig() throws UnknownIdentifierException
{
+ if (defaultPDPConfig == null)
+ throw new UnknownIdentifierException("no default available");
+
+ return defaultPDPConfig;
+ }
+
+ /**
+ * Returns the PDP configuration with the given name. If no such
+ * configuration exists then an exception is thrown.
+ *
+ * @return the matching PDP configuation
+ *
+ * @throws UnknownIdentifierException if the name is unknown
+ */
+ public PDPConfig getPDPConfig(String name)
+ throws UnknownIdentifierException
+ {
+ Object object = pdpConfigMap.get(name);
+
+ if (object == null)
+ throw new UnknownIdentifierException("unknown pdp: " + name);
+
+ return (PDPConfig)object;
+ }
+
+ /**
+ * Returns a set of identifiers representing each PDP configuration
+ * available.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public Set getSupportedPDPConfigurations() {
+ return Collections.unmodifiableSet(pdpConfigMap.keySet());
+ }
+
+ /**
+ * Returns the default attribute factory. If no default was specified
+ * then this throws an exception.
+ *
+ * @return the default attribute factory
+ *
+ * @throws UnknownIdentifierException if there is no default factory
+ */
+ public AttributeFactory getDefaultAttributeFactory()
+ throws UnknownIdentifierException
+ {
+ if (defaultAttributeFactory == null)
+ throw new UnknownIdentifierException("no default available");
+
+ return defaultAttributeFactory;
+ }
+
+ /**
+ * Returns the attribute factory with the given name. If no such
+ * factory exists then an exception is thrown.
+ *
+ * @return the matching attribute factory
+ *
+ * @throws UnknownIdentifierException if the name is unknown
+ */
+ public AttributeFactory getAttributeFactory(String name)
+ throws UnknownIdentifierException
+ {
+ Object object = attributeMap.get(name);
+
+ if (object == null)
+ throw new UnknownIdentifierException("unknown factory: " + name);
+
+ return (AttributeFactory)object;
+ }
+
+ /**
+ * Returns a set of identifiers representing each attribute factory
+ * available.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public Set getSupportedAttributeFactories() {
+ return Collections.unmodifiableSet(attributeMap.keySet());
+ }
+
+ /**
+ * Returns the default combiningAlg factory. If no default was specified
+ * then this throws an exception.
+ *
+ * @return the default combiningAlg factory
+ *
+ * @throws UnknownIdentifierException if there is no default factory
+ */
+ public CombiningAlgFactory getDefaultCombiningAlgFactory()
+ throws UnknownIdentifierException
+ {
+ if (defaultCombiningFactory == null)
+ throw new UnknownIdentifierException("no default available");
+
+ return defaultCombiningFactory;
+ }
+
+ /**
+ * Returns the combiningAlg factory with the given name. If no such
+ * factory exists then an exception is thrown.
+ *
+ * @return the matching combiningAlg factory
+ *
+ * @throws UnknownIdentifierException if the name is unknown
+ */
+ public CombiningAlgFactory getCombiningAlgFactory(String name)
+ throws UnknownIdentifierException
+ {
+ Object object = combiningMap.get(name);
+
+ if (object == null)
+ throw new UnknownIdentifierException("unknown factory: " + name);
+
+ return (CombiningAlgFactory)object;
+ }
+
+ /**
+ * Returns a set of identifiers representing each combiningAlg factory
+ * available.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public Set getSupportedCombiningAlgFactories() {
+ return Collections.unmodifiableSet(combiningMap.keySet());
+ }
+
+ /**
+ * Returns the default function factory proxy. If no default was
specified
+ * then this throws an exception.
+ *
+ * @return the default function factory proxy
+ *
+ * @throws UnknownIdentifierException if there is no default factory
+ */
+ public FunctionFactoryProxy getDefaultFunctionFactoryProxy()
+ throws UnknownIdentifierException
+ {
+ if (defaultFunctionFactoryProxy == null)
+ throw new UnknownIdentifierException("no default available");
+
+ return defaultFunctionFactoryProxy;
+ }
+
+ /**
+ * Returns the function factory proxy with the given name. If no such
+ * proxy exists then an exception is thrown.
+ *
+ * @return the matching function factory proxy
+ *
+ * @throws UnknownIdentifierException if the name is unknown
+ */
+ public FunctionFactoryProxy getFunctionFactoryProxy(String name)
+ throws UnknownIdentifierException
+ {
+ Object object = functionMap.get(name);
+
+ if (object == null)
+ throw new UnknownIdentifierException("unknown factory: " + name);
+
+ return (FunctionFactoryProxy)object;
+ }
+
+ /**
+ * Returns a set of identifiers representing each function factory proxy
+ * available.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public Set getSupportedFunctionFactories() {
+ return Collections.unmodifiableSet(functionMap.keySet());
+ }
+
+ /**
+ * Uses the default configuration to re-set the default factories used
+ * by the system (attribute, combining algorithm, and function). If
+ * a default is not provided for a given factory, then that factory
+ * will not be set as the system's default.
+ */
+ public void useDefaultFactories() {
+ logger.fine("Switching to default factories from configuration");
+
+ // set the default attribute factory, if it exists here
+ if (defaultAttributeFactory != null) {
+ AttributeFactory.setDefaultFactory(new AttributeFactoryProxy() {
+ public AttributeFactory getFactory() {
+ return defaultAttributeFactory;
+ }
+ });
+ }
+
+ // set the default combining algorithm factory, if it exists here
+ if (defaultCombiningFactory != null) {
+ CombiningAlgFactory.
+ setDefaultFactory(new CombiningAlgFactoryProxy() {
+ public CombiningAlgFactory getFactory() {
+ return defaultCombiningFactory;
+ }
+ });
+ }
+
+ // set the default function factories, if they exists here
+ if (defaultFunctionFactoryProxy != null)
+ FunctionFactory.setDefaultFactory(defaultFunctionFactoryProxy);
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/EvaluationCtx.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/EvaluationCtx.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/EvaluationCtx.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,290 @@
+
+/*
+ * @(#)EvaluationCtx.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml;
+
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.DateAttribute;
+import com.sun.xacml.attr.DateTimeAttribute;
+import com.sun.xacml.attr.TimeAttribute;
+
+import com.sun.xacml.cond.EvaluationResult;
+
+import com.sun.xacml.finder.AttributeFinder;
+
+import java.net.URI;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * Manages the context of a single policy evaluation. Typically, an instance
+ * is instantiated whenever the PDP gets a request and needs to perform an
+ * evaluation as a result.
+ * 
+ * Note that this class does some optional caching for current date, time,
+ * and dateTime values (defined by a boolean flag to the constructors). The
+ * XACML specification requires that these values always be available, but it
+ * does not specify whether or not they must remain constant over the course
+ * of an evaluation if the values are being generated by the PDP (if the
+ * values are provided in the Request, then obviously they will remain
+ * constant). The default behavior is for these environment values to be
+ * cached, so that (for example) the current time remains constant over the
+ * course of an evaluation.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public interface EvaluationCtx
+{
+
+ /**
+ * The standard URI for listing a resource's id
+ */
+ public static final String RESOURCE_ID =
+ "urn:oasis:names:tc:xacml:1.0:resource:resource-id";
+
+ /**
+ * The standard URI for listing a resource's scope
+ */
+ public static final String RESOURCE_SCOPE =
+ "urn:oasis:names:tc:xacml:1.0:resource:scope";
+
+ /**
+ * Resource scope of Immediate (only the given resource)
+ */
+ public static final int SCOPE_IMMEDIATE = 0;
+
+ /**
+ * Resource scope of Children (the given resource and its direct
+ * children)
+ */
+ public static final int SCOPE_CHILDREN = 1;
+
+ /**
+ * Resource scope of Descendants (the given resource and all descendants
+ * at any depth or distance)
+ */
+ public static final int SCOPE_DESCENDANTS = 2;
+
+ /**
+ * Returns the <code>AttributeFinder</code> used by this context.
+ *
+ * @deprecated As of version 1.2, this method should not be used, as it
+ * provides access to a mutable interface. This method will
+ * be removed in the next major release.
+ *
+ * @return the <code>AttributeFinder</code>
+ */
+ public AttributeFinder getAttributeFinder();
+
+ /**
+ * Returns the DOM root of the original RequestType XML document, if
+ * this context is backed by an XACML Request. If this context is not
+ * backed by an XML representation, then an exception is thrown.
+ *
+ * @return the DOM root node
+ *
+ * @throws UnsupportedOperationException if the context is not backed
+ * by an XML representation
+ */
+ public Node getRequestRoot();
+
+ /**
+ * Returns the identifier for the resource being requested.
+ *
+ * @return the resource
+ */
+ public AttributeValue getResourceId();
+
+ /**
+ * Returns the resource scope, which will be one of the three fields
+ * denoting Immediate, Children, or Descendants.
+ *
+ * @return the scope of the resource
+ */
+ public int getScope();
+
+ /**
+ * Changes the value of the resource-id attribute in this context. This
+ * is useful when you have multiple resources (ie, a scope other than
+ * IMMEDIATE), and you need to keep changing only the resource-id to
+ * evaluate the different effective requests.
+ *
+ * @param resourceId the new resource-id value
+ */
+ public void setResourceId(AttributeValue resourceId);
+
+ /**
+ * Returns the cached value for the current time. If the value has never
+ * been set by a call to <code>setCurrentTime</code>, or if caching is
+ * not enabled in this instance, then this will return null.
+ *
+ * @return the current time or null
+ */
+ public TimeAttribute getCurrentTime();
+
+ /**
+ * Sets the current time for this evaluation. If caching is not enabled
+ * for this instance then the value is ignored.
+ *
+ * @param currentTime the dynamically resolved current time
+ */
+ public void setCurrentTime(TimeAttribute currentTime);
+
+ /**
+ * Returns the cached value for the current date. If the value has never
+ * been set by a call to <code>setCurrentDate</code>, or if caching is
+ * not enabled in this instance, then this will return null.
+ *
+ * @return the current date or null
+ */
+ public DateAttribute getCurrentDate();
+
+ /**
+ * Sets the current date for this evaluation. If caching is not enabled
+ * for this instance then the value is ignored.
+ *
+ * @param currentDate the dynamically resolved current date
+ */
+ public void setCurrentDate(DateAttribute currentDate);
+
+ /**
+ * Returns the cached value for the current dateTime. If the value has
+ * never been set by a call to <code>setCurrentDateTime</code>, or if
+ * caching is not enabled in this instance, then this will return null.
+ *
+ * @return the current date or null
+ */
+ public DateTimeAttribute getCurrentDateTime();
+
+ /**
+ * Sets the current dateTime for this evaluation. If caching is not
enabled
+ * for this instance then the value is ignored.
+ *
+ * @param currentDateTime the dynamically resolved current dateTime
+ */
+ public void setCurrentDateTime(DateTimeAttribute currentDateTime);
+
+ /**
+ * Returns available subject attribute value(s) ignoring the issuer.
+ *
+ * @param type the type of the attribute value(s) to find
+ * @param id the id of the attribute value(s) to find
+ * @param category the category the attribute value(s) must be in
+ *
+ * @return a result containing a bag either empty because no values were
+ * found or containing at least one value, or status associated with an
+ * Indeterminate result
+ */
+ public EvaluationResult getSubjectAttribute(URI type, URI id,
+ URI category);
+
+ /**
+ * Returns available subject attribute value(s).
+ *
+ * @param type the type of the attribute value(s) to find
+ * @param id the id of the attribute value(s) to find
+ * @param issuer the issuer of the attribute value(s) to find or null
+ * @param category the category the attribute value(s) must be in
+ *
+ * @return a result containing a bag either empty because no values were
+ * found or containing at least one value, or status associated with an
+ * Indeterminate result
+ */
+ public EvaluationResult getSubjectAttribute(URI type, URI id, URI issuer,
+ URI category);
+
+ /**
+ * Returns available resource attribute value(s).
+ *
+ * @param type the type of the attribute value(s) to find
+ * @param id the id of the attribute value(s) to find
+ * @param issuer the issuer of the attribute value(s) to find or null
+ *
+ * @return a result containing a bag either empty because no values were
+ * found or containing at least one value, or status associated with an
+ * Indeterminate result
+ */
+ public EvaluationResult getResourceAttribute(URI type, URI id,
+ URI issuer);
+
+ /**
+ * Returns available action attribute value(s).
+ *
+ * @param type the type of the attribute value(s) to find
+ * @param id the id of the attribute value(s) to find
+ * @param issuer the issuer of the attribute value(s) to find or null
+ *
+ * @return a result containing a bag either empty because no values were
+ * found or containing at least one value, or status associated with an
+ * Indeterminate result
+ */
+ public EvaluationResult getActionAttribute(URI type, URI id, URI issuer);
+
+ /**
+ * Returns available environment attribute value(s).
+ *
+ * @param type the type of the attribute value(s) to find
+ * @param id the id of the attribute value(s) to find
+ * @param issuer the issuer of the attribute value(s) to find or null
+ *
+ * @return a result containing a bag either empty because no values were
+ * found or containing at least one value, or status associated with an
+ * Indeterminate result
+ */
+ public EvaluationResult getEnvironmentAttribute(URI type, URI id,
+ URI issuer);
+
+ /**
+ * Returns the attribute value(s) retrieved using the given XPath
+ * expression.
+ *
+ * @param contextPath the XPath expression to search
+ * @param namespaceNode the DOM node defining namespace mappings to use,
+ * or null if mappings come from the context root
+ * @param type the type of the attribute value(s) to find
+ * @param xpathVersion the version of XPath to use
+ *
+ * @return a result containing a bag either empty because no values were
+ * found or containing at least one value, or status associated with an
+ * Indeterminate result
+ */
+ public EvaluationResult getAttribute(String contextPath,
+ Node namespaceNode, URI type,
+ String xpathVersion);
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/Indenter.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/Indenter.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/Indenter.java 2010-06-18
08:40:01 UTC (rev 5711)
@@ -0,0 +1,118 @@
+
+/*
+ * @(#)Indenter.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml;
+
+import java.util.Arrays;
+
+
+/**
+ * Provides flexible indenting for XML encoding. This class generates
+ * strings of spaces to be prepended to lines of XML. The strings are
+ * formed according to a specified indent width and the given depth.
+ *
+ * @since 1.0
+ * @author Marco Barreno
+ * @author Seth Proctor
+ */
+public class Indenter
+{
+
+ /**
+ * The default indentation width
+ */
+ public static final int DEFAULT_WIDTH = 2;
+
+ // The width of one indentation level
+ private int width;
+
+ // the current depth
+ private int depth;
+
+ /**
+ * Constructs an <code>Indenter</code> with the default indent
+ * width.
+ */
+ public Indenter() {
+ this(DEFAULT_WIDTH);
+ }
+
+ /**
+ * Constructs an <code>Indenter</code> with a user-supplied indent
+ * width.
+ *
+ * @param userWidth the number of spaces to use for each indentation
level
+ */
+ public Indenter(int userWidth) {
+ width = userWidth;
+ depth = 0;
+ }
+
+ /**
+ * Move in one width.
+ */
+ public void in() {
+ depth += width;
+ }
+
+ /**
+ * Move out one width.
+ */
+ public void out() {
+ depth -= width;
+ }
+
+ /**
+ * Create a <code>String</code> of spaces for indentation based on the
+ * current depth.
+ *
+ * @return an indent string to prepend to lines of XML
+ */
+ public String makeString() {
+ // Return quickly if no indenting
+ if (depth <= 0) {
+ return new String("");
+ }
+
+ // Make a char array and fill it with spaces
+ char[] array = new char[depth];
+ Arrays.fill(array, ' ');
+
+ // Now return a string built from that char array
+ return new String(array);
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/MatchResult.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/MatchResult.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/MatchResult.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,123 @@
+
+/*
+ * @(#)MatchResult.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml;
+
+import com.sun.xacml.ctx.Status;
+
+
+/**
+ * This is used as the return value for the various target matching
functions.
+ * It communicates that either the target matches the input request, the
+ * target doesn't match the input request, or the result is Indeterminate.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class MatchResult
+{
+
+ /**
+ * An integer value indicating the the target matches the request
+ */
+ public static final int MATCH = 0;
+
+ /**
+ * An integer value indicating that the target doesn't match the request
+ */
+ public static final int NO_MATCH = 1;
+
+ /**
+ * An integer value indicating the the result is Indeterminate
+ */
+ public static final int INDETERMINATE = 2;
+
+ //
+ private int result;
+ private Status status;
+
+ /**
+ * Constructor that creates a <code>MatchResult</code> with no Status
+ *
+ * @param result the applicable result
+ */
+ public MatchResult(int result) {
+ this(result, null);
+ }
+
+ /**
+ * Constructor that creates a <code>MatchResult</code>, including Status
+ * data
+ *
+ * @param result the applicable result
+ * @param status the error information
+ *
+ * @throws IllegalArgumentException if the input result isn't a valid
value
+ */
+ public MatchResult(int result, Status status)
+ throws IllegalArgumentException
+ {
+
+ // check if input result is a valid value
+ if ((result != MATCH) &&
+ (result != NO_MATCH) &&
+ (result != INDETERMINATE))
+ throw new IllegalArgumentException("Input result is not a valid"
+
+ "value");
+
+ this.result = result;
+ this.status = status;
+ }
+
+ /**
+ * Returns the applicable result
+ *
+ * @return the applicable result
+ */
+ public int getResult() {
+ return result;
+ }
+
+ /**
+ * Returns the status if there was an error, or null if no error occurred
+ *
+ * @return the error status data or null
+ */
+ public Status getStatus() {
+ return status;
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/Obligation.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/Obligation.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/Obligation.java 2010-06-18
08:40:01 UTC (rev 5711)
@@ -0,0 +1,236 @@
+
+/*
+ * @(#)Obligation.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml;
+
+import com.sun.xacml.attr.AttributeFactory;
+import com.sun.xacml.attr.AttributeValue;
+
+import com.sun.xacml.ctx.Attribute;
+import com.sun.xacml.ctx.Result;
+
+import java.io.OutputStream;
+import java.io.PrintStream;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+
+/**
+ * Represents the ObligationType XML type in XACML. This also stores all the
+ * AttriubteAssignmentType XML types.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class Obligation
+{
+
+ // the obligation id
+ private URI id;
+
+ // effect to fulfill on, as defined in Result
+ private int fulfillOn;
+
+ // the attribute assignments
+ private List assignments;
+
+ /**
+ * Constructor that takes all the data associated with an obligation.
+ * The attribute assignment list contains <code>Attribute</code> objects,
+ * but only the fields used by the AttributeAssignmentType are used.
+ *
+ * @param id the obligation's id
+ * @param fulfillOn the effect denoting when to fulfill this obligation
+ * @param assignments a <code>List</code> of <code>Attribute</code>s
+ */
+ public Obligation(URI id, int fulfillOn, List assignments) {
+ this.id = id;
+ this.fulfillOn = fulfillOn;
+ this.assignments = Collections.
+ unmodifiableList(new ArrayList(assignments));
+ }
+
+ /**
+ * Creates an instance of <code>Obligation</code> based on the DOM root
+ * node.
+ *
+ * @param root the DOM root of the ObligationType XML type
+ *
+ * @return an instance of an obligation
+ *
+ * @throws ParsingException if the structure isn't valid
+ */
+ public static Obligation getInstance(Node root) throws ParsingException {
+ URI id;
+ int fulfillOn = -1;
+ List assignments = new ArrayList();
+
+ AttributeFactory attrFactory = AttributeFactory.getInstance();
+ NamedNodeMap attrs = root.getAttributes();
+
+ try {
+ id = new URI(attrs.getNamedItem("ObligationId").getNodeValue());
+ } catch (Exception e) {
+ throw new ParsingException("Error parsing required attriubte " +
+ "ObligationId", e);
+ }
+
+ String effect = null;
+
+ try {
+ effect = attrs.getNamedItem("FulfillOn").getNodeValue();
+ } catch (Exception e) {
+ throw new ParsingException("Error parsing required attriubte " +
+ "FulfillOn", e);
+ }
+
+ if (effect.equals("Permit")) {
+ fulfillOn = Result.DECISION_PERMIT;
+ } else if (effect.equals("Deny")) {
+ fulfillOn = Result.DECISION_DENY;
+ } else {
+ throw new ParsingException("Invlid Effect type: " + effect);
+ }
+
+ NodeList nodes = root.getChildNodes();
+ for (int i = 0; i < nodes.getLength(); i++) {
+ Node node = nodes.item(i);
+ if (node.getNodeName().equals("AttributeAssignment")) {
+ try {
+ URI attrId =
+ new URI(node.getAttributes().
+ getNamedItem("AttributeId").getNodeValue());
+ AttributeValue attrValue = attrFactory.createValue(node);
+ assignments.add(new Attribute(attrId, null, null,
+ attrValue));
+ } catch (URISyntaxException use) {
+ throw new ParsingException("Error parsing URI", use);
+ } catch (UnknownIdentifierException uie) {
+ throw new ParsingException("Unknown AttributeId", uie);
+ } catch (Exception e) {
+ throw new ParsingException("Error parsing attribute " +
+ "assignments", e);
+ }
+ }
+ }
+
+ return new Obligation(id, fulfillOn, assignments);
+ }
+
+ /**
+ * Returns the id of this obligation
+ *
+ * @return the id
+ */
+ public URI getId() {
+ return id;
+ }
+
+ /**
+ * Returns effect that will cause this obligation to be included in a
+ * response
+ *
+ * @return the fulfillOn effect
+ */
+ public int getFulfillOn() {
+ return fulfillOn;
+ }
+
+ /**
+ * Returns the attribute assignment data in this obligation. The
+ * <code>List</code> contains objects of type <code>Attribute</code>
+ * with only the correct attribute fields being used.
+ *
+ * @return the assignments
+ */
+ public List getAssignments() {
+ return assignments;
+ }
+
+ /**
+ * Encodes this <code>Obligation</code> into its XML form and writes this
+ * out to the provided <code>OutputStream<code> with no indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ */
+ public void encode(OutputStream output) {
+ encode(output, new Indenter(0));
+ }
+
+ /**
+ * Encodes this <code>Obligation</code> into its XML form and writes this
+ * out to the provided <code>OutputStream<code> with indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ * @param indenter an object that creates indentation strings
+ */
+ public void encode(OutputStream output, Indenter indenter) {
+ PrintStream out = new PrintStream(output);
+ String indent = indenter.makeString();
+
+ out.println(indent + "<Obligation ObligationId=\"" + id.toString() +
+ "\" FulfillOn=\"" + Result.DECISIONS[fulfillOn] + "\">");
+
+ indenter.in();
+
+ Iterator it = assignments.iterator();
+
+ while (it.hasNext()) {
+ Attribute attr = (Attribute)(it.next());
+ out.println(indenter.makeString() +
+ "<AttributeAssignment AttributeId=\"" +
+ attr.getId().toString() + "\" DataType=\"" +
+ attr.getType().toString() + "\">" +
+ attr.getValue().encode() +
+ "</AttributeAssignment>");
+ }
+
+ indenter.out();
+
+ out.println(indent + "</Obligation>");
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/PDP.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/PDP.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/PDP.java 2010-06-18
08:40:01 UTC (rev 5711)
@@ -0,0 +1,294 @@
+
+/*
+ * @(#)PDP.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml;
+
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.StringAttribute;
+
+import com.sun.xacml.ctx.RequestCtx;
+import com.sun.xacml.ctx.ResponseCtx;
+import com.sun.xacml.ctx.Result;
+import com.sun.xacml.ctx.Status;
+
+import com.sun.xacml.finder.AttributeFinder;
+import com.sun.xacml.finder.PolicyFinder;
+import com.sun.xacml.finder.PolicyFinderResult;
+import com.sun.xacml.finder.ResourceFinder;
+import com.sun.xacml.finder.ResourceFinderResult;
+
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+
+/**
+ * This is the core class for the XACML engine, providing the starting point
+ * for request evaluation. To build an XACML policy engine, you start by
+ * instantiating this object.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class PDP
+{
+
+ // the single attribute finder that can be used to find external values
+ private AttributeFinder attributeFinder;
+
+ // the single policy finder that will be used to resolve policies
+ private PolicyFinder policyFinder;
+
+ // the single resource finder that will be used to resolve resources
+ private ResourceFinder resourceFinder;
+
+ // the logger we'll use for all messages
+ private static final Logger logger =
Logger.getLogger(PDP.class.getName());
+
+ /**
+ * Constructs a new <code>PDP</code> object with the given configuration
+ * information.
+ *
+ * @param config user configuration data defining how to find policies,
+ * resolve external attributes, etc.
+ */
+ public PDP(PDPConfig config) {
+ logger.fine("creating a PDP");
+
+ attributeFinder = config.getAttributeFinder();
+
+ policyFinder = config.getPolicyFinder();
+ policyFinder.init();
+
+ resourceFinder = config.getResourceFinder();
+ }
+
+ /**
+ * Attempts to evaluate the request against the policies known to this
+ * PDP. This is really the core method of the entire XACML specification,
+ * and for most people will provide what you want. If you need any
special
+ * handling, you should look at the version of this method that takes an
+ * <code>EvaluationCtx</code>.
+ * 
+ * Note that if the request is somehow invalid (it was missing a required
+ * attribute, it was using an unsupported scope, etc), then the result
+ * will be a decision of INDETERMINATE.
+ *
+ * @param request the request to evaluate
+ *
+ * @return a response paired to the request
+ */
+ public ResponseCtx evaluate(RequestCtx request) {
+ // try to create the EvaluationCtx out of the request
+ try {
+ return evaluate(new BasicEvaluationCtx(request,
attributeFinder));
+ } catch (ParsingException pe) {
+ logger.log(Level.INFO, "the PDP receieved an invalid request",
pe);
+
+ // there was something wrong with the request, so we return
+ // Indeterminate with a status of syntax error...though this
+ // may change if a more appropriate status type exists
+ ArrayList code = new ArrayList();
+ code.add(Status.STATUS_SYNTAX_ERROR);
+ Status status = new Status(code, pe.getMessage());
+
+ return new ResponseCtx(new Result(Result.DECISION_INDETERMINATE,
+ status));
+ }
+ }
+
+ /**
+ * Uses the given <code>EvaluationCtx</code> against the available
+ * policies to determine a response. If you are starting with a standard
+ * XACML Request, then you should use the version of this method that
+ * takes a <code>RequestCtx</code>. This method should be used only if
+ * you have a real need to directly construct an evaluation context (or
+ * if you need to use an <code>EvaluationCtx</code> implementation other
+ * than <code>BasicEvaluationCtx</code>).
+ *
+ * @param context representation of the request and the context used
+ * for evaluation
+ *
+ * @return a response based on the contents of the context
+ */
+ public ResponseCtx evaluate(EvaluationCtx context) {
+ // see if we need to call the resource finder
+ if (context.getScope() != EvaluationCtx.SCOPE_IMMEDIATE) {
+ AttributeValue parent = context.getResourceId();
+ ResourceFinderResult resourceResult = null;
+
+ if (context.getScope() == EvaluationCtx.SCOPE_CHILDREN)
+ resourceResult =
+ resourceFinder.findChildResources(parent, context);
+ else
+ resourceResult =
+ resourceFinder.findDescendantResources(parent, context);
+
+ // see if we actually found anything
+ if (resourceResult.isEmpty()) {
+ // this is a problem, since we couldn't find any resources
+ // to work on...the spec is not explicit about what kind of
+ // error this is, so we're treating it as a processing error
+ ArrayList code = new ArrayList();
+ code.add(Status.STATUS_PROCESSING_ERROR);
+ String msg = "Couldn't find any resources to work on.";
+
+ return new
+ ResponseCtx(new Result(Result.DECISION_INDETERMINATE,
+ new Status(code, msg),
+
context.getResourceId().encode()));
+ }
+
+ // setup a set to keep track of the results
+ HashSet results = new HashSet();
+
+ // at this point, we need to go through all the resources we
+ // successfully found and start collecting results
+ Iterator it = resourceResult.getResources().iterator();
+ while (it.hasNext()) {
+ // get the next resource, and set it in the EvaluationCtx
+ AttributeValue resource = (AttributeValue)(it.next());
+ context.setResourceId(resource);
+
+ // do the evaluation, and set the resource in the result
+ Result result = evaluateContext(context);
+ result.setResource(resource.encode());
+
+ // add the result
+ results.add(result);
+ }
+
+ // now that we've done all the successes, we add all the failures
+ // from the finder result
+ Map failureMap = resourceResult.getFailures();
+ it = failureMap.keySet().iterator();
+ while (it.hasNext()) {
+ // get the next resource, and use it to get its Status data
+ AttributeValue resource = (AttributeValue)(it.next());
+ Status status = (Status)(failureMap.get(resource));
+
+ // add a new result
+ results.add(new Result(Result.DECISION_INDETERMINATE,
+ status, resource.encode()));
+ }
+
+ // return the set of results
+ return new ResponseCtx(results);
+ } else {
+ // the scope was IMMEDIATE (or missing), so we can just evaluate
+ // the request and return whatever we get back
+ return new ResponseCtx(evaluateContext(context));
+ }
+ }
+
+ /**
+ * A private helper routine that resolves a policy for the given
+ * context, and then tries to evaluate based on the policy
+ */
+ private Result evaluateContext(EvaluationCtx context) {
+ // first off, try to find a policy
+ PolicyFinderResult finderResult = policyFinder.findPolicy(context);
+
+ // see if there weren't any applicable policies
+ if (finderResult.notApplicable())
+ return new Result(Result.DECISION_NOT_APPLICABLE,
+ context.getResourceId().encode());
+
+ // see if there were any errors in trying to get a policy
+ if (finderResult.indeterminate())
+ return new Result(Result.DECISION_INDETERMINATE,
+ finderResult.getStatus(),
+ context.getResourceId().encode());
+
+ // we found a valid policy, so we can do the evaluation
+ return finderResult.getPolicy().evaluate(context);
+ }
+
+ /**
+ * A utility method that wraps the functionality of the other evaluate
+ * method with input and output streams. This is useful if you've got
+ * a PDP that is taking inputs from some stream and is returning
+ * responses through the same stream system. If the Request is invalid,
+ * then this will always return a decision of INDETERMINATE.
+ *
+ * @deprecated As of 1.2 this method should not be used. Instead, you
+ * should do your own stream handling, and then use one of
+ * the other <code>evaluate</code> methods. The problem
+ * with this method is that it often doesn't handle stream
+ * termination correctly (eg, with sockets).
+ *
+ * @param input a stream that contains an XML RequestType
+ *
+ * @return a stream that contains an XML ResponseType
+ */
+ public OutputStream evaluate(InputStream input) {
+ RequestCtx request = null;
+ ResponseCtx response = null;
+
+ try {
+ request = RequestCtx.getInstance(input);
+ } catch (Exception pe) {
+ // the request wasn't formed correctly
+ ArrayList code = new ArrayList();
+ code.add(Status.STATUS_SYNTAX_ERROR);
+ Status status = new Status(code, "invalid request: " +
+ pe.getMessage());
+
+ response =
+ new ResponseCtx(new Result(Result.DECISION_INDETERMINATE,
+ status));
+ }
+
+ // if we didn't have a problem above, then we should go ahead
+ // with the evaluation
+ if (response == null)
+ response = evaluate(request);
+
+ ByteArrayOutputStream out = new ByteArrayOutputStream();
+ response.encode(out, new Indenter());
+
+ return out;
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/PDPConfig.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/PDPConfig.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/PDPConfig.java 2010-06-18
08:40:01 UTC (rev 5711)
@@ -0,0 +1,125 @@
+
+/*
+ * @(#)PDPConfig.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml;
+
+import com.sun.xacml.finder.AttributeFinder;
+import com.sun.xacml.finder.PolicyFinder;
+import com.sun.xacml.finder.ResourceFinder;
+
+
+/**
+ * This class is used as a container that holds configuration
+ * information for the PDP, which includes the <code>AttributeFinder</code>,
+ * <code>PolicyFinder</code>, and <code>ResourceFinder</code> that the
+ * PDP should use.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ * @author Marco Barreno
+ */
+public class PDPConfig
+{
+
+ //
+ private AttributeFinder attributeFinder;
+
+ //
+ private PolicyFinder policyFinder;
+
+ //
+ private ResourceFinder resourceFinder;
+
+ /**
+ * Constructor that creates a <code>PDPConfig</code> from components.
+ *
+ * @param attributeFinder the <code>AttributeFinder</code> that the PDP
+ * should use, or null if it shouldn't use any
+ * @param policyFinder the <code>PolicyFinder</code> that the PDP
+ * should use, or null if it shouldn't use any
+ * @param resourceFinder the <code>ResourceFinder</code> that the PDP
+ * should use, or null if it shouldn't use any
+ */
+ public PDPConfig(AttributeFinder attributeFinder,
+ PolicyFinder policyFinder,
+ ResourceFinder resourceFinder) {
+ if (attributeFinder != null)
+ this.attributeFinder = attributeFinder;
+ else
+ this.attributeFinder = new AttributeFinder();
+
+ if (policyFinder != null)
+ this.policyFinder = policyFinder;
+ else
+ this.policyFinder = new PolicyFinder();
+
+ if (resourceFinder != null)
+ this.resourceFinder = resourceFinder;
+ else
+ this.resourceFinder = new ResourceFinder();
+ }
+
+ /**
+ * Returns the <code>AttributeFinder</code> that was configured, or
+ * null if none was configured
+ *
+ * @return the <code>AttributeFinder</code> or null
+ */
+ public AttributeFinder getAttributeFinder() {
+ return attributeFinder;
+ }
+
+ /**
+ * Returns the <code>PolicyFinder</code> that was configured, or
+ * null if none was configured
+ *
+ * @return the <code>PolicyFinder</code> or null
+ */
+ public PolicyFinder getPolicyFinder() {
+ return policyFinder;
+ }
+
+ /**
+ * Returns the <code>ResourceFinder</code> that was configured, or
+ * null if none was configured
+ *
+ * @return the <code>ResourceFinder</code> or null
+ */
+ public ResourceFinder getResourceFinder() {
+ return resourceFinder;
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/ParsingException.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/ParsingException.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/ParsingException.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,100 @@
+
+/*
+ * @(#)ParsingException.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml;
+
+
+/**
+ * Exception that gets thrown if any general parsing error occurs.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class ParsingException extends Exception
+{
+
+ /**
+ * Constructs a new <code>ParsingException</code> with no message
+ * or cause.
+ */
+ public ParsingException() {
+
+ }
+
+ /**
+ * Constructs a new <code>ParsingException</code> with a message,
+ * but no cause. The message is saved for later retrieval by the
+ *
{@link
java.lang#Throwable.getMessage() Throwable.getMessage()}
+ * method.
+ *
+ * @param message the detail message (<code>null</code> if nonexistent
+ * or unknown)
+ */
+ public ParsingException(String message) {
+ super(message);
+ }
+
+ /**
+ * Constructs a new <code>ParsingException</code> with a cause,
+ * but no message. The cause is saved for later retrieval by the
+ *
{@link
java.lang#Throwable.getCause() Throwable.getCause()}
+ * method.
+ *
+ * @param cause the cause (<code>null</code> if nonexistent
+ * or unknown)
+ */
+ public ParsingException(Throwable cause) {
+ super(cause);
+ }
+
+ /**
+ * Constructs a new <code>ParsingException</code> with a message
+ * and a cause. The message and cause are saved for later retrieval
+ * by the
+ *
{@link
java.lang#Throwable.getMessage() Throwable.getMessage()} and
+ *
{@link
java.lang#Throwable.getCause() Throwable.getCause()}
+ * methods.
+ *
+ * @param message the detail message (<code>null</code> if nonexistent
+ * or unknown)
+ * @param cause the cause (<code>null</code> if nonexistent
+ * or unknown)
+ */
+ public ParsingException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/Policy.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/Policy.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/Policy.java 2010-06-18
08:40:01 UTC (rev 5711)
@@ -0,0 +1,287 @@
+
+/*
+ * @(#)Policy.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml;
+
+import com.sun.xacml.combine.RuleCombiningAlgorithm;
+
+import com.sun.xacml.ctx.Result;
+
+import java.io.OutputStream;
+import java.io.PrintStream;
+
+import java.net.URI;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+
+/**
+ * Represents one of the two top-level constructs in XACML, the PolicyType.
+ * This optionally contains rules, which in turn contain most of the logic
of
+ * a policy.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class Policy extends AbstractPolicy
+{
+
+ /**
+ * Creates a new <code>Policy</code> with only the required elements.
+ *
+ * @param id the policy identifier
+ * @param combiningAlg the <code>CombiningAlgorithm</code> used on the
+ * rules in this set
+ * @param target the <code>Target</code> for this policy
+ */
+ public Policy(URI id, RuleCombiningAlgorithm combiningAlg, Target
target) {
+ this(id, combiningAlg, null, target, null, null, null);
+ }
+
+ /**
+ * Creates a new <code>Policy</code> with only the required elements
+ * plus some rules.
+ *
+ * @param id the policy identifier
+ * @param combiningAlg the <code>CombiningAlgorithm</code> used on the
+ * rules in this set
+ * @param target the <code>Target</code> for this policy
+ * @param rules a list of <code>Rule</code> objects
+ *
+ * @throws IllegalArgumentException if the <code>List</code> of rules
+ * contains an object that is not a
+ * <code>Rule</code>
+ */
+ public Policy(URI id, RuleCombiningAlgorithm combiningAlg, Target target,
+ List rules) {
+ this(id, combiningAlg, null, target, null, rules, null);
+ }
+
+ /**
+ * Creates a new <code>Policy</code> with the required elements plus
+ * some rules and policy defaults.
+ *
+ * @param id the policy identifier
+ * @param combiningAlg the <code>CombiningAlgorithm</code> used on the
+ * rules in this set
+ * @param target the <code>Target</code> for this policy
+ * @param defaultVersion the XPath version to use
+ * @param rules a list of <code>Rule</code> objects
+ *
+ * @throws IllegalArgumentException if the <code>List</code> of rules
+ * contains an object that is not a
+ * <code>Rule</code>
+ */
+ public Policy(URI id, RuleCombiningAlgorithm combiningAlg, Target target,
+ String defaultVersion, List rules) {
+ this(id, combiningAlg, null, target, defaultVersion, rules, null);
+ }
+
+ /**
+ * Creates a new <code>Policy</code> with the required elements plus
+ * some rules and a String description.
+ *
+ * @param id the policy identifier
+ * @param combiningAlg the <code>CombiningAlgorithm</code> used on the
+ * rules in this set
+ * @param description a <code>String</code> describing the policy
+ * @param target the <code>Target</code> for this policy
+ * @param rules a list of <code>Rule</code> objects
+ *
+ * @throws IllegalArgumentException if the <code>List</code> of rules
+ * contains an object that is not a
+ * <code>Rule</code>
+ */
+ public Policy(URI id, RuleCombiningAlgorithm combiningAlg,
+ String description, Target target, List rules) {
+ this(id, combiningAlg, description, target, null, rules, null);
+ }
+
+ /**
+ * Creates a new <code>Policy</code> with the required elements plus
+ * some rules, a String description and policy defaults.
+ *
+ * @param id the policy identifier
+ * @param combiningAlg the <code>CombiningAlgorithm</code> used on the
+ * rules in this set
+ * @param description a <code>String</code> describing the policy
+ * @param target the <code>Target</code> for this policy
+ * @param defaultVersion the XPath version to use
+ * @param rules a list of <code>Rule</code> objects
+ *
+ * @throws IllegalArgumentException if the <code>List</code> of rules
+ * contains an object that is not a
+ * <code>Rule</code>
+ */
+ public Policy(URI id, RuleCombiningAlgorithm combiningAlg,
+ String description, Target target, String defaultVersion,
+ List rules) {
+ this(id, combiningAlg, description, target, defaultVersion, rules,
+ null);
+ }
+
+ /**
+ * Creates a new <code>Policy</code> with the required elements plus
+ * some rules, a String description, policy defaults, and obligations.
+ *
+ * @param id the policy identifier
+ * @param combiningAlg the <code>CombiningAlgorithm</code> used on the
+ * rules in this set
+ * @param description a <code>String</code> describing the policy
+ * @param target the <code>Target</code> for this policy
+ * @param defaultVersion the XPath version to use
+ * @param rules a list of <code>Rule</code> objects
+ * @param obligations a set of <code>Obligations</code> objects
+ *
+ * @throws IllegalArgumentException if the <code>List</code> of rules
+ * contains an object that is not a
+ * <code>Rule</code>
+ */
+ public Policy(URI id, RuleCombiningAlgorithm combiningAlg,
+ String description, Target target, String defaultVersion,
+ List rules, Set obligations) {
+ super(id, combiningAlg, description, target, defaultVersion,
+ obligations);
+
+ // check that the list contains only rules
+ if (rules != null) {
+ Iterator it = rules.iterator();
+ while (it.hasNext()) {
+ Object o = it.next();
+ if (! (o instanceof Rule))
+ throw new IllegalArgumentException("non-Rule in rules");
+ }
+ }
+
+ setChildren(rules);
+ }
+
+ /**
+ * Creates a new Policy based on the given root node. This is
+ * private since every class is supposed to use a getInstance() method
+ * to construct from a Node, but since we want some common code in the
+ * parent class, we need this functionality in a constructor.
+ */
+ private Policy(Node root) throws ParsingException {
+ super(root, "Policy", "RuleCombiningAlgId");
+
+ List rules = new ArrayList();
+ String xpathVersion = getDefaultVersion();
+
+ NodeList children = root.getChildNodes();
+ for (int i = 0; i < children.getLength(); i++) {
+ Node child = children.item(i);
+ if (child.getNodeName().equals("Rule"))
+ rules.add(Rule.getInstance(child, xpathVersion));
+ }
+
+ setChildren(rules);
+ }
+
+ /**
+ * Creates an instance of a <code>Policy</code> object based on a
+ * DOM node. The node must be the root of PolicyType XML object,
+ * otherwise an exception is thrown.
+ *
+ * @param root the DOM root of a PolicyType XML type
+ *
+ * @throws ParsingException if the PolicyType is invalid
+ */
+ public static Policy getInstance(Node root) throws ParsingException {
+ // first off, check that it's the right kind of node
+ if (! root.getNodeName().equals("Policy")) {
+ throw new ParsingException("Cannot create Policy from root of " +
+ "type " + root.getNodeName());
+ }
+
+ return new Policy(root);
+ }
+
+ /**
+ * Encodes this <code>Policy</code> into its XML representation and
writes
+ * this encoding to the given <code>OutputStream</code> with no
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ */
+ public void encode(OutputStream output) {
+ encode(output, new Indenter(0));
+ }
+
+ /**
+ * Encodes this <code>Policy</code> into its XML representation and
writes
+ * this encoding to the given <code>OutputStream</code> with
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ * @param indenter an object that creates indentation strings
+ */
+ public void encode(OutputStream output, Indenter indenter) {
+ PrintStream out = new PrintStream(output);
+ String indent = indenter.makeString();
+
+ out.println(indent + "<Policy PolicyId=\"" + getId().toString() +
+ "\" RuleCombiningAlgId=\"" +
+ getCombiningAlg().getIdentifier().toString() +
+ "\">");
+
+ indenter.in();
+ String nextIndent = indenter.makeString();
+
+ String description = getDescription();
+ if (description != null)
+ out.println(nextIndent + "<Description>" + description +
+ "</Description>");
+
+ String version = getDefaultVersion();
+ if (version != null)
+ out.println("<PolicyDefaults><XPathVersion>" + version +
+ "</XPathVersion></PolicyDefaults>");
+
+ encodeCommonElements(output, indenter);
+
+ indenter.out();
+ out.println(indent + "</Policy>");
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/PolicyReference.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/PolicyReference.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/PolicyReference.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,366 @@
+
+/*
+ * @(#)PolicyReference.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml;
+
+import com.sun.xacml.combine.CombiningAlgorithm;
+
+import com.sun.xacml.ctx.Result;
+import com.sun.xacml.ctx.Status;
+
+import com.sun.xacml.finder.PolicyFinder;
+import com.sun.xacml.finder.PolicyFinderResult;
+
+import java.io.OutputStream;
+import java.io.PrintStream;
+
+import java.net.URI;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+
+/**
+ * This class is used as a placeholder for the PolicyIdReference and
+ * PolicySetIdReference fields in a PolicySetType. When a reference is used
+ * in a policy set, it is telling the PDP to use an external policy in
+ * the current policy. Each time the PDP needs to evaluate that policy
+ * reference, it asks the policy finder for the policy. Typically the policy
+ * finder will have cached the referenced policy, so this isn't too slow.
+ * 
+ * NOTE: all of the accessor methods, the match method, and the evaluate
method
+ * require this class to ask its <code>PolicyFinder</code> for the referenced
+ * policy, which can be a slow operation. Care should be taken, therefore in
+ * calling these methods too often. Also note that it's not safe to cache the
+ * results of these calls, since the referenced policy may change.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class PolicyReference extends AbstractPolicy
+{
+
+ /**
+ * Identifies this as a reference to a <code>Policy</code>
+ */
+ public static final int POLICY_REFERENCE = 0;
+
+ /**
+ * Identifies this as a reference to a <code>PolicySet</code>
+ */
+ public static final int POLICYSET_REFERENCE = 1;
+
+ // the reference
+ private URI reference;
+
+ // the reference type
+ private int policyType;
+
+ // the finder to use in finding the referenced policy
+ private PolicyFinder finder;
+
+ // the logger we'll use for all messages
+ private static final Logger logger =
+ Logger.getLogger(PolicyReference.class.getName());
+
+ /**
+ * Creates a new <code>PolicyReference</code>.
+ *
+ * @param reference the reference to the policy
+ * @param policyType one of the two fields in this class
+ * @param finder the <code>PolicyFinder</code> used to handle the
reference
+ *
+ * @throws IllegalArgumentException if the input policyType isn't valid
+ */
+ public PolicyReference(URI reference, int policyType,
+ PolicyFinder finder)
+ throws IllegalArgumentException{
+
+ // check if input policyType is a valid value
+ if ((policyType != POLICY_REFERENCE) &&
+ (policyType != POLICYSET_REFERENCE))
+ throw new IllegalArgumentException("Input policyType is not a" +
+ "valid value");
+
+ this.reference = reference;
+ this.policyType = policyType;
+ this.finder = finder;
+ }
+
+ /**
+ * Creates an instance of a <code>PolicyReference</code> object based on
+ * a DOM node.
+ *
+ * @param root the DOM root of a PolicyIdReference or a
+ * PolicySetIdReference XML type
+ * @param finder the <code>PolicyFinder</code> used to handle the
reference
+ *
+ * @exception ParsingException if the node is invalid
+ */
+ public static PolicyReference getInstance(Node root, PolicyFinder finder)
+ throws ParsingException
+ {
+ URI reference = null;
+ int policyType;
+
+ String name = root.getNodeName();
+ if (name.equals("PolicyIdReference")) {
+ policyType = POLICY_REFERENCE;
+ } else if (name.equals("PolicySetIdReference")) {
+ policyType = POLICYSET_REFERENCE;
+ } else {
+ throw new ParsingException("Unknown reference type: " + name);
+ }
+
+ try {
+ reference = new URI(root.getFirstChild().getNodeValue());
+ } catch (Exception e) {
+ throw new ParsingException("Invalid URI in Reference", e);
+ }
+
+ return new PolicyReference(reference, policyType, finder);
+ }
+
+ /**
+ * Returns the id of this policy. If the policy is invalid or can't be
+ * retrieved, then a runtime exception is thrown.
+ *
+ * @return the policy id
+ *
+ * @throws ProcessingException if the referenced policy can't be
retrieved
+ */
+ public URI getId() {
+ return resolvePolicy().getId();
+ }
+
+ /**
+ * Returns the combining algorithm used by this policy. If the policy is
+ * invalid or can't be retrieved, then a runtime exception is thrown.
+ *
+ * @return the combining algorithm
+ *
+ * @throws ProcessingException if the referenced policy can't be
retrieved
+ */
+ public CombiningAlgorithm getCombiningAlg() {
+ return resolvePolicy().getCombiningAlg();
+ }
+
+ /**
+ * Returns the given description of this policy or null if there is no
+ * description. If the policy is invalid or can't be retrieved, then a
+ * runtime exception is thrown.
+ *
+ * @return the description or null
+ *
+ * @throws ProcessingException if the referenced policy can't be
retrieved
+ */
+ public String getDescription() {
+ return resolvePolicy().getDescription();
+ }
+
+ /**
+ * Returns the target for this policy. If the policy is invalid or can't
be
+ * retrieved, then a runtime exception is thrown.
+ *
+ * @return the policy's target
+ *
+ * @throws ProcessingException if the referenced policy can't be
retrieved
+ */
+ public Target getTarget() {
+ return resolvePolicy().getTarget();
+ }
+
+ /**
+ * Returns the default version for this policy. If the policy is
+ * invalid or can't be retrieved, then a runtime exception is thrown.
+ *
+ * @return the policy's default version
+ *
+ * @throws ProcessingException if the referenced policy can't be
retrieved
+ */
+ public String getDefaultVersion() {
+ return resolvePolicy().getDefaultVersion();
+ }
+
+ /**
+ * Returns the child policy nodes under this node in the policy tree. If
+ * the policy is invalid or can't be retrieved, then a runtime exception
+ * is thrown.
+ *
+ * @return the <code>List</code> of child policy nodes
+ *
+ * @throws ProcessingException if the referenced policy can't be
retrieved
+ */
+ public List getChildren() {
+ return resolvePolicy().getChildren();
+ }
+
+ /**
+ * Returns the Set of obligations for this policy, which may be empty if
+ * there are no obligations. If the policy is invalid or can't be
+ * retrieved, then a runtime exception is thrown.
+ *
+ * @return the policy's obligations
+ *
+ * @throws ProcessingException if the referenced policy can't be
retrieved
+ */
+ public Set getObligations() {
+ return resolvePolicy().getObligations();
+ }
+
+ /**
+ * Given the input context sees whether or not the request matches this
+ * policy. This must be called by combining algorithms before they
+ * evaluate a policy. This is also used in the initial policy finding
+ * operation to determine which top-level policies might apply to the
+ * request. If the policy is invalid or can't be retrieved, then a
+ * runtime exception is thrown.
+ *
+ * @param context the representation of the request
+ *
+ * @return the result of trying to match the policy and the request
+ */
+ public MatchResult match(EvaluationCtx context) {
+ try {
+ return getTarget().match(context);
+ } catch (ProcessingException pe) {
+ // this means that we couldn't resolve the policy
+ ArrayList code = new ArrayList();
+ code.add(Status.STATUS_PROCESSING_ERROR);
+ Status status = new Status(code, "couldn't resolve policy ref");
+ return new MatchResult(MatchResult.INDETERMINATE, status);
+ }
+ }
+
+ /**
+ * Private helper method that tried to resolve the policy
+ */
+ private AbstractPolicy resolvePolicy() {
+ // see if this reference was setup with a finder
+ if (finder == null) {
+ if (logger.isLoggable(Level.WARNING))
+ logger.warning("PolicyReference with id " +
+ reference.toString() + " was queried but was
" +
+ "not configured with a PolicyFinder");
+
+ throw new ProcessingException("couldn't find the policy with " +
+ "a null finder");
+ }
+
+ PolicyFinderResult pfr = finder.findPolicy(reference, policyType);
+
+ if (pfr.notApplicable())
+ throw new ProcessingException("couldn't resolve the policy");
+
+ if (pfr.indeterminate())
+ throw new ProcessingException("error resolving the policy");
+
+ return pfr.getPolicy();
+ }
+
+ /**
+ * Tries to evaluate the policy by calling the combining algorithm on
+ * the given policies or rules. The <code>match</code> method must always
+ * be called first, and must always return MATCH, before this method
+ * is called.
+ *
+ * @param context the representation of the request
+ *
+ * @return the result of evaluation
+ */
+ public Result evaluate(EvaluationCtx context) {
+ // if there is no finder, then we return NotApplicable
+ if (finder == null)
+ return new Result(Result.DECISION_NOT_APPLICABLE,
+ context.getResourceId().encode());
+
+ PolicyFinderResult pfr = finder.findPolicy(reference, policyType);
+
+ // if we found nothing, then we return NotApplicable
+ if (pfr.notApplicable())
+ return new Result(Result.DECISION_NOT_APPLICABLE,
+ context.getResourceId().encode());
+
+ // if there was an error, we return that status data
+ if (pfr.indeterminate())
+ return new Result(Result.DECISION_INDETERMINATE, pfr.getStatus(),
+ context.getResourceId().encode());
+
+ // we must have found a policy
+ return pfr.getPolicy().evaluate(context);
+ }
+
+ /**
+ * Encodes this <code>PolicyReference</code> into its XML representation
+ * and writes this encoding to the given <code>OutputStream</code> with
+ * no indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ */
+ public void encode(OutputStream output) {
+ encode(output, new Indenter(0));
+ }
+
+ /**
+ * Encodes this <code>PolicyReference</code> into its XML representation
+ * and writes this encoding to the given <code>OutputStream</code> with
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ * @param indenter an object that creates indentation strings
+ */
+ public void encode(OutputStream output, Indenter indenter) {
+ PrintStream out = new PrintStream(output);
+ String encoded = indenter.makeString();
+
+ if (policyType == POLICY_REFERENCE) {
+ out.println(encoded + "<PolicyIdReference>" +
+ reference.toString() + "</PolicyIdReference>");
+ } else {
+ out.println(encoded + "<PolicySetIdReference>" +
+ reference.toString() + "</PolicySetIdReference>");
+ }
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/PolicySet.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/PolicySet.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/PolicySet.java 2010-06-18
08:40:01 UTC (rev 5711)
@@ -0,0 +1,317 @@
+
+/*
+ * @(#)PolicySet.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml;
+
+import com.sun.xacml.combine.PolicyCombiningAlgorithm;
+
+import com.sun.xacml.ctx.Result;
+
+import com.sun.xacml.finder.PolicyFinder;
+
+import java.io.OutputStream;
+import java.io.PrintStream;
+
+import java.net.URI;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+
+/**
+ * Represents one of the two top-level constructs in XACML, the
PolicySetType.
+ * This can contain other policies and policy sets, and can also contain
+ * URIs that point to policies and policy sets.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class PolicySet extends AbstractPolicy
+{
+
+ /**
+ * Creates a new <code>PolicySet</code> with only the required elements.
+ *
+ * @param id the policy set identifier
+ * @param combiningAlg the <code>CombiningAlgorithm</code> used on the
+ * policies in this set
+ * @param target the <code>Target</code> for this set
+ */
+ public PolicySet(URI id, PolicyCombiningAlgorithm combiningAlg,
+ Target target) {
+ this(id, combiningAlg, null, target, null, null, null);
+ }
+
+ /**
+ * Creates a new <code>PolicySet</code> with only the required elements,
+ * plus some policies.
+ *
+ * @param id the policy set identifier
+ * @param combiningAlg the <code>CombiningAlgorithm</code> used on the
+ * policies in this set
+ * @param target the <code>Target</code> for this set
+ * @param policies a list of <code>AbstractPolicy</code> objects
+ *
+ * @throws IllegalArgumentException if the <code>List</code> of policies
+ * contains an object that is not an
+ * <code>AbstractPolicy</code>
+ */
+ public PolicySet(URI id, PolicyCombiningAlgorithm combiningAlg,
+ Target target, List policies) {
+ this(id, combiningAlg, null, target, policies, null, null);
+ }
+
+ /**
+ * Creates a new <code>PolicySet</code> with the required elements plus
+ * some policies and policy defaults.
+ *
+ * @param id the policy set identifier
+ * @param combiningAlg the <code>CombiningAlgorithm</code> used on the
+ * policies in this set
+ * @param target the <code>Target</code> for this set
+ * @param policies a list of <code>AbstractPolicy</code> objects
+ * @param defaultVersion the XPath version to use
+ *
+ * @throws IllegalArgumentException if the <code>List</code> of policies
+ * contains an object that is not an
+ * <code>AbstractPolicy</code>
+ */
+ public PolicySet(URI id, PolicyCombiningAlgorithm combiningAlg,
+ Target target, List policies, String defaultVersion) {
+ this(id, combiningAlg, null, target, policies, defaultVersion, null);
+ }
+
+ /**
+ * Creates a new <code>PolicySet</code> with the required elements plus
+ * some policies and a String description.
+ *
+ * @param id the policy set identifier
+ * @param combiningAlg the <code>CombiningAlgorithm</code> used on the
+ * policies in this set
+ * @param description a <code>String</code> describing the policy
+ * @param target the <code>Target</code> for this set
+ * @param policies a list of <code>AbstractPolicy</code> objects
+ *
+ * @throws IllegalArgumentException if the <code>List</code> of policies
+ * contains an object that is not an
+ * <code>AbstractPolicy</code>
+ */
+ public PolicySet(URI id, PolicyCombiningAlgorithm combiningAlg,
+ String description, Target target, List policies) {
+ this(id, combiningAlg, description, target, policies, null, null);
+ }
+
+ /**
+ * Creates a new <code>PolicySet</code> with the required elements plus
+ * some policies, a String description, and policy defaults.
+ *
+ * @param id the policy set identifier
+ * @param combiningAlg the <code>CombiningAlgorithm</code> used on the
+ * policies in this set
+ * @param description a <code>String</code> describing the policy
+ * @param target the <code>Target</code> for this set
+ * @param policies a list of <code>AbstractPolicy</code> objects
+ * @param defaultVersion the XPath version to use
+ *
+ * @throws IllegalArgumentException if the <code>List</code> of policies
+ * contains an object that is not an
+ * <code>AbstractPolicy</code>
+ */
+ public PolicySet(URI id, PolicyCombiningAlgorithm combiningAlg,
+ String description, Target target, List policies,
+ String defaultVersion) {
+ this(id, combiningAlg, description, target, policies, defaultVersion,
+ null);
+ }
+
+ /**
+ * Creates a new <code>PolicySet</code> with the required elements plus
+ * some policies, a String description, policy defaults, and obligations.
+ *
+ * @param id the policy set identifier
+ * @param combiningAlg the <code>CombiningAlgorithm</code> used on the
+ * policies in this set
+ * @param description a <code>String</code> describing the policy
+ * @param target the <code>Target</code> for this set
+ * @param policies a list of <code>AbstractPolicy</code> objects
+ * @param defaultVersion the XPath version to use
+ * @param obligations a set of <code>Obligation</code> objects
+ *
+ * @throws IllegalArgumentException if the <code>List</code> of policies
+ * contains an object that is not an
+ * <code>AbstractPolicy</code>
+ */
+ public PolicySet(URI id, PolicyCombiningAlgorithm combiningAlg,
+ String description, Target target, List policies,
+ String defaultVersion, Set obligations) {
+ super(id, combiningAlg, description, target, defaultVersion,
+ obligations);
+
+ // check that the list contains only AbstractPolicy objects
+ if (policies != null) {
+ Iterator it = policies.iterator();
+ while (it.hasNext()) {
+ Object o = it.next();
+ if (! (o instanceof AbstractPolicy))
+ throw new IllegalArgumentException("non-AbstractPolicy "
+
+ "in policies");
+ }
+ }
+
+ setChildren(policies);
+ }
+
+ /**
+ * Creates a new PolicySet based on the given root node. This is
+ * private since every class is supposed to use a getInstance() method
+ * to construct from a Node, but since we want some common code in the
+ * parent class, we need this functionality in a constructor.
+ */
+ private PolicySet(Node root, PolicyFinder finder) throws
ParsingException {
+ super(root, "PolicySet", "PolicyCombiningAlgId");
+
+ List policies = new ArrayList();
+
+ NodeList children = root.getChildNodes();
+ for (int i = 0; i < children.getLength(); i++) {
+ Node child = children.item(i);
+ String name = child.getNodeName();
+
+ if (name.equals("PolicySet")) {
+ policies.add(PolicySet.getInstance(child, finder));
+ } else if (name.equals("Policy")) {
+ policies.add(Policy.getInstance(child));
+ } else if (name.equals("PolicySetIdReference")) {
+ policies.add(PolicyReference.getInstance(child, finder));
+ } else if (name.equals("PolicyIdReference")) {
+ policies.add(PolicyReference.getInstance(child, finder));
+ }
+ }
+
+ setChildren(policies);
+ }
+
+ /**
+ * Creates an instance of a <code>PolicySet</code> object based on a
+ * DOM node. The node must be the root of PolicySetType XML object,
+ * otherwise an exception is thrown. This <code>PolicySet</code> will
+ * not support references because it has no <code>PolicyFinder</code>.
+ *
+ * @param root the DOM root of a PolicySetType XML type
+ *
+ * @throws ParsingException if the PolicySetType is invalid
+ */
+ public static PolicySet getInstance(Node root) throws ParsingException {
+ return getInstance(root, null);
+ }
+
+ /**
+ * Creates an instance of a <code>PolicySet</code> object based on a
+ * DOM node. The node must be the root of PolicySetType XML object,
+ * otherwise an exception is thrown. The finder is used to handle
+ * policy references.
+ *
+ * @param root the DOM root of a PolicySetType XML type
+ * @param finder the <code>PolicyFinder</code> used to handle references
+ *
+ * @throws ParsingException if the PolicySetType is invalid
+ */
+ public static PolicySet getInstance(Node root, PolicyFinder finder)
+ throws ParsingException
+ {
+ // first off, check that it's the right kind of node
+ if (! root.getNodeName().equals("PolicySet")) {
+ throw new ParsingException("Cannot create PolicySet from root
of" +
+ " type " + root.getNodeName());
+ }
+
+ return new PolicySet(root, finder);
+ }
+
+ /**
+ * Encodes this <code>PolicySet</code> into its XML representation and
+ * writes this encoding to the given <code>OutputStream</code> with no
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ */
+ public void encode(OutputStream output) {
+ encode(output, new Indenter(0));
+ }
+
+ /**
+ * Encodes this <code>PolicySet</code> into its XML representation and
+ * writes this encoding to the given <code>OutputStream</code> with
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ * @param indenter an object that creates indentation strings
+ */
+ public void encode(OutputStream output, Indenter indenter) {
+ PrintStream out = new PrintStream(output);
+ String indent = indenter.makeString();
+
+ out.println(indent + "<PolicySet PolicySetId=\"" +
getId().toString() +
+ "\" PolicyCombiningAlgId=\"" +
+ getCombiningAlg().getIdentifier().toString() +
+ "\">");
+
+ indenter.in();
+ String nextIndent = indenter.makeString();
+
+ String description = getDescription();
+ if (description != null)
+ out.println(nextIndent + "<Description>" + description +
+ "</Description>");
+
+ String version = getDefaultVersion();
+ if (version != null)
+ out.println("<PolicySetDefaults><XPathVersion>" + version +
+ "</XPathVersion></PolicySetDefaults>");
+
+ encodeCommonElements(output, indenter);
+
+ indenter.out();
+ out.println(indent + "</PolicySet>");
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/PolicyTreeElement.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/PolicyTreeElement.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/PolicyTreeElement.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,135 @@
+
+/*
+ * @(#)PolicyTreeElement.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml;
+
+import com.sun.xacml.ctx.Result;
+
+import java.io.OutputStream;
+
+import java.net.URI;
+
+import java.util.List;
+
+
+/**
+ * This represents a single node in a policy tree. A node is either a policy
+ * set, a policy, or a rule. This interface is used to interact with these
+ * node types in a general way. Note that rules are leaf nodes in a policy
+ * tree as they never contain children.
+ *
+ * @since 1.1
+ * @author seth proctor
+ */
+public interface PolicyTreeElement
+{
+
+ /**
+ * Returns the <code>List</code> of <code>PolicyTreeElement</code>
objects
+ * that are the children of this node. If this node has no children then
+ * this list is empty. The children are returned as a <code>List</code>
+ * instead of some unordered collection because in cases like combining
+ * or evaluation the order is often important.
+ *
+ * @return the non-null <code>List</code> of children of this node
+ */
+ public List getChildren();
+
+ /**
+ * Returns the given description of this element or null if
+ * there is no description
+ *
+ * @return the description or null
+ */
+ public String getDescription();
+
+ /**
+ * Returns the id of this element
+ *
+ * @return the element's identifier
+ */
+ public URI getId();
+
+ /**
+ * Returns the target for this element or null if there
+ * is no target
+ *
+ * @return the element's target
+ */
+ public Target getTarget();
+
+ /**
+ * Given the input context sees whether or not the request matches this
+ * element's target. The rules for matching are different depending on
+ * the type of element being matched.
+ *
+ * @param context the representation of the request
+ *
+ * @return the result of trying to match this element and the request
+ */
+ public MatchResult match(EvaluationCtx context);
+
+ /**
+ * Evaluates this element in the policy tree, and therefore all elements
+ * underneath this element. The rules for evaluation are different
+ * depending on the type of element being evaluated.
+ *
+ * @param context the representation of the request we're evaluating
+ *
+ * @return the result of the evaluation
+ */
+ public Result evaluate(EvaluationCtx context);
+
+ /**
+ * Encodes this element into its XML representation and writes
+ * this encoding to the given <code>OutputStream</code> with no
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ */
+ public void encode(OutputStream output);
+
+ /**
+ * Encodes this element into its XML representation and writes
+ * this encoding to the given <code>OutputStream</code> with
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ * @param indenter an object that creates indentation strings
+ */
+ public void encode(OutputStream output, Indenter indenter);
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/ProcessingException.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/ProcessingException.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/ProcessingException.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,102 @@
+
+/*
+ * @(#)ProcessingException.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml;
+
+
+/**
+ * Runtime exception that's thrown if any unexpected error occurs. This could
+ * appear, for example, if you try to match a referernced policy that can't
+ * be resolved.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class ProcessingException extends RuntimeException
+{
+
+ /**
+ * Constructs a new <code>ProcessingException</code> with no message
+ * or cause.
+ */
+ public ProcessingException() {
+
+ }
+
+ /**
+ * Constructs a new <code>ProcessingException</code> with a message,
+ * but no cause. The message is saved for later retrieval by the
+ *
{@link
java.lang#Throwable.getMessage() Throwable.getMessage()}
+ * method.
+ *
+ * @param message the detail message (<code>null</code> if nonexistent
+ * or unknown)
+ */
+ public ProcessingException(String message) {
+ super(message);
+ }
+
+ /**
+ * Constructs a new <code>ProcessingException</code> with a cause,
+ * but no message. The cause is saved for later retrieval by the
+ *
{@link
java.lang#Throwable.getCause() Throwable.getCause()}
+ * method.
+ *
+ * @param cause the cause (<code>null</code> if nonexistent
+ * or unknown)
+ */
+ public ProcessingException(Throwable cause) {
+ super(cause);
+ }
+
+ /**
+ * Constructs a new <code>ProcessingException</code> with a message
+ * and a cause. The message and cause are saved for later retrieval
+ * by the
+ *
{@link
java.lang#Throwable.getMessage() Throwable.getMessage()} and
+ *
{@link
java.lang#Throwable.getCause() Throwable.getCause()}
+ * methods.
+ *
+ * @param message the detail message (<code>null</code> if nonexistent
+ * or unknown)
+ * @param cause the cause (<code>null</code> if nonexistent
+ * or unknown)
+ */
+ public ProcessingException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/Rule.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/Rule.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/Rule.java 2010-06-18
08:40:01 UTC (rev 5711)
@@ -0,0 +1,358 @@
+
+/*
+ * @(#)Rule.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml;
+
+import com.sun.xacml.attr.BooleanAttribute;
+
+import com.sun.xacml.cond.Apply;
+import com.sun.xacml.cond.EvaluationResult;
+
+import com.sun.xacml.ctx.Result;
+import com.sun.xacml.ctx.Status;
+
+import java.io.OutputStream;
+import java.io.PrintStream;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+
+/**
+ * Represents the RuleType XACML type. This has a target for matching, and
+ * encapsulates the condition and all sub-operations that make up the heart
+ * of most policies.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class Rule implements PolicyTreeElement
+{
+
+ // the attributes associated with this Rule
+ private URI idAttr;
+ private int effectAttr;
+
+ // the elements in the rule, each of which is optional
+ private String description = null;
+ private Target target = null;
+ private Apply condition = null;
+
+ /**
+ * Creates a new <code>Rule</code> object.
+ *
+ * @param id the rule's identifier
+ * @param effect the effect to return if the rule applies (either
+ * Pemit or Deny) as specified in <code>Result</code>
+ * @param description a textual description, or null
+ * @param target the rule's target, or null if the target is to be
+ * inherited from the encompassing policy
+ * @param condition the rule's condition, or null if there is none
+ */
+ public Rule(URI id, int effect, String description, Target target,
+ Apply condition) {
+ idAttr = id;
+ effectAttr = effect;
+ this.description = description;
+ this.target = target;
+ this.condition = condition;
+ }
+
+ /**
+ * Returns a new instance of the <code>Rule</code> class based on a
+ * DOM node. The node must be the root of an XML RuleType.
+ *
+ * @param root the DOM root of a RuleType XML type
+ * @param xpathVersion the XPath version to use in any selectors or XPath
+ * functions, or null if this is unspecified (ie, not
+ * supplied in the defaults section of the policy)
+ *
+ * @throws ParsingException if the RuleType is invalid
+ */
+ public static Rule getInstance(Node root, String xpathVersion)
+ throws ParsingException
+ {
+ URI id = null;
+ String name = null;
+ int effect = 0;
+ String description = null;
+ Target target = null;
+ Apply condition = null;
+
+ // first, get the attributes
+ NamedNodeMap attrs = root.getAttributes();
+
+ try {
+ // get the two required attrs...
+ id = new URI(attrs.getNamedItem("RuleId").getNodeValue());
+ } catch (URISyntaxException use) {
+ throw new ParsingException("Error parsing required attribute " +
+ "RuleId", use);
+ }
+
+ String str = attrs.getNamedItem("Effect").getNodeValue();
+ if (str.equals("Permit")) {
+ effect = Result.DECISION_PERMIT;
+ } else if (str.equals("Deny")) {
+ effect = Result.DECISION_DENY;
+ } else {
+ throw new ParsingException("Invalid Effect: " + effect);
+ }
+
+ // next, get the elements
+ NodeList children = root.getChildNodes();
+ for (int i = 0; i < children.getLength(); i++) {
+ Node child = children.item(i);
+ String cname = child.getNodeName();
+
+ if (cname.equals("Description")) {
+ description = child.getFirstChild().getNodeValue();
+ } else if (cname.equals("Target")) {
+ target = Target.getInstance(child, xpathVersion);
+ } else if (cname.equals("Condition")) {
+ condition = Apply.getConditionInstance(child, xpathVersion);
+ }
+ }
+
+ return new Rule(id, effect, description, target, condition);
+ }
+
+ /**
+ * Returns the effect that this <code>Rule</code> will return from
+ * the evaluate method (Permit or Deny) if the request applies.
+ *
+ * @return a decision effect, as defined in <code>Result</code>
+ */
+ public int getEffect() {
+ return effectAttr;
+ }
+
+ /**
+ * Returns the id of this <code>Rule</code>
+ *
+ * @return the rule id
+ */
+ public URI getId() {
+ return idAttr;
+ }
+
+ /**
+ * Returns the given description of this <code>Rule</code> or null if
+ * there is no description
+ *
+ * @return the description or null
+ */
+ public String getDescription() {
+ return description;
+ }
+
+ /**
+ * Returns the target for this <code>Rule</code> or null if there
+ * is no target
+ *
+ * @return the rule's target
+ */
+ public Target getTarget() {
+ return target;
+ }
+
+ /**
+ * Since a rule is always a leaf in a policy tree because it can have
+ * no children, this always returns an empty <code>List</code>.
+ *
+ * @return a <code>List</code> with no elements
+ */
+ public List getChildren() {
+ return Collections.EMPTY_LIST;
+ }
+
+ /**
+ * Returns the condition for this <code>Rule</code> or null if there
+ * is no condition
+ *
+ * @return the rule's condition
+ */
+ public Apply getCondition() {
+ return condition;
+ }
+
+ /**
+ * Given the input context sees whether or not the request matches this
+ * <code>Rule</code>'s <code>Target</code>. Note that unlike the matching
+ * done by the <code>evaluate</code> method, if the <code>Target</code>
+ * is missing than this will return Indeterminate. This lets you write
+ * your own custom matching routines for rules but lets evaluation
+ * proceed normally.
+ *
+ * @param context the representation of the request
+ *
+ * @return the result of trying to match this rule and the request
+ */
+ public MatchResult match(EvaluationCtx context) {
+ if (target == null) {
+ ArrayList code = new ArrayList();
+ code.add(Status.STATUS_PROCESSING_ERROR);
+ Status status = new Status(code, "no target available for " +
+ "matching a rule");
+
+ return new MatchResult(MatchResult.INDETERMINATE, status);
+ }
+
+ return target.match(context);
+ }
+
+ /**
+ * Evaluates the rule against the supplied context. This will check that
+ * the target matches, and then try to evaluate the condition. If the
+ * target and condition apply, then the rule's effect is returned in
+ * the result.
+ * 
+ * Note that rules are not required to have targets. If no target is
+ * specified, then the rule inherits its parent's target. In the event
+ * that this <code>Rule</code> has no <code>Target</code> then the
+ * match is assumed to be true, since evaluating a policy tree to this
+ * level required the parent's target to match.
+ *
+ * @param context the representation of the request we're evaluating
+ *
+ * @return the result of the evaluation
+ */
+ public Result evaluate(EvaluationCtx context) {
+ // If the Target is null then it's supposed to inherit from the
+ // parent policy, so we skip the matching step assuming we wouldn't
+ // be here unless the parent matched
+ if (target != null) {
+ MatchResult match = target.match(context);
+ int result = match.getResult();
+
+ // if the target didn't match, then this Rule doesn't apply
+ if (result == MatchResult.NO_MATCH)
+ return new Result(Result.DECISION_NOT_APPLICABLE,
+ context.getResourceId().encode());
+
+ // if the target was indeterminate, we can't go on
+ if (result == MatchResult.INDETERMINATE)
+ return new Result(Result.DECISION_INDETERMINATE,
+ match.getStatus(),
+ context.getResourceId().encode());
+ }
+
+ // if there's no condition, then we just return the effect...
+ if (condition == null)
+ return new Result(effectAttr, context.getResourceId().encode());
+
+ // ...otherwise we evaluate the condition
+ EvaluationResult result = condition.evaluate(context);
+
+ if (result.indeterminate()) {
+ // if it was INDETERMINATE, then that's what we return
+ return new Result(Result.DECISION_INDETERMINATE,
+ result.getStatus(),
+ context.getResourceId().encode());
+ } else {
+ // otherwise we return the effect on tue, and NA on false
+ BooleanAttribute bool =
+ (BooleanAttribute)(result.getAttributeValue());
+
+ if (bool.getValue())
+ return new Result(effectAttr,
+ context.getResourceId().encode());
+ else
+ return new Result(Result.DECISION_NOT_APPLICABLE,
+ context.getResourceId().encode());
+ }
+ }
+
+ /**
+ * Encodes this <code>Rule</code> into its XML representation and writes
+ * this encoding to the given <code>OutputStream</code> with no
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ */
+ public void encode(OutputStream output) {
+ encode(output, new Indenter(0));
+ }
+
+ /**
+ * Encodes this <code>Rule</code> into its XML representation and writes
+ * this encoding to the given <code>OutputStream</code> with
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ * @param indenter an object that creates indentation strings
+ */
+ public void encode(OutputStream output, Indenter indenter) {
+ PrintStream out = new PrintStream(output);
+ String indent = indenter.makeString();
+
+ out.print(indent + "<Rule RuleId=\"" + idAttr.toString() +
+ "\" Effect=\"" + Result.DECISIONS[effectAttr] + "\"");
+
+ if ((description != null) || (target != null) || (condition !=
null)) {
+ // there is some content in the Rule
+ out.println(">");
+
+ indenter.in();
+ String nextIndent = indenter.makeString();
+
+ if (description != null)
+ out.println(nextIndent + "<Description>" + description +
+ "</Description>");
+
+ if (target != null)
+ target.encode(output, indenter);
+
+ if (condition != null)
+ condition.encode(output, indenter);
+
+ indenter.out();
+ out.println(indent + "</Rule>");
+ } else {
+ // the Rule is empty, so close the tag and we're done
+ out.println("/>");
+ }
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/Target.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/Target.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/Target.java 2010-06-18
08:40:01 UTC (rev 5711)
@@ -0,0 +1,414 @@
+
+/*
+ * @(#)Target.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml;
+
+import com.sun.xacml.ctx.Status;
+
+import java.io.OutputStream;
+import java.io.PrintStream;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+
+/**
+ * Represents the TargetType XML type in XACML. This also stores several
+ * other XML types: Subjects, Resources, and Actions. The target is
+ * used to quickly identify whether the parent element (a policy set,
+ * policy, or rule) is applicable to a given request.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class Target
+{
+
+ // the elements in a Target, all of which are required
+ private List subjects;
+ private List resources;
+ private List actions;
+
+ // the logger we'll use for all messages
+ private static final Logger logger =
+ Logger.getLogger(Target.class.getName());
+
+ /**
+ * Constructor that creates a <code>Target</code> from components.
+ *
+ * @param subjects A <code>List</code> containing the subjects or null
+ * if this represents AnySubject. The list is of the
+ * form described in <code>getSubjects</code>.
+ * @param resources A <code>List</code> containing the resources or null
+ * if this represents AnyResource The list is of the
+ * form described in <code>getResources</code>.
+ * @param actions A <code>List</code> containing the actions or null
+ * if this represents AnyAction The list is of the
+ * form described in <code>getActions</code>.
+ */
+ public Target(List subjects, List resources, List actions) {
+ if (subjects == null)
+ this.subjects = subjects;
+ else
+ this.subjects = Collections.
+ unmodifiableList(new ArrayList(subjects));
+
+ if (resources == null)
+ this.resources = resources;
+ else
+ this.resources = Collections.
+ unmodifiableList(new ArrayList(resources));
+
+ if (actions == null)
+ this.actions = actions;
+ else
+ this.actions = Collections.
+ unmodifiableList(new ArrayList(actions));
+ }
+
+ /**
+ * Creates a <code>Target</code> by parsing a node.
+ *
+ * @param root the node to parse for the <code>Target</code>
+ * @param xpathVersion the XPath version to use in any selectors, or
+ * null if this is unspecified (ie, not supplied in
+ * the defaults section of the policy)
+ *
+ * @return a new <code>Target</code> constructed by parsing
+ *
+ * @throws ParsingException if the DOM node is invalid
+ */
+ public static Target getInstance(Node root, String xpathVersion)
+ throws ParsingException
+ {
+ List subjects = null;
+ List resources = null;
+ List actions = null;
+
+ NodeList children = root.getChildNodes();
+ for (int i = 0; i < children.getLength(); i++) {
+ Node child = children.item(i);
+ String name = child.getNodeName();
+
+ if (name.equals("Subjects")) {
+ subjects = getAttributes(child, "Subject", xpathVersion);
+ } else if (name.equals("Resources")) {
+ resources = getAttributes(child, "Resource", xpathVersion);
+ } else if (name.equals("Actions")) {
+ actions = getAttributes(child, "Action", xpathVersion);
+ }
+ }
+
+ return new Target(subjects, resources, actions);
+ }
+
+ /**
+ * Helper method that parses the contents of the Subjects,
+ * Resources, or Actions types, depending on the input prefix,
+ * which must be either "Subject", "Resource", or "Action".
+ * A null List specifies any attributes will match;
+ * it represents AnySubject, AnyResource, or AnyAction.
+ */
+ private static List getAttributes(Node root, String prefix,
+ String xpathVersion)
+ throws ParsingException
+ {
+ List matches = new ArrayList();
+ NodeList children = root.getChildNodes();
+
+ for (int i = 0; i < children.getLength(); i++) {
+ Node child = children.item(i);
+ String name = child.getNodeName();
+
+ if (name.equals(prefix)) {
+ matches.add(getMatches(child, prefix, xpathVersion));
+ } else if (name.equals("Any" + prefix)) {
+ return null;
+ }
+ }
+
+ return matches;
+ }
+
+ /**
+ * Helper method that parses the contents of a SubjectMatch,
+ * ResourceMatch, or ActionMatch type, depending on the input
+ * prefix, which must be either "Subject", "Resource" or "Action"
+ */
+ private static List getMatches(Node root, String prefix,
+ String xpathVersion)
+ throws ParsingException
+ {
+ List list = new ArrayList();
+ NodeList children = root.getChildNodes();
+
+ for (int i = 0; i < children.getLength(); i++) {
+ Node child = children.item(i);
+ String name = child.getNodeName();
+
+ if (name.equals(prefix + "Match"))
+ list.add(TargetMatch.getInstance(child, prefix,
xpathVersion));
+ }
+
+ return Collections.unmodifiableList(list);
+ }
+
+ /**
+ * Returns an unmodifiable <code>List</code> that represents the Subjects
+ * section of this target. Each entry in the <code>List</code> is
+ * another <code>List</code> that represents the Subject section. In
turn,
+ * each of these <code>List</code>s contains <code>TargetMatch</code>
+ * objects that represent SubjectMatch XML structures.
+ * 
+ * Note that future versions of this code may use intermediary classes to
+ * make the structure clearer, but this depends on the future structure
+ * of XACML Targets.
+ *
+ * @return the matching elements or null of the match is any
+ */
+ public List getSubjects() {
+ return subjects;
+ }
+
+ /**
+ * Returns an unmodifiable <code>List</code> that represents the
Resources
+ * section of this target. Each entry in the <code>List</code> is
+ * another <code>List</code> that represents the Resource section. In
turn,
+ * each of these <code>List</code>s contains <code>TargetMatch</code>
+ * objects that represent ResourceMatch XML structures.
+ * 
+ * Note that future versions of this code may use intermediary classes to
+ * make the structure clearer, but this depends on the future structure
+ * of XACML Targets.
+ *
+ * @return the matching elements or null of the match is any
+ */
+ public List getResources() {
+ return resources;
+ }
+
+ /**
+ * Returns an unmodifiable <code>List</code> that represents the Actions
+ * section of this target. Each entry in the <code>List</code> is
+ * another <code>List</code> that represents the Action section. In turn,
+ * each of these <code>List</code>s contains <code>TargetMatch</code>
+ * objects that represent ActionMatch XML structures.
+ * 
+ * Note that future versions of this code may use intermediary classes to
+ * make the structure clearer, but this depends on the future structure
+ * of XACML Targets.
+ *
+ * @return the matching elements or null of the match is any
+ */
+ public List getActions() {
+ return actions;
+ }
+
+ /**
+ * Determines whether this <code>Target</code> matches
+ * the input request (whether it is applicable).
+ *
+ * @param context the representation of the request
+ *
+ * @return the result of trying to match the target and the request
+ */
+ public MatchResult match(EvaluationCtx context) {
+ // first look to see if there are any subjects to match
+ if (subjects != null) {
+ MatchResult result = checkSet(subjects, context);
+ if (result.getResult() != MatchResult.MATCH) {
+ logger.finer("failed to match Subjects section of Target");
+ return result;
+ }
+ }
+
+ // now look to see if there is a resource to match
+ if (resources != null) {
+ MatchResult result = checkSet(resources, context);
+ if (result.getResult() != MatchResult.MATCH) {
+ logger.finer("failed to match Resources section of Target");
+ return result;
+ }
+ }
+
+ // finally, see if there are any actions to match
+ if (actions != null) {
+ MatchResult result = checkSet(actions, context);
+ if (result.getResult() != MatchResult.MATCH) {
+ logger.finer("failed to match Actions section of Target");
+ return result;
+ }
+ }
+
+ // if we got here, then everything matched
+ return new MatchResult(MatchResult.MATCH);
+ }
+
+ /**
+ * Helper function that determines whether there is at least
+ * one positive match between each section of the Target element
+ * and the input request
+ */
+ private MatchResult checkSet(List matchList, EvaluationCtx context) {
+ Iterator it = matchList.iterator();
+ boolean allFalse = true;
+ Status firstIndeterminateStatus = null;
+
+ // for each item in this loop, there must be at least one match
+ while (it.hasNext()) {
+ // first off, get the next set of objects
+ List list = (List)(it.next());
+ Iterator it2 = list.iterator();
+ MatchResult result = null;
+
+ // now we go through the set, every one of which must match
+ while (it2.hasNext()) {
+ TargetMatch tm = (TargetMatch)(it2.next());
+ result = tm.match(context);
+ if (result.getResult() != MatchResult.MATCH)
+ break;
+ }
+
+ // if the last one was a MATCH, then all of the matches
+ // matched, so we're done
+ if (result.getResult() == MatchResult.MATCH)
+ return result;
+
+ // if we didn't match then it was either a NO_MATCH or
+ // INDETERMINATE...in the second case, we need to remember
+ // it happened, 'cause if we don't get a MATCH, then we'll
+ // be returning INDETERMINATE
+ if (result.getResult() == MatchResult.INDETERMINATE) {
+ allFalse = false;
+
+ if (firstIndeterminateStatus == null)
+ firstIndeterminateStatus = result.getStatus();
+ }
+ }
+
+ // if we got here, then none of the sub-matches passed, so
+ // we have to see if we got any INDETERMINATE cases
+ if (allFalse)
+ return new MatchResult(MatchResult.NO_MATCH);
+ else
+ return new MatchResult(MatchResult.INDETERMINATE,
+ firstIndeterminateStatus);
+ }
+
+ /**
+ * Encodes this <code>Target</code> into its XML representation and
writes
+ * this encoding to the given <code>OutputStream</code> with no
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ */
+ public void encode(OutputStream output) {
+ encode(output, new Indenter(0));
+ }
+
+ /**
+ * Encodes this <code>Target</code> into its XML representation and
writes
+ * this encoding to the given <code>OutputStream</code> with
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ * @param indenter an object that creates indentation strings
+ */
+ public void encode(OutputStream output, Indenter indenter) {
+ PrintStream out = new PrintStream(output);
+ String indent = indenter.makeString();
+
+ out.println(indent + "<Target>");
+ indenter.in();
+
+ encodeSection(out, indenter, "Subject", subjects);
+ encodeSection(out, indenter, "Resource", resources);
+ encodeSection(out, indenter, "Action", actions);
+
+ indenter.out();
+ out.println(indent + "</Target>");
+ }
+
+ /**
+ * Helper function that encodes a section of the target.
+ */
+ private void encodeSection(PrintStream output, Indenter indenter,
+ String name, List list) {
+ String indent = indenter.makeString();
+
+ output.println(indent + "<" + name + "s>");
+
+ indenter.in();
+ String indentNext = indenter.makeString();
+
+ if (list == null) {
+ // the match is any
+ output.println(indentNext + "<Any" + name + "/>");
+ } else {
+ String nextIndent = indenter.makeString();
+
+ Iterator it = list.iterator();
+ indenter.in();
+
+ while (it.hasNext()) {
+ List items = (List)(it.next());
+ output.println(indentNext + "<" + name + ">");
+
+ Iterator matchIterator = items.iterator();
+ while (matchIterator.hasNext()) {
+ TargetMatch tm = (TargetMatch)(matchIterator.next());
+ tm.encode(output, indenter);
+ }
+
+ output.println(indentNext + "</" + name + ">");
+ }
+
+ indenter.out();
+ }
+
+ indenter.out();
+ output.println(indent + "</" + name + "s>");
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/TargetMatch.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/TargetMatch.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/TargetMatch.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,397 @@
+
+/*
+ * @(#)TargetMatch.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeDesignator;
+import com.sun.xacml.attr.AttributeFactory;
+import com.sun.xacml.attr.AttributeSelector;
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.BagAttribute;
+import com.sun.xacml.attr.BooleanAttribute;
+
+import com.sun.xacml.cond.Evaluatable;
+import com.sun.xacml.cond.EvaluationResult;
+import com.sun.xacml.cond.Function;
+import com.sun.xacml.cond.FunctionFactory;
+import com.sun.xacml.cond.FunctionTypeException;
+
+import com.sun.xacml.ctx.Status;
+
+import java.io.OutputStream;
+import java.io.PrintStream;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+
+/**
+ * Represents the SubjectMatch, ResourceMatch, or ActionMatch XML types in
+ * XACML, depending on the value of the type field. This is the part of the
+ * Target that actually evaluates whether the specified attribute values in
the
+ * Target match the corresponding attribute values in the request context.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class TargetMatch
+{
+
+ /**
+ * An integer value indicating that this class represents a SubjectMatch
+ */
+ public static final int SUBJECT = 0;
+
+ /**
+ * An integer value indicating that this class represents a ResourceMatch
+ */
+ public static final int RESOURCE = 1;
+
+ /**
+ * An integer value indicating that this class represents an ActionMatch
+ */
+ public static final int ACTION = 2;
+
+ //
+ private int type;
+ private Function function;
+ private Evaluatable eval;
+ private AttributeValue attrValue;
+
+ /**
+ * Constructor that creates a <code>TargetMatch</code> from components.
+ *
+ * @param type an integer indicating whether this class represents a
+ * SubjectMatch, ResourceMatch, or ActionMatch
+ * @param function the <code>Function</code> that represents the MatchId
+ * @param eval the <code>AttributeDesignator</code> or
+ * <code>AttributeSelector</code> to be used to select
+ * attributes from the request context
+ * @param attrValue the <code>AttributeValue</code> to compare against
+ *
+ * @throws IllegalArgumentException if the input type isn't a valid value
+ */
+ public TargetMatch(int type, Function function, Evaluatable eval,
+ AttributeValue attrValue)
+ throws IllegalArgumentException {
+
+ // check if input type is a valid value
+ if ((type != SUBJECT) &&
+ (type != RESOURCE) &&
+ (type != ACTION))
+ throw new IllegalArgumentException("Unknown TargetMatch type");
+
+ this.type = type;
+ this.function = function;
+ this.eval = eval;
+ this.attrValue = attrValue;
+ }
+
+ /**
+ * Creates a <code>TargetMatch</code> by parsing a node, using the
+ * input prefix to determine whether this is a SubjectMatch,
ResourceMatch,
+ * or ActionMatch.
+ *
+ * @param root the node to parse for the <code>TargetMatch</code>
+ * @param prefix a String indicating what type of
<code>TargetMatch</code>
+ * to instantiate (Subject, Resource, or Action)
+ * @param xpathVersion the XPath version to use in any selectors, or
+ * null if this is unspecified (ie, not supplied in
+ * the defaults section of the policy)
+ *
+ * @return a new <code>TargetMatch</code> constructed by parsing
+ *
+ * @throws ParsingException if there was an error during parsing
+ * @throws IllegalArgumentException if the input prefix isn't a valid
value
+ */
+ public static TargetMatch getInstance(Node root, String prefix,
+ String xpathVersion)
+ throws ParsingException, IllegalArgumentException
+ {
+ int type;
+ Function function;
+ Evaluatable eval = null;
+ AttributeValue attrValue = null;
+
+ AttributeFactory attrFactory = AttributeFactory.getInstance();
+
+ // first off, figure out which of three types we are
+ if (prefix.equals("Subject")) {
+ type = SUBJECT;
+ } else if (prefix.equals("Resource")) {
+ type = RESOURCE;
+ } else if (prefix.equals("Action")) {
+ type = ACTION;
+ } else {
+ throw new IllegalArgumentException("Unknown TargetMatch type");
+ }
+
+ // now get the function type, making sure that it's really a correct
+ // Target function
+ String funcName = root.getAttributes().
+ getNamedItem("MatchId").getNodeValue();
+ FunctionFactory factory = FunctionFactory.getTargetInstance();
+ try {
+ URI funcId = new URI(funcName);
+ function = factory.createFunction(funcId);
+ } catch (URISyntaxException use) {
+ throw new ParsingException("Error parsing TargetMatch", use);
+ } catch (UnknownIdentifierException uie) {
+ throw new ParsingException("Unknown MatchId", uie);
+ } catch (FunctionTypeException fte) {
+ // try to create an abstract function
+ try {
+ URI funcId = new URI(funcName);
+ function = factory.createAbstractFunction(funcId, root);
+ } catch (Exception e) {
+ // any exception here is an error
+ throw new ParsingException("invalid abstract function", e);
+ }
+ }
+
+ // next, get the designator or selector being used, and the attribute
+ // value paired with it
+ NodeList nodes = root.getChildNodes();
+ for (int i = 0; i < nodes.getLength(); i++) {
+ Node node = nodes.item(i);
+ String name = node.getNodeName();
+
+ if (name.equals(prefix + "AttributeDesignator")) {
+ eval = AttributeDesignator.getInstance(node, type);
+ } else if (name.equals("AttributeSelector")) {
+ eval = AttributeSelector.getInstance(node, xpathVersion);
+ } else if (name.equals("AttributeValue")) {
+ try {
+ attrValue = attrFactory.createValue(node);
+ } catch (UnknownIdentifierException uie) {
+ throw new ParsingException("Unknown Attribute Type",
uie);
+ }
+ }
+ }
+
+ // finally, check that the inputs are valid for this function
+ List inputs = new ArrayList();
+ inputs.add(attrValue);
+ inputs.add(eval);
+ function.checkInputsNoBag(inputs);
+
+ return new TargetMatch(type, function, eval, attrValue);
+ }
+
+ /**
+ * Returns the type of this <code>TargetMatch</code>, either
+ * <code>SUBJECT</code>, <code>RESOURCE</code>, or <code>ACTION</code>.
+ *
+ * @return the type
+ */
+ public int getType() {
+ return type;
+ }
+
+ /**
+ * Returns the <code>Function</code> used to do the matching.
+ *
+ * @return the match function
+ */
+ public Function getMatchFunction() {
+ return function;
+ }
+
+ /**
+ * Returns the <code>AttributeValue</code> used by the matching function.
+ *
+ * @return the <code>AttributeValue</code> for the match
+ */
+ public AttributeValue getMatchValue() {
+ return attrValue;
+ }
+
+ /**
+ * Returns the <code>AttributeDesignator</code> or
+ * <code>AttributeSelector</code> used by the matching function.
+ *
+ * @return the designator or selector for the match
+ */
+ public Evaluatable getMatchEvaluatable() {
+ return eval;
+ }
+
+ /**
+ * Determines whether this <code>TargetMatch</code> matches
+ * the input request (whether it is applicable)
+ *
+ * @param context the representation of the request
+ *
+ * @return the result of trying to match the TargetMatch and the request
+ */
+ public MatchResult match(EvaluationCtx context) {
+ // start by evaluating the AD/AS
+ EvaluationResult result = eval.evaluate(context);
+
+ if (result.indeterminate()) {
+ // in this case, we don't ask the function for anything, and we
+ // simply return INDETERMINATE
+ return new MatchResult(MatchResult.INDETERMINATE,
+ result.getStatus());
+ }
+
+ // an AD/AS will always return a bag
+ BagAttribute bag = (BagAttribute)(result.getAttributeValue());
+
+ if (! bag.isEmpty()) {
+ // we got back a set of attributes, so we need to iterate through
+ // them, seeing if at least one matches
+ Iterator it = bag.iterator();
+ boolean atLeastOneError = false;
+ Status firstIndeterminateStatus = null;
+
+ while (it.hasNext()) {
+ ArrayList inputs = new ArrayList();
+
+ inputs.add(attrValue);
+ inputs.add(it.next());
+
+ // do the evaluation
+ MatchResult match = evaluateMatch(inputs, context);
+
+ // we only need one match for this whole thing to match
+ if (match.getResult() == MatchResult.MATCH)
+ return match;
+
+ // if it was INDETERMINATE, we want to remember for later
+ if (match.getResult() == MatchResult.INDETERMINATE) {
+ atLeastOneError = true;
+
+ // there are no rules about exactly what status data
+ // should be returned here, so like in the combining
+ // algs, we'll just track the first error
+ if (firstIndeterminateStatus == null)
+ firstIndeterminateStatus = match.getStatus();
+ }
+ }
+
+ // if we got here, then nothing matched, so we'll either return
+ // INDETERMINATE or NO_MATCH
+ if (atLeastOneError)
+ return new MatchResult(MatchResult.INDETERMINATE,
+ firstIndeterminateStatus);
+ else
+ return new MatchResult(MatchResult.NO_MATCH);
+
+ } else {
+ // this is just an optimization, since the loop above will
+ // actually handle this case, but this is just a little
+ // quicker way to handle an empty bag
+ return new MatchResult(MatchResult.NO_MATCH);
+ }
+ }
+
+ /**
+ * Private helper that evaluates an individual match.
+ */
+ private MatchResult evaluateMatch(List inputs, EvaluationCtx context) {
+ // first off, evaluate the function
+ EvaluationResult result = function.evaluate(inputs, context);
+
+ // if it was indeterminate, then that's what we return immediately
+ if (result.indeterminate())
+ return new MatchResult(MatchResult.INDETERMINATE,
+ result.getStatus());
+
+ // otherwise, we figure out if it was a match
+ BooleanAttribute bool =
(BooleanAttribute)(result.getAttributeValue());
+
+ if (bool.getValue())
+ return new MatchResult(MatchResult.MATCH);
+ else
+ return new MatchResult(MatchResult.NO_MATCH);
+ }
+
+ /**
+ * Encodes this <code>TargetMatch</code> into its XML representation and
+ * writes this encoding to the given <code>OutputStream</code> with no
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ */
+ public void encode(OutputStream output) {
+ encode(output, new Indenter(0));
+ }
+
+ /**
+ * Encodes this <code>TargetMatch</code> into its XML representation and
+ * writes this encoding to the given <code>OutputStream</code> with
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ * @param indenter an object that creates indentation strings
+ */
+ public void encode(OutputStream output, Indenter indenter) {
+ PrintStream out = new PrintStream(output);
+ String indent = indenter.makeString();
+ String tagName = null;
+
+ switch (type) {
+ case SUBJECT: tagName = "SubjectMatch";
+ break;
+ case RESOURCE: tagName = "ResourceMatch";
+ break;
+ case ACTION: tagName = "ActionMatch";
+ break;
+ }
+
+ out.println(indent + "<" + tagName + " MatchId=\"" +
+ function.getIdentifier().toString()+ "\">");
+ indenter.in();
+
+ attrValue.encode(output, indenter);
+ eval.encode(output, indenter);
+
+ indenter.out();
+ out.println(indent + "</" + tagName + ">");
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/UnknownIdentifierException.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/UnknownIdentifierException.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/UnknownIdentifierException.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,66 @@
+
+/*
+ * @(#)UnknownIdentifierException.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml;
+
+
+/**
+ * Exception that gets thrown if an unknown identifier was used, such as the
+ * identifier used in any of the standard factories.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class UnknownIdentifierException extends Exception
+{
+
+ /**
+ * Creates an <code>UnknownIdentifierException</code> with no data
+ */
+ public UnknownIdentifierException() {
+
+ }
+
+ /**
+ * Creates an <code>UnknownIdentifierException</code> with a message
+ *
+ * @param message the message
+ */
+ public UnknownIdentifierException(String message) {
+ super(message);
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/attr/AnyURIAttribute.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/attr/AnyURIAttribute.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/attr/AnyURIAttribute.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,186 @@
+
+/*
+ * @(#)AnyURIAttribute.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * Representation of an xs:anyURI value. This class supports parsing
+ * xs:anyURI values.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class AnyURIAttribute extends AttributeValue
+{
+
+ /**
+ * Official name of this type
+ */
+ public static final String identifier =
+ "http://www.w3.org/2001/XMLSchema#anyURI";;
+
+ //URI version of name for this type
+ private static URI identifierURI;
+
+ // RuntimeException that wraps an Exception thrown during the
+ // creation of identifierURI, null if none
+ private static RuntimeException earlyException;
+
+ /**
+ * Static initializer that initializes the identifierURI
+ * class field so that we can catch any exceptions thrown
+ * by URI(String) and transform them into a RuntimeException.
+ * Such exceptions should never happen but should be reported
+ * properly if they ever do.
+ */
+ static {
+ try {
+ identifierURI = new URI(identifier);
+ } catch (Exception e) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(e);
+ }
+ };
+
+ // the URI value that this class represents
+ private URI value;
+
+ /**
+ * Creates a new <code>AnyURIAttribute</code> that represents
+ * the URI value supplied.
+ *
+ * @param value the <code>URI</code> value to be represented
+ */
+ public AnyURIAttribute(URI value) {
+ super(identifierURI);
+
+ // Shouldn't happen, but just in case...
+ if (earlyException != null)
+ throw earlyException;
+
+ this.value = value;
+ }
+
+ /**
+ * Returns a new <code>AnyURIAttribute</code> that represents
+ * the xs:anyURI at a particular DOM node.
+ *
+ * @param root the <code>Node</code> that contains the desired value
+ *
+ * @return a new <code>AnyURIAttribute</code> representing the
+ * appropriate value (null if there is a parsing error)
+ */
+ public static AnyURIAttribute getInstance(Node root)
+ throws URISyntaxException
+ {
+ return getInstance(root.getFirstChild().getNodeValue());
+ }
+
+ /**
+ * Returns a new <code>AnyURIAttribute</code> that represents
+ * the xs:anyURI value indicated by the <code>String</code> provided.
+ *
+ * @param value a string representing the desired value
+ *
+ * @return a new <code>AnyURIAttribute</code> representing the
+ * appropriate value
+ */
+ public static AnyURIAttribute getInstance(String value)
+ throws URISyntaxException
+ {
+ return new AnyURIAttribute(new URI(value));
+ }
+
+ /**
+ * Returns the <code>URI</code> value represented by this object.
+ *
+ * @return the <code>URI</code> value
+ */
+ public URI getValue() {
+ return value;
+ }
+
+ /**
+ * Returns true if the input is an instance of this class and if its
+ * value equals the value contained in this class.
+ *
+ * @param o the object to compare
+ *
+ * @return true if this object and the input represent the same value
+ */
+ public boolean equals(Object o) {
+ if (! (o instanceof AnyURIAttribute))
+ return false;
+
+ AnyURIAttribute other = (AnyURIAttribute)o;
+
+ return value.equals(other.value);
+ }
+
+ /**
+ * Returns the hashcode value used to index and compare this object with
+ * others of the same type. Typically this is the hashcode of the backing
+ * data object.
+ *
+ * @return the object's hashcode value
+ */
+ public int hashCode() {
+ return value.hashCode();
+ }
+
+ /**
+ * Converts to a String representation.
+ *
+ * @return the String representation
+ */
+ public String toString() {
+ return "AnyURIAttribute: \"" + value.toString() + "\"";
+ }
+
+ /**
+ *
+ */
+ public String encode() {
+ return value.toString();
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/attr/AttributeDesignator.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/attr/AttributeDesignator.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/attr/AttributeDesignator.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,455 @@
+
+/*
+ * @(#)AttributeDesignator.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr;
+
+import com.sun.xacml.EvaluationCtx;
+import com.sun.xacml.Indenter;
+import com.sun.xacml.MatchResult;
+import com.sun.xacml.ParsingException;
+import com.sun.xacml.TargetMatch;
+
+import com.sun.xacml.cond.Evaluatable;
+import com.sun.xacml.cond.EvaluationResult;
+
+import com.sun.xacml.ctx.Attribute;
+import com.sun.xacml.ctx.Status;
+import com.sun.xacml.ctx.StatusDetail;
+
+import java.io.OutputStream;
+import java.io.PrintStream;
+
+import java.net.URI;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+
+/**
+ * Represents all four kinds of Designators in XACML.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class AttributeDesignator implements Evaluatable
+{
+
+ /**
+ * Tells designator to search in the subject section of the request
+ */
+ public static final int SUBJECT_TARGET = 0;
+
+ /**
+ * Tells designator to search in the resource section of the request
+ */
+ public static final int RESOURCE_TARGET = 1;
+
+ /**
+ * Tells designator to search in the action section of the request
+ */
+ public static final int ACTION_TARGET = 2;
+
+ /**
+ * Tells designator to search in the environment section of the request
+ */
+ public static final int ENVIRONMENT_TARGET = 3;
+
+ /**
+ * The standard URI for the default subject category value
+ */
+ public static final String SUBJECT_CATEGORY_DEFAULT =
+ "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject";
+
+ // helper array of strings
+ static final private String [] targetTypes = { "Subject", "Resource",
+ "Action", "Environment" };
+
+ // the type of designator we are
+ private int target;
+
+ // required attributes
+ private URI type;
+ private URI id;
+
+ // optional attribute
+ private URI issuer;
+
+ // must resolution find something
+ private boolean mustBePresent;
+
+ // if we're a subject this is the category
+ private URI subjectCategory;
+
+ // the logger we'll use for all messages
+ private static final Logger logger =
+ Logger.getLogger(AttributeDesignator.class.getName());
+
+ /**
+ * Creates a new <code>AttributeDesignator</code> without the optional
+ * issuer.
+ *
+ * @param target the type of designator as specified by the 4 member
+ * *_TARGET fields
+ * @param type the data type resolved by this designator
+ * @param id the attribute id looked for by this designator
+ * @param mustBePresent whether resolution must find a value
+ */
+ public AttributeDesignator(int target, URI type, URI id,
+ boolean mustBePresent) {
+ this(target, type, id, mustBePresent, null);
+ }
+
+ /**
+ * Creates a new <code>AttributeDesignator</code> with the optional
+ * issuer.
+ *
+ * @param target the type of designator as specified by the 4 member
+ * *_TARGET fields
+ * @param type the data type resolved by this designator
+ * @param id the attribute id looked for by this designator
+ * @param mustBePresent whether resolution must find a value
+ * @param issuer the issuer of the values to search for or null if no
+ * issuer is specified
+ *
+ * @throws IllegalArgumentException if the input target isn't a valid
value
+ */
+ public AttributeDesignator(int target, URI type, URI id,
+ boolean mustBePresent, URI issuer)
+ throws IllegalArgumentException{
+
+ // check if input target is a valid value
+ if ((target != SUBJECT_TARGET) &&
+ (target != RESOURCE_TARGET) &&
+ (target != ACTION_TARGET) &&
+ (target != ENVIRONMENT_TARGET))
+ throw new IllegalArgumentException("Input target is not a valid"
+
+ "value");
+ this.target = target;
+ this.type = type;
+ this.id = id;
+ this.mustBePresent = mustBePresent;
+ this.issuer = issuer;
+
+ subjectCategory = null;
+ }
+
+ /**
+ * Sets the category if this is a SubjectAttributeDesignatorType
+ *
+ * @param category the subject category
+ */
+ public void setSubjectCategory(URI category) {
+ if (target == SUBJECT_TARGET)
+ subjectCategory = category;
+ }
+
+ /**
+ * Creates a new <code>AttributeDesignator</code> based on the DOM
+ * root of the XML data.
+ *
+ * @param root the DOM root of the AttributeDesignatorType XML type
+ * @param target the type of designator to create as specified in the
+ * four member *_TARGET fields
+ *
+ * @return the designator
+ *
+ * @throws ParsingException if the AttributeDesignatorType was invalid
+ */
+ public static AttributeDesignator getInstance(Node root, int target)
+ throws ParsingException
+ {
+ URI type = null;
+ URI id = null;
+ URI issuer = null;
+ boolean mustBePresent = false;
+ URI subjectCategory = null;
+
+ NamedNodeMap attrs = root.getAttributes();
+
+ try {
+ // there's always an Id
+ id = new URI(attrs.getNamedItem("AttributeId").getNodeValue());
+ } catch (Exception e) {
+ throw new ParsingException("Required AttributeId missing in " +
+ "AttributeDesignator", e);
+ }
+
+ try {
+ // there's always a data type
+ type = new URI(attrs.getNamedItem("DataType").getNodeValue());
+ } catch (Exception e) {
+ throw new ParsingException("Required DataType missing in " +
+ "AttributeDesignator", e);
+ }
+
+ try {
+ // there might be an issuer
+ Node node = attrs.getNamedItem("Issuer");
+ if (node != null)
+ issuer = new URI(node.getNodeValue());
+
+ // if it's for the Subject section, there's another attr
+ if (target == SUBJECT_TARGET) {
+ Node scnode = attrs.getNamedItem("SubjectCategory");
+ if (scnode != null)
+ subjectCategory = new URI(scnode.getNodeValue());
+ else
+ subjectCategory = new URI(SUBJECT_CATEGORY_DEFAULT);
+ }
+
+ // there might be a mustBePresent flag
+ node = attrs.getNamedItem("MustBePresent");
+ if (node != null)
+ if (node.getNodeValue().equals("true"))
+ mustBePresent = true;
+ } catch (Exception e) {
+ // this shouldn't ever happen, but in theory something could go
+ // wrong in the code in this try block
+ throw new ParsingException("Error parsing AttributeDesignator " +
+ "optional attributes", e);
+ }
+
+ AttributeDesignator ad =
+ new AttributeDesignator(target, type, id, mustBePresent, issuer);
+ ad.setSubjectCategory(subjectCategory);
+
+ return ad;
+ }
+
+ /**
+ * Returns the type of this designator as specified by the *_TARGET
+ * fields.
+ *
+ * @return the designator type
+ */
+ public int getDesignatorType() {
+ return target;
+ }
+
+ /**
+ * Returns the type of attribute that is resolved by this designator.
+ * While an AD will always return a bag, this method will always return
+ * the type that is stored in the bag.
+ *
+ * @return the attribute type
+ */
+ public URI getType() {
+ return type;
+ }
+
+ /**
+ * Returns the AttributeId of the values resolved by this designator.
+ *
+ * @return identifier for the values to resolve
+ */
+ public URI getId() {
+ return id;
+ }
+
+ /**
+ * Returns the subject category for this designator. If this is not a
+ * SubjectAttributeDesignator then this will always return null.
+ *
+ * @return the subject category or null if this isn't a
+ * SubjectAttributeDesignator
+ */
+ public URI getCategory() {
+ return subjectCategory;
+ }
+
+ /**
+ * Returns the issuer of the values resolved by this designator if
+ * specified.
+ *
+ * @return the attribute issuer or null if unspecified
+ */
+ public URI getIssuer() {
+ return issuer;
+ }
+
+ /**
+ * Returns whether or not a value is required to be resolved by this
+ * designator.
+ *
+ * @return true if a value is required, false otherwise
+ */
+ public boolean mustBePresent() {
+ return mustBePresent;
+ }
+
+ /**
+ * Always returns true, since a designator always returns a bag of
+ * attribute values.
+ *
+ * @return true
+ */
+ public boolean evaluatesToBag() {
+ return true;
+ }
+
+ /**
+ * Always returns an empty list since designators never have children.
+ *
+ * @return an empty <code>List</code>
+ */
+ public List getChildren() {
+ return Collections.EMPTY_LIST;
+ }
+
+ /**
+ * Evaluates the pre-assigned meta-data against the given context,
+ * trying to find some matching values.
+ *
+ * @param context the representation of the request
+ *
+ * @return a result containing a bag either empty because no values were
+ * found or containing at least one value, or status associated with an
+ * Indeterminate result
+ */
+ public EvaluationResult evaluate(EvaluationCtx context) {
+ EvaluationResult result = null;
+
+ // look in the right section for some attribute values
+ switch(target) {
+ case SUBJECT_TARGET:
+ result = context.getSubjectAttribute(type, id,
+ issuer, subjectCategory);
+ break;
+ case RESOURCE_TARGET:
+ result = context.getResourceAttribute(type, id, issuer);
+ break;
+ case ACTION_TARGET:
+ result = context.getActionAttribute(type, id, issuer);
+ break;
+ case ENVIRONMENT_TARGET:
+ result = context.getEnvironmentAttribute(type, id, issuer);
+ break;
+ }
+
+ // if the lookup was indeterminate, then we return immediately
+ if (result.indeterminate())
+ return result;
+
+ BagAttribute bag = (BagAttribute)(result.getAttributeValue());
+
+ if (bag.isEmpty()) {
+ // if it's empty, this may be an error
+ if (mustBePresent) {
+ if (logger.isLoggable(Level.INFO))
+ logger.info("AttributeDesignator failed to resolve a " +
+ "value for a required attribute: " +
+ id.toString());
+
+ ArrayList code = new ArrayList();
+ code.add(Status.STATUS_MISSING_ATTRIBUTE);
+
+ String message = "Couldn't find " + targetTypes[target] +
+ "AttributeDesignator attribute";
+
+ // Note that there is a bug in the XACML spec. You can't
+ // specify an identifier without specifying acceptable
+ // values. Until this is fixed, this code will only
+ // return the status code, and not any hints about what
+ // was missing
+
+ /*List attrs = new ArrayList();
+ attrs.add(new Attribute(id,
+ ((issuer == null) ? null :
+ issuer.toString()),
+ null, null));
+ StatusDetail detail = new StatusDetail(attrs);*/
+
+ return new EvaluationResult(new Status(code, message));
+ }
+ }
+
+ // if we got here the bag wasn't empty, or mustBePresent was false,
+ // so we just return the result
+ return result;
+ }
+
+ /**
+ * Encodes this designator into its XML representation and
+ * writes this encoding to the given <code>OutputStream</code> with no
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ */
+ public void encode(OutputStream output) {
+ encode(output, new Indenter(0));
+ }
+
+ /**
+ * Encodes this designator into its XML representation and
+ * writes this encoding to the given <code>OutputStream</code> with
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ * @param indenter an object that creates indentation strings
+ */
+ public void encode(OutputStream output, Indenter indenter) {
+ PrintStream out = new PrintStream(output);
+ String indent = indenter.makeString();
+
+ String tag = "<" + targetTypes[target] + "AttributeDesignator";
+
+ if ((target == SUBJECT_TARGET) && (subjectCategory != null))
+ tag += " SubjectCategory=\"" + subjectCategory.toString() + "\"";
+
+ tag += " AttributeId=\"" + id.toString() + "\"";
+ tag += " DataType=\"" + type.toString() + "\"";
+
+ if (issuer != null)
+ tag += " Issuer=\"" + issuer.toString() + "\"";
+
+ if (mustBePresent)
+ tag += " MustBePresent=\"true\"";
+
+ tag += "/>";
+
+ out.println(indent + tag);
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/attr/AttributeFactory.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/attr/AttributeFactory.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/attr/AttributeFactory.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,334 @@
+
+/*
+ * @(#)AttributeFactory.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr;
+
+import com.sun.xacml.ParsingException;
+import com.sun.xacml.UnknownIdentifierException;
+
+import java.net.URI;
+
+import java.util.Set;
+
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+
+
+/**
+ * This is an abstract factory class for creating XACML attribute values.
+ * There may be any number of factories available in the system, though
+ * there is always one default factory used by the core code.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ * @author Marco Barreno
+ */
+public abstract class AttributeFactory
+{
+
+ // the proxy used to get the default factory
+ private static AttributeFactoryProxy defaultFactoryProxy;
+
+ /**
+ * static intialiazer that sets up the default factory proxy
+ * NOTE: this will change when the right setup mechanism is in place
+ */
+ static {
+ defaultFactoryProxy = new AttributeFactoryProxy() {
+ public AttributeFactory getFactory() {
+ return StandardAttributeFactory.getFactory();
+ }
+ };
+ };
+
+ /**
+ * Default constructor. Used only by subclasses.
+ */
+ protected AttributeFactory() {
+
+ }
+
+ /**
+ * Returns the default factory. Depending on the default factory's
+ * implementation, this may return a singleton instance or new instances
+ * with each invokation.
+ *
+ * @return the default <code>AttributeFactory</code>
+ */
+ public static final AttributeFactory getInstance() {
+ return defaultFactoryProxy.getFactory();
+ }
+
+ /**
+ * Sets the default factory. Note that this is just a placeholder for
+ * now, and will be replaced with a more useful mechanism soon.
+ */
+ public static final void setDefaultFactory(AttributeFactoryProxy proxy) {
+ defaultFactoryProxy = proxy;
+ }
+
+ /**
+ * Adds a proxy to the factory, which in turn will allow new attribute
+ * types to be created using the factory. Typically the proxy is
+ * provided as an anonymous class that simply calls the getInstance
+ * methods (or something similar) of some <code>AttributeValue</code>
+ * class.
+ *
+ * @param id the name of the attribute type
+ * @param proxy the proxy used to create new attributes of the given type
+ *
+ * @throws IllegalArgumentException if the given id is already in use
+ */
+ public abstract void addDatatype(String id, AttributeProxy proxy);
+
+ /**
+ * Adds a proxy to the default factory, which in turn will allow new
+ * attribute types to be created using the factory. Typically the proxy
+ * is provided as an anonymous class that simply calls the getInstance
+ * methods (or something similar) of some <code>AttributeValue</code>
+ * class.
+ *
+ * @deprecated As of version 1.2, replaced by
+ *
{@link
#addDatatype(String,AttributeProxy)}.
+ * The new factory system requires you to get a factory
+ * instance and then call the non-static methods on that
+ * factory. The static versions of these methods have been
+ * left in for now, but are slower and will be removed in
+ * a future version.
+ *
+ * @param id the name of the attribute type
+ * @param proxy the proxy used to create new attributes of the given type
+ *
+ * @throws IllegalArgumentException if the given id is already in use
+ */
+ public static void addAttributeProxy(String id, AttributeProxy proxy) {
+ getInstance().addDatatype(id, proxy);
+ }
+
+ /**
+ * Returns the datatype identifiers supported by this factory.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public abstract Set getSupportedDatatypes();
+
+ /**
+ * Creates a value based on the given DOM root node. The type of the
+ * attribute is assumed to be present in the node as an XAML attribute
+ * named <code>DataType</code>, as is the case with the
+ * AttributeValueType in the policy schema. The value is assumed to be
+ * the first child of this node.
+ *
+ * @param root the DOM root of an attribute value
+ *
+ * @return a new <code>AttributeValue</code>
+ *
+ * @throws UnknownIdentifierException if the type in the node isn't
+ * known to the factory
+ * @throws ParsingException if the node is invalid or can't be parsed
+ * by the appropriate proxy
+ */
+ public abstract AttributeValue createValue(Node root)
+ throws UnknownIdentifierException, ParsingException;
+
+ /**
+ * Creates a value based on the given DOM root node. The type of the
+ * attribute is assumed to be present in the node as an XAML attribute
+ * named <code>DataType</code>, as is the case with the
+ * AttributeValueType in the policy schema. The value is assumed to be
+ * the first child of this node. This uses the default factory.
+ *
+ * @deprecated As of version 1.2, replaced by
+ *
{@link
#createValue(Node)}.
+ * The new factory system requires you to get a factory
+ * instance and then call the non-static methods on that
+ * factory. The static versions of these methods have been
+ * left in for now, but are slower and will be removed in
+ * a future version.
+ *
+ * @param root the DOM root of an attribute value
+ *
+ * @return a new <code>AttributeValue</code>
+ *
+ * @throws UnknownIdentifierException if the type in the node isn't
+ * known to the factory
+ * @throws ParsingException if the node is invalid or can't be parsed
+ * by the appropriate proxy
+ */
+ public static AttributeValue createAttribute(Node root)
+ throws UnknownIdentifierException, ParsingException
+ {
+ return getInstance().createValue(root);
+ }
+
+ /**
+ * Creates a value based on the given DOM root node and data type.
+ *
+ * @param root the DOM root of an attribute value
+ * @param dataType the type of the attribute
+ *
+ * @return a new <code>AttributeValue</code>
+ *
+ * @throws UnknownIdentifierException if the data type isn't known to
+ * the factory
+ * @throws ParsingException if the node is invalid or can't be parsed
+ * by the appropriate proxy
+ */
+ public abstract AttributeValue createValue(Node root, URI dataType)
+ throws UnknownIdentifierException, ParsingException;
+
+ /**
+ * Creates a value based on the given DOM root node and data type. This
+ * uses the default factory.
+ *
+ * @deprecated As of version 1.2, replaced by
+ *
{@link
#createValue(Node,URI)}.
+ * The new factory system requires you to get a factory
+ * instance and then call the non-static methods on that
+ * factory. The static versions of these methods have been
+ * left in for now, but are slower and will be removed in
+ * a future version.
+ *
+ * @param root the DOM root of an attribute value
+ * @param dataType the type of the attribute
+ *
+ * @return a new <code>AttributeValue</code>
+ *
+ * @throws UnknownIdentifierException if the data type isn't known to
+ * the factory
+ * @throws ParsingException if the node is invalid or can't be parsed
+ * by the appropriate proxy
+ */
+ public static AttributeValue createAttribute(Node root, URI dataType)
+ throws UnknownIdentifierException, ParsingException
+ {
+ return getInstance().createValue(root, dataType);
+ }
+
+ /**
+ * Creates a value based on the given DOM root node and data type.
+ *
+ * @param root the DOM root of an attribute value
+ * @param type the type of the attribute
+ *
+ * @return a new <code>AttributeValue</code>
+ *
+ * @throws UnknownIdentifierException if the type isn't known to
+ * the factory
+ * @throws ParsingException if the node is invalid or can't be parsed
+ * by the appropriate proxy
+ */
+ public abstract AttributeValue createValue(Node root, String type)
+ throws UnknownIdentifierException, ParsingException;
+
+ /**
+ * Creates a value based on the given DOM root node and data type. This
+ * uses the default factory.
+ *
+ * @deprecated As of version 1.2, replaced by
+ *
{@link
#createValue(Node,String)}.
+ * The new factory system requires you to get a factory
+ * instance and then call the non-static methods on that
+ * factory. The static versions of these methods have been
+ * left in for now, but are slower and will be removed in
+ * a future version.
+ *
+ * @param root the DOM root of an attribute value
+ * @param type the type of the attribute
+ *
+ * @return a new <code>AttributeValue</code>
+ *
+ * @throws UnknownIdentifierException if the type isn't known to
+ * the factory
+ * @throws ParsingException if the node is invalid or can't be parsed
+ * by the appropriate proxy
+ */
+ public static AttributeValue createAttribute(Node root, String type)
+ throws UnknownIdentifierException, ParsingException
+ {
+ return getInstance().createValue(root, type);
+ }
+
+ /**
+ * Creates a value based on the given data type and text-encoded value.
+ * Used primarily by code that does an XPath query to get an
+ * attribute value, and then needs to turn the resulting value into
+ * an Attribute class.
+ *
+ * @param dataType the type of the attribute
+ * @param value the text-encoded representation of an attribute's value
+ *
+ * @return a new <code>AttributeValue</code>
+ *
+ * @throws UnknownIdentifierException if the data type isn't known to
+ * the factory
+ * @throws ParsingException if the text is invalid or can't be parsed
+ * by the appropriate proxy
+ */
+ public abstract AttributeValue createValue(URI dataType, String value)
+ throws UnknownIdentifierException, ParsingException;
+
+ /**
+ * Creates a value based on the given data type and text-encoded value.
+ * Used primarily by code that does an XPath query to get an
+ * attribute value, and then needs to turn the resulting value into
+ * an Attribute class. This uses the default factory.
+ *
+ * @deprecated As of version 1.2, replaced by
+ *
{@link
#createValue(URI,String)}.
+ * The new factory system requires you to get a factory
+ * instance and then call the non-static methods on that
+ * factory. The static versions of these methods have been
+ * left in for now, but are slower and will be removed in
+ * a future version.
+ *
+ * @param dataType the type of the attribute
+ * @param value the text-encoded representation of an attribute's value
+ *
+ * @return a new <code>AttributeValue</code>
+ *
+ * @throws UnknownIdentifierException if the data type isn't known to
+ * the factory
+ * @throws ParsingException if the text is invalid or can't be parsed
+ * by the appropriate proxy
+ */
+ public static AttributeValue createAttribute(URI dataType, String value)
+ throws UnknownIdentifierException, ParsingException
+ {
+ return getInstance().createValue(dataType, value);
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/attr/AttributeFactoryProxy.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/attr/AttributeFactoryProxy.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/attr/AttributeFactoryProxy.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,58 @@
+
+/*
+ * @(#)AttributeFactoryProxy.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr;
+
+
+/**
+ * A simple proxy interface used to install new
+ * <code>AttributeFactory</code>s.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public interface AttributeFactoryProxy
+{
+
+ /**
+ * Returns an instance of the <code>AttributeFactory</code> for which
+ * this is a proxy.
+ *
+ * @return an <code>AttributeFactory</code> instance
+ */
+ public AttributeFactory getFactory();
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/attr/AttributeProxy.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/attr/AttributeProxy.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/attr/AttributeProxy.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,80 @@
+
+/*
+ * @(#)AttributeProxy.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * Used by the <code>AttributeFactory</code> to create new attributes.
+ * Typically a new proxy class is created which in turn knows how to create
+ * a specific kind of attribute, and then this proxy class is installed in
+ * the <code>AttributeFactory</code>.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public interface AttributeProxy
+{
+
+ /**
+ * Tries to create a new <code>AttributeValue</code> based on the given
+ * DOM root node.
+ *
+ * @param root the DOM root of some attribute data
+ *
+ * @return an <code>AttributeValue</code> representing the given data
+ *
+ * @throws Exception if the data couldn't be used (the exception is
+ * typically wrapping some other exception)
+ */
+ public AttributeValue getInstance(Node root) throws Exception;
+
+ /**
+ * Tries to create a new <code>AttributeValue</code> based on the given
+ * String data.
+ *
+ * @param value the text form of some attribute data
+ *
+ * @return an <code>AttributeValue</code> representing the given data
+ *
+ * @throws Exception if the data couldn't be used (the exception is
+ * typically wrapping some other exception)
+ */
+ public AttributeValue getInstance(String value) throws Exception;
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/attr/AttributeSelector.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/attr/AttributeSelector.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/attr/AttributeSelector.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,358 @@
+
+/*
+ * @(#)AttributeSelector.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr;
+
+import com.sun.xacml.EvaluationCtx;
+import com.sun.xacml.Indenter;
+import com.sun.xacml.ParsingException;
+
+import com.sun.xacml.cond.Evaluatable;
+import com.sun.xacml.cond.EvaluationResult;
+
+import com.sun.xacml.ctx.Status;
+
+import java.io.OutputStream;
+import java.io.PrintStream;
+
+import java.net.URI;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+
+
+/**
+ * Supports the standard selector functionality in XACML, which uses XPath
+ * expressions to resolve values from the Request or elsewhere. All selector
+ * queries are done by <code>AttributeFinderModule</code>s so that it's easy
+ * to plugin different XPath implementations.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class AttributeSelector implements Evaluatable
+{
+
+ // the data type returned by this selector
+ private URI type;
+
+ // the XPath to search
+ private String contextPath;
+
+ // must resolution find something
+ private boolean mustBePresent;
+
+ // the xpath version we've been told to use
+ private String xpathVersion;
+
+ // the policy root, where we get namespace mapping details
+ private Node policyRoot;
+
+ // the logger we'll use for all messages
+ private static final Logger logger =
+ Logger.getLogger(AttributeSelector.class.getName());
+
+ /**
+ * Creates a new <code>AttributeSelector</code> with no policy root.
+ *
+ * @param type the data type of the attribute values this selector
+ * looks for
+ * @param contextPath the XPath to query
+ * @param mustBePresent must resolution find a match
+ * @param xpathVersion the XPath version to use, which must be a valid
+ * XPath version string (the identifier for XPath 1.0
+ * is provided in <code>AbstractPolicy</code>)
+ */
+ public AttributeSelector(URI type, String contextPath,
+ boolean mustBePresent, String xpathVersion) {
+ this(type, contextPath, null, mustBePresent, xpathVersion);
+ }
+
+ /**
+ * Creates a new <code>AttributeSelector</code>.
+ *
+ * @param type the data type of the attribute values this selector
+ * looks for
+ * @param contextPath the XPath to query
+ * @param policyRoot the root DOM Element for the policy containing this
+ * selector, which defines namespace mappings
+ * @param mustBePresent must resolution find a match
+ * @param xpathVersion the XPath version to use, which must be a valid
+ * XPath version string (the identifier for XPath 1.0
+ * is provided in <code>AbstractPolicy</code>)
+ */
+ public AttributeSelector(URI type, String contextPath, Node policyRoot,
+ boolean mustBePresent, String xpathVersion) {
+ this.type = type;
+ this.contextPath = contextPath;
+ this.mustBePresent = mustBePresent;
+ this.xpathVersion = xpathVersion;
+ this.policyRoot = policyRoot;
+ }
+
+ /**
+ * Creates a new <code>AttributeSelector</code> based on the DOM root
+ * of the XML type. Note that as of XACML 1.1 the XPathVersion element
+ * is required in any policy that uses a selector, so if the
+ * <code>xpathVersion</code> string is null, then this will throw
+ * an exception.
+ *
+ * @param root the root of the DOM tree for the XML AttributeSelectorType
+ * XML type
+ * @param xpathVersion the XPath version to use, or null if this is
+ * unspecified (ie, not supplied in the defaults
+ * section of the policy)
+ *
+ * @return an <code>AttributeSelector</code>
+ *
+ * @throws ParsingException if the AttributeSelectorType was invalid
+ */
+ public static AttributeSelector getInstance(Node root, String
xpathVersion)
+ throws ParsingException
+ {
+ URI type = null;
+ String contextPath = null;
+ boolean mustBePresent = false;
+
+ // make sure we were given an xpath version
+ if (xpathVersion == null)
+ throw new ParsingException("An XPathVersion is required for "+
+ "any policies that use selectors");
+
+ NamedNodeMap attrs = root.getAttributes();
+
+ try {
+ // there's always a DataType attribute
+ type = new URI(attrs.getNamedItem("DataType").getNodeValue());
+ } catch (Exception e) {
+ throw new ParsingException("Error parsing required DataType " +
+ "attribute in AttributeSelector", e);
+ }
+
+ try {
+ // there's always a RequestPath
+ contextPath =
+ attrs.getNamedItem("RequestContextPath").getNodeValue();
+ } catch (Exception e) {
+ throw new ParsingException("Error parsing required " +
+ "RequestContextPath attribute in " +
+ "AttributeSelector", e);
+ }
+
+ try {
+ // there may optionally be a MustBePresent
+ Node node = attrs.getNamedItem("MustBePresent");
+ if (node != null)
+ if (node.getNodeValue().equals("true"))
+ mustBePresent = true;
+ } catch (Exception e) {
+ // this shouldn't happen, since we check the cases, but still...
+ throw new ParsingException("Error parsing optional attributes " +
+ "in AttributeSelector", e);
+ }
+
+ // as of 1.2 we need the root element of the policy so we can get
+ // the namespace mapping, but in order to leave the APIs unchanged,
+ // we'll walk up the tree to find the root rather than pass this
+ // element around through all the code
+ Node policyRoot = null;
+ Node node = root.getParentNode();
+
+ while ((node != null) && (node.getNodeType() == Node.ELEMENT_NODE)) {
+ policyRoot = node;
+ node = node.getParentNode();
+ }
+
+ // create the new selector
+ return new AttributeSelector(type, contextPath, policyRoot,
+ mustBePresent, xpathVersion);
+ }
+
+ /**
+ * Returns the data type of the attribute values that this selector
+ * will resolve
+ *
+ * @return the data type of the values found by this selector
+ */
+ public URI getType() {
+ return type;
+ }
+
+ /**
+ * Returns the XPath query used to resolve attribute values.
+ *
+ * @return the XPath query
+ */
+ public String getContextPath() {
+ return contextPath;
+ }
+
+ /**
+ * Returns whether or not a value is required to be resolved by this
+ * selector.
+ *
+ * @return true if a value is required, false otherwise
+ */
+ public boolean mustBePresent() {
+ return mustBePresent;
+ }
+
+ /**
+ * Always returns true, since a selector always returns a bag of
+ * attribute values.
+ *
+ * @return true
+ */
+ public boolean evaluatesToBag() {
+ return true;
+ }
+
+ /**
+ * Always returns an empty list since selectors never have children.
+ *
+ * @return an empty <code>List</code>
+ */
+ public List getChildren() {
+ return Collections.EMPTY_LIST;
+ }
+
+ /**
+ * Returns the XPath version this selector is supposed to use. This is
+ * typically provided by the defaults section of the policy containing
+ * this selector.
+ *
+ * @return the XPath version
+ */
+ public String getXPathVersion() {
+ return xpathVersion;
+ }
+
+ /**
+ * Invokes the <code>AttributeFinder</code> used by the given
+ * <code>EvaluationCtx</code> to try to resolve an attribute value. If
+ * the selector is defined with MustBePresent as true, then failure
+ * to find a matching value will result in Indeterminate, otherwise it
+ * will result in an empty bag. To support the basic selector
+ * functionality defined in the XACML specification, use a finder that
+ * has only the <code>SelectorModule</code> as a module that supports
+ * selector finding.
+ *
+ * @param context representation of the request to search
+ *
+ * @return a result containing a bag either empty because no values were
+ * found or containing at least one value, or status associated with an
+ * Indeterminate result
+ */
+ public EvaluationResult evaluate(EvaluationCtx context) {
+ // query the context
+ EvaluationResult result = context.getAttribute(contextPath,
policyRoot,
+ type, xpathVersion);
+
+ // see if we got anything
+ if (! result.indeterminate()) {
+ BagAttribute bag = (BagAttribute)(result.getAttributeValue());
+
+ // see if it's an empty bag
+ if (bag.isEmpty()) {
+ // see if this is an error or not
+ if (mustBePresent) {
+ // this is an error
+ if (logger.isLoggable(Level.INFO))
+ logger.info("AttributeSelector failed to resolve a "
+
+ "value for a required attribute: " +
+ contextPath);
+
+ ArrayList code = new ArrayList();
+ code.add(Status.STATUS_MISSING_ATTRIBUTE);
+ String message = "couldn't resolve XPath expression " +
+ contextPath + " for type " + type.toString();
+ return new EvaluationResult(new Status(code, message));
+ } else {
+ // return the empty bag
+ return result;
+ }
+ } else {
+ // return the values
+ return result;
+ }
+ } else {
+ // return the error
+ return result;
+ }
+ }
+
+ /**
+ * Encodes this selector into its XML representation and
+ * writes this encoding to the given <code>OutputStream</code> with no
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ */
+ public void encode(OutputStream output) {
+ encode(output, new Indenter(0));
+ }
+
+ /**
+ * Encodes this selector into its XML representation and
+ * writes this encoding to the given <code>OutputStream</code> with
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ * @param indenter an object that creates indentation strings
+ */
+ public void encode(OutputStream output, Indenter indenter) {
+ PrintStream out = new PrintStream(output);
+ String indent = indenter.makeString();
+
+ String tag = "<AttributeSelector RequestContextPath=\"" +
contextPath +
+ "\" DataType=\"" + type.toString() + "\"";
+
+ if (mustBePresent)
+ tag += " MustBePresent=\"true\"";
+
+ tag += "/>";
+
+ out.println(indent + tag);
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/attr/AttributeValue.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/attr/AttributeValue.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/attr/AttributeValue.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,199 @@
+
+/*
+ * @(#)AttributeValue.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr;
+
+import com.sun.xacml.EvaluationCtx;
+import com.sun.xacml.Indenter;
+
+import com.sun.xacml.cond.Evaluatable;
+import com.sun.xacml.cond.EvaluationResult;
+
+import java.io.OutputStream;
+import java.io.PrintStream;
+
+import java.net.URI;
+
+import java.util.Collections;
+import java.util.List;
+
+
+/**
+ * The base type for all datatypes used in a policy or request/response,
+ * this abstract class represents a value for a given attribute type.
+ * All the required types defined in the XACML specification are
+ * provided as instances of <code>AttributeValue<code>s. If you want to
+ * provide a new type, extend this class and implement the
+ * <code>equals(Object)</code> and <code>hashCode</code> methods from
+ * <code>Object</code>, which are used for equality checking.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public abstract class AttributeValue implements Evaluatable
+{
+
+ // the type of this attribute
+ private URI type;
+
+ /**
+ * Constructor that takes the specific attribute type.
+ *
+ * @param type the attribute's type
+ */
+ protected AttributeValue(URI type) {
+ this.type = type;
+ }
+
+ /**
+ * Returns the type of this attribute value. By default this always
+ * returns the type passed to the constructor.
+ *
+ * @return the attribute's type
+ */
+ public URI getType() {
+ return type;
+ }
+
+ /**
+ * Returns whether or not this value is actually a bag of values. This
+ * is a required interface from <code>Evaluatable</code>, but the
+ * more meaningful <code>isBag</code> method is used by
+ * <code>AttributeValue</code>s, so this method is declared as final
+ * and calls the <code>isBag</code> method for this value.
+ *
+ * @return true if this is a bag of values, false otherwise
+ */
+ public final boolean evaluatesToBag() {
+ return isBag();
+ }
+
+ /**
+ * Always returns an empty list since values never have children.
+ *
+ * @return an empty <code>List</code>
+ */
+ public List getChildren() {
+ return Collections.EMPTY_LIST;
+ }
+
+ /**
+ * Returns whether or not this value is actually a bag of values. By
+ * default this returns <code>false</code>. Typically, only the
+ * <code>BagAttribute</code> should ever override this to return
+ * <code>true</code>.
+ *
+ * @return true if this is a bag of values, false otherwise
+ */
+ public boolean isBag() {
+ return false;
+ }
+
+ /**
+ * Implements the required interface from <code>Evaluatable</code>.
+ * Since there is nothing to evaluate in an attribute value, the default
+ * result is just this instance. Override this method if you want
+ * special behavior, like a dynamic value.
+ *
+ * @param context the representation of the request
+ *
+ * @return a successful evaluation containing this value
+ */
+ public EvaluationResult evaluate(EvaluationCtx context) {
+ return new EvaluationResult(this);
+ }
+
+ /**
+ * Encodes the value in a form suitable for including in XML data like
+ * a request or an obligation. This must return a value that could in
+ * turn be used by the factory to create a new instance with the same
+ * value.
+ *
+ * @return a <code>String</code> form of the value
+ */
+ public abstract String encode();
+
+ /**
+ * Encodes this <code>AttributeValue</code> into its XML representation
+ * and writes this encoding to the given <code>OutputStream</code> with
+ * no indentation. This will always produce the version used in a
+ * policy rather than that used in a request, so this is equivalent
+ * to calling <code>encodeWithTags(true)</code> and then stuffing that
+ * into a stream.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ */
+ public void encode(OutputStream output) {
+ encode(output, new Indenter(0));
+ }
+
+ /**
+ * Encodes this <code>AttributeValue</code> into its XML representation
+ * and writes this encoding to the given <code>OutputStream</code> with
+ * indentation. This will always produce the version used in a
+ * policy rather than that used in a request, so this is equivalent
+ * to calling <code>encodeWithTags(true)</code> and then stuffing that
+ * into a stream.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ * @param indenter an object that creates indentation strings
+ */
+ public void encode(OutputStream output, Indenter indenter) {
+ PrintStream out = new PrintStream(output);
+ out.println(indenter.makeString() + encodeWithTags(true));
+ }
+
+ /**
+ * Encodes the value and includes the AttributeValue XML tags so that
+ * the resulting string can be included in a valid XACML policy or
+ * Request/Response. The <code>boolean</code> parameter lets you include
+ * the DataType attribute, which is required in a policy but not allowed
+ * in a Request or Response.
+ *
+ * @param includeType include the DataType XML attribute if
+ * <code>true</code>, exclude if <code>false</code>
+ *
+ * @return a <code>String</code> encoding including the XML tags
+ */
+ public String encodeWithTags(boolean includeType) {
+ if (includeType)
+ return "<AttributeValue DataType=\"" + type.toString() + "\">" +
+ encode() + "</AttributeValue>";
+ else
+ return "<AttributeValue>" + encode() + "</AttributeValue>";
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/attr/BagAttribute.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/attr/BagAttribute.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/attr/BagAttribute.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,236 @@
+
+/*
+ * @(#)BagAttribute.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr;
+
+import java.net.URI;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.NoSuchElementException;
+
+
+/**
+ * Represents a bag used in the XACML spec as return values from functions
+ * and designators/selectors that provide more than one value. All values in
+ * the bag are of the same type, and the bag may be empty. The bag is
+ * immutable, although its contents may not be.
+ * 
+ * NOTE: This is the one standard attribute type that can't be created from
+ * the factory, since you can't have this in an XML block (it is used only
+ * in return values & dynamic inputs). I think this is right, but we may need
+ * to add some functionality to let this go into the factory.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ * @author Steve Hanna
+ */
+public class BagAttribute extends AttributeValue
+{
+
+ // The Collection of AttributeValues that this object encapsulates
+ private Collection bag;
+
+ /**
+ * Creates a new <code>BagAttribute</code> that represents
+ * the <code>Collection</code> of <code>AttributeValue</code>s supplied.
+ * If the set is null or empty, then the new bag is empty.
+ *
+ * @param type the data type of all the attributes in the set
+ * @param bag a <code>Collection</code> of <code>AttributeValue</code>s
+ */
+ public BagAttribute(URI type, Collection bag) {
+ super(type);
+
+ if (type == null)
+ throw new IllegalArgumentException("Bags require a non-null " +
+ "type be provided");
+
+ // see if the bag is empty/null
+ if ((bag == null) || (bag.size() == 0)) {
+ // empty bag
+ this.bag = new ArrayList();
+ } else {
+ // go through the collection to make sure it's a valid bag
+ Iterator it = bag.iterator();
+
+ while (it.hasNext()) {
+ AttributeValue attr = (AttributeValue)(it.next());
+
+ // a bag cannot contain other bags, so make sure that each
+ // value isn't actually another bag
+ if (attr.isBag())
+ throw new IllegalArgumentException("bags cannot contain
" +
+ "other bags");
+
+ // make sure that they're all the same type
+ if (! type.equals(attr.getType()))
+ throw new
+ IllegalArgumentException("Bag items must all be of "
+
+ "the same type");
+ }
+
+ // if we get here, then they're all the same type
+ this.bag = bag;
+ }
+ }
+
+ /**
+ * Overrides the default method to always return true.
+ *
+ * @return a value of true
+ */
+ public boolean isBag() {
+ return true;
+ }
+
+ /**
+ * Convenience function that returns a bag with no elements
+ *
+ * @param type the types contained in the bag
+ *
+ * @return a new empty bag
+ */
+ public static BagAttribute createEmptyBag(URI type) {
+ return new BagAttribute(type, null);
+ }
+
+ /**
+ * A convenience function that returns whether or not the bag is empty
+ * (ie, whether or not the size of the bag is zero)
+ *
+ * @return whether or not the bag is empty
+ */
+ public boolean isEmpty() {
+ return (bag.size() == 0);
+ }
+
+ /**
+ * Returns the number of elements in this bag
+ *
+ * @return the number of elements in this bag
+ */
+ public int size() {
+ return bag.size();
+ }
+
+ /**
+ * Returns true if this set contains the specified value. More formally,
+ * returns true if and only if this bag contains a value v such that
+ * (value==null ? v==null : value.equals(v)). Note that this will only
+ * work correctly if the <code>AttributeValue</code> has overridden the
+ * <code>equals</code> method.
+ *
+ * @param value the value to look for
+ *
+ * @return true if the value is in the bag
+ */
+ public boolean contains(AttributeValue value) {
+ return bag.contains(value);
+ }
+
+ /**
+ * Returns true if this bag contains all of the values of the specified
bag.
+ * Note that this will only work correctly if the
+ * <code>AttributeValue</code> type contained in the bag has overridden
+ * the <code>equals</code> method.
+ *
+ * @param bag the bag to compare
+ *
+ * @return true if the input is a subset of this bag
+ */
+ public boolean containsAll(BagAttribute bag) {
+ return this.bag.containsAll(bag.bag);
+ }
+
+
+ /**
+ * Returns an iterator over te
+ */
+ public Iterator iterator() {
+ return new ImmutableIterator(bag.iterator());
+ }
+
+ /**
+ * This is a version of Iterator that overrides the <code>remove</code>
+ * method so that items can't be taken out of the bag.
+ */
+ private class ImmutableIterator implements Iterator {
+
+ // the iterator we're wrapping
+ private Iterator iterator;
+
+ /**
+ * Create a new ImmutableIterator
+ */
+ public ImmutableIterator(Iterator iterator) {
+ this.iterator = iterator;
+ }
+
+ /**
+ * Standard hasNext method
+ */
+ public boolean hasNext() {
+ return iterator.hasNext();
+ }
+
+ /**
+ * Standard next method
+ */
+ public Object next() throws NoSuchElementException {
+ return iterator.next();
+ }
+
+ /**
+ * Makes sure that no one can remove any elements from the bag
+ */
+ public void remove() throws UnsupportedOperationException {
+ throw new UnsupportedOperationException();
+ }
+
+ }
+
+ /**
+ * Because a bag cannot be included in a request/response or a
+ * policy, this will always throw an
+ * <code>UnsupportedOperationException</code>.
+ */
+ public String encode() {
+ throw new UnsupportedOperationException("Bags cannot be encoded");
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/attr/Base64.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/attr/Base64.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/attr/Base64.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,383 @@
+
+/*
+ * @(#)Base64.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr;
+
+import java.io.IOException;
+import java.io.ByteArrayOutputStream;
+
+import java.lang.Integer;
+
+import java.util.Arrays;
+
+
+/**
+ * Class that knows how to encode and decode Base64 values. Base64
+ * Content-Transfer-Encoding rules are defined in Section 6.8 of IETF RFC
2045
+ * Multipurpose Internet Mail Extensions (MIME) Part One: Format of
Internet
+ * Message Bodies, available at <a
+ * href="ftp://ftp.isi.edu/in-notes/rfc2045.txt";>
+ * <code>ftp://ftp.isi.edu/in-notes/rfc2045.txt</code></a>.
+ * 
+ * All methods of this class are static and thread-safe.
+ *
+ * @since 1.0
+ * @author Anne Anderson
+ */
+class Base64
+{
+ /*
+ * ASCII white-space characters. These are the ones recognized by the
+ * C and Java language [pre-processors].
+ */
+ private static final char SPACE = 0x20; /* space, or blank, character */
+ private static final char ETX = 0x04; /* end-of-text character */
+ private static final char VTAB = 0x0b; /* vertical tab character */
+ private static final char FF = 0x0c; /* form-feed character */
+ private static final char HTAB = 0x09; /* horizontal tab character */
+ private static final char LF = 0x0a; /* line feed character */
+ private static final char ALTLF = 0x13; /* line feed on some systems */
+ private static final char CR = 0x0d; /* carriage-return character */
+
+ /*
+ * The character used to pad out a 4-character Base64-encoded block,
+ * or "quantum".
+ */
+ private static char PAD = '=';
+
+ /*
+ * String used for BASE64 encoding and decoding.
+ *
+ * For index values 0-63, the character at each index is the Base-64
+ * encoded value of the index value. Index values beyond 63 are never
+ * referenced during encoding, but are used in this implementation to
+ * help in decoding. The character at index 64 is the Base64 pad
+ * character '='.
+ *
+ * Charaters in index positions 0-64 MUST NOT be moved or altered, as
+ * this will break the implementation.
+ *
+ * The characters after index 64 are white space characters that should
be
+ * ignored in Base64-encoded input strings while doing decoding. Note
that
+ * the white-space character set should include values used on various
+ * platforms, since a Base64-encoded value may have been generated on a
+ * non-Java platform. The values included here are those used in Java
and
+ * in C.
+ *
+ * The white-space character set may be modified without affecting the
+ * implementation of the encoding algorithm.
+ */
+ private static final String BASE64EncodingString =
+ "ABCDEFGHIJ"
+ + "KLMNOPQRST"
+ + "UVWXYZabcd"
+ + "efghijklmn"
+ + "opqrstuvwx"
+ + "yz01234567"
+ + "89+/"
+ + "="
+ + SPACE + ETX + VTAB + FF + HTAB + LF + ALTLF + CR;
+
+ // Index of pad character in Base64EncodingString
+ private static final int PAD_INDEX = 64;
+
+ /*
+ * The character in Base64EncodingString with the maximum
+ * character value in Unicode.
+ */
+ private static final int MAX_BASE64_CHAR = 'z';
+
+ /*
+ * Array for mapping encoded characters to decoded values.
+ * This array is initialized when needed by calling
+ * initDecodeArray(). Only includes entries up to
+ * MAX_BASE64_CHAR.
+ */
+ private static int [] Base64DecodeArray = null;
+
+ /*
+ * State values used for decoding a quantum of four encoded input
+ * characters as follows.
+ *
+ * Initial state: NO_CHARS_DECODED
+ * NO_CHARS_DECODED: no characters have been decoded
+ * on encoded char: decode char into output quantum;
+ * new state: ONE_CHAR_DECODED
+ * otherwise: Exception
+ * ONE_CHAR_DECODED: one character has been decoded
+ * on encoded char: decode char into output quantum;
+ * new state: TWO_CHARS_DECODED
+ * otherwise: Exception
+ * TWO_CHARS_DECODED: two characters have been decoded
+ * on encoded char: decode char into output quantum;
+ * new state: THREE_CHARS_DECODED
+ * on pad: write quantum byte 0 to output;
+ * new state: PAD_THREE_READ
+ * THREE_CHARS_DECODED: three characters have been decoded
+ * on encoded char: decode char into output quantum;
+ * write quantum bytes 0-2 to output;
+ * new state: NO_CHARS_DECODED
+ * on pad: write quantum bytes 0-1 to output;
+ * new state: PAD_FOUR_READ
+ * PAD_THREE_READ: pad character has been read as 3rd of 4 chars
+ * on pad: new state: PAD_FOUR_READ
+ * otherwise: Exception
+ * PAD_FOUR_READ: pad character has been read as 4th of 4 char
+ * on any char: Exception
+ *
+ * The valid terminal states are NO_CHARS_DECODED and PAD_FOUR_READ.
+ */
+ private static final int NO_CHARS_DECODED = 0;
+ private static final int ONE_CHAR_DECODED = 1;
+ private static final int TWO_CHARS_DECODED = 2;
+ private static final int THREE_CHARS_DECODED = 3;
+ private static final int PAD_THREE_READ = 5;
+ private static final int PAD_FOUR_READ = 6;
+
+ /**
+ * The maximum number of groups that should be encoded
+ * onto a single line (so we don't exceed 76 characters
+ * per line).
+ */
+ private static final int MAX_GROUPS_PER_LINE = 76/4;
+
+ /**
+ * Encodes the input byte array into a Base64-encoded
+ * <code>String</code>. The output <code>String</code>
+ * has a CR LF (0x0d 0x0a) after every 76 bytes, but
+ * not at the end.
+ * 
+ * WARNING: If the input byte array is modified
+ * while encoding is in progress, the output is undefined.
+ *
+ * @param binaryValue the byte array to be encoded
+ *
+ * @return the Base64-encoded <code>String</code>
+ */
+ public static String encode(byte[] binaryValue) {
+
+ int binaryValueLen = binaryValue.length;
+ // Estimated output length (about 1.4x input, due to CRLF)
+ int maxChars = (binaryValueLen * 7) / 5;
+ // Buffer for encoded output
+ StringBuffer sb = new StringBuffer(maxChars);
+
+ int groupsToEOL = MAX_GROUPS_PER_LINE;
+ // Convert groups of 3 input bytes, with pad if < 3 in final
+ for (int binaryValueNdx = 0; binaryValueNdx < binaryValueLen;
+ binaryValueNdx += 3) {
+
+ // Encode 1st 6-bit group
+ int group1 = (binaryValue[binaryValueNdx] >> 2) & 0x3F;
+ sb.append(BASE64EncodingString.charAt(group1));
+
+ // Encode 2nd 6-bit group
+ int group2 = (binaryValue[binaryValueNdx] << 4) & 0x030;
+ if ((binaryValueNdx+1) < binaryValueLen) {
+ group2 = group2
+ | ((binaryValue[binaryValueNdx+1] >> 4) & 0xF);
+ }
+ sb.append(BASE64EncodingString.charAt(group2));
+
+ // Encode 3rd 6-bit group
+ int group3;
+ if ((binaryValueNdx+1) < binaryValueLen) {
+ group3 = (binaryValue[binaryValueNdx+1] << 2) & 0x03C;
+ if ((binaryValueNdx+2) < binaryValueLen) {
+ group3 = group3
+ | ((binaryValue[binaryValueNdx+2] >> 6) & 0x3);
+ }
+ } else {
+ group3 = PAD_INDEX;
+ }
+ sb.append(BASE64EncodingString.charAt(group3));
+
+ // Encode 4th 6-bit group
+ int group4;
+ if ((binaryValueNdx+2) < binaryValueLen) {
+ group4 = binaryValue[binaryValueNdx+2] & 0x3F;
+ } else {
+ group4 = PAD_INDEX;
+ }
+ sb.append(BASE64EncodingString.charAt(group4));
+
+ // After every MAX_GROUPS_PER_LINE groups, insert CR LF.
+ // Unless this is the final line, in which case we skip that.
+ groupsToEOL = groupsToEOL - 1;
+ if (groupsToEOL == 0) {
+ groupsToEOL = MAX_GROUPS_PER_LINE;
+ if ((binaryValueNdx+3) <= binaryValueLen) {
+ sb.append(CR);
+ sb.append(LF);
+ }
+ }
+ }
+ return sb.toString();
+ }
+
+ /**
+ * Initializes Base64DecodeArray, if this hasn't already been
+ * done.
+ */
+ private static void initDecodeArray() {
+ if (Base64DecodeArray != null)
+ return;
+
+ int [] ourArray = new int [MAX_BASE64_CHAR+1];
+ for (int i = 0; i <= MAX_BASE64_CHAR; i++)
+ ourArray[i] = BASE64EncodingString.indexOf(i);
+
+ Base64DecodeArray = ourArray;
+ }
+
+ /**
+ * Decodes a Base64-encoded <code>String</code>. The result
+ * is returned in a byte array that should match the original
+ * binary value (before encoding). Whitespace characters
+ * in the input <code>String</code> are ignored.
+ * 
+ * If the <code>ignoreBadChars</code> parameter is
+ * <code>true</code>, characters that are not allowed
+ * in a BASE64-encoded string are ignored. Otherwise,
+ * they cause an <code>IOException</code> to be raised.
+ *
+ * @param encoded a <code>String</code> containing a
+ * Base64-encoded value
+ * @param ignoreBadChars If <code>true</code>, bad characters
+ * are ignored. Otherwise, they cause
+ * an <code>IOException</code> to be
+ * raised.
+ *
+ * @return a byte array containing the decoded value
+ *
+ * @throws IOException if the input <code>String</code> is not
+ * a valid Base64-encoded value
+ */
+ public static byte[] decode(String encoded, boolean ignoreBadChars)
+ throws IOException
+ {
+ int encodedLen = encoded.length();
+ int maxBytes = (encodedLen/4)*3; /* Maximum possible output bytes */
+ ByteArrayOutputStream ba = /* Buffer for decoded output */
+ new ByteArrayOutputStream(maxBytes);
+ byte[] quantum = new byte[3]; /* one output quantum */
+
+ // ensure Base64DecodeArray is initialized
+ initDecodeArray();
+
+ /*
+ * Every 4 encoded characters in input are converted to 3 bytes of
+ * output. This is called one "quantum". Each encoded character is
+ * mapped to one 6-bit unit of the output. Whitespace characters in
+ * the input are passed over; they are not included in the output.
+ */
+
+ int state = NO_CHARS_DECODED;
+ for (int encodedNdx = 0; encodedNdx < encodedLen; encodedNdx++) {
+ // Turn encoded char into decoded value
+ int encodedChar = encoded.charAt(encodedNdx);
+ int decodedChar;
+ if (encodedChar > MAX_BASE64_CHAR)
+ decodedChar = -1;
+ else
+ decodedChar = Base64DecodeArray[encodedChar];
+
+ // Handle white space and invalid characters
+ if (decodedChar == -1) {
+ if (ignoreBadChars)
+ continue;
+ throw new IOException("Invalid character");
+ }
+ if (decodedChar > PAD_INDEX) { /* whitespace */
+ continue;
+ }
+
+ // Handle valid characters
+ switch (state) {
+ case NO_CHARS_DECODED:
+ if (decodedChar == PAD_INDEX) {
+ throw new IOException("Pad character in invalid
position");
+ }
+ quantum[0] = (byte) ((decodedChar << 2) & 0xFC);
+ state = ONE_CHAR_DECODED;
+ break;
+ case ONE_CHAR_DECODED:
+ if (decodedChar == PAD_INDEX) {
+ throw new IOException("Pad character in invalid
position");
+ }
+ quantum[0] = (byte) (quantum[0] | ((decodedChar >> 4) &
0x3));
+ quantum[1] = (byte) ((decodedChar << 4) & 0xF0);
+ state = TWO_CHARS_DECODED;
+ break;
+ case TWO_CHARS_DECODED:
+ if (decodedChar == PAD_INDEX) {
+ ba.write(quantum, 0, 1);
+ state = PAD_THREE_READ;
+ } else {
+ quantum[1] =
+ (byte) (quantum[1] | ((decodedChar >> 2) & 0x0F));
+ quantum[2] = (byte) ((decodedChar << 6) & 0xC0);
+ state = THREE_CHARS_DECODED;
+ }
+ break;
+ case THREE_CHARS_DECODED:
+ if (decodedChar == PAD_INDEX) {
+ ba.write(quantum, 0, 2);
+ state = PAD_FOUR_READ;
+ } else {
+ quantum[2] = (byte) (quantum[2] | decodedChar);
+ ba.write(quantum, 0, 3);
+ state = NO_CHARS_DECODED;
+ }
+ break;
+ case PAD_THREE_READ:
+ if (decodedChar != PAD_INDEX) {
+ throw new IOException("Missing pad character");
+ }
+ state = PAD_FOUR_READ;
+ break;
+ case PAD_FOUR_READ:
+ throw new IOException("Invalid input follows pad character");
+ }
+ }
+
+ // Test valid terminal states
+ if (state != NO_CHARS_DECODED && state != PAD_FOUR_READ)
+ throw new IOException("Invalid sequence of input characters");
+
+ return ba.toByteArray();
+ }
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/attr/Base64BinaryAttribute.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/attr/Base64BinaryAttribute.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/attr/Base64BinaryAttribute.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,241 @@
+
+/*
+ * @(#)Base64BinaryAttribute.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr;
+
+import com.sun.xacml.ParsingException;
+
+import java.io.IOException;
+
+import java.net.URI;
+
+import java.util.Arrays;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * Representation of an xsi:base64Binary value. This class supports parsing
+ * xsi:base64Binary values. All objects of this class are immutable and
+ * all methods of the class are thread-safe.
+ *
+ * @since 1.0
+ * @author Steve Hanna
+ */
+public class Base64BinaryAttribute extends AttributeValue
+{
+ /**
+ * Official name of this type
+ */
+ public static final String identifier =
+ "http://www.w3.org/2001/XMLSchema#base64Binary";;
+
+ /**
+ * URI version of name for this type
+ * 
+ * This field is initialized by a static initializer so that
+ * we can catch any exceptions thrown by URI(String) and
+ * transform them into a RuntimeException, since this should
+ * never happen but should be reported properly if it ever does.
+ */
+ private static URI identifierURI;
+
+ /**
+ * RuntimeException that wraps an Exception thrown during the
+ * creation of identifierURI, null if none.
+ */
+ private static RuntimeException earlyException;
+
+ /**
+ * Static initializer that initializes the identifierURI
+ * class field so that we can catch any exceptions thrown
+ * by URI(String) and transform them into a RuntimeException.
+ * Such exceptions should never happen but should be reported
+ * properly if they ever do.
+ */
+ static {
+ try {
+ identifierURI = new URI(identifier);
+ } catch (Exception e) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(e);
+ }
+ };
+
+ /**
+ * The actual binary value that this object represents.
+ */
+ private byte [] value;
+
+ /**
+ * The value returned by toString(). Cached, but only
+ * generated if needed.
+ */
+ private String strValue;
+
+ /**
+ * Creates a new <code>Base64BinaryAttribute</code> that represents
+ * the byte [] value supplied.
+ *
+ * @param value the <code>byte []</code> value to be represented
+ */
+ public Base64BinaryAttribute(byte [] value) {
+ super(identifierURI);
+
+ // Shouldn't happen, but just in case...
+ if (earlyException != null)
+ throw earlyException;
+
+ // This will throw a NullPointerException if value == null.
+ // That's what we want in that case.
+ this.value = (byte []) value.clone();
+ }
+
+ /**
+ * Returns a new <code>Base64BinaryAttribute</code> that represents
+ * the xsi:base64Binary at a particular DOM node.
+ *
+ * @param root the <code>Node</code> that contains the desired value
+ * @return a new <code>Base64BinaryAttribute</code> representing the
+ * appropriate value
+ * @exception ParsingException if a parsing error occurs
+ */
+ public static Base64BinaryAttribute getInstance(Node root)
+ throws ParsingException {
+ return getInstance(root.getFirstChild().getNodeValue());
+ }
+
+ /**
+ * Returns a new <code>Base64BinaryAttribute</code> that represents
+ * the xsi:base64Binary value indicated by the string provided.
+ *
+ * @param value a string representing the desired value
+ * @return a new <code>Base64BinaryAttribute</code> representing the
+ * desired value
+ * @exception ParsingException if a parsing error occurs
+ */
+ public static Base64BinaryAttribute getInstance(String value)
+ throws ParsingException {
+ byte [] bytes = null;
+
+ try {
+ bytes = Base64.decode(value, false);
+ } catch (IOException e) {
+ throw new ParsingException("Couldn't parse purported " +
+ "Base64 string: " + value, e);
+ }
+
+ return new Base64BinaryAttribute(bytes);
+ }
+
+ /**
+ * Returns the <code>byte []</code> value represented by this object.
+ * Note that this value is cloned before returning to prevent
+ * unauthorized modifications.
+ *
+ * @return the <code>byte []</code> value
+ */
+ public byte [] getValue() {
+ return (byte []) value.clone();
+ }
+
+ /**
+ * Returns true if the input is an instance of this class and if its
+ * value equals the value contained in this class.
+ *
+ * @param o the object to compare
+ *
+ * @return true if this object and the input represent the same value
+ */
+ public boolean equals(Object o) {
+ if (! (o instanceof Base64BinaryAttribute))
+ return false;
+
+ Base64BinaryAttribute other = (Base64BinaryAttribute)o;
+
+ return Arrays.equals(value, other.value);
+ }
+
+ /**
+ * Returns the hashcode value used to index and compare this object with
+ * others of the same type. Typically this is the hashcode of the backing
+ * data object.
+ *
+ * @return the object's hashcode value
+ */
+ public int hashCode() {
+ int code = (int)(value[0]);
+
+ for (int i = 1; i < value.length; i++) {
+ code *= 31;
+ code += (int)(value[i]);
+ }
+
+ return code;
+ }
+
+ /**
+ * Make the String representation of this object.
+ *
+ * @return the String representation
+ */
+ private String makeStringRep() {
+ return Base64.encode(value);
+ }
+
+ /**
+ * Returns a String representation.
+ *
+ * @return the String representation
+ */
+ public String toString() {
+ if (strValue == null)
+ strValue = makeStringRep();
+
+ return "Base64BinaryAttribute: [\n" + strValue + "]\n";
+ }
+
+ /**
+ *
+ */
+ public String encode() {
+ if (strValue == null)
+ strValue = makeStringRep();
+
+ return strValue;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/attr/BaseAttributeFactory.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/attr/BaseAttributeFactory.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/attr/BaseAttributeFactory.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,245 @@
+
+/*
+ * @(#)BaseAttributeFactory.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr;
+
+import com.sun.xacml.ParsingException;
+import com.sun.xacml.UnknownIdentifierException;
+
+import java.net.URI;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * This is a basic implementation of <code>AttributeFactory</code>. It
+ * implements the insertion and retrieval methods, but doesn't actually
+ * setup the factory with any datatypes.
+ * 
+ * Note that while this class is thread-safe on all creation methods, it
+ * is not safe to add support for a new datatype while creating an instance
+ * of a value. This follows from the assumption that most people will
+ * initialize these factories up-front, and then start processing without
+ * ever modifying the factories. If you need these mutual operations to
+ * be thread-safe, then you should write a wrapper class that implements
+ * the right synchronization.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class BaseAttributeFactory extends AttributeFactory
+{
+
+ // the map of proxies
+ private HashMap attributeMap;
+
+ /**
+ * Default constructor.
+ */
+ public BaseAttributeFactory() {
+ attributeMap = new HashMap();
+ }
+
+ /**
+ * Constructor that configures this factory with an initial set of
+ * supported datatypes.
+ *
+ * @param attributes a <code>Map</code> of <code>String</code>s to
+ * </code>AttributeProxy</code>s
+ *
+ * @throws IllegalArgumentException if any elements of the Map are not
+ * </code>AttributeProxy</code>s
+ */
+ public BaseAttributeFactory(Map attributes) {
+ attributeMap = new HashMap();
+
+ Iterator it = attributes.keySet().iterator();
+ while (it.hasNext()) {
+ try {
+ String id = (it.next()).toString();
+ AttributeProxy proxy = (AttributeProxy)(attributes.get(id));
+ attributeMap.put(id, proxy);
+ } catch (ClassCastException cce) {
+ throw new IllegalArgumentException("an element of the map " +
+ "was not an instance of "
+
+ "AttributeProxy");
+ }
+ }
+ }
+
+ /**
+ * Adds a proxy to the factory, which in turn will allow new attribute
+ * types to be created using the factory. Typically the proxy is
+ * provided as an anonymous class that simply calls the getInstance
+ * methods (or something similar) of some <code>AttributeValue</code>
+ * class.
+ *
+ * @param id the name of the attribute type
+ * @param proxy the proxy used to create new attributes of the given type
+ */
+ public void addDatatype(String id, AttributeProxy proxy) {
+ // make sure this doesn't already exist
+ if (attributeMap.containsKey(id))
+ throw new IllegalArgumentException("datatype already exists");
+
+ attributeMap.put(id, proxy);
+ }
+
+ /**
+ * Returns the datatype identifiers supported by this factory.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public Set getSupportedDatatypes() {
+ return Collections.unmodifiableSet(attributeMap.keySet());
+ }
+
+ /**
+ * Creates a value based on the given DOM root node. The type of the
+ * attribute is assumed to be present in the node as an XACML attribute
+ * named <code>DataType</code>, as is the case with the
+ * AttributeValueType in the policy schema. The value is assumed to be
+ * the first child of this node.
+ *
+ * @param root the DOM root of an attribute value
+ *
+ * @return a new <code>AttributeValue</code>
+ *
+ * @throws UnknownIdentifierException if the type in the node isn't
+ * known to the factory
+ * @throws ParsingException if the node is invalid or can't be parsed
+ * by the appropriate proxy
+ */
+ public AttributeValue createValue(Node root)
+ throws UnknownIdentifierException, ParsingException
+ {
+ Node node = root.getAttributes().getNamedItem("DataType");
+
+ return createValue(root, node.getNodeValue());
+ }
+
+ /**
+ * Creates a value based on the given DOM root node and data type.
+ *
+ * @param root the DOM root of an attribute value
+ * @param dataType the type of the attribute
+ *
+ * @return a new <code>AttributeValue</code>
+ *
+ * @throws UnknownIdentifierException if the data type isn't known to
+ * the factory
+ * @throws ParsingException if the node is invalid or can't be parsed
+ * by the appropriate proxy
+ */
+ public AttributeValue createValue(Node root, URI dataType)
+ throws UnknownIdentifierException, ParsingException
+ {
+ return createValue(root, dataType.toString());
+ }
+
+ /**
+ * Creates a value based on the given DOM root node and data type.
+ *
+ * @param root the DOM root of an attribute value
+ * @param type the type of the attribute
+ *
+ * @return a new <code>AttributeValue</code>
+ *
+ * @throws UnknownIdentifierException if the type isn't known to
+ * the factory
+ * @throws ParsingException if the node is invalid or can't be parsed
+ * by the appropriate proxy
+ */
+ public AttributeValue createValue(Node root, String type)
+ throws UnknownIdentifierException, ParsingException
+ {
+ AttributeProxy proxy = (AttributeProxy)(attributeMap.get(type));
+
+ if (proxy != null) {
+ try {
+ return proxy.getInstance(root);
+ } catch (Exception e) {
+ throw new ParsingException("couldn't create " + type +
+ " attribute based on DOM node");
+ }
+ } else {
+ throw new UnknownIdentifierException("Attributes of type " +
type +
+ " aren't supported.");
+ }
+ }
+
+ /**
+ * Creates a value based on the given data type and text-encoded value.
+ * Used primarily by code that does an XPath query to get an
+ * attribute value, and then needs to turn the resulting value into
+ * an Attribute class.
+ *
+ * @param dataType the type of the attribute
+ * @param value the text-encoded representation of an attribute's value
+ *
+ * @return a new <code>AttributeValue</code>
+ *
+ * @throws UnknownIdentifierException if the data type isn't known to
+ * the factory
+ * @throws ParsingException if the text is invalid or can't be parsed
+ * by the appropriate proxy
+ */
+ public AttributeValue createValue(URI dataType, String value)
+ throws UnknownIdentifierException, ParsingException
+ {
+ String type = dataType.toString();
+ AttributeProxy proxy = (AttributeProxy)(attributeMap.get(type));
+
+ if (proxy != null) {
+ try {
+ return proxy.getInstance(value);
+ } catch (Exception e) {
+ throw new ParsingException("couldn't create " + type +
+ " attribute from input: " +
value);
+ }
+ } else {
+ throw new UnknownIdentifierException("Attributes of type " +
type +
+ " aren't supported.");
+ }
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/attr/BooleanAttribute.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/attr/BooleanAttribute.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/attr/BooleanAttribute.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,268 @@
+
+/*
+ * @(#)BooleanAttribute.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr;
+
+import com.sun.xacml.ParsingException;
+
+import java.net.URI;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * Representation of an xs:boolean value. This class supports parsing
+ * xs:boolean values. All objects of this class are immutable and
+ * all methods of the class are thread-safe.
+ *
+ * @since 1.0
+ * @author Marco Barreno
+ * @author Steve Hanna
+ */
+public class BooleanAttribute extends AttributeValue
+{
+
+ /**
+ * Official name of this type
+ */
+ public static final String identifier =
+ "http://www.w3.org/2001/XMLSchema#boolean";;
+
+ /**
+ * URI version of name for this type
+ * 
+ * This field is initialized by a static initializer so that
+ * we can catch any exceptions thrown by URI(String) and
+ * transform them into a RuntimeException, since this should
+ * never happen but should be reported properly if it ever does.
+ */
+ private static URI identifierURI;
+
+ /**
+ * RuntimeException that wraps an Exception thrown during the
+ * creation of identifierURI, null if none.
+ */
+ private static RuntimeException earlyException;
+
+ /**
+ * Single instance of BooleanAttribute that represents true.
+ * Initialized by the static initializer below.
+ */
+ private static BooleanAttribute trueInstance;
+
+ /**
+ * Single instance of BooleanAttribute that represents false.
+ * Initialized by the static initializer below.
+ */
+ private static BooleanAttribute falseInstance;
+
+ /**
+ * Static initializer that initializes many static fields.
+ * 
+ * It is possible identifierURI
+ * class field so that we can catch any exceptions thrown
+ * by URI(String) and transform them into a RuntimeException.
+ * Such exceptions should never happen but should be reported
+ * properly if they ever do.
+ */
+ static {
+ try {
+ identifierURI = new URI(identifier);
+ trueInstance = new BooleanAttribute(true);
+ falseInstance = new BooleanAttribute(false);
+ } catch (Exception e) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(e);
+ }
+ };
+
+ /**
+ * The actual boolean value that this object represents.
+ */
+ private boolean value;
+
+ /**
+ * Creates a new <code>BooleanAttribute</code> that represents
+ * the boolean value supplied.
+ * 
+ * This constructor is private because it should not be used by
+ * anyone other than the static initializer in this class.
+ * Instead, please use one of the getInstance methods, which
+ * will ensure that only two BooleanAttribute objects are created,
+ * thus avoiding excess object creation.
+ */
+ private BooleanAttribute(boolean value) {
+ super(identifierURI);
+
+ this.value = value;
+ }
+
+ /**
+ * Returns a <code>BooleanAttribute</code> that represents
+ * the xs:boolean at a particular DOM node.
+ *
+ * @param root the <code>Node</code> that contains the desired value
+ * @return a <code>BooleanAttribute</code> representing the
+ * appropriate value (null if there is a parsing error)
+ */
+ public static BooleanAttribute getInstance(Node root)
+ throws ParsingException
+ {
+ return getInstance(root.getFirstChild().getNodeValue());
+ }
+
+ /**
+ * Returns a <code>BooleanAttribute</code> that represents
+ * the xs:boolean value indicated by the string provided.
+ *
+ * @param value a string representing the desired value
+ * @return a <code>BooleanAttribute</code> representing the
+ * appropriate value (null if there is a parsing error)
+ */
+ public static BooleanAttribute getInstance(String value)
+ throws ParsingException
+ {
+ // Shouldn't happen, but just in case...
+ if (earlyException != null)
+ throw earlyException;
+
+ if (value.equals("true"))
+ return trueInstance;
+ if (value.equals("false"))
+ return falseInstance;
+
+ throw new ParsingException("Boolean string must be true or false");
+ }
+
+ /**
+ * Returns a <code>BooleanAttribute</code> that represents
+ * the boolean value provided.
+ *
+ * @param value a boolean representing the desired value
+ * @return a <code>BooleanAttribute</code> representing the
+ * appropriate value
+ */
+ public static BooleanAttribute getInstance(boolean value) {
+
+ // Shouldn't happen, but just in case...
+ if (earlyException != null)
+ throw earlyException;
+
+ if (value)
+ return trueInstance;
+ else
+ return falseInstance;
+ }
+
+ /**
+ * Returns a <code>BooleanAttribute</code> that represents
+ * a true value.
+ *
+ * @return a <code>BooleanAttribute</code> representing a
+ * true value
+ */
+ public static BooleanAttribute getTrueInstance() {
+
+ // Shouldn't happen, but just in case...
+ if (earlyException != null)
+ throw earlyException;
+
+ return trueInstance;
+ }
+
+ /**
+ * Returns a <code>BooleanAttribute</code> that represents
+ * a false value.
+ *
+ * @return a <code>BooleanAttribute</code> representing a
+ * false value
+ */
+ public static BooleanAttribute getFalseInstance() {
+
+ // Shouldn't happen, but just in case...
+ if (earlyException != null)
+ throw earlyException;
+
+ return falseInstance;
+ }
+
+ /**
+ * Returns the <code>boolean</code> value represented by this object.
+ *
+ * @return the <code>boolean</code> value
+ */
+ public boolean getValue() {
+ return value;
+ }
+
+ /**
+ * Returns true if the input is an instance of this class and if its
+ * value equals the value contained in this class.
+ *
+ * @param o the object to compare
+ *
+ * @return true if this object and the input represent the same value
+ */
+ public boolean equals(Object o) {
+ if (! (o instanceof BooleanAttribute))
+ return false;
+
+ BooleanAttribute other = (BooleanAttribute)o;
+
+ return (value == other.value);
+ }
+
+ /**
+ * Returns the hashcode value used to index and compare this object with
+ * others of the same type. Typically this is the hashcode of the backing
+ * data object.
+ *
+ * @return the object's hashcode value
+ */
+ public int hashCode() {
+ // these numbers come from the javadoc for java.lang.Boolean...no,
+ // really, they do. I can't imagine what they were thinking...
+ return (value ? 1231 : 1237);
+ }
+
+ /**
+ *
+ */
+ public String encode() {
+ return (value ? "true" : "false");
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/attr/DateAttribute.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/attr/DateAttribute.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/attr/DateAttribute.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,670 @@
+
+/*
+ * @(#)DateAttribute.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr;
+
+import java.net.URI;
+
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.text.ParsePosition;
+import java.text.SimpleDateFormat;
+
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Locale;
+import java.util.TimeZone;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * Representation of an xs:date value. This class supports parsing
+ * xs:date values. All objects of this class are immutable and
+ * thread-safe. The <code>Date</code> objects returned are not, but
+ * these objects are cloned before being returned.
+ *
+ * @since 1.0
+ * @author Marco Barreno
+ * @author Seth Proctor
+ * @author Steve Hanna
+ */
+public class DateAttribute extends AttributeValue
+{
+ /**
+ * Official name of this type
+ */
+ public static final String identifier =
+ "http://www.w3.org/2001/XMLSchema#date";;
+
+ /**
+ * URI version of name for this type
+ * 
+ * This field is initialized by a static initializer so that
+ * we can catch any exceptions thrown by URI(String) and
+ * transform them into a RuntimeException, since this should
+ * never happen but should be reported properly if it ever does.
+ * 
+ * This object is used for synchronization whenever we need
+ * protection across this whole class.
+ */
+ private static URI identifierURI;
+
+ /**
+ * RuntimeException that wraps an Exception thrown during the
+ * creation of identifierURI, null if none.
+ */
+ private static RuntimeException earlyException;
+
+ /**
+ * Static initializer that initializes the identifierURI
+ * class field so that we can catch any exceptions thrown
+ * by URI(String) and transform them into a RuntimeException.
+ * Such exceptions should never happen but should be reported
+ * properly if they ever do.
+ */
+ static {
+ try {
+ identifierURI = new URI(identifier);
+ } catch (Exception e) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(e);
+ }
+ };
+
+ /**
+ * Parser for dates with no time zones
+ * 
+ * This field is only initialized if needed (by initParsers()).
+ * 
+ * NOTE: This object should only be accessed from code that
+ * has synchronized on it, since SimpleDateFormat objects are not
+ * thread-safe. If this is causing performance problems, we could
+ * easily make this a method variable in methods that use it
+ * instead of a class field. But that would mean we'd need to
+ * spend a lot more time creating these objects.
+ */
+ private static DateFormat simpleParser;
+
+ /**
+ * Parser for dates with RFC 822 time zones (like +0300)
+ * 
+ * This field is only initialized if needed (by initParsers()).
+ * 
+ * NOTE: This object should only be accessed from code that
+ * has a lock on it, since SimpleDateFormat objects are not
+ * thread-safe.
+ */
+ private static DateFormat zoneParser;
+
+ /**
+ * Calendar for GMT
+ * 
+ * NOTE: This object should only be accessed from code that
+ * has a lock on it, since Calendar objects are not generally
+ * thread-safe.
+ */
+ private static Calendar gmtCalendar;
+
+ /**
+ * Number of nanoseconds per millisecond
+ * (shared by other classes in this package)
+ */
+ static final int NANOS_PER_MILLI = 1000000;
+
+ /**
+ * Number of milliseconds per second
+ * (shared by other classes in this package)
+ */
+ static final int MILLIS_PER_SECOND = 1000;
+
+ /**
+ * Number of seconds in a minute
+ * (shared by other classes in this package)
+ */
+ static final int SECONDS_PER_MINUTE = 60;
+
+ /**
+ * Number of minutes in an hour
+ * (shared by other classes in this package)
+ */
+ static final int MINUTES_PER_HOUR = 60;
+
+ /**
+ * Number of hours in a day
+ * (shared by other classes in this package)
+ */
+ static final int HOURS_PER_DAY = 24;
+
+ /**
+ * Number of nanoseconds per second
+ * (shared by other classes in this package)
+ */
+ static final int NANOS_PER_SECOND = NANOS_PER_MILLI * MILLIS_PER_SECOND;
+
+ /**
+ * Number of milliseconds in a minute
+ * (shared by other classes in this package)
+ */
+ static final int MILLIS_PER_MINUTE =
+ MILLIS_PER_SECOND * SECONDS_PER_MINUTE;
+
+ /**
+ * Number of milliseconds in an hour
+ * (shared by other classes in this package)
+ */
+ static final int MILLIS_PER_HOUR =
+ MILLIS_PER_MINUTE * MINUTES_PER_HOUR;
+
+ /**
+ * Number of milliseconds in a day
+ * (shared by other classes in this package)
+ */
+ static final long MILLIS_PER_DAY = MILLIS_PER_HOUR * HOURS_PER_DAY;
+
+ /**
+ * Time zone value that indicates that the time zone was not
+ * specified.
+ */
+ public static final int TZ_UNSPECIFIED = -1000000;
+
+ /**
+ * The instant (in GMT) at which the specified date began (midnight)
+ * in the specified time zone. If no time zone was specified,
+ * the local time zone is used.
+ */
+ private Date value;
+
+ /**
+ * The time zone specified for this object (or TZ_UNSPECIFIED if
+ * unspecified). The offset to GMT, in minutes.
+ */
+ private int timeZone;
+
+ /**
+ * The time zone actually used for this object (if it was
+ * originally unspecified, the default time zone used).
+ * The offset to GMT, in minutes.
+ */
+ private int defaultedTimeZone;
+
+ /**
+ * Cached encoded value (null if not cached yet).
+ */
+ private String encodedValue = null;
+
+ /**
+ * Creates a new <code>TimeAttribute</code> that represents
+ * the current date in the default time zone.
+ */
+ public DateAttribute() {
+ super(identifierURI);
+
+ // Get the current time and GMT offset
+ Date currDate = new Date();
+ int currOffset = DateTimeAttribute.getDefaultTZOffset(currDate);
+ long millis = currDate.getTime();
+
+ // Now find out the last time it was midnight local time
+ // (actually the last time it was midnight with the current
+ // GMT offset, but that's good enough).
+
+ // Skip back by time zone offset.
+ millis += currOffset * MILLIS_PER_MINUTE;
+ // Reset to last GMT midnight
+ millis -= millis % MILLIS_PER_DAY;
+ // Skip forward by time zone offset.
+ millis -= currOffset * MILLIS_PER_MINUTE;
+ currDate.setTime(millis);
+ init(currDate, currOffset, currOffset);
+ }
+
+ /**
+ * Creates a new <code>DateAttribute</code> that represents
+ * the date supplied.
+ *
+ * @param date a <code>Date</code> object representing the
+ * instant at which the specified date began (midnight)
+ * in the specified time zone
+ * @param timeZone the time zone specified for this object
+ * (or TZ_UNSPECIFIED if unspecified). The
+ * offset to GMT, in minutes.
+ * @param defaultedTimeZone the time zone actually used for this
+ * object (if it was originally unspecified,
+ * the default time zone used).
+ * The offset to GMT, in minutes.
+ */
+ public DateAttribute(Date date, int timeZone, int defaultedTimeZone) {
+ super(identifierURI);
+
+ init(date, timeZone, defaultedTimeZone);
+ }
+
+ /**
+ * Initialization code shared by constructors.
+ *
+ * @param date a <code>Date</code> object representing the
+ * instant at which the specified date began (midnight)
+ * in the specified time zone.
+ * @param timeZone the time zone specified for this object
+ * (or TZ_UNSPECIFIED if unspecified). The
+ * offset to GMT, in minutes.
+ * @param defaultedTimeZone the time zone actually used for this
+ * object (if it was originally unspecified,
+ * the default time zone used).
+ * The offset to GMT, in minutes.
+ */
+ private void init(Date date, int timeZone, int defaultedTimeZone) {
+
+ // Shouldn't happen, but just in case...
+ if (earlyException != null)
+ throw earlyException;
+
+ this.value = (Date) date.clone();
+ this.timeZone = timeZone;
+ this.defaultedTimeZone = defaultedTimeZone;
+ }
+
+ /**
+ * Returns a new <code>DateAttribute</code> that represents
+ * the xs:date at a particular DOM node.
+ *
+ * @param root the <code>Node</code> that contains the desired value
+ * @return a new <code>DateAttribute</code> representing the
+ * appropriate value (null if there is a parsing error)
+ */
+ public static DateAttribute getInstance(Node root)
+ throws ParseException
+ {
+ return getInstance(root.getFirstChild().getNodeValue());
+ }
+
+ /**
+ * Returns a new <code>DateAttribute</code> that represents
+ * the xs:date value indicated by the string provided.
+ *
+ * @param value a string representing the desired value
+ * @return a new <code>DateAttribute</code> representing the
+ * desired value (null if there is a parsing error)
+ */
+ public static DateAttribute getInstance(String value)
+ throws ParseException
+ {
+ Date dateValue = null;
+ int timeZone;
+ int defaultedTimeZone;
+
+ if (simpleParser == null)
+ initParsers();
+
+ // If string ends with Z, it's in GMT. Chop off the Z and
+ // add +0000 to make the time zone explicit, then parse it
+ // with the timezone parser.
+ if (value.endsWith("Z")) {
+ value = value.substring(0, value.length()-1) + "+0000";
+ dateValue = strictParse(zoneParser, value);
+ timeZone = 0;
+ defaultedTimeZone = 0;
+ } else {
+ // If string ends with :XX, it must have a time zone
+ // or be invalid. Strip off the possible time zone and
+ // make sure what's left is a valid simple date. If so,
+ // reformat the time zone by stripping out the colon
+ // and parse the whole thing with the timezone parser.
+ int len = value.length();
+
+ if ((len > 6) && (value.charAt(len-3) == ':')) {
+ Date gmtValue = strictParse(zoneParser,
+ value.substring(0,len-6) +
+ "+0000");
+ value = value.substring(0, len-3) +
+ value.substring(len-2, len);
+ dateValue = strictParse(zoneParser, value);
+ timeZone =
+ (int) (gmtValue.getTime() - dateValue.getTime());
+ timeZone = timeZone / 60000;
+ defaultedTimeZone = timeZone;
+ } else {
+ // No funny business. This must be a simple date.
+ dateValue = strictParse(simpleParser, value);
+ timeZone = TZ_UNSPECIFIED;
+ Date gmtValue = strictParse(zoneParser, value + "+0000");
+ defaultedTimeZone =
+ (int) (gmtValue.getTime() - dateValue.getTime());
+ defaultedTimeZone = defaultedTimeZone / 60000;
+ }
+ }
+
+ // If parsing went OK, create a new DateAttribute object and
+ // return it.
+ DateAttribute attr = new DateAttribute(dateValue, timeZone,
+ defaultedTimeZone);
+ return attr;
+ }
+
+ /**
+ * Parse a String using a DateFormat parser, requiring that
+ * the entire String be consumed by the parser. On success,
+ * return a Date. On failure, throw a ParseException.
+ * 
+ * Synchronize on the parser object when using it, since we
+ * assume they're the shared static objects in this class.
+ */
+ private static Date strictParse(DateFormat parser, String str)
+ throws ParseException {
+ ParsePosition pos = new ParsePosition(0);
+ Date ret;
+ synchronized (parser) {
+ ret = parser.parse(str, pos);
+ }
+ if (pos.getIndex() != str.length())
+ throw new ParseException("", 0);
+ return ret;
+ }
+
+ /**
+ * Initialize the parser objects.
+ */
+ private static void initParsers() {
+ // If simpleParser is already set, we're done.
+ if (simpleParser != null)
+ return;
+
+ // Make sure that identifierURI is not null
+ if (earlyException != null)
+ throw earlyException;
+
+ // Synchronize on identifierURI while initializing parsers
+ // so we don't end up using a half-way initialized parser
+ synchronized (identifierURI) {
+ // This simple parser has no time zone
+ simpleParser = new SimpleDateFormat("yyyy-MM-dd");
+ simpleParser.setLenient(false);
+
+ // This parser has a four digit offset to GMT with sign
+ zoneParser = new SimpleDateFormat("yyyy-MM-ddZ");
+ zoneParser.setLenient(false);
+ }
+ }
+
+ /**
+ * Gets the date represented by this object. The return value is
+ * a <code>Date</code> object representing the
+ * instant at which the specified date began (midnight)
+ * in the time zone.
+ * 
+ * NOTE: The <code>Date</code> object is cloned before it
+ * is returned to avoid unauthorized changes.
+ *
+ * @return a <code>Date</code> object representing the instant
+ * at which the date began
+ */
+ public Date getValue() {
+ return (Date) value.clone();
+ }
+
+ /**
+ * Gets the specified time zone of this object (or
+ * TZ_UNSPECIFIED if unspecified).
+ *
+ * @return the offset to GMT in minutes (positive or negative)
+ */
+ public int getTimeZone() {
+ return timeZone;
+ }
+
+ /**
+ * Gets the time zone actually used for this object (if it was
+ * originally unspecified, the default time zone used).
+ *
+ * @return the offset to GMT in minutes (positive or negative)
+ */
+ public int getDefaultedTimeZone() {
+ return defaultedTimeZone;
+ }
+
+ /**
+ * Returns true if the input is an instance of this class and if its
+ * value equals the value contained in this class.
+ * 
+ * Two <code>DateAttribute</code>s are equal if and only if the
+ * instant on which the date began is equal. This means that they
+ * must have the same time zone.
+ *
+ * @param o the object to compare
+ *
+ * @return true if this object and the input represent the same value
+ */
+ public boolean equals(Object o) {
+ if (! (o instanceof DateAttribute))
+ return false;
+
+ DateAttribute other = (DateAttribute)o;
+
+ return value.equals(other.value);
+ }
+
+ /**
+ * Returns the hashcode value used to index and compare this object with
+ * others of the same type.
+ *
+ * @return the object's hashcode value
+ */
+ public int hashCode() {
+ // Only the value field is considered by the equals method, so only
+ // that field should be considered by this method.
+ return value.hashCode();
+ }
+
+ /**
+ * Converts to a String representation.
+ *
+ * @return the String representation
+ */
+ public String toString() {
+ StringBuffer sb = new StringBuffer();
+
+ sb.append("DateAttribute: [\n");
+ sb.append(" Date: " + value + " local time");
+ sb.append(" TimeZone: " + timeZone);
+ sb.append(" Defaulted TimeZone: " + defaultedTimeZone);
+ sb.append("]");
+
+ return sb.toString();
+ }
+
+ /**
+ * Encodes the value in a form suitable for including in XML data like
+ * a request or an obligation. This must return a value that could in
+ * turn be used by the factory to create a new instance with the same
+ * value.
+ *
+ * @return a <code>String</code> form of the value
+ */
+ public String encode() {
+ if (encodedValue != null)
+ return encodedValue;
+
+ if (timeZone == TZ_UNSPECIFIED) {
+ // If no time zone was specified, format Date value in
+ // local time with no time zone string.
+ initParsers();
+ synchronized (simpleParser) {
+ encodedValue = simpleParser.format(value);
+ }
+ } else {
+ // If a time zone was specified, don't use SimpleParser
+ // because it can only format dates in the local (default)
+ // time zone. And the offset between that time zone and the
+ // time zone we need to display can vary in complicated ways.
+
+ // Instead, do it ourselves using our formatDateWithTZ method.
+ encodedValue = formatDateWithTZ();
+ }
+ return encodedValue;
+ }
+
+ /**
+ * Encodes the value of this object as an xsi:date.
+ * Only for use when the time zone is specified.
+ *
+ * @return a <code>String</code> form of the value
+ */
+ private String formatDateWithTZ() {
+ if (gmtCalendar == null) {
+ TimeZone gmtTimeZone = TimeZone.getTimeZone("GMT");
+
+ // Locale doesn't make much difference here. We don't use
+ // any of the strings in the Locale and we don't do anything
+ // that depends on week count conventions. We use the US
+ // locale because it's always around and it ensures that we
+ // will always get a Gregorian calendar, which is necessary
+ // for compliance with ISO 8501.
+ gmtCalendar = Calendar.getInstance(gmtTimeZone, Locale.US);
+ }
+
+ // "YYYY-MM-DD+hh:mm".length() = 16
+ // Length may be longer if years < -999 or > 9999
+ StringBuffer buf = new StringBuffer(16);
+
+ synchronized (gmtCalendar) {
+ // Start with the GMT instant when the date started in the
+ // specified time zone (would be 7:00 PM the preceding day
+ // if the specified time zone was +0500).
+ gmtCalendar.setTime(value);
+ // Bump by the timeZone (so we get the right date/time that
+ // that we want to format)
+ gmtCalendar.add(Calendar.MINUTE, timeZone);
+
+ // Now, assemble the string
+ int year = gmtCalendar.get(Calendar.YEAR);
+ buf.append(zeroPadInt(year, 4));
+ buf.append('-');
+ // JANUARY is 0
+ int month = gmtCalendar.get(Calendar.MONTH) + 1;
+ buf.append(zeroPadInt(month, 2));
+ buf.append('-');
+ int dom = gmtCalendar.get(Calendar.DAY_OF_MONTH);
+ buf.append(zeroPadInt(dom, 2));
+ }
+
+ int tzNoSign = timeZone;
+ if (timeZone < 0) {
+ tzNoSign = -tzNoSign;
+ buf.append('-');
+ } else
+ buf.append('+');
+ int tzHours = tzNoSign / 60;
+ buf.append(zeroPadInt(tzHours, 2));
+ buf.append(':');
+ int tzMinutes = tzNoSign % 60;
+ buf.append(zeroPadInt(tzMinutes, 2));
+
+ return buf.toString();
+ }
+
+ /**
+ * Takes a String representation of an integer (an optional
+ * sign followed by digits) and pads it with zeros on the left
+ * until it has at least the specified number of digits.
+ * Note that this function will work for an integer of
+ * any size: int, long, etc.
+ *
+ * @param unpadded the unpadded <code>String</code>
+ * (must have length of at least one)
+ * @param minDigits the minimum number of digits desired
+ * @return the padded <code>String</code>
+ */
+ static String zeroPadIntString(String unpadded, int minDigits) {
+ int len = unpadded.length();
+
+ // Get the sign character (or 0 if none)
+ char sign = unpadded.charAt(0);
+ if ((sign != '-') && (sign != '+'))
+ sign = 0;
+
+ // The number of characters required is the number of digits,
+ // plus one for the sign if present.
+ int minChars = minDigits;
+ if (sign != 0)
+ minChars++;
+
+ // If we already have that many characters, we're done.
+ if (len >= minChars)
+ return unpadded;
+
+ // Otherwise, create the buffer
+ StringBuffer buf = new StringBuffer();
+
+ // Copy in the sign first, if present
+ if (sign != 0) {
+ buf.append(sign);
+ }
+
+ // Add the zeros
+ int zerosNeeded = minChars - len;
+ while (zerosNeeded-- != 0)
+ buf.append('0');
+
+ // Copy the rest of the unpadded string
+ if (sign != 0) {
+ // Skip sign
+ buf.append(unpadded.substring(1, len));
+ } else {
+ buf.append(unpadded);
+ }
+
+ return buf.toString();
+ }
+
+ /**
+ * Converts an integer to a base 10 string and pads it with
+ * zeros on the left until it has at least the specified
+ * number of digits. Note that the length of the resulting
+ * string will be greater than minDigits if the number is
+ * negative since the string will start with a minus sign.
+ *
+ * @param intValue the integer to convert
+ * @param minDigits the minimum number of digits desired
+ * @return the padded <code>String</code>
+ */
+ static String zeroPadInt(int intValue, int minDigits) {
+ return zeroPadIntString(Integer.toString(intValue), minDigits);
+ }
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/attr/DateTimeAttribute.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/attr/DateTimeAttribute.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/attr/DateTimeAttribute.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,688 @@
+
+/*
+ * @(#)DateTimeAttribute.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr;
+
+import com.sun.xacml.ParsingException;
+
+import java.net.URI;
+
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.text.ParsePosition;
+import java.text.SimpleDateFormat;
+
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Locale;
+import java.util.TimeZone;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * Representation of an xs:dateTime value. This class supports parsing
+ * xs:dateTime values. All objects of this class are immutable and
+ * thread-safe. The <code>Date</code> objects returned are not, but
+ * these objects are cloned before being returned.
+ *
+ * @since 1.0
+ * @author Marco Barreno
+ * @author Seth Proctor
+ * @author Steve Hanna
+ */
+public class DateTimeAttribute extends AttributeValue
+{
+ /**
+ * Official name of this type
+ */
+ public static final String identifier =
+ "http://www.w3.org/2001/XMLSchema#dateTime";;
+
+ /**
+ * URI version of name for this type
+ * 
+ * This field is initialized by a static initializer so that
+ * we can catch any exceptions thrown by URI(String) and
+ * transform them into a RuntimeException, since this should
+ * never happen but should be reported properly if it ever does.
+ * 
+ * This object is used for synchronization whenever we need
+ * protection across this whole class.
+ */
+ private static URI identifierURI;
+
+ /**
+ * RuntimeException that wraps an Exception thrown during the
+ * creation of identifierURI, null if none.
+ */
+ private static RuntimeException earlyException;
+
+ /**
+ * Static initializer that initializes the identifierURI
+ * class field so that we can catch any exceptions thrown
+ * by URI(String) and transform them into a RuntimeException.
+ * Such exceptions should never happen but should be reported
+ * properly if they ever do.
+ */
+ static {
+ try {
+ identifierURI = new URI(identifier);
+ } catch (Exception e) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(e);
+ }
+ };
+
+ /**
+ * Parser for dates with no time zones
+ * 
+ * This field is only initialized if needed (by initParsers()).
+ * 
+ * NOTE: This object should only be accessed from code that
+ * has synchronized on it, since SimpleDateFormat objects are not
+ * thread-safe. If this is causing performance problems, we could
+ * easily make this a method variable in methods that use it
+ * instead of a class field. But that would mean we'd need to
+ * spend a lot more time creating these objects.
+ */
+ private static DateFormat simpleParser;
+
+ /**
+ * Parser for dates with RFC 822 time zones (like +0300)
+ * 
+ * This field is only initialized if needed (by initParsers()).
+ * 
+ * NOTE: This object should only be accessed from code that
+ * has synchronized on it, since SimpleDateFormat objects are not
+ * thread-safe.
+ */
+ private static DateFormat zoneParser;
+
+ /**
+ * Calendar for GMT
+ * 
+ * NOTE: This object should only be accessed from code that
+ * has a lock on it, since Calendar objects are not generally
+ * thread-safe.
+ */
+ private static Calendar gmtCalendar;
+
+ /**
+ * Time zone value that indicates that the time zone was not
+ * specified.
+ */
+ public static final int TZ_UNSPECIFIED = -1000000;
+
+ /**
+ * The actual date and time that this object represents (in GMT,
+ * as with all Date objects). If no time zone was specified, the
+ * local time zone is used to convert to GMT.
+ * 
+ * This Date does not include fractions of a second. Those are
+ * handled by the separate nanoseconds field, since Date only
+ * provides millisecond accuracy and the XML Query spec requires
+ * at least 100 nanosecond accuracy.
+ */
+ private Date value;
+
+ /**
+ * The number of nanoseconds beyond the Date given by the value
+ * field. The XML Query document says that fractional seconds
+ * must be supported down to at least 100 nanosecond resolution.
+ * The Date class only supports milliseconds, so we include here
+ * support for nanosecond resolution.
+ */
+ private int nanoseconds;
+
+ /**
+ * The time zone specified for this object (or TZ_UNSPECIFIED if
+ * unspecified). The offset to GMT, in minutes.
+ */
+ private int timeZone;
+
+ /**
+ * The time zone actually used for this object (if it was
+ * originally unspecified, the default time zone used).
+ * The offset to GMT, in minutes.
+ */
+ private int defaultedTimeZone;
+
+ /**
+ * Cached encoded value (null if not cached yet).
+ */
+ private String encodedValue = null;
+
+ /**
+ * Creates a new <code>DateTimeAttribute</code> that represents
+ * the current date in the default time zone.
+ */
+ public DateTimeAttribute() {
+ super(identifierURI);
+
+ Date currDate = new Date();
+ int currOffset = getDefaultTZOffset(currDate);
+ init(currDate, 0, currOffset, currOffset);
+ }
+
+ /**
+ * Creates a new <code>DateTimeAttribute</code> that represents
+ * the date supplied.
+ *
+ * @param date a <code>Date</code> object representing the
+ * specified date and time down to second
+ * resolution. If this object has non-zero
+ * milliseconds, they are combined
+ * with the nanoseconds parameter.
+ * @param nanoseconds the number of nanoseconds beyond the
+ * Date specified in the date parameter
+ * @param timeZone the time zone specified for this object
+ * (or TZ_UNSPECIFIED if unspecified). The
+ * offset to GMT, in minutes.
+ * @param defaultedTimeZone the time zone actually used for this
+ * object (if it was originally unspecified,
+ * the default time zone used).
+ * The offset to GMT, in minutes.
+ */
+ public DateTimeAttribute(Date date, int nanoseconds, int timeZone,
+ int defaultedTimeZone) {
+ super(identifierURI);
+
+ init(date, nanoseconds, timeZone, defaultedTimeZone);
+ }
+
+ /**
+ * Initialization code shared by constructors.
+ *
+ * @param date a <code>Date</code> object representing the
+ * specified date and time down to second
+ * resolution. If this object has non-zero
+ * milliseconds, they are combined
+ * with the nanoseconds parameter.
+ * @param nanoseconds the number of nanoseconds beyond the
+ * Date specified in the date parameter
+ * @param timeZone the time zone specified for this object
+ * (or TZ_UNSPECIFIED if unspecified). The
+ * offset to GMT, in minutes.
+ * @param defaultedTimeZone the time zone actually used for this
+ * object (if it was originally unspecified,
+ * the default time zone used).
+ * The offset to GMT, in minutes.
+ */
+ private void init(Date date, int nanoseconds, int timeZone,
+ int defaultedTimeZone) {
+
+ // Shouldn't happen, but just in case...
+ if (earlyException != null)
+ throw earlyException;
+
+ // Make a new Date object
+ this.value = (Date) date.clone();
+ // Combine the nanoseconds so they are between 0 and 999,999,999
+ this.nanoseconds = combineNanos(this.value, nanoseconds);
+ this.timeZone = timeZone;
+ this.defaultedTimeZone = defaultedTimeZone;
+ }
+
+ /**
+ * Returns a new <code>DateTimeAttribute</code> that represents
+ * the xs:dateTime at a particular DOM node.
+ *
+ * @param root the <code>Node</code> that contains the desired value
+ * @return a new <code>DateTimeAttribute</code> representing the
+ * appropriate value
+ * @throws ParsingException if any problems occurred while parsing
+ */
+ public static DateTimeAttribute getInstance(Node root)
+ throws ParsingException, NumberFormatException, ParseException
+ {
+ return getInstance(root.getFirstChild().getNodeValue());
+ }
+
+ /**
+ * Returns a new <code>DateTimeAttribute</code> that represents
+ * the xs:dateTime value indicated by the string provided.
+ *
+ * @param value a string representing the desired value
+ * @return a new <code>DateTimeAttribute</code> representing the
+ * desired value
+ * @throws ParsingException if the text is formatted incorrectly
+ * @throws NumberFormatException if the nanosecond format is incorrect
+ * @throws ParseException
+ */
+ public static DateTimeAttribute getInstance(String value)
+ throws ParsingException, NumberFormatException, ParseException
+ {
+ Date dateValue = null;
+ int nanoseconds = 0;
+ int timeZone;
+ int defaultedTimeZone;
+
+ initParsers();
+
+ // If string ends with Z, it's in GMT. Chop off the Z and
+ // add +00:00 to make the time zone explicit.
+ if (value.endsWith("Z"))
+ value = value.substring(0, value.length()-1) + "+00:00";
+
+ // Figure out if the string has a time zone.
+ // If string ends with +XX:XX or -XX:XX, it must have
+ // a time zone or be invalid.
+ int len = value.length(); // This variable is often not up-to-date
+ boolean hasTimeZone = ((value.charAt(len-3) == ':') &&
+ ((value.charAt(len-6) == '-') ||
+ (value.charAt(len-6) == '+')));
+
+ // If string contains a period, it must have fractional
+ // seconds (or be invalid). Strip them out and put the
+ // value in nanoseconds.
+ int dotIndex = value.indexOf('.');
+ if (dotIndex != -1) {
+ // Decide where fractional seconds end.
+ int secondsEnd = value.length();
+ if (hasTimeZone)
+ secondsEnd -= 6;
+ // Copy the fractional seconds out of the string.
+ String nanoString = value.substring(dotIndex+1, secondsEnd);
+ // Check that all those characters are ASCII digits.
+ for (int i = nanoString.length()-1; i >= 0; i--) {
+ char c = nanoString.charAt(i);
+ if ((c < '0') || (c > '9'))
+ throw new ParsingException("non-ascii digit found");
+ }
+ // If there are less than 9 digits in the fractional seconds,
+ // pad with zeros on the right so it's nanoseconds.
+ while (nanoString.length() < 9)
+ nanoString += "0";
+ // If there are more than 9 digits in the fractional seconds,
+ // drop the least significant digits.
+ if (nanoString.length() > 9) {
+ nanoString = nanoString.substring(0, 9);
+ }
+ // Parse the fractional seconds.
+ nanoseconds = Integer.parseInt(nanoString);
+
+ // Remove the fractional seconds from the string.
+ value = value.substring(0, dotIndex) +
+ value.substring(secondsEnd, value.length());
+ }
+
+ // this is the code that may trow a ParseException
+ if (hasTimeZone) {
+ // Strip off the purported time zone and make sure what's
+ // left is a valid unzoned date and time (by parsing in GMT).
+ // If so, reformat the time zone by stripping out the colon
+ // and parse the revised string with the timezone parser.
+
+ len = value.length();
+
+ Date gmtValue = strictParse(zoneParser,
+ value.substring(0,len-6) + "+0000");
+ value = value.substring(0, len-3) +
+ value.substring(len-2, len);
+ dateValue = strictParse(zoneParser, value);
+ timeZone =
+ (int) (gmtValue.getTime() - dateValue.getTime());
+ timeZone = timeZone / 60000;
+ defaultedTimeZone = timeZone;
+ } else {
+ // No funny business. This must be a simple date and time.
+ dateValue = strictParse(simpleParser, value);
+ timeZone = TZ_UNSPECIFIED;
+ // Figure out what time zone was used.
+ Date gmtValue = strictParse(zoneParser, value + "+0000");
+ defaultedTimeZone =
+ (int) (gmtValue.getTime() - dateValue.getTime());
+ defaultedTimeZone = defaultedTimeZone / 60000;
+ }
+
+ // If parsing went OK, create a new DateTimeAttribute object and
+ // return it.
+
+ DateTimeAttribute attr = new DateTimeAttribute(dateValue,
nanoseconds,
+ timeZone,
+ defaultedTimeZone);
+ return attr;
+ }
+
+ /**
+ * Parse a String using a DateFormat parser, requiring that
+ * the entire String be consumed by the parser. On success,
+ * return a Date. On failure, throw a ParseException.
+ * 
+ * Synchronize on the parser object when using it, since we
+ * assume they're the shared static objects in this class.
+ */
+ private static Date strictParse(DateFormat parser, String str)
+ throws ParseException {
+ ParsePosition pos = new ParsePosition(0);
+ Date ret;
+ synchronized (parser) {
+ ret = parser.parse(str, pos);
+ }
+ if (pos.getIndex() != str.length())
+ throw new ParseException("", 0);
+ return ret;
+ }
+
+ /**
+ * Initialize the parser objects.
+ */
+ private static void initParsers() {
+ // If simpleParser is already set, we're done.
+ if (simpleParser != null)
+ return;
+
+ // Make sure that identifierURI is not null
+ if (earlyException != null)
+ throw earlyException;
+
+ // Synchronize on identifierURI while initializing parsers
+ // so we don't end up using a half-way initialized parser
+ synchronized (identifierURI) {
+ // This simple parser has no time zone
+ simpleParser = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");
+ simpleParser.setLenient(false);
+
+ // This parser has a four digit offset to GMT with sign
+ zoneParser = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ");
+ zoneParser.setLenient(false);
+ }
+ }
+
+ /**
+ * Gets the date and time represented by this object. The return
+ * value is a <code>Date</code> object representing the
+ * specified date and time down to second resolution.
+ * Subsecond values are handled by the
+ *
{@link
#getNanoseconds getNanoseconds} method.
+ * 
+ * NOTE: The <code>Date</code> object is cloned before it
+ * is returned to avoid unauthorized changes.
+ *
+ * @return a <code>Date</code> object representing the date and
+ * time represented by this object
+ */
+ public Date getValue() {
+ return (Date) value.clone();
+ }
+
+ /**
+ * Gets the nanoseconds of this object.
+ *
+ * @return the number of nanoseconds
+ */
+ public int getNanoseconds() {
+ return nanoseconds;
+ }
+
+ /**
+ * Gets the time zone of this object (or TZ_UNSPECIFIED if
+ * unspecified).
+ *
+ * @return the offset to GMT in minutes (positive or negative)
+ */
+ public int getTimeZone() {
+ return timeZone;
+ }
+
+ /**
+ * Gets the time zone actually used for this object (if it was
+ * originally unspecified, the default time zone used).
+ *
+ * @return the offset to GMT in minutes (positive or negative)
+ */
+ public int getDefaultedTimeZone() {
+ return defaultedTimeZone;
+ }
+
+ /**
+ * Returns true if the input is an instance of this class and if its
+ * value equals the value contained in this class.
+ * 
+ * Two <code>DateTimeAttribute</code>s are equal if and only if the
+ * dates and times represented are identical (down to the nanosecond).
+ *
+ * @param o the object to compare
+ *
+ * @return true if this object and the input represent the same value
+ */
+ public boolean equals(Object o) {
+ if (! (o instanceof DateTimeAttribute))
+ return false;
+
+ DateTimeAttribute other = (DateTimeAttribute)o;
+
+ // Since the value field is normalized into GMT, this is a
+ // good way to compare.
+ return (value.equals(other.value) &&
+ (nanoseconds == other.nanoseconds));
+ }
+
+ /**
+ * Returns the hashcode value used to index and compare this object with
+ * others of the same type.
+ *
+ * @return the object's hashcode value
+ */
+ public int hashCode() {
+ // Both the value field and the nanoseconds field are considered
+ // by the equals method, so it's best if the hashCode is derived
+ // from both of those fields.
+ int hashCode = value.hashCode();
+ hashCode = 31*hashCode + nanoseconds;
+ return hashCode;
+ }
+
+ /**
+ * Converts to a String representation.
+ *
+ * @return the String representation
+ */
+ public String toString() {
+ StringBuffer sb = new StringBuffer();
+
+ sb.append("DateTimeAttribute: [\n");
+ sb.append(" Date: " + value + " local time");
+ sb.append(" Nanoseconds: " + nanoseconds);
+ sb.append(" TimeZone: " + timeZone);
+ sb.append(" Defaulted TimeZone: " + defaultedTimeZone);
+ sb.append("]");
+
+ return sb.toString();
+ }
+
+ /**
+ * Encodes the value in a form suitable for including in XML data like
+ * a request or an obligation. This must return a value that could in
+ * turn be used by the factory to create a new instance with the same
+ * value.
+ *
+ * @return a <code>String</code> form of the value
+ */
+ public String encode() {
+ if (encodedValue != null)
+ return encodedValue;
+
+ if (timeZone == TZ_UNSPECIFIED) {
+ // If no time zone was specified, format Date value in
+ // local time with no time zone string.
+ initParsers();
+ synchronized (simpleParser) {
+ encodedValue = simpleParser.format(value);
+ }
+ if (nanoseconds != 0) {
+ encodedValue = encodedValue + "." +
+ DateAttribute.zeroPadInt(nanoseconds, 9);
+ }
+ } else {
+ // If a time zone was specified, don't use SimpleParser
+ // because it can only format dates in the local (default)
+ // time zone. And the offset between that time zone and the
+ // time zone we need to display can vary in complicated ways.
+
+ // Instead, do it ourselves using our formatDateWithTZ method.
+ encodedValue = formatDateTimeWithTZ();
+ }
+ return encodedValue;
+ }
+
+ /**
+ * Encodes the value of this object as an xsi:dateTime.
+ * Only for use when the time zone is specified.
+ *
+ * @return a <code>String</code> form of the value
+ */
+ private String formatDateTimeWithTZ() {
+ if (gmtCalendar == null) {
+ TimeZone gmtTimeZone = TimeZone.getTimeZone("GMT");
+
+ // Locale doesn't make much difference here. We don't use
+ // any of the strings in the Locale and we don't do anything
+ // that depends on week count conventions. We use the US
+ // locale because it's always around and it ensures that we
+ // will always get a Gregorian calendar, which is necessary
+ // for compliance with ISO 8501.
+ gmtCalendar = Calendar.getInstance(gmtTimeZone, Locale.US);
+ }
+
+ // "YYYY-MM-DDThh:mm:ss.sssssssss+hh:mm".length() = 35
+ // Length may be longer if years < -999 or > 9999
+ StringBuffer buf = new StringBuffer(35);
+
+ synchronized (gmtCalendar) {
+ // Start with the proper time in GMT.
+ gmtCalendar.setTime(value);
+ // Bump by the timeZone, since we're going to be extracting
+ // the value in GMT
+ gmtCalendar.add(Calendar.MINUTE, timeZone);
+
+ // Now, assemble the string
+ int year = gmtCalendar.get(Calendar.YEAR);
+ buf.append(DateAttribute.zeroPadInt(year, 4));
+ buf.append('-');
+ // JANUARY is 0
+ int month = gmtCalendar.get(Calendar.MONTH) + 1;
+ buf.append(DateAttribute.zeroPadInt(month, 2));
+ buf.append('-');
+ int dom = gmtCalendar.get(Calendar.DAY_OF_MONTH);
+ buf.append(DateAttribute.zeroPadInt(dom, 2));
+ buf.append('T');
+ int hour = gmtCalendar.get(Calendar.HOUR_OF_DAY);
+ buf.append(DateAttribute.zeroPadInt(hour, 2));
+ buf.append(':');
+ int minute = gmtCalendar.get(Calendar.MINUTE);
+ buf.append(DateAttribute.zeroPadInt(minute, 2));
+ buf.append(':');
+ int second = gmtCalendar.get(Calendar.SECOND);
+ buf.append(DateAttribute.zeroPadInt(second, 2));
+ }
+
+ if (nanoseconds != 0) {
+ buf.append('.');
+ buf.append(DateAttribute.zeroPadInt(nanoseconds, 9));
+ }
+
+ int tzNoSign = timeZone;
+ if (timeZone < 0) {
+ tzNoSign = -tzNoSign;
+ buf.append('-');
+ } else
+ buf.append('+');
+ int tzHours = tzNoSign / 60;
+ buf.append(DateAttribute.zeroPadInt(tzHours, 2));
+ buf.append(':');
+ int tzMinutes = tzNoSign % 60;
+ buf.append(DateAttribute.zeroPadInt(tzMinutes, 2));
+
+ return buf.toString();
+ }
+
+ /**
+ * Gets the offset in minutes between the default time zone and
+ * UTC for the specified date.
+ *
+ * @param the <code>Date</code> whose offset is desired
+ * @return the offset in minutes
+ */
+ static int getDefaultTZOffset(Date date) {
+ int offset = TimeZone.getDefault().getOffset(date.getTime());
+ offset = offset / DateAttribute.MILLIS_PER_MINUTE;
+ return offset;
+ }
+
+ /**
+ * Combines a number of nanoseconds with a <code>Date</code>
+ * so that the Date has no fractional seconds and the number
+ * of nanoseconds is non-negative and less than a second.
+ * 
+ * WARNING: This function changes the value stored in
+ * the date parameter!
+ *
+ * @param date the <code>Date</code> to be combined
+ * (value may be modified!)
+ * @param nanos the nanoseconds to be combined
+ * @return the resulting number of nanoseconds
+ */
+ static int combineNanos(Date date, int nanoseconds) {
+ long millis = date.getTime();
+ int milliCarry = (int) (millis % DateAttribute.MILLIS_PER_SECOND);
+
+ // If nothing needs fixing, get out quick
+ if ((milliCarry == 0) && (nanoseconds > 0)
+ && (nanoseconds < DateAttribute.NANOS_PER_SECOND))
+ return nanoseconds;
+
+ // Remove any non-zero milliseconds from the date.
+ millis -= milliCarry;
+ // Add them into the nanoseconds.
+ long nanoTemp = nanoseconds;
+ nanoTemp += milliCarry * DateAttribute.NANOS_PER_MILLI;
+ // Get the nanoseconds that represent fractional seconds.
+ // This we'll return.
+ int nanoResult = (int) (nanoTemp % DateAttribute.NANOS_PER_SECOND);
+ // Get nanoseconds that represent whole seconds.
+ nanoTemp -= nanoResult;
+ // Convert that to milliseconds and add it back to the date.
+ millis += nanoTemp / DateAttribute.NANOS_PER_MILLI;
+ date.setTime(millis);
+
+ return nanoResult;
+ }
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/attr/DayTimeDurationAttribute.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/attr/DayTimeDurationAttribute.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/attr/DayTimeDurationAttribute.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,572 @@
+
+/*
+ * @(#)DayTimeDurationAttribute.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr;
+
+import com.sun.xacml.ParsingException;
+
+import java.math.BigInteger;
+
+import java.net.URI;
+
+import java.util.regex.Pattern;
+import java.util.regex.PatternSyntaxException;
+import java.util.regex.Matcher;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * Representation of an xf:dayTimeDuration value. This class supports parsing
+ * xd:dayTimeDuration values. All objects of this class are immutable and
+ * thread-safe. The <code>Date</code> objects returned are not, but
+ * these objects are cloned before being returned.
+ *
+ * @since 1.0
+ * @author Steve Hanna
+ */
+public class DayTimeDurationAttribute extends AttributeValue
+{
+ /**
+ * Official name of this type
+ */
+ public static final String identifier =
+ "http://www.w3.org/TR/2002/WD-xquery-operators-20020816#"; +
+ "dayTimeDuration";
+
+ /**
+ * URI version of name for this type
+ * 
+ * This field is initialized by a static initializer so that
+ * we can catch any exceptions thrown by URI(String) and
+ * transform them into a RuntimeException, since this should
+ * never happen but should be reported properly if it ever does.
+ */
+ private static URI identifierURI;
+
+ /**
+ * RuntimeException that wraps an Exception thrown during the
+ * creation of identifierURI, null if none.
+ */
+ private static RuntimeException earlyException;
+
+ /**
+ * Static initializer that initializes the identifierURI
+ * class field so that we can catch any exceptions thrown
+ * by URI(String) and transform them into a RuntimeException.
+ * Such exceptions should never happen but should be reported
+ * properly if they ever do.
+ */
+ static {
+ try {
+ identifierURI = new URI(identifier);
+ } catch (Exception e) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(e);
+ }
+ };
+
+ /**
+ * Regular expression for dayTimeDuration (a la java.util.regex)
+ */
+ private static final String patternString =
+ "(\\-)?P((\\d+)?D)?(T((\\d+)?H)?((\\d+)?M)?((\\d+)?(.(\\d+)?)?S)?)?";
+
+ /**
+ * The index of the capturing group for the negative sign.
+ */
+ private static final int GROUP_SIGN = 1;
+
+ /**
+ * The index of the capturing group for the number of days.
+ */
+ private static final int GROUP_DAYS = 3;
+
+ /**
+ * The index of the capturing group for the number of hours.
+ */
+ private static final int GROUP_HOURS = 6;
+
+ /**
+ * The index of the capturing group for the number of minutes.
+ */
+ private static final int GROUP_MINUTES = 8;
+
+ /**
+ * The index of the capturing group for the number of seconds.
+ */
+ private static final int GROUP_SECONDS = 10;
+
+ /**
+ * The index of the capturing group for the number of nanoseconds.
+ */
+ private static final int GROUP_NANOSECONDS = 12;
+
+ /**
+ * Static BigInteger values. We only use these if one of
+ * the components is bigger than Integer.MAX_LONG and we
+ * want to detect overflow, so we don't initialize these
+ * until they're needed.
+ */
+ private static BigInteger big24;
+ private static BigInteger big60;
+ private static BigInteger big1000;
+ private static BigInteger bigMaxLong;
+
+ /**
+ * A shared Pattern object, only initialized if needed
+ */
+ private static Pattern pattern;
+
+ /**
+ * Negative flag. true if duration is negative, false otherwise
+ */
+ private boolean negative;
+
+ /**
+ * Number of days
+ */
+ private long days;
+
+ /**
+ * Number of hours
+ */
+ private long hours;
+
+ /**
+ * Number of minutes
+ */
+ private long minutes;
+
+ /**
+ * Number of seconds
+ */
+ private long seconds;
+
+ /**
+ * Number of nanoseconds
+ */
+ private int nanoseconds;
+
+ /**
+ * Total number of round seconds (in milliseconds)
+ */
+ private long totalMillis;
+
+ /**
+ * Cached encoded value (null if not cached yet).
+ */
+ private String encodedValue = null;
+
+ /**
+ * Creates a new <code>DayTimeDurationAttribute</code> that represents
+ * the duration supplied.
+ *
+ * @param negative true if the duration is negative, false otherwise
+ * @param days the number of days in the duration
+ * @param hours the number of hours in the duration
+ * @param minutes the number of minutes in the duration
+ * @param seconds the number of seconds in the duration
+ * @param nanoseconds the number of nanoseconds in the duration
+ * @throws IllegalArgumentException if the total number of milliseconds
+ * exceeds Long.MAX_LONG
+ */
+ public DayTimeDurationAttribute(boolean negative, long days, long hours,
+ long minutes, long seconds,
+ int nanoseconds)
+ throws IllegalArgumentException {
+ super(identifierURI);
+
+ // Shouldn't happen, but just in case...
+ if (earlyException != null)
+ throw earlyException;
+
+ this.negative = negative;
+ this.days = days;
+ this.hours = hours;
+ this.minutes = minutes;
+ this.seconds = seconds;
+ this.nanoseconds = nanoseconds;
+
+ // Convert all the components except nanoseconds to milliseconds
+
+ // If any of the components is big (too big to be an int),
+ // use the BigInteger class to do the math so we can detect
+ // overflow.
+ if ((days > Integer.MAX_VALUE) || (hours > Integer.MAX_VALUE) ||
+ (minutes > Integer.MAX_VALUE) || (seconds > Integer.MAX_VALUE)) {
+ if (big24 == null) {
+ big24 = BigInteger.valueOf(24);
+ big60 = BigInteger.valueOf(60);
+ big1000 = BigInteger.valueOf(1000);
+ bigMaxLong = BigInteger.valueOf(Long.MAX_VALUE);
+ }
+ BigInteger bigDays = BigInteger.valueOf(days);
+ BigInteger bigHours = BigInteger.valueOf(hours);
+ BigInteger bigMinutes = BigInteger.valueOf(minutes);
+ BigInteger bigSeconds = BigInteger.valueOf(seconds);
+
+ BigInteger bigTotal = bigDays.multiply(big24).add(bigHours)
+ .multiply(big60).add(bigMinutes).multiply(big60)
+ .add(bigSeconds).multiply(big1000);
+
+ // If the result is bigger than Long.MAX_VALUE, we have an
+ // overflow. Indicate an error (should be a processing error,
+ // since it can be argued that we should handle gigantic
+ // values for this).
+ if (bigTotal.compareTo(bigMaxLong) == 1)
+ throw new IllegalArgumentException("total number of " +
+ "milliseconds " +
+ "exceeds Long.MAX_VALUE");
+ // If no overflow, convert to a long.
+ totalMillis = bigTotal.longValue();
+ } else {
+ // The numbers are small, so do it the fast way.
+ totalMillis = ((((((days * 24) + hours) * 60) + minutes) * 60) +
+ seconds) * 1000;
+ }
+ }
+
+ /**
+ * Returns a new <code>DayTimeDurationAttribute</code> that represents
+ * the xf:dayTimeDuration at a particular DOM node.
+ *
+ * @param root the <code>Node</code> that contains the desired value
+ * @return a new <code>DayTimeDurationAttribute</code> representing the
+ * appropriate value (null if there is a parsing error)
+ */
+ public static DayTimeDurationAttribute getInstance(Node root)
+ throws ParsingException, NumberFormatException
+ {
+ return getInstance(root.getFirstChild().getNodeValue());
+ }
+
+ /**
+ * Returns the long value for the capturing group groupNumber.
+ * This method takes a Matcher that has been used to match a
+ * Pattern against a String, fetches the value for the specified
+ * capturing group, converts that value to an long, and returns
+ * the value. If that group did not match, 0 is returned.
+ * If the matched value is not a valid long, NumberFormatException
+ * is thrown.
+ *
+ * @param matcher the Matcher from which to fetch the group
+ * @param groupNumber the group number to fetch
+ * @return the long value for that groupNumber
+ * @throws NumberFormatException if the string value for that
+ * groupNumber is not a valid long
+ */
+ private static long parseGroup(Matcher matcher, int groupNumber)
+ throws NumberFormatException {
+ long groupLong = 0;
+
+ if (matcher.start(groupNumber) != -1) {
+ String groupString = matcher.group(groupNumber);
+ groupLong = Long.parseLong(groupString);
+ }
+ return groupLong;
+ }
+
+ /**
+ * Returns a new <code>DayTimeDurationAttribute</code> that represents
+ * the xf:dayTimeDuration value indicated by the string provided.
+ *
+ * @param value a string representing the desired value
+ * @return a new <code>DayTimeDurationAttribute</code> representing the
+ * desired value (null if there is a parsing error)
+ */
+ public static DayTimeDurationAttribute getInstance(String value)
+ throws ParsingException, NumberFormatException
+ {
+ boolean negative = false;
+ long days = 0;
+ long hours = 0;
+ long minutes = 0;
+ long seconds = 0;
+ int nanoseconds = 0;
+
+ // Compile the pattern, if not already done.
+ // No thread-safety problem here. The worst that can
+ // happen is that we initialize pattern several times.
+ if (pattern == null) {
+ try {
+ pattern = Pattern.compile(patternString);
+ } catch (PatternSyntaxException e) {
+ // This should never happen
+ throw new ParsingException("unexpected pattern match error");
+ }
+ }
+
+ // See if the value matches the pattern.
+ Matcher matcher = pattern.matcher(value);
+ boolean matches = matcher.matches();
+
+ // If not, syntax error!
+ if (!matches) {
+ throw new ParsingException("Syntax error in dayTimeDuration");
+ }
+
+ // If the negative group matched, the value is negative.
+ if (matcher.start(GROUP_SIGN) != -1)
+ negative = true;
+
+ try {
+ // If the days group matched, parse that value.
+ days = parseGroup(matcher, GROUP_DAYS);
+
+ // If the hours group matched, parse that value.
+ hours = parseGroup(matcher, GROUP_HOURS);
+
+ // If the minutes group matched, parse that value.
+ minutes = parseGroup(matcher, GROUP_MINUTES);
+
+ // If the seconds group matched, parse that value.
+ seconds = parseGroup(matcher, GROUP_SECONDS);
+
+ // Special handling for fractional seconds, since
+ // they can have any resolution.
+ if (matcher.start(GROUP_NANOSECONDS) != -1) {
+ String nanosecondString = matcher.group(GROUP_NANOSECONDS);
+
+ // If there are less than 9 digits in the fractional seconds,
+ // pad with zeros on the right so it's nanoseconds.
+ while (nanosecondString.length() < 9)
+ nanosecondString += "0";
+
+ // If there are more than 9 digits in the fractional seconds,
+ // drop the least significant digits.
+ if (nanosecondString.length() > 9) {
+ nanosecondString = nanosecondString.substring(0, 9);
+ }
+
+ nanoseconds = Integer.parseInt(nanosecondString);
+ }
+ } catch (NumberFormatException e) {
+ // If we run into a number that's too big to be a long
+ // that's an error. Really, it's a processing error,
+ // since one can argue that we should handle that.
+ throw e;
+ }
+
+ // Here's a requirement that's not checked for in the pattern.
+ // The designator 'T' must be absent if all the time
+ // items are absent. So the string can't end in 'T'.
+ // Note that we don't have to worry about a zero length
+ // string, since the pattern won't allow that.
+ if (value.charAt(value.length()-1) == 'T')
+ throw new ParsingException("'T' must be absent if all" +
+ "time items are absent");
+
+ // If parsing went OK, create a new DayTimeDurationAttribute object
and
+ // return it.
+ return new DayTimeDurationAttribute(negative, days, hours, minutes,
+ seconds, nanoseconds);
+ }
+
+ /**
+ * Returns true if the duration is negative.
+ *
+ * @return true if the duration is negative, false otherwise
+ */
+ public boolean isNegative() {
+ return negative;
+ }
+
+ /**
+ * Gets the number of days.
+ *
+ * @return the number of days
+ */
+ public long getDays() {
+ return days;
+ }
+
+ /**
+ * Gets the number of hours.
+ *
+ * @return the number of hours
+ */
+ public long getHours() {
+ return hours;
+ }
+
+ /**
+ * Gets the number of minutes.
+ *
+ * @return the number of minutes
+ */
+ public long getMinutes() {
+ return minutes;
+ }
+
+ /**
+ * Gets the number of seconds.
+ *
+ * @return the number of seconds
+ */
+ public long getSeconds() {
+ return seconds;
+ }
+
+ /**
+ * Gets the number of nanoseconds.
+ *
+ * @return the number of nanoseconds
+ */
+ public int getNanoseconds() {
+ return nanoseconds;
+ }
+
+ /**
+ * Gets the total number of round seconds (in milliseconds).
+ *
+ * @return the total number of seconds (in milliseconds)
+ */
+ public long getTotalSeconds() {
+ return totalMillis;
+ }
+
+ /**
+ * Returns true if the input is an instance of this class and if its
+ * value equals the value contained in this class.
+ *
+ * @param o the object to compare
+ *
+ * @return true if this object and the input represent the same value
+ */
+ public boolean equals(Object o) {
+ if (! (o instanceof DayTimeDurationAttribute))
+ return false;
+
+ DayTimeDurationAttribute other = (DayTimeDurationAttribute)o;
+
+ return ((totalMillis == other.totalMillis) &&
+ (nanoseconds == other.nanoseconds) &&
+ (negative == other.negative));
+ }
+
+ /**
+ * Returns the hashcode value used to index and compare this object with
+ * others of the same type. Typically this is the hashcode of the backing
+ * data object.
+ *
+ * @return the object's hashcode value
+ */
+ public int hashCode() {
+ // The totalMillis, nanoseconds, and negative fields are all
considered
+ // by the equals method, so it's best if the hashCode is derived
+ // from all of those fields.
+ int hashCode = (int) totalMillis ^ (int) (totalMillis >> 32);
+ hashCode = 31*hashCode + nanoseconds;
+ if (negative)
+ hashCode = -hashCode;
+ return hashCode;
+ }
+
+ /**
+ * Converts to a String representation.
+ *
+ * @return the String representation
+ */
+ public String toString() {
+ StringBuffer sb = new StringBuffer();
+
+ sb.append("DayTimeDurationAttribute: [\n");
+ sb.append(" Negative: " + negative);
+ sb.append(" Days: " + days);
+ sb.append(" Hours: " + hours);
+ sb.append(" Minutes: " + minutes);
+ sb.append(" Seconds: " + seconds);
+ sb.append(" Nanoseconds: " + nanoseconds);
+ sb.append(" TotalSeconds: " + totalMillis);
+ sb.append("]");
+
+ return sb.toString();
+ }
+
+ /**
+ * Encodes the value in a form suitable for including in XML data like
+ * a request or an obligation. This must return a value that could in
+ * turn be used by the factory to create a new instance with the same
+ * value.
+ *
+ * @return a <code>String</code> form of the value
+ */
+ public String encode() {
+ if (encodedValue != null)
+ return encodedValue;
+
+ // Length is quite variable
+ StringBuffer buf = new StringBuffer(10);
+
+ if (negative)
+ buf.append('-');
+ buf.append('P');
+ if (days != 0) {
+ buf.append(Long.toString(days));
+ buf.append('D');
+ }
+ if ((hours != 0) || (minutes != 0)
+ || (seconds != 0) || (nanoseconds != 0)) {
+ // Only include the T if there are some time fields
+ buf.append('T');
+ } else {
+ // Make sure that there's always at least one field specified
+ if (days == 0)
+ buf.append("0D");
+ }
+ if (hours != 0) {
+ buf.append(Long.toString(hours));
+ buf.append('H');
+ }
+ if (minutes != 0) {
+ buf.append(Long.toString(minutes));
+ buf.append('M');
+ }
+ if ((seconds != 0) || (nanoseconds != 0)) {
+ buf.append(Long.toString(seconds));
+ if (nanoseconds != 0) {
+ buf.append('.');
+ buf.append(DateAttribute.zeroPadInt(nanoseconds, 9));
+ }
+ buf.append('S');
+ }
+
+ encodedValue = buf.toString();
+
+ return encodedValue;
+ }
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/attr/DoubleAttribute.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/attr/DoubleAttribute.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/attr/DoubleAttribute.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,208 @@
+
+/*
+ * @(#)DoubleAttribute.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr;
+
+import java.net.URI;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * Representation of an xsi:double value. This class supports parsing
+ * xsi:double values. All objects of this class are immutable and
+ * all methods of the class are thread-safe.
+ *
+ * @since 1.0
+ * @author Marco Barreno
+ * @author Seth Proctor
+ * @author Steve Hanna
+ */
+public class DoubleAttribute extends AttributeValue
+{
+ /**
+ * Official name of this type
+ */
+ public static final String identifier =
+ "http://www.w3.org/2001/XMLSchema#double";;
+
+ /**
+ * URI version of name for this type
+ * 
+ * This field is initialized by a static initializer so that
+ * we can catch any exceptions thrown by URI(String) and
+ * transform them into a RuntimeException, since this should
+ * never happen but should be reported properly if it ever does.
+ */
+ private static URI identifierURI;
+
+ /**
+ * RuntimeException that wraps an Exception thrown during the
+ * creation of identifierURI, null if none.
+ */
+ private static RuntimeException earlyException;
+
+ /**
+ * Static initializer that initializes the identifierURI
+ * class field so that we can catch any exceptions thrown
+ * by URI(String) and transform them into a RuntimeException.
+ * Such exceptions should never happen but should be reported
+ * properly if they ever do.
+ */
+ static {
+ try {
+ identifierURI = new URI(identifier);
+ } catch (Exception e) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(e);
+ }
+ };
+
+ /**
+ * The actual double value that this object represents.
+ */
+ private double value;
+
+ /**
+ * Creates a new <code>DoubleAttribute</code> that represents
+ * the double value supplied.
+ *
+ * @param value the <code>double</code> value to be represented
+ */
+ public DoubleAttribute(double value) {
+ super(identifierURI);
+
+ // Shouldn't happen, but just in case...
+ if (earlyException != null)
+ throw earlyException;
+
+ this.value = value;
+ }
+
+ /**
+ * Returns a new <code>DoubleAttribute</code> that represents
+ * the xsi:double at a particular DOM node.
+ *
+ * @param root the <code>Node</code> that contains the desired value
+ * @return a new <code>DoubleAttribute</code> representing the
+ * appropriate value (null if there is a parsing error)
+ * @throws NumberFormatException if the string form is not a double
+ */
+ public static DoubleAttribute getInstance(Node root)
+ throws NumberFormatException
+ {
+ return getInstance(root.getFirstChild().getNodeValue());
+ }
+
+ /**
+ * Returns a new <code>DoubleAttribute</code> that represents
+ * the xsi:double value indicated by the string provided.
+ *
+ * @param value a string representing the desired value
+ * @return a new <code>DoubleAttribute</code> representing the
+ * desired value (null if there is a parsing error)
+ * @throws NumberFormatException if the value is not a double
+ */
+ public static DoubleAttribute getInstance(String value) {
+ // Convert "INF" to "Infinity"
+ if (value.endsWith("INF")) {
+ int infIndex = value.lastIndexOf("INF");
+ value = value.substring(0, infIndex) + "Infinity";
+ }
+
+ return new DoubleAttribute(Double.parseDouble(value));
+ }
+
+ /**
+ * Returns the <code>double</code> value represented by this object.
+ *
+ * @return the <code>double</code> value
+ */
+ public double getValue() {
+ return value;
+ }
+
+ /**
+ * Returns true if the input is an instance of this class and if its
+ * value equals the value contained in this class.
+ *
+ * @param o the object to compare
+ *
+ * @return true if this object and the input represent the same value
+ */
+ public boolean equals(Object o) {
+ if (! (o instanceof DoubleAttribute))
+ return false;
+
+ DoubleAttribute other = (DoubleAttribute)o;
+
+ // Handle the NaN case, where Java says NaNs are never
+ // equal and XML Query says they always are
+ if (Double.isNaN(value)) {
+ // this is a NaN, so see if the other is as well
+ if (Double.isNaN(other.value)) {
+ // they're both NaNs, so they're equal
+ return true;
+ } else {
+ // they're not both NaNs, so they're not equal
+ return false;
+ }
+ } else {
+ // not NaNs, so we can do a normal comparison
+ return (value == other.value);
+ }
+ }
+
+ /**
+ * Returns the hashcode value used to index and compare this object with
+ * others of the same type. Typically this is the hashcode of the backing
+ * data object.
+ *
+ * @return the object's hashcode value
+ */
+ public int hashCode() {
+ long v = Double.doubleToLongBits(value);
+ return (int)(v ^ (v >>> 32));
+ }
+
+ /**
+ *
+ */
+ public String encode() {
+ return String.valueOf(value);
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/attr/HexBinaryAttribute.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/attr/HexBinaryAttribute.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/attr/HexBinaryAttribute.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,312 @@
+
+/*
+ * @(#)HexBinaryAttribute.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr;
+
+import com.sun.xacml.ParsingException;
+
+import java.net.URI;
+
+import java.util.Arrays;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * Representation of an xsi:hexBinary value. This class supports parsing
+ * xsi:hexBinary values. All objects of this class are immutable and
+ * all methods of the class are thread-safe.
+ *
+ * @since 1.0
+ * @author Steve Hanna
+ */
+public class HexBinaryAttribute extends AttributeValue
+{
+ /**
+ * Official name of this type
+ */
+ public static final String identifier =
+ "http://www.w3.org/2001/XMLSchema#hexBinary";;
+
+ /**
+ * URI version of name for this type
+ * 
+ * This field is initialized by a static initializer so that
+ * we can catch any exceptions thrown by URI(String) and
+ * transform them into a RuntimeException, since this should
+ * never happen but should be reported properly if it ever does.
+ */
+ private static URI identifierURI;
+
+ /**
+ * RuntimeException that wraps an Exception thrown during the
+ * creation of identifierURI, null if none.
+ */
+ private static RuntimeException earlyException;
+
+ /**
+ * Static initializer that initializes the identifierURI
+ * class field so that we can catch any exceptions thrown
+ * by URI(String) and transform them into a RuntimeException.
+ * Such exceptions should never happen but should be reported
+ * properly if they ever do.
+ */
+ static {
+ try {
+ identifierURI = new URI(identifier);
+ } catch (Exception e) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(e);
+ }
+ };
+
+ /**
+ * The actual binary value that this object represents.
+ */
+ private byte [] value;
+
+ /**
+ * The value returned by toString(). Cached, but only
+ * generated if needed.
+ */
+ private String strValue;
+
+ /**
+ * Creates a new <code>HexBinaryAttribute</code> that represents
+ * the byte [] value supplied.
+ *
+ * @param value the <code>byte []</code> value to be represented
+ */
+ public HexBinaryAttribute(byte [] value) {
+ super(identifierURI);
+
+ // Shouldn't happen, but just in case...
+ if (earlyException != null)
+ throw earlyException;
+
+ // This will throw a NullPointerException if value == null.
+ // That's what we want in that case.
+ this.value = (byte []) value.clone();
+ }
+
+ /**
+ * Returns a new <code>HexBinaryAttribute</code> that represents
+ * the xsi:hexBinary at a particular DOM node.
+ *
+ * @param root the <code>Node</code> that contains the desired value
+ * @return a new <code>HexBinaryAttribute</code> representing the
+ * appropriate value
+ * @exception ParsingException if a parsing error occurs
+ */
+ public static HexBinaryAttribute getInstance(Node root)
+ throws ParsingException {
+ return getInstance(root.getFirstChild().getNodeValue());
+ }
+
+ /**
+ * Returns a new <code>HexBinaryAttribute</code> that represents
+ * the xsi:hexBinary value indicated by the string provided.
+ *
+ * @param value a string representing the desired value
+ * @return a new <code>HexBinaryAttribute</code> representing the
+ * desired value
+ * @exception ParsingException if a parsing error occurs
+ */
+ public static HexBinaryAttribute getInstance(String value)
+ throws ParsingException {
+ byte [] bytes = hexToBin(value);
+
+ if (bytes == null)
+ throw new ParsingException("Couldn't parse purported " +
+ "hex string: " + value);
+
+ return new HexBinaryAttribute(bytes);
+ }
+
+ /**
+ * Returns the <code>byte []</code> value represented by this object.
+ * Note that this value is cloned before returning to prevent
+ * unauthorized modifications.
+ *
+ * @return the <code>byte []</code> value
+ */
+ public byte [] getValue() {
+ return (byte []) value.clone();
+ }
+
+ /**
+ * Returns the hashcode value used to index and compare this object with
+ * others of the same type. Typically this is the hashcode of the backing
+ * data object.
+ *
+ * @return the object's hashcode value
+ */
+ public int hashCode() {
+ int code = (int)(value[0]);
+
+ for (int i = 1; i < value.length; i++) {
+ code *= 31;
+ code += (int)(value[i]);
+ }
+
+ return code;
+ }
+
+ /**
+ * Returns true if the input is an instance of this class and if its
+ * value equals the value contained in this class.
+ *
+ * @param o the object to compare
+ *
+ * @return true if this object and the input represent the same value
+ */
+ public boolean equals(Object o) {
+ if (! (o instanceof HexBinaryAttribute))
+ return false;
+
+ HexBinaryAttribute other = (HexBinaryAttribute)o;
+
+ return Arrays.equals(value, other.value);
+ }
+
+ /**
+ * Return the int value of a hex character. Return -1 if the
+ * character is not a valid hex character.
+ */
+ private static int hexToBinNibble(char c) {
+ int result = -1;
+
+ if ((c >= '0') && (c <= '9'))
+ result = (c - '0');
+ else {
+ if ((c >= 'a') && (c <= 'f'))
+ result = (c - 'a') + 10;
+ else {
+ if ((c >= 'A') && (c <= 'F'))
+ result = (c - 'A') + 10;
+ // else pick up the -1 value set above
+ }
+ }
+ return result;
+ }
+
+ /**
+ * Parse a hex string, returning a new byte array containing the
+ * value. Return null in case of a parsing error.
+ *
+ * @param hex the hex string
+ * @return a new byte array containing the value (or null)
+ */
+ private static byte [] hexToBin(String hex) {
+ int len = hex.length();
+ // Must have an even number of hex digits
+ if (len % 2 != 0)
+ return null;
+ int byteCount = len / 2;
+ byte [] bytes = new byte [byteCount];
+
+ int charIndex = 0;
+ for (int byteIndex = 0; byteIndex < byteCount; byteIndex++) {
+ int hiNibble = hexToBinNibble(hex.charAt(charIndex++));
+ int loNibble = hexToBinNibble(hex.charAt(charIndex++));
+ if ((hiNibble < 0) || (loNibble < 0))
+ return null;
+ bytes[byteIndex] = (byte) (hiNibble * 16 + loNibble);
+ }
+ return bytes;
+ }
+
+ /**
+ * Return the hex character for a particular nibble (half a byte).
+ *
+ * @param nibble a value 0-15
+ * @return hex character for that nibble (using A-F for 10-15)
+ */
+ private static char binToHexNibble(int nibble) {
+ char result = (char) 0;
+
+ if (nibble < 10)
+ result = (char) (nibble + '0');
+ else
+ result = (char) ((nibble - 10) + 'A');
+
+ return result;
+ }
+
+ /**
+ * Return a straight hexadecimal conversion of a byte array.
+ * This is a String containing only hex digits.
+ *
+ * @param bytes the byte array
+ * @return the hex version
+ */
+ private static String binToHex(byte [] bytes) {
+ int byteLength = bytes.length;
+ char [] chars = new char [byteLength * 2];
+ int charIndex = 0;
+
+ for (int byteIndex = 0; byteIndex < byteLength; byteIndex++) {
+ byte b = bytes[byteIndex];
+ chars[charIndex++] = binToHexNibble((b >> 4) & 0xf);
+ chars[charIndex++] = binToHexNibble(b & 0xf);
+ }
+
+ return new String(chars);
+ }
+
+ /**
+ * Returns a String representation.
+ *
+ * @return the String representation
+ */
+ public String toString() {
+ if (strValue == null)
+ strValue = binToHex(value);
+
+ return "HexBinaryAttribute: [\n" + strValue + "]\n";
+ }
+
+ /**
+ *
+ */
+ public String encode() {
+ if (strValue == null)
+ strValue = binToHex(value);
+
+ return strValue;
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/attr/IntegerAttribute.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/attr/IntegerAttribute.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/attr/IntegerAttribute.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,192 @@
+
+/*
+ * @(#)IntegerAttribute.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr;
+
+import java.net.URI;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * Representation of an xs:integer value. This class supports parsing
+ * xs:integer values. All objects of this class are immutable and
+ * all methods of the class are thread-safe.
+ *
+ * @since 1.0
+ * @author Marco Barreno
+ * @author Steve Hanna
+ */
+public class IntegerAttribute extends AttributeValue
+{
+ /**
+ * Official name of this type
+ */
+ public static final String identifier =
+ "http://www.w3.org/2001/XMLSchema#integer";;
+
+ /**
+ * URI version of name for this type
+ * 
+ * This field is initialized by a static initializer so that
+ * we can catch any exceptions thrown by URI(String) and
+ * transform them into a RuntimeException, since this should
+ * never happen but should be reported properly if it ever does.
+ */
+ private static URI identifierURI;
+
+ /**
+ * RuntimeException that wraps an Exception thrown during the
+ * creation of identifierURI, null if none.
+ */
+ private static RuntimeException earlyException;
+
+ /**
+ * Static initializer that initializes the identifierURI
+ * class field so that we can catch any exceptions thrown
+ * by URI(String) and transform them into a RuntimeException.
+ * Such exceptions should never happen but should be reported
+ * properly if they ever do.
+ */
+ static {
+ try {
+ identifierURI = new URI(identifier);
+ } catch (Exception e) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(e);
+ }
+ };
+
+ /**
+ * The actual long value that this object represents.
+ */
+ private long value;
+
+ /**
+ * Creates a new <code>IntegerAttribute</code> that represents
+ * the long value supplied.
+ *
+ * @param value the <code>long</code> value to be represented
+ */
+ public IntegerAttribute(long value) {
+ super(identifierURI);
+
+ // Shouldn't happen, but just in case...
+ if (earlyException != null)
+ throw earlyException;
+
+ this.value = value;
+ }
+
+ /**
+ * Returns a new <code>IntegerAttribute</code> that represents
+ * the xs:integer at a particular DOM node.
+ *
+ * @param root the <code>Node</code> that contains the desired value
+ * @return a new <code>IntegerAttribute</code> representing the
+ * appropriate value (null if there is a parsing error)
+ * @throws NumberFormatException if the string form isn't a number
+ */
+ public static IntegerAttribute getInstance(Node root)
+ throws NumberFormatException
+ {
+ return getInstance(root.getFirstChild().getNodeValue());
+ }
+
+ /**
+ * Returns a new <code>IntegerAttribute</code> that represents
+ * the xs:integer value indicated by the string provided.
+ *
+ * @param value a string representing the desired value
+ * @return a new <code>IntegerAttribute</code> representing the
+ * appropriate value (null if there is a parsing error)
+ * @throws NumberFormatException if the string isn't a number
+ */
+ public static IntegerAttribute getInstance(String value)
+ throws NumberFormatException
+ {
+ // Leading '+' is allowed per XML schema and not
+ // by Long.parseLong. Strip it, if present.
+ if ((value.length() >= 1) && (value.charAt(0) == '+'))
+ value = value.substring(1);
+ return new IntegerAttribute(Long.parseLong(value));
+ }
+
+ /**
+ * Returns the <code>long</code> value represented by this object.
+ *
+ * @return the <code>long</code> value
+ */
+ public long getValue() {
+ return value;
+ }
+
+ /**
+ * Returns true if the input is an instance of this class and if its
+ * value equals the value contained in this class.
+ *
+ * @param o the object to compare
+ *
+ * @return true if this object and the input represent the same value
+ */
+ public boolean equals(Object o) {
+ if (! (o instanceof IntegerAttribute))
+ return false;
+
+ IntegerAttribute other = (IntegerAttribute)o;
+
+ return (value == other.value);
+ }
+
+ /**
+ * Returns the hashcode value used to index and compare this object with
+ * others of the same type. Typically this is the hashcode of the backing
+ * data object.
+ *
+ * @return the object's hashcode value
+ */
+ public int hashCode() {
+ return (int)value;
+ }
+
+ /**
+ *
+ */
+ public String encode() {
+ return String.valueOf(value);
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/attr/RFC822NameAttribute.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/attr/RFC822NameAttribute.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/attr/RFC822NameAttribute.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,187 @@
+
+/*
+ * @(#)RFC822NameAttribute.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr;
+
+import java.net.URI;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * Representation of an rfc822Name (ie, an email address).
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class RFC822NameAttribute extends AttributeValue
+{
+
+ /**
+ * Official name of this type
+ */
+ public static final String identifier =
+ "urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name";
+
+ /**
+ * URI version of name for this type
+ * 
+ * This field is initialized by a static initializer so that
+ * we can catch any exceptions thrown by URI(String) and
+ * transform them into a RuntimeException, since this should
+ * never happen but should be reported properly if it ever does.
+ */
+ private static URI identifierURI;
+
+ /**
+ * RuntimeException that wraps an Exception thrown during the
+ * creation of identifierURI, null if none.
+ */
+ private static RuntimeException earlyException;
+
+ /**
+ * Static initializer that initializes the identifierURI
+ * class field so that we can catch any exceptions thrown
+ * by URI(String) and transform them into a RuntimeException.
+ * Such exceptions should never happen but should be reported
+ * properly if they ever do.
+ */
+ static {
+ try {
+ identifierURI = new URI(identifier);
+ } catch (Exception e) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(e);
+ }
+ };
+
+ // the actual value being stored
+ private String value;
+
+ /**
+ * Creates a new <code>RFC822NameAttribute</code> that represents the
+ * value supplied.
+ *
+ * @param value the email address to be represented
+ */
+ public RFC822NameAttribute(String value) {
+ super(identifierURI);
+
+ // Shouldn't happen, but just in case...
+ if (earlyException != null)
+ throw earlyException;
+
+ // check that the string is an address, ie, that it has one and only
+ // one '@' character in it
+ String [] parts = value.split("@");
+ if (parts.length != 2) {
+ // this is malformed input
+ throw new IllegalArgumentException("invalid RFC822Name: " +
value);
+ }
+
+ // cannonicalize the name
+ this.value = parts[0] + "@" + parts[1].toLowerCase();
+ }
+
+ /**
+ * Returns a new <code>RFC822NameAttribute</code> that represents
+ * the email address at a particular DOM node.
+ *
+ * @param root the <code>Node</code> that contains the desired value
+ * @return a new <code>RFC822NameAttribute</code> representing the
+ * appropriate value
+ */
+ public static RFC822NameAttribute getInstance(Node root) {
+ return getInstance(root.getFirstChild().getNodeValue());
+ }
+
+ /**
+ * Returns a new <code>RFC822NameAttribute</code> that represents
+ * the email address value indicated by the string provided.
+ *
+ * @param value a string representing the desired value
+ * @return a new <code>RFC822NameAttribute</code> representing the
+ * appropriate value
+ */
+ public static RFC822NameAttribute getInstance(String value) {
+ return new RFC822NameAttribute(value);
+ }
+
+ /**
+ * Returns the name value represented by this object
+ *
+ * @return the name
+ */
+ public String getValue() {
+ return value;
+ }
+
+ /**
+ * Returns true if the input is an instance of this class and if its
+ * value equals the value contained in this class.
+ *
+ * @param o the object to compare
+ *
+ * @return true if this object and the input represent the same value
+ */
+ public boolean equals(Object o) {
+ if (! (o instanceof RFC822NameAttribute))
+ return false;
+
+ RFC822NameAttribute other = (RFC822NameAttribute)o;
+
+ return value.equals(other.value);
+ }
+
+ /**
+ * Returns the hashcode value used to index and compare this object with
+ * others of the same type. Typically this is the hashcode of the backing
+ * data object.
+ *
+ * @return the object's hashcode value
+ */
+ public int hashCode() {
+ return value.hashCode();
+ }
+
+ /**
+ *
+ */
+ public String encode() {
+ return value;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/attr/StandardAttributeFactory.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/attr/StandardAttributeFactory.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/attr/StandardAttributeFactory.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,189 @@
+
+/*
+ * @(#)StandardAttributeFactory
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr;
+
+import com.sun.xacml.attr.proxy.AnyURIAttributeProxy;
+import com.sun.xacml.attr.proxy.Base64BinaryAttributeProxy;
+import com.sun.xacml.attr.proxy.BooleanAttributeProxy;
+import com.sun.xacml.attr.proxy.DateAttributeProxy;
+import com.sun.xacml.attr.proxy.DateTimeAttributeProxy;
+import com.sun.xacml.attr.proxy.DayTimeDurationAttributeProxy;
+import com.sun.xacml.attr.proxy.DoubleAttributeProxy;
+import com.sun.xacml.attr.proxy.HexBinaryAttributeProxy;
+import com.sun.xacml.attr.proxy.IntegerAttributeProxy;
+import com.sun.xacml.attr.proxy.RFC822NameAttributeProxy;
+import com.sun.xacml.attr.proxy.StringAttributeProxy;
+import com.sun.xacml.attr.proxy.TimeAttributeProxy;
+import com.sun.xacml.attr.proxy.YearMonthDurationAttributeProxy;
+import com.sun.xacml.attr.proxy.X500NameAttributeProxy;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+
+import java.util.logging.Logger;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * This factory supports the standard set of datatypes specified in XACML
+ * 1.0 and 1.1. It is the default factory used by the system, and imposes
+ * a singleton pattern insuring that there is only ever one instance of
+ * this class.
+ * 
+ * Note that because this supports only the standard datatypes, this
+ * factory does not allow the addition of any other datatypes. If you call
+ * <code>addDatatype</code> on an instance of this class, an exception
+ * will be thrown. If you need a standard factory that is modifiable, you
+ * should create a new <code>BaseAttributeFactory</code> (or some other
+ * <code>AttributeFactory</code>) and configure it with the standard
+ * datatypes using <code>addStandardDatatypes</code> (or, in the case of
+ * <code>BaseAttributeFactory</code>, by providing the datatypes in the
+ * constructor).
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class StandardAttributeFactory extends BaseAttributeFactory
+{
+
+ // the one instance of this factory
+ private static StandardAttributeFactory factoryInstance = null;
+
+ // the datatypes supported by this factory
+ private static Map supportedDatatypes = null;
+
+ // the logger we'll use for all messages
+ private static final Logger logger =
+ Logger.getLogger(StandardAttributeFactory.class.getName());
+
+ /**
+ * Private constructor that sets up proxies for all of the standard
+ * datatypes.
+ */
+ private StandardAttributeFactory() {
+ super(supportedDatatypes);
+ }
+
+ /**
+ * Private initializer for the supported datatypes. This isn't called
+ * until something needs these values, and is only called once.
+ */
+ private static void initDatatypes() {
+ logger.config("Initializing standard datatypes");
+
+ supportedDatatypes = new HashMap();
+
+ supportedDatatypes.put(BooleanAttribute.identifier,
+ new BooleanAttributeProxy());
+ supportedDatatypes.put(StringAttribute.identifier,
+ new StringAttributeProxy());
+ supportedDatatypes.put(DateAttribute.identifier,
+ new DateAttributeProxy());
+ supportedDatatypes.put(TimeAttribute.identifier,
+ new TimeAttributeProxy());
+ supportedDatatypes.put(DateTimeAttribute.identifier,
+ new DateTimeAttributeProxy());
+ supportedDatatypes.put(DayTimeDurationAttribute.identifier,
+ new DayTimeDurationAttributeProxy());
+ supportedDatatypes.put(YearMonthDurationAttribute.identifier,
+ new YearMonthDurationAttributeProxy());
+ supportedDatatypes.put(DoubleAttribute.identifier,
+ new DoubleAttributeProxy());
+ supportedDatatypes.put(IntegerAttribute.identifier,
+ new IntegerAttributeProxy());
+ supportedDatatypes.put(AnyURIAttribute.identifier,
+ new AnyURIAttributeProxy());
+ supportedDatatypes.put(HexBinaryAttribute.identifier,
+ new HexBinaryAttributeProxy());
+ supportedDatatypes.put(Base64BinaryAttribute.identifier,
+ new Base64BinaryAttributeProxy());
+ supportedDatatypes.put(X500NameAttribute.identifier,
+ new X500NameAttributeProxy());
+ supportedDatatypes.put(RFC822NameAttribute.identifier,
+ new RFC822NameAttributeProxy());
+ }
+
+ /**
+ * Returns an instance of this factory. This method enforces a singleton
+ * model, meaning that this always returns the same instance, creating
+ * the factory if it hasn't been requested before. This is the default
+ * model used by the <code>AttributeFactory</code>, ensuring quick
+ * access to this factory.
+ *
+ * @return the factory instance
+ */
+ public static StandardAttributeFactory getFactory() {
+ if (factoryInstance == null) {
+ synchronized (StandardAttributeFactory.class) {
+ if (factoryInstance == null) {
+ initDatatypes();
+ factoryInstance = new StandardAttributeFactory();
+ }
+ }
+ }
+
+ return factoryInstance;
+ }
+
+ /**
+ * Returns the set of datatypes that this standard factory supports.
+ *
+ * @return a <code>Map</code> of <code>String</code> to
+ * <code>AttributeProxy</code>s
+ */
+ public Map getStandardDatatypes() {
+ return Collections.unmodifiableMap(supportedDatatypes);
+ }
+
+ /**
+ * Throws an <code>UnsupportedOperationException</code> since you are not
+ * allowed to modify what a standard factory supports.
+ *
+ * @param id the name of the attribute type
+ * @param proxy the proxy used to create new attributes of the given type
+ *
+ * @throws UnsupportedOperationException always
+ */
+ public void addDatatype(String id, AttributeProxy proxy) {
+ throw new UnsupportedOperationException("a standard factory cannot "
+
+ "support new datatypes");
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/attr/StringAttribute.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/attr/StringAttribute.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/attr/StringAttribute.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,219 @@
+
+/*
+ * @(#)StringAttribute.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr;
+
+import java.net.URI;
+
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+
+/**
+ * Representation of an xs:string value. This class supports parsing
+ * xs:string values. All objects of this class are immutable and
+ * all methods of the class are thread-safe.
+ * 
+ * Note that there is currently some confusion in the XACML specification
+ * about whether this datatype should be able to handle XML elements (ie,
+ * whether <AttributeValue DataType="...string"><foo/>
+ * </AttributeValue> is valid). Until that is clarified the strict
+ * definition of the string datatype is used in this code, which means that
+ * elements are not valid.
+ *
+ * @since 1.0
+ * @author Marco Barreno
+ * @author Seth Proctor
+ * @author Steve Hanna
+ */
+public class StringAttribute extends AttributeValue
+{
+ /**
+ * Official name of this type
+ */
+ public static final String identifier =
+ "http://www.w3.org/2001/XMLSchema#string";;
+
+ /**
+ * URI version of name for this type
+ * 
+ * This field is initialized by a static initializer so that
+ * we can catch any exceptions thrown by URI(String) and
+ * transform them into a RuntimeException, since this should
+ * never happen but should be reported properly if it ever does.
+ */
+ private static URI identifierURI;
+
+ /**
+ * RuntimeException that wraps an Exception thrown during the
+ * creation of identifierURI, null if none.
+ */
+ private static RuntimeException earlyException;
+
+ /**
+ * Static initializer that initializes the identifierURI
+ * class field so that we can catch any exceptions thrown
+ * by URI(String) and transform them into a RuntimeException.
+ * Such exceptions should never happen but should be reported
+ * properly if they ever do.
+ */
+ static {
+ try {
+ identifierURI = new URI(identifier);
+ } catch (Exception e) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(e);
+ }
+ };
+
+ /**
+ * The actual String value that this object represents.
+ */
+ private String value;
+
+ /**
+ * Creates a new <code>StringAttribute</code> that represents
+ * the String value supplied.
+ *
+ * @param value the <code>String</code> value to be represented
+ */
+ public StringAttribute(String value) {
+ super(identifierURI);
+
+ // Shouldn't happen, but just in case...
+ if (earlyException != null)
+ throw earlyException;
+
+ this.value = value;
+ }
+
+ /**
+ * Returns a new <code>StringAttribute</code> that represents
+ * the xs:string at a particular DOM node.
+ *
+ * @param root the <code>Node</code> that contains the desired value
+ * @return a new <code>StringAttribute</code> representing the
+ * appropriate value (null if there is a parsing error)
+ */
+ public static StringAttribute getInstance(Node root) {
+ Node node = root.getFirstChild();
+
+ // Strings are allowed to have an empty AttributeValue element and
are
+ // just treated as empty strings...we have to handle this case
+ if (node == null)
+ return new StringAttribute("");
+
+ // get the type of the node
+ short type = node.getNodeType();
+
+ // now see if we have (effectively) a simple string value
+ if ((type == Node.TEXT_NODE) || (type == Node.CDATA_SECTION_NODE) ||
+ (type == Node.COMMENT_NODE)) {
+ return getInstance(node.getNodeValue());
+ }
+
+ // there is some confusion in the specifications about what should
+ // happen at this point, but the strict reading of the XMLSchema
+ // specification suggests that this should be an error
+ return null;
+ }
+
+ /**
+ * Returns a new <code>StringAttribute</code> that represents
+ * the xs:string value indicated by the <code>String</code> provided.
+ *
+ * @param value a string representing the desired value
+ * @return a new <code>StringAttribute</code> representing the
+ * appropriate value
+ */
+ public static StringAttribute getInstance(String value) {
+ return new StringAttribute(value);
+ }
+
+ /**
+ * Returns the <code>String</code> value represented by this object.
+ *
+ * @return the <code>String</code> value
+ */
+ public String getValue() {
+ return value;
+ }
+
+ /**
+ * Returns true if the input is an instance of this class and if its
+ * value equals the value contained in this class.
+ *
+ * @param o the object to compare
+ *
+ * @return true if this object and the input represent the same value
+ */
+ public boolean equals(Object o) {
+ if (! (o instanceof StringAttribute))
+ return false;
+
+ StringAttribute other = (StringAttribute)o;
+
+ return value.equals(other.value);
+ }
+
+ /**
+ * Returns the hashcode value used to index and compare this object with
+ * others of the same type. Typically this is the hashcode of the backing
+ * data object.
+ *
+ * @return the object's hashcode value
+ */
+ public int hashCode() {
+ return value.hashCode();
+ }
+
+ /**
+ * Converts to a String representation.
+ *
+ * @return the String representation
+ */
+ public String toString() {
+ return "StringAttribute: \"" + value + "\"";
+ }
+
+ /**
+ *
+ */
+ public String encode() {
+ return value;
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/attr/TimeAttribute.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/attr/TimeAttribute.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/attr/TimeAttribute.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,491 @@
+
+/*
+ * @(#)TimeAttribute.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr;
+
+import com.sun.xacml.ParsingException;
+import com.sun.xacml.ProcessingException;
+
+import java.net.URI;
+
+import java.text.ParseException;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.List;
+import java.util.TimeZone;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * Representation of an xs:time value. This class supports parsing
+ * xs:time values. All objects of this class are immutable and
+ * thread-safe. The <code>Date</code> objects returned are not, but
+ * these objects are cloned before being returned.
+ *
+ * @since 1.0
+ * @author Steve Hanna
+ * @author Seth Proctor
+ */
+public class TimeAttribute extends AttributeValue
+{
+ /**
+ * Official name of this type
+ */
+ public static final String identifier =
+ "http://www.w3.org/2001/XMLSchema#time";;
+
+ /**
+ * URI version of name for this type
+ * 
+ * This field is initialized by a static initializer so that
+ * we can catch any exceptions thrown by URI(String) and
+ * transform them into a RuntimeException, since this should
+ * never happen but should be reported properly if it ever does.
+ * 
+ * This object is used for synchronization whenever we need
+ * protection across this whole class.
+ */
+ private static URI identifierURI;
+
+ /**
+ * RuntimeException that wraps an Exception thrown during the
+ * creation of identifierURI, null if none.
+ */
+ private static RuntimeException earlyException;
+
+ /**
+ * Static initializer that initializes the identifierURI
+ * class field so that we can catch any exceptions thrown
+ * by URI(String) and transform them into a RuntimeException.
+ * Such exceptions should never happen but should be reported
+ * properly if they ever do.
+ */
+ static {
+ try {
+ identifierURI = new URI(identifier);
+ } catch (Exception e) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(e);
+ }
+ };
+
+ /**
+ * Time zone value that indicates that the time zone was not
+ * specified.
+ */
+ public static final int TZ_UNSPECIFIED = -1000000;
+
+ /**
+ * The time that this object represents in second resolution, in
+ * milliseconds GMT, with zero being midnight. If no time zone was
+ * specified, the local time zone is used to convert to milliseconds
+ * relative to GMT.
+ */
+ private long timeGMT;
+
+ /**
+ * The number of nanoseconds beyond the time given by the timeGMT
+ * field. The XML Query document says that fractional seconds
+ * must be supported down to at least 100 nanosecond resolution.
+ * The Date class only supports milliseconds, so we include here
+ * support for nanosecond resolution.
+ */
+ private int nanoseconds;
+
+ // NOTE: now that we're not using a Date object, the above two variables
+ // could be condensed, and the interface could be changed so we don't
+ // need to worry about tracking the time values separately
+
+ /**
+ * The time zone specified for this object (or TZ_UNSPECIFIED if
+ * unspecified). The offset to GMT, in minutes.
+ */
+ private int timeZone;
+
+ /**
+ * The time zone actually used for this object (if it was
+ * originally unspecified, the default time zone used).
+ * The offset to GMT, in minutes.
+ */
+ private int defaultedTimeZone;
+
+ /**
+ * Cached encoded value (null if not cached yet).
+ */
+ private String encodedValue = null;
+
+ /**
+ * Creates a new <code>TimeAttribute</code> that represents
+ * the current time in the current time zone.
+ */
+ public TimeAttribute() {
+ super(identifierURI);
+
+ Date currDate = new Date();
+ int currOffset = DateTimeAttribute.getDefaultTZOffset(currDate);
+ init(currDate, 0, currOffset, currOffset);
+ }
+
+ /**
+ * Creates a new <code>TimeAttribute</code> that represents
+ * the time supplied.
+ *
+ * @param date a <code>Date</code> object representing the
+ * specified time down to second resolution. This
+ * date should have a date of 01/01/1970. If it does
+ * not, such a date will be forced. If this object
+ * has non-zero milliseconds, they are combined
+ * with the nanoseconds parameter.
+ * @param nanoseconds the number of nanoseconds beyond the
+ * Date specified in the date parameter
+ * @param timeZone the time zone specified for this object
+ * (or TZ_UNSPECIFIED if unspecified). The
+ * offset to GMT, in minutes.
+ * @param defaultedTimeZone the time zone actually used for this
+ * object, which must be specified.
+ * The offset to GMT, in minutes.
+ */
+ public TimeAttribute(Date date, int nanoseconds, int timeZone,
+ int defaultedTimeZone) {
+ super(identifierURI);
+
+ // if the timezone is unspecified, it's illegal for the defaulted
+ // timezone to also be unspecified
+ if ((timeZone == TZ_UNSPECIFIED) &&
+ (defaultedTimeZone == TZ_UNSPECIFIED))
+ throw new ProcessingException("default timezone must be
specified");
+
+ init(date, nanoseconds, timeZone, defaultedTimeZone);
+ }
+
+ /**
+ * Initialization code shared by constructors.
+ *
+ * @param date a <code>Date</code> object representing the
+ * specified time down to second resolution. This
+ * date should have a date of 01/01/1970. If it does
+ * not, such a date will be forced. If this object
+ * has non-zero milliseconds, they are combined
+ * with the nanoseconds parameter.
+ * @param nanoseconds the number of nanoseconds beyond the
+ * Date specified in the date parameter
+ * @param timeZone the time zone specified for this object
+ * (or TZ_UNSPECIFIED if unspecified). The
+ * offset to GMT, in minutes.
+ * @param defaultedTimeZone the time zone actually used for this
+ * object (if it was originally unspecified,
+ * the default time zone used).
+ * The offset to GMT, in minutes.
+ */
+ private void init(Date date, int nanoseconds, int timeZone,
+ int defaultedTimeZone) {
+
+ // Shouldn't happen, but just in case...
+ if (earlyException != null)
+ throw earlyException;
+
+ // get a temporary copy of the date
+ Date tmpDate = (Date)(date.clone());
+
+ // Combine the nanoseconds so they are between 0 and 999,999,999
+ this.nanoseconds =
+ DateTimeAttribute.combineNanos(tmpDate, nanoseconds);
+
+ // now that the date has been (potentially) updated, store the time
+ this.timeGMT = tmpDate.getTime();
+
+ // keep track of the timezone values
+ this.timeZone = timeZone;
+ this.defaultedTimeZone = defaultedTimeZone;
+
+ // Check that the date is normalized to 1/1/70
+ if ((timeGMT >= DateAttribute.MILLIS_PER_DAY) || (timeGMT < 0)) {
+ timeGMT = timeGMT % DateAttribute.MILLIS_PER_DAY;
+
+ // if we had a negative value then we need to shift by a day
+ if (timeGMT < 0)
+ timeGMT += DateAttribute.MILLIS_PER_DAY;
+ }
+ }
+
+ /**
+ * Returns a new <code>TimeAttribute</code> that represents
+ * the xs:time at a particular DOM node.
+ *
+ * @param root the <code>Node</code> that contains the desired value
+ * @return a new <code>TimeAttribute</code> representing the
+ * appropriate value (null if there is a parsing error)
+ */
+ public static TimeAttribute getInstance(Node root)
+ throws ParsingException, NumberFormatException, ParseException
+ {
+ return getInstance(root.getFirstChild().getNodeValue());
+ }
+
+ /**
+ * Returns a new <code>TimeAttribute</code> that represents
+ * the xs:time value indicated by the string provided.
+ *
+ * @param value a string representing the desired value
+ * @return a new <code>TimeAttribute</code> representing the
+ * desired value (null if there is a parsing error)
+ * @throws ParsingException if any problems occurred while parsing
+ */
+ public static TimeAttribute getInstance(String value)
+ throws ParsingException, NumberFormatException, ParseException
+ {
+ // Prepend date string for Jan 1 1970 and use the
+ // DateTimeAttribute parsing code.
+
+ value = "1970-01-01T" + value;
+
+ DateTimeAttribute dateTime = DateTimeAttribute.getInstance(value);
+
+ // if there was no explicit TZ provided, then we want to make sure
+ // the that the defaulting is done correctly, especially since 1/1/70
+ // is always out of daylight savings time
+
+ Date dateValue = dateTime.getValue();
+ int defaultedTimeZone = dateTime.getDefaultedTimeZone();
+ if (dateTime.getTimeZone() == TZ_UNSPECIFIED) {
+ TimeZone localTZ = TimeZone.getDefault();
+ int newDefTimeZone =
+ DateTimeAttribute.getDefaultTZOffset(new Date());
+ dateValue = new Date(dateValue.getTime() -
+ (newDefTimeZone - defaultedTimeZone) *
+ DateAttribute.MILLIS_PER_MINUTE);
+ defaultedTimeZone = newDefTimeZone;
+ }
+
+ return new TimeAttribute(dateValue,
+ dateTime.getNanoseconds(),
+ dateTime.getTimeZone(),
+ defaultedTimeZone);
+ }
+
+ /**
+ * Gets the time represented by this object. The return
+ * value is a <code>Date</code> object representing the
+ * specified time down to second resolution with a date
+ * of January 1, 1970. Subsecond values are handled by the
+ *
{@link
#getNanoseconds getNanoseconds} method.
+ *
+ * @return a <code>Date</code> object representing the
+ * time represented by this object
+ */
+ public Date getValue() {
+ return new Date(timeGMT);
+ }
+
+ /**
+ * Gets the number of milliseconds since midnight GMT that this attribute
+ * value represents. This is the same time returned by
+ * <code>getValue</code>, and likewise the milliseconds are provided
+ * with second resolution.
+ *
+ * @return milliseconds since midnight GMT
+ */
+ public long getMilliseconds() {
+ return timeGMT;
+ }
+
+ /**
+ * Gets the nanoseconds of this object.
+ *
+ * @return the number of nanoseconds
+ */
+ public int getNanoseconds() {
+ return nanoseconds;
+ }
+
+ /**
+ * Gets the time zone of this object (or TZ_UNSPECIFIED if
+ * unspecified).
+ *
+ * @return the offset to GMT in minutes (positive or negative)
+ */
+ public int getTimeZone() {
+ return timeZone;
+ }
+
+ /**
+ * Gets the time zone actually used for this object (if it was
+ * originally unspecified, the default time zone used).
+ *
+ * @return the offset to GMT in minutes (positive or negative)
+ */
+ public int getDefaultedTimeZone() {
+ return defaultedTimeZone;
+ }
+
+ /**
+ * Returns true if the input is an instance of this class and if its
+ * value equals the value contained in this class.
+ *
+ * @param o the object to compare
+ *
+ * @return true if this object and the input represent the same value
+ */
+ public boolean equals(Object o) {
+ if (! (o instanceof TimeAttribute))
+ return false;
+
+ TimeAttribute other = (TimeAttribute)o;
+
+ return (timeGMT == other.timeGMT &&
+ (nanoseconds == other.nanoseconds));
+ }
+
+ /**
+ * Returns the hashcode value used to index and compare this object with
+ * others of the same type. Typically this is the hashcode of the backing
+ * data object.
+ *
+ * @return the object's hashcode value
+ */
+ public int hashCode() {
+ // the standard Date hashcode is used here...
+ int hashCode = (int)(timeGMT ^ (timeGMT >>> 32));
+
+ // ...but both the timeGMT and the nanoseconds fields are considered
+ // by the equals method, so it's best if the hashCode is derived
+ // from both of those fields.
+ hashCode = (31 * hashCode) + nanoseconds;
+
+ return hashCode;
+ }
+
+ /**
+ * Converts to a String representation.
+ *
+ * @return the String representation
+ */
+ public String toString() {
+ StringBuffer sb = new StringBuffer();
+ sb.append("TimeAttribute: [\n");
+
+ // calculate the GMT value of this time
+ long secsGMT = timeGMT / 1000;
+ long minsGMT = secsGMT / 60;
+ secsGMT = secsGMT % 60;
+ long hoursGMT = minsGMT / 60;
+ minsGMT = minsGMT % 60;
+
+ // put the right number of zeros in place
+ String hoursStr = (hoursGMT < 10) ? "0" + hoursGMT : "" + hoursGMT;
+ String minsStr = (minsGMT < 10) ? "0" + minsGMT : "" + minsGMT;
+ String secsStr = (secsGMT < 10) ? "0" + secsGMT : "" + secsGMT;
+
+ sb.append(" Time GMT: " + hoursStr + ":" + minsStr + ":" + secsStr);
+ sb.append(" Nanoseconds: " + nanoseconds);
+ sb.append(" TimeZone: " + timeZone);
+ sb.append(" Defaulted TimeZone: " + defaultedTimeZone);
+ sb.append("]");
+
+ return sb.toString();
+ }
+
+ /**
+ * Encodes the value in a form suitable for including in XML data like
+ * a request or an obligation. This returns a time value that could in
+ * turn be used by the factory to create a new instance with the same
+ * value.
+ *
+ * @return a <code>String</code> form of the value
+ */
+ public String encode() {
+ if (encodedValue != null)
+ return encodedValue;
+
+ // "hh:mm:ss.sssssssss+hh:mm".length() = 27
+ StringBuffer buf = new StringBuffer(27);
+
+ // get the correct time for the timezone being used
+ int millis = (int)timeGMT;
+ if (timeZone == TZ_UNSPECIFIED)
+ millis += (defaultedTimeZone * DateAttribute.MILLIS_PER_MINUTE);
+ else
+ millis += (timeZone * DateAttribute.MILLIS_PER_MINUTE);
+
+ if (millis < 0) {
+ millis += DateAttribute.MILLIS_PER_DAY;
+ } else if (millis >= DateAttribute.MILLIS_PER_DAY) {
+ millis -= DateAttribute.MILLIS_PER_DAY;
+ }
+
+ // now generate the time string
+ int hour = millis / DateAttribute.MILLIS_PER_HOUR;
+ millis = millis % DateAttribute.MILLIS_PER_HOUR;
+ buf.append(DateAttribute.zeroPadInt(hour, 2));
+ buf.append(':');
+ int minute = millis / DateAttribute.MILLIS_PER_MINUTE;
+ millis = millis % DateAttribute.MILLIS_PER_MINUTE;
+ buf.append(DateAttribute.zeroPadInt(minute, 2));
+ buf.append(':');
+ int second = millis / DateAttribute.MILLIS_PER_SECOND;
+ buf.append(DateAttribute.zeroPadInt(second, 2));
+
+ // add any nanoseconds
+ if (nanoseconds != 0) {
+ buf.append('.');
+ buf.append(DateAttribute.zeroPadInt(nanoseconds, 9));
+ }
+
+ // if there is a specified timezone, then include that in the
encoding
+ if (timeZone != TZ_UNSPECIFIED) {
+ int tzNoSign = timeZone;
+ if (timeZone < 0) {
+ tzNoSign = -tzNoSign;
+ buf.append('-');
+ } else
+ buf.append('+');
+ int tzHours = tzNoSign / 60;
+ buf.append(DateAttribute.zeroPadInt(tzHours, 2));
+ buf.append(':');
+ int tzMinutes = tzNoSign % 60;
+ buf.append(DateAttribute.zeroPadInt(tzMinutes, 2));
+ }
+
+ // remember the encoding for later
+ encodedValue = buf.toString();
+
+ return encodedValue;
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/attr/X500NameAttribute.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/attr/X500NameAttribute.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/attr/X500NameAttribute.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,195 @@
+
+/*
+ * @(#)X500NameAttribute.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr;
+
+import java.net.URI;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * Representation of an X500 Name.
+ *
+ * @since 1.0
+ * @author Marco Barreno
+ * @author Seth Proctor
+ */
+public class X500NameAttribute extends AttributeValue
+{
+
+ /**
+ * Official name of this type
+ */
+ public static final String identifier =
+ "urn:oasis:names:tc:xacml:1.0:data-type:x500Name";
+
+ // the actual value being stored
+ private X500Principal value;
+
+ /**
+ * URI version of name for this type
+ * 
+ * This field is initialized by a static initializer so that
+ * we can catch any exceptions thrown by URI(String) and
+ * transform them into a RuntimeException, since this should
+ * never happen but should be reported properly if it ever does.
+ */
+ private static URI identifierURI;
+
+ /**
+ * RuntimeException that wraps an Exception thrown during the
+ * creation of identifierURI, null if none.
+ */
+ private static RuntimeException earlyException;
+
+ /**
+ * Static initializer that initializes the identifierURI
+ * class field so that we can catch any exceptions thrown
+ * by URI(String) and transform them into a RuntimeException.
+ * Such exceptions should never happen but should be reported
+ * properly if they ever do.
+ */
+ static {
+ try {
+ identifierURI = new URI(identifier);
+ } catch (Exception e) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(e);
+ }
+ };
+
+ /**
+ * Creates a new <code>X500NameAttribute</code> that represents the
+ * value supplied.
+ *
+ * @param value the X500 Name to be represented
+ */
+ public X500NameAttribute(X500Principal value) {
+ super(identifierURI);
+
+ if (earlyException != null)
+ throw earlyException;
+
+ this.value = value;
+ }
+
+ /**
+ * Returns a new <codeX500NameAttribute</code> that represents
+ * the X500 Name at a particular DOM node.
+ *
+ * @param root the <code>Node</code> that contains the desired value
+ * @return a new <code>X500NameAttribute</code> representing the
+ * appropriate value
+ * @throws IllegalArgumentException if value is improperly specified
+ */
+ public static X500NameAttribute getInstance(Node root)
+ throws IllegalArgumentException
+ {
+ return getInstance(root.getFirstChild().getNodeValue());
+ }
+
+ /**
+ * Returns a new <code>X500NameAttribute</code> that represents
+ * the X500 Name value indicated by the string provided.
+ *
+ * @param value a string representing the desired value
+ * @return a new <code>X500NameAttribute</code> representing the
+ * appropriate value
+ * @throws IllegalArgumentException if value is improperly specified
+ */
+ public static X500NameAttribute getInstance(String value)
+ throws IllegalArgumentException
+ {
+ return new X500NameAttribute(new X500Principal(value));
+ }
+
+ /**
+ * Returns the name value represented by this object
+ *
+ * @return the name
+ */
+ public X500Principal getValue() {
+ return value;
+ }
+
+ /**
+ * Returns true if the input is an instance of this class and if its
+ * value equals the value contained in this class. This method
+ * deviates slightly from the XACML spec in the way that it handles
+ * RDNs with multiple attributeTypeAndValue pairs and some
+ * additional canonicalization steps. This method uses
+ * the procedure used by
+ * <code>javax.security.auth.x500.X500Principal.equals()</code>, while
the
+ * XACML spec uses a slightly different procedure. In practice, it is
+ * expected that this difference will not be noticeable. For more
+ * details, refer to the javadoc for <code>X500Principal.equals()</code>
+ * and the XACML specification.
+ *
+ * @param o the object to compare
+ *
+ * @return true if this object and the input represent the same value
+ */
+ public boolean equals(Object o) {
+ if (! (o instanceof X500NameAttribute))
+ return false;
+
+ X500NameAttribute other = (X500NameAttribute)o;
+
+ return value.equals(other.value);
+ }
+
+ /**
+ * Returns the hashcode value used to index and compare this object with
+ * others of the same type. Typically this is the hashcode of the backing
+ * data object.
+ *
+ * @return the object's hashcode value
+ */
+ public int hashCode() {
+ return value.hashCode();
+ }
+
+ /**
+ *
+ */
+ public String encode() {
+ return value.getName();
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/attr/YearMonthDurationAttribute.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/attr/YearMonthDurationAttribute.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/attr/YearMonthDurationAttribute.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,421 @@
+
+/*
+ * @(#)YearMonthDurationAttribute.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr;
+
+import com.sun.xacml.ParsingException;
+
+import java.math.BigInteger;
+
+import java.net.URI;
+
+import java.util.regex.Pattern;
+import java.util.regex.PatternSyntaxException;
+import java.util.regex.Matcher;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * Representation of an xf:yearMonthDuration value. This class supports
parsing
+ * xd:yearMonthDuration values. All objects of this class are immutable and
+ * thread-safe. The <code>Date</code> objects returned are not, but
+ * these objects are cloned before being returned.
+ *
+ * @since 1.0
+ * @author Steve Hanna
+ */
+public class YearMonthDurationAttribute extends AttributeValue
+{
+ /**
+ * Official name of this type
+ */
+ public static final String identifier =
+ "http://www.w3.org/TR/2002/WD-xquery-operators-20020816#"; +
+ "yearMonthDuration";
+
+ /**
+ * URI version of name for this type
+ * 
+ * This field is initialized by a static initializer so that
+ * we can catch any exceptions thrown by URI(String) and
+ * transform them into a RuntimeException, since this should
+ * never happen but should be reported properly if it ever does.
+ */
+ private static URI identifierURI;
+
+ /**
+ * RuntimeException that wraps an Exception thrown during the
+ * creation of identifierURI, null if none.
+ */
+ private static RuntimeException earlyException;
+
+ /**
+ * Static initializer that initializes the identifierURI
+ * class field so that we can catch any exceptions thrown
+ * by URI(String) and transform them into a RuntimeException.
+ * Such exceptions should never happen but should be reported
+ * properly if they ever do.
+ */
+ static {
+ try {
+ identifierURI = new URI(identifier);
+ } catch (Exception e) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(e);
+ }
+ };
+
+ /**
+ * Regular expression for yearMonthDuration (a la java.util.regex)
+ */
+ private static final String patternString =
+ "(\\-)?P((\\d+)?Y)?((\\d+)?M)?";
+
+ /**
+ * The index of the capturing group for the negative sign.
+ */
+ private static final int GROUP_SIGN = 1;
+
+ /**
+ * The index of the capturing group for the number of years.
+ */
+ private static final int GROUP_YEARS = 3;
+
+ /**
+ * The index of the capturing group for the number of months.
+ */
+ private static final int GROUP_MONTHS = 5;
+
+ /**
+ * Static BigInteger values. We only use these if one of
+ * the components is bigger than Integer.MAX_LONG and we
+ * want to detect overflow, so we don't initialize these
+ * until they're needed.
+ */
+ private static BigInteger big12;
+ private static BigInteger bigMaxLong;
+
+ /**
+ * A shared Pattern object, only initialized if needed
+ */
+ private static Pattern pattern;
+
+ /**
+ * Negative flag. true if duration is negative, false otherwise
+ */
+ private boolean negative;
+
+ /**
+ * Number of years
+ */
+ private long years;
+
+ /**
+ * Number of months
+ */
+ private long months;
+
+ /**
+ * Total number of months (used for equals)
+ */
+ private long totalMonths;
+
+ /**
+ * Cached encoded value (null if not cached yet).
+ */
+ private String encodedValue = null;
+
+ /**
+ * Creates a new <code>YearMonthDurationAttribute</code> that represents
+ * the duration supplied.
+ *
+ * @param negative true if the duration is negative, false otherwise
+ * @param years the number of years in the duration (must be positive)
+ * @param months the number of months in the duration (must be positive)
+ * @throws IllegalArgumentException if the total number of months
+ * exceeds Long.MAX_LONG or the number
+ * of months or years is negative
+ */
+ public YearMonthDurationAttribute(boolean negative, long years,
+ long months)
+ throws IllegalArgumentException {
+ super(identifierURI);
+
+ // Shouldn't happen, but just in case...
+ if (earlyException != null)
+ throw earlyException;
+
+ this.negative = negative;
+ this.years = years;
+ this.months = months;
+
+ // Convert all the components except nanoseconds to milliseconds
+
+ // If any of the components is big (too big to be an int),
+ // use the BigInteger class to do the math so we can detect
+ // overflow.
+ if ((years > Integer.MAX_VALUE) || (months > Integer.MAX_VALUE)) {
+ if (big12 == null) {
+ big12 = BigInteger.valueOf(12);
+ bigMaxLong = BigInteger.valueOf(Long.MAX_VALUE);
+ }
+ BigInteger bigMonths = BigInteger.valueOf(months);
+ BigInteger bigYears = BigInteger.valueOf(years);
+
+ BigInteger bigTotal = bigYears.multiply(big12).add(bigMonths);
+
+ // If the result is bigger than Long.MAX_VALUE, we have an
+ // overflow. Indicate an error (should be a processing error,
+ // since it can be argued that we should handle gigantic
+ // values for this).
+ if (bigTotal.compareTo(bigMaxLong) == 1)
+ throw new IllegalArgumentException("total number of " +
+ "months " +
+ "exceeds Long.MAX_VALUE");
+ // If no overflow, convert to a long.
+ totalMonths = bigTotal.longValue();
+ if (negative)
+ totalMonths = - totalMonths;
+ } else {
+ // The numbers are small, so do it the fast way.
+ totalMonths = ((years * 12) + months) * (negative ? -1 : 1);
+ }
+ }
+
+ /**
+ * Returns a new <code>YearMonthDurationAttribute</code> that represents
+ * the xf:yearMonthDuration at a particular DOM node.
+ *
+ * @param root the <code>Node</code> that contains the desired value
+ * @return a new <code>YearMonthDurationAttribute</code> representing the
+ * appropriate value
+ * @throws ParsingException if any problems occurred while parsing
+ */
+ public static YearMonthDurationAttribute getInstance(Node root)
+ throws ParsingException
+ {
+ return getInstance(root.getFirstChild().getNodeValue());
+ }
+
+ /**
+ * Returns the long value for the capturing group groupNumber.
+ * This method takes a Matcher that has been used to match a
+ * Pattern against a String, fetches the value for the specified
+ * capturing group, converts that value to an long, and returns
+ * the value. If that group did not match, 0 is returned.
+ * If the matched value is not a valid long, NumberFormatException
+ * is thrown.
+ *
+ * @param matcher the Matcher from which to fetch the group
+ * @param groupNumber the group number to fetch
+ * @return the long value for that groupNumber
+ * @throws NumberFormatException if the string value for that
+ * groupNumber is not a valid long
+ */
+ private static long parseGroup(Matcher matcher, int groupNumber)
+ throws NumberFormatException {
+ long groupLong = 0;
+
+ if (matcher.start(groupNumber) != -1) {
+ String groupString = matcher.group(groupNumber);
+ groupLong = Long.parseLong(groupString);
+ }
+ return groupLong;
+ }
+
+ /**
+ * Returns a new <code>YearMonthDurationAttribute</code> that represents
+ * the xf:yearMonthDuration value indicated by the string provided.
+ *
+ * @param value a string representing the desired value
+ *
+ * @return a new <code>YearMonthDurationAttribute</code> representing the
+ * desired value
+ *
+ * @throws ParsingException if any problems occurred while parsing
+ */
+ public static YearMonthDurationAttribute getInstance(String value)
+ throws ParsingException
+ {
+ boolean negative = false;
+ long years = 0;
+ long months = 0;
+
+ // Compile the pattern, if not already done.
+ if (pattern == null) {
+ try {
+ pattern = Pattern.compile(patternString);
+ } catch (PatternSyntaxException e) {
+ // This should never happen
+ throw new ParsingException("unexpected pattern syntax
error");
+ }
+ }
+
+ // See if the value matches the pattern.
+ Matcher matcher = pattern.matcher(value);
+ boolean matches = matcher.matches();
+
+ // If not, syntax error!
+ if (!matches) {
+ throw new ParsingException("Syntax error in yearMonthDuration");
+ }
+
+ // If the negative group matched, the value is negative.
+ if (matcher.start(GROUP_SIGN) != -1)
+ negative = true;
+
+ try {
+ // If the years group matched, parse that value.
+ years = parseGroup(matcher, GROUP_YEARS);
+
+ // If the months group matched, parse that value.
+ months = parseGroup(matcher, GROUP_MONTHS);
+ } catch (NumberFormatException e) {
+ // If we run into a number that's too big to be a long
+ // that's an error. Really, it's a processing error,
+ // since one can argue that we should handle that.
+ throw new ParsingException("Unable to handle number size");
+ }
+
+ // If parsing went OK, create a new YearMonthDurationAttribute
+ // object and return it.
+ return new YearMonthDurationAttribute(negative, years, months);
+ }
+
+ /**
+ * Returns true if the duration is negative.
+ *
+ * @return true if the duration is negative, false otherwise
+ */
+ public boolean isNegative() {
+ return negative;
+ }
+
+ /**
+ * Gets the number of years.
+ *
+ * @return the number of years
+ */
+ public long getYears() {
+ return years;
+ }
+
+ /**
+ * Gets the number of months.
+ *
+ * @return the number of months
+ */
+ public long getMonths() {
+ return months;
+ }
+
+ /**
+ * Returns true if the input is an instance of this class and if its
+ * value equals the value contained in this class.
+ *
+ * @param o the object to compare
+ *
+ * @return true if this object and the input represent the same value
+ */
+ public boolean equals(Object o) {
+ if (! (o instanceof YearMonthDurationAttribute))
+ return false;
+
+ YearMonthDurationAttribute other = (YearMonthDurationAttribute)o;
+
+ return (totalMonths == other.totalMonths);
+ }
+
+ /**
+ * Returns the hashcode value used to index and compare this object with
+ * others of the same type. Typically this is the hashcode of the backing
+ * data object.
+ *
+ * @return the object's hashcode value
+ */
+ public int hashCode() {
+ return (int) totalMonths ^ (int) (totalMonths >> 32);
+ }
+
+ /**
+ * Converts to a String representation.
+ *
+ * @return the String representation
+ */
+ public String toString() {
+ StringBuffer sb = new StringBuffer();
+ sb.append("YearMonthDurationAttribute: [\n");
+ sb.append(" Negative: " + negative);
+ sb.append(" Years: " + years);
+ sb.append(" Months: " + months);
+ sb.append("]");
+
+ return sb.toString();
+ }
+
+ /**
+ * Encodes the value in a form suitable for including in XML data like
+ * a request or an obligation. This must return a value that could in
+ * turn be used by the factory to create a new instance with the same
+ * value.
+ *
+ * @return a <code>String</code> form of the value
+ */
+ public String encode() {
+ if (encodedValue != null)
+ return encodedValue;
+
+ // Length is variable
+ StringBuffer buf = new StringBuffer(10);
+
+ if (negative)
+ buf.append('-');
+ buf.append('P');
+ if ((years != 0) || (months == 0)) {
+ buf.append(Long.toString(years));
+ buf.append('Y');
+ }
+ if (months != 0) {
+ buf.append(Long.toString(months));
+ buf.append('M');
+ }
+
+ encodedValue = buf.toString();
+
+ return encodedValue;
+ }
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/attr/package.html
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/attr/package.html
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/attr/package.html
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,7 @@
+<body>
+ Contains many of the classes related to attributes and attribute
+ retrieval. This package contains the base class for all attributes, as
+ well as implementations of all of the standard attribute types. The
+ AttributeDesignatorType and the AttributeSelectorType are also
+ represented here.
+</body>

Added:
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/AnyURIAttributeProxy.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/AnyURIAttributeProxy.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/AnyURIAttributeProxy.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,64 @@
+
+/*
+ * @(#)AnyURIAttributeProxy.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr.proxy;
+
+import com.sun.xacml.attr.AnyURIAttribute;
+import com.sun.xacml.attr.AttributeProxy;
+import com.sun.xacml.attr.AttributeValue;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * A proxy class that is provided mainly for the run-time configuration
+ * code to use.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class AnyURIAttributeProxy implements AttributeProxy
+{
+
+ public AttributeValue getInstance(Node root) throws Exception {
+ return AnyURIAttribute.getInstance(root);
+ }
+
+ public AttributeValue getInstance(String value) throws Exception {
+ return AnyURIAttribute.getInstance(value);
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/Base64BinaryAttributeProxy.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/Base64BinaryAttributeProxy.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/Base64BinaryAttributeProxy.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,64 @@
+
+/*
+ * @(#)Base64BinaryAttributeProxy.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr.proxy;
+
+import com.sun.xacml.attr.AttributeProxy;
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.Base64BinaryAttribute;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * A proxy class that is provided mainly for the run-time configuration
+ * code to use.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class Base64BinaryAttributeProxy implements AttributeProxy
+{
+
+ public AttributeValue getInstance(Node root) throws Exception {
+ return Base64BinaryAttribute.getInstance(root);
+ }
+
+ public AttributeValue getInstance(String value) throws Exception {
+ return Base64BinaryAttribute.getInstance(value);
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/BooleanAttributeProxy.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/BooleanAttributeProxy.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/BooleanAttributeProxy.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,64 @@
+
+/*
+ * @(#)BooleanAttributeProxy.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr.proxy;
+
+import com.sun.xacml.attr.AttributeProxy;
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.BooleanAttribute;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * A proxy class that is provided mainly for the run-time configuration
+ * code to use.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class BooleanAttributeProxy implements AttributeProxy
+{
+
+ public AttributeValue getInstance(Node root) throws Exception {
+ return BooleanAttribute.getInstance(root);
+ }
+
+ public AttributeValue getInstance(String value) throws Exception {
+ return BooleanAttribute.getInstance(value);
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/DateAttributeProxy.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/DateAttributeProxy.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/DateAttributeProxy.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,64 @@
+
+/*
+ * @(#)DateAttributeProxy.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr.proxy;
+
+import com.sun.xacml.attr.AttributeProxy;
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.DateAttribute;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * A proxy class that is provided mainly for the run-time configuration
+ * code to use.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class DateAttributeProxy implements AttributeProxy
+{
+
+ public AttributeValue getInstance(Node root) throws Exception {
+ return DateAttribute.getInstance(root);
+ }
+
+ public AttributeValue getInstance(String value) throws Exception {
+ return DateAttribute.getInstance(value);
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/DateTimeAttributeProxy.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/DateTimeAttributeProxy.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/DateTimeAttributeProxy.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,64 @@
+
+/*
+ * @(#)DateTimeAttributeProxy.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr.proxy;
+
+import com.sun.xacml.attr.AttributeProxy;
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.DateTimeAttribute;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * A proxy class that is provided mainly for the run-time configuration
+ * code to use.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class DateTimeAttributeProxy implements AttributeProxy
+{
+
+ public AttributeValue getInstance(Node root) throws Exception {
+ return DateTimeAttribute.getInstance(root);
+ }
+
+ public AttributeValue getInstance(String value) throws Exception {
+ return DateTimeAttribute.getInstance(value);
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/DayTimeDurationAttributeProxy.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/DayTimeDurationAttributeProxy.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/DayTimeDurationAttributeProxy.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,64 @@
+
+/*
+ * @(#)DayTimeDurationAttributeProxy.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr.proxy;
+
+import com.sun.xacml.attr.AttributeProxy;
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.DayTimeDurationAttribute;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * A proxy class that is provided mainly for the run-time configuration
+ * code to use.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class DayTimeDurationAttributeProxy implements AttributeProxy
+{
+
+ public AttributeValue getInstance(Node root) throws Exception {
+ return DayTimeDurationAttribute.getInstance(root);
+ }
+
+ public AttributeValue getInstance(String value) throws Exception {
+ return DayTimeDurationAttribute.getInstance(value);
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/DoubleAttributeProxy.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/DoubleAttributeProxy.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/DoubleAttributeProxy.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,64 @@
+
+/*
+ * @(#)DoubleAttributeProxy.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr.proxy;
+
+import com.sun.xacml.attr.AttributeProxy;
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.DoubleAttribute;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * A proxy class that is provided mainly for the run-time configuration
+ * code to use.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class DoubleAttributeProxy implements AttributeProxy
+{
+
+ public AttributeValue getInstance(Node root) throws Exception {
+ return DoubleAttribute.getInstance(root);
+ }
+
+ public AttributeValue getInstance(String value) throws Exception {
+ return DoubleAttribute.getInstance(value);
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/HexBinaryAttributeProxy.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/HexBinaryAttributeProxy.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/HexBinaryAttributeProxy.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,64 @@
+
+/*
+ * @(#)HexBinaryAttributeProxy.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr.proxy;
+
+import com.sun.xacml.attr.AttributeProxy;
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.HexBinaryAttribute;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * A proxy class that is provided mainly for the run-time configuration
+ * code to use.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class HexBinaryAttributeProxy implements AttributeProxy
+{
+
+ public AttributeValue getInstance(Node root) throws Exception {
+ return HexBinaryAttribute.getInstance(root);
+ }
+
+ public AttributeValue getInstance(String value) throws Exception {
+ return HexBinaryAttribute.getInstance(value);
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/IntegerAttributeProxy.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/IntegerAttributeProxy.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/IntegerAttributeProxy.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,64 @@
+
+/*
+ * @(#)IntegerAttributeProxy.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr.proxy;
+
+import com.sun.xacml.attr.AttributeProxy;
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.IntegerAttribute;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * A proxy class that is provided mainly for the run-time configuration
+ * code to use.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class IntegerAttributeProxy implements AttributeProxy
+{
+
+ public AttributeValue getInstance(Node root) throws Exception {
+ return IntegerAttribute.getInstance(root);
+ }
+
+ public AttributeValue getInstance(String value) throws Exception {
+ return IntegerAttribute.getInstance(value);
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/RFC822NameAttributeProxy.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/RFC822NameAttributeProxy.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/RFC822NameAttributeProxy.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,64 @@
+
+/*
+ * @(#)RFC822NameAttributeProxy.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr.proxy;
+
+import com.sun.xacml.attr.AttributeProxy;
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.RFC822NameAttribute;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * A proxy class that is provided mainly for the run-time configuration
+ * code to use.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class RFC822NameAttributeProxy implements AttributeProxy
+{
+
+ public AttributeValue getInstance(Node root) throws Exception {
+ return RFC822NameAttribute.getInstance(root);
+ }
+
+ public AttributeValue getInstance(String value) throws Exception {
+ return RFC822NameAttribute.getInstance(value);
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/StringAttributeProxy.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/StringAttributeProxy.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/StringAttributeProxy.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,64 @@
+
+/*
+ * @(#)StringAttributeProxy.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr.proxy;
+
+import com.sun.xacml.attr.AttributeProxy;
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.StringAttribute;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * A proxy class that is provided mainly for the run-time configuration
+ * code to use.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class StringAttributeProxy implements AttributeProxy
+{
+
+ public AttributeValue getInstance(Node root) {
+ return StringAttribute.getInstance(root);
+ }
+
+ public AttributeValue getInstance(String value) {
+ return StringAttribute.getInstance(value);
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/TimeAttributeProxy.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/TimeAttributeProxy.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/TimeAttributeProxy.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,64 @@
+
+/*
+ * @(#)TimeAttributeProxy.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr.proxy;
+
+import com.sun.xacml.attr.AttributeProxy;
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.TimeAttribute;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * A proxy class that is provided mainly for the run-time configuration
+ * code to use.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class TimeAttributeProxy implements AttributeProxy
+{
+
+ public AttributeValue getInstance(Node root) throws Exception {
+ return TimeAttribute.getInstance(root);
+ }
+
+ public AttributeValue getInstance(String value) throws Exception {
+ return TimeAttribute.getInstance(value);
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/X500NameAttributeProxy.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/X500NameAttributeProxy.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/X500NameAttributeProxy.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,64 @@
+
+/*
+ * @(#)X500NameAttributeProxy.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr.proxy;
+
+import com.sun.xacml.attr.AttributeProxy;
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.X500NameAttribute;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * A proxy class that is provided mainly for the run-time configuration
+ * code to use.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class X500NameAttributeProxy implements AttributeProxy
+{
+
+ public AttributeValue getInstance(Node root) throws Exception {
+ return X500NameAttribute.getInstance(root);
+ }
+
+ public AttributeValue getInstance(String value) throws Exception {
+ return X500NameAttribute.getInstance(value);
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/YearMonthDurationAttributeProxy.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/YearMonthDurationAttributeProxy.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/YearMonthDurationAttributeProxy.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,64 @@
+
+/*
+ * @(#)YearMonthDurationAttributeProxy.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.attr.proxy;
+
+import com.sun.xacml.attr.AttributeProxy;
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.YearMonthDurationAttribute;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * A proxy class that is provided mainly for the run-time configuration
+ * code to use.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class YearMonthDurationAttributeProxy implements AttributeProxy
+{
+
+ public AttributeValue getInstance(Node root) throws Exception {
+ return YearMonthDurationAttribute.getInstance(root);
+ }
+
+ public AttributeValue getInstance(String value) throws Exception {
+ return YearMonthDurationAttribute.getInstance(value);
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/package.html
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/package.html
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/attr/proxy/package.html
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,8 @@
+<body>
+ This package defines proxy classes for all of the standard
+ datatypes. This package was introduced in version 1.2 with the new
+ run-time configuration code, which needs concrete proxy classes to add
+ datatype support to a factory. Before 1.2, the
+ <code>AttributeFactory</code> used annonymous classes to cut down on
+ the total number of files in this project.
+</body>

Added:
branches/authRengine/sunxacml/com/sun/xacml/combine/BaseCombiningAlgFactory.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/combine/BaseCombiningAlgFactory.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/combine/BaseCombiningAlgFactory.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,157 @@
+
+/*
+ * @(#)BaseCombiningAlgFactory.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.combine;
+
+import com.sun.xacml.UnknownIdentifierException;
+
+import java.net.URI;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Set;
+
+
+/**
+ * This is a basic implementation of <code>CombiningAlgFactory</code>. It
+ * implements the insertion and retrieval methods, but doesn't actually
+ * setup the factory with any algorithms.
+ * 
+ * Note that while this class is thread-safe on all creation methods, it
+ * is not safe to add support for a new algorithm while creating an instance
+ * of an algorithm. This follows from the assumption that most people will
+ * initialize these factories up-front, and then start processing without
+ * ever modifying the factories. If you need these mutual operations to
+ * be thread-safe, then you should write a wrapper class that implements
+ * the right synchronization.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class BaseCombiningAlgFactory extends CombiningAlgFactory
+{
+
+ // the map of available combining algorithms
+ private HashMap algMap;
+
+ /**
+ * Default constructor.
+ */
+ public BaseCombiningAlgFactory() {
+ algMap = new HashMap();
+ }
+
+ /**
+ * Constructor that configures this factory with an initial set of
+ * supported algorithms.
+ *
+ * @param algorithms a <code>Set</code> of
+ * </code>CombiningAlgorithm</code>s
+ *
+ * @throws IllegalArgumentException if any elements of the set are not
+ * </code>CombiningAlgorithm</code>s
+ */
+ public BaseCombiningAlgFactory(Set algorithms) {
+ algMap = new HashMap();
+
+ Iterator it = algorithms.iterator();
+ while (it.hasNext()) {
+ try {
+ CombiningAlgorithm alg = (CombiningAlgorithm)(it.next());
+ algMap.put(alg.getIdentifier().toString(), alg);
+ } catch (ClassCastException cce) {
+ throw new IllegalArgumentException("an element of the set " +
+ "was not an instance of "
+
+ "CombiningAlgorithm");
+ }
+ }
+ }
+
+ /**
+ * Adds a combining algorithm to the factory. This single instance will
+ * be returned to anyone who asks the factory for an algorithm with the
+ * id given here.
+ *
+ * @param alg the combining algorithm to add
+ *
+ * @throws IllegalArgumentException if the algId is already registered
+ */
+ public void addAlgorithm(CombiningAlgorithm alg) {
+ String algId = alg.getIdentifier().toString();
+
+ // check that the id doesn't already exist in the factory
+ if (algMap.containsKey(algId))
+ throw new IllegalArgumentException("algorithm already
registered: "
+ + algId);
+
+ // add the algorithm
+ algMap.put(algId, alg);
+ }
+
+ /**
+ * Returns the algorithm identifiers supported by this factory.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public Set getSupportedAlgorithms() {
+ return Collections.unmodifiableSet(algMap.keySet());
+ }
+
+ /**
+ * Tries to return the correct combinging algorithm based on the
+ * given algorithm ID.
+ *
+ * @param algId the identifier by which the algorithm is known
+ *
+ * @return a combining algorithm
+ *
+ * @throws UnknownIdentifierException algId is unknown
+ */
+ public CombiningAlgorithm createAlgorithm(URI algId)
+ throws UnknownIdentifierException
+ {
+ String id = algId.toString();
+
+ if (algMap.containsKey(id)) {
+ return (CombiningAlgorithm)(algMap.get(algId.toString()));
+ } else {
+ throw new UnknownIdentifierException("unknown combining algId: "
+ + id);
+ }
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/combine/CombiningAlgFactory.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/combine/CombiningAlgFactory.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/combine/CombiningAlgFactory.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,175 @@
+
+/*
+ * @(#)CombiningAlgFactory.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.combine;
+
+import com.sun.xacml.UnknownIdentifierException;
+
+import java.net.URI;
+
+import java.util.Set;
+
+
+/**
+ * Provides a factory mechanism for installing and retrieving combining
+ * algorithms.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public abstract class CombiningAlgFactory
+{
+
+ // the proxy used to get the default factory
+ private static CombiningAlgFactoryProxy defaultFactoryProxy;
+
+ /**
+ * static intialiazer that sets up the default factory proxy
+ * NOTE: this will change when the right setup mechanism is in place
+ */
+ static {
+ defaultFactoryProxy = new CombiningAlgFactoryProxy() {
+ public CombiningAlgFactory getFactory() {
+ return StandardCombiningAlgFactory.getFactory();
+ }
+ };
+ };
+
+ /**
+ * Default constructor. Used only by subclasses.
+ */
+ protected CombiningAlgFactory() {
+
+ }
+
+ /**
+ * Returns the default factory. Depending on the default factory's
+ * implementation, this may return a singleton instance or new instances
+ * with each invokation.
+ *
+ * @return the default <code>CombiningAlgFactory</code>
+ */
+ public static final CombiningAlgFactory getInstance() {
+ return defaultFactoryProxy.getFactory();
+ }
+
+ /**
+ * Sets the default factory. Note that this is just a placeholder for
+ * now, and will be replaced with a more useful mechanism soon.
+ */
+ public static final void setDefaultFactory(CombiningAlgFactoryProxy
proxy)
+ {
+ defaultFactoryProxy = proxy;
+ }
+
+ /**
+ * Adds a combining algorithm to the factory. This single instance will
+ * be returned to anyone who asks the factory for an algorithm with the
+ * id given here.
+ *
+ * @param alg the combining algorithm to add
+ *
+ * @throws IllegalArgumentException if the algorithm is already
registered
+ */
+ public abstract void addAlgorithm(CombiningAlgorithm alg);
+
+ /**
+ * Adds a combining algorithm to the factory. This single instance will
+ * be returned to anyone who asks the factory for an algorithm with the
+ * id given here.
+ *
+ * @deprecated As of version 1.2, replaced by
+ *
{@link
#addAlgorithm(CombiningAlgorithm)}.
+ * The new factory system requires you to get a factory
+ * instance and then call the non-static methods on that
+ * factory. The static versions of these methods have been
+ * left in for now, but are slower and will be removed in
+ * a future version.
+ *
+ * @param alg the combining algorithm to add
+ *
+ * @throws IllegalArgumentException if the algorithm is already
registered
+ */
+ public static void addCombiningAlg(CombiningAlgorithm alg) {
+ getInstance().addAlgorithm(alg);
+ }
+
+ /**
+ * Returns the algorithm identifiers supported by this factory.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public abstract Set getSupportedAlgorithms();
+
+ /**
+ * Tries to return the correct combinging algorithm based on the
+ * given algorithm ID.
+ *
+ * @param algId the identifier by which the algorithm is known
+ *
+ * @return a combining algorithm
+ *
+ * @throws UnknownIdentifierException algId is unknown
+ */
+ public abstract CombiningAlgorithm createAlgorithm(URI algId)
+ throws UnknownIdentifierException;
+
+ /**
+ * Tries to return the correct combinging algorithm based on the
+ * given algorithm ID.
+ *
+ * @deprecated As of version 1.2, replaced by
+ *
{@link
#createAlgorithm(URI)}.
+ * The new factory system requires you to get a factory
+ * instance and then call the non-static methods on that
+ * factory. The static versions of these methods have been
+ * left in for now, but are slower and will be removed in
+ * a future version.
+ *
+ * @param algId the identifier by which the algorithm is known
+ *
+ * @return a combining algorithm
+ *
+ * @throws UnknownIdentifierException algId is unknown
+ */
+ public static CombiningAlgorithm createCombiningAlg(URI algId)
+ throws UnknownIdentifierException
+ {
+ return getInstance().createAlgorithm(algId);
+ }
+
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/combine/CombiningAlgFactoryProxy.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/combine/CombiningAlgFactoryProxy.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/combine/CombiningAlgFactoryProxy.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,58 @@
+
+/*
+ * @(#)CombiningAlgFactoryProxy.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.combine;
+
+
+/**
+ * A simple proxy interface used to install new
+ * <code>CombiningAlgFactory</code>s.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public interface CombiningAlgFactoryProxy
+{
+
+ /**
+ * Returns an instance of the <code>CombiningAlgFactory</code> for which
+ * this is a proxy.
+ *
+ * @return a <code>CombiningAlgFactory</code> instance
+ */
+ public CombiningAlgFactory getFactory();
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/combine/CombiningAlgorithm.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/combine/CombiningAlgorithm.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/combine/CombiningAlgorithm.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,90 @@
+
+/*
+ * @(#)CombiningAlgorithm.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.combine;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.ctx.Result;
+
+import java.net.URI;
+
+import java.util.List;
+
+
+/**
+ * The base type for all combining algorithms. It provides one method that
+ * must be implemented.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public abstract class CombiningAlgorithm
+{
+
+ // the identifier for the algorithm
+ private URI identifier;
+
+ /**
+ * Constructor that takes the algorithm's identifier.
+ *
+ * @param identifier the algorithm's identifier
+ */
+ public CombiningAlgorithm(URI identifier) {
+ this.identifier = identifier;
+ }
+
+ /**
+ * Combines the inputs based on the context to produce some unified
+ * result. This is the one function of a combining algorithm.
+ *
+ * @param context the representation of the request
+ * @param inputs the things to combine (policies or rules)
+ *
+ * @return a single unified result based on the combining logic
+ */
+ public abstract Result combine(EvaluationCtx context, List inputs);
+
+ /**
+ * Returns the identifier for this algorithm.
+ *
+ * @return the algorithm's identifier
+ */
+ public URI getIdentifier() {
+ return identifier;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/combine/DenyOverridesPolicyAlg.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/combine/DenyOverridesPolicyAlg.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/combine/DenyOverridesPolicyAlg.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,163 @@
+
+/*
+ * @(#)DenyOverridesPolicyAlg.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.combine;
+
+import com.sun.xacml.AbstractPolicy;
+import com.sun.xacml.EvaluationCtx;
+import com.sun.xacml.MatchResult;
+
+import com.sun.xacml.ctx.Result;
+import com.sun.xacml.ctx.Status;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+
+/**
+ * This is the standard Deny Overrides policy combining algorithm. It
+ * allows a single evaluation of Deny to take precedence over any number
+ * of permit, not applicable or indeterminate results. Note that since
+ * this implementation does an ordered evaluation, this class also
+ * supports the Ordered Deny Overrides algorithm.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class DenyOverridesPolicyAlg extends PolicyCombiningAlgorithm
+{
+
+ /**
+ * The standard URN used to identify this algorithm
+ */
+ public static final String algId =
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:" +
+ "deny-overrides";
+
+ // a URI form of the identifier
+ private static URI identifierURI;
+ // exception if the URI was invalid, which should never be a problem
+ private static RuntimeException earlyException;
+
+ static {
+ try {
+ identifierURI = new URI(algId);
+ } catch (URISyntaxException se) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(se);
+ }
+ }
+
+ /**
+ * Standard constructor.
+ */
+ public DenyOverridesPolicyAlg() {
+ super(identifierURI);
+
+ if (earlyException != null)
+ throw earlyException;
+ }
+
+ /**
+ * Protected constructor used by the ordered version of this algorithm.
+ *
+ * @param identifier the algorithm's identifier
+ */
+ protected DenyOverridesPolicyAlg(URI identifier) {
+ super(identifier);
+ }
+
+ /**
+ * Applies the combining rule to the set of policies based on the
+ * evaluation context.
+ *
+ * @param context the context from the request
+ * @param policies the policies to combine
+ *
+ * @return the result of running the combining algorithm
+ */
+ public Result combine(EvaluationCtx context, List policies) {
+ boolean atLeastOnePermit = false;
+ Set permitObligations = new HashSet();
+ Iterator it = policies.iterator();
+
+ while (it.hasNext()) {
+ AbstractPolicy policy = (AbstractPolicy)(it.next());
+
+ // make sure that the policy matches the context
+ MatchResult match = policy.match(context);
+
+ if (match.getResult() == MatchResult.INDETERMINATE)
+ return new Result(Result.DECISION_DENY,
+ context.getResourceId().encode());
+
+ if (match.getResult() == MatchResult.MATCH) {
+ // evaluate the policy
+ Result result = policy.evaluate(context);
+ int effect = result.getDecision();
+
+ // unlike in the RuleCombining version of this alg, we always
+ // return DENY if any Policy returns DENY or INDETERMINATE
+ if ((effect == Result.DECISION_DENY) ||
+ (effect == Result.DECISION_INDETERMINATE))
+ return new Result(Result.DECISION_DENY,
+ context.getResourceId().encode(),
+ result.getObligations());
+
+ // remember if at least one Policy said PERMIT
+ if (effect == Result.DECISION_PERMIT) {
+ atLeastOnePermit = true;
+ permitObligations.addAll(result.getObligations());
+ }
+ }
+ }
+
+ // if we got a PERMIT, return it, otherwise it's NOT_APPLICABLE
+ if (atLeastOnePermit)
+ return new Result(Result.DECISION_PERMIT,
+ context.getResourceId().encode(),
+ permitObligations);
+ else
+ return new Result(Result.DECISION_NOT_APPLICABLE,
+ context.getResourceId().encode());
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/combine/DenyOverridesRuleAlg.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/combine/DenyOverridesRuleAlg.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/combine/DenyOverridesRuleAlg.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,176 @@
+
+/*
+ * @(#)DenyOverridesRuleAlg.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.combine;
+
+import com.sun.xacml.EvaluationCtx;
+import com.sun.xacml.Rule;
+
+import com.sun.xacml.ctx.Result;
+import com.sun.xacml.ctx.Status;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import java.util.Iterator;
+import java.util.List;
+
+
+/**
+ * This is the standard Deny Overrides rule combining algorithm. It
+ * allows a single evaluation of Deny to take precedence over any number
+ * of permit, not applicable or indeterminate results. Note that since
+ * this implementation does an ordered evaluation, this class also
+ * supports the Ordered Deny Overrides algorithm.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class DenyOverridesRuleAlg extends RuleCombiningAlgorithm
+{
+
+ /**
+ * The standard URN used to identify this algorithm
+ */
+ public static final String algId =
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:" +
+ "deny-overrides";
+
+ // a URI form of the identifier
+ private static URI identifierURI;
+ // exception if the URI was invalid, which should never be a problem
+ private static RuntimeException earlyException;
+
+ static {
+ try {
+ identifierURI = new URI(algId);
+ } catch (URISyntaxException se) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(se);
+ }
+ }
+
+ /**
+ * Standard constructor.
+ */
+ public DenyOverridesRuleAlg() {
+ super(identifierURI);
+
+ if (earlyException != null)
+ throw earlyException;
+ }
+
+ /**
+ * Protected constructor used by the ordered version of this algorithm.
+ *
+ * @param identifier the algorithm's identifier
+ */
+ protected DenyOverridesRuleAlg(URI identifier) {
+ super(identifier);
+ }
+
+ /**
+ * Applies the combining rule to the set of rules based on the
+ * evaluation context.
+ *
+ * @param context the context from the request
+ * @param rules the rules to combine
+ *
+ * @return the result of running the combining algorithm
+ */
+ public Result combine(EvaluationCtx context, List rules) {
+ boolean atLeastOneError = false;
+ boolean potentialDeny = false;
+ boolean atLeastOnePermit = false;
+ Result firstIndeterminateResult = null;
+ Iterator it = rules.iterator();
+
+ while (it.hasNext()) {
+ Rule rule = (Rule)(it.next());
+ Result result = rule.evaluate(context);
+ int value = result.getDecision();
+
+ // if there was a value of DENY, then regardless of what else
+ // we've seen, we always return DENY
+ if (value == Result.DECISION_DENY)
+ return result;
+
+ // if it was INDETERMINATE, then we couldn't figure something
+ // out, so we keep track of these cases...
+ if (value == Result.DECISION_INDETERMINATE) {
+ atLeastOneError = true;
+
+ // there are no rules about what to do if multiple cases
+ // cause errors, so we'll just return the first one
+ if (firstIndeterminateResult == null)
+ firstIndeterminateResult = result;
+
+ // if the Rule's effect is DENY, then we can't let this
+ // alg return PERMIT, since this Rule might have denied
+ // if it could do its stuff
+ if (rule.getEffect() == Result.DECISION_DENY)
+ potentialDeny = true;
+ } else {
+ // keep track of whether we had at least one rule that
+ // actually pertained to the request
+ if (value == Result.DECISION_PERMIT)
+ atLeastOnePermit = true;
+ }
+ }
+
+ // we didn't explicitly DENY, but we might have had some Rule
+ // been evaluated, so we have to return INDETERMINATE
+ if (potentialDeny)
+ return firstIndeterminateResult;
+
+ // some Rule said PERMIT, so since nothing could have denied,
+ // we return PERMIT
+ if (atLeastOnePermit)
+ return new Result(Result.DECISION_PERMIT,
+ context.getResourceId().encode());
+
+ // we didn't find anything that said PERMIT, but if we had a
+ // problem with one of the Rules, then we're INDETERMINATE
+ if (atLeastOneError)
+ return firstIndeterminateResult;
+
+ // if we hit this point, then none of the rules actually applied
+ // to us, so we return NOT_APPLICABLE
+ return new Result(Result.DECISION_NOT_APPLICABLE,
+ context.getResourceId().encode());
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/combine/FirstApplicablePolicyAlg.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/combine/FirstApplicablePolicyAlg.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/combine/FirstApplicablePolicyAlg.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,136 @@
+
+/*
+ * @(#)FirstApplicablePolicyAlg.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.combine;
+
+import com.sun.xacml.AbstractPolicy;
+import com.sun.xacml.EvaluationCtx;
+import com.sun.xacml.MatchResult;
+
+import com.sun.xacml.ctx.Result;
+import com.sun.xacml.ctx.Status;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import java.util.Iterator;
+import java.util.List;
+
+
+/**
+ * This is the standard First Applicable policy combining algorithm. It looks
+ * through the set of policies, finds the first one that applies, and returns
+ * that evaluation result.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class FirstApplicablePolicyAlg extends PolicyCombiningAlgorithm
+{
+
+ /**
+ * The standard URN used to identify this algorithm
+ */
+ public static final String algId =
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:" +
+ "first-applicable";
+
+ // a URI form of the identifier
+ private static URI identifierURI;
+ // exception if the URI was invalid, which should never be a problem
+ private static RuntimeException earlyException;
+
+ static {
+ try {
+ identifierURI = new URI(algId);
+ } catch (URISyntaxException se) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(se);
+ }
+ }
+
+ /**
+ * Standard constructor.
+ */
+ public FirstApplicablePolicyAlg() {
+ super(identifierURI);
+
+ if (earlyException != null)
+ throw earlyException;
+ }
+
+ /**
+ * Applies the combining rule to the set of policies based on the
+ * evaluation context.
+ *
+ * @param context the context from the request
+ * @param policies the policies to combine
+ *
+ * @return the result of running the combining algorithm
+ */
+ public Result combine(EvaluationCtx context, List policies) {
+ Iterator it = policies.iterator();
+
+ while (it.hasNext()) {
+ AbstractPolicy policy = (AbstractPolicy)(it.next());
+
+ // make sure that the policy matches the context
+ MatchResult match = policy.match(context);
+
+ if (match.getResult() == MatchResult.INDETERMINATE)
+ return new Result(Result.DECISION_INDETERMINATE,
+ match.getStatus(),
+ context.getResourceId().encode());
+
+ if (match.getResult() == MatchResult.MATCH) {
+ // evaluate the policy
+ Result result = policy.evaluate(context);
+ int effect = result.getDecision();
+
+ // in the case of PERMIT, DENY, or INDETERMINATE, we always
+ // just return that result, so only on a rule that doesn't
+ // apply do we keep going...
+ if (effect != Result.DECISION_NOT_APPLICABLE)
+ return result;
+ }
+ }
+
+ // if we got here, then none of the rules applied
+ return new Result(Result.DECISION_NOT_APPLICABLE,
+ context.getResourceId().encode());
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/combine/FirstApplicableRuleAlg.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/combine/FirstApplicableRuleAlg.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/combine/FirstApplicableRuleAlg.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,123 @@
+
+/*
+ * @(#)FirstApplicableRuleAlg.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.combine;
+
+import com.sun.xacml.EvaluationCtx;
+import com.sun.xacml.Rule;
+
+import com.sun.xacml.ctx.Result;
+import com.sun.xacml.ctx.Status;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import java.util.Iterator;
+import java.util.List;
+
+
+/**
+ * This is the standard First Applicable rule combining algorithm. It looks
+ * through the set of rules, finds the first one that applies, and returns
+ * that evaluation result.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class FirstApplicableRuleAlg extends RuleCombiningAlgorithm
+{
+
+ /**
+ * The standard URN used to identify this algorithm
+ */
+ public static final String algId =
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:" +
+ "first-applicable";
+
+ // a URI form of the identifier
+ private static URI identifierURI;
+ // exception if the URI was invalid, which should never be a problem
+ private static RuntimeException earlyException;
+
+ static {
+ try {
+ identifierURI = new URI(algId);
+ } catch (URISyntaxException se) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(se);
+ }
+ }
+
+ /**
+ * Standard constructor.
+ */
+ public FirstApplicableRuleAlg() {
+ super(identifierURI);
+
+ if (earlyException != null)
+ throw earlyException;
+ }
+
+ /**
+ * Applies the combining rule to the set of rules based on the
+ * evaluation context.
+ *
+ * @param context the context from the request
+ * @param rules the rules to combine
+ *
+ * @return the result of running the combining algorithm
+ */
+ public Result combine(EvaluationCtx context, List rules) {
+ Iterator it = rules.iterator();
+
+ while (it.hasNext()) {
+ Rule rule = (Rule)(it.next());
+ Result result = rule.evaluate(context);
+ int value = result.getDecision();
+
+ // in the case of PERMIT, DENY, or INDETERMINATE, we always
+ // just return that result, so only on a rule that doesn't
+ // apply do we keep going...
+ if (value != Result.DECISION_NOT_APPLICABLE)
+ return result;
+ }
+
+ // if we got here, then none of the rules applied
+ return new Result(Result.DECISION_NOT_APPLICABLE,
+ context.getResourceId().encode());
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/combine/OnlyOneApplicablePolicyAlg.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/combine/OnlyOneApplicablePolicyAlg.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/combine/OnlyOneApplicablePolicyAlg.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,152 @@
+
+/*
+ * @(#)OnlyOneApplicablePolicyAlg.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.combine;
+
+import com.sun.xacml.AbstractPolicy;
+import com.sun.xacml.EvaluationCtx;
+import com.sun.xacml.MatchResult;
+
+import com.sun.xacml.ctx.Result;
+import com.sun.xacml.ctx.Status;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+
+/**
+ * This is the standard Only One Applicable Policy combining algorithm. This
+ * is a special algorithm used at the root of a policy/pdp to make sure that
+ * pdp only selects one policy per request.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class OnlyOneApplicablePolicyAlg extends PolicyCombiningAlgorithm
+{
+
+ /**
+ * The standard URN used to identify this algorithm
+ */
+ public static final String algId =
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:" +
+ "only-one-applicable";
+
+ // a URI form of the identifier
+ private static URI identifierURI;
+ // exception if the URI was invalid, which should never be a problem
+ private static RuntimeException earlyException;
+
+ static {
+ try {
+ identifierURI = new URI(algId);
+ } catch (URISyntaxException se) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(se);
+ }
+ }
+
+ /**
+ * Standard constructor.
+ */
+ public OnlyOneApplicablePolicyAlg() {
+ super(identifierURI);
+
+ if (earlyException != null)
+ throw earlyException;
+ }
+
+ /**
+ * Applies the combining rule to the set of policies based on the
+ * evaluation context.
+ *
+ * @param context the context from the request
+ * @param policies the policies to combine
+ *
+ * @return the result of running the combining algorithm
+ */
+ public Result combine(EvaluationCtx context, List policies) {
+ boolean atLeastOne = false;
+ AbstractPolicy selectedPolicy = null;
+ Iterator it = policies.iterator();
+
+ while (it.hasNext()) {
+ AbstractPolicy policy = (AbstractPolicy)(it.next());
+
+ // see if the policy matches the context
+ MatchResult match = policy.match(context);
+ int result = match.getResult();
+
+ // if there is an error in trying to match any of the targets,
+ // we always return INDETERMINATE immediately
+ if (result == MatchResult.INDETERMINATE)
+ return new Result(Result.DECISION_INDETERMINATE,
+ match.getStatus(),
+ context.getResourceId().encode());
+
+ if (result == MatchResult.MATCH) {
+ // if this isn't the first match, then this is an error
+ if (atLeastOne) {
+ List code = new ArrayList();
+ code.add(Status.STATUS_PROCESSING_ERROR);
+ String message = "Too many applicable policies";
+ return new Result(Result.DECISION_INDETERMINATE,
+ new Status(code, message),
+ context.getResourceId().encode());
+ }
+
+ // if this was the first applicable policy in the set, then
+ // remember it for later
+ atLeastOne = true;
+ selectedPolicy = policy;
+ }
+ }
+
+ // if we got through the loop and found exactly one match, then
+ // we return the evaluation result of that policy
+ if (atLeastOne)
+ return selectedPolicy.evaluate(context);
+
+ // if we didn't find a matching policy, then we don't apply
+ return new Result(Result.DECISION_NOT_APPLICABLE,
+ context.getResourceId().encode());
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/combine/OrderedDenyOverridesPolicyAlg.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/combine/OrderedDenyOverridesPolicyAlg.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/combine/OrderedDenyOverridesPolicyAlg.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,86 @@
+
+/*
+ * OrderedDenyOverridesPolicyAlg.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.combine;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+
+/**
+ * This is the standard Ordered Deny Overrides policy combining algorithm. It
+ * allows a single evaluation of Deny to take precedence over any number
+ * of permit, not applicable or indeterminate results. Note that this uses
+ * the regular Deny Overrides implementation since it is also orderd.
+ *
+ * @since 1.1
+ * @author seth proctor
+ */
+public class OrderedDenyOverridesPolicyAlg extends DenyOverridesPolicyAlg
+{
+
+ /**
+ * The standard URN used to identify this algorithm
+ */
+ public static final String algId =
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:" +
+ "ordered-deny-overrides";
+
+ // a URI form of the identifier
+ private static URI identifierURI;
+ // exception if the URI was invalid, which should never be a problem
+ private static RuntimeException earlyException;
+
+ static {
+ try {
+ identifierURI = new URI(algId);
+ } catch (URISyntaxException se) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(se);
+ }
+ }
+
+ /**
+ * Standard constructor.
+ */
+ public OrderedDenyOverridesPolicyAlg() {
+ super(identifierURI);
+
+ if (earlyException != null)
+ throw earlyException;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/combine/OrderedDenyOverridesRuleAlg.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/combine/OrderedDenyOverridesRuleAlg.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/combine/OrderedDenyOverridesRuleAlg.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,86 @@
+
+/*
+ * @(#)OrderedDenyOverridesRuleAlg.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.combine;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+
+/**
+ * This is the standard Ordered Deny Overrides rule combining algorithm. It
+ * allows a single evaluation of Deny to take precedence over any number
+ * of permit, not applicable or indeterminate results. Note that this uses
+ * the regular Deny Overrides implementation since it is also orderd.
+ *
+ * @since 1.1
+ * @author seth proctor
+ */
+public class OrderedDenyOverridesRuleAlg extends DenyOverridesRuleAlg
+{
+
+ /**
+ * The standard URN used to identify this algorithm
+ */
+ public static final String algId =
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:" +
+ "ordered-deny-overrides";
+
+ // a URI form of the identifier
+ private static URI identifierURI;
+ // exception if the URI was invalid, which should never be a problem
+ private static RuntimeException earlyException;
+
+ static {
+ try {
+ identifierURI = new URI(algId);
+ } catch (URISyntaxException se) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(se);
+ }
+ }
+
+ /**
+ * Standard constructor.
+ */
+ public OrderedDenyOverridesRuleAlg() {
+ super(identifierURI);
+
+ if (earlyException != null)
+ throw earlyException;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/combine/OrderedPermitOverridesPolicyAlg.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/combine/OrderedPermitOverridesPolicyAlg.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/combine/OrderedPermitOverridesPolicyAlg.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,86 @@
+
+/*
+ * @(#)OrderedPermitOverridesPolicyAlg.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.combine;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+
+/**
+ * This is the standard Ordered Permit Overrides policy combining algorithm.
+ * It allows a single evaluation of Permit to take precedence over any number
+ * of deny, not applicable or indeterminate results. Note that this uses
+ * the regular Permit Overrides implementation since it is also orderd.
+ *
+ * @since 1.1
+ * @author seth proctor
+ */
+public class OrderedPermitOverridesPolicyAlg extends PermitOverridesPolicyAlg
+{
+
+ /**
+ * The standard URN used to identify this algorithm
+ */
+ public static final String algId =
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:" +
+ "ordered-permit-overrides";
+
+ // a URI form of the identifier
+ private static URI identifierURI;
+ // exception if the URI was invalid, which should never be a problem
+ private static RuntimeException earlyException;
+
+ static {
+ try {
+ identifierURI = new URI(algId);
+ } catch (URISyntaxException se) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(se);
+ }
+ }
+
+ /**
+ * Standard constructor.
+ */
+ public OrderedPermitOverridesPolicyAlg() {
+ super(identifierURI);
+
+ if (earlyException != null)
+ throw earlyException;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/combine/OrderedPermitOverridesRuleAlg.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/combine/OrderedPermitOverridesRuleAlg.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/combine/OrderedPermitOverridesRuleAlg.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,86 @@
+
+/*
+ * @(#)OrderedPermitOverridesRuleAlg.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.combine;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+
+/**
+ * This is the standard Ordered Permit Overrides rule combining algorithm. It
+ * allows a single evaluation of Permit to take precedence over any number
+ * of deny, not applicable or indeterminate results. Note that this uses
+ * the regular Permit Overrides implementation since it is also orderd.
+ *
+ * @since 1.1
+ * @author seth proctor
+ */
+public class OrderedPermitOverridesRuleAlg extends PermitOverridesRuleAlg
+{
+
+ /**
+ * The standard URN used to identify this algorithm
+ */
+ public static final String algId =
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:" +
+ "ordered-permit-overrides";
+
+ // a URI form of the identifier
+ private static URI identifierURI;
+ // exception if the URI was invalid, which should never be a problem
+ private static RuntimeException earlyException;
+
+ static {
+ try {
+ identifierURI = new URI(algId);
+ } catch (URISyntaxException se) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(se);
+ }
+ }
+
+ /**
+ * Standard constructor.
+ */
+ public OrderedPermitOverridesRuleAlg() {
+ super(identifierURI);
+
+ if (earlyException != null)
+ throw earlyException;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/combine/PermitOverridesPolicyAlg.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/combine/PermitOverridesPolicyAlg.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/combine/PermitOverridesPolicyAlg.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,176 @@
+
+/*
+ * @(#)PermitOverridesPolicyAlg.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.combine;
+
+import com.sun.xacml.AbstractPolicy;
+import com.sun.xacml.EvaluationCtx;
+import com.sun.xacml.MatchResult;
+
+import com.sun.xacml.ctx.Result;
+import com.sun.xacml.ctx.Status;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+
+/**
+ * This is the standard Permit Overrides policy combining algorithm. It
+ * allows a single evaluation of Permit to take precedence over any number
+ * of deny, not applicable or indeterminate results. Note that since
+ * this implementation does an ordered evaluation, this class also
+ * supports the Ordered Permit Overrides algorithm.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class PermitOverridesPolicyAlg extends PolicyCombiningAlgorithm
+{
+
+ /**
+ * The standard URN used to identify this algorithm
+ */
+ public static final String algId =
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:" +
+ "permit-overrides";
+
+ // a URI form of the identifier
+ private static URI identifierURI;
+ // exception if the URI was invalid, which should never be a problem
+ private static RuntimeException earlyException;
+
+ static {
+ try {
+ identifierURI = new URI(algId);
+ } catch (URISyntaxException se) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(se);
+ }
+ }
+
+ /**
+ * Standard constructor.
+ */
+ public PermitOverridesPolicyAlg() {
+ super(identifierURI);
+
+ if (earlyException != null)
+ throw earlyException;
+ }
+
+ /**
+ * Protected constructor used by the ordered version of this algorithm.
+ *
+ * @param identifier the algorithm's identifier
+ */
+ protected PermitOverridesPolicyAlg(URI identifier) {
+ super(identifier);
+ }
+
+ /**
+ * Applies the combining rule to the set of policies based on the
+ * evaluation context.
+ *
+ * @param context the context from the request
+ * @param policies the policies to combine
+ *
+ * @return the result of running the combining algorithm
+ */
+ public Result combine(EvaluationCtx context, List policies) {
+ boolean atLeastOneError = false;
+ boolean atLeastOneDeny = false;
+ Set denyObligations = new HashSet();
+ Status firstIndeterminateStatus = null;
+ Iterator it = policies.iterator();
+
+ while (it.hasNext()) {
+ AbstractPolicy policy = (AbstractPolicy)(it.next());
+
+ // make sure that the policy matches the context
+ MatchResult match = policy.match(context);
+
+ if (match.getResult() == MatchResult.INDETERMINATE) {
+ atLeastOneError = true;
+
+ // keep track of the first error, regardless of cause
+ if (firstIndeterminateStatus == null)
+ firstIndeterminateStatus = match.getStatus();
+ } else if (match.getResult() == MatchResult.MATCH) {
+ // now we evaluate the policy
+ Result result = policy.evaluate(context);
+ int effect = result.getDecision();
+
+ // this is a little different from DenyOverrides...
+
+ if (effect == Result.DECISION_PERMIT)
+ return result;
+
+ if (effect == Result.DECISION_DENY) {
+ atLeastOneDeny = true;
+ denyObligations.addAll(result.getObligations());
+ } else if (effect == Result.DECISION_INDETERMINATE) {
+ atLeastOneError = true;
+
+ // keep track of the first error, regardless of cause
+ if (firstIndeterminateStatus == null)
+ firstIndeterminateStatus = result.getStatus();
+ }
+ }
+ }
+
+ // if we got a DENY, return it
+ if (atLeastOneDeny)
+ return new Result(Result.DECISION_DENY,
+ context.getResourceId().encode(),
+ denyObligations);
+
+ // if we got an INDETERMINATE, return it
+ if (atLeastOneError)
+ return new Result(Result.DECISION_INDETERMINATE,
+ firstIndeterminateStatus,
+ context.getResourceId().encode());
+
+ // if we got here, then nothing applied to us
+ return new Result(Result.DECISION_NOT_APPLICABLE,
+ context.getResourceId().encode());
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/combine/PermitOverridesRuleAlg.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/combine/PermitOverridesRuleAlg.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/combine/PermitOverridesRuleAlg.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,176 @@
+
+/*
+ * @(#)PermitOverridesRuleAlg.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.combine;
+
+import com.sun.xacml.EvaluationCtx;
+import com.sun.xacml.Rule;
+
+import com.sun.xacml.ctx.Result;
+import com.sun.xacml.ctx.Status;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import java.util.Iterator;
+import java.util.List;
+
+
+/**
+ * This is the standard Permit Overrides rule combining algorithm. It
+ * allows a single evaluation of Permit to take precedence over any number
+ * of deny, not applicable or indeterminate results. Note that since
+ * this implementation does an ordered evaluation, this class also
+ * supports the Ordered Permit Overrides algorithm.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class PermitOverridesRuleAlg extends RuleCombiningAlgorithm
+{
+
+ /**
+ * The standard URN used to identify this algorithm
+ */
+ public static final String algId =
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:" +
+ "permit-overrides";
+
+ // a URI form of the identifier
+ private static URI identifierURI;
+ // exception if the URI was invalid, which should never be a problem
+ private static RuntimeException earlyException;
+
+ static {
+ try {
+ identifierURI = new URI(algId);
+ } catch (URISyntaxException se) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(se);
+ }
+ }
+
+ /**
+ * Standard constructor.
+ */
+ public PermitOverridesRuleAlg() {
+ super(identifierURI);
+
+ if (earlyException != null)
+ throw earlyException;
+ }
+
+ /**
+ * Protected constructor used by the ordered version of this algorithm.
+ *
+ * @param identifier the algorithm's identifier
+ */
+ protected PermitOverridesRuleAlg(URI identifier) {
+ super(identifier);
+ }
+
+ /**
+ * Applies the combining rule to the set of rules based on the
+ * evaluation context.
+ *
+ * @param context the context from the request
+ * @param rules the rules to combine
+ *
+ * @return the result of running the combining algorithm
+ */
+ public Result combine(EvaluationCtx context, List rules) {
+ boolean atLeastOneError = false;
+ boolean potentialPermit = false;
+ boolean atLeastOneDeny = false;
+ Result firstIndeterminateResult = null;
+ Iterator it = rules.iterator();
+
+ while (it.hasNext()) {
+ Rule rule = (Rule)(it.next());
+ Result result = rule.evaluate(context);
+ int value = result.getDecision();
+
+ // if there was a value of PERMIT, then regardless of what
+ // else we've seen, we always return PERMIT
+ if (value == Result.DECISION_PERMIT)
+ return result;
+
+ // if it was INDETERMINATE, then we couldn't figure something
+ // out, so we keep track of these cases...
+ if (value == Result.DECISION_INDETERMINATE) {
+ atLeastOneError = true;
+
+ // there are no rules about what to do if multiple cases
+ // cause errors, so we'll just return the first one
+ if (firstIndeterminateResult == null)
+ firstIndeterminateResult = result;
+
+ // if the Rule's effect is PERMIT, then we can't let this
+ // alg return DENY, since this Rule might have permitted
+ // if it could do its stuff
+ if (rule.getEffect() == Result.DECISION_PERMIT)
+ potentialPermit = true;
+ } else {
+ // keep track of whether we had at least one rule that
+ // actually pertained to the request
+ if (value == Result.DECISION_DENY)
+ atLeastOneDeny = true;
+ }
+ }
+
+ // we didn't explicitly PERMIT, but we might have had some Rule
+ // been evaluated, so we have to return INDETERMINATE
+ if (potentialPermit)
+ return firstIndeterminateResult;
+
+ // some Rule said DENY, so since nothing could have permitted,
+ // we return DENY
+ if (atLeastOneDeny)
+ return new Result(Result.DECISION_DENY,
+ context.getResourceId().encode());
+
+ // we didn't find anything that said DENY, but if we had a
+ // problem with one of the Rules, then we're INDETERMINATE
+ if (atLeastOneError)
+ return firstIndeterminateResult;
+
+ // if we hit this point, then none of the rules actually applied
+ // to us, so we return NOT_APPLICABLE
+ return new Result(Result.DECISION_NOT_APPLICABLE,
+ context.getResourceId().encode());
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/combine/PolicyCombiningAlgorithm.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/combine/PolicyCombiningAlgorithm.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/combine/PolicyCombiningAlgorithm.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,90 @@
+
+/*
+ * @(#)PolicyCombiningAlgorithm.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.combine;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.ctx.Result;
+
+import java.net.URI;
+
+import java.util.List;
+
+
+/**
+ * The base type for all Policy combining algorithms. Unlike in Rule
+ * Combining Algorithms, each policy must be matched before they're evaluated
+ * to make sure they apply. Also, in combining policies, obligations must be
+ * handled correctly. Specifically, no obligation may be included in the
+ * <code>Result</code> that doesn't match the effect being returned. So, if
+ * INDETERMINATE or NOT_APPLICABLE is the returned effect, no obligations
+ * may be included in the result. If the effect of the combining algorithm
+ * is PERMIT or DENY, then obligations with a matching fulfillOn effect
+ * are also included in the result.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ * @author Marco Barreno
+ */
+public abstract class PolicyCombiningAlgorithm extends CombiningAlgorithm
+{
+
+ /**
+ * Constructor that takes the algorithm's identifier.
+ *
+ * @param identifier the algorithm's identifier
+ */
+ public PolicyCombiningAlgorithm(URI identifier) {
+ super(identifier);
+ }
+
+ /**
+ * Combines the policies based on the context to produce some unified
+ * result. This is the one function of a combining algorithm.
+ * 
+ * Note that unlike in the RuleCombiningAlgorithms, here you must
+ * explicitly match the sub-policies to make sure that you should
+ * consider them, and you must handle Obligations.
+ *
+ * @param context the representation of the request
+ * @param policies the policies to combine
+ *
+ * @return a single unified result based on the combining logic
+ */
+ public abstract Result combine(EvaluationCtx context, List policies);
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/combine/RuleCombiningAlgorithm.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/combine/RuleCombiningAlgorithm.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/combine/RuleCombiningAlgorithm.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,78 @@
+
+/*
+ * @(#)RuleCombiningAlgorithm.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.combine;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.ctx.Result;
+
+import java.net.URI;
+
+import java.util.List;
+
+
+/**
+ * The base type for all Rule combining algorithms.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ * @author Marco Barreno
+ */
+public abstract class RuleCombiningAlgorithm extends CombiningAlgorithm
+{
+
+ /**
+ * Constructor that takes the algorithm's identifier.
+ *
+ * @param identifier the algorithm's identifier
+ */
+ public RuleCombiningAlgorithm(URI identifier) {
+ super(identifier);
+ }
+
+ /**
+ * Combines the rules based on the context to produce some unified
+ * result. This is the one function of a combining algorithm.
+ *
+ * @param context the representation of the request
+ * @param rules the rules to combine
+ *
+ * @return a single unified result based on the combining logic
+ */
+ public abstract Result combine(EvaluationCtx context, List rules);
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/combine/StandardCombiningAlgFactory.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/combine/StandardCombiningAlgFactory.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/combine/StandardCombiningAlgFactory.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,158 @@
+
+/*
+ * @(#)StandardCombiningAlgFactory.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.combine;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+
+/**
+ * This factory supports the standard set of algorithms specified in XACML
+ * 1.0 and 1.1. It is the default factory used by the system, and imposes
+ * a singleton pattern insuring that there is only ever one instance of
+ * this class.
+ * 
+ * Note that because this supports only the standard algorithms, this
+ * factory does not allow the addition of any other algorithms. If you call
+ * <code>addAlgorithm</code> on an instance of this class, an exception
+ * will be thrown. If you need a standard factory that is modifiable, you
+ * should create a new <code>BaseCombiningAlgFactory</code> (or some other
+ * <code>CombiningAlgFactory</code>) and configure it with the standard
+ * algorithms using <code>getStandardAlgorithms</code> (or, in the case of
+ * <code>BaseAttributeFactory</code>, by providing the datatypes in the
+ * constructor).
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class StandardCombiningAlgFactory extends BaseCombiningAlgFactory
+{
+
+ // the single factory instance
+ private static StandardCombiningAlgFactory factoryInstance = null;
+
+ // the algorithms supported by this factory
+ private static Set supportedAlgorithms = null;
+
+ // the logger we'll use for all messages
+ private static final Logger logger =
+ Logger.getLogger(StandardCombiningAlgFactory.class.getName());
+
+ /**
+ * Default constructor.
+ */
+ private StandardCombiningAlgFactory() {
+ super(supportedAlgorithms);
+ }
+
+ /**
+ * Private initializer for the supported algorithms. This isn't called
+ * until something needs these values, and is only called once.
+ */
+ private static void initAlgorithms() {
+ logger.config("Initializing standard combining algorithms");
+
+ supportedAlgorithms = new HashSet();
+
+ supportedAlgorithms.add(new DenyOverridesRuleAlg());
+ supportedAlgorithms.add(new DenyOverridesPolicyAlg());
+
+ supportedAlgorithms.add(new OrderedDenyOverridesRuleAlg());
+ supportedAlgorithms.add(new OrderedDenyOverridesPolicyAlg());
+
+ supportedAlgorithms.add(new PermitOverridesRuleAlg());
+ supportedAlgorithms.add(new PermitOverridesPolicyAlg());
+
+ supportedAlgorithms.add(new OrderedPermitOverridesRuleAlg());
+ supportedAlgorithms.add(new OrderedPermitOverridesPolicyAlg());
+
+ supportedAlgorithms.add(new FirstApplicableRuleAlg());
+ supportedAlgorithms.add(new FirstApplicablePolicyAlg());
+
+ supportedAlgorithms.add(new OnlyOneApplicablePolicyAlg());
+ }
+
+ /**
+ * Returns an instance of this factory. This method enforces a singleton
+ * model, meaning that this always returns the same instance, creating
+ * the factory if it hasn't been requested before. This is the default
+ * model used by the <code>CombiningAlgFactory</code>, ensuring quick
+ * access to this factory.
+ *
+ * @return the factory instance
+ */
+ public static StandardCombiningAlgFactory getFactory() {
+ if (factoryInstance == null) {
+ synchronized (StandardCombiningAlgFactory.class) {
+ if (factoryInstance == null) {
+ initAlgorithms();
+ factoryInstance = new StandardCombiningAlgFactory();
+ }
+ }
+ }
+
+ return factoryInstance;
+ }
+
+ /**
+ * Returns the set of algorithms that this standard factory supports.
+ *
+ * @return a <code>Set</code> of <code>CombiningAlgorithm</code>s
+ */
+ public Set getStandardAlgorithms() {
+ return Collections.unmodifiableSet(supportedAlgorithms);
+ }
+
+ /**
+ * Throws an <code>UnsupportedOperationException</code> since you are not
+ * allowed to modify what a standard factory supports.
+ *
+ * @param alg the combining algorithm to add
+ *
+ * @throws UnsupportedOperationException always
+ */
+ public void addAlgorithm(CombiningAlgorithm alg) {
+ throw new UnsupportedOperationException("a standard factory cannot "
+
+ "support new algorithms");
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/combine/package.html
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/combine/package.html
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/combine/package.html
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,7 @@
+<body>
+ All of the combining algorithm support is in this package. There are
+ base classes that all combining algorithms need to extend, and a
+ factory for getting algorithms and adding new algorithms to the
+ system. There are also implementations of all of the standard
+ combining algorithms.
+</body>

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/AbsFunction.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/AbsFunction.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/AbsFunction.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,173 @@
+
+/*
+ * @(#)AbsFunction.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.DoubleAttribute;
+import com.sun.xacml.attr.IntegerAttribute;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+
+/**
+ * A class that implements all the *-abs functions. It takes one
+ * operand of the appropriate type and returns the absolute value of the
+ * operand. If the operand is indeterminate, an indeterminate result
+ * is returned.
+ *
+ * @since 1.0
+ * @author Steve Hanna
+ * @author Seth Proctor
+ */
+public class AbsFunction extends FunctionBase
+{
+
+ /**
+ * Standard identifier for the integer-abs function.
+ */
+ public static final String NAME_INTEGER_ABS =
+ FUNCTION_NS + "integer-abs";
+
+ /**
+ * Standard identifier for the double-abs function.
+ */
+ public static final String NAME_DOUBLE_ABS =
+ FUNCTION_NS + "double-abs";
+
+ // inernal identifiers for each of the supported functions
+ private static final int ID_INTEGER_ABS = 0;
+ private static final int ID_DOUBLE_ABS = 1;
+
+ /**
+ * Creates a new <code>AbsFunction</code> object.
+ *
+ * @param functionName the standard XACML name of the function to be
+ * handled by this object, including the full
namespace
+ *
+ * @throws IllegalArgumentException if the function is known
+ */
+ public AbsFunction(String functionName) {
+ super(functionName, getId(functionName),
getArgumentType(functionName),
+ false, 1, getArgumentType(functionName), false);
+ }
+
+ /**
+ * Private helper that returns the internal identifier used for the
+ * given standard function.
+ */
+ private static int getId(String functionName) {
+ if (functionName.equals(NAME_INTEGER_ABS))
+ return ID_INTEGER_ABS;
+ else if (functionName.equals(NAME_DOUBLE_ABS))
+ return ID_DOUBLE_ABS;
+ else
+ throw new IllegalArgumentException("unknown abs function " +
+ functionName);
+ }
+
+ /**
+ * Private helper that returns the type used for the given standard
+ * function. Note that this doesn't check on the return value since the
+ * method always is called after getId, so we assume that the function
+ * is present.
+ */
+ private static String getArgumentType(String functionName) {
+ if (functionName.equals(NAME_INTEGER_ABS))
+ return IntegerAttribute.identifier;
+ else
+ return DoubleAttribute.identifier;
+ }
+
+ /**
+ * Returns a <code>Set</code> containing all the function identifiers
+ * supported by this class.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public static Set getSupportedIdentifiers() {
+ Set set = new HashSet();
+
+ set.add(NAME_INTEGER_ABS);
+ set.add(NAME_DOUBLE_ABS);
+
+ return set;
+ }
+
+ /**
+ * Evaluate the function, using the specified parameters.
+ *
+ * @param inputs a <code>List</code> of <code>Evaluatable</code>
+ * objects representing the arguments passed to the
function
+ * @param context an <code>EvaluationCtx</code> so that the
+ * <code>Evaluatable</code> objects can be evaluated
+ * @return an <code>EvaluationResult</code> representing the
+ * function's result
+ */
+ public EvaluationResult evaluate(List inputs, EvaluationCtx context) {
+
+ // evaluate the inputs, returning any error that may occur
+ AttributeValue [] argValues = new AttributeValue[inputs.size()];
+ EvaluationResult result = evalArgs(inputs, context, argValues);
+ if (result != null)
+ return result;
+
+ // Now that we have real values, perform the abs operation
+ // in the manner appropriate for the type of the arguments.
+ switch (getFunctionId()) {
+ case ID_INTEGER_ABS: {
+ long arg = ((IntegerAttribute) argValues[0]).getValue();
+ long absValue = Math.abs(arg);
+
+ result = new EvaluationResult(new IntegerAttribute(absValue));
+ break;
+ }
+ case ID_DOUBLE_ABS: {
+ double arg = ((DoubleAttribute) argValues[0]).getValue();
+ double absValue = Math.abs(arg);
+
+ result = new EvaluationResult(new DoubleAttribute(absValue));
+ break;
+ }
+ }
+
+ return result;
+ }
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/AddFunction.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/AddFunction.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/AddFunction.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,190 @@
+
+/*
+ * @(#)AddFunction.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.DoubleAttribute;
+import com.sun.xacml.attr.IntegerAttribute;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+
+/**
+ * A class that implements all the *-add functions. It takes two or more
+ * operands of the appropriate type and returns the sum of the operands.
+ * If any of the operands is indeterminate, an indeterminate result is
+ * returned.
+ *
+ * @since 1.0
+ * @author Steve Hanna
+ * @author Seth Proctor
+ */
+public class AddFunction extends FunctionBase
+{
+
+ /**
+ * Standard identifier for the integer-add function.
+ */
+ public static final String NAME_INTEGER_ADD =
+ FUNCTION_NS + "integer-add";
+
+ /**
+ * Standard identifier for the double-add function.
+ */
+ public static final String NAME_DOUBLE_ADD =
+ FUNCTION_NS + "double-add";
+
+ // inernal identifiers for each of the supported functions
+ private static final int ID_INTEGER_ADD = 0;
+ private static final int ID_DOUBLE_ADD = 1;
+
+ /**
+ * Creates a new <code>AddFunction</code> object.
+ *
+ * @param functionName the standard XACML name of the function to be
+ * handled by this object, including the full
namespace
+ *
+ * @throws IllegalArgumentException if the function is unknown
+ */
+ public AddFunction(String functionName) {
+ super(functionName, getId(functionName),
getArgumentType(functionName),
+ false, -1, 2, getArgumentType(functionName), false);
+ }
+
+ /**
+ * Private helper that returns the internal identifier used for the
+ * given standard function.
+ */
+ private static int getId(String functionName) {
+ if (functionName.equals(NAME_INTEGER_ADD))
+ return ID_INTEGER_ADD;
+ else if (functionName.equals(NAME_DOUBLE_ADD))
+ return ID_DOUBLE_ADD;
+ else
+ throw new IllegalArgumentException("unknown add function " +
+ functionName);
+ }
+
+ /**
+ * Private helper that returns the type used for the given standard
+ * function. Note that this doesn't check on the return value since the
+ * method always is called after getId, so we assume that the function
+ * is present.
+ */
+ private static String getArgumentType(String functionName) {
+ if (functionName.equals(NAME_INTEGER_ADD))
+ return IntegerAttribute.identifier;
+ else
+ return DoubleAttribute.identifier;
+ }
+
+ /**
+ * Returns a <code>Set</code> containing all the function identifiers
+ * supported by this class.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public static Set getSupportedIdentifiers() {
+ Set set = new HashSet();
+
+ set.add(NAME_INTEGER_ADD);
+ set.add(NAME_DOUBLE_ADD);
+
+ return set;
+ }
+
+ /**
+ * Evaluate the function, using the specified parameters.
+ *
+ * @param inputs a <code>List</code> of <code>Evaluatable</code>
+ * objects representing the arguments passed to the
function
+ * @param context an <code>EvaluationCtx</code> so that the
+ * <code>Evaluatable</code> objects can be evaluated
+ * @return an <code>EvaluationResult</code> representing the
+ * function's result
+ */
+ public EvaluationResult evaluate(List inputs, EvaluationCtx context) {
+
+ // Evaluate the arguments
+ AttributeValue [] argValues = new AttributeValue[inputs.size()];
+ EvaluationResult result = evalArgs(inputs, context, argValues);
+ if (result != null)
+ return result;
+
+ // Now that we have real values, perform the add operation
+ switch (getFunctionId()) {
+ case ID_INTEGER_ADD: {
+ long sum = 0;
+ for (int index = 0; index < argValues.length; index++) {
+ long arg = ((IntegerAttribute) argValues[index]).getValue();
+ sum += arg;
+ }
+
+ result = new EvaluationResult(new IntegerAttribute(sum));
+ break;
+ }
+ case ID_DOUBLE_ADD: {
+ double sum = 0;
+ for (int index = 0; index < argValues.length; index++) {
+ double arg =
+ ((DoubleAttribute) argValues[index]).getValue();
+ sum = sum + arg;
+ }
+
+ // Make it round half even, not round nearest
+ double lower = Math.floor(sum);
+ double higher = lower + 1;
+ if ((sum - lower) == (higher - sum)) {
+ if ((lower % 2) == 0)
+ sum = lower;
+ else
+ sum = higher;
+ }
+
+ result = new EvaluationResult(new DoubleAttribute(sum));
+ break;
+ }
+ }
+
+ return result;
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/Apply.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/Apply.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/Apply.java 2010-06-18
08:40:01 UTC (rev 5711)
@@ -0,0 +1,414 @@
+
+/*
+ * @(#)Apply.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+import com.sun.xacml.Indenter;
+import com.sun.xacml.ParsingException;
+import com.sun.xacml.UnknownIdentifierException;
+
+import com.sun.xacml.attr.AttributeDesignator;
+import com.sun.xacml.attr.AttributeFactory;
+import com.sun.xacml.attr.AttributeSelector;
+import com.sun.xacml.attr.AttributeValue;
+
+import java.io.OutputStream;
+import java.io.PrintStream;
+
+import java.net.URI;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+
+/**
+ * Represents the XACML ApplyType and ConditionType XML types.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class Apply implements Evaluatable
+{
+
+ // the function used to evaluate the contents of the apply
+ private Function function;
+
+ // the paramaters to the function...ie, the contents of the apply
+ private List evals;
+
+ // an apply may have an entry that's a function for bag operations
+ private Function bagFunction;
+
+ // whether or not this is a condition
+ private boolean isCondition;
+
+ /**
+ * Constructs an <code>Apply</code> object. Throws an
+ * <code>IllegalArgumentException</code> if the given parameter list
+ * isn't valid for the given function.
+ *
+ * @param function the <code>Function</code> to use in evaluating the
+ * elements in the apply
+ * @param evals the contents of the apply which will be the parameters
+ * to the function, each of which is an
+ * <code>Evaluatable</code>
+ * @param isCondition true if this <code>Apply</code> is a Condition,
+ * false otherwise
+ */
+ public Apply(Function function, List evals, boolean isCondition)
+ throws IllegalArgumentException
+ {
+ this(function, evals, null, isCondition);
+ }
+
+ /**
+ * Constructs an <code>Apply</code> object that contains a higher-order
+ * bag function. Throws an <code>IllegalArgumentException</code> if the
+ * given parameter list isn't valid for the given function.
+ *
+ * @param function the <code>Function</code> to use in evaluating the
+ * elements in the apply
+ * @param evals the contents of the apply which will be the parameters
+ * to the function, each of which is an
+ * <code>Evaluatable</code>
+ * @param bagFunction the higher-order function to use
+ * @param isCondition true if this <code>Apply</code> is a Condition,
+ * false otherwise
+ */
+ public Apply(Function function, List evals, Function bagFunction,
+ boolean isCondition)
+ throws IllegalArgumentException
+ {
+ // check that the given inputs work for the function
+ List inputs = evals;
+ if (bagFunction != null) {
+ inputs = new ArrayList();
+ inputs.add(bagFunction);
+ inputs.addAll(evals);
+ }
+ function.checkInputs(inputs);
+
+ // if everything checks out, then store the inputs
+ this.function = function;
+ this.evals = Collections.unmodifiableList(new ArrayList(evals));
+ this.bagFunction = bagFunction;
+ this.isCondition = isCondition;
+ }
+
+ /**
+ * Returns an instance of an <code>Apply</code> based on the given DOM
+ * root node. This will actually return a special kind of
+ * <code>Apply</code>, namely an XML ConditionType, which is the root
+ * of the condition logic in a RuleType. A ConditionType is the same
+ * as an ApplyType except that it must use a FunctionId that returns
+ * a boolean value.
+ *
+ * @param root the DOM root of a ConditionType XML type
+ * @param xpathVersion the XPath version to use in any selectors or XPath
+ * functions, or null if this is unspecified (ie, not
+ * supplied in the defaults section of the policy)
+ *
+ * @throws ParsingException if this is not a valid ConditionType
+ */
+ public static Apply getConditionInstance(Node root, String xpathVersion)
+ throws ParsingException
+ {
+ return getInstance(root, FunctionFactory.getConditionInstance(),
true,
+ xpathVersion);
+ }
+
+ /**
+ * Returns an instance of <code>Apply</code> based on the given DOM root.
+ *
+ * @param root the DOM root of an ApplyType XML type
+ * @param xpathVersion the XPath version to use in any selectors or XPath
+ * functions, or null if this is unspecified (ie, not
+ * supplied in the defaults section of the policy)
+ *
+ * @throws ParsingException if this is not a valid ApplyType
+ */
+ public static Apply getInstance(Node root, String xpathVersion)
+ throws ParsingException
+ {
+ return getInstance(root, FunctionFactory.getGeneralInstance(), false,
+ xpathVersion);
+ }
+
+ /**
+ * This is a helper method that is called by the two getInstance
+ * methods. It takes a factory so we know that we're getting the right
+ * kind of function.
+ */
+ private static Apply getInstance(Node root, FunctionFactory factory,
+ boolean isCondition, String
xpathVersion)
+ throws ParsingException
+ {
+ Function function = getFunction(root, xpathVersion, factory);
+ Function bagFunction = null;
+ List evals = new ArrayList();
+
+ AttributeFactory attrFactory = AttributeFactory.getInstance();
+
+ NodeList nodes = root.getChildNodes();
+ for (int i = 0; i < nodes.getLength(); i++) {
+ Node node = nodes.item(i);
+ String name = node.getNodeName();
+
+ if (name.equals("Apply")) {
+ evals.add(Apply.getInstance(node, xpathVersion));
+ } else if (name.equals("AttributeValue")) {
+ try {
+ evals.add(attrFactory.createValue(node));
+ } catch (UnknownIdentifierException uie) {
+ throw new ParsingException("Unknown DataType", uie);
+ }
+ } else if (name.equals("SubjectAttributeDesignator")) {
+ evals.add(AttributeDesignator.
+ getInstance(node,
+ AttributeDesignator.SUBJECT_TARGET));
+ } else if (name.equals("ResourceAttributeDesignator")) {
+ evals.add(AttributeDesignator.
+ getInstance(node,
+ AttributeDesignator.RESOURCE_TARGET));
+ } else if (name.equals("ActionAttributeDesignator")) {
+ evals.add(AttributeDesignator.
+ getInstance(node,
+ AttributeDesignator.ACTION_TARGET));
+ } else if (name.equals("EnvironmentAttributeDesignator")) {
+ evals.add(AttributeDesignator.
+ getInstance(node,
+
AttributeDesignator.ENVIRONMENT_TARGET));
+ } else if (name.equals("AttributeSelector")) {
+ evals.add(AttributeSelector.getInstance(node, xpathVersion));
+ } else if (name.equals("Function")) {
+ // while the schema doesn't enforce this, it's illegal to
+ // have more than one FunctionType in a given ApplyType
+ if (bagFunction != null)
+ throw new ParsingException("Too many FunctionTypes");
+
+ bagFunction =
+ getFunction(node, xpathVersion,
+ FunctionFactory.getGeneralInstance());
+ }
+ }
+
+ return new Apply(function, evals, bagFunction, isCondition);
+ }
+
+ /**
+ * Helper method that tries to get a function instance
+ */
+ private static Function getFunction(Node root, String version,
+ FunctionFactory factory)
+ throws ParsingException
+ {
+ Node functionNode = root.getAttributes().getNamedItem("FunctionId");
+ String functionName = functionNode.getNodeValue();
+
+ try {
+ // try to get an instance of the given function
+ return factory.createFunction(functionName);
+ } catch (UnknownIdentifierException uie) {
+ throw new ParsingException("Unknown FunctionId in Apply", uie);
+ } catch (FunctionTypeException fte) {
+ // try creating as an abstract function, using a general factory
+ try {
+ FunctionFactory ff = FunctionFactory.getGeneralInstance();
+ return ff.createAbstractFunction(functionName, root,
version);
+ } catch (Exception e) {
+ // any exception at this point is a failure
+ throw new ParsingException("failed to create abstract
function"
+ + " " + functionName, e);
+ }
+ }
+ }
+
+ /**
+ * Returns the <code>Function</code> used by this <code>Apply</code>.
+ *
+ * @return the <code>Function</code>
+ */
+ public Function getFunction() {
+ return function;
+ }
+
+ /**
+ * Returns the <code>List</code> of children for this <code>Apply</code>.
+ * The <code>List</code> contains <code>Evaluatable</code>s. The list is
+ * unmodifiable, and may be empty.
+ *
+ * @return a <code>List</code> of <code>Evaluatable</code>s
+ */
+ public List getChildren() {
+ return evals;
+ }
+
+ /**
+ * Returns the higher order bag function used by this <code>Apply</code>
+ * if it exists, or null if no higher order function is used.
+ *
+ * @return the higher order <code>Function</code> or null
+ */
+ public Function getHigherOrderFunction() {
+ return bagFunction;
+ }
+
+ /**
+ * Returns whether or not this ApplyType is actually a ConditionType.
+ *
+ * @return whether or not this represents a ConditionType
+ */
+ public boolean isCondition() {
+ return isCondition;
+ }
+
+ /**
+ * Evaluates the apply object using the given function. This will in
+ * turn call evaluate on all the given parameters, some of which may be
+ * other <code>Apply</code> objects.
+ *
+ * @param context the representation of the request
+ *
+ * @return the result of trying to evaluate this apply object
+ */
+ public EvaluationResult evaluate(EvaluationCtx context) {
+ List parameters = evals;
+
+ // see if there is a higher-order function in here
+ if (bagFunction != null) {
+ // this is a special case, so we setup the parameters, starting
+ // with the function
+ parameters = new ArrayList();
+ parameters.add(bagFunction);
+
+ // now we evaluate all the parameters, returning INDETERMINATE
+ // if that's what any of them return, and otherwise tracking
+ // all the AttributeValues that get returned
+ Iterator it = evals.iterator();
+ while (it.hasNext()) {
+ Evaluatable eval = (Evaluatable)(it.next());
+ EvaluationResult result = eval.evaluate(context);
+
+ // in a higher-order case, if anything is INDETERMINATE, then
+ // we stop right away
+ if (result.indeterminate())
+ return result;
+
+ parameters.add(result.getAttributeValue());
+ }
+ }
+
+ // now we can call the base function
+ return function.evaluate(parameters, context);
+ }
+
+ /**
+ * Returns the type of attribute that this object will return on a call
+ * to <code>evaluate</code>. In practice, this will always be the same as
+ * the result of calling <code>getReturnType</code> on the function used
+ * by this object.
+ *
+ * @return the type returned by <code>evaluate</code>
+ */
+ public URI getType() {
+ return function.getReturnType();
+ }
+
+ /**
+ * Returns whether or not the <code>Function</code> will return a bag
+ * of values on evaluation.
+ *
+ * @return true if evaluation will return a bag of values, false
otherwise
+ */
+ public boolean evaluatesToBag() {
+ return function.returnsBag();
+ }
+
+ /**
+ * Encodes this <code>Apply</code> into its XML representation and
+ * writes this encoding to the given <code>OutputStream</code> with no
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ */
+ public void encode(OutputStream output) {
+ encode(output, new Indenter(0));
+ }
+
+ /**
+ * Encodes this <code>Apply</code> into its XML representation and
+ * writes this encoding to the given <code>OutputStream</code> with
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ * @param indenter an object that creates indentation strings
+ */
+ public void encode(OutputStream output, Indenter indenter) {
+ PrintStream out = new PrintStream(output);
+ String indent = indenter.makeString();
+
+ if (isCondition)
+ out.println(indent + "<Condition FunctionId=\"" +
+ function.getIdentifier() + "\">");
+ else
+ out.println(indent + "<Apply FunctionId=\"" +
+ function.getIdentifier() + "\">");
+ indenter.in();
+
+ if (bagFunction != null)
+ out.println("<Function FunctionId=\"" +
+ bagFunction.getIdentifier() + "\"/>");
+
+ Iterator it = evals.iterator();
+ while (it.hasNext()) {
+ Evaluatable eval = (Evaluatable)(it.next());
+ eval.encode(output, indenter);
+ }
+
+ indenter.out();
+ if (isCondition)
+ out.println(indent + "</Condition>");
+ else
+ out.println(indent + "</Apply>");
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/BagFunction.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/BagFunction.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/BagFunction.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,269 @@
+
+/*
+ * @(#)BagFunction.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.attr.AnyURIAttribute;
+import com.sun.xacml.attr.Base64BinaryAttribute;
+import com.sun.xacml.attr.BooleanAttribute;
+import com.sun.xacml.attr.DateAttribute;
+import com.sun.xacml.attr.DateTimeAttribute;
+import com.sun.xacml.attr.DayTimeDurationAttribute;
+import com.sun.xacml.attr.DoubleAttribute;
+import com.sun.xacml.attr.HexBinaryAttribute;
+import com.sun.xacml.attr.IntegerAttribute;
+import com.sun.xacml.attr.RFC822NameAttribute;
+import com.sun.xacml.attr.StringAttribute;
+import com.sun.xacml.attr.TimeAttribute;
+import com.sun.xacml.attr.X500NameAttribute;
+import com.sun.xacml.attr.YearMonthDurationAttribute;
+
+import java.util.HashSet;
+import java.util.Set;
+
+
+/**
+ * Represents all of the Bag functions, though the actual implementations
+ * are in two sub-classes specific to the condition and general bag
+ * functions.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public abstract class BagFunction extends FunctionBase
+{
+
+ /**
+ * Base name for the type-one-and-only funtions. To get the standard
+ * identifier for a given type, use <code>FunctionBase.FUNCTION_NS</code>
+ * + the datatype's base name (e.g., <code>string</code>) +
+ * </code>NAME_BASE_ONE_AND_ONLY</code>.
+ */
+ public static final String NAME_BASE_ONE_AND_ONLY =
+ "-one-and-only";
+
+ /**
+ * Base name for the type-bag-size funtions. To get the standard
+ * identifier for a given type, use <code>FunctionBase.FUNCTION_NS</code>
+ * + the datatype's base name (e.g., <code>string</code>) +
+ * </code>NAME_BASE_BAG_SIZE</code>.
+ */
+ public static final String NAME_BASE_BAG_SIZE =
+ "-bag-size";
+
+ /**
+ * Base name for the type-is-in. To get the standard
+ * identifier for a given type, use <code>FunctionBase.FUNCTION_NS</code>
+ * + the datatype's base name (e.g., <code>string</code>) +
+ * </code>NAME_BASE_IS_IN</code>.
+ */
+ public static final String NAME_BASE_IS_IN =
+ "-is-in";
+
+ /**
+ * Base name for the type-bag funtions. To get the standard
+ * identifier for a given type, use <code>FunctionBase.FUNCTION_NS</code>
+ * + the datatype's base name (e.g., <code>string</code>) +
+ * </code>NAME_BASE_BAG</code>.
+ */
+ public static final String NAME_BASE_BAG =
+ "-bag";
+
+ // bag parameter info for the functions that accept multiple args
+ private static final boolean bagParams [] = { false, true };
+
+ /**
+ * A complete list of all the XACML datatypes supported by the Bag
+ * functions
+ */
+ protected static String baseTypes [] = {
+ StringAttribute.identifier,
+ BooleanAttribute.identifier,
+ IntegerAttribute.identifier,
+ DoubleAttribute.identifier,
+ DateAttribute.identifier,
+ DateTimeAttribute.identifier,
+ TimeAttribute.identifier,
+ AnyURIAttribute.identifier,
+ HexBinaryAttribute.identifier,
+ Base64BinaryAttribute.identifier,
+ DayTimeDurationAttribute.identifier,
+ YearMonthDurationAttribute.identifier,
+ X500NameAttribute.identifier,
+ RFC822NameAttribute.identifier
+ };
+
+ /**
+ * A complete list of all the XACML datatypes supported by the Bag
+ * functions, using the "simple" form of the names (eg, string
+ * instead of http://www.w3.org/2001/XMLSchema#string)
+ */
+ protected static String simpleTypes [] = {
+ "string", "boolean", "integer", "double", "date", "dateTime",
+ "time", "anyURI", "hexBinary", "base64Binary", "dayTimeDuration",
+ "yearMonthDuration", "x500Name", "rfc822Name"
+ };
+
+ /**
+ * Returns a new <code>BagFunction</code> that provides the
+ * type-one-and-only functionality over the given attribute type.
+ * This should be used to create new function instances for any new
+ * attribute types, and the resulting object should be put into
+ * the <code>FunctionFactory</code> (instances already exist in the
+ * factory for the standard attribute types).
+ *
+ * @param functionName the name to use for the function
+ * @param argumentType the type to operate on
+ *
+ * @return a new <code>BagFunction</code>
+ */
+ public static BagFunction getOneAndOnlyInstance(String functionName,
+ String argumentType) {
+ return new GeneralBagFunction(functionName, argumentType,
+ NAME_BASE_ONE_AND_ONLY);
+ }
+
+ /**
+ * Returns a new <code>BagFunction</code> that provides the
+ * type-bag-size functionality over the given attribute type. This
+ * should be used to create new function instances for any new
+ * attribute types, and the resulting object should be put into
+ * the <code>FunctionFactory</code> (instances already exist in the
+ * factory for the standard attribute types).
+ *
+ * @param functionName the name to use for the function
+ * @param argumentType the type to operate on
+ *
+ * @return a new <code>BagFunction</code>
+ */
+ public static BagFunction getBagSizeInstance(String functionName,
+ String argumentType) {
+ return new GeneralBagFunction(functionName, argumentType,
+ NAME_BASE_BAG_SIZE);
+ }
+
+ /**
+ * Returns a new <code>BagFunction</code> that provides the
+ * type-is-in functionality over the given attribute type. This
+ * should be used to create new function instances for any new
+ * attribute types, and the resulting object should be put into
+ * the <code>FunctionFactory</code> (instances already exist in the
+ * factory for the standard attribute types).
+ *
+ * @param functionName the name to use for the function
+ * @param argumentType the type to operate on
+ *
+ * @return a new <code>BagFunction</code>
+ */
+ public static BagFunction getIsInInstance(String functionName,
+ String argumentType) {
+ return new ConditionBagFunction(functionName, argumentType);
+ }
+
+ /**
+ * Returns a new <code>BagFunction</code> that provides the
+ * type-bag functionality over the given attribute type. This
+ * should be used to create new function instances for any new
+ * attribute types, and the resulting object should be put into
+ * the <code>FunctionFactory</code> (instances already exist in the
+ * factory for the standard attribute types).
+ *
+ * @param functionName the name to use for the function
+ * @param argumentType the type to operate on
+ *
+ * @return a new <code>BagFunction</code>
+ */
+ public static BagFunction getBagInstance(String functionName,
+ String argumentType) {
+ return new GeneralBagFunction(functionName, argumentType,
+ NAME_BASE_BAG);
+ }
+
+ /**
+ * Protected constuctor used by the general and condition subclasses
+ * to create a non-boolean function with parameters of the same datatype.
+ * If you need to create a new <code>BagFunction</code> instance you
+ * should either use one of the <code>getInstance</code> methods or
+ * construct one of the sub-classes directly.
+ *
+ * @param functionName the identitifer for the function
+ * @param functionId an optional, internal numeric identifier
+ * @param paramType the datatype this function accepts
+ * @param paramIsBag whether the parameters are bags
+ * @param numParams number of parameters allowed or -1 for any number
+ * @param returnType the datatype this function returns
+ * @param returnsBag whether this function returns bags
+ */
+ protected BagFunction(String functionName, int functionId,
+ String paramType, boolean paramIsBag, int
numParams,
+ String returnType, boolean returnsBag) {
+ super(functionName, functionId, paramType, paramIsBag, numParams,
+ returnType, returnsBag);
+ }
+
+ /**
+ * Protected constuctor used by the general and condition subclasses
+ * to create a boolean function with parameters of different datatypes.
+ * If you need to create a new <code>BagFunction</code> instance you
+ * should either use one of the <code>getInstance</code> methods or
+ * construct one of the sub-classes directly.
+ *
+ * @param functionName the identitifer for the function
+ * @param functionId an optional, internal numeric identifier
+ * @param paramTypes the datatype of each parameter
+ */
+ protected BagFunction(String functionName, int functionId,
+ String [] paramTypes) {
+ super(functionName, functionId, paramTypes, bagParams,
+ BooleanAttribute.identifier, false);
+ }
+
+ /**
+ * Returns a <code>Set</code> containing all the function identifiers
+ * supported by this class.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public static Set getSupportedIdentifiers() {
+ Set set = new HashSet();
+
+ set.addAll(ConditionBagFunction.getSupportedIdentifiers());
+ set.addAll(GeneralBagFunction.getSupportedIdentifiers());
+
+ return set;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/BaseFunctionFactory.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/BaseFunctionFactory.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/BaseFunctionFactory.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,379 @@
+
+/*
+ * @(#)BaseCombiningAlgFactory.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.ParsingException;
+import com.sun.xacml.UnknownIdentifierException;
+
+import java.net.URI;
+
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * This is a basic implementation of <code>FunctionFactory</code>. It
+ * implements the insertion and retrieval methods, but it doesn't actually
+ * setup the factory with any functions. It also assumes a certain model
+ * with regard to the different kinds of functions (Target, Condition, and
+ * General). For this reason, you may want to re-use this class, or you
+ * may want to extend FunctionFactory directly, if you're writing a new
+ * factory implementation.
+ * 
+ * Note that while this class is thread-safe on all creation methods, it
+ * is not safe to add support for a new function while creating an instance
+ * of a function. This follows from the assumption that most people will
+ * initialize these factories up-front, and then start processing without
+ * ever modifying the factories. If you need these mutual operations to
+ * be thread-safe, then you should write a wrapper class that implements
+ * the right synchronization.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class BaseFunctionFactory extends FunctionFactory
+{
+
+ // the backing maps for the Function objects
+ private HashMap functionMap = null;
+
+ // the superset factory chained to this factory
+ private FunctionFactory superset = null;
+
+ /**
+ * Default constructor. No superset factory is used.
+ */
+ public BaseFunctionFactory() {
+ this(null);
+ }
+
+ /**
+ * Constructor that sets a "superset factory". This is useful since
+ * the different function factories (Target, Condition, and General)
+ * have a superset relationship (Condition functions are a superset
+ * of Target functions, etc.). Adding a function to this factory will
+ * automatically add the same function to the superset factory.
+ *
+ * @param superset the superset factory or null
+ */
+ public BaseFunctionFactory(FunctionFactory superset) {
+ functionMap = new HashMap();
+
+ this.superset = superset;
+ }
+
+ /**
+ * Constructor that defines the initial functions supported by this
+ * factory but doesn't use a superset factory.
+ *
+ * @param supportedFunctions a <code>Set</code> of <code>Function</code>s
+ * @param supportedAbstractFunctions a mapping from <code>URI</code> to
+ * <code>FunctionProxy</code>
+ */
+ public BaseFunctionFactory(Set supportedFunctions,
+ Map supportedAbstractFunctions) {
+ this(null, supportedFunctions, supportedAbstractFunctions);
+ }
+
+ /**
+ * Constructor that defines the initial functions supported by this
+ * factory and uses a superset factory. Note that the functions
+ * supplied here are not propagated up to the superset factory, so
+ * you must either make sure the superst factory is correctly
+ * initialized or use <code>BaseFunctionFactory(FunctionFactory)</code>
+ * and then manually add each function.
+ *
+ * @param superset the superset factory or null
+ * @param supportedFunctions a <code>Set</code> of <code>Function</code>s
+ * @param supportedAbstractFunctions a mapping from <code>URI</code> to
+ * <code>FunctionProxy</code>
+ */
+ public BaseFunctionFactory(FunctionFactory superset,
+ Set supportedFunctions,
+ Map supportedAbstractFunctions) {
+ this(superset);
+
+ Iterator it = supportedFunctions.iterator();
+ while (it.hasNext()) {
+ Function function = (Function)(it.next());
+ functionMap.put(function.getIdentifier().toString(), function);
+ }
+
+ it = supportedAbstractFunctions.keySet().iterator();
+ while (it.hasNext()) {
+ URI id = (URI)(it.next());
+ FunctionProxy proxy =
+ (FunctionProxy)(supportedAbstractFunctions.get(id));
+ functionMap.put(id.toString(), proxy);
+ }
+ }
+
+ /**
+ * Adds the function to the factory. Most functions have no state, so
+ * the singleton model used here is typically desireable. The factory
will
+ * not enforce the requirement that a Target or Condition matching
function
+ * must be boolean.
+ *
+ * @param function the <code>Function</code> to add to the factory
+ *
+ * @throws IllegalArgumentException if the function's identifier is
already
+ * used or if the function is
non-boolean
+ * (when this is a Target or Condition
+ * factory)
+ */
+ public void addFunction(Function function)
+ throws IllegalArgumentException
+ {
+ String id = function.getIdentifier().toString();
+
+ // make sure this doesn't already exist
+ if (functionMap.containsKey(id))
+ throw new IllegalArgumentException("function already exists");
+
+ // add to the superset factory
+ if (superset != null)
+ superset.addFunction(function);
+
+ // finally, add to this factory
+ functionMap.put(id, function);
+ }
+
+ /**
+ * Adds the abstract function proxy to the factory. This is used for
+ * those functions which have state, or change behavior (for instance
+ * the standard map function, which changes its return type based on
+ * how it is used).
+ *
+ * @param proxy the <code>FunctionProxy</code> to add to the factory
+ * @param identity the function's identifier
+ *
+ * @throws IllegalArgumentException if the function's identifier is
already
+ * used
+ */
+ public void addAbstractFunction(FunctionProxy proxy,
+ URI identity)
+ throws IllegalArgumentException
+ {
+ String id = identity.toString();
+
+ // make sure this doesn't already exist
+ if (functionMap.containsKey(id))
+ throw new IllegalArgumentException("function already exists");
+
+ // add to the superset factory
+ if (superset != null)
+ superset.addAbstractFunction(proxy, identity);
+
+ // finally, add to this factory
+ functionMap.put(id, proxy);
+ }
+
+ /**
+ * Returns the function identifiers supported by this factory.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public Set getSupportedFunctions() {
+ Set set = new HashSet(functionMap.keySet());
+
+ if (superset != null)
+ set.addAll(superset.getSupportedFunctions());
+
+ return set;
+ }
+
+ /**
+ * Tries to get an instance of the specified function.
+ *
+ * @param identity the name of the function
+ *
+ * @throws UnknownIdentifierException if the name isn't known
+ * @throws FunctionTypeException if the name is known to map to an
+ * abstract function, and should therefore
+ * be created through
createAbstractFunction
+ */
+ public Function createFunction(URI identity)
+ throws UnknownIdentifierException, FunctionTypeException
+ {
+ return createFunction(identity.toString());
+ }
+
+ /**
+ * Tries to get an instance of the specified function.
+ *
+ * @param identity the name of the function
+ *
+ * @throws UnknownIdentifierException if the name isn't known
+ * @throws FunctionTypeException if the name is known to map to an
+ * abstract function, and should therefore
+ * be created through
createAbstractFunction
+ */
+ public Function createFunction(String identity)
+ throws UnknownIdentifierException, FunctionTypeException
+ {
+ Object entry = functionMap.get(identity);
+
+ if (entry != null) {
+ if (entry instanceof Function) {
+ return (Function)entry;
+ } else {
+ // this is actually a proxy, which means the other create
+ // method should have been called
+ throw new FunctionTypeException("function is abstract");
+ }
+ } else {
+ // we couldn't find a match
+ throw new UnknownIdentifierException("functions of type " +
+ identity + " are not "+
+ "supported by this
factory");
+ }
+ }
+
+ /**
+ * Tries to get an instance of the specified abstract function.
+ *
+ * @param identity the name of the function
+ * @param root the DOM root containing info used to create the function
+ *
+ * @throws UnknownIdentifierException if the name isn't known
+ * @throws FunctionTypeException if the name is known to map to a
+ * concrete function, and should therefore
+ * be created through createFunction
+ * @throws ParsingException if the function can't be created with the
+ * given inputs
+ */
+ public Function createAbstractFunction(URI identity, Node root)
+ throws UnknownIdentifierException, ParsingException,
+ FunctionTypeException
+ {
+ return createAbstractFunction(identity.toString(), root, null);
+ }
+
+ /**
+ * Tries to get an instance of the specified abstract function.
+ *
+ * @param identity the name of the function
+ * @param root the DOM root containing info used to create the function
+ * @param xpathVersion the version specified in the contianing policy, or
+ * null if no version was specified
+ *
+ * @throws UnknownIdentifierException if the name isn't known
+ * @throws FunctionTypeException if the name is known to map to a
+ * concrete function, and should therefore
+ * be created through createFunction
+ * @throws ParsingException if the function can't be created with the
+ * given inputs
+ */
+ public Function createAbstractFunction(URI identity, Node root,
+ String xpathVersion)
+ throws UnknownIdentifierException, ParsingException,
+ FunctionTypeException
+ {
+ return createAbstractFunction(identity.toString(), root,
xpathVersion);
+ }
+
+ /**
+ * Tries to get an instance of the specified abstract function.
+ *
+ * @param identity the name of the function
+ * @param root the DOM root containing info used to create the function
+ *
+ * @throws UnknownIdentifierException if the name isn't known
+ * @throws FunctionTypeException if the name is known to map to a
+ * concrete function, and should therefore
+ * be created through createFunction
+ * @throws ParsingException if the function can't be created with the
+ * given inputs
+ */
+ public Function createAbstractFunction(String identity, Node root)
+ throws UnknownIdentifierException, ParsingException,
+ FunctionTypeException
+ {
+ return createAbstractFunction(identity, root, null);
+ }
+
+ /**
+ * Tries to get an instance of the specified abstract function.
+ *
+ * @param identity the name of the function
+ * @param root the DOM root containing info used to create the function
+ * @param xpathVersion the version specified in the contianing policy, or
+ * null if no version was specified
+ *
+ * @throws UnknownIdentifierException if the name isn't known
+ * @throws FunctionTypeException if the name is known to map to a
+ * concrete function, and should therefore
+ * be created through createFunction
+ * @throws ParsingException if the function can't be created with the
+ * given inputs
+ */
+ public Function createAbstractFunction(String identity, Node root,
+ String xpathVersion)
+ throws UnknownIdentifierException, ParsingException,
+ FunctionTypeException
+ {
+ Object entry = functionMap.get(identity);
+
+ if (entry != null) {
+ if (entry instanceof FunctionProxy) {
+ try {
+ return ((FunctionProxy)entry).getInstance(root,
+ xpathVersion);
+ } catch (Exception e) {
+ throw new ParsingException("couldn't create abstract" +
+ " function " + identity, e);
+ }
+ } else {
+ // this is actually a concrete function, which means that
+ // the other create method should have been called
+ throw new FunctionTypeException("function is concrete");
+ }
+ } else {
+ // we couldn't find a match
+ throw new UnknownIdentifierException("abstract functions of " +
+ "type " + identity +
+ " are not supported by " +
+ "this factory");
+ }
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/BasicFunctionFactoryProxy.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/BasicFunctionFactoryProxy.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/BasicFunctionFactoryProxy.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,81 @@
+
+/*
+ * @(#)BasicFunctionFactoryProxy.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+
+/**
+ * A simple utility class that manages triples of function factories.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class BasicFunctionFactoryProxy implements FunctionFactoryProxy
+{
+
+ // the triple of factories
+ private FunctionFactory targetFactory;
+ private FunctionFactory conditionFactory;
+ private FunctionFactory generalFactory;
+
+ /**
+ * Creates a new proxy.
+ *
+ * @param targetFactory the target factory provided by this proxy
+ * @param conditionFactory the target condition provided by this proxy
+ * @param generalFactory the general factory provided by this proxy
+ */
+ public BasicFunctionFactoryProxy(FunctionFactory targetFactory,
+ FunctionFactory conditionFactory,
+ FunctionFactory generalFactory) {
+ this.targetFactory = targetFactory;
+ this.conditionFactory = conditionFactory;
+ this.generalFactory = generalFactory;
+ }
+
+ public FunctionFactory getTargetFactory() {
+ return targetFactory;
+ }
+
+ public FunctionFactory getConditionFactory() {
+ return conditionFactory;
+ }
+
+ public FunctionFactory getGeneralFactory() {
+ return generalFactory;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/ComparisonFunction.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/ComparisonFunction.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/ComparisonFunction.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,710 @@
+
+/*
+ * @(#)ComparisonFunction.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.BooleanAttribute;
+import com.sun.xacml.attr.DateAttribute;
+import com.sun.xacml.attr.DateTimeAttribute;
+import com.sun.xacml.attr.DoubleAttribute;
+import com.sun.xacml.attr.IntegerAttribute;
+import com.sun.xacml.attr.StringAttribute;
+import com.sun.xacml.attr.TimeAttribute;
+
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+
+/**
+ * A class that implements all of the standard comparison functions.
+ *
+ * @since 1.0
+ * @author Steve Hanna
+ * @author Seth Proctor
+ */
+public class ComparisonFunction extends FunctionBase
+{
+
+ /**
+ * Standard identifier for the integer-greater-than function.
+ */
+ public static final String NAME_INTEGER_GREATER_THAN =
+ FUNCTION_NS + "integer-greater-than";
+
+ /**
+ * Standard identifier for the integer-greater-than-or-equal function.
+ */
+ public static final String NAME_INTEGER_GREATER_THAN_OR_EQUAL =
+ FUNCTION_NS + "integer-greater-than-or-equal";
+
+ /**
+ * Standard identifier for the integer-less-than function.
+ */
+ public static final String NAME_INTEGER_LESS_THAN =
+ FUNCTION_NS + "integer-less-than";
+
+ /**
+ * Standard identifier for the integer-less-than-or-equal function.
+ */
+ public static final String NAME_INTEGER_LESS_THAN_OR_EQUAL =
+ FUNCTION_NS + "integer-less-than-or-equal";
+
+
+ /**
+ * Standard identifier for the double-greater-than function.
+ */
+ public static final String NAME_DOUBLE_GREATER_THAN =
+ FUNCTION_NS + "double-greater-than";
+
+ /**
+ * Standard identifier for the double-greater-than-or-equal function.
+ */
+ public static final String NAME_DOUBLE_GREATER_THAN_OR_EQUAL =
+ FUNCTION_NS + "double-greater-than-or-equal";
+
+ /**
+ * Standard identifier for the double-less-than function.
+ */
+ public static final String NAME_DOUBLE_LESS_THAN =
+ FUNCTION_NS + "double-less-than";
+
+ /**
+ * Standard identifier for the double-less-than-or-equal function.
+ */
+ public static final String NAME_DOUBLE_LESS_THAN_OR_EQUAL =
+ FUNCTION_NS + "double-less-than-or-equal";
+
+
+ /**
+ * Standard identifier for the string-greater-than function.
+ */
+ public static final String NAME_STRING_GREATER_THAN =
+ FUNCTION_NS + "string-greater-than";
+
+ /**
+ * Standard identifier for the string-greater-than-or-equal function.
+ */
+ public static final String NAME_STRING_GREATER_THAN_OR_EQUAL =
+ FUNCTION_NS + "string-greater-than-or-equal";
+
+ /**
+ * Standard identifier for the string-less-than function.
+ */
+ public static final String NAME_STRING_LESS_THAN =
+ FUNCTION_NS + "string-less-than";
+
+ /**
+ * Standard identifier for the string-less-than-or-equal function.
+ */
+ public static final String NAME_STRING_LESS_THAN_OR_EQUAL =
+ FUNCTION_NS + "string-less-than-or-equal";
+
+
+ /**
+ * Standard identifier for the time-greater-than function.
+ */
+ public static final String NAME_TIME_GREATER_THAN =
+ FUNCTION_NS + "time-greater-than";
+
+ /**
+ * Standard identifier for the time-greater-than-or-equal function.
+ */
+ public static final String NAME_TIME_GREATER_THAN_OR_EQUAL =
+ FUNCTION_NS + "time-greater-than-or-equal";
+
+ /**
+ * Standard identifier for the time-less-than function.
+ */
+ public static final String NAME_TIME_LESS_THAN =
+ FUNCTION_NS + "time-less-than";
+
+ /**
+ * Standard identifier for the time-less-than-or-equal function.
+ */
+ public static final String NAME_TIME_LESS_THAN_OR_EQUAL =
+ FUNCTION_NS + "time-less-than-or-equal";
+
+
+ /**
+ * Standard identifier for the dateTime-greater-than function.
+ */
+ public static final String NAME_DATETIME_GREATER_THAN =
+ FUNCTION_NS + "dateTime-greater-than";
+
+ /**
+ * Standard identifier for the dateTime-greater-than-or-equal function.
+ */
+ public static final String NAME_DATETIME_GREATER_THAN_OR_EQUAL =
+ FUNCTION_NS + "dateTime-greater-than-or-equal";
+
+ /**
+ * Standard identifier for the dateTime-less-than function.
+ */
+ public static final String NAME_DATETIME_LESS_THAN =
+ FUNCTION_NS + "dateTime-less-than";
+
+ /**
+ * Standard identifier for the dateTime-less-than-or-equal function.
+ */
+ public static final String NAME_DATETIME_LESS_THAN_OR_EQUAL =
+ FUNCTION_NS + "dateTime-less-than-or-equal";
+
+
+ /**
+ * Standard identifier for the date-greater-than function.
+ */
+ public static final String NAME_DATE_GREATER_THAN =
+ FUNCTION_NS + "date-greater-than";
+
+ /**
+ * Standard identifier for the date-greater-than-or-equal function.
+ */
+ public static final String NAME_DATE_GREATER_THAN_OR_EQUAL =
+ FUNCTION_NS + "date-greater-than-or-equal";
+
+ /**
+ * Standard identifier for the date-less-than function.
+ */
+ public static final String NAME_DATE_LESS_THAN =
+ FUNCTION_NS + "date-less-than";
+
+ /**
+ * Standard identifier for the date-less-than-or-equal function.
+ */
+ public static final String NAME_DATE_LESS_THAN_OR_EQUAL =
+ FUNCTION_NS + "date-less-than-or-equal";
+
+ // private identifiers for the supported functions
+ private static final int ID_INTEGER_GREATER_THAN = 0;
+ private static final int ID_INTEGER_GREATER_THAN_OR_EQUAL = 1;
+ private static final int ID_INTEGER_LESS_THAN = 2;
+ private static final int ID_INTEGER_LESS_THAN_OR_EQUAL = 3;
+ private static final int ID_DOUBLE_GREATER_THAN = 4;
+ private static final int ID_DOUBLE_GREATER_THAN_OR_EQUAL = 5;
+ private static final int ID_DOUBLE_LESS_THAN = 6;
+ private static final int ID_DOUBLE_LESS_THAN_OR_EQUAL = 7;
+ private static final int ID_STRING_GREATER_THAN = 8;
+ private static final int ID_STRING_GREATER_THAN_OR_EQUAL = 9;
+ private static final int ID_STRING_LESS_THAN = 10;
+ private static final int ID_STRING_LESS_THAN_OR_EQUAL = 11;
+ private static final int ID_TIME_GREATER_THAN = 12;
+ private static final int ID_TIME_GREATER_THAN_OR_EQUAL = 13;
+ private static final int ID_TIME_LESS_THAN = 14;
+ private static final int ID_TIME_LESS_THAN_OR_EQUAL = 15;
+ private static final int ID_DATE_GREATER_THAN = 16;
+ private static final int ID_DATE_GREATER_THAN_OR_EQUAL = 17;
+ private static final int ID_DATE_LESS_THAN = 18;
+ private static final int ID_DATE_LESS_THAN_OR_EQUAL = 19;
+ private static final int ID_DATETIME_GREATER_THAN = 20;
+ private static final int ID_DATETIME_GREATER_THAN_OR_EQUAL = 21;
+ private static final int ID_DATETIME_LESS_THAN = 22;
+ private static final int ID_DATETIME_LESS_THAN_OR_EQUAL = 23;
+
+ // mappings from name to private identifier and argument datatype
+ private static HashMap idMap;
+ private static HashMap typeMap;
+
+ /**
+ * Static initializer to setup the two maps.
+ */
+ static {
+ idMap = new HashMap();
+
+ idMap.put(NAME_INTEGER_GREATER_THAN,
+ new Integer(ID_INTEGER_GREATER_THAN));
+ idMap.put(NAME_INTEGER_GREATER_THAN_OR_EQUAL,
+ new Integer(ID_INTEGER_GREATER_THAN_OR_EQUAL));
+ idMap.put(NAME_INTEGER_LESS_THAN,
+ new Integer(ID_INTEGER_LESS_THAN));
+ idMap.put(NAME_INTEGER_LESS_THAN_OR_EQUAL,
+ new Integer(ID_INTEGER_LESS_THAN_OR_EQUAL));
+ idMap.put(NAME_DOUBLE_GREATER_THAN,
+ new Integer(ID_DOUBLE_GREATER_THAN));
+ idMap.put(NAME_DOUBLE_GREATER_THAN_OR_EQUAL,
+ new Integer(ID_DOUBLE_GREATER_THAN_OR_EQUAL));
+ idMap.put(NAME_DOUBLE_LESS_THAN,
+ new Integer(ID_DOUBLE_LESS_THAN));
+ idMap.put(NAME_DOUBLE_LESS_THAN_OR_EQUAL,
+ new Integer(ID_DOUBLE_LESS_THAN_OR_EQUAL));
+ idMap.put(NAME_STRING_GREATER_THAN,
+ new Integer(ID_STRING_GREATER_THAN));
+ idMap.put(NAME_STRING_GREATER_THAN_OR_EQUAL,
+ new Integer(ID_STRING_GREATER_THAN_OR_EQUAL));
+ idMap.put(NAME_STRING_LESS_THAN,
+ new Integer(ID_STRING_LESS_THAN));
+ idMap.put(NAME_STRING_LESS_THAN_OR_EQUAL,
+ new Integer(ID_STRING_LESS_THAN_OR_EQUAL));
+ idMap.put(NAME_TIME_GREATER_THAN,
+ new Integer(ID_TIME_GREATER_THAN));
+ idMap.put(NAME_TIME_GREATER_THAN_OR_EQUAL,
+ new Integer(ID_TIME_GREATER_THAN_OR_EQUAL));
+ idMap.put(NAME_TIME_LESS_THAN,
+ new Integer(ID_TIME_LESS_THAN));
+ idMap.put(NAME_TIME_LESS_THAN_OR_EQUAL,
+ new Integer(ID_TIME_LESS_THAN_OR_EQUAL));
+ idMap.put(NAME_DATE_GREATER_THAN,
+ new Integer(ID_DATE_GREATER_THAN));
+ idMap.put(NAME_DATE_GREATER_THAN_OR_EQUAL,
+ new Integer(ID_DATE_GREATER_THAN_OR_EQUAL));
+ idMap.put(NAME_DATE_LESS_THAN,
+ new Integer(ID_DATE_LESS_THAN));
+ idMap.put(NAME_DATE_LESS_THAN_OR_EQUAL,
+ new Integer(ID_DATE_LESS_THAN_OR_EQUAL));
+ idMap.put(NAME_DATETIME_GREATER_THAN,
+ new Integer(ID_DATETIME_GREATER_THAN));
+ idMap.put(NAME_DATETIME_GREATER_THAN_OR_EQUAL,
+ new Integer(ID_DATETIME_GREATER_THAN_OR_EQUAL));
+ idMap.put(NAME_DATETIME_LESS_THAN,
+ new Integer(ID_DATETIME_LESS_THAN));
+ idMap.put(NAME_DATETIME_LESS_THAN_OR_EQUAL,
+ new Integer(ID_DATETIME_LESS_THAN_OR_EQUAL));
+
+ typeMap = new HashMap();
+
+ typeMap.put(NAME_INTEGER_GREATER_THAN, IntegerAttribute.identifier);
+ typeMap.put(NAME_INTEGER_GREATER_THAN_OR_EQUAL,
+ IntegerAttribute.identifier);
+ typeMap.put(NAME_INTEGER_LESS_THAN, IntegerAttribute.identifier);
+ typeMap.put(NAME_INTEGER_LESS_THAN_OR_EQUAL,
+ IntegerAttribute.identifier);
+ typeMap.put(NAME_DOUBLE_GREATER_THAN, DoubleAttribute.identifier);
+ typeMap.put(NAME_DOUBLE_GREATER_THAN_OR_EQUAL,
+ DoubleAttribute.identifier);
+ typeMap.put(NAME_DOUBLE_LESS_THAN, DoubleAttribute.identifier);
+ typeMap.put(NAME_DOUBLE_LESS_THAN_OR_EQUAL,
+ DoubleAttribute.identifier);
+ typeMap.put(NAME_STRING_GREATER_THAN, StringAttribute.identifier);
+ typeMap.put(NAME_STRING_GREATER_THAN_OR_EQUAL,
+ StringAttribute.identifier);
+ typeMap.put(NAME_STRING_LESS_THAN, StringAttribute.identifier);
+ typeMap.put(NAME_STRING_LESS_THAN_OR_EQUAL,
+ StringAttribute.identifier);
+ typeMap.put(NAME_TIME_GREATER_THAN, TimeAttribute.identifier);
+ typeMap.put(NAME_TIME_GREATER_THAN_OR_EQUAL,
TimeAttribute.identifier);
+ typeMap.put(NAME_TIME_LESS_THAN, TimeAttribute.identifier);
+ typeMap.put(NAME_TIME_LESS_THAN_OR_EQUAL, TimeAttribute.identifier);
+ typeMap.put(NAME_DATETIME_GREATER_THAN,
DateTimeAttribute.identifier);
+ typeMap.put(NAME_DATETIME_GREATER_THAN_OR_EQUAL,
+ DateTimeAttribute.identifier);
+ typeMap.put(NAME_DATETIME_LESS_THAN, DateTimeAttribute.identifier);
+ typeMap.put(NAME_DATETIME_LESS_THAN_OR_EQUAL,
+ DateTimeAttribute.identifier);
+ typeMap.put(NAME_DATE_GREATER_THAN, DateAttribute.identifier);
+ typeMap.put(NAME_DATE_GREATER_THAN_OR_EQUAL,
DateAttribute.identifier);
+ typeMap.put(NAME_DATE_LESS_THAN, DateAttribute.identifier);
+ typeMap.put(NAME_DATE_LESS_THAN_OR_EQUAL, DateAttribute.identifier);
+ };
+
+ /**
+ * Creates a new <code>ComparisonFunction</code> object.
+ *
+ * @param functionName the standard XACML name of the function to be
+ * handled by this object, including the full
namespace
+ *
+ * @throws IllegalArgumentException if the function isn't known
+ */
+ public ComparisonFunction(String functionName) {
+ super(functionName, getId(functionName),
getArgumentType(functionName),
+ false, 2, BooleanAttribute.identifier, false);
+ }
+
+ /**
+ * Private helper that returns the internal identifier used for the
+ * given standard function.
+ */
+ private static int getId(String functionName) {
+ Integer i = (Integer)(idMap.get(functionName));
+
+ if (i == null)
+ throw new IllegalArgumentException("unknown comparison function
" +
+ functionName);
+
+ return i.intValue();
+ }
+
+ /**
+ * Private helper that returns the type used for the given standard
+ * function. Note that this doesn't check on the return value since the
+ * method always is called after getId, so we assume that the function
+ * is present.
+ */
+ private static String getArgumentType(String functionName) {
+ return (String)(typeMap.get(functionName));
+ }
+
+ /**
+ * Returns a <code>Set</code> containing all the function identifiers
+ * supported by this class.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public static Set getSupportedIdentifiers() {
+ return Collections.unmodifiableSet(idMap.keySet());
+ }
+
+ /**
+ * Evaluate the function, using the specified parameters.
+ *
+ * @param inputs a <code>List</code> of <code>Evaluatable</code>
+ * objects representing the arguments passed to the
function
+ * @param context an <code>EvaluationCtx</code> so that the
+ * <code>Evaluatable</code> objects can be evaluated
+ * @return an <code>EvaluationResult</code> representing the
+ * function's result
+ */
+ public EvaluationResult evaluate(List inputs, EvaluationCtx context) {
+ // Evaluate the arguments
+ AttributeValue [] argValues = new AttributeValue [inputs.size()];
+ EvaluationResult result = evalArgs(inputs, context, argValues);
+ if (result != null)
+ return result;
+
+ // Now that we have real values, perform the comparison operation
+
+ boolean boolResult = false;
+
+ switch (getFunctionId()) {
+
+ case ID_INTEGER_GREATER_THAN: {
+ long arg0 = ((IntegerAttribute)(argValues[0])).getValue();
+ long arg1 = ((IntegerAttribute)(argValues[1])).getValue();
+
+ boolResult = (arg0 > arg1);
+
+ break;
+ }
+
+ case ID_INTEGER_GREATER_THAN_OR_EQUAL: {
+ long arg0 = ((IntegerAttribute)(argValues[0])).getValue();
+ long arg1 = ((IntegerAttribute)(argValues[1])).getValue();
+
+ boolResult = (arg0 >= arg1);
+
+ break;
+ }
+
+ case ID_INTEGER_LESS_THAN: {
+ long arg0 = ((IntegerAttribute)(argValues[0])).getValue();
+ long arg1 = ((IntegerAttribute)(argValues[1])).getValue();
+
+ boolResult = (arg0 < arg1);
+
+ break;
+ }
+
+ case ID_INTEGER_LESS_THAN_OR_EQUAL: {
+ long arg0 = ((IntegerAttribute)(argValues[0])).getValue();
+ long arg1 = ((IntegerAttribute)(argValues[1])).getValue();
+
+ boolResult = (arg0 <= arg1);
+
+ break;
+ }
+
+ case ID_DOUBLE_GREATER_THAN: {
+ double arg0 = ((DoubleAttribute)(argValues[0])).getValue();
+ double arg1 = ((DoubleAttribute)(argValues[1])).getValue();
+
+ boolResult = (doubleCompare(arg0, arg1) > 0);
+
+ break;
+ }
+
+ case ID_DOUBLE_GREATER_THAN_OR_EQUAL: {
+ double arg0 = ((DoubleAttribute)(argValues[0])).getValue();
+ double arg1 = ((DoubleAttribute)(argValues[1])).getValue();
+
+ boolResult = (doubleCompare(arg0, arg1) >= 0);
+
+ break;
+ }
+
+ case ID_DOUBLE_LESS_THAN: {
+ double arg0 = ((DoubleAttribute)(argValues[0])).getValue();
+ double arg1 = ((DoubleAttribute)(argValues[1])).getValue();
+
+ boolResult = (doubleCompare(arg0, arg1) < 0);
+
+ break;
+ }
+
+ case ID_DOUBLE_LESS_THAN_OR_EQUAL: {
+ double arg0 = ((DoubleAttribute)(argValues[0])).getValue();
+ double arg1 = ((DoubleAttribute)(argValues[1])).getValue();
+
+ boolResult = (doubleCompare(arg0, arg1) <= 0);
+
+ break;
+ }
+
+ case ID_STRING_GREATER_THAN: {
+ String arg0 = ((StringAttribute)(argValues[0])).getValue();
+ String arg1 = ((StringAttribute)(argValues[1])).getValue();
+
+ boolResult = (arg0.compareTo(arg1) > 0);
+
+ break;
+ }
+
+ case ID_STRING_GREATER_THAN_OR_EQUAL: {
+ String arg0 = ((StringAttribute)(argValues[0])).getValue();
+ String arg1 = ((StringAttribute)(argValues[1])).getValue();
+
+ boolResult = (arg0.compareTo(arg1) >= 0);
+
+ break;
+ }
+
+ case ID_STRING_LESS_THAN: {
+ String arg0 = ((StringAttribute)(argValues[0])).getValue();
+ String arg1 = ((StringAttribute)(argValues[1])).getValue();
+
+ boolResult = (arg0.compareTo(arg1) < 0);
+
+ break;
+ }
+
+ case ID_STRING_LESS_THAN_OR_EQUAL: {
+ String arg0 = ((StringAttribute)(argValues[0])).getValue();
+ String arg1 = ((StringAttribute)(argValues[1])).getValue();
+
+ boolResult = (arg0.compareTo(arg1) <= 0);
+
+ break;
+ }
+
+ case ID_TIME_GREATER_THAN: {
+ TimeAttribute arg0 = (TimeAttribute)(argValues[0]);
+ TimeAttribute arg1 = (TimeAttribute)(argValues[1]);
+
+ boolResult =
+ (dateCompare(arg0.getValue(), arg0.getNanoseconds(),
+ arg1.getValue(), arg1.getNanoseconds()) > 0);
+
+ break;
+ }
+
+ case ID_TIME_GREATER_THAN_OR_EQUAL: {
+ TimeAttribute arg0 = (TimeAttribute)(argValues[0]);
+ TimeAttribute arg1 = (TimeAttribute)(argValues[1]);
+
+ boolResult =
+ (dateCompare(arg0.getValue(), arg0.getNanoseconds(),
+ arg1.getValue(), arg1.getNanoseconds()) >= 0);
+
+ break;
+ }
+
+ case ID_TIME_LESS_THAN: {
+ TimeAttribute arg0 = (TimeAttribute)(argValues[0]);
+ TimeAttribute arg1 = (TimeAttribute)(argValues[1]);
+
+ boolResult =
+ (dateCompare(arg0.getValue(), arg0.getNanoseconds(),
+ arg1.getValue(), arg1.getNanoseconds()) < 0);
+
+ break;
+ }
+
+ case ID_TIME_LESS_THAN_OR_EQUAL: {
+ TimeAttribute arg0 = (TimeAttribute)(argValues[0]);
+ TimeAttribute arg1 = (TimeAttribute)(argValues[1]);
+
+ boolResult =
+ (dateCompare(arg0.getValue(), arg0.getNanoseconds(),
+ arg1.getValue(), arg1.getNanoseconds()) <= 0);
+
+ break;
+ }
+
+ case ID_DATETIME_GREATER_THAN: {
+ DateTimeAttribute arg0 = (DateTimeAttribute)(argValues[0]);
+ DateTimeAttribute arg1 = (DateTimeAttribute)(argValues[1]);
+
+ boolResult =
+ (dateCompare(arg0.getValue(), arg0.getNanoseconds(),
+ arg1.getValue(), arg1.getNanoseconds()) > 0);
+
+ break;
+ }
+
+ case ID_DATETIME_GREATER_THAN_OR_EQUAL: {
+ DateTimeAttribute arg0 = (DateTimeAttribute)(argValues[0]);
+ DateTimeAttribute arg1 = (DateTimeAttribute)(argValues[1]);
+
+ boolResult =
+ (dateCompare(arg0.getValue(), arg0.getNanoseconds(),
+ arg1.getValue(), arg1.getNanoseconds()) >= 0);
+
+ break;
+ }
+
+ case ID_DATETIME_LESS_THAN: {
+ DateTimeAttribute arg0 = (DateTimeAttribute)(argValues[0]);
+ DateTimeAttribute arg1 = (DateTimeAttribute)(argValues[1]);
+
+ boolResult =
+ (dateCompare(arg0.getValue(), arg0.getNanoseconds(),
+ arg1.getValue(), arg1.getNanoseconds()) < 0);
+
+ break;
+ }
+
+ case ID_DATETIME_LESS_THAN_OR_EQUAL: {
+ DateTimeAttribute arg0 = (DateTimeAttribute)(argValues[0]);
+ DateTimeAttribute arg1 = (DateTimeAttribute)(argValues[1]);
+
+ boolResult =
+ (dateCompare(arg0.getValue(), arg0.getNanoseconds(),
+ arg1.getValue(), arg1.getNanoseconds()) <= 0);
+
+ break;
+ }
+
+ case ID_DATE_GREATER_THAN: {
+ Date arg0 = ((DateAttribute)(argValues[0])).getValue();
+ Date arg1 = ((DateAttribute)(argValues[1])).getValue();
+
+ boolResult = (arg0.compareTo(arg1) > 0);
+
+ break;
+ }
+
+ case ID_DATE_GREATER_THAN_OR_EQUAL: {
+ Date arg0 = ((DateAttribute)(argValues[0])).getValue();
+ Date arg1 = ((DateAttribute)(argValues[1])).getValue();
+
+ boolResult = (arg0.compareTo(arg1) >= 0);
+
+ break;
+ }
+
+ case ID_DATE_LESS_THAN: {
+ Date arg0 = ((DateAttribute)(argValues[0])).getValue();
+ Date arg1 = ((DateAttribute)(argValues[1])).getValue();
+
+ boolResult = (arg0.compareTo(arg1) < 0);
+
+ break;
+ }
+
+ case ID_DATE_LESS_THAN_OR_EQUAL: {
+ Date arg0 = ((DateAttribute)(argValues[0])).getValue();
+ Date arg1 = ((DateAttribute)(argValues[1])).getValue();
+
+ boolResult = (arg0.compareTo(arg1) <= 0);
+
+ break;
+ }
+
+ }
+
+ // Return the result as a BooleanAttribute.
+ return EvaluationResult.getInstance(boolResult);
+ }
+
+ /**
+ * Helper function that does a comparison of the two doubles using the
+ * rules of XMLSchema. Like all compare methods, this returns 0 if
they're
+ * equal, a positive value if d1 > d2, and a negative value if d1 < d2.
+ */
+ private int doubleCompare(double d1, double d2) {
+ // see if the numbers equal each other
+ if (d1 == d2) {
+ // these are not NaNs, and therefore we just need to check that
+ // that they're not zeros, which may have different signs
+ if (d1 != 0)
+ return 0;
+
+ // they're both zeros, so we compare strings to figure out
+ // the significance of any signs
+ return Double.toString(d1).compareTo(Double.toString(d2));
+ }
+
+ // see if d1 is NaN
+ if (Double.isNaN(d1)) {
+ // d1 is NaN, so see if d2 is as well
+ if (Double.isNaN(d2)) {
+ // they're both NaNs, so they're equal
+ return 0;
+ } else {
+ // d1 is always bigger than d2 since it's a NaN
+ return 1;
+ }
+ }
+
+ // see if d2 is NaN
+ if (Double.isNaN(d2)) {
+ // d2 is a NaN, though d1 isn't, so d2 is always bigger
+ return -1;
+ }
+
+ // if we got here then neither is a NaN, and the numbers aren't
+ // equal...given those facts, basic comparison works the same in
+ // java as it's defined in XMLSchema, so now we can do the simple
+ // comparison and return whatever we find
+ return ((d1 > d2) ? 1 : -1);
+ }
+
+ /**
+ * Helper function to compare two Date objects and their associated
+ * nanosecond values. Like all compare methods, this returns 0 if they're
+ * equal, a positive value if d1 > d2, and a negative value if d1 < d2.
+ */
+ private int dateCompare(Date d1, int n1, Date d2, int n2) {
+ int compareResult = d1.compareTo(d2);
+
+ // we only worry about the nanosecond values if the Dates are equal
+ if (compareResult != 0)
+ return compareResult;
+
+ // see if there's any difference
+ if (n1 == n2)
+ return 0;
+
+ // there is some difference in the nanoseconds, and that's how
+ // we'll determine the comparison
+ return ((n1 > n2) ? 1 : -1);
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/ConditionBagFunction.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/ConditionBagFunction.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/ConditionBagFunction.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,158 @@
+
+/*
+ * @(#)ConditionBagFunction.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.BagAttribute;
+import com.sun.xacml.attr.BooleanAttribute;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+
+/**
+ * Specific <code>BagFunction</code> class that supports the single
+ * condition bag function: type-is-in.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class ConditionBagFunction extends BagFunction
+{
+
+ // mapping of function name to its associated argument type
+ private static HashMap argMap;
+
+ /**
+ * Static initializer that sets up the argument info for all the
+ * supported functions.
+ */
+ static {
+ argMap = new HashMap();
+
+ for (int i = 0; i < baseTypes.length; i++) {
+ String [] args = { baseTypes[i], baseTypes[i] };
+
+ argMap.put(FUNCTION_NS + simpleTypes[i] + NAME_BASE_IS_IN, args);
+ }
+ }
+
+ /**
+ * Constructor that is used to create one of the condition standard bag
+ * functions. The name supplied must be one of the standard XACML
+ * functions supported by this class, including the full namespace,
+ * otherwise an exception is thrown. Look in <code>BagFunction</code>
+ * for details about the supported names.
+ *
+ * @param functionName the name of the function to create
+ *
+ * @throws IllegalArgumentException if the function is unknown
+ */
+ public ConditionBagFunction(String functionName) {
+ super(functionName, 0, getArguments(functionName));
+ }
+
+ /**
+ * Constructor that is used to create instances of condition bag
+ * functions for new (non-standard) datatypes. This is equivalent to
+ * using the <code>getInstance</code> methods in <code>BagFunction</code>
+ * and is generally only used by the run-time configuration code.
+ *
+ * @param functionName the name of the new function
+ * @param datatype the full identifier for the supported datatype
+ */
+ public ConditionBagFunction(String functionName, String datatype) {
+ super(functionName, 0, new String [] {datatype, datatype});
+ }
+
+ /**
+ * Private helper that returns the argument types for the given standard
+ * function.
+ */
+ private static String [] getArguments(String functionName) {
+ String [] args = (String [])(argMap.get(functionName));
+
+ if (args == null)
+ throw new IllegalArgumentException("unknown bag function: " +
+ functionName);
+
+ return args;
+ }
+
+ /**
+ * Returns a <code>Set</code> containing all the function identifiers
+ * supported by this class.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public static Set getSupportedIdentifiers() {
+ return Collections.unmodifiableSet(argMap.keySet());
+ }
+
+ /**
+ * Evaluate the function, using the specified parameters.
+ *
+ * @param inputs a <code>List</code> of <code>Evaluatable</code>
+ * objects representing the arguments passed to the
function
+ * @param context an <code>EvaluationCtx</code> so that the
+ * <code>Evaluatable</code> objects can be evaluated
+ * @return an <code>EvaluationResult</code> representing the
+ * function's result
+ */
+ public EvaluationResult evaluate(List inputs, EvaluationCtx context) {
+
+ // Evaluate the arguments
+ AttributeValue [] argValues = new AttributeValue[inputs.size()];
+ EvaluationResult result = evalArgs(inputs, context, argValues);
+ if (result != null)
+ return result;
+
+ // *-is-in takes a bag and an element of baseType and
+ // returns a single boolean value
+ AttributeValue item = (AttributeValue)(argValues[0]);
+ BagAttribute bag = (BagAttribute)(argValues[1]);
+
+ return new EvaluationResult(BooleanAttribute.
+ getInstance(bag.contains(item)));
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/ConditionSetFunction.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/ConditionSetFunction.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/ConditionSetFunction.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,253 @@
+
+/*
+ * @(#)ConditionSetFunction.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.BagAttribute;
+import com.sun.xacml.attr.BooleanAttribute;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+
+/**
+ * Specific <code>SetFunction</code> class that supports all of the
+ * condition set functions: type-at-least-one-member-of, type-subset, and
+ * type-set-equals.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class ConditionSetFunction extends SetFunction
+{
+
+ // private identifiers for the supported functions
+ private static final int ID_BASE_AT_LEAST_ONE_MEMBER_OF = 0;
+ private static final int ID_BASE_SUBSET = 1;
+ private static final int ID_BASE_SET_EQUALS = 2;
+
+ // mapping of function name to its associated id and parameter type
+ private static HashMap idMap;
+ private static HashMap typeMap;
+
+ // the actual supported ids
+ private static Set supportedIds;
+
+ /**
+ * Static initializer that sets up the paramater info for all the
+ * supported functions.
+ */
+ static {
+ idMap = new HashMap();
+ typeMap = new HashMap();
+
+ for (int i = 0; i < baseTypes.length; i++) {
+ String baseName = FUNCTION_NS + simpleTypes[i];
+ String baseType = baseTypes[i];
+
+ idMap.put(baseName + NAME_BASE_AT_LEAST_ONE_MEMBER_OF,
+ new Integer(ID_BASE_AT_LEAST_ONE_MEMBER_OF));
+ idMap.put(baseName + NAME_BASE_SUBSET,
+ new Integer(ID_BASE_SUBSET));
+ idMap.put(baseName + NAME_BASE_SET_EQUALS,
+ new Integer(ID_BASE_SET_EQUALS));
+
+ typeMap.put(baseName + NAME_BASE_AT_LEAST_ONE_MEMBER_OF,
baseType);
+ typeMap.put(baseName + NAME_BASE_SUBSET, baseType);
+ typeMap.put(baseName + NAME_BASE_SET_EQUALS, baseType);
+ }
+
+ supportedIds = Collections.
+ unmodifiableSet(new HashSet(idMap.keySet()));
+
+ idMap.put(NAME_BASE_AT_LEAST_ONE_MEMBER_OF,
+ new Integer(ID_BASE_AT_LEAST_ONE_MEMBER_OF));
+ idMap.put(NAME_BASE_SUBSET, new Integer(ID_BASE_SUBSET));
+ idMap.put(NAME_BASE_SET_EQUALS, new Integer(ID_BASE_SET_EQUALS));
+ };
+
+ /**
+ * Constructor that is used to create one of the condition standard
+ * set functions. The name supplied must be one of the standard XACML
+ * functions supported by this class, including the full namespace,
+ * otherwise an exception is thrown. Look in <code>SetFunction</code>
+ * for details about the supported names.
+ *
+ * @param functionName the name of the function to create
+ *
+ * @throws IllegalArgumentException if the function is unknown
+ */
+ public ConditionSetFunction(String functionName) {
+ super(functionName, getId(functionName),
getArgumentType(functionName),
+ BooleanAttribute.identifier, false);
+ }
+
+ /**
+ * Constructor that is used to create instances of condition set
+ * functions for new (non-standard) datatypes. This is equivalent to
+ * using the <code>getInstance</code> methods in <code>SetFunction</code>
+ * and is generally only used by the run-time configuration code.
+ *
+ * @param functionName the name of the new function
+ * @param datatype the full identifier for the supported datatype
+ * @param functionType which kind of Set function, based on the
+ * <code>NAME_BASE_*</code> fields
+ */
+ public ConditionSetFunction(String functionName, String datatype,
+ String functionType) {
+ super(functionName, getId(functionName), datatype,
+ BooleanAttribute.identifier, false);
+ }
+
+ /**
+ * Private helper that returns the internal identifier used for the
+ * given standard function.
+ */
+ private static int getId(String functionName) {
+ Integer id = (Integer)(idMap.get(functionName));
+
+ if (id == null)
+ throw new IllegalArgumentException("unknown set function " +
+ functionName);
+
+ return id.intValue();
+ }
+
+ /**
+ * Private helper that returns the argument type for the given standard
+ * function. Note that this doesn't check on the return value since the
+ * method always is called after getId, so we assume that the function
+ * is present.
+ */
+ private static String getArgumentType(String functionName) {
+ return (String)(typeMap.get(functionName));
+ }
+
+ /**
+ * Returns a <code>Set</code> containing all the function identifiers
+ * supported by this class.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public static Set getSupportedIdentifiers() {
+ return supportedIds;
+ }
+
+ /**
+ * Evaluates the function, using the specified parameters.
+ *
+ * @param inputs a <code>List</code> of <code>Evaluatable</code>
+ * objects representing the arguments passed to the
function
+ * @param context an <code>EvaluationCtx</code> so that the
+ * <code>Evaluatable</code> objects can be evaluated
+ * @return an <code>EvaluationResult</code> representing the
+ * function's result
+ */
+ public EvaluationResult evaluate(List inputs, EvaluationCtx context) {
+
+ // Evaluate the arguments
+ AttributeValue [] argValues = new AttributeValue[inputs.size()];
+ EvaluationResult evalResult = evalArgs(inputs, context, argValues);
+ if (evalResult != null)
+ return evalResult;
+
+ // setup the two bags we'll be using
+ BagAttribute [] bags = new BagAttribute[2];
+ bags[0] = (BagAttribute)(argValues[0]);
+ bags[1] = (BagAttribute)(argValues[1]);
+
+ AttributeValue result = null;
+
+ switch(getFunctionId()) {
+ // *-at-least-one-member-of takes two bags of the same type and
+ // returns a boolean
+ case ID_BASE_AT_LEAST_ONE_MEMBER_OF:
+ // true if at least one element in the first argument is in the
+ // second argument (using the *-is-in semantics)
+
+ result = BooleanAttribute.getFalseInstance();
+ Iterator it = bags[0].iterator();
+
+ while (it.hasNext()) {
+ if (bags[1].contains((AttributeValue)(it.next()))) {
+ result = BooleanAttribute.getTrueInstance();
+ break;
+ }
+ }
+
+ break;
+
+ // *-set-equals takes two bags of the same type and returns
+ // a boolean
+ case ID_BASE_SUBSET:
+ // returns true if the first argument is a subset of the second
+ // argument (ie, all the elements in the first bag appear in
+ // the second bag) ... ignore all duplicate values in both
+ // input bags
+
+ boolean subset = bags[1].containsAll(bags[0]);
+ result = BooleanAttribute.getInstance(subset);
+
+ break;
+
+ // *-set-equals takes two bags of the same type and returns
+ // a boolean
+ case ID_BASE_SET_EQUALS:
+
+ // returns true if the two inputs contain the same elements
+ // discounting any duplicates in either input ... this is the
same
+ // as applying the and function on the subset function with
+ // the two inputs, and then the two inputs reversed (ie, are the
+ // two inputs subsets of each other)
+
+ boolean equals = (bags[1].containsAll(bags[0]) &&
+ bags[0].containsAll(bags[1]));
+ result = BooleanAttribute.getInstance(equals);
+
+ break;
+ }
+
+ return new EvaluationResult(result);
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/DateMathFunction.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/DateMathFunction.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/DateMathFunction.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,366 @@
+
+/*
+ * @(#)DateMathFunction.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.DateAttribute;
+import com.sun.xacml.attr.DateTimeAttribute;
+import com.sun.xacml.attr.DayTimeDurationAttribute;
+import com.sun.xacml.attr.YearMonthDurationAttribute;
+
+import java.util.Calendar;
+import java.util.Collections;
+import java.util.Date;
+import java.util.GregorianCalendar;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+
+/**
+ * A class that implements several of the date math functions. They
+ * all take two arguments. The first is a DateTimeAttribute or a
+ * DateAttribute (as the case may be) and the second is a
+ * DayTimeDurationAttribute or a YearMonthDurationAttribute (as
+ * the case may be). The function adds or subtracts the second
+ * argument to/from the first and returns a value of the same
+ * type as the first argument. If either of the arguments evaluates
+ * to indeterminate, an indeterminate result is returned.
+ *
+ * @since 1.0
+ * @author Steve Hanna
+ * @author Seth Proctor
+ */
+public class DateMathFunction extends FunctionBase
+{
+
+ /**
+ * Standard identifier for the dateTime-add-dayTimeDuration function.
+ */
+ public static final String NAME_DATETIME_ADD_DAYTIMEDURATION =
+ FUNCTION_NS + "dateTime-add-dayTimeDuration";
+
+ /**
+ * Standard identifier for the dateTime-subtract-dayTimeDuration
function.
+ */
+ public static final String NAME_DATETIME_SUBTRACT_DAYTIMEDURATION =
+ FUNCTION_NS + "dateTime-subtract-dayTimeDuration";
+
+ /**
+ * Standard identifier for the dateTime-add-yearMonthDuration function.
+ */
+ public static final String NAME_DATETIME_ADD_YEARMONTHDURATION =
+ FUNCTION_NS + "dateTime-add-yearMonthDuration";
+
+ /**
+ * Standard identifier for the dateTime-subtract-yearMonthDuration
+ * function.
+ */
+ public static final String NAME_DATETIME_SUBTRACT_YEARMONTHDURATION =
+ FUNCTION_NS + "dateTime-subtract-yearMonthDuration";
+
+ /**
+ * Standard identifier for the date-add-yearMonthDuration function.
+ */
+ public static final String NAME_DATE_ADD_YEARMONTHDURATION =
+ FUNCTION_NS + "date-add-yearMonthDuration";
+
+ /**
+ * Standard identifier for the date-subtract-yearMonthDuration function.
+ */
+ public static final String NAME_DATE_SUBTRACT_YEARMONTHDURATION =
+ FUNCTION_NS + "date-subtract-yearMonthDuration";
+
+ // private identifiers for the supported functions
+ private static final int ID_DATETIME_ADD_DAYTIMEDURATION = 0;
+ private static final int ID_DATETIME_SUBTRACT_DAYTIMEDURATION = 1;
+ private static final int ID_DATETIME_ADD_YEARMONTHDURATION = 2;
+ private static final int ID_DATETIME_SUBTRACT_YEARMONTHDURATION = 3;
+ private static final int ID_DATE_ADD_YEARMONTHDURATION = 4;
+ private static final int ID_DATE_SUBTRACT_YEARMONTHDURATION = 5;
+
+ // Argument types
+ private static final String dateTimeDayTimeDurationArgTypes [] =
+ { DateTimeAttribute.identifier,
+ DayTimeDurationAttribute.identifier };
+ private static final String dateTimeYearMonthDurationArgTypes [] =
+ { DateTimeAttribute.identifier,
+ YearMonthDurationAttribute.identifier };
+ private static final String dateYearMonthDurationArgTypes [] =
+ { DateAttribute.identifier,
+ YearMonthDurationAttribute.identifier };
+
+ // nothing here uses a bag
+ private static final boolean bagParams [] = { false, false };
+
+ // Argument types for this object
+ private String [] argTypes = null;
+
+ // mapping from name to provide identifiers and argument types
+ private static HashMap idMap;
+ private static HashMap typeMap;
+
+ /**
+ * Static initializer to setup the id and type maps
+ */
+ static {
+ idMap = new HashMap();
+
+ idMap.put(NAME_DATETIME_ADD_DAYTIMEDURATION,
+ new Integer(ID_DATETIME_ADD_DAYTIMEDURATION));
+ idMap.put(NAME_DATETIME_SUBTRACT_DAYTIMEDURATION,
+ new Integer(ID_DATETIME_SUBTRACT_DAYTIMEDURATION));
+ idMap.put(NAME_DATETIME_ADD_YEARMONTHDURATION,
+ new Integer(ID_DATETIME_ADD_YEARMONTHDURATION));
+ idMap.put(NAME_DATETIME_SUBTRACT_YEARMONTHDURATION,
+ new Integer(ID_DATETIME_SUBTRACT_YEARMONTHDURATION));
+ idMap.put(NAME_DATE_ADD_YEARMONTHDURATION,
+ new Integer(ID_DATE_ADD_YEARMONTHDURATION));
+ idMap.put(NAME_DATE_SUBTRACT_YEARMONTHDURATION,
+ new Integer(ID_DATE_SUBTRACT_YEARMONTHDURATION));
+
+ typeMap = new HashMap();
+
+ typeMap.put(NAME_DATETIME_ADD_DAYTIMEDURATION,
+ dateTimeDayTimeDurationArgTypes);
+ typeMap.put(NAME_DATETIME_SUBTRACT_DAYTIMEDURATION,
+ dateTimeDayTimeDurationArgTypes);
+ typeMap.put(NAME_DATETIME_ADD_YEARMONTHDURATION,
+ dateTimeYearMonthDurationArgTypes);
+ typeMap.put(NAME_DATETIME_SUBTRACT_YEARMONTHDURATION,
+ dateTimeYearMonthDurationArgTypes);
+ typeMap.put(NAME_DATE_ADD_YEARMONTHDURATION,
+ dateYearMonthDurationArgTypes);
+ typeMap.put(NAME_DATE_SUBTRACT_YEARMONTHDURATION,
+ dateYearMonthDurationArgTypes);
+ };
+
+ /**
+ * Creates a new <code>DateMathFunction</code> object.
+ *
+ * @param functionName the standard XACML name of the function to be
+ * handled by this object, including the full
namespace
+ *
+ * @throws IllegalArgumentException if the function is unknown
+ */
+ public DateMathFunction(String functionName) {
+ super(functionName, getId(functionName),
+ getArgumentTypes(functionName), bagParams,
+ getReturnType(functionName), false);
+ }
+
+ /**
+ * Private helper that returns the internal identifier used for the
+ * given standard function.
+ */
+ private static int getId(String functionName) {
+ Integer i = (Integer)(idMap.get(functionName));
+
+ if (i == null)
+ throw new IllegalArgumentException("unknown datemath function " +
+ functionName);
+
+ return i.intValue();
+ }
+
+ /**
+ * Private helper that returns the types used for the given standard
+ * function. Note that this doesn't check on the return value since the
+ * method always is called after getId, so we assume that the function
+ * is present.
+ */
+ private static String [] getArgumentTypes(String functionName) {
+ return (String [])(typeMap.get(functionName));
+ }
+
+ /**
+ * Private helper that returns the return type for the given standard
+ * function. Note that this doesn't check on the return value since the
+ * method always is called after getId, so we assume that the function
+ * is present.
+ */
+ private static String getReturnType(String functionName) {
+ if (functionName.equals(NAME_DATE_ADD_YEARMONTHDURATION) ||
+ functionName.equals(NAME_DATE_SUBTRACT_YEARMONTHDURATION))
+ return DateAttribute.identifier;
+ else
+ return DateTimeAttribute.identifier;
+ }
+
+ /**
+ * Returns a <code>Set</code> containing all the function identifiers
+ * supported by this class.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public static Set getSupportedIdentifiers() {
+ return Collections.unmodifiableSet(idMap.keySet());
+ }
+
+ /**
+ * Evaluate the function, using the specified parameters.
+ *
+ * @param inputs a <code>List</code> of <code>Evaluatable</code>
+ * objects representing the arguments passed to the
function
+ * @param context an <code>EvaluationCtx</code> so that the
+ * <code>Evaluatable</code> objects can be evaluated
+ * @return an <code>EvaluationResult</code> representing the
+ * function's result
+ */
+ public EvaluationResult evaluate(List inputs, EvaluationCtx context) {
+
+ // Evaluate the arguments
+ AttributeValue [] argValues = new AttributeValue[inputs.size()];
+ EvaluationResult result = evalArgs(inputs, context, argValues);
+ if (result != null)
+ return result;
+
+ // Now that we have real values, perform the date math operation.
+ AttributeValue attrResult = null;
+
+ switch (getFunctionId()) {
+ // These two functions are basically the same except for sign.
+ // And they both need to deal with sign anyway, so they share
+ // their code.
+ case ID_DATETIME_ADD_DAYTIMEDURATION:
+ case ID_DATETIME_SUBTRACT_DAYTIMEDURATION: {
+ DateTimeAttribute dateTime = (DateTimeAttribute) argValues[0];
+ DayTimeDurationAttribute duration =
+ (DayTimeDurationAttribute) argValues[1];
+
+ // Decide what sign goes with duration
+ int sign = 1;
+ if (getFunctionId() == ID_DATETIME_SUBTRACT_DAYTIMEDURATION)
+ sign = -sign;
+ if (duration.isNegative())
+ sign = -sign;
+ long millis = sign * duration.getTotalSeconds();
+ long nanoseconds = dateTime.getNanoseconds();
+ nanoseconds = nanoseconds + (sign * duration.getNanoseconds());
+ if (nanoseconds >= 1000000000) {
+ nanoseconds -= 1000000000;
+ millis += 1000;
+ }
+ if (nanoseconds < 0) {
+ nanoseconds += 1000000000;
+ millis -= 1000;
+ }
+ millis = millis + dateTime.getValue().getTime();
+
+ attrResult = new DateTimeAttribute(new Date(millis),
+ (int) nanoseconds,
+ dateTime.getTimeZone(),
+ dateTime.
+ getDefaultedTimeZone());
+
+ break;
+ }
+ case ID_DATETIME_ADD_YEARMONTHDURATION:
+ case ID_DATETIME_SUBTRACT_YEARMONTHDURATION: {
+ DateTimeAttribute dateTime = (DateTimeAttribute) argValues[0];
+ YearMonthDurationAttribute duration =
+ (YearMonthDurationAttribute) argValues[1];
+
+ // Decide what sign goes with duration
+ int sign = 1;
+ if (getFunctionId() == ID_DATETIME_SUBTRACT_YEARMONTHDURATION)
+ sign = -sign;
+ if (duration.isNegative())
+ sign = -sign;
+
+ // Add (or subtract) the years and months.
+ Calendar cal = new GregorianCalendar();
+ cal.setTime(dateTime.getValue());
+ long years = sign * duration.getYears();
+ long months = sign * duration.getMonths();
+ if ((years > Integer.MAX_VALUE) || (years < Integer.MIN_VALUE))
+ return makeProcessingError("years too large");
+ if ((months > Integer.MAX_VALUE) || (months < Integer.MIN_VALUE))
+ return makeProcessingError("months too large");
+
+ cal.add(Calendar.YEAR, (int) years);
+ cal.add(Calendar.MONTH, (int) months);
+
+ attrResult = new DateTimeAttribute(cal.getTime(),
+ dateTime.getNanoseconds(),
+ dateTime.getTimeZone(),
+ dateTime.
+ getDefaultedTimeZone());
+
+ break;
+ }
+ case ID_DATE_ADD_YEARMONTHDURATION:
+ case ID_DATE_SUBTRACT_YEARMONTHDURATION: {
+ DateAttribute date = (DateAttribute) argValues[0];
+ YearMonthDurationAttribute duration =
+ (YearMonthDurationAttribute) argValues[1];
+
+ // Decide what sign goes with duration
+ int sign = 1;
+ if (getFunctionId() == ID_DATE_SUBTRACT_YEARMONTHDURATION)
+ sign = -sign;
+ if (duration.isNegative())
+ sign = -sign;
+
+ // Add (or subtract) the years and months.
+ Calendar cal = new GregorianCalendar();
+ cal.setTime(date.getValue());
+ long years = sign * duration.getYears();
+ long months = sign * duration.getMonths();
+ if ((years > Integer.MAX_VALUE) || (years < Integer.MIN_VALUE))
+ return makeProcessingError("years too large");
+ if ((months > Integer.MAX_VALUE) || (months < Integer.MIN_VALUE))
+ return makeProcessingError("months too large");
+
+ cal.add(Calendar.YEAR, (int) years);
+ cal.add(Calendar.MONTH, (int) months);
+
+ attrResult = new DateAttribute(cal.getTime(),
+ date.getTimeZone(),
+ date.getDefaultedTimeZone());
+
+ break;
+ }
+ }
+
+ return new EvaluationResult(attrResult);
+ }
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/DivideFunction.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/DivideFunction.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/DivideFunction.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,187 @@
+
+/*
+ * @(#)DivideFunction.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.DoubleAttribute;
+import com.sun.xacml.attr.IntegerAttribute;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+
+/**
+ * A class that implements all the *-divide functions. It takes two
+ * operands of the appropriate type and returns the quotient of the
+ * operands. If either of the operands is indeterminate, an indeterminate
+ * result is returned.
+ *
+ * @since 1.0
+ * @author Steve Hanna
+ * @author Seth Proctor
+ */
+public class DivideFunction extends FunctionBase
+{
+
+ /**
+ * Standard identifier for the integer-divide function.
+ */
+ public static final String NAME_INTEGER_DIVIDE =
+ FUNCTION_NS + "integer-divide";
+
+ /**
+ * Standard identifier for the double-divide function.
+ */
+ public static final String NAME_DOUBLE_DIVIDE =
+ FUNCTION_NS + "double-divide";
+
+ // inernal identifiers for each of the supported functions
+ private static final int ID_INTEGER_DIVIDE = 0;
+ private static final int ID_DOUBLE_DIVIDE = 1;
+
+ /**
+ * Creates a new <code>DivideFunction</code> object.
+ *
+ * @param functionName the standard XACML name of the function to be
+ * handled by this object, including the full
namespace
+ *
+ * @throws IllegalArgumentException if the function is unknown
+ */
+ public DivideFunction(String functionName) {
+ super(functionName, getId(functionName),
getArgumentType(functionName),
+ false, 2, getArgumentType(functionName), false);
+ }
+
+ /**
+ * Private helper that returns the internal identifier used for the
+ * given standard function.
+ */
+ private static int getId(String functionName) {
+ if (functionName.equals(NAME_INTEGER_DIVIDE))
+ return ID_INTEGER_DIVIDE;
+ else if (functionName.equals(NAME_DOUBLE_DIVIDE))
+ return ID_DOUBLE_DIVIDE;
+ else
+ throw new IllegalArgumentException("unknown divide function " +
+ functionName);
+ }
+
+ /**
+ * Private helper that returns the type used for the given standard
+ * function. Note that this doesn't check on the return value since the
+ * method always is called after getId, so we assume that the function
+ * is present.
+ */
+ private static String getArgumentType(String functionName) {
+ if (functionName.equals(NAME_INTEGER_DIVIDE))
+ return IntegerAttribute.identifier;
+ else
+ return DoubleAttribute.identifier;
+ }
+
+ /**
+ * Returns a <code>Set</code> containing all the function identifiers
+ * supported by this class.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public static Set getSupportedIdentifiers() {
+ Set set = new HashSet();
+
+ set.add(NAME_INTEGER_DIVIDE);
+ set.add(NAME_DOUBLE_DIVIDE);
+
+ return set;
+ }
+
+ /**
+ * Evaluate the function, using the specified parameters.
+ *
+ * @param inputs a <code>List</code> of <code>Evaluatable</code>
+ * objects representing the arguments passed to the
function
+ * @param context an <code>EvaluationCtx</code> so that the
+ * <code>Evaluatable</code> objects can be evaluated
+ * @return an <code>EvaluationResult</code> representing the
+ * function's result
+ */
+ public EvaluationResult evaluate(List inputs, EvaluationCtx context) {
+
+ // Evaluate the arguments
+ AttributeValue [] argValues = new AttributeValue[inputs.size()];
+ EvaluationResult result = evalArgs(inputs, context, argValues);
+ if (result != null)
+ return result;
+
+ // Now that we have real values, perform the divide operation
+ // in the manner appropriate for the type of the arguments.
+ switch (getFunctionId()) {
+ case ID_INTEGER_DIVIDE: {
+ long dividend = ((IntegerAttribute) argValues[0]).getValue();
+ long divisor = ((IntegerAttribute) argValues[1]).getValue();
+
+ if (divisor == 0) {
+ result = makeProcessingError("divide by zero");
+ break;
+ }
+
+ long quotient = dividend / divisor;
+
+ result = new EvaluationResult(new IntegerAttribute(quotient));
+ break;
+ }
+ case ID_DOUBLE_DIVIDE: {
+ double dividend = ((DoubleAttribute) argValues[0]).getValue();
+ double divisor = ((DoubleAttribute) argValues[1]).getValue();
+
+ if (divisor == 0) {
+ result = makeProcessingError("divide by zero");
+ break;
+ }
+
+ double quotient = dividend / divisor;
+
+ result = new EvaluationResult(new DoubleAttribute(quotient));
+ break;
+ }
+ }
+
+ return result;
+ }
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/EqualFunction.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/EqualFunction.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/EqualFunction.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,285 @@
+
+/*
+ * @(#)EqualFunction.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AnyURIAttribute;
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.Base64BinaryAttribute;
+import com.sun.xacml.attr.BooleanAttribute;
+import com.sun.xacml.attr.DateAttribute;
+import com.sun.xacml.attr.DateTimeAttribute;
+import com.sun.xacml.attr.DayTimeDurationAttribute;
+import com.sun.xacml.attr.DoubleAttribute;
+import com.sun.xacml.attr.HexBinaryAttribute;
+import com.sun.xacml.attr.IntegerAttribute;
+import com.sun.xacml.attr.RFC822NameAttribute;
+import com.sun.xacml.attr.StringAttribute;
+import com.sun.xacml.attr.TimeAttribute;
+import com.sun.xacml.attr.YearMonthDurationAttribute;
+import com.sun.xacml.attr.X500NameAttribute;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+
+/**
+ * A class that implements all the *-equal functions. It takes two operands
+ * of the appropriate type and returns a <code>BooleanAttribute</code>
+ * indicating whether both of the operands are equal. If either of the
+ * operands is indeterminate, an indeterminate result is returned.
+ *
+ * @since 1.0
+ * @author Steve Hanna
+ * @author Seth Proctor
+ */
+public class EqualFunction extends FunctionBase
+{
+
+ /**
+ * Standard identifier for the string-equal function.
+ */
+ public static final String NAME_STRING_EQUAL =
+ FUNCTION_NS + "string-equal";
+
+ /**
+ * Standard identifier for the boolean-equal function.
+ */
+ public static final String NAME_BOOLEAN_EQUAL =
+ FUNCTION_NS + "boolean-equal";
+
+ /**
+ * Standard identifier for the integer-equal function.
+ */
+ public static final String NAME_INTEGER_EQUAL =
+ FUNCTION_NS + "integer-equal";
+
+ /**
+ * Standard identifier for the double-equal function.
+ */
+ public static final String NAME_DOUBLE_EQUAL =
+ FUNCTION_NS + "double-equal";
+
+ /**
+ * Standard identifier for the date-equal function.
+ */
+ public static final String NAME_DATE_EQUAL =
+ FUNCTION_NS + "date-equal";
+
+ /**
+ * Standard identifier for the time-equal function.
+ */
+ public static final String NAME_TIME_EQUAL =
+ FUNCTION_NS + "time-equal";
+
+ /**
+ * Standard identifier for the dateTime-equal function.
+ */
+ public static final String NAME_DATETIME_EQUAL =
+ FUNCTION_NS + "dateTime-equal";
+
+ /**
+ * Standard identifier for the dayTimeDuration-equal function.
+ */
+ public static final String NAME_DAYTIME_DURATION_EQUAL =
+ FUNCTION_NS + "dayTimeDuration-equal";
+
+ /**
+ * Standard identifier for the yearMonthDuration-equal function.
+ */
+ public static final String NAME_YEARMONTH_DURATION_EQUAL =
+ FUNCTION_NS + "yearMonthDuration-equal";
+
+ /**
+ * Standard identifier for the anyURI-equal function.
+ */
+ public static final String NAME_ANYURI_EQUAL =
+ FUNCTION_NS + "anyURI-equal";
+
+ /**
+ * Standard identifier for the x500Name-equal function.
+ */
+ public static final String NAME_X500NAME_EQUAL =
+ FUNCTION_NS + "x500Name-equal";
+
+ /**
+ * Standard identifier for the rfc822Name-equal function.
+ */
+ public static final String NAME_RFC822NAME_EQUAL =
+ FUNCTION_NS + "rfc822Name-equal";
+
+ /**
+ * Standard identifier for the hexBinary-equal function.
+ */
+ public static final String NAME_HEXBINARY_EQUAL =
+ FUNCTION_NS + "hexBinary-equal";
+
+ /**
+ * Standard identifier for the base64Binary-equal function.
+ */
+ public static final String NAME_BASE64BINARY_EQUAL =
+ FUNCTION_NS + "base64Binary-equal";
+
+ // private mapping of standard functions to their argument types
+ private static HashMap typeMap;
+
+ /**
+ * Static initializer sets up a map of standard function names to their
+ * associated datatypes
+ */
+ static {
+ typeMap = new HashMap();
+
+ typeMap.put(NAME_STRING_EQUAL, StringAttribute.identifier);
+ typeMap.put(NAME_BOOLEAN_EQUAL, BooleanAttribute.identifier);
+ typeMap.put(NAME_INTEGER_EQUAL, IntegerAttribute.identifier);
+ typeMap.put(NAME_DOUBLE_EQUAL, DoubleAttribute.identifier);
+ typeMap.put(NAME_DATE_EQUAL, DateAttribute.identifier);
+ typeMap.put(NAME_TIME_EQUAL, TimeAttribute.identifier);
+ typeMap.put(NAME_DATETIME_EQUAL, DateTimeAttribute.identifier);
+ typeMap.put(NAME_DAYTIME_DURATION_EQUAL,
+ DayTimeDurationAttribute.identifier);
+ typeMap.put(NAME_YEARMONTH_DURATION_EQUAL,
+ YearMonthDurationAttribute.identifier);
+ typeMap.put(NAME_ANYURI_EQUAL, AnyURIAttribute.identifier);
+ typeMap.put(NAME_X500NAME_EQUAL, X500NameAttribute.identifier);
+ typeMap.put(NAME_RFC822NAME_EQUAL, RFC822NameAttribute.identifier);
+ typeMap.put(NAME_HEXBINARY_EQUAL, HexBinaryAttribute.identifier);
+ typeMap.put(NAME_BASE64BINARY_EQUAL,
Base64BinaryAttribute.identifier);
+ }
+
+ /**
+ * Returns an <code>EqualFunction</code> that provides the type-equal
+ * functionality over the given attribute type. This should be used to
+ * create new function instances for any new attribute types, and the
+ * resulting object should be put into the <code>FunctionFactory</code>
+ * (instances for the standard types are pre-installed in the standard
+ * factory).
+ * 
+ * Note that this method has the same affect as invoking the constructor
+ * with the same parameters. This method is provided as a convenience,
+ * and for symmetry with the bag and set functions.
+ *
+ * @param functionName the name to use for the function
+ * @param argumentType the type to operate on
+ *
+ * @return a new <code>EqualFunction</code>
+ */
+ public static EqualFunction getEqualInstance(String functionName,
+ String argumentType) {
+ return new EqualFunction(functionName, argumentType);
+ }
+
+ /**
+ * Creates a new <code>EqualFunction</code> object that supports one
+ * of the standard type-equal functions. If you need to create an
+ * instance for a custom type, use the <code>getEqualInstance</code>
+ * method or the alternate constructor.
+ *
+ * @param functionName the standard XACML name of the function to be
+ * handled by this object, including the full
namespace
+ *
+ * @throws IllegalArgumentException if the function isn't standard
+ */
+ public EqualFunction(String functionName) {
+ this(functionName, getArgumentType(functionName));
+ }
+
+ /**
+ * Creates a new <code>EqualFunction</code> object.
+ *
+ * @param functionName the standard XACML name of the function to be
+ * handled by this object, including the full
namespace
+ * @param argumentType the standard XACML name for the type of
+ * the arguments, inlcuding the full namespace
+ */
+ public EqualFunction(String functionName, String argumentType) {
+ super(functionName, 0, argumentType, false, 2,
+ BooleanAttribute.identifier, false);
+ }
+
+ /**
+ * Private helper that returns the type used for the given standard
+ * type-equal function.
+ */
+ private static String getArgumentType(String functionName) {
+ String datatype = (String)(typeMap.get(functionName));
+
+ if (datatype == null)
+ throw new IllegalArgumentException("not a standard function: " +
+ functionName);
+
+ return datatype;
+ }
+
+ /**
+ * Returns a <code>Set</code> containing all the function identifiers
+ * supported by this class.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public static Set getSupportedIdentifiers() {
+ return Collections.unmodifiableSet(typeMap.keySet());
+ }
+
+ /**
+ * Evaluate the function, using the specified parameters.
+ *
+ * @param inputs a <code>List</code> of <code>Evaluatable</code>
+ * objects representing the arguments passed to the
function
+ * @param context an <code>EvaluationCtx</code> so that the
+ * <code>Evaluatable</code> objects can be evaluated
+ * @return an <code>EvaluationResult</code> representing the
+ * function's result
+ */
+ public EvaluationResult evaluate(List inputs, EvaluationCtx context) {
+
+ // Evaluate the arguments
+ AttributeValue [] argValues = new AttributeValue[inputs.size()];
+ EvaluationResult result = evalArgs(inputs, context, argValues);
+ if (result != null)
+ return result;
+
+ // Now that we have real values, perform the equals operation
+ return
EvaluationResult.getInstance(argValues[0].equals(argValues[1]));
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/Evaluatable.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/Evaluatable.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/Evaluatable.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,117 @@
+
+/*
+ * @(#)Evaluatable.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+import com.sun.xacml.Indenter;
+
+import com.sun.xacml.attr.AttributeValue;
+
+import java.io.OutputStream;
+
+import java.net.URI;
+
+import java.util.List;
+
+
+/**
+ * Generic interface that is implemented by all objects that can appear in
+ * an ApplyType. This lets the evaluation code of <code>Apply</code> and
+ * functions iterate through their members and evaluate them, working only
+ * on the returned values or errors.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public interface Evaluatable
+{
+
+ /**
+ * Evaluates the object using the given context, and either returns an
+ * error or a resulting value.
+ *
+ * @param context the representation of the request
+ *
+ * @return the result of evaluation
+ */
+ public EvaluationResult evaluate(EvaluationCtx context);
+
+ /**
+ * Get the type of this object. This may be the data type of an
+ * <code>Attribute</code> or the return type of an
+ * <code>AttributeDesignator</code>, etc.
+ *
+ * @return the type of data represented by this object
+ */
+ public URI getType();
+
+ /**
+ * Tells whether evaluation will return a bag or a single value.
+ *
+ * @return true if evaluation will return a bag, false otherwise
+ */
+ public boolean evaluatesToBag();
+
+ /**
+ * Returns all children, in order, of this element in the Condition
+ * tree, or en empty set if this element has no children. In XACML 1.x,
+ * only the ApplyType ever has children.
+ *
+ * @return a <code>List</code> of <code>Evaluatable</code>s
+ */
+ public List getChildren();
+
+ /**
+ * Encodes this <code>Evaluatable</code> into its XML representation and
+ * writes this encoding to the given <code>OutputStream</code> with no
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ */
+ public void encode(OutputStream output);
+
+ /**
+ * Encodes this <code>Evaluatable</code> into its XML representation and
+ * writes this encoding to the given <code>OutputStream</code> with
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ * @param indenter an object that creates indentation strings
+ */
+ public void encode(OutputStream output, Indenter indenter);
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/EvaluationResult.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/EvaluationResult.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/EvaluationResult.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,169 @@
+
+/*
+ * @(#)EvaluationResult.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.BooleanAttribute;
+
+import com.sun.xacml.ctx.Status;
+
+
+/**
+ * This is used in cases where a normal result is some AttributeValue, but
+ * if an attribute couldn't be resolved (or some other problem occurred),
+ * then a Status object needs to be returned instead. This is used instead of
+ * throwing an exception for performance, but mainly because failure to
resolve
+ * an attribute is not an error case for the code, merely for the evaluation,
+ * and represents normal operation. Separate exception types will be added
+ * later to represent errors in pdp operation.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class EvaluationResult
+{
+
+ //
+ private boolean wasInd;
+ private AttributeValue value;
+ private Status status;
+
+ /**
+ * Single instances of EvaluationResults with false and true
+ * BooleanAttributes in them. This avoids the need to create
+ * new objects when performing boolean operations, which we
+ * do a lot of.
+ */
+ private static EvaluationResult falseBooleanResult;
+ private static EvaluationResult trueBooleanResult;
+
+ /**
+ * Constructor that creates an <code>EvaluationResult</code> containing
+ * a single <code>AttributeValue</code>
+ *
+ * @param value the attribute value
+ */
+ public EvaluationResult(AttributeValue value) {
+ wasInd = false;
+ this.value = value;
+ this.status = null;
+ }
+
+ /**
+ * Constructor that creates an <code>EvaluationResult</code> of
+ * Indeterminate, including Status data.
+ *
+ * @param status the error information
+ */
+ public EvaluationResult(Status status) {
+ wasInd = true;
+ this.value = null;
+ this.status = status;
+ }
+
+ /**
+ * Returns true if the result was indeterminate
+ *
+ * @return true if there was an error
+ */
+ public boolean indeterminate() {
+ return wasInd;
+ }
+
+ /**
+ * Returns the attribute value, or null if there was an error
+ *
+ * @return the attribute value or null
+ */
+ public AttributeValue getAttributeValue() {
+ return value;
+ }
+
+ /**
+ * Returns the status if there was an error, or null it no error occurred
+ *
+ * @return the status or null
+ */
+ public Status getStatus() {
+ return status;
+ }
+
+ /**
+ * Returns an <code>EvaluationResult</code> that represents
+ * the boolean value provided.
+ *
+ * @param value a boolean representing the desired value
+ * @return an <code>EvaluationResult</code> representing the
+ * appropriate value
+ */
+ public static EvaluationResult getInstance(boolean value) {
+ if (value)
+ return getTrueInstance();
+ else
+ return getFalseInstance();
+ }
+
+ /**
+ * Returns an <code>EvaluationResult</code> that represents
+ * a false value.
+ *
+ * @return an <code>EvaluationResult</code> representing a
+ * false value
+ */
+ public static EvaluationResult getFalseInstance() {
+ if (falseBooleanResult == null) {
+ falseBooleanResult =
+ new EvaluationResult(BooleanAttribute.getFalseInstance());
+ }
+ return falseBooleanResult;
+ }
+
+ /**
+ * Returns an <code>EvaluationResult</code> that represents
+ * a true value.
+ *
+ * @return an <code>EvaluationResult</code> representing a
+ * true value
+ */
+ public static EvaluationResult getTrueInstance() {
+ if (trueBooleanResult == null) {
+ trueBooleanResult =
+ new EvaluationResult(BooleanAttribute.getTrueInstance());
+ }
+ return trueBooleanResult;
+ }
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/FloorFunction.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/FloorFunction.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/FloorFunction.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,122 @@
+
+/*
+ * @(#)FloorFunction.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.DoubleAttribute;
+import com.sun.xacml.attr.IntegerAttribute;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+
+/**
+ * A class that implements the floor function. It takes one double
+ * operand, chooses the largest integer less than or equal to that
+ * value, and returns that integer (as a double). If the operand
+ * is indeterminate, an indeterminate result is returned.
+ *
+ * @since 1.0
+ * @author Steve Hanna
+ * @author Seth Proctor
+ */
+public class FloorFunction extends FunctionBase
+{
+
+ /**
+ * Standard identifier for the floor function.
+ */
+ public static final String NAME_FLOOR = FUNCTION_NS + "floor";
+
+ /**
+ * Creates a new <code>FloorFunction</code> object.
+ *
+ * @param functionName the standard XACML name of the function to be
+ * handled by this object, including the full
namespace
+ *
+ * @throws IllegalArgumentException if the function is unknown
+ */
+ public FloorFunction(String functionName) {
+ super(NAME_FLOOR, 0, DoubleAttribute.identifier, false, 1,
+ DoubleAttribute.identifier, false);
+
+ if (! functionName.equals(NAME_FLOOR))
+ throw new IllegalArgumentException("unknown floor function: "
+ + functionName);
+ }
+
+ /**
+ * Returns a <code>Set</code> containing all the function identifiers
+ * supported by this class.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public static Set getSupportedIdentifiers() {
+ Set set = new HashSet();
+
+ set.add(NAME_FLOOR);
+
+ return set;
+ }
+
+ /**
+ * Evaluate the function, using the specified parameters.
+ *
+ * @param inputs a <code>List</code> of <code>Evaluatable</code>
+ * objects representing the arguments passed to the
function
+ * @param context an <code>EvaluationCtx</code> so that the
+ * <code>Evaluatable</code> objects can be evaluated
+ * @return an <code>EvaluationResult</code> representing the
+ * function's result
+ */
+ public EvaluationResult evaluate(List inputs, EvaluationCtx context) {
+
+ // Evaluate the arguments
+ AttributeValue [] argValues = new AttributeValue[inputs.size()];
+ EvaluationResult result = evalArgs(inputs, context, argValues);
+ if (result != null)
+ return result;
+
+ // Now that we have real values, perform the floor operation
+ double arg = ((DoubleAttribute) argValues[0]).getValue();
+
+ return new EvaluationResult(new DoubleAttribute(Math.floor(arg)));
+ }
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/Function.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/Function.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/Function.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,157 @@
+
+/*
+ * @(#)Function.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeValue;
+
+import java.net.URI;
+
+import java.util.List;
+
+
+/**
+ * Interface that all functions in the system must implement.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public interface Function
+{
+
+ /**
+ * Evaluates the <code>Function</code> using the given inputs.
+ * The <code>List</code> contains <code>Evaluatable<code>s which are all
+ * of the correct type if the <code>Function</code> has been created as
+ * part of an <code>Apply</code> or <code>TargetMatch</code>, but which
+ * may otherwise be invalid. Each parameter should be evaluated by the
+ * <code>Function</code>, unless this is a higher-order function (in
+ * which case the <code>Apply</code> has already evaluated the inputs
+ * to check for any INDETERMINATE conditions), or the
<code>Function</code>
+ * doesn't need to evaluate all inputs to determine a result (as in the
+ * case of the or function). The order of the <code>List</code> is
+ * significant, so a <code>Function</code> should have a very good reason
+ * if it wants to evaluate the inputs in a different order.
+ * 
+ * Note that if this is a higher-order function, like any-of, then
+ * the first argument in the <code>List</code> will actually be a
Function
+ * object representing the function to apply to some bag. In this case,
+ * the second and any subsequent entries in the list are
+ * <code>AttributeValue</code> objects (no INDETERMINATE values are
+ * allowed, so the function is not given the option of dealing with
+ * attributes that cannot be resolved). A function needs to know if it's
+ * a higher-order function, and therefore whether or not to look for
+ * this case. Also, a higher-order function is responsible for checking
+ * that the inputs that it will pass to the <code>Function</code>
+ * provided as the first parameter are valid, ie. it must do a
+ * <code>checkInputs</code> on its sub-function when
+ * <code>checkInputs</code> is called on the higher-order function.
+ *
+ * @param inputs the <code>List</code> of inputs for the function
+ * @param context the representation of the request
+ *
+ * @return a result containing the <code>AttributeValue</code> computed
+ * when evaluating the function, or <code>Status</code>
+ * specifying some error condition
+ */
+ public EvaluationResult evaluate(List inputs, EvaluationCtx context);
+
+ /**
+ * Returns the identifier of this function as known by the factories.
+ * In the case of the standard XACML functions, this will be one of the
+ * URIs defined in the standard namespace. This function must always
+ * return the complete namespace and identifier of this function.
+ *
+ * @return the function's identifier
+ */
+ public URI getIdentifier();
+
+ /**
+ * Provides the type of <code>AttributeValue</code> that this function
+ * returns from <code>evaluate</code> in a successful evaluation.
+ *
+ * @return the type returned by this function
+ */
+ public URI getReturnType();
+
+ /**
+ * Tells whether this function will return a bag of values or just a
+ * single value.
+ *
+ * @return true if evaluation will return a bag, false otherwise
+ */
+ public boolean returnsBag();
+
+ /**
+ * Checks that the given inputs are of the right types, in the right
+ * order, and are the right number for this function to evaluate. If
+ * the function cannot accept the inputs for evaluation, an
+ * <code>IllegalArgumentException</code> is thrown.
+ *
+ * @param inputs a <code>List</code> of <code>Evaluatable</code>s, with
+ * the first argument being a <code>Function</code> if
+ * this is a higher-order function
+ *
+ * @throws IllegalArgumentException if the inputs do match what the
+ * function accepts for evaluation
+ */
+ public void checkInputs(List inputs) throws IllegalArgumentException;
+
+ /**
+ * Checks that the given inputs are of the right types, in the right
+ * order, and are the right number for this function to evaluate. If
+ * the function cannot accept the inputs for evaluation, an
+ * <code>IllegalArgumentException</code> is thrown. Unlike the other
+ * <code>checkInput</code> method in this interface, this assumes that
+ * the parameters will never provide bags of values. This is useful if
+ * you're considering a target function which has a designator or
+ * selector in its input list, but which passes the values from the
+ * derived bags one at a time to the function, so the function doesn't
+ * have to deal with the bags that the selector or designator
+ * generates.
+ *
+ * @param inputs a <code>List</code> of <code>Evaluatable</code>s, with
+ * the first argument being a <code>Function</code> if
+ * this is a higher-order function
+ *
+ * @throws IllegalArgumentException if the inputs do match what the
+ * function accepts for evaluation
+ */
+ public void checkInputsNoBag(List inputs) throws
IllegalArgumentException;
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/FunctionBase.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/FunctionBase.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/FunctionBase.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,466 @@
+
+/*
+ * @(#)FunctionBase.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeValue;
+
+import com.sun.xacml.ctx.Status;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+
+/**
+ * An abstract utility superclass for functions. Supplies several useful
+ * methods, making it easier to implement a <code>Function</code>. You can
+ * extend this class or implement <code>Function</code> directly, depending
+ * on your needs.
+ *
+ * @since 1.0
+ * @author Steve Hanna
+ * @author Seth Proctor
+ */
+public abstract class FunctionBase implements Function
+{
+
+ /**
+ * The standard namespace where all the spec-defined functions live
+ */
+ public static final String FUNCTION_NS =
+ "urn:oasis:names:tc:xacml:1.0:function:";
+
+ // A List used by makeProcessingError() to save some steps.
+ private static List processingErrList = null;
+
+ // the name of this function
+ private String functionName;
+
+ // the id used by this function
+ private int functionId;
+
+ // the return type of this function, and whether it's a bag
+ private String returnType;
+ private boolean returnsBag;
+
+ // flag that tells us which of the two constructors was used
+ private boolean singleType;
+
+ // parameter data if we're only using a single type
+ private String paramType;
+ private boolean paramIsBag;
+ private int numParams;
+ private int minParams;
+
+ // paramater data if we're using different types
+ private String [] paramTypes;
+ private boolean [] paramsAreBags;
+
+ /**
+ * Constructor that sets up the function as having some number of
+ * parameters all of the same given type. If <code>numParams</code> is
+ * -1, then the length is variable
+ *
+ * @param functionName the name of this function as used by the factory
+ * and any XACML policies
+ * @param functionId an optional identifier that can be used by your
+ * code for convenience
+ * @param paramType the type of all parameters to this function, as used
+ * by the factory and any XACML documents
+ * @param paramIsBag whether or not every parameter is actually a bag
+ * of values
+ * @param numParams the number of parameters required by this function,
+ * or -1 if any number are allowed
+ * @param returnType the type returned by this function, as used by
+ * the factory and any XACML documents
+ * @param returnsBag whether or not this function returns a bag of values
+ */
+ public FunctionBase(String functionName, int functionId, String
paramType,
+ boolean paramIsBag, int numParams,
+ String returnType, boolean returnsBag) {
+ this(functionName, functionId, returnType, returnsBag);
+
+ singleType = true;
+
+ this.paramType = paramType;
+ this.paramIsBag = paramIsBag;
+ this.numParams = numParams;
+ this.minParams = 0;
+ }
+
+ /**
+ * Constructor that sets up the function as having some number of
+ * parameters all of the same given type. If <code>numParams</code> is
+ * -1, then the length is variable, and then <code>minParams</code> may
+ * be used to specify a minimum number of parameters. If
+ * <code>numParams</code> is not -1, then <code>minParams</code> is
+ * ignored.
+ *
+ * @param functionName the name of this function as used by the factory
+ * and any XACML policies
+ * @param functionId an optional identifier that can be used by your
+ * code for convenience
+ * @param paramType the type of all parameters to this function, as used
+ * by the factory and any XACML documents
+ * @param paramIsBag whether or not every parameter is actually a bag
+ * of values
+ * @param numParams the number of parameters required by this function,
+ * or -1 if any number are allowed
+ * @param minParams the minimum number of parameters required if
+ * <code>numParams</code> is -1
+ * @param returnType the type returned by this function, as used by
+ * the factory and any XACML documents
+ * @param returnsBag whether or not this function returns a bag of values
+ */
+ public FunctionBase(String functionName, int functionId, String
paramType,
+ boolean paramIsBag, int numParams, int minParams,
+ String returnType, boolean returnsBag) {
+ this(functionName, functionId, returnType, returnsBag);
+
+ singleType = true;
+
+ this.paramType = paramType;
+ this.paramIsBag = paramIsBag;
+ this.numParams = numParams;
+ this.minParams = minParams;
+ }
+
+
+ /**
+ * Constructor that sets up the function as having different types for
+ * each given parameter.
+ *
+ * @param functionName the name of this function as used by the factory
+ * and any XACML policies
+ * @param functionId an optional identifier that can be used by your
+ * code for convenience
+ * @param paramTypes the type of each parameter, in order, required by
+ * this function, as used by the factory and any XACML
+ * documents
+ * @param paramIsBag whether or not each parameter is actually a bag
+ * of values
+ * @param returnType the type returned by this function, as used by
+ * the factory and any XACML documents
+ * @param returnsBag whether or not this function returns a bag of values
+ */
+ public FunctionBase(String functionName, int functionId,
+ String [] paramTypes, boolean [] paramIsBag,
+ String returnType, boolean returnsBag) {
+ this(functionName, functionId, returnType, returnsBag);
+
+ singleType = false;
+
+ this.paramTypes = paramTypes;
+ this.paramsAreBags = paramIsBag;
+ }
+
+ /**
+ * Constructor that sets up some basic values for functions that will
+ * take care of parameter checking on their own. If you use this
+ * constructor for your function class, then you must override the
+ * two check methods to make sure that parameters are correct.
+ *
+ * @param functionName the name of this function as used by the factory
+ * and any XACML policies
+ * @param functionId an optional identifier that can be used by your
+ * code for convenience
+ * @param returnType the type returned by this function, as used by
+ * the factory and any XACML documents
+ * @param returnsBag whether or not this function returns a bag of values
+ */
+ public FunctionBase(String functionName, int functionId,
+ String returnType, boolean returnsBag) {
+ this.functionName = functionName;
+ this.functionId = functionId;
+ this.returnType = returnType;
+ this.returnsBag = returnsBag;
+ }
+
+ /**
+ * Returns the full identifier of this function, as known by the
factories.
+ *
+ * @return the function's identifier
+ *
+ * @throws IllegalArgumentException if the identifier isn't a valid URI
+ */
+ public URI getIdentifier() {
+ // this is to get around the exception handling problems, but may
+ // change if this code changes to include exceptions from the
+ // constructors
+ try {
+ return new URI(functionName);
+ } catch (URISyntaxException use) {
+ throw new IllegalArgumentException("invalid URI");
+ }
+ }
+
+ /**
+ * Returns the name of the function to be handled by this particular
+ * object.
+ *
+ * @return the function name
+ */
+ public String getFunctionName() {
+ return functionName;
+ }
+
+ /**
+ * Returns the Identifier of the function to be handled by this
+ * particular object.
+ *
+ * @return the function Id
+ */
+ public int getFunctionId() {
+ return functionId;
+ }
+
+ /**
+ * Get the attribute type returned by this function.
+ *
+ * @return a <code>URI</code> indicating the attribute type
+ * returned by this function
+ */
+ public URI getReturnType() {
+ try {
+ return new URI(returnType);
+ } catch (Exception e) {
+ return null;
+ }
+ }
+
+ /**
+ * Returns true if this function returns a bag of values.
+ *
+ * @return true if the function returns a bag, false otherwise
+ */
+ public boolean returnsBag() {
+ return returnsBag;
+ }
+
+ /**
+ * Returns the return type for this particular object.
+ *
+ * @return the return type
+ */
+ public String getReturnTypeAsString() {
+ return returnType;
+ }
+
+ /**
+ * Create an <code>EvaluationResult</code> that indicates a
+ * processing error with the specified message. This method
+ * may be useful to subclasses.
+ *
+ * @param message a description of the error
+ * (<code>null</code> if none)
+ * @return the desired <code>EvaluationResult</code>
+ */
+ protected static EvaluationResult makeProcessingError(String message) {
+ // Build up the processing error Status.
+ if (processingErrList == null) {
+ String [] errStrings = { Status.STATUS_PROCESSING_ERROR };
+ processingErrList = Arrays.asList(errStrings);
+ }
+ Status errStatus = new Status(processingErrList, message);
+ EvaluationResult processingError = new EvaluationResult(errStatus);
+
+ return processingError;
+ }
+
+ /**
+ * Evaluates each of the parameters, in order, filling in the argument
+ * array with the resulting values. If any error occurs, this method
+ * returns the error, otherwise null is returned, signalling that
+ * evaluation was successful for all inputs, and the resulting argument
+ * list can be used.
+ *
+ * @param params a <code>List</code> of <code>Evaluatable</code>
+ * objects representing the parameters to evaluate
+ * @param context the representation of the request
+ * @param args an array as long as the params <code>List</code> that
+ * will, on return, contain the <code>AttributeValue</code>s
+ * generated from evaluating all parameters
+ *
+ * @return <code>null</code> if no errors were encountered, otherwise
+ * an <code>EvaluationResult</code> representing the error
+ */
+ protected EvaluationResult evalArgs(List params, EvaluationCtx context,
+ AttributeValue [] args) {
+ Iterator it = params.iterator();
+ int index = 0;
+
+ while (it.hasNext()) {
+ // get and evaluate the next parameter
+ Evaluatable eval = (Evaluatable)(it.next());
+ EvaluationResult result = eval.evaluate(context);
+
+ // If there was an error, pass it back...
+ if (result.indeterminate())
+ return result;
+
+ // ...otherwise save it and keep going
+ args[index++] = result.getAttributeValue();
+ }
+
+ // if no error occurred then we got here, so we return no errors
+ return null;
+ }
+
+ /**
+ * Default handling of input checking. This does some simple checking
+ * based on the type of constructor used. If you need anything more
+ * complex, or if you used the simple constructor, then you must
+ * override this method.
+ *
+ * @param inputs a <code>List></code> of <code>Evaluatable</code>s
+ *
+ * @throws IllegalArgumentException if the inputs won't work
+ */
+ public void checkInputs(List inputs) throws IllegalArgumentException {
+ // first off, see what kind of function we are
+ if (singleType) {
+ // first, check the length of the inputs, if appropriate
+ if (numParams != -1) {
+ if (inputs.size() != numParams)
+ throw new IllegalArgumentException("wrong number of
args" +
+ " to " +
functionName);
+ } else {
+ if (inputs.size() < minParams)
+ throw new IllegalArgumentException("not enough args" +
+ " to " +
functionName);
+ }
+
+ // now, make sure everything is of the same, correct type
+ Iterator it = inputs.iterator();
+ while (it.hasNext()) {
+ Evaluatable eval = (Evaluatable)(it.next());
+
+ if ((! eval.getType().toString().equals(paramType)) ||
+ (eval.evaluatesToBag() != paramIsBag))
+ throw new IllegalArgumentException("illegal parameter");
+ }
+ } else {
+ // first, check the length of the inputs
+ if (paramTypes.length != inputs.size())
+ throw new IllegalArgumentException("wrong number of args" +
+ " to " + functionName);
+
+ // now, make sure everything is of the same, correct type
+ Iterator it = inputs.iterator();
+ int i = 0;
+ while (it.hasNext()) {
+ Evaluatable eval = (Evaluatable)(it.next());
+
+ if ((! eval.getType().toString().equals(paramTypes[i])) ||
+ (eval.evaluatesToBag() != paramsAreBags[i]))
+ throw new IllegalArgumentException("illegal parameter");
+
+ i++;
+ }
+ }
+ }
+
+ /**
+ * Default handling of input checking. This does some simple checking
+ * based on the type of constructor used. If you need anything more
+ * complex, or if you used the simple constructor, then you must
+ * override this method.
+ *
+ * @param inputs a <code>List></code> of <code>Evaluatable</code>s
+ *
+ * @throws IllegalArgumentException if the inputs won't work
+ */
+ public void checkInputsNoBag(List inputs) throws
IllegalArgumentException {
+ // first off, see what kind of function we are
+ if (singleType) {
+ // first check to see if we need bags
+ if (paramIsBag)
+ throw new IllegalArgumentException(functionName + "needs" +
+ "bags on input");
+
+ // now check on the length
+ if (numParams != -1) {
+ if (inputs.size() != numParams)
+ throw new IllegalArgumentException("wrong number of
args" +
+ " to " +
functionName);
+ } else {
+ if (inputs.size() < minParams)
+ throw new IllegalArgumentException("not enough args" +
+ " to " +
functionName);
+ }
+
+ // finally check param list
+ Iterator it = inputs.iterator();
+ while (it.hasNext()) {
+ Evaluatable eval = (Evaluatable)(it.next());
+
+ if (! eval.getType().toString().equals(paramType))
+ throw new IllegalArgumentException("illegal parameter");
+ }
+ } else {
+ // first, check the length of the inputs
+ if (paramTypes.length != inputs.size())
+ throw new IllegalArgumentException("wrong number of args" +
+ " to " + functionName);
+
+ // now, make sure everything is of the same, correct type
+ Iterator it = inputs.iterator();
+ int i = 0;
+ while (it.hasNext()) {
+ Evaluatable eval = (Evaluatable)(it.next());
+
+ if ((! eval.getType().toString().equals(paramTypes[i])) ||
+ (paramsAreBags[i]))
+ throw new IllegalArgumentException("illegal parameter");
+
+ i++;
+ }
+ }
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/FunctionFactory.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/FunctionFactory.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/FunctionFactory.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,389 @@
+
+/*
+ * @(#)FunctionFactory.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.ParsingException;
+import com.sun.xacml.UnknownIdentifierException;
+
+import java.net.URI;
+
+import java.util.Set;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * Factory used to create all functions. There are three kinds of factories:
+ * general, condition, and target. These provide functions that can be used
+ * anywhere, only in a condition's root and only in a target (respectively).
+ * 
+ * Note that all functions, except for abstract functions, are singletons, so
+ * any instance that is added to a factory will be the same one returned
+ * from the create methods. This is done because most functions don't have
+ * state, so there is no need to have more than one, or to spend the time
+ * creating multiple instances that all do the same thing.
+ *
+ * @since 1.0
+ * @author Marco Barreno
+ * @author Seth Proctor
+ */
+public abstract class FunctionFactory
+{
+
+ // the proxies used to get the default factorys
+ private static FunctionFactoryProxy defaultFactoryProxy;
+
+ /**
+ * static intialiazer that sets up the default factory proxies
+ * NOTE: this will change when the right setup mechanism is in place
+ */
+ static {
+ defaultFactoryProxy = new FunctionFactoryProxy() {
+ public FunctionFactory getTargetFactory() {
+ return StandardFunctionFactory.getTargetFactory();
+ }
+ public FunctionFactory getConditionFactory() {
+ return StandardFunctionFactory.getConditionFactory();
+ }
+ public FunctionFactory getGeneralFactory() {
+ return StandardFunctionFactory.getGeneralFactory();
+ }
+ };
+ };
+
+ /**
+ * Default constructor. Used only by subclasses.
+ */
+ protected FunctionFactory() {
+
+ }
+
+ /**
+ * Returns the default FunctionFactory that will only provide those
+ * functions that are usable in Target matching.
+ *
+ * @return a <code>FunctionFactory</code> for target functions
+ */
+ public static final FunctionFactory getTargetInstance() {
+ return defaultFactoryProxy.getTargetFactory();
+ }
+
+ /**
+ * Returns the default FuntionFactory that will only provide those
+ * functions that are usable in the root of the Condition. These
Functions
+ * are a superset of the Target functions.
+ *
+ * @return a <code>FunctionFactory</code> for condition functions
+ */
+ public static final FunctionFactory getConditionInstance() {
+ return defaultFactoryProxy.getConditionFactory();
+ }
+
+ /**
+ * Returns the default FunctionFactory that provides access to all the
+ * functions. These Functions are a superset of the Condition functions.
+ *
+ * @return a <code>FunctionFactory</code> for all functions
+ */
+ public static final FunctionFactory getGeneralInstance() {
+ return defaultFactoryProxy.getGeneralFactory();
+ }
+
+ /**
+ * Sets the default factory. Note that this is just a placeholder for
+ * now, and will be replaced with a more useful mechanism soon.
+ */
+ public static final void setDefaultFactory(FunctionFactoryProxy proxy) {
+ defaultFactoryProxy = proxy;
+ }
+
+ /**
+ * Adds the function to the factory. Most functions have no state, so
+ * the singleton model used here is typically desireable. The factory
will
+ * not enforce the requirement that a Target or Condition matching
function
+ * must be boolean.
+ *
+ * @param function the <code>Function</code> to add to the factory
+ *
+ * @throws IllegalArgumentException if the function's identifier is
already
+ * used
+ */
+ public abstract void addFunction(Function function);
+
+ /**
+ * Adds the abstract function proxy to the factory. This is used for
+ * those functions which have state, or change behavior (for instance
+ * the standard map function, which changes its return type based on
+ * how it is used).
+ *
+ * @param proxy the <code>FunctionProxy</code> to add to the factory
+ * @param identity the function's identifier
+ *
+ * @throws IllegalArgumentException if the function's identifier is
already
+ * used
+ */
+ public abstract void addAbstractFunction(FunctionProxy proxy,
+ URI identity);
+
+ /**
+ * Adds a target function.
+ *
+ * @deprecated As of version 1.2, replaced by
+ *
{@link
#addFunction(Function)}.
+ * The new factory system requires you to get a factory
+ * instance and then call the non-static methods on that
+ * factory. The static versions of these methods have been
+ * left in for now, but are slower and will be removed in
+ * a future version.
+ *
+ * @param function the function to add
+ *
+ * @throws IllegalArgumentException if the name is already in use
+ */
+ public static void addTargetFunction(Function function) {
+ getTargetInstance().addFunction(function);
+ }
+
+ /**
+ * Adds an abstract target function.
+ *
+ * @deprecated As of version 1.2, replaced by
+ *
{@link
#addAbstractFunction(FunctionProxy,URI)}.
+ * The new factory system requires you to get a factory
+ * instance and then call the non-static methods on that
+ * factory. The static versions of these methods have been
+ * left in for now, but are slower and will be removed in
+ * a future version.
+ *
+ * @param proxy the function proxy to add
+ * @param identity the name of the function
+ *
+ * @throws IllegalArgumentException if the name is already in use
+ */
+ public static void addAbstractTargetFunction(FunctionProxy proxy,
+ URI identity) {
+ getTargetInstance().addAbstractFunction(proxy, identity);
+ }
+
+ /**
+ * Adds a condition function.
+ *
+ * @deprecated As of version 1.2, replaced by
+ *
{@link
#addFunction(Function)}.
+ * The new factory system requires you to get a factory
+ * instance and then call the non-static methods on that
+ * factory. The static versions of these methods have been
+ * left in for now, but are slower and will be removed in
+ * a future version.
+ *
+ * @param function the function to add
+ *
+ * @throws IllegalArgumentException if the name is already in use
+ */
+ public static void addConditionFunction(Function function) {
+ getConditionInstance().addFunction(function);
+ }
+
+ /**
+ * Adds an abstract condition function.
+ *
+ * @deprecated As of version 1.2, replaced by
+ *
{@link
#addAbstractFunction(FunctionProxy,URI)}.
+ * The new factory system requires you to get a factory
+ * instance and then call the non-static methods on that
+ * factory. The static versions of these methods have been
+ * left in for now, but are slower and will be removed in
+ * a future version.
+ *
+ * @param proxy the function proxy to add
+ * @param identity the name of the function
+ *
+ * @throws IllegalArgumentException if the name is already in use
+ */
+ public static void addAbstractConditionFunction(FunctionProxy proxy,
+ URI identity) {
+ getConditionInstance().addAbstractFunction(proxy, identity);
+ }
+
+ /**
+ * Adds a general function.
+ *
+ * @deprecated As of version 1.2, replaced by
+ *
{@link
#addFunction(Function)}.
+ * The new factory system requires you to get a factory
+ * instance and then call the non-static methods on that
+ * factory. The static versions of these methods have been
+ * left in for now, but are slower and will be removed in
+ * a future version.
+ *
+ * @param function the function to add
+ *
+ * @throws IllegalArgumentException if the name is already in use
+ */
+ public static void addGeneralFunction(Function function) {
+ getGeneralInstance().addFunction(function);
+ }
+
+ /**
+ * Adds an abstract general function.
+ *
+ * @deprecated As of version 1.2, replaced by
+ *
{@link
#addAbstractFunction(FunctionProxy,URI)}.
+ * The new factory system requires you to get a factory
+ * instance and then call the non-static methods on that
+ * factory. The static versions of these methods have been
+ * left in for now, but are slower and will be removed in
+ * a future version.
+ *
+ * @param proxy the function proxy to add
+ * @param identity the name of the function
+ *
+ * @throws IllegalArgumentException if the name is already in use
+ */
+ public static void addAbstractGeneralFunction(FunctionProxy proxy,
+ URI identity) {
+ getGeneralInstance().addAbstractFunction(proxy, identity);
+ }
+
+ /**
+ * Returns the function identifiers supported by this factory.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public abstract Set getSupportedFunctions();
+
+ /**
+ * Tries to get an instance of the specified function.
+ *
+ * @param identity the name of the function
+ *
+ * @throws UnknownIdentifierException if the name isn't known
+ * @throws FunctionTypeException if the name is known to map to an
+ * abstract function, and should therefore
+ * be created through
createAbstractFunction
+ */
+ public abstract Function createFunction(URI identity)
+ throws UnknownIdentifierException, FunctionTypeException;
+
+ /**
+ * Tries to get an instance of the specified function.
+ *
+ * @param identity the name of the function
+ *
+ * @throws UnknownIdentifierException if the name isn't known
+ * @throws FunctionTypeException if the name is known to map to an
+ * abstract function, and should therefore
+ * be created through
createAbstractFunction
+ */
+ public abstract Function createFunction(String identity)
+ throws UnknownIdentifierException, FunctionTypeException;
+
+ /**
+ * Tries to get an instance of the specified abstract function.
+ *
+ * @param identity the name of the function
+ * @param root the DOM root containing info used to create the function
+ *
+ * @throws UnknownIdentifierException if the name isn't known
+ * @throws FunctionTypeException if the name is known to map to a
+ * concrete function, and should therefore
+ * be created through createFunction
+ * @throws ParsingException if the function can't be created with the
+ * given inputs
+ */
+ public abstract Function createAbstractFunction(URI identity, Node root)
+ throws UnknownIdentifierException, ParsingException,
+ FunctionTypeException;
+
+ /**
+ * Tries to get an instance of the specified abstract function.
+ *
+ * @param identity the name of the function
+ * @param root the DOM root containing info used to create the function
+ * @param xpathVersion the version specified in the contianing policy, or
+ * null if no version was specified
+ *
+ * @throws UnknownIdentifierException if the name isn't known
+ * @throws FunctionTypeException if the name is known to map to a
+ * concrete function, and should therefore
+ * be created through createFunction
+ * @throws ParsingException if the function can't be created with the
+ * given inputs
+ */
+ public abstract Function createAbstractFunction(URI identity, Node root,
+ String xpathVersion)
+ throws UnknownIdentifierException, ParsingException,
+ FunctionTypeException;
+
+ /**
+ * Tries to get an instance of the specified abstract function.
+ *
+ * @param identity the name of the function
+ * @param root the DOM root containing info used to create the function
+ *
+ * @throws UnknownIdentifierException if the name isn't known
+ * @throws FunctionTypeException if the name is known to map to a
+ * concrete function, and should therefore
+ * be created through createFunction
+ * @throws ParsingException if the function can't be created with the
+ * given inputs
+ */
+ public abstract Function createAbstractFunction(String identity, Node
root)
+ throws UnknownIdentifierException, ParsingException,
+ FunctionTypeException;
+
+ /**
+ * Tries to get an instance of the specified abstract function.
+ *
+ * @param identity the name of the function
+ * @param root the DOM root containing info used to create the function
+ * @param xpathVersion the version specified in the contianing policy, or
+ * null if no version was specified
+ *
+ * @throws UnknownIdentifierException if the name isn't known
+ * @throws FunctionTypeException if the name is known to map to a
+ * concrete function, and should therefore
+ * be created through createFunction
+ * @throws ParsingException if the function can't be created with the
+ * given inputs
+ */
+ public abstract Function createAbstractFunction(String identity, Node
root,
+ String xpathVersion)
+ throws UnknownIdentifierException, ParsingException,
+ FunctionTypeException;
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/FunctionFactoryProxy.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/FunctionFactoryProxy.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/FunctionFactoryProxy.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,76 @@
+
+/*
+ * @(#)FunctionFactoryProxy.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+
+/**
+ * A simple proxy interface used to install new
<code>FunctionFactory</code>s.
+ * The three kinds of factory (Target, Condition, and General) are tied
+ * together in this interface because implementors writing new factories
+ * should always implement all three types and provide them together.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public interface FunctionFactoryProxy
+{
+
+ /**
+ * Returns the Target version of an instance of the
+ * <code>FunctionFactory</code> for which this is a proxy.
+ *
+ * @return a <code>FunctionFactory</code> instance
+ */
+ public FunctionFactory getTargetFactory();
+
+ /**
+ * Returns the Condition version of an instance of the
+ * <code>FunctionFactory</code> for which this is a proxy.
+ *
+ * @return a <code>FunctionFactory</code> instance
+ */
+ public FunctionFactory getConditionFactory();
+
+ /**
+ * Returns the General version of an instance of the
+ * <code>FunctionFactory</code> for which this is a proxy.
+ *
+ * @return a <code>FunctionFactory</code> instance
+ */
+ public FunctionFactory getGeneralFactory();
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/FunctionProxy.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/FunctionProxy.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/FunctionProxy.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,70 @@
+
+/*
+ * @(#)FunctionProxy.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * Used by abstract functions to define how new functions are created by
+ * the factory. Note that all functions using XPath are defined to be
+ * abstract functions, so they must be created using this interface.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public interface FunctionProxy
+{
+
+ /**
+ * Creates an instance of some abstract function. If the function
+ * being created is not using XPath, then the version parameter can be
+ * ignored, otherwise a value must be present and the version must
+ * be acceptable.
+ *
+ * @param root the DOM root of the apply statement containing the
function
+ * @param xpathVersion the version specified in the contianing policy, or
+ * null if no version was specified
+ *
+ * @return the function
+ *
+ * @throws Exception if the underlying code experienced any error
+ */
+ public Function getInstance(Node root, String xpathVersion)
+ throws Exception;
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/FunctionTypeException.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/FunctionTypeException.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/FunctionTypeException.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,102 @@
+
+/*
+ * @(#)FunctionTypeException.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+
+/**
+ * Exception that gets thrown if one of the createFunction methods on the
+ * <code>FunctionFactory</code> was called, but the other method should have
+ * been called instead.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class FunctionTypeException extends Exception
+{
+
+ /**
+ * Constructs a new <code>FunctionTypeException</code> with no message
+ * or cause.
+ */
+ public FunctionTypeException() {
+
+ }
+
+ /**
+ * Constructs a new <code>FunctionTypeException</code> with a message,
+ * but no cause. The message is saved for later retrieval by the
+ *
{@link
java.lang#Throwable.getMessage() Throwable.getMessage()}
+ * method.
+ *
+ * @param message the detail message (<code>null</code> if nonexistent
+ * or unknown)
+ */
+ public FunctionTypeException(String message) {
+ super(message);
+ }
+
+ /**
+ * Constructs a new <code>FunctionTypeException</code> with a cause,
+ * but no message. The cause is saved for later retrieval by the
+ *
{@link
java.lang#Throwable.getCause() Throwable.getCause()}
+ * method.
+ *
+ * @param cause the cause (<code>null</code> if nonexistent
+ * or unknown)
+ */
+ public FunctionTypeException(Throwable cause) {
+ super(cause);
+ }
+
+ /**
+ * Constructs a new <code>FunctionTypeException</code> with a message
+ * and a cause. The message and cause are saved for later retrieval
+ * by the
+ *
{@link
java.lang#Throwable.getMessage() Throwable.getMessage()} and
+ *
{@link
java.lang#Throwable.getCause() Throwable.getCause()}
+ * methods.
+ *
+ * @param message the detail message (<code>null</code> if nonexistent
+ * or unknown)
+ * @param cause the cause (<code>null</code> if nonexistent
+ * or unknown)
+ */
+ public FunctionTypeException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/GeneralBagFunction.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/GeneralBagFunction.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/GeneralBagFunction.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,322 @@
+
+/*
+ * @(#)GeneralBagFunction.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.BagAttribute;
+import com.sun.xacml.attr.IntegerAttribute;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+
+/**
+ * Specific <code>BagFunction</code> class that supports all of the
+ * general-purpose bag functions: type-one-and-only, type-bag-size, and
+ * type-bag.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class GeneralBagFunction extends BagFunction
+{
+
+ // private identifiers for the supported functions
+ private static final int ID_BASE_ONE_AND_ONLY = 0;
+ private static final int ID_BASE_BAG_SIZE = 1;
+ private static final int ID_BASE_BAG = 2;
+
+ // mapping of function name to its associated parameters
+ private static HashMap paramMap;
+ private static Set supportedIds;
+
+ /**
+ * Static initializer that sets up the paramater info for all the
+ * supported functions.
+ */
+ static {
+ paramMap = new HashMap();
+
+ for (int i = 0; i < baseTypes.length; i++) {
+ String baseType = baseTypes[i];
+ String functionBaseName = FUNCTION_NS + simpleTypes[i];
+
+ paramMap.put(functionBaseName + NAME_BASE_ONE_AND_ONLY,
+ new BagParameters(ID_BASE_ONE_AND_ONLY, baseType,
+ true, 1, baseType, false));
+
+ paramMap.put(functionBaseName + NAME_BASE_BAG_SIZE,
+ new BagParameters(ID_BASE_BAG_SIZE, baseType, true,
+ 1, IntegerAttribute.identifier,
+ false));
+
+ paramMap.put(functionBaseName + NAME_BASE_BAG,
+ new BagParameters(ID_BASE_BAG, baseType, false, -1,
+ baseType, true));
+ }
+
+ supportedIds = Collections.
+ unmodifiableSet(new HashSet(paramMap.keySet()));
+
+ paramMap.put(NAME_BASE_ONE_AND_ONLY,
+ new BagParameters(ID_BASE_ONE_AND_ONLY, null, true, 1,
+ null, false));
+ paramMap.put(NAME_BASE_BAG_SIZE,
+ new BagParameters(ID_BASE_BAG_SIZE, null, true, 1,
+ IntegerAttribute.identifier, false));
+ paramMap.put(NAME_BASE_BAG,
+ new BagParameters(ID_BASE_BAG, null, false, -1, null,
+ true));
+
+
+ };
+
+ /**
+ * Constructor that is used to create one of the general-purpose standard
+ * bag functions. The name supplied must be one of the standard XACML
+ * functions supported by this class, including the full namespace,
+ * otherwise an exception is thrown. Look in <code>BagFunction</code>
+ * for details about the supported names.
+ *
+ * @param functionName the name of the function to create
+ *
+ * @throws IllegalArgumentException if the function is unknown
+ */
+ public GeneralBagFunction(String functionName) {
+ super(functionName, getId(functionName),
getArgumentType(functionName),
+ getIsBag(functionName), getNumArgs(functionName),
+ getReturnType(functionName), getReturnsBag(functionName));
+ }
+
+ /**
+ * Constructor that is used to create instances of general-purpose bag
+ * functions for new (non-standard) datatypes. This is equivalent to
+ * using the <code>getInstance</code> methods in <code>BagFunction</code>
+ * and is generally only used by the run-time configuration code.
+ *
+ * @param functionName the name of the new function
+ * @param datatype the full identifier for the supported datatype
+ * @param functionType which kind of Bag function, based on the
+ * <code>NAME_BASE_*</code> fields
+ */
+ public GeneralBagFunction(String functionName, String datatype,
+ String functionType) {
+ super(functionName, getId(functionType), datatype,
+ getIsBag(functionType), getNumArgs(functionType),
+ getCustomReturnType(functionType, datatype),
+ getReturnsBag(functionType));
+ }
+
+ /**
+ * Private helper that returns the internal identifier used for the
+ * given standard function.
+ */
+ private static int getId(String functionName) {
+ BagParameters params = (BagParameters)(paramMap.get(functionName));
+
+ if (params == null)
+ throw new IllegalArgumentException("unknown bag function: " +
+ functionName);
+
+ return params.id;
+ }
+
+ /**
+ * Private helper that returns the argument type for the given standard
+ * function. Note that this doesn't check on the return value since the
+ * method always is called after getId, so we assume that the function
+ * is present.
+ */
+ private static String getArgumentType(String functionName) {
+ return ((BagParameters)(paramMap.get(functionName))).arg;
+ }
+
+ /**
+ * Private helper that returns if the given standard function takes
+ * a bag. Note that this doesn't check on the return value since the
+ * method always is called after getId, so we assume that the function
+ * is present.
+ */
+ private static boolean getIsBag(String functionName) {
+ return ((BagParameters)(paramMap.get(functionName))).argIsBag;
+ }
+
+ /**
+ * Private helper that returns the argument count for the given standard
+ * function. Note that this doesn't check on the return value since the
+ * method always is called after getId, so we assume that the function
+ * is present.
+ */
+ private static int getNumArgs(String functionName) {
+ return ((BagParameters)(paramMap.get(functionName))).params;
+ }
+
+ /**
+ * Private helper that returns the return type for the given standard
+ * function. Note that this doesn't check on the return value since the
+ * method always is called after getId, so we assume that the function
+ * is present.
+ */
+ private static String getReturnType(String functionName) {
+ return ((BagParameters)(paramMap.get(functionName))).returnType;
+ }
+
+ /**
+ * Private helper that returns if the return type is a bag for the given
+ * standard function. Note that this doesn't check on the return value
+ * since the method always is called after getId, so we assume that the
+ * function is present.
+ */
+ private static boolean getReturnsBag(String functionName) {
+ return ((BagParameters)(paramMap.get(functionName))).returnsBag;
+ }
+
+ /**
+ * Private helper used by the custom datatype constructor to figure out
+ * what the return type is. Note that this doesn't check on the return
+ * value since the method always is called after getId, so we assume that
+ * the function is present.
+ */
+ private static String getCustomReturnType(String functionType,
+ String datatype) {
+ String ret =
((BagParameters)(paramMap.get(functionType))).returnType;
+
+ if (ret == null)
+ return datatype;
+ else
+ return ret;
+ }
+
+ /**
+ * Returns a <code>Set</code> containing all the function identifiers
+ * supported by this class.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public static Set getSupportedIdentifiers() {
+ return supportedIds;
+ }
+
+ /**
+ * Evaluate the function, using the specified parameters.
+ *
+ * @param inputs a <code>List</code> of <code>Evaluatable</code>
+ * objects representing the arguments passed to the
function
+ * @param context an <code>EvaluationCtx</code> so that the
+ * <code>Evaluatable</code> objects can be evaluated
+ * @return an <code>EvaluationResult</code> representing the
+ * function's result
+ */
+ public EvaluationResult evaluate(List inputs, EvaluationCtx context) {
+
+ // Evaluate the arguments
+ AttributeValue [] argValues = new AttributeValue[inputs.size()];
+ EvaluationResult result = evalArgs(inputs, context, argValues);
+ if (result != null)
+ return result;
+
+ // Now that we have real values, perform the requested operation.
+ AttributeValue attrResult = null;
+
+ switch (getFunctionId()) {
+
+ // *-one-and-only takes a single bag and returns a
+ // single value of baseType
+ case ID_BASE_ONE_AND_ONLY: {
+ BagAttribute bag = (BagAttribute)(argValues[0]);
+
+ if (bag.size() != 1)
+ return makeProcessingError(getFunctionName() + " expects " +
+ "a bag that contains a single " +
+ "element, got a bag with " +
+ bag.size() + " elements");
+
+ attrResult = (AttributeValue)(bag.iterator().next());
+ break;
+ }
+
+ // *-size takes a single bag and returns an integer
+ case ID_BASE_BAG_SIZE: {
+ BagAttribute bag = (BagAttribute)(argValues[0]);
+
+ attrResult = new IntegerAttribute(bag.size());
+ break;
+ }
+
+ // *-bag takes any number of elements of baseType and
+ // returns a bag containing those elements
+ case ID_BASE_BAG: {
+ List argsList = Arrays.asList(argValues);
+
+ attrResult = new BagAttribute(getReturnType(), argsList);
+ break;
+ }
+ }
+
+ return new EvaluationResult(attrResult);
+ }
+
+ /**
+ * Private class that is used for mapping each function to it set of
+ * parameters.
+ */
+ private static class BagParameters {
+ public int id;
+ public String arg;
+ public boolean argIsBag;
+ public int params;
+ public String returnType;
+ public boolean returnsBag;
+
+ public BagParameters(int id, String arg, boolean argIsBag, int
params,
+ String returnType, boolean returnsBag) {
+ this.id = id;
+ this.arg = arg;
+ this.argIsBag = argIsBag;
+ this.params = params;
+ this.returnType = returnType;
+ this.returnsBag = returnsBag;
+ }
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/GeneralSetFunction.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/GeneralSetFunction.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/GeneralSetFunction.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,238 @@
+
+/*
+ * @(#)GeneralSetFunction.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.BagAttribute;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+
+/**
+ * Specific <code>SetFunction</code> class that supports all of the
+ * general-purpose set functions: type-intersection and type-union.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class GeneralSetFunction extends SetFunction
+{
+
+ // private identifiers for the supported functions
+ private static final int ID_BASE_INTERSECTION = 0;
+ private static final int ID_BASE_UNION = 1;
+
+ // mapping of function name to its associated id and parameter type
+ private static HashMap idMap;
+ private static HashMap typeMap;
+
+ /**
+ * Static initializer that sets up the paramater info for all the
+ * supported functions.
+ */
+ static {
+ idMap = new HashMap();
+ typeMap = new HashMap();
+
+ idMap.put(NAME_BASE_INTERSECTION, new Integer(ID_BASE_INTERSECTION));
+ idMap.put(NAME_BASE_UNION, new Integer(ID_BASE_UNION));
+
+ for (int i = 0; i < baseTypes.length; i++) {
+ String baseName = FUNCTION_NS + simpleTypes[i];
+ String baseType = baseTypes[i];
+
+ idMap.put(baseName + NAME_BASE_INTERSECTION,
+ new Integer(ID_BASE_INTERSECTION));
+ idMap.put(baseName + NAME_BASE_UNION,
+ new Integer(ID_BASE_UNION));
+
+ typeMap.put(baseName + NAME_BASE_INTERSECTION, baseType);
+ typeMap.put(baseName + NAME_BASE_UNION, baseType);
+ }
+ };
+
+ /**
+ * Constructor that is used to create one of the general-purpose standard
+ * set functions. The name supplied must be one of the standard XACML
+ * functions supported by this class, including the full namespace,
+ * otherwise an exception is thrown. Look in <code>SetFunction</code>
+ * for details about the supported names.
+ *
+ * @param functionName the name of the function to create
+ *
+ * @throws IllegalArgumentException if the function is unknown
+ */
+ public GeneralSetFunction(String functionName) {
+ super(functionName, getId(functionName),
getArgumentType(functionName),
+ getArgumentType(functionName), true);
+ }
+
+ /**
+ * Constructor that is used to create instances of general-purpose set
+ * functions for new (non-standard) datatypes. This is equivalent to
+ * using the <code>getInstance</code> methods in <code>SetFunction</code>
+ * and is generally only used by the run-time configuration code.
+ *
+ * @param functionName the name of the new function
+ * @param datatype the full identifier for the supported datatype
+ * @param functionType which kind of Set function, based on the
+ * <code>NAME_BASE_*</code> fields
+ */
+ public GeneralSetFunction(String functionName, String datatype,
+ String functionType) {
+ super(functionName, getId(functionType), datatype, datatype, true);
+ }
+
+ /**
+ * Private helper that returns the internal identifier used for the
+ * given standard function.
+ */
+ private static int getId(String functionName) {
+ Integer id = (Integer)(idMap.get(functionName));
+
+ if (id == null)
+ throw new IllegalArgumentException("unknown set function " +
+ functionName);
+
+ return id.intValue();
+ }
+
+ /**
+ * Private helper that returns the argument type for the given standard
+ * function. Note that this doesn't check on the return value since the
+ * method always is called after getId, so we assume that the function
+ * is present.
+ */
+ private static String getArgumentType(String functionName) {
+ return (String)(typeMap.get(functionName));
+ }
+
+ /**
+ * Returns a <code>Set</code> containing all the function identifiers
+ * supported by this class.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public static Set getSupportedIdentifiers() {
+ return Collections.unmodifiableSet(idMap.keySet());
+ }
+
+ /**
+ * Evaluates the function, using the specified parameters.
+ *
+ * @param inputs a <code>List</code> of <code>Evaluatable</code>
+ * objects representing the arguments passed to the
function
+ * @param context an <code>EvaluationCtx</code> so that the
+ * <code>Evaluatable</code> objects can be evaluated
+ * @return an <code>EvaluationResult</code> representing the
+ * function's result
+ */
+ public EvaluationResult evaluate(List inputs, EvaluationCtx context) {
+
+ // Evaluate the arguments
+ AttributeValue [] argValues = new AttributeValue[inputs.size()];
+ EvaluationResult evalResult = evalArgs(inputs, context, argValues);
+ if (evalResult != null)
+ return evalResult;
+
+ // setup the two bags we'll be using
+ BagAttribute [] bags = new BagAttribute[2];
+ bags[0] = (BagAttribute)(argValues[0]);
+ bags[1] = (BagAttribute)(argValues[1]);
+
+ AttributeValue result = null;
+ Set set = new HashSet();
+
+ switch(getFunctionId()) {
+
+ // *-intersection takes two bags of the same type and returns
+ // a bag of that type
+ case ID_BASE_INTERSECTION:
+ // create a bag with the common elements of both inputs, removing
+ // all duplicate values
+
+ Iterator it = bags[0].iterator();
+
+ // find all the things in bags[0] that are also in bags[1]
+ while (it.hasNext()) {
+ AttributeValue value = (AttributeValue)(it.next());
+ if (bags[1].contains(value)) {
+ // sets won't allow duplicates, so this addition is ok
+ set.add(value);
+ }
+ }
+
+ result = new BagAttribute(bags[0].getType(), set);
+
+ break;
+
+ // *-union takes two bags of the same type and returns a bag of
+ // that type
+ case ID_BASE_UNION:
+ // create a bag with all the elements from both inputs, removing
+ // all duplicate values
+
+ Iterator it0 = bags[0].iterator();
+ while (it0.hasNext()) {
+ // first off, add all elements from the first bag...the set
+ // will ignore all duplicates
+ set.add(it0.next());
+ }
+
+ Iterator it1 = bags[1].iterator();
+ while (it1.hasNext()) {
+ // now add all the elements from the second bag...again, all
+ // duplicates will be ignored by the set
+ set.add(it1.next());
+ }
+
+ result = new BagAttribute(bags[0].getType(), set);
+
+ break;
+ }
+
+ return new EvaluationResult(result);
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/HigherOrderFunction.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/HigherOrderFunction.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/HigherOrderFunction.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,526 @@
+
+/*
+ * @(#)HigherOrderFunction.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.BagAttribute;
+import com.sun.xacml.attr.BooleanAttribute;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+
+/**
+ * Represents all of the higher order bag functions, except map, which has
+ * its own class due to the issues with its return type. Unlike the other
+ * functions that are designed to work over any types (the type-* functions)
+ * these functions don't use specific names to describe what type they
+ * operate over, so you don't need to install new instances for any new
+ * datatypes you define.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class HigherOrderFunction implements Function
+{
+
+ /**
+ * Standard identifier for the any-of function.
+ */
+ public static final String NAME_ANY_OF =
+ FunctionBase.FUNCTION_NS + "any-of";
+
+ /**
+ * Standard identifier for the all-of function.
+ */
+ public static final String NAME_ALL_OF =
+ FunctionBase.FUNCTION_NS + "all-of";
+
+ /**
+ * Standard identifier for the any-of-any function.
+ */
+ public static final String NAME_ANY_OF_ANY =
+ FunctionBase.FUNCTION_NS + "any-of-any";
+
+ /**
+ * Standard identifier for the all-of-any function.
+ */
+ public static final String NAME_ALL_OF_ANY =
+ FunctionBase.FUNCTION_NS + "all-of-any";
+
+ /**
+ * Standard identifier for the any-of-all function.
+ */
+ public static final String NAME_ANY_OF_ALL =
+ FunctionBase.FUNCTION_NS + "any-of-all";
+
+ /**
+ * Standard identifier for the all-of-all function.
+ */
+ public static final String NAME_ALL_OF_ALL =
+ FunctionBase.FUNCTION_NS + "all-of-all";
+
+ // internal identifiers for each of the supported functions
+ private static final int ID_ANY_OF = 0;
+ private static final int ID_ALL_OF = 1;
+ private static final int ID_ANY_OF_ANY = 2;
+ private static final int ID_ALL_OF_ANY = 3;
+ private static final int ID_ANY_OF_ALL = 4;
+ private static final int ID_ALL_OF_ALL = 5;
+
+ // internal mapping of names to ids
+ private static HashMap idMap;
+
+ // the internal identifier for each function
+ private int functionId;
+
+ // the real identifier for each function
+ private URI identifier;
+
+ // should the second argument (the first arg passed to the sub-function)
+ // be a bag
+ private boolean secondIsBag;
+
+ // the stuff used to make sure that we have a valid return type or a
+ // known error, just like in the attribute classes
+ private static URI returnTypeURI;
+ private static RuntimeException earlyException;
+
+ // try to create the return type URI, and also setup the id map
+ static {
+ try {
+ returnTypeURI = new URI(BooleanAttribute.identifier);
+ } catch (Exception e) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(e);
+ }
+
+ idMap = new HashMap();
+
+ idMap.put(NAME_ANY_OF, new Integer(ID_ANY_OF));
+ idMap.put(NAME_ALL_OF, new Integer(ID_ALL_OF));
+ idMap.put(NAME_ANY_OF_ANY, new Integer(ID_ANY_OF_ANY));
+ idMap.put(NAME_ALL_OF_ANY, new Integer(ID_ALL_OF_ANY));
+ idMap.put(NAME_ANY_OF_ALL, new Integer(ID_ANY_OF_ALL));
+ idMap.put(NAME_ALL_OF_ALL, new Integer(ID_ALL_OF_ALL));
+ };
+
+ /**
+ * Creates a new instance of the given function.
+ *
+ * @param functionName the function to create
+ *
+ * @throws IllegalArgumentException if the function is unknown
+ */
+ public HigherOrderFunction(String functionName) {
+ // try to get the function's identifier
+ Integer i = (Integer)(idMap.get(functionName));
+ if (i == null)
+ throw new IllegalArgumentException("unknown function: " +
+ functionName);
+ functionId = i.intValue();
+
+ // setup the URI form of this function's idenitity
+ try {
+ identifier = new URI(functionName);
+ } catch (URISyntaxException use) {
+ throw new IllegalArgumentException("invalid URI");
+ }
+
+ // see if the second arg is a bag
+ if ((functionId != ID_ANY_OF) && (functionId != ID_ALL_OF))
+ secondIsBag = true;
+ else
+ secondIsBag = false;
+ }
+
+ /**
+ * Returns a <code>Set</code> containing all the function identifiers
+ * supported by this class.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public static Set getSupportedIdentifiers() {
+ return Collections.unmodifiableSet(idMap.keySet());
+ }
+
+ /**
+ * Returns the full identifier of this function, as known by the
factories.
+ *
+ * @return the function's identifier
+ */
+ public URI getIdentifier() {
+ return identifier;
+ }
+
+ /**
+ * Returns the type of attribute value that will be returned by
+ * this function.
+ *
+ * @return the return type
+ */
+ public URI getReturnType() {
+ if (earlyException != null)
+ throw earlyException;
+
+ return returnTypeURI;
+ }
+
+ /**
+ * Returns whether or not this function will actually return a bag
+ * of values.
+ *
+ * @return true if the function returns a bag of values, otherwise false
+ */
+ public boolean returnsBag() {
+ return false;
+ }
+
+ /**
+ * Evaluates the function, using the specified parameters.
+ *
+ * @param inputs a <code>List</code> of <code>Evaluatable</code>
+ * objects representing the arguments passed to the
function
+ * @param context an <code>EvaluationCtx</code> so that the
+ * <code>Evaluatable</code> objects can be evaluated
+ * @return an <code>EvaluationResult</code> representing the
+ * function's result
+ */
+ public EvaluationResult evaluate(List inputs, EvaluationCtx context) {
+
+ Iterator iterator = inputs.iterator();
+
+ // get the first arg, which is the function
+ Function function = (Function)(iterator.next());
+
+ // get the two inputs ... note that unlike other functions, we don't
+ // have to evaluate here, since the Apply code did it for us already
+ // to handle any Indeterminate cases
+ AttributeValue [] args = new AttributeValue[2];
+ args[0] = (AttributeValue)(iterator.next());
+ args[1] = (AttributeValue)(iterator.next());
+
+ // now we're ready to do the evaluation
+
+ EvaluationResult result = null;
+
+ switch(functionId) {
+
+ case ID_ANY_OF: {
+
+ // param: boolean-function, single value, bag of same type
+ // return: boolean
+ // using the function, iterate through the bag, and if one
+ // of the bag elements matches the single value, return
+ // true, otherwise return false
+
+ result = any(args[0], (BagAttribute)(args[1]), function, context,
+ false);
+ break;
+ }
+
+ case ID_ALL_OF: {
+
+ // param: boolean-function, single value, bag of same type
+ // return: boolean
+ // using the function, iterate through the bag, and if all
+ // of the bag elements match the single value, return
+ // true, otherwise return false
+
+ result = all(args[0], (BagAttribute)(args[1]), function,
context);
+ break;
+ }
+
+ case ID_ANY_OF_ANY: {
+
+ // param: boolean-function, bag, bag of same type
+ // return: boolean
+ // apply the function to every combination of a single value from
+ // the first bag and a single value from the second bag, and if
+ // any evaluation is true return true, otherwise return false
+
+ Iterator it = ((BagAttribute)args[0]).iterator();
+ BagAttribute bag = (BagAttribute)(args[1]);
+
+ while (it.hasNext()) {
+ AttributeValue value = (AttributeValue)(it.next());
+ result = any(value, bag, function, context, false);
+
+ if (result.indeterminate())
+ return result;
+
+ if (((BooleanAttribute)(result.
+ getAttributeValue())).getValue())
+ break;
+ }
+ break;
+ }
+
+ case ID_ALL_OF_ANY: {
+
+ // param: boolean-function, bag, bag of same type
+ // return: boolean
+ // iterate through the first bag, and if for each of those values
+ // one of the values in the second bag matches then return true,
+ // otherwise return false
+
+ result = allOfAny((BagAttribute)(args[1]),
(BagAttribute)(args[0]),
+ function, context);
+ break;
+ }
+
+ case ID_ANY_OF_ALL: {
+
+ // param: boolean-function, bag, bag of same type
+ // return: boolean
+ // iterate through the second bag, and if for each of those
values
+ // one of the values in the first bag matches then return true,
+ // otherwise return false
+
+ result = anyOfAll((BagAttribute)(args[0]),
(BagAttribute)(args[1]),
+ function, context);
+ break;
+ }
+
+ case ID_ALL_OF_ALL: {
+
+ // param: boolean-function, bag, bag of same type
+ // return: boolean
+ // iterate through the first bag, and for each of those values
+ // if every value in the second bag matches using the given
+ // function, then return true, otherwise return false
+
+ Iterator it = ((BagAttribute)args[0]).iterator();
+ BagAttribute bag = (BagAttribute)(args[1]);
+
+ while (it.hasNext()) {
+ AttributeValue value = (AttributeValue)(it.next());
+ result = all((AttributeValue)(it.next()), bag, function,
+ context);
+
+ if (result.indeterminate())
+ return result;
+
+ if (! ((BooleanAttribute)(result.
+ getAttributeValue())).getValue())
+ break;
+ }
+ break;
+ }
+
+ }
+
+ return result;
+ }
+
+ /**
+ * Checks that the given inputs are valid for this function.
+ *
+ * @param inputs a <code>List</code> of <code>Evaluatable</code>s
+ *
+ * @throws IllegalArgumentException if the inputs are invalid
+ */
+ public void checkInputs(List inputs) throws IllegalArgumentException {
+ Object [] list = inputs.toArray();
+
+ // first off, check that we got the right number of paramaters
+ if (list.length != 3)
+ throw new IllegalArgumentException("requires three inputs");
+
+ // now, try to cast the first element into a function
+ if (! (list[0] instanceof Function))
+ throw new IllegalArgumentException("first arg to higher-order " +
+ " function must be a
function");
+
+ // check that the function returns a boolean
+ if (! ((Function)(list[0])).getReturnType().toString().
+ equals(BooleanAttribute.identifier))
+ throw new IllegalArgumentException("higher-order function must "
+
+ "use a boolean function");
+
+ // get the two inputs
+ Evaluatable eval1 = (Evaluatable)(list[1]);
+ Evaluatable eval2 = (Evaluatable)(list[2]);
+
+ // make sure the two args are of the same type
+ if (! eval1.getType().equals(eval2.getType()))
+ throw new IllegalArgumentException("input types to the any/all "
+
+ "functions must match");
+
+ // the first arg might be a bag
+ if (secondIsBag && (! eval1.evaluatesToBag()))
+ throw new IllegalArgumentException("first arg has to be a bag");
+
+ // the second arg must be a bag
+ if (! eval2.evaluatesToBag())
+ throw new IllegalArgumentException("second arg has to be a bag");
+
+ // finally, we need to make sure that the given type will work on
+ // the given function
+ List args = new ArrayList();
+ args.add(eval1);
+ args.add(eval2);
+ ((Function)(list[0])).checkInputsNoBag(args);
+ }
+
+ /**
+ * Checks that the given inputs are valid for this function if all
+ * inputs are considered to not be bags. This always throws an
+ * exception, since this function by definition must work on bags.
+ *
+ * @param inputs a <code>List</code> of <code>Evaluatable</code>s
+ *
+ * @throws IllegalArgumentException always
+ */
+ public void checkInputsNoBag(List inputs) throws
IllegalArgumentException {
+ throw new IllegalArgumentException("higher-order functions require "
+
+ "use of bags");
+ }
+
+ /**
+ * Private helper function that performs the any function, but lets you
+ * swap the argument order (so it can be used by any-of-all)
+ */
+ private EvaluationResult any(AttributeValue value, BagAttribute bag,
+ Function function, EvaluationCtx context,
+ boolean argumentsAreSwapped) {
+ return anyAndAllHelper(value, bag, function, context, false,
+ argumentsAreSwapped);
+ }
+
+ /**
+ * Private helper function that performs the all function
+ */
+ private EvaluationResult all(AttributeValue value, BagAttribute bag,
+ Function function, EvaluationCtx context) {
+ return anyAndAllHelper(value, bag, function, context, true, false);
+ }
+
+ /**
+ * Private helper for any & all functions
+ */
+ private EvaluationResult anyAndAllHelper(AttributeValue value,
+ BagAttribute bag,
+ Function function,
+ EvaluationCtx context,
+ boolean allFunction,
+ boolean argumentsAreSwapped) {
+ BooleanAttribute attr = BooleanAttribute.getInstance(allFunction);
+ Iterator it = bag.iterator();
+
+ while (it.hasNext()) {
+ List params = new ArrayList();
+
+ if (! argumentsAreSwapped) {
+ params.add(value);
+ params.add((AttributeValue)(it.next()));
+ } else {
+ params.add((AttributeValue)(it.next()));
+ params.add(value);
+ }
+
+ EvaluationResult result = function.evaluate(params, context);
+
+ if (result.indeterminate())
+ return result;
+
+ BooleanAttribute bool =
+ (BooleanAttribute)(result.getAttributeValue());
+ if (bool.getValue() != allFunction) {
+ attr = bool;
+ break;
+ }
+ }
+
+ return new EvaluationResult(attr);
+ }
+
+ /**
+ * any-of-all
+ */
+ private EvaluationResult anyOfAll(BagAttribute anyBag, BagAttribute
allBag,
+ Function function,
+ EvaluationCtx context) {
+ return allAnyHelper(anyBag, allBag, function, context, true);
+ }
+
+ /**
+ * all-of-any
+ */
+ private EvaluationResult allOfAny(BagAttribute anyBag, BagAttribute
allBag,
+ Function function,
+ EvaluationCtx context) {
+ return allAnyHelper(anyBag, allBag, function, context, false);
+ }
+
+ /**
+ * Private helper for the all-of-any and any-of-all functions
+ */
+ private EvaluationResult allAnyHelper(BagAttribute anyBag,
+ BagAttribute allBag,
+ Function function,
+ EvaluationCtx context,
+ boolean argumentsAreSwapped) {
+ Iterator it = allBag.iterator();
+
+ while (it.hasNext()) {
+ AttributeValue value = (AttributeValue)(it.next());
+ EvaluationResult result =
+ any(value, anyBag, function, context, argumentsAreSwapped);
+
+ if (result.indeterminate())
+ return result;
+
+ if (! ((BooleanAttribute)(result.
+ getAttributeValue())).getValue())
+ return result;
+ }
+
+ return new EvaluationResult(BooleanAttribute.getTrueInstance());
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/LogicalFunction.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/LogicalFunction.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/LogicalFunction.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,164 @@
+
+/*
+ * @(#)LogicalFunction.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.BooleanAttribute;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+
+/**
+ * A class that implements the logical functions "or" and "and".
+ * These functions take any number of boolean arguments and evaluate
+ * them one at a time, starting with the first argument. As soon as
+ * the result of the function can be determined, evaluation stops and
+ * that result is returned. During this process, if any argument
+ * evaluates to indeterminate, an indeterminate result is returned.
+ *
+ * @since 1.0
+ * @author Steve Hanna
+ * @author Seth Proctor
+ */
+public class LogicalFunction extends FunctionBase
+{
+
+ /**
+ * Standard identifier for the or function.
+ */
+ public static final String NAME_OR = FUNCTION_NS + "or";
+
+ /**
+ * Standard identifier for the and function.
+ */
+ public static final String NAME_AND = FUNCTION_NS + "and";
+
+ // internal identifiers for each of the supported functions
+ private static final int ID_OR = 0;
+ private static final int ID_AND = 1;
+
+ /**
+ * Creates a new <code>LogicalFunction</code> object.
+ *
+ * @param functionName the standard XACML name of the function to be
+ * handled by this object, including the full
namespace
+ *
+ * @throws IllegalArgumentException if the functionName is unknown
+ */
+ public LogicalFunction(String functionName) {
+ super(functionName, getId(functionName), BooleanAttribute.identifier,
+ false, -1, BooleanAttribute.identifier, false);
+ }
+
+ /**
+ * Private helper that looks up the private id based on the function
name.
+ */
+ private static int getId(String functionName) {
+ if (functionName.equals(NAME_OR))
+ return ID_OR;
+ else if (functionName.equals(NAME_AND))
+ return ID_AND;
+ else
+ throw new IllegalArgumentException("unknown logical function: " +
+ functionName);
+ }
+
+ /**
+ * Returns a <code>Set</code> containing all the function identifiers
+ * supported by this class.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public static Set getSupportedIdentifiers() {
+ Set set = new HashSet();
+
+ set.add(NAME_OR);
+ set.add(NAME_AND);
+
+ return set;
+ }
+
+ /**
+ * Evaluate the function, using the specified parameters.
+ *
+ * @param inputs a <code>List</code> of <code>Evaluatable</code>
+ * objects representing the arguments passed to the
function
+ * @param context an <code>EvaluationCtx</code> so that the
+ * <code>Evaluatable</code> objects can be evaluated
+ * @return an <code>EvaluationResult</code> representing the
+ * function's result
+ */
+ public EvaluationResult evaluate(List inputs, EvaluationCtx context) {
+
+ // Evaluate the arguments one by one. As soon as we can
+ // return a result, do so. Return Indeterminate if any argument
+ // evaluated is indeterminate.
+ Iterator it = inputs.iterator();
+ while (it.hasNext()) {
+ Evaluatable eval = (Evaluatable)(it.next());
+
+ // Evaluate the argument
+ EvaluationResult result = eval.evaluate(context);
+ if (result.indeterminate())
+ return result;
+
+ AttributeValue value = result.getAttributeValue();
+ boolean argBooleanValue = ((BooleanAttribute)value).getValue();
+
+ switch (getFunctionId()) {
+ case ID_OR:
+ if (argBooleanValue)
+ return EvaluationResult.getTrueInstance();
+ break;
+ case ID_AND:
+ if (!argBooleanValue)
+ return EvaluationResult.getFalseInstance();
+ break;
+ }
+ }
+
+ if (getFunctionId() == ID_OR)
+ return EvaluationResult.getFalseInstance();
+ else
+ return EvaluationResult.getTrueInstance();
+ }
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/MapFunction.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/MapFunction.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/MapFunction.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,286 @@
+
+/*
+ * @(#)MapFunction.java 1.4 01/30/03
+ *
+ * Copyright 2003 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+import com.sun.xacml.ParsingException;
+
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.BagAttribute;
+
+import com.sun.xacml.ctx.Status;
+
+import java.net.URI;
+
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+
+/**
+ * Represents the higher order bag function map.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+class MapFunction implements Function
+{
+
+ /**
+ * The name of this function
+ */
+ public static final String NAME_MAP = FunctionBase.FUNCTION_NS + "map";
+
+ // the return type for this instance
+ private URI returnType;
+
+ // the stuff used to make sure that we have a valid identifier or a
+ // known error, just like in the attribute classes
+ private static URI identifier;
+ private static RuntimeException earlyException;
+
+ // try to initialize the identifier
+ static {
+ try {
+ identifier = new URI(NAME_MAP);
+ } catch (Exception e) {
+ earlyException = new IllegalArgumentException();
+ earlyException.initCause(e);
+ }
+ };
+
+ /**
+ * Creates a new instance of a <code>MapFunction</code>.
+ *
+ * @param returnType the type returned by this function
+ */
+ public MapFunction(URI returnType) {
+ this.returnType = returnType;
+ }
+
+ /**
+ * Returns a <code>Set</code> containing all the function identifiers
+ * supported by this class.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public static Set getSupportedIdentifiers() {
+ Set set = new HashSet();
+
+ set.add(NAME_MAP);
+
+ return set;
+ }
+
+ /**
+ * Creates a new instance of the map function using the data found in
+ * the DOM node provided. This is called by a proxy when the factory
+ * is asked to create one of these functions.
+ *
+ * @param root the DOM node of the apply tag containing this function
+ *
+ * @return a <code>MapFunction</code> instance
+ *
+ * @throws ParsingException if the DOM data was incorrect
+ */
+ public static MapFunction getInstance(Node root) throws ParsingException
{
+ URI returnType = null;
+
+ NodeList nodes = root.getChildNodes();
+ for (int i = 0; i < nodes.getLength(); i++) {
+ Node node = nodes.item(i);
+
+ if (node.getNodeName().equals("Function")) {
+ String funcName = node.getAttributes().
+ getNamedItem("FunctionId").getNodeValue();
+ FunctionFactory factory =
FunctionFactory.getGeneralInstance();
+ try {
+ Function function = factory.createFunction(funcName);
+ returnType = function.getReturnType();
+ break;
+ } catch (FunctionTypeException fte) {
+ // try to get this as an abstract function
+ try {
+ Function function = factory.
+ createAbstractFunction(funcName, root);
+ returnType = function.getReturnType();
+ break;
+ } catch (Exception e) {
+ // any exception here is an error
+ throw new ParsingException("invalid abstract map",
e);
+ }
+ } catch (Exception e) {
+ // any exception that's not function type is an error
+ throw new ParsingException("couldn't parse map body", e);
+ }
+ }
+ }
+
+ // see if we found the return type
+ if (returnType == null)
+ throw new ParsingException("couldn't find the return type");
+
+ return new MapFunction(returnType);
+ }
+
+ /**
+ * Returns the full identifier of this function, as known by the
factories.
+ *
+ * @return the function's identifier
+ */
+ public URI getIdentifier() {
+ // strictly speaking, this should never happen
+ if (earlyException != null)
+ throw earlyException;
+
+ return identifier;
+ }
+
+ /**
+ * Returns the attribute type returned by this function.
+ *
+ * @return the return type
+ */
+ public URI getReturnType() {
+ return returnType;
+ }
+
+ /**
+ * Returns <code>true</code>, since the map function always returns a bag
+ *
+ * @return true
+ */
+ public boolean returnsBag() {
+ return true;
+ }
+
+ /**
+ * Helper function to create a processing error message.
+ */
+ private static EvaluationResult makeProcessingError(String message) {
+ ArrayList code = new ArrayList();
+ code.add(Status.STATUS_PROCESSING_ERROR);
+ return new EvaluationResult(new Status(code, message));
+ }
+
+ /**
+ * Evaluates the function given the input data. Map expects a
+ * <code>Function</code> followed by a <code>BagAttribute</code>.
+ *
+ * @param inputs the input agrument list
+ * @param context the representation of the request
+ *
+ * @return the result of evaluation
+ */
+ public EvaluationResult evaluate(List inputs, EvaluationCtx context) {
+
+ // get the inputs, which we expect to be correct
+ Iterator iterator = inputs.iterator();
+ Function function = (Function)(iterator.next());
+ BagAttribute bag = (BagAttribute)(iterator.next());
+
+ // param: function, bag
+ // return: bag
+ // for each value in the bag evaluate the given function with
+ // the value and put the function result in a new bag that
+ // is ultimately returned
+
+ Iterator it = bag.iterator();
+ List outputs = new ArrayList();
+
+ while (it.hasNext()) {
+ List params = new ArrayList();
+ params.add(it.next());
+ EvaluationResult result = function.evaluate(params, context);
+
+ if (result.indeterminate())
+ return result;
+
+ outputs.add(result.getAttributeValue());
+ }
+
+ return new EvaluationResult(new BagAttribute(returnType, outputs));
+ }
+
+ /**
+ * Checks that the input list is valid for evaluation.
+ *
+ * @param inputs a <code>List</code> of inputs
+ *
+ * @throws IllegalArgumentException if the inputs cannot be evaluated
+ */
+ public void checkInputs(List inputs) throws IllegalArgumentException {
+ Object [] list = inputs.toArray();
+
+ // check that we've got the right number of arguments
+ if (list.length != 2)
+ throw new IllegalArgumentException("map requires two inputs");
+
+ // now check that we've got the right types for map
+ if (! (list[0] instanceof Function))
+ throw new IllegalArgumentException("first argument to map must "
+
+ "be a Function");
+ Evaluatable eval = (Evaluatable)(list[1]);
+ if (! eval.evaluatesToBag())
+ throw new IllegalArgumentException("second argument to map must
" +
+ "be a bag");
+
+ // finally, check that the type in the bag is right for the function
+ List input = new ArrayList();
+ input.add(list[1]);
+ ((Function)(list[0])).checkInputsNoBag(input);
+ }
+
+ /**
+ * Always throws <code>IllegalArgumentException</code> since map needs
+ * to work on a bag
+ *
+ * @param inputs a <code>List</code> of inputs
+ *
+ * @throws IllegalArgumentException always
+ */
+ public void checkInputsNoBag(List inputs) throws
IllegalArgumentException {
+ throw new IllegalArgumentException("map requires a bag");
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/MapFunctionProxy.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/MapFunctionProxy.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/MapFunctionProxy.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,65 @@
+
+/*
+ * @(#)MapFunctionProxy.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * A basic proxy class that supports map, the only standard abstract
function.
+ * This is useful if you're configuring the PDP at runtime.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class MapFunctionProxy implements FunctionProxy
+{
+
+ /**
+ * Default constructor.
+ */
+ public MapFunctionProxy() {
+
+ }
+
+ public Function getInstance(Node root, String xpathVersion)
+ throws Exception
+ {
+ return MapFunction.getInstance(root);
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/MatchFunction.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/MatchFunction.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/MatchFunction.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,286 @@
+
+/*
+ * @(#)MatchFunction.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.BooleanAttribute;
+import com.sun.xacml.attr.RFC822NameAttribute;
+import com.sun.xacml.attr.StringAttribute;
+import com.sun.xacml.attr.X500NameAttribute;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import java.util.regex.Pattern;
+
+import javax.security.auth.x500.X500Principal;
+
+
+/**
+ * Implements the three standard matching functions.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ * @author Yassir Elley
+ */
+public class MatchFunction extends FunctionBase
+{
+
+ /**
+ * Standard identifier for the regexp-string-match function.
+ */
+ public static final String NAME_REGEXP_STRING_MATCH =
+ FUNCTION_NS + "regexp-string-match";
+
+ /**
+ * Standard identifier for the x500Name-match function.
+ */
+ public static final String NAME_X500NAME_MATCH =
+ FUNCTION_NS + "x500Name-match";
+
+ /**
+ * Standard identifier for the rfc822Name-match function.
+ */
+ public static final String NAME_RFC822NAME_MATCH =
+ FUNCTION_NS + "rfc822Name-match";
+
+ // private identifiers for the supported functions
+ private static final int ID_REGEXP_STRING_MATCH = 0;
+ private static final int ID_X500NAME_MATCH = 1;
+ private static final int ID_RFC822NAME_MATCH = 2;
+
+ // private mappings for the input arguments
+ private static final String regexpParams [] = {
+ StringAttribute.identifier,
+ StringAttribute.identifier };
+ private static final String x500Params [] = {
+ X500NameAttribute.identifier,
+ X500NameAttribute.identifier };
+ private static final String rfc822Params [] = {
+ StringAttribute.identifier,
+ RFC822NameAttribute.identifier};
+
+ // private mapping for bag input options
+ private static final boolean bagParams [] = { false, false };
+
+ /**
+ * Creates a new <code>MatchFunction</code> based on the given name.
+ *
+ * @param functionName the name of the standard match function, including
+ * the complete namespace
+ *
+ * @throws IllegalArgumentException if the function is unknown
+ */
+ public MatchFunction(String functionName) {
+ super(functionName, getId(functionName),
+ getArgumentTypes(functionName), bagParams,
+ BooleanAttribute.identifier, false);
+ }
+
+ /**
+ * Private helper that returns the internal identifier used for the
+ * given standard function.
+ */
+ private static int getId(String functionName) {
+ if (functionName.equals(NAME_REGEXP_STRING_MATCH))
+ return ID_REGEXP_STRING_MATCH;
+ else if (functionName.equals(NAME_X500NAME_MATCH))
+ return ID_X500NAME_MATCH;
+ else if (functionName.equals(NAME_RFC822NAME_MATCH))
+ return ID_RFC822NAME_MATCH;
+
+ throw new IllegalArgumentException("unknown match function: " +
+ functionName);
+ }
+
+ /**
+ * Private helper that returns the types used for the given standard
+ * function. Note that this doesn't check on the return value since the
+ * method always is called after getId, so we assume that the function
+ * is present.
+ */
+ private static String [] getArgumentTypes(String functionName) {
+ if (functionName.equals(NAME_REGEXP_STRING_MATCH))
+ return regexpParams;
+ else if (functionName.equals(NAME_X500NAME_MATCH))
+ return x500Params;
+ else
+ return rfc822Params;
+ }
+
+ /**
+ * Returns a <code>Set</code> containing all the function identifiers
+ * supported by this class.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public static Set getSupportedIdentifiers() {
+ Set set = new HashSet();
+
+ set.add(NAME_REGEXP_STRING_MATCH);
+ set.add(NAME_X500NAME_MATCH);
+ set.add(NAME_RFC822NAME_MATCH);
+
+ return set;
+ }
+
+ /**
+ * Evaluate the function, using the specified parameters.
+ *
+ * @param inputs a <code>List</code> of <code>Evaluatable</code>
+ * objects representing the arguments passed to the
function
+ * @param context an <code>EvaluationCtx</code> so that the
+ * <code>Evaluatable</code> objects can be evaluated
+ * @return an <code>EvaluationResult</code> representing the
+ * function's result
+ */
+ public EvaluationResult evaluate(List inputs, EvaluationCtx context) {
+
+ // Evaluate the arguments
+ AttributeValue [] argValues = new AttributeValue[inputs.size()];
+ EvaluationResult result = evalArgs(inputs, context, argValues);
+
+ // make sure we didn't get an error in processing the args
+ if (result != null)
+ return result;
+
+ // now that we're setup, we can do the matching operations
+
+ boolean boolResult = false;
+
+ switch (getFunctionId()) {
+
+ case ID_REGEXP_STRING_MATCH: {
+ // arg0 is a regular expression; arg1 is a general string
+ String arg0 = ((StringAttribute)(argValues[0])).getValue();
+ String arg1 = ((StringAttribute)(argValues[1])).getValue();
+
+ // the regular expression syntax required by XACML differs
+ // from the syntax supported by java.util.regex.Pattern
+ // in several ways; the next several code blocks transform
+ // the XACML syntax into a semantically equivalent Pattern syntax
+
+ StringBuffer buf = new StringBuffer(arg0);
+
+ // in order to handle the requirement that the string is
+ // considered to match the pattern if any substring matches
+ // the pattern, we prepend ".*" and append ".*" to the reg exp,
+ // but only if there isn't an anchor (^ or $) in place
+
+ if (arg0.charAt(0) != '^')
+ buf = buf.insert(0, ".*");
+
+ if (arg0.charAt(arg0.length() - 1) != '$')
+ buf = buf.insert(buf.length(), ".*");
+
+ // in order to handle Unicode blocks, we replace all
+ // instances of "\p{Is" with "\p{In" in the reg exp
+
+ int idx = -1;
+ idx = buf.indexOf("\\p{Is", 0);
+ while (idx != -1){
+ buf = buf.replace(idx, idx+5, "\\p{In");
+ idx = buf.indexOf("\\p{Is", idx);
+ }
+
+ // in order to handle Unicode blocks, we replace all instances
+ // of "\P{Is" with "\P{In" in the reg exp
+
+ idx = -1;
+ idx = buf.indexOf("\\P{Is", 0);
+ while (idx != -1){
+ buf = buf.replace(idx, idx+5, "\\P{In");
+ idx = buf.indexOf("\\P{Is", idx);
+ }
+
+ // in order to handle character class subtraction, we
+ // replace all instances of "-[" with "&&[^" in the reg exp
+
+ idx = -1;
+ idx = buf.indexOf("-[", 0);
+ while (idx != -1){
+ buf = buf.replace(idx, idx+2, "&&[^");
+ idx = buf.indexOf("-[", idx);
+ }
+ arg0 = buf.toString();
+
+ boolResult = Pattern.matches(arg0, arg1);
+
+ break;
+ }
+
+ case ID_X500NAME_MATCH: {
+ X500Principal arg0 =
+ ((X500NameAttribute)(argValues[0])).getValue();
+ X500Principal arg1 =
+ ((X500NameAttribute)(argValues[1])).getValue();
+
+ boolResult = arg1.getName(X500Principal.CANONICAL).
+ endsWith(arg0.getName(X500Principal.CANONICAL));
+
+ break;
+ }
+
+ case ID_RFC822NAME_MATCH: {
+ String arg0 = ((StringAttribute)(argValues[0])).getValue();
+ String arg1 = ((RFC822NameAttribute)(argValues[1])).getValue();
+
+ if (arg0.indexOf('@') != -1) {
+ // this is case #1 : a whole address
+ String normalized = (new
RFC822NameAttribute(arg0)).getValue();
+ boolResult = normalized.equals(arg1);
+ } else if (arg0.charAt(0) == '.') {
+ // this is case #3 : a sub-domain
+ boolResult = arg1.endsWith(arg0.toLowerCase());
+ } else {
+ // this is case #2 : any mailbox at a specific domain
+ String mailDomain = arg1.substring(arg1.indexOf('@') + 1);
+ boolResult = arg0.toLowerCase().equals(mailDomain);
+ }
+
+ break;
+ }
+
+ }
+
+ // Return the result as a BooleanAttribute.
+ return EvaluationResult.getInstance(boolResult);
+ }
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/ModFunction.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/ModFunction.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/ModFunction.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,121 @@
+
+/*
+ * @(#)ModFunction.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.IntegerAttribute;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+
+/**
+ * A class that implements the integer-mod function. It takes two
+ * integer operands and returns the remainder. If either of the
+ * operands is indeterminate, an indeterminate result is returned.
+ *
+ * @since 1.0
+ * @author Steve Hanna
+ * @author Seth Proctor
+ */
+public class ModFunction extends FunctionBase
+{
+
+ /**
+ * Standard identifier for the integer-mod function.
+ */
+ public static final String NAME_INTEGER_MOD = FUNCTION_NS +
"integer-mod";
+
+ /**
+ * Creates a new <code>ModFunction</code> object.
+ *
+ * @param functionName the standard XACML name of the function to be
+ * handled by this object, including the full
namespace
+ *
+ * @throws IllegalArgumentException if the function is unknown
+ */
+ public ModFunction(String functionName) {
+ super(NAME_INTEGER_MOD, 0, IntegerAttribute.identifier, false,
+ 2, IntegerAttribute.identifier, false);
+
+ if (! functionName.equals(NAME_INTEGER_MOD))
+ throw new IllegalArgumentException("unknown mod function: "
+ + functionName);
+ }
+
+ /**
+ * Returns a <code>Set</code> containing all the function identifiers
+ * supported by this class.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public static Set getSupportedIdentifiers() {
+ Set set = new HashSet();
+
+ set.add(NAME_INTEGER_MOD);
+
+ return set;
+ }
+
+ /**
+ * Evaluate the function, using the specified parameters.
+ *
+ * @param inputs a <code>List</code> of <code>Evaluatable</code>
+ * objects representing the arguments passed to the
function
+ * @param context an <code>EvaluationCtx</code> so that the
+ * <code>Evaluatable</code> objects can be evaluated
+ * @return an <code>EvaluationResult</code> representing the
+ * function's result
+ */
+ public EvaluationResult evaluate(List inputs, EvaluationCtx context) {
+
+ // Evaluate the arguments
+ AttributeValue [] argValues = new AttributeValue[inputs.size()];
+ EvaluationResult result = evalArgs(inputs, context, argValues);
+ if (result != null)
+ return result;
+
+ // Now that we have real values, perform the mod operation
+ long arg0 = ((IntegerAttribute) argValues[0]).getValue();
+ long arg1 = ((IntegerAttribute) argValues[1]).getValue();
+
+ return new EvaluationResult(new IntegerAttribute(arg0 % arg1));
+ }
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/MultiplyFunction.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/MultiplyFunction.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/MultiplyFunction.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,175 @@
+
+/*
+ * @(#)MultiplyFunction.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.DoubleAttribute;
+import com.sun.xacml.attr.IntegerAttribute;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+
+/**
+ * A class that implements all the *-multiply functions. It takes two
+ * operands of the appropriate type and returns the product of the
+ * operands. If either of the operands is indeterminate, an indeterminate
+ * result is returned.
+ *
+ * @since 1.0
+ * @author Steve Hanna
+ * @author Seth Proctor
+ */
+public class MultiplyFunction extends FunctionBase
+{
+
+ /**
+ * Standard identifier for the integer-multiply function.
+ */
+ public static final String NAME_INTEGER_MULTIPLY =
+ FUNCTION_NS + "integer-multiply";
+
+ /**
+ * Standard identifier for the double-multiply function.
+ */
+ public static final String NAME_DOUBLE_MULTIPLY =
+ FUNCTION_NS + "double-multiply";
+
+ // inernal identifiers for each of the supported functions
+ private static final int ID_INTEGER_MULTIPLY = 0;
+ private static final int ID_DOUBLE_MULTIPLY = 1;
+
+ /**
+ * Creates a new <code>MultiplyFunction</code> object.
+ *
+ * @param functionName the standard XACML name of the function to be
+ * handled by this object, including the full
namespace
+ *
+ * @throws IllegalArgumentException if the function is unknown
+ */
+ public MultiplyFunction(String functionName) {
+ super(functionName, getId(functionName),
getArgumentType(functionName),
+ false, 2, getArgumentType(functionName), false);
+ }
+
+ /**
+ * Private helper that returns the internal identifier used for the
+ * given standard function.
+ */
+ private static int getId(String functionName) {
+ if (functionName.equals(NAME_INTEGER_MULTIPLY))
+ return ID_INTEGER_MULTIPLY;
+ else if (functionName.equals(NAME_DOUBLE_MULTIPLY))
+ return ID_DOUBLE_MULTIPLY;
+ else
+ throw new IllegalArgumentException("unknown multiply function " +
+ functionName);
+ }
+
+ /**
+ * Private helper that returns the type used for the given standard
+ * function. Note that this doesn't check on the return value since the
+ * method always is called after getId, so we assume that the function
+ * is present.
+ */
+ private static String getArgumentType(String functionName) {
+ if (functionName.equals(NAME_INTEGER_MULTIPLY))
+ return IntegerAttribute.identifier;
+ else
+ return DoubleAttribute.identifier;
+ }
+
+ /**
+ * Returns a <code>Set</code> containing all the function identifiers
+ * supported by this class.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public static Set getSupportedIdentifiers() {
+ Set set = new HashSet();
+
+ set.add(NAME_INTEGER_MULTIPLY);
+ set.add(NAME_DOUBLE_MULTIPLY);
+
+ return set;
+ }
+
+ /**
+ * Evaluate the function, using the specified parameters.
+ *
+ * @param inputs a <code>List</code> of <code>Evaluatable</code>
+ * objects representing the arguments passed to the
function
+ * @param context an <code>EvaluationCtx</code> so that the
+ * <code>Evaluatable</code> objects can be evaluated
+ * @return an <code>EvaluationResult</code> representing the
+ * function's result
+ */
+ public EvaluationResult evaluate(List inputs, EvaluationCtx context) {
+
+ // Evaluate the arguments
+ AttributeValue [] argValues = new AttributeValue[inputs.size()];
+ EvaluationResult result = evalArgs(inputs, context, argValues);
+ if (result != null)
+ return result;
+
+ // Now that we have real values, perform the multiply operation
+ // in the manner appropriate for the type of the arguments.
+ switch (getFunctionId()) {
+ case ID_INTEGER_MULTIPLY: {
+ long arg0 = ((IntegerAttribute) argValues[0]).getValue();
+ long arg1 = ((IntegerAttribute) argValues[1]).getValue();
+ long product = arg0 * arg1;
+
+ result = new EvaluationResult(new IntegerAttribute(product));
+ break;
+ }
+ case ID_DOUBLE_MULTIPLY: {
+ double arg0 = ((DoubleAttribute) argValues[0]).getValue();
+ double arg1 = ((DoubleAttribute) argValues[1]).getValue();
+ double product = arg0 * arg1;
+
+ result = new EvaluationResult(new DoubleAttribute(product));
+ break;
+ }
+ }
+
+ return result;
+ }
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/NOfFunction.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/NOfFunction.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/NOfFunction.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,212 @@
+
+/*
+ * @(#)NOfFunction.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.BooleanAttribute;
+import com.sun.xacml.attr.IntegerAttribute;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+
+/**
+ * A class that implements the n-of function. It requires
+ * at least one argument. The first argument must be an integer
+ * and the rest of the arguments must be booleans. If the number of
+ * boolean arguments that evaluate to true is at least the value of the
+ * first argument, the function returns true. Otherwise, it returns false
+ * (or indeterminate, as described in the next paragraph.
+ * 
+ * This function evaluates the arguments one at a time, starting with
+ * the first one. As soon as the result of the function can be determined,
+ * evaluation stops and that result is returned. During this process, if
+ * any argument evaluates to indeterminate, an indeterminate result is
+ * returned.
+ *
+ * @since 1.0
+ * @author Steve Hanne
+ * @author Seth Proctor
+ */
+public class NOfFunction extends FunctionBase
+{
+
+ /**
+ * Standard identifier for the n-of function.
+ */
+ public static final String NAME_N_OF = FUNCTION_NS + "n-of";
+
+ /**
+ * Creates a new <code>NOfFunction</code> object.
+ *
+ * @param functionName the standard XACML name of the function to be
+ * handled by this object, including the full
namespace
+ *
+ * @throws IllegalArgumentException if the function is unknown
+ */
+ public NOfFunction(String functionName) {
+ super(NAME_N_OF, 0, BooleanAttribute.identifier, false);
+
+ if (! functionName.equals(NAME_N_OF))
+ throw new IllegalArgumentException("unknown nOf function: "
+ + functionName);
+ }
+
+ /**
+ * Returns a <code>Set</code> containing all the function identifiers
+ * supported by this class.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public static Set getSupportedIdentifiers() {
+ Set set = new HashSet();
+
+ set.add(NAME_N_OF);
+
+ return set;
+ }
+
+ /**
+ * Evaluate the function, using the specified parameters.
+ *
+ * @param inputs a <code>List</code> of <code>Evaluatable</code>
+ * objects representing the arguments passed to the
function
+ * @param context an <code>EvaluationCtx</code> so that the
+ * <code>Evaluatable</code> objects can be evaluated
+ * @return an <code>EvaluationResult</code> representing the
+ * function's result
+ */
+ public EvaluationResult evaluate(List inputs, EvaluationCtx context) {
+
+ // Evaluate the arguments one by one. As soon as we can return
+ // a result, do so. Return Indeterminate if any argument
+ // evaluated is indeterminate.
+ Iterator it = inputs.iterator();
+ Evaluatable eval = (Evaluatable)(it.next());
+
+ // Evaluate the first argument
+ EvaluationResult result = eval.evaluate(context);
+ if (result.indeterminate())
+ return result;
+
+ // if there were no problems, we know 'n'
+ long n = ((IntegerAttribute)(result.getAttributeValue())).getValue();
+
+ // If the number of trues needed is less than zero, report an error.
+ if (n < 0)
+ return makeProcessingError("First argument to " +
getFunctionName()
+ + " cannot be negative.");
+
+ // If the number of trues needed is zero, return true.
+ if (n == 0)
+ return EvaluationResult.getTrueInstance();
+
+ // make sure it's possible to find n true values
+ long remainingArgs = inputs.size() - 1;
+ if (n > remainingArgs)
+ return makeProcessingError("not enough arguments to n-of to " +
+ "find " + n + " true values");
+
+ // loop through the inputs, trying to find at least n trues
+ while (remainingArgs >= n) {
+ eval = (Evaluatable)(it.next());
+
+ // evaluate the next argument
+ result = eval.evaluate(context);
+ if (result.indeterminate())
+ return result;
+
+ // get the next value, and see if it's true
+ if (((BooleanAttribute)(result.getAttributeValue())).getValue())
{
+ // we're one closer to our goal...see if we met it
+ if (--n == 0)
+ return EvaluationResult.getTrueInstance();
+ }
+
+ // we're still looking, but we've got one fewer arguments
+ remainingArgs--;
+ }
+
+ // if we got here then we didn't meet our quota
+ return EvaluationResult.getFalseInstance();
+ }
+
+ /**
+ *
+ */
+ public void checkInputs(List inputs) throws IllegalArgumentException {
+ // check that none of the inputs is a bag
+ Object [] list = inputs.toArray();
+ for (int i = 0; i < list.length; i++)
+ if (((Evaluatable)(list[i])).evaluatesToBag())
+ throw new IllegalArgumentException("n-of can't use bags");
+
+ // if we got here then there were no bags, so ask the other check
+ // method to finish the checking
+ checkInputsNoBag(inputs);
+ }
+
+ /**
+ *
+ */
+ public void checkInputsNoBag(List inputs) throws
IllegalArgumentException {
+ Object [] list = inputs.toArray();
+
+ // check that there is at least one arg
+ if (list.length == 0)
+ throw new IllegalArgumentException("n-of requires an argument");
+
+ // check that the first element is an Integer
+ Evaluatable eval = (Evaluatable)(list[0]);
+ if (! eval.getType().toString().equals(IntegerAttribute.identifier))
+ throw new IllegalArgumentException("first argument to n-of must"
+
+ " be an integer");
+
+ // now check that the rest of the args are booleans
+ for (int i = 1; i < list.length; i++) {
+ if (! ((Evaluatable)(list[i])).getType().toString().
+ equals(BooleanAttribute.identifier))
+ throw new IllegalArgumentException("invalid parameter in
n-of"
+ + ": expected boolean");
+ }
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/NotFunction.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/NotFunction.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/NotFunction.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,120 @@
+
+/*
+ * @(#)NotFunction.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.BooleanAttribute;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+
+/**
+ * A class that implements the not function. This function takes
+ * one boolean argument and returns the logical negation of that
+ * value. If the argument evaluates to indeterminate, an
+ * indeterminate result is returned.
+ *
+ * @since 1.0
+ * @author Steve Hanna
+ * @author Seth Proctor
+ */
+public class NotFunction extends FunctionBase
+{
+
+ /**
+ * Standard identifier for the not function.
+ */
+ public static final String NAME_NOT = FUNCTION_NS + "not";
+
+ /**
+ * Creates a new <code>NotFunction</code> object.
+ *
+ * @param functionName the standard XACML name of the function to be
+ * handled by this object, including the full
namespace
+ *
+ * @throws IllegalArgumentException if the function is unknown
+ */
+ public NotFunction(String functionName) {
+ super(NAME_NOT, 0, BooleanAttribute.identifier, false, 1,
+ BooleanAttribute.identifier, false);
+
+ if (! functionName.equals(NAME_NOT))
+ throw new IllegalArgumentException("unknown not function: "
+ + functionName);
+ }
+
+ /**
+ * Returns a <code>Set</code> containing all the function identifiers
+ * supported by this class.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public static Set getSupportedIdentifiers() {
+ Set set = new HashSet();
+
+ set.add(NAME_NOT);
+
+ return set;
+ }
+
+ /**
+ * Evaluate the function, using the specified parameters.
+ *
+ * @param inputs a <code>List</code> of <code>Evaluatable</code>
+ * objects representing the arguments passed to the
function
+ * @param context an <code>EvaluationCtx</code> so that the
+ * <code>Evaluatable</code> objects can be evaluated
+ * @return an <code>EvaluationResult</code> representing the
+ * function's result
+ */
+ public EvaluationResult evaluate(List inputs, EvaluationCtx context) {
+
+ // Evaluate the arguments
+ AttributeValue [] argValues = new AttributeValue[inputs.size()];
+ EvaluationResult result = evalArgs(inputs, context, argValues);
+ if (result != null)
+ return result;
+
+ // Now that we have a real value, perform the not operation.
+ boolean arg = ((BooleanAttribute) argValues[0]).getValue();
+ return EvaluationResult.getInstance(!arg);
+ }
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/NumericConvertFunction.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/NumericConvertFunction.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/NumericConvertFunction.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,187 @@
+
+/*
+ * @(#)NumericConvertFunction.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.DoubleAttribute;
+import com.sun.xacml.attr.IntegerAttribute;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+
+/**
+ * A class that implements all the numeric type conversion functions
+ * (double-to-integer and integer-to-double). It takes one argument
+ * of the appropriate type, converts that argument to the other type,
+ * and returns the result. If the argument is indeterminate, an
+ * indeterminate result is returned.
+ *
+ * @since 1.0
+ * @author Steve Hanna
+ * @author Seth Proctor
+ */
+public class NumericConvertFunction extends FunctionBase
+{
+
+ /**
+ * Standard identifier for the double-to-integer function.
+ */
+ public static final String NAME_DOUBLE_TO_INTEGER =
+ FUNCTION_NS + "double-to-integer";
+
+ /**
+ * Standard identifier for the integer-to-double function.
+ */
+ public static final String NAME_INTEGER_TO_DOUBLE =
+ FUNCTION_NS + "integer-to-double";
+
+ // private identifiers for the supported functions
+ private static final int ID_DOUBLE_TO_INTEGER = 0;
+ private static final int ID_INTEGER_TO_DOUBLE = 1;
+
+ /**
+ * Creates a new <code>NumericConvertFunction</code> object.
+ *
+ * @param functionName the standard XACML name of the function to be
+ * handled by this object, including the full
namespace
+ *
+ * @throws IllegalArgumentException if the function is unknwon
+ */
+ public NumericConvertFunction(String functionName) {
+ super(functionName, getId(functionName),
getArgumentType(functionName),
+ false, 1, getReturnType(functionName), false);
+ }
+
+ /**
+ * Private helper that returns the internal identifier used for the
+ * given standard function.
+ */
+ private static int getId(String functionName) {
+ if (functionName.equals(NAME_DOUBLE_TO_INTEGER))
+ return ID_DOUBLE_TO_INTEGER;
+ else if (functionName.equals(NAME_INTEGER_TO_DOUBLE))
+ return ID_INTEGER_TO_DOUBLE;
+ else
+ throw new IllegalArgumentException("unknown convert function " +
+ functionName);
+ }
+
+ /**
+ * Returns a <code>Set</code> containing all the function identifiers
+ * supported by this class.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public static Set getSupportedIdentifiers() {
+ Set set = new HashSet();
+
+ set.add(NAME_DOUBLE_TO_INTEGER);
+ set.add(NAME_INTEGER_TO_DOUBLE);
+
+ return set;
+ }
+
+ /**
+ * Private helper that returns the type used for the given standard
+ * function. Note that this doesn't check on the return value since the
+ * method always is called after getId, so we assume that the function
+ * is present.
+ */
+ private static String getArgumentType(String functionName) {
+ if (functionName.equals(NAME_DOUBLE_TO_INTEGER))
+ return DoubleAttribute.identifier;
+ else
+ return IntegerAttribute.identifier;
+ }
+
+ /**
+ * Private helper that returns the return type for the given standard
+ * function. Note that this doesn't check on the return value since the
+ * method always is called after getId, so we assume that the function
+ * is present.
+ */
+ private static String getReturnType(String functionName) {
+ if (functionName.equals(NAME_DOUBLE_TO_INTEGER))
+ return IntegerAttribute.identifier;
+ else
+ return DoubleAttribute.identifier;
+ }
+
+ /**
+ * Evaluate the function, using the specified parameters.
+ *
+ * @param inputs a <code>List</code> of <code>Evaluatable</code>
+ * objects representing the arguments passed to the
function
+ * @param context an <code>EvaluationCtx</code> so that the
+ * <code>Evaluatable</code> objects can be evaluated
+ * @return an <code>EvaluationResult</code> representing the
+ * function's result
+ */
+ public EvaluationResult evaluate(List inputs, EvaluationCtx context) {
+
+ // Evaluate the arguments
+ AttributeValue [] argValues = new AttributeValue[inputs.size()];
+ EvaluationResult result = evalArgs(inputs, context, argValues);
+ if (result != null)
+ return result;
+
+ // Now that we have real values, perform the numeric conversion
+ // operation in the manner appropriate for this function.
+ switch (getFunctionId()) {
+ case ID_DOUBLE_TO_INTEGER: {
+ double arg0 = ((DoubleAttribute) argValues[0]).getValue();
+ long longValue = (long) arg0;
+
+ result = new EvaluationResult(new IntegerAttribute(longValue));
+ break;
+ }
+ case ID_INTEGER_TO_DOUBLE: {
+ long arg0 = ((IntegerAttribute) argValues[0]).getValue();
+ double doubleValue = (double) arg0;
+
+ result = new EvaluationResult(new DoubleAttribute(doubleValue));
+ break;
+ }
+ }
+
+ return result;
+ }
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/RoundFunction.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/RoundFunction.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/RoundFunction.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,133 @@
+
+/*
+ * @(#)RoundFunction.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.DoubleAttribute;
+import com.sun.xacml.attr.IntegerAttribute;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+
+/**
+ * A class that implements the round function. It takes one double
+ * operand, rounds that value to an integer and returns that integer.
+ * If the operand is indeterminate, an indeterminate result is returned.
+ *
+ * @since 1.0
+ * @author Steve Hanna
+ * @author Seth Proctor
+ */
+public class RoundFunction extends FunctionBase
+{
+
+ /**
+ * Standard identifier for the round function.
+ */
+ public static final String NAME_ROUND = FUNCTION_NS + "round";
+
+ /**
+ * Creates a new <code>RoundFunction</code> object.
+ *
+ * @param functionName the standard XACML name of the function to be
+ * handled by this object, including the full
namespace
+ *
+ * @throws IllegalArgumentException if the function is unknown
+ */
+ public RoundFunction(String functionName) {
+ super(NAME_ROUND, 0, DoubleAttribute.identifier, false, 1,
+ DoubleAttribute.identifier, false);
+
+ if (! functionName.equals(NAME_ROUND))
+ throw new IllegalArgumentException("unknown round function: "
+ + functionName);
+ }
+
+ /**
+ * Returns a <code>Set</code> containing all the function identifiers
+ * supported by this class.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public static Set getSupportedIdentifiers() {
+ Set set = new HashSet();
+
+ set.add(NAME_ROUND);
+
+ return set;
+ }
+
+ /**
+ * Evaluate the function, using the specified parameters.
+ *
+ * @param inputs a <code>List</code> of <code>Evaluatable</code>
+ * objects representing the arguments passed to the
function
+ * @param context an <code>EvaluationCtx</code> so that the
+ * <code>Evaluatable</code> objects can be evaluated
+ * @return an <code>EvaluationResult</code> representing the
+ * function's result
+ */
+ public EvaluationResult evaluate(List inputs, EvaluationCtx context) {
+
+ // Evaluate the arguments
+ AttributeValue [] argValues = new AttributeValue[inputs.size()];
+ EvaluationResult result = evalArgs(inputs, context, argValues);
+ if (result != null)
+ return result;
+
+ // Now that we have real values, perform the round operation
+ double arg = ((DoubleAttribute) argValues[0]).getValue();
+ double roundValue = Math.round(arg);
+
+ // Make it round half even, not round nearest
+ double lower = Math.floor(arg);
+ double higher = lower + 1;
+
+ if ((arg - lower) == (higher - arg)) {
+ if ((lower % 2) == 0)
+ roundValue = lower;
+ else
+ roundValue = higher;
+ }
+
+ return new EvaluationResult(new DoubleAttribute(roundValue));
+ }
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/SetFunction.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/SetFunction.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/SetFunction.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,275 @@
+
+/*
+ * @(#)SetFunction.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AnyURIAttribute;
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.BagAttribute;
+import com.sun.xacml.attr.Base64BinaryAttribute;
+import com.sun.xacml.attr.BooleanAttribute;
+import com.sun.xacml.attr.DateAttribute;
+import com.sun.xacml.attr.DateTimeAttribute;
+import com.sun.xacml.attr.DayTimeDurationAttribute;
+import com.sun.xacml.attr.DoubleAttribute;
+import com.sun.xacml.attr.HexBinaryAttribute;
+import com.sun.xacml.attr.IntegerAttribute;
+import com.sun.xacml.attr.RFC822NameAttribute;
+import com.sun.xacml.attr.StringAttribute;
+import com.sun.xacml.attr.TimeAttribute;
+import com.sun.xacml.attr.X500NameAttribute;
+import com.sun.xacml.attr.YearMonthDurationAttribute;
+
+import java.util.HashSet;
+import java.util.Set;
+
+
+/**
+ * Represents all of the Set functions, though the actual implementations
+ * are in two sub-classes specific to the condition and general set
+ * functions.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public abstract class SetFunction extends FunctionBase
+{
+
+ /**
+ * Base name for the type-intersection funtions. To get the standard
+ * identifier for a given type, use <code>FunctionBase.FUNCTION_NS</code>
+ * + the datatype's base name (e.g., <code>string</code>) +
+ * </code>NAME_BASE_INTERSECTION</code>.
+ */
+ public static final String NAME_BASE_INTERSECTION =
+ "-intersection";
+
+ /**
+ * Base name for the type-at-least-one-member-of funtions. To get the
+ * standard identifier for a given type, use
+ * <code>FunctionBase.FUNCTION_NS</code> + the datatype's base name
+ * (e.g., <code>string</code>) +
+ * </code>NAME_BASE_AT_LEAST_ONE_MEMBER_OF</code>.
+ */
+ public static final String NAME_BASE_AT_LEAST_ONE_MEMBER_OF =
+ "-at-least-one-member-of";
+
+ /**
+ * Base name for the type-union funtions. To get the standard
+ * identifier for a given type, use <code>FunctionBase.FUNCTION_NS</code>
+ * + the datatype's base name (e.g., <code>string</code>) +
+ * </code>NAME_BASE_UNION</code>.
+ */
+ public static final String NAME_BASE_UNION =
+ "-union";
+
+ /**
+ * Base name for the type-subset funtions. To get the standard
+ * identifier for a given type, use <code>FunctionBase.FUNCTION_NS</code>
+ * + the datatype's base name (e.g., <code>string</code>) +
+ * </code>NAME_BASE_SUBSET</code>.
+ */
+ public static final String NAME_BASE_SUBSET =
+ "-subset";
+
+ /**
+ * Base name for the type-set-equals funtions. To get the standard
+ * identifier for a given type, use <code>FunctionBase.FUNCTION_NS</code>
+ * + the datatype's base name (e.g., <code>string</code>) +
+ * </code>NAME_BASE_SET_EQUALS</code>.
+ */
+ public static final String NAME_BASE_SET_EQUALS =
+ "-set-equals";
+
+ /**
+ * A complete list of all the XACML datatypes supported by the Set
+ * functions
+ */
+ protected static String baseTypes [] = {
+ StringAttribute.identifier,
+ BooleanAttribute.identifier,
+ IntegerAttribute.identifier,
+ DoubleAttribute.identifier,
+ DateAttribute.identifier,
+ DateTimeAttribute.identifier,
+ TimeAttribute.identifier,
+ AnyURIAttribute.identifier,
+ HexBinaryAttribute.identifier,
+ Base64BinaryAttribute.identifier,
+ DayTimeDurationAttribute.identifier,
+ YearMonthDurationAttribute.identifier,
+ X500NameAttribute.identifier,
+ RFC822NameAttribute.identifier
+ };
+
+ /**
+ * A complete list of all the XACML datatypes supported by the Set
+ * functions, using the "simple" form of the names (eg, string
+ * instead of http://www.w3.org/2001/XMLSchema#string)
+ */
+ protected static String simpleTypes [] = {
+ "string", "boolean", "integer", "double", "date", "dateTime",
+ "time", "anyURI", "hexBinary", "base64Binary", "dayTimeDuration",
+ "yearMonthDuration", "x500Name", "rfc822Name"
+ };
+
+ /**
+ * Creates a new instance of the intersection set function.
+ * This should be used to create support for any new attribute types
+ * and then the new <code>SetFunction</code> object should be added
+ * to the factory (all set functions for the base types are already
+ * installed in the factory).
+ *
+ * @param functionName the name of the function
+ * @param argumentType the attribute type this function will work with
+ *
+ * @return a new <code>SetFunction</code> for the given type
+ */
+ public static SetFunction getIntersectionInstance(String functionName,
+ String argumentType) {
+ return new GeneralSetFunction(functionName, argumentType,
+ NAME_BASE_INTERSECTION);
+ }
+
+ /**
+ * Creates a new instance of the at-least-one-member-of set function.
+ * This should be used to create support for any new attribute types
+ * and then the new <code>SetFunction</code> object should be added
+ * to the factory (all set functions for the base types are already
+ * installed in the factory).
+ *
+ * @param functionName the name of the function
+ * @param argumentType the attribute type this function will work with
+ *
+ * @return a new <code>SetFunction</code> for the given type
+ */
+ public static SetFunction getAtLeastOneInstance(String functionName,
+ String argumentType) {
+ return new ConditionSetFunction(functionName, argumentType,
+ NAME_BASE_AT_LEAST_ONE_MEMBER_OF);
+ }
+
+ /**
+ * Creates a new instance of the union set function.
+ * This should be used to create support for any new attribute types
+ * and then the new <code>SetFunction</code> object should be added
+ * to the factory (all set functions for the base types are already
+ * installed in the factory).
+ *
+ * @param functionName the name of the function
+ * @param argumentType the attribute type this function will work with
+ *
+ * @return a new <code>SetFunction</code> for the given type
+ */
+ public static SetFunction getUnionInstance(String functionName,
+ String argumentType) {
+ return new GeneralSetFunction(functionName, argumentType,
+ NAME_BASE_UNION);
+ }
+
+ /**
+ * Creates a new instance of the subset set function.
+ * This should be used to create support for any new attribute types
+ * and then the new <code>SetFunction</code> object should be added
+ * to the factory (all set functions for the base types are already
+ * installed in the factory).
+ *
+ * @param functionName the name of the function
+ * @param argumentType the attribute type this function will work with
+ *
+ * @return a new <code>SetFunction</code> for the given type
+ */
+ public static SetFunction getSubsetInstance(String functionName,
+ String argumentType) {
+ return new ConditionSetFunction(functionName, argumentType,
+ NAME_BASE_SUBSET);
+ }
+
+ /**
+ * Creates a new instance of the equals set function.
+ * This should be used to create support for any new attribute types
+ * and then the new <code>SetFunction</code> object should be added
+ * to the factory (all set functions for the base types are already
+ * installed in the factory).
+ *
+ * @param functionName the name of the function
+ * @param argumentType the attribute type this function will work with
+ *
+ * @return a new <code>SetFunction</code> for the given type
+ */
+ public static SetFunction getSetEqualsInstance(String functionName,
+ String argumentType) {
+ return new ConditionSetFunction(functionName, argumentType,
+ NAME_BASE_SET_EQUALS);
+ }
+
+ /**
+ * Protected constuctor used by the general and condition subclasses.
+ * If you need to create a new <code>SetFunction</code> instance you
+ * should either use one of the <code>getInstance</code> methods or
+ * construct one of the sub-classes directly.
+ *
+ * @param functionName the identitifer for the function
+ * @param functionId an optional, internal numeric identifier
+ * @param argumentType the datatype this function accepts
+ * @param returnType the datatype this function returns
+ * @param returnsBag whether this function returns bags
+ */
+ protected SetFunction(String functionName, int functionId,
+ String argumentType, String returnType,
+ boolean returnsBag) {
+ super(functionName, functionId, argumentType, true, 2, returnType,
+ returnsBag);
+ }
+
+ /**
+ * Returns a <code>Set</code> containing all the function identifiers
+ * supported by this class.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public static Set getSupportedIdentifiers() {
+ Set set = new HashSet();
+
+ set.addAll(ConditionSetFunction.getSupportedIdentifiers());
+ set.addAll(GeneralSetFunction.getSupportedIdentifiers());
+
+ return set;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/StandardFunctionFactory.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/StandardFunctionFactory.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/StandardFunctionFactory.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,415 @@
+
+/*
+ * @(#)StandardFunctionFactory.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.cond.cluster.AbsFunctionCluster;
+import com.sun.xacml.cond.cluster.AddFunctionCluster;
+import com.sun.xacml.cond.cluster.ComparisonFunctionCluster;
+import com.sun.xacml.cond.cluster.ConditionBagFunctionCluster;
+import com.sun.xacml.cond.cluster.ConditionSetFunctionCluster;
+import com.sun.xacml.cond.cluster.DateMathFunctionCluster;
+import com.sun.xacml.cond.cluster.DivideFunctionCluster;
+import com.sun.xacml.cond.cluster.EqualFunctionCluster;
+import com.sun.xacml.cond.cluster.FloorFunctionCluster;
+import com.sun.xacml.cond.cluster.GeneralBagFunctionCluster;
+import com.sun.xacml.cond.cluster.GeneralSetFunctionCluster;
+import com.sun.xacml.cond.cluster.HigherOrderFunctionCluster;
+import com.sun.xacml.cond.cluster.LogicalFunctionCluster;
+import com.sun.xacml.cond.cluster.MatchFunctionCluster;
+import com.sun.xacml.cond.cluster.ModFunctionCluster;
+import com.sun.xacml.cond.cluster.MultiplyFunctionCluster;
+import com.sun.xacml.cond.cluster.NOfFunctionCluster;
+import com.sun.xacml.cond.cluster.NotFunctionCluster;
+import com.sun.xacml.cond.cluster.NumericConvertFunctionCluster;
+import com.sun.xacml.cond.cluster.RoundFunctionCluster;
+import com.sun.xacml.cond.cluster.StringNormalizeFunctionCluster;
+import com.sun.xacml.cond.cluster.SubtractFunctionCluster;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+
+import java.util.logging.Logger;
+
+
+/**
+ * This factory supports the standard set of functions specified in XACML
+ * 1.0 and 1.1. It is the default factory used by the system, and imposes
+ * a singleton pattern insuring that there is only ever one instance of
+ * this class.
+ * 
+ * Note that because this supports only the standard functions, this
+ * factory does not allow the addition of any other functions. If you call
+ * <code>addFunction</code> on an instance of this class, an exception
+ * will be thrown. If you need a standard factory that is modifiable,
+ * you can either create a new <code>BaseFunctionFactory</code> (or some
+ * other implementation of <code>FunctionFactory</code>) populated with
+ * the standard functions from <code>getStandardFunctions</code> or
+ * you can use <code>getNewFactoryProxy</code> to get a proxy containing
+ * a new, modifiable set of factories.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class StandardFunctionFactory extends BaseFunctionFactory
+{
+
+ // the three singleton instances
+ private static StandardFunctionFactory targetFactory = null;
+ private static StandardFunctionFactory conditionFactory = null;
+ private static StandardFunctionFactory generalFactory = null;
+
+ // the three function sets/maps that we use internally
+ private static Set targetFunctions = null;
+ private static Set conditionFunctions = null;
+ private static Set generalFunctions = null;
+
+ private static Map targetAbstractFunctions = null;
+ private static Map conditionAbstractFunctions = null;
+ private static Map generalAbstractFunctions = null;
+
+ // the set/map used by each singleton factory instance
+ private Set supportedFunctions = null;
+ private Map supportedAbstractFunctions = null;
+
+ // the logger we'll use for all messages
+ private static final Logger logger =
+ Logger.getLogger(StandardFunctionFactory.class.getName());
+
+ /**
+ * Creates a new StandardFunctionFactory, making sure that the default
+ * maps are initialized correctly. Standard factories can't be modified,
+ * so there is no notion of supersetting since that's only used for
+ * correctly propagating new functions.
+ */
+ private StandardFunctionFactory(Set supportedFunctions,
+ Map supportedAbstractFunctions) {
+ super(supportedFunctions, supportedAbstractFunctions);
+
+ this.supportedFunctions = supportedFunctions;
+ this.supportedAbstractFunctions = supportedAbstractFunctions;
+ }
+
+ /**
+ * Private initializer for the target functions. This is only ever
+ * called once.
+ */
+ private static void initTargetFunctions() {
+ logger.config("Initializing standard Target functions");
+
+ targetFunctions = new HashSet();
+
+ // add EqualFunction
+ targetFunctions.addAll((new EqualFunctionCluster()).
+ getSupportedFunctions());
+ // add LogicalFunction
+ targetFunctions.addAll((new LogicalFunctionCluster()).
+ getSupportedFunctions());
+ // add NOfFunction
+ targetFunctions.addAll((new NOfFunctionCluster()).
+ getSupportedFunctions());
+ // add NotFunction
+ targetFunctions.addAll((new NotFunctionCluster()).
+ getSupportedFunctions());
+ // add ComparisonFunction
+ targetFunctions.addAll((new ComparisonFunctionCluster()).
+ getSupportedFunctions());
+ // add MatchFunction
+ targetFunctions.addAll((new MatchFunctionCluster()).
+ getSupportedFunctions());
+
+ targetAbstractFunctions = new HashMap();
+ }
+
+ /**
+ * Private initializer for the condition functions. This is only ever
+ * called once.
+ */
+ private static void initConditionFunctions() {
+ logger.config("Initializing standard Condition functions");
+
+ if (targetFunctions == null)
+ initTargetFunctions();
+
+ conditionFunctions = new HashSet(targetFunctions);
+
+ // add condition functions from BagFunction
+ conditionFunctions.addAll((new ConditionBagFunctionCluster()).
+ getSupportedFunctions());
+ // add condition functions from SetFunction
+ conditionFunctions.addAll((new ConditionSetFunctionCluster()).
+ getSupportedFunctions());
+ // add condition functions from HigherOrderFunction
+ conditionFunctions.addAll((new HigherOrderFunctionCluster()).
+ getSupportedFunctions());
+
+ conditionAbstractFunctions = new HashMap(targetAbstractFunctions);
+ }
+
+ /**
+ * Private initializer for the general functions. This is only ever
+ * called once.
+ */
+ private static void initGeneralFunctions() {
+ logger.config("Initializing standard General functions");
+
+ if (conditionFunctions == null)
+ initConditionFunctions();
+
+ generalFunctions = new HashSet(conditionFunctions);
+
+ // add AddFunction
+ generalFunctions.addAll((new AddFunctionCluster()).
+ getSupportedFunctions());
+ // add SubtractFunction
+ generalFunctions.addAll((new SubtractFunctionCluster()).
+ getSupportedFunctions());
+ // add MultiplyFunction
+ generalFunctions.addAll((new MultiplyFunctionCluster()).
+ getSupportedFunctions());
+ // add DivideFunction
+ generalFunctions.addAll((new DivideFunctionCluster()).
+ getSupportedFunctions());
+ // add ModFunction
+ generalFunctions.addAll((new ModFunctionCluster()).
+ getSupportedFunctions());
+ // add AbsFunction
+ generalFunctions.addAll((new AbsFunctionCluster()).
+ getSupportedFunctions());
+ // add RoundFunction
+ generalFunctions.addAll((new RoundFunctionCluster()).
+ getSupportedFunctions());
+ // add FloorFunction
+ generalFunctions.addAll((new FloorFunctionCluster()).
+ getSupportedFunctions());
+ // add DateMathFunction
+ generalFunctions.addAll((new DateMathFunctionCluster()).
+ getSupportedFunctions());
+ // add general functions from BagFunction
+ generalFunctions.addAll((new GeneralBagFunctionCluster()).
+ getSupportedFunctions());
+ // add NumericConvertFunction
+ generalFunctions.addAll((new NumericConvertFunctionCluster()).
+ getSupportedFunctions());
+ // add StringNormalizeFunction
+ generalFunctions.addAll((new StringNormalizeFunctionCluster()).
+ getSupportedFunctions());
+ // add general functions from SetFunction
+ generalFunctions.addAll((new GeneralSetFunctionCluster()).
+ getSupportedFunctions());
+
+ generalAbstractFunctions = new HashMap(conditionAbstractFunctions);
+
+ // add the map function's proxy
+ try {
+ generalAbstractFunctions.put(new URI(MapFunction.NAME_MAP),
+ new MapFunctionProxy());
+ } catch (URISyntaxException e) {
+ // this shouldn't ever happen, but just in case...
+ throw new IllegalArgumentException("invalid function name");
+ }
+ }
+
+ /**
+ * Returns a FunctionFactory that will only provide those functions that
+ * are usable in Target matching. This method enforces a singleton
+ * model, meaning that this always returns the same instance, creating
+ * the factory if it hasn't been requested before. This is the default
+ * model used by the <code>FunctionFactory</code>, ensuring quick
+ * access to this factory.
+ *
+ * @return a <code>FunctionFactory</code> for target functions
+ */
+ public static StandardFunctionFactory getTargetFactory() {
+ if (targetFactory == null) {
+ synchronized (StandardFunctionFactory.class) {
+ if (targetFunctions == null)
+ initTargetFunctions();
+ if (targetFactory == null)
+ targetFactory =
+ new StandardFunctionFactory(targetFunctions,
+ targetAbstractFunctions);
+ }
+ }
+
+ return targetFactory;
+ }
+
+ /**
+ * Returns a FuntionFactory that will only provide those functions that
+ * are usable in the root of the Condition. These Functions are a
+ * superset of the Target functions. This method enforces a singleton
+ * model, meaning that this always returns the same instance, creating
+ * the factory if it hasn't been requested before. This is the default
+ * model used by the <code>FunctionFactory</code>, ensuring quick
+ * access to this factory.
+ *
+ * @return a <code>FunctionFactory</code> for condition functions
+ */
+ public static StandardFunctionFactory getConditionFactory() {
+ if (conditionFactory == null) {
+ synchronized (StandardFunctionFactory.class) {
+ if (conditionFunctions == null)
+ initConditionFunctions();
+ if (conditionFactory == null)
+ conditionFactory =
+ new StandardFunctionFactory(conditionFunctions,
+
conditionAbstractFunctions);
+ }
+ }
+
+ return conditionFactory;
+ }
+
+ /**
+ * Returns a FunctionFactory that provides access to all the functions.
+ * These Functions are a superset of the Condition functions. This method
+ * enforces a singleton model, meaning that this always returns the same
+ * instance, creating the factory if it hasn't been requested before.
+ * This is the default model used by the <code>FunctionFactory</code>,
+ * ensuring quick access to this factory.
+ *
+ * @return a <code>FunctionFactory</code> for all functions
+ */
+ public static StandardFunctionFactory getGeneralFactory() {
+ if (generalFactory == null) {
+ synchronized (StandardFunctionFactory.class) {
+ if (generalFunctions == null) {
+ initGeneralFunctions();
+ generalFactory =
+ new StandardFunctionFactory(generalFunctions,
+
generalAbstractFunctions);
+ }
+ }
+ }
+
+ return generalFactory;
+ }
+
+ /**
+ * Returns the set of functions that this standard factory supports.
+ *
+ * @return a <code>Set</code> of <code>Function</code>s
+ */
+ public Set getStandardFunctions() {
+ return Collections.unmodifiableSet(supportedFunctions);
+ }
+
+ /**
+ * Returns the set of abstract functions that this standard factory
+ * supports as a mapping of identifier to proxy.
+ *
+ * @return a <code>Map</code> mapping <code>URI</code>s to
+ * <code>FunctionProxy</code>s
+ */
+ public Map getStandardAbstractFunctions() {
+ return Collections.unmodifiableMap(supportedAbstractFunctions);
+ }
+
+ /**
+ * A convenience method that returns a proxy containing newly created
+ * instances of <code>BaseFunctionFactory</code>s that are correctly
+ * supersetted and contain the standard functions and abstract functions.
+ * These factories allow adding support for new functions.
+ *
+ * @return a new proxy containing new factories supporting the standard
+ * functions
+ */
+ public static FunctionFactoryProxy getNewFactoryProxy() {
+ StandardFunctionFactory general =
+ StandardFunctionFactory.getGeneralFactory();
+ FunctionFactory newGeneral =
+ new BaseFunctionFactory(general.getStandardFunctions(),
+ general.getStandardAbstractFunctions());
+
+ StandardFunctionFactory condition =
+ StandardFunctionFactory.getConditionFactory();
+ FunctionFactory newCondition =
+ new BaseFunctionFactory(newGeneral,
+ condition.getStandardFunctions(),
+
condition.getStandardAbstractFunctions());
+
+ StandardFunctionFactory target =
+ StandardFunctionFactory.getTargetFactory();
+ FunctionFactory newTarget =
+ new BaseFunctionFactory(newCondition,
+ target.getStandardFunctions(),
+ target.getStandardAbstractFunctions());
+
+ return new BasicFunctionFactoryProxy(newTarget, newCondition,
+ newGeneral);
+ }
+
+ /**
+ * Always throws an exception, since support for new functions may not be
+ * added to a standard factory.
+ *
+ * @param function the <code>Function</code> to add to the factory
+ *
+ * @throws UnsupportedOperationException always
+ */
+ public void addFunction(Function function)
+ throws IllegalArgumentException
+ {
+ throw new UnsupportedOperationException("a standard factory cannot "
+
+ "support new functions");
+ }
+
+ /**
+ * Always throws an exception, since support for new functions may not be
+ * added to a standard factory.
+ *
+ * @param proxy the <code>FunctionProxy</code> to add to the factory
+ * @param identity the function's identifier
+ *
+ * @throws UnsupportedOperationException always
+ */
+ public void addAbstractFunction(FunctionProxy proxy,
+ URI identity)
+ throws IllegalArgumentException
+ {
+ throw new UnsupportedOperationException("a standard factory cannot "
+
+ "support new functions");
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/StringNormalizeFunction.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/StringNormalizeFunction.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/StringNormalizeFunction.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,171 @@
+
+/*
+ * @(#)StringNormalizeFunction.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.StringAttribute;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+
+/**
+ * A class that implements all the string conversion functions
+ * (string-normalize-space and string-normalize-to-lower-case).
+ * It takes string argument, normalizes that value, and returns
+ * the result. If the argument is indeterminate, an indeterminate
+ * result is returned.
+ *
+ * @since 1.0
+ * @author Steve Hanna
+ * @author Seth Proctor
+ */
+public class StringNormalizeFunction extends FunctionBase
+{
+
+ /**
+ * Standard identifier for the string-normalize-space function.
+ */
+ public static final String NAME_STRING_NORMALIZE_SPACE =
+ FUNCTION_NS + "string-normalize-space";
+
+ /**
+ * Standard identifier for the string-normalize-to-lower-case function.
+ */
+ public static final String NAME_STRING_NORMALIZE_TO_LOWER_CASE =
+ FUNCTION_NS + "string-normalize-to-lower-case";
+
+ // private identifiers for the supported functions
+ private static final int ID_STRING_NORMALIZE_SPACE = 0;
+ private static final int ID_STRING_NORMALIZE_TO_LOWER_CASE = 1;
+
+ /**
+ * Creates a new <code>StringNormalizeFunction</code> object.
+ *
+ * @param functionName the standard XACML name of the function to be
+ * handled by this object, including the full
namespace
+ *
+ * @throws IllegalArgumentException if the function is unknown
+ */
+ public StringNormalizeFunction(String functionName) {
+ super(functionName, getId(functionName), StringAttribute.identifier,
+ false, 1, StringAttribute.identifier, false);
+ }
+
+ /**
+ * Private helper that returns the internal identifier used for the
+ * given standard function.
+ */
+ private static int getId(String functionName) {
+ if (functionName.equals(NAME_STRING_NORMALIZE_SPACE))
+ return ID_STRING_NORMALIZE_SPACE;
+ else if (functionName.equals(NAME_STRING_NORMALIZE_TO_LOWER_CASE))
+ return ID_STRING_NORMALIZE_TO_LOWER_CASE;
+ else
+ throw new IllegalArgumentException("unknown normalize function "
+
+ functionName);
+ }
+
+ /**
+ * Returns a <code>Set</code> containing all the function identifiers
+ * supported by this class.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public static Set getSupportedIdentifiers() {
+ Set set = new HashSet();
+
+ set.add(NAME_STRING_NORMALIZE_SPACE);
+ set.add(NAME_STRING_NORMALIZE_TO_LOWER_CASE);
+
+ return set;
+ }
+
+ /**
+ * Evaluate the function, using the specified parameters.
+ *
+ * @param inputs a <code>List</code> of <code>Evaluatable</code>
+ * objects representing the arguments passed to the
function
+ * @param context an <code>EvaluationCtx</code> so that the
+ * <code>Evaluatable</code> objects can be evaluated
+ * @return an <code>EvaluationResult</code> representing the
+ * function's result
+ */
+ public EvaluationResult evaluate(List inputs, EvaluationCtx context) {
+ // Evaluate the arguments
+ AttributeValue [] argValues = new AttributeValue[inputs.size()];
+ EvaluationResult result = evalArgs(inputs, context, argValues);
+ if (result != null)
+ return result;
+
+ // Now that we have real values, perform the numeric conversion
+ // operation in the manner appropriate for this function.
+ switch (getFunctionId()) {
+ case ID_STRING_NORMALIZE_SPACE: {
+ String str = ((StringAttribute) argValues[0]).getValue();
+
+ // Trim whitespace from start and end of string
+ int startIndex = 0;
+ int endIndex = str.length() - 1;
+ while ((startIndex <= endIndex) &&
+ Character.isWhitespace(str.charAt(startIndex)))
+ startIndex++;
+ while ((startIndex <= endIndex) &&
+ Character.isWhitespace(str.charAt(endIndex)))
+ endIndex--;
+ String strResult = str.substring(startIndex, endIndex+1);
+
+ result = new EvaluationResult(new StringAttribute(strResult));
+ break;
+ }
+ case ID_STRING_NORMALIZE_TO_LOWER_CASE: {
+ String str = ((StringAttribute) argValues[0]).getValue();
+
+ // Convert string to lower case
+ String strResult = str.toLowerCase();
+
+ result = new EvaluationResult(new StringAttribute(strResult));
+ break;
+ }
+ }
+
+ return result;
+ }
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/SubtractFunction.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/SubtractFunction.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/SubtractFunction.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,175 @@
+
+/*
+ * @(#)SubtractFunction.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.DoubleAttribute;
+import com.sun.xacml.attr.IntegerAttribute;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+
+/**
+ * A class that implements all the *-subtract functions. It takes two
+ * operands of the appropriate type and returns the difference of the
+ * operands. If either of the operands is indeterminate, an indeterminate
+ * result is returned.
+ *
+ * @since 1.0
+ * @author Steve Hanna
+ * @author Seth Proctor
+ */
+public class SubtractFunction extends FunctionBase
+{
+
+ /**
+ * Standard identifier for the integer-subtract function.
+ */
+ public static final String NAME_INTEGER_SUBTRACT =
+ FUNCTION_NS + "integer-subtract";
+
+ /**
+ * Standard identifier for the integer-subtract function.
+ */
+ public static final String NAME_DOUBLE_SUBTRACT =
+ FUNCTION_NS + "double-subtract";
+
+ // inernal identifiers for each of the supported functions
+ private static final int ID_INTEGER_SUBTRACT = 0;
+ private static final int ID_DOUBLE_SUBTRACT = 1;
+
+ /**
+ * Creates a new <code>SubtractFunction</code> object.
+ *
+ * @param functionName the standard XACML name of the function to be
+ * handled by this object, including the full
namespace
+ *
+ * @throws IllegalArgumentException if the function is unknown
+ */
+ public SubtractFunction(String functionName) {
+ super(functionName, getId(functionName),
getArgumentType(functionName),
+ false, 2, getArgumentType(functionName), false);
+ }
+
+ /**
+ * Private helper that returns the internal identifier used for the
+ * given standard function.
+ */
+ private static int getId(String functionName) {
+ if (functionName.equals(NAME_INTEGER_SUBTRACT))
+ return ID_INTEGER_SUBTRACT;
+ else if (functionName.equals(NAME_DOUBLE_SUBTRACT))
+ return ID_DOUBLE_SUBTRACT;
+ else
+ throw new IllegalArgumentException("unknown subtract function " +
+ functionName);
+ }
+
+ /**
+ * Private helper that returns the type used for the given standard
+ * function. Note that this doesn't check on the return value since the
+ * method always is called after getId, so we assume that the function
+ * is present.
+ */
+ private static String getArgumentType(String functionName) {
+ if (functionName.equals(NAME_INTEGER_SUBTRACT))
+ return IntegerAttribute.identifier;
+ else
+ return DoubleAttribute.identifier;
+ }
+
+ /**
+ * Returns a <code>Set</code> containing all the function identifiers
+ * supported by this class.
+ *
+ * @return a <code>Set</code> of <code>String</code>s
+ */
+ public static Set getSupportedIdentifiers() {
+ Set set = new HashSet();
+
+ set.add(NAME_INTEGER_SUBTRACT);
+ set.add(NAME_DOUBLE_SUBTRACT);
+
+ return set;
+ }
+
+ /**
+ * Evaluate the function, using the specified parameters.
+ *
+ * @param inputs a <code>List</code> of <code>Evaluatable</code>
+ * objects representing the arguments passed to the
function
+ * @param context an <code>EvaluationCtx</code> so that the
+ * <code>Evaluatable</code> objects can be evaluated
+ * @return an <code>EvaluationResult</code> representing the
+ * function's result
+ */
+ public EvaluationResult evaluate(List inputs, EvaluationCtx context) {
+
+ // Evaluate the arguments
+ AttributeValue [] argValues = new AttributeValue[inputs.size()];
+ EvaluationResult result = evalArgs(inputs, context, argValues);
+ if (result != null)
+ return result;
+
+ // Now that we have real values, perform the subtract operation
+ // in the manner appropriate for the type of the arguments.
+ switch (getFunctionId()) {
+ case ID_INTEGER_SUBTRACT: {
+ long arg0 = ((IntegerAttribute) argValues[0]).getValue();
+ long arg1 = ((IntegerAttribute) argValues[1]).getValue();
+ long difference = arg0 - arg1;
+
+ result = new EvaluationResult(new IntegerAttribute(difference));
+ break;
+ }
+ case ID_DOUBLE_SUBTRACT: {
+ double arg0 = ((DoubleAttribute) argValues[0]).getValue();
+ double arg1 = ((DoubleAttribute) argValues[1]).getValue();
+ double difference = arg0 - arg1;
+
+ result = new EvaluationResult(new DoubleAttribute(difference));
+ break;
+ }
+ }
+
+ return result;
+ }
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/AbsFunctionCluster.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/AbsFunctionCluster.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/AbsFunctionCluster.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,65 @@
+
+/*
+ * @(#)AbsFunctionCluster.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond.cluster;
+
+import com.sun.xacml.cond.AbsFunction;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+
+/**
+ * Clusters all the functions supported by <code>AbsFunction</code>.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class AbsFunctionCluster implements FunctionCluster
+{
+
+ public Set getSupportedFunctions() {
+ Set set = new HashSet();
+ Iterator it = AbsFunction.getSupportedIdentifiers().iterator();
+
+ while (it.hasNext())
+ set.add(new AbsFunction((String)(it.next())));
+
+ return set;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/AddFunctionCluster.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/AddFunctionCluster.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/AddFunctionCluster.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,65 @@
+
+/*
+ * @(#)AddFunctionCluster.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond.cluster;
+
+import com.sun.xacml.cond.AddFunction;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+
+/**
+ * Clusters all the functions supported by <code>AddFunction</code>.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class AddFunctionCluster implements FunctionCluster
+{
+
+ public Set getSupportedFunctions() {
+ Set set = new HashSet();
+ Iterator it = AddFunction.getSupportedIdentifiers().iterator();
+
+ while (it.hasNext())
+ set.add(new AddFunction((String)(it.next())));
+
+ return set;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/ComparisonFunctionCluster.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/ComparisonFunctionCluster.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/ComparisonFunctionCluster.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,65 @@
+
+/*
+ * @(#)ComparisonFunctionCluster.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond.cluster;
+
+import com.sun.xacml.cond.ComparisonFunction;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+
+/**
+ * Clusters all the functions supported by <code>ComparisonFunction</code>.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class ComparisonFunctionCluster implements FunctionCluster
+{
+
+ public Set getSupportedFunctions() {
+ Set set = new HashSet();
+ Iterator it =
ComparisonFunction.getSupportedIdentifiers().iterator();
+
+ while (it.hasNext())
+ set.add(new ComparisonFunction((String)(it.next())));
+
+ return set;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/ConditionBagFunctionCluster.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/ConditionBagFunctionCluster.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/ConditionBagFunctionCluster.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,67 @@
+
+/*
+ * @(#)ConditionBagFunctionCluster.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond.cluster;
+
+import com.sun.xacml.cond.FunctionBase;
+import com.sun.xacml.cond.ConditionBagFunction;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+
+/**
+ * Clusters all the functions supported by <code>ConditionBagFunction</code>.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class ConditionBagFunctionCluster implements FunctionCluster
+{
+
+ public Set getSupportedFunctions() {
+ Set set = new HashSet();
+ Iterator it = ConditionBagFunction.getSupportedIdentifiers().
+ iterator();
+
+ while (it.hasNext())
+ set.add(new ConditionBagFunction((String)(it.next())));
+
+ return set;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/ConditionSetFunctionCluster.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/ConditionSetFunctionCluster.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/ConditionSetFunctionCluster.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,67 @@
+
+/*
+ * @(#)ConditionSetFunctionCluster.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond.cluster;
+
+import com.sun.xacml.cond.FunctionBase;
+import com.sun.xacml.cond.ConditionSetFunction;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+
+/**
+ * Clusters all the functions supported by <code>ConditionSetFunction</code>.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class ConditionSetFunctionCluster implements FunctionCluster
+{
+
+ public Set getSupportedFunctions() {
+ Set set = new HashSet();
+ Iterator it = ConditionSetFunction.getSupportedIdentifiers().
+ iterator();
+
+ while (it.hasNext())
+ set.add(new ConditionSetFunction((String)(it.next())));
+
+ return set;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/DateMathFunctionCluster.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/DateMathFunctionCluster.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/DateMathFunctionCluster.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,65 @@
+
+/*
+ * @(#)DateMathFunctionCluster.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond.cluster;
+
+import com.sun.xacml.cond.DateMathFunction;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+
+/**
+ * Clusters all the functions supported by <code>DateMathFunction</code>.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class DateMathFunctionCluster implements FunctionCluster
+{
+
+ public Set getSupportedFunctions() {
+ Set set = new HashSet();
+ Iterator it = DateMathFunction.getSupportedIdentifiers().iterator();
+
+ while (it.hasNext())
+ set.add(new DateMathFunction((String)(it.next())));
+
+ return set;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/DivideFunctionCluster.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/DivideFunctionCluster.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/DivideFunctionCluster.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,65 @@
+
+/*
+ * @(#)DivideFunctionCluster.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond.cluster;
+
+import com.sun.xacml.cond.DivideFunction;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+
+/**
+ * Clusters all the functions supported by <code>DivideFunction</code>.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class DivideFunctionCluster implements FunctionCluster
+{
+
+ public Set getSupportedFunctions() {
+ Set set = new HashSet();
+ Iterator it = DivideFunction.getSupportedIdentifiers().iterator();
+
+ while (it.hasNext())
+ set.add(new DivideFunction((String)(it.next())));
+
+ return set;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/EqualFunctionCluster.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/EqualFunctionCluster.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/EqualFunctionCluster.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,65 @@
+
+/*
+ * @(#)EqualFunctionCluster.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond.cluster;
+
+import com.sun.xacml.cond.EqualFunction;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+
+/**
+ * Clusters all the functions supported by <code>EqualFunction</code>.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class EqualFunctionCluster implements FunctionCluster
+{
+
+ public Set getSupportedFunctions() {
+ Set set = new HashSet();
+ Iterator it = EqualFunction.getSupportedIdentifiers().iterator();
+
+ while (it.hasNext())
+ set.add(new EqualFunction((String)(it.next())));
+
+ return set;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/FloorFunctionCluster.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/FloorFunctionCluster.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/FloorFunctionCluster.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,65 @@
+
+/*
+ * @(#)FloorFunctionCluster.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond.cluster;
+
+import com.sun.xacml.cond.FloorFunction;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+
+/**
+ * Clusters all the functions supported by <code>FloorFunction</code>.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class FloorFunctionCluster implements FunctionCluster
+{
+
+ public Set getSupportedFunctions() {
+ Set set = new HashSet();
+ Iterator it = FloorFunction.getSupportedIdentifiers().iterator();
+
+ while (it.hasNext())
+ set.add(new FloorFunction((String)(it.next())));
+
+ return set;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/FunctionCluster.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/FunctionCluster.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/FunctionCluster.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,70 @@
+
+/*
+ * @(#)FunctionCluster.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond.cluster;
+
+import java.util.Set;
+
+
+/**
+ * Interface used by classes that support more than one function. It's a
+ * common design model to have a single class support more than one XACML
+ * function. In those cases, you should provide a proxy that implements
+ * <code>FunctionCluster</code> in addition to the <code>Function</code>.
+ * This is particularly important for the run-time configuration system,
+ * which uses this interface to create "clusters" of functions and therefore
+ * can use a smaller configuration file.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public interface FunctionCluster
+{
+
+ /**
+ * Returns a single instance of each of the functions supported by
+ * some class. The <code>Set</code> must contain instances of
+ * <code>Function</code>, and it must be both non-null and non-empty.
+ * It may contain only a single <code>Function</code>.
+ * 
+ * Note that this is only used to return concrete <code>Function</code>s.
+ * It may not be used to report abstract functions.
+ *
+ * @return the functions supported by this class
+ */
+ public Set getSupportedFunctions();
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/GeneralBagFunctionCluster.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/GeneralBagFunctionCluster.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/GeneralBagFunctionCluster.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,66 @@
+
+/*
+ * @(#)GeneralBagFunctionCluster.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond.cluster;
+
+import com.sun.xacml.cond.FunctionBase;
+import com.sun.xacml.cond.GeneralBagFunction;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+
+/**
+ * Clusters all the functions supported by <code>GeneralBagFunction</code>.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class GeneralBagFunctionCluster implements FunctionCluster
+{
+
+ public Set getSupportedFunctions() {
+ Set set = new HashSet();
+ Iterator it =
GeneralBagFunction.getSupportedIdentifiers().iterator();
+
+ while (it.hasNext())
+ set.add(new GeneralBagFunction((String)(it.next())));
+
+ return set;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/GeneralSetFunctionCluster.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/GeneralSetFunctionCluster.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/GeneralSetFunctionCluster.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,66 @@
+
+/*
+ * @(#)GeneralSetFunctionCluster.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond.cluster;
+
+import com.sun.xacml.cond.FunctionBase;
+import com.sun.xacml.cond.GeneralSetFunction;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+
+/**
+ * Clusters all the functions supported by <code>GeneralSetFunction</code>.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class GeneralSetFunctionCluster implements FunctionCluster
+{
+
+ public Set getSupportedFunctions() {
+ Set set = new HashSet();
+ Iterator it =
GeneralSetFunction.getSupportedIdentifiers().iterator();
+
+ while (it.hasNext())
+ set.add(new GeneralSetFunction((String)(it.next())));
+
+ return set;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/HigherOrderFunctionCluster.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/HigherOrderFunctionCluster.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/HigherOrderFunctionCluster.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,65 @@
+
+/*
+ * @(#)HigherOrderFunctionCluster.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond.cluster;
+
+import com.sun.xacml.cond.HigherOrderFunction;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+
+/**
+ * Clusters all the functions supported by <code>HigherOrderFunction</code>.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class HigherOrderFunctionCluster implements FunctionCluster
+{
+
+ public Set getSupportedFunctions() {
+ Set set = new HashSet();
+ Iterator it =
HigherOrderFunction.getSupportedIdentifiers().iterator();
+
+ while (it.hasNext())
+ set.add(new HigherOrderFunction((String)(it.next())));
+
+ return set;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/LogicalFunctionCluster.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/LogicalFunctionCluster.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/LogicalFunctionCluster.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,65 @@
+
+/*
+ * @(#)LogicalFunctionCluster.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond.cluster;
+
+import com.sun.xacml.cond.LogicalFunction;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+
+/**
+ * Clusters all the functions supported by <code>LogicalFunction</code>.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class LogicalFunctionCluster implements FunctionCluster
+{
+
+ public Set getSupportedFunctions() {
+ Set set = new HashSet();
+ Iterator it = LogicalFunction.getSupportedIdentifiers().iterator();
+
+ while (it.hasNext())
+ set.add(new LogicalFunction((String)(it.next())));
+
+ return set;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/MatchFunctionCluster.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/MatchFunctionCluster.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/MatchFunctionCluster.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,65 @@
+
+/*
+ * @(#)MatchFunctionCluster.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond.cluster;
+
+import com.sun.xacml.cond.MatchFunction;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+
+/**
+ * Clusters all the functions supported by <code>MatchFunction</code>.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class MatchFunctionCluster implements FunctionCluster
+{
+
+ public Set getSupportedFunctions() {
+ Set set = new HashSet();
+ Iterator it = MatchFunction.getSupportedIdentifiers().iterator();
+
+ while (it.hasNext())
+ set.add(new MatchFunction((String)(it.next())));
+
+ return set;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/ModFunctionCluster.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/ModFunctionCluster.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/ModFunctionCluster.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,65 @@
+
+/*
+ * @(#)ModFunctionCluster.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond.cluster;
+
+import com.sun.xacml.cond.ModFunction;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+
+/**
+ * Clusters all the functions supported by <code>ModFunction</code>.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class ModFunctionCluster implements FunctionCluster
+{
+
+ public Set getSupportedFunctions() {
+ Set set = new HashSet();
+ Iterator it = ModFunction.getSupportedIdentifiers().iterator();
+
+ while (it.hasNext())
+ set.add(new ModFunction((String)(it.next())));
+
+ return set;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/MultiplyFunctionCluster.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/MultiplyFunctionCluster.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/MultiplyFunctionCluster.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,65 @@
+
+/*
+ * @(#)MultiplyFunctionCluster.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond.cluster;
+
+import com.sun.xacml.cond.MultiplyFunction;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+
+/**
+ * Clusters all the functions supported by <code>MultiplyFunction</code>.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class MultiplyFunctionCluster implements FunctionCluster
+{
+
+ public Set getSupportedFunctions() {
+ Set set = new HashSet();
+ Iterator it = MultiplyFunction.getSupportedIdentifiers().iterator();
+
+ while (it.hasNext())
+ set.add(new MultiplyFunction((String)(it.next())));
+
+ return set;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/NOfFunctionCluster.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/NOfFunctionCluster.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/NOfFunctionCluster.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,65 @@
+
+/*
+ * @(#)NOfFunctionCluster.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond.cluster;
+
+import com.sun.xacml.cond.NOfFunction;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+
+/**
+ * Clusters all the functions supported by <code>NOfFunction</code>.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class NOfFunctionCluster implements FunctionCluster
+{
+
+ public Set getSupportedFunctions() {
+ Set set = new HashSet();
+ Iterator it = NOfFunction.getSupportedIdentifiers().iterator();
+
+ while (it.hasNext())
+ set.add(new NOfFunction((String)(it.next())));
+
+ return set;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/NotFunctionCluster.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/NotFunctionCluster.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/NotFunctionCluster.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,65 @@
+
+/*
+ * @(#)NotFunctionCluster.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond.cluster;
+
+import com.sun.xacml.cond.NotFunction;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+
+/**
+ * Clusters all the functions supported by <code>NotFunction</code>.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class NotFunctionCluster implements FunctionCluster
+{
+
+ public Set getSupportedFunctions() {
+ Set set = new HashSet();
+ Iterator it = NotFunction.getSupportedIdentifiers().iterator();
+
+ while (it.hasNext())
+ set.add(new NotFunction((String)(it.next())));
+
+ return set;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/NumericConvertFunctionCluster.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/NumericConvertFunctionCluster.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/NumericConvertFunctionCluster.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,66 @@
+
+/*
+ * @(#)NumericConvertFunctionCluster.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond.cluster;
+
+import com.sun.xacml.cond.NumericConvertFunction;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+
+/**
+ * Clusters all the functions supported by
<code>NumericConvertFunction</code>.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class NumericConvertFunctionCluster implements FunctionCluster
+{
+
+ public Set getSupportedFunctions() {
+ Set set = new HashSet();
+ Iterator it = NumericConvertFunction.getSupportedIdentifiers().
+ iterator();
+
+ while (it.hasNext())
+ set.add(new NumericConvertFunction((String)(it.next())));
+
+ return set;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/RoundFunctionCluster.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/RoundFunctionCluster.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/RoundFunctionCluster.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,65 @@
+
+/*
+ * @(#)RoundFunctionCluster.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond.cluster;
+
+import com.sun.xacml.cond.RoundFunction;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+
+/**
+ * Clusters all the functions supported by <code>RoundFunction</code>.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class RoundFunctionCluster implements FunctionCluster
+{
+
+ public Set getSupportedFunctions() {
+ Set set = new HashSet();
+ Iterator it = RoundFunction.getSupportedIdentifiers().iterator();
+
+ while (it.hasNext())
+ set.add(new RoundFunction((String)(it.next())));
+
+ return set;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/StringNormalizeFunctionCluster.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/StringNormalizeFunctionCluster.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/StringNormalizeFunctionCluster.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,67 @@
+
+/*
+ * @(#)StringNormalizeFunctionCluster.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond.cluster;
+
+import com.sun.xacml.cond.StringNormalizeFunction;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+
+/**
+ * Clusters all the functions supported by
+ * <code>StringNormalizeFunction</code>.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class StringNormalizeFunctionCluster implements FunctionCluster
+{
+
+ public Set getSupportedFunctions() {
+ Set set = new HashSet();
+ Iterator it = StringNormalizeFunction.getSupportedIdentifiers().
+ iterator();
+
+ while (it.hasNext())
+ set.add(new StringNormalizeFunction((String)(it.next())));
+
+ return set;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/SubtractFunctionCluster.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/SubtractFunctionCluster.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/SubtractFunctionCluster.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,65 @@
+
+/*
+ * @(#)SubtractFunctionCluster.java
+ *
+ * Copyright 2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.cond.cluster;
+
+import com.sun.xacml.cond.SubtractFunction;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+
+/**
+ * Clusters all the functions supported by <code>SubtractFunction</code>.
+ *
+ * @since 1.2
+ * @author Seth Proctor
+ */
+public class SubtractFunctionCluster implements FunctionCluster
+{
+
+ public Set getSupportedFunctions() {
+ Set set = new HashSet();
+ Iterator it = SubtractFunction.getSupportedIdentifiers().iterator();
+
+ while (it.hasNext())
+ set.add(new SubtractFunction((String)(it.next())));
+
+ return set;
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/package.html
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/package.html
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/cluster/package.html
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,7 @@
+<body>
+ This package defines the <code>FunctionCluster</code> interface that
+ is used to define a cluster of functions that are all implemented by
+ some common class. Also included in this package, as a convenience,
+ are cluster classes for all the standard functions. These are used by
+ the standard factory and by the run-time configuration system.
+</body>

Added: branches/authRengine/sunxacml/com/sun/xacml/cond/package.html
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/cond/package.html
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/cond/package.html
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,19 @@
+<body>
+ Support for Conditions is in this package. This contains all of the
+ function code, including base types, implementations of all of the
+ standard functions, and a factory for getting functions and adding new
+ ones to the system. There is also support for the Condition and Apply
+ XML types.
+ 
+ Note that prior to the 1.2 release, most of the function
+ implementations in this package were package private, mostly because
+ there is no reason to interact with these classes directly. With the
+ 1.2 release all classes were exposed, in part to make all the standard
+ identifier strings easily available. If you need a function instance,
+ however, you should still use the factory interface. You should not
+ ever need to instantiate one of the standard function classes
+ directly. Note also that in the next major release some of the
+ function impementations may change their interfaces, which is another
+ reason to interact with the standard functions only through the
+ factory interface.
+</body>

Added: branches/authRengine/sunxacml/com/sun/xacml/ctx/Attribute.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/ctx/Attribute.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/ctx/Attribute.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,298 @@
+
+/*
+ * @(#)Attribute.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.ctx;
+
+import com.sun.xacml.Indenter;
+
+import com.sun.xacml.ParsingException;
+import com.sun.xacml.UnknownIdentifierException;
+
+import com.sun.xacml.attr.AttributeFactory;
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.DateTimeAttribute;
+
+import java.io.PrintStream;
+import java.io.OutputStream;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+
+/**
+ * Represents the AttributeType XML type found in the context schema.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class Attribute
+{
+
+ // required meta-data attributes
+ private URI id;
+ private URI type;
+
+ // optional meta-data attributes
+ private String issuer = null;
+ private DateTimeAttribute issueInstant = null;
+
+ // the single value associated with this attribute
+ private AttributeValue value;
+
+ /**
+ * Creates a new <code>Attribute</code> of the type specified in the
+ * given <code>AttributeValue</code>.
+ *
+ * @param id the id of the attribute
+ * @param issuer the attribute's issuer or null if there is none
+ * @param issueInstant the moment when the attribute was issued, or null
+ * if it's unspecified
+ * @param value the actual value associated with the attribute meta-data
+ */
+ public Attribute(URI id, String issuer, DateTimeAttribute issueInstant,
+ AttributeValue value) {
+ this(id, value.getType(), issuer, issueInstant, value);
+ }
+
+ /**
+ * Creates a new <code>Attribute</code>
+ *
+ * @deprecated As of version 1.1, replaced by
+ *
{@link
#Attribute(URI,String,DateTimeAttribute,AttributeValue)}.
+ * This constructor has some ambiguity in that it allows a
+ * specified datatype and a value that already has some
+ * associated datatype. The new constructor clarifies this
+ * issue by removing the datatype parameter and using the
+ * datatype specified by the given value.
+ *
+ * @param id the id of the attribute
+ * @param type the type of the attribute
+ * @param issuer the attribute's issuer or null if there is none
+ * @param issueInstant the moment when the attribute was issued, or null
+ * if it's unspecified
+ * @param value the actual value associated with the attribute meta-data
+ */
+ public Attribute(URI id, URI type, String issuer,
+ DateTimeAttribute issueInstant, AttributeValue value) {
+ this.id = id;
+ this.type = type;
+ this.issuer = issuer;
+ this.issueInstant = issueInstant;
+ this.value = value;
+ }
+
+ /**
+ * Creates an instance of an <code>Attribute</code> based on the root DOM
+ * node of the XML data.
+ *
+ * @param root the DOM root of the AttributeType XML type
+ *
+ * @return the attribute
+ *
+ * throws ParsingException if the data is invalid
+ */
+ public static Attribute getInstance(Node root) throws ParsingException {
+ URI id = null;
+ URI type = null;
+ String issuer = null;
+ DateTimeAttribute issueInstant = null;
+ AttributeValue value = null;
+
+ AttributeFactory attrFactory = AttributeFactory.getInstance();
+
+ // First check that we're really parsing an Attribute
+ if (! root.getNodeName().equals("Attribute")) {
+ throw new ParsingException("Attribute object cannot be created "
+
+ "with root node of type: " +
+ root.getNodeName());
+ }
+
+ NamedNodeMap attrs = root.getAttributes();
+
+ try {
+ id = new URI(attrs.getNamedItem("AttributeId").getNodeValue());
+ } catch (Exception e) {
+ throw new ParsingException("Error parsing required attribute " +
+ "AttributeId in AttributeType", e);
+ }
+
+ try {
+ type = new URI(attrs.getNamedItem("DataType").getNodeValue());
+ } catch (Exception e) {
+ throw new ParsingException("Error parsing required attribute " +
+ "DataType in AttributeType", e);
+ }
+
+ try {
+ Node issuerNode = attrs.getNamedItem("Issuer");
+ if (issuerNode != null)
+ issuer = issuerNode.getNodeValue();
+
+ Node instantNode = attrs.getNamedItem("IssueInstant");
+ if (instantNode != null)
+ issueInstant = DateTimeAttribute.
+ getInstance(instantNode.getNodeValue());
+ } catch (Exception e) {
+ // shouldn't happen, but just in case...
+ throw new ParsingException("Error parsing optional AttributeType"
+ + " attribute", e);
+ }
+
+ // now we get the attribute value
+ NodeList nodes = root.getChildNodes();
+ for (int i = 0; i < nodes.getLength(); i++) {
+ Node node = nodes.item(i);
+ if (node.getNodeName().equals("AttributeValue")) {
+ // only one value can be in an Attribute
+ if (value != null)
+ throw new ParsingException("Too many values in
Attribute");
+
+ // now get the value
+ try {
+ value = attrFactory.createValue(node, type);
+ } catch (UnknownIdentifierException uie) {
+ throw new ParsingException("Unknown AttributeId", uie);
+ }
+ }
+ }
+
+ // make sure we got a value
+ if (value == null)
+ throw new ParsingException("Attribute must contain a value");
+
+ return new Attribute(id, type, issuer, issueInstant, value);
+ }
+
+ /**
+ * Returns the id of this attribute
+ *
+ * @return the attribute id
+ */
+ public URI getId() {
+ return id;
+ }
+
+ /**
+ * Returns the data type of this attribute
+ *
+ * @return the attribute's data type
+ */
+ public URI getType() {
+ return type;
+ }
+
+ /**
+ * Returns the issuer of this attribute, or null if no issuer was named
+ *
+ * @return the issuer or null
+ */
+ public String getIssuer() {
+ return issuer;
+ }
+
+ /**
+ * Returns the moment at which the attribute was issued, or null if no
+ * issue time was provided
+ *
+ * @return the time of issuance or null
+ */
+ public DateTimeAttribute getIssueInstant() {
+ return issueInstant;
+ }
+
+ /**
+ * The value of this attribute, or null if no value was included
+ *
+ * @return the attribute's value or null
+ */
+ public AttributeValue getValue() {
+ return value;
+ }
+
+ /**
+ * Encodes this attribute into its XML representation and writes
+ * this encoding to the given <code>OutputStream</code> with no
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ */
+ public void encode(OutputStream output) {
+ encode(output, new Indenter(0));
+ }
+
+ /**
+ * Encodes this attribute into its XML representation and writes
+ * this encoding to the given <code>OutputStream</code> with
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ * @param indenter an object that creates indentation strings
+ */
+ public void encode(OutputStream output, Indenter indenter) {
+ // setup the formatting & outstream stuff
+ String indent = indenter.makeString();
+ PrintStream out = new PrintStream(output);
+
+ // write out the encoded form
+ out.println(indent + encode());
+ }
+
+ /**
+ * Simple encoding method that returns the text-encoded version of
+ * this attribute with no formatting.
+ *
+ * @return the text-encoded XML
+ */
+ public String encode() {
+ String encoded = "<Attribute AttributeId=\"" + id.toString() + "\" "
+
+ "DataType=\"" + type.toString() + "\"";
+
+ if (issuer != null)
+ encoded += " Issuer=\"" + issuer + "\"";
+
+ if (issueInstant != null)
+ encoded += " IssueInstant=\"" + issueInstant.encode() + "\"";
+
+ encoded += ">" + value.encodeWithTags(false) + "</Attribute>";
+
+ return encoded;
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/ctx/InputParser.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/ctx/InputParser.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/ctx/InputParser.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,209 @@
+
+/*
+ * @(#)InputParser.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.ctx;
+
+import com.sun.xacml.ParsingException;
+
+import java.io.File;
+import java.io.InputStream;
+
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import org.xml.sax.ErrorHandler;
+import org.xml.sax.SAXException;
+import org.xml.sax.SAXParseException;
+
+
+/**
+ * A package-private helper that provides a single static routine for
+ * parsing input based on the context schema.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+class InputParser implements ErrorHandler
+{
+
+ // the schema file, if provided
+ private File schemaFile;
+
+ // the single reference, which is null unless a schema file is provided
+ private static InputParser ipReference = null;
+
+ // the property string to set to turn on validation
+ private static final String CONTEXT_SCHEMA_PROPERTY =
+ "com.sun.xacml.ContextSchema";
+
+ // the logger we'll use for all messages
+ private static final Logger logger =
+ Logger.getLogger(InputParser.class.getName());
+
+ // standard strings for setting validation
+
+ private static final String JAXP_SCHEMA_LANGUAGE =
+ "http://java.sun.com/xml/jaxp/properties/schemaLanguage";;
+
+ private static final String W3C_XML_SCHEMA =
+ "http://www.w3.org/2001/XMLSchema";;
+
+ private static final String JAXP_SCHEMA_SOURCE =
+ "http://java.sun.com/xml/jaxp/properties/schemaSource";;
+
+ /**
+ * Look for the property that names the schema, and if it exists get
+ * the file name and create a single InputParser instance
+ */
+ static {
+ String schemaName = System.getProperty(CONTEXT_SCHEMA_PROPERTY);
+
+ if (schemaName != null)
+ ipReference = new InputParser(new File(schemaName));
+ };
+
+ /**
+ * Constructor that takes the schema file.
+ */
+ private InputParser(File schemaFile) {
+ this.schemaFile = schemaFile;
+ }
+
+ /**
+ * Tries to Parse the given output as a Context document.
+ *
+ * @param input the stream to parse
+ * @param rootTage either "Request" or "Response"
+ *
+ * @return the root node of the request/response
+ *
+ * @throws ParsingException if a problem occurred parsing the document
+ */
+ static Node parseInput(InputStream input, String rootTag)
+ throws ParsingException
+ {
+ NodeList nodes = null;
+
+ try {
+ DocumentBuilderFactory factory =
+ DocumentBuilderFactory.newInstance();
+ factory.setIgnoringComments(true);
+
+ DocumentBuilder builder = null;
+
+ // as of 1.2, we always are namespace aware
+ factory.setNamespaceAware(true);
+
+ if (ipReference == null) {
+ // we're not validating
+ factory.setValidating(false);
+
+ builder = factory.newDocumentBuilder();
+ } else {
+ // we are validating
+ factory.setValidating(true);
+
+ factory.setAttribute(JAXP_SCHEMA_LANGUAGE, W3C_XML_SCHEMA);
+ factory.setAttribute(JAXP_SCHEMA_SOURCE,
+ ipReference.schemaFile);
+
+ builder = factory.newDocumentBuilder();
+ builder.setErrorHandler(ipReference);
+ }
+
+ Document doc = builder.parse(input);
+ nodes = doc.getElementsByTagName(rootTag);
+ } catch (Exception e) {
+ throw new ParsingException("Error tring to parse " + rootTag +
+ "Type", e);
+ }
+
+ if (nodes.getLength() != 1)
+ throw new ParsingException("Only one " + rootTag + "Type allowed
"
+ + "at the root of a Context doc");
+
+ return nodes.item(0);
+ }
+
+ /**
+ * Standard handler routine for the XML parsing.
+ *
+ * @param exception information on what caused the problem
+ */
+ public void warning(SAXParseException exception) throws SAXException {
+ if (logger.isLoggable(Level.WARNING))
+ logger.warning("Warning on line " + exception.getLineNumber() +
+ ": " + exception.getMessage());
+ }
+
+ /**
+ * Standard handler routine for the XML parsing.
+ *
+ * @param exception information on what caused the problem
+ *
+ * @throws SAXException always to halt parsing on errors
+ */
+ public void error(SAXParseException exception) throws SAXException {
+ if (logger.isLoggable(Level.WARNING))
+ logger.warning("Error on line " + exception.getLineNumber() +
+ ": " + exception.getMessage());
+
+ throw new SAXException("invalid context document");
+ }
+
+ /**
+ * Standard handler routine for the XML parsing.
+ *
+ * @param exception information on what caused the problem
+ *
+ * @throws SAXException always to halt parsing on errors
+ */
+ public void fatalError(SAXParseException exception) throws SAXException {
+ if (logger.isLoggable(Level.WARNING))
+ logger.warning("FatalError on line " + exception.getLineNumber()
+
+ ": " + exception.getMessage());
+
+ throw new SAXException("invalid context document");
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/ctx/RequestCtx.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/ctx/RequestCtx.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/ctx/RequestCtx.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,474 @@
+
+/*
+ * @(#)RequestCtx.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.ctx;
+
+import com.sun.xacml.Indenter;
+import com.sun.xacml.ParsingException;
+
+import com.sun.xacml.attr.AttributeDesignator;
+
+import java.io.InputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.io.PrintStream;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import org.xml.sax.SAXException;
+
+
+/**
+ * Represents a request made to the PDP. This is the class that contains all
+ * the data used to start a policy evaluation.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ * @author Marco Barreno
+ */
+public class RequestCtx
+{
+
+ // There must be at least one subject
+ private Set subjects = null;
+
+ // There must be exactly one resource
+ private Set resource = null;
+
+ // There must be exactly one action
+ private Set action = null;
+
+ // There may be any number of environment attributes
+ private Set environment = null;
+
+ // Hold onto the root of the document for XPath searches
+ private Node documentRoot = null;
+
+ // The optional, generic resource content
+ private String resourceContent;
+
+ /**
+ * Constructor that creates a <code>RequestCtx</code> from components.
+ *
+ * @param subjects a <code>Set</code> of <code>Subject</code>s
+ * @param resource a <code>Set</code> of <code>Attribute</code>s
+ * @param action a <code>Set</code> of <code>Attribute</code>s
+ * @param environment a <code>Set</code> of environment attributes
+ */
+ public RequestCtx(Set subjects, Set resource, Set action,
+ Set environment) {
+ this(subjects, resource, action, environment, null, null);
+ }
+
+ /**
+ * Constructor that creates a <code>RequestCtx</code> from components.
+ *
+ * @param subjects a <code>Set</code> of <code>Subject</code>s
+ * @param resource a <code>Set</code> of <code>Attribute</code>s
+ * @param action a <code>Set</code> of <code>Attribute</code>s
+ * @param environment a <code>Set</code> of environment attributes
+ * @param documentRoot the root node of the DOM tree for this request
+ */
+ public RequestCtx(Set subjects, Set resource, Set action,
+ Set environment, Node documentRoot) {
+ this(subjects, resource, action, environment, documentRoot, null);
+ }
+
+ /**
+ * Constructor that creates a <code>RequestCtx</code> from components.
+ *
+ * @param subjects a <code>Set</code> of <code>Subject</code>s
+ * @param resource a <code>Set</code> of <code>Attribute</code>s
+ * @param action a <code>Set</code> of <code>Attribute</code>s
+ * @param environment a <code>Set</code> of environment attributes
+ * @param resourceContent a text-encoded version of the content, suitable
+ * for including in the RequestType, including the
+ * root <code>RequestContent</code> node
+ */
+ public RequestCtx(Set subjects, Set resource, Set action,
+ Set environment, String resourceContent) {
+ this(subjects, resource, action, environment, null, resourceContent);
+ }
+
+ /**
+ * Constructor that creates a <code>RequestCtx</code> from components.
+ *
+ * @param subjects a <code>Set</code> of <code>Subject</code>s
+ * @param resource a <code>Set</code> of <code>Attribute</code>s
+ * @param action a <code>Set</code> of <code>Attribute</code>s
+ * @param environment a <code>Set</code> of environment attributes
+ * @param documentRoot the root node of the DOM tree for this request
+ * @param resourceContent a text-encoded version of the content, suitable
+ * for including in the RequestType, including the
+ * root <code>RequestContent</code> node
+ *
+ * @throws IllegalArgumentException if the inputs are not well formed
+ */
+ public RequestCtx(Set subjects, Set resource, Set action,
+ Set environment, Node documentRoot,
+ String resourceContent) throws
IllegalArgumentException {
+
+ // make sure subjects is well formed
+ Iterator sIter = subjects.iterator();
+ while (sIter.hasNext()){
+ if (!(sIter.next() instanceof Subject))
+ throw new IllegalArgumentException("Subjects input is not " +
+ "well formed");
+ }
+ this.subjects = Collections.unmodifiableSet(new HashSet(subjects));
+
+ // make sure resource is well formed
+ Iterator rIter = resource.iterator();
+ while (rIter.hasNext()){
+ if (!(rIter.next() instanceof Attribute))
+ throw new IllegalArgumentException("Resource input is not " +
+ "well formed");
+ }
+ this.resource = Collections.unmodifiableSet(new HashSet(resource));
+
+ // make sure action is well formed
+ Iterator aIter = action.iterator();
+ while (aIter.hasNext()){
+ if (!(aIter.next() instanceof Attribute))
+ throw new IllegalArgumentException("Action input is not " +
+ "well formed");
+ }
+ this.action = Collections.unmodifiableSet(new HashSet(action));
+
+ // make sure environment is well formed
+ Iterator eIter = environment.iterator();
+ while (eIter.hasNext()){
+ if (!(eIter.next() instanceof Attribute))
+ throw new IllegalArgumentException("Environment input is
not" +
+ " well formed");
+ }
+ this.environment =
+ Collections.unmodifiableSet(new HashSet(environment));
+
+ this.documentRoot = documentRoot;
+ this.resourceContent = resourceContent;
+ }
+
+ /**
+ * Create a new <code>RequestCtx</code> by parsing a node. This
+ * node should be created by schema-verified parsing of an
+ * <code>XML</code> document.
+ *
+ * @param root the node to parse for the <code>RequestCtx</code>
+ *
+ * @return a new <code>RequestCtx</code> constructed by parsing
+ *
+ * @throws URISyntaxException if there is a badly formed URI
+ * @throws ParsingException if the DOM node is invalid
+ */
+ public static RequestCtx getInstance(Node root) throws ParsingException {
+ Set newSubjects = new HashSet();
+ Set newResource = null;
+ Set newAction = null;
+ Set newEnvironment = null;
+ String resourceContent;
+
+ // First check to be sure the node passed is indeed a Request node.
+ String tagName = root.getNodeName();
+ if (! tagName.equals("Request")) {
+ throw new ParsingException("Request cannot be constructed using
" +
+ "type: " + root.getNodeName());
+ }
+
+ // Now go through its child nodes, finding Subject,
+ // Resource, Action, and Environment data
+ NodeList children = root.getChildNodes();
+
+ for (int i = 0; i < children.getLength(); i++) {
+ Node node = children.item(i);
+ String tag = node.getNodeName();
+
+ if (tag.equals("Subject")) {
+ // see if there is a category
+ Node catNode =
+ node.getAttributes().getNamedItem("SubjectCategory");
+ URI category = null;
+
+ if (catNode != null) {
+ try {
+ category = new URI(catNode.getNodeValue());
+ } catch (Exception e) {
+ throw new ParsingException("Invalid Category URI",
e);
+ }
+ }
+
+ // now we get the attributes
+ Set attributes = parseAttributes(node);
+
+ // finally, add the list to the set of subject attributes
+ newSubjects.add(new Subject(category, attributes));
+ } else if (tag.equals("Resource")) {
+ // For now, this code doesn't parse the content, since it's
+ // a set of anys with a set of anyAttributes, and therefore
+ // no useful data can be gleaned from it anyway. The theory
+ // here is that it's only useful in the instance doc, so
+ // we won't bother parse it, but we may still want to go
+ // back and provide some support at some point...
+ newResource = parseAttributes(node);
+ } else if (tag.equals("Action")) {
+ newAction = parseAttributes(node);
+ } else if (tag.equals("Environment")) {
+ newEnvironment = parseAttributes(node);
+ }
+ }
+
+ // if we didn't have an environment section, the only optional
section
+ // of the four, then create a new empty set for it
+ if (newEnvironment == null)
+ newEnvironment = new HashSet();
+
+ // Now create and return the RequestCtx from the information
+ // gathered
+ return new RequestCtx(newSubjects, newResource,
+ newAction, newEnvironment, root);
+ }
+
+ /*
+ * Helper method that parses a set of Attribute types. The Subject,
+ * Action and Environment sections all look like this.
+ */
+ private static Set parseAttributes(Node root) throws ParsingException {
+ Set set = new HashSet();
+
+ // the Environment section is just a list of Attributes
+ NodeList nodes = root.getChildNodes();
+ for (int i = 0; i < nodes.getLength(); i++) {
+ Node node = nodes.item(i);
+ if (node.getNodeName().equals("Attribute"))
+ set.add(Attribute.getInstance(node));
+ }
+
+ return set;
+ }
+
+ /**
+ * Creates a new <code>RequestCtx</code> by parsing XML from an
+ * input stream. Note that this a convenience method, and it will
+ * not do schema validation by default. You should be parsing the data
+ * yourself, and then providing the root node to the other
+ * <code>getInstance</code> method. If you use this convenience
+ * method, you probably want to turn on validation by setting the
+ * context schema file (see the programmer guide for more information
+ * on this).
+ *
+ * @param input a stream providing the XML data
+ *
+ * @return a new <code>RequestCtx</code>
+ *
+ * @throws ParserException if there is an error parsing the input
+ */
+ public static RequestCtx getInstance(InputStream input)
+ throws ParsingException
+ {
+ return getInstance(InputParser.parseInput(input, "Request"));
+ }
+
+ /**
+ * Returns a <code>Set</code> containing <code>Subject</code> objects.
+ *
+ * @return the request's subject attributes
+ */
+ public Set getSubjects() {
+ return subjects;
+ }
+
+ /**
+ * Returns a <code>Set</code> containing <code>Attribute</code> objects.
+ *
+ * @return the request's resource attributes
+ */
+ public Set getResource() {
+ return resource;
+ }
+
+ /**
+ * Returns a <code>Set</code> containing <code>Attribute</code> objects.
+ *
+ * @return the request's action attributes
+ */
+ public Set getAction() {
+ return action;
+ }
+
+ /**
+ * Returns a <code>Set</code> containing <code>Attribute</code> objects.
+ *
+ * @return the request's environment attributes
+ */
+ public Set getEnvironmentAttributes() {
+ return environment;
+ }
+
+ /**
+ * Returns the root DOM node of the document used to create this
+ * object, or null if this object was created by hand (ie, not through
+ * the <code>getInstance</code> method) or if the root node was not
+ * provided to the constructor.
+ *
+ * @return the root DOM node or null
+ */
+ public Node getDocumentRoot() {
+ return documentRoot;
+ }
+
+ /**
+ * Encodes this context into its XML representation and writes this
+ * encoding to the given <code>OutputStream</code>. No
+ * indentation is used.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ */
+ public void encode(OutputStream output) {
+ encode(output, new Indenter(0));
+ }
+
+ /**
+ * Encodes this context into its XML representation and writes
+ * this encoding to the given <code>OutputStream</code> with
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ * @param indenter an object that creates indentation strings
+ */
+ public void encode(OutputStream output, Indenter indenter) {
+
+ // Make a PrintStream for a nicer printing interface
+ PrintStream out = new PrintStream(output);
+
+ // Prepare the indentation string
+ String topIndent = indenter.makeString();
+ out.println(topIndent + "<Request>");
+
+ // go in one more for next-level elements...
+ indenter.in();
+ String indent = indenter.makeString();
+
+ // ...and go in again for everything else
+ indenter.in();
+
+ // first off, go through all subjects
+ Iterator it = subjects.iterator();
+ while (it.hasNext()) {
+ Subject subject = (Subject)(it.next());
+
+ out.print(indent + "<Subject SubjectCategory=\"" +
+ subject.getCategory().toString() + "\"");
+
+ Set subjectAttrs = subject.getAttributes();
+
+ if (subjectAttrs.size() == 0) {
+ // there's nothing in this Subject, so just close the tag
+ out.println("/>");
+ } else {
+ // there's content, so fill it in
+ out.println(">");
+
+ encodeAttributes(subjectAttrs, out, indenter);
+
+ out.println(indent + "</Subject>");
+ }
+ }
+
+ // next do the resource
+ if ((resource.size() != 0) || (resourceContent != null)) {
+ out.println(indent + "<Resource>");
+ if (resourceContent != null)
+ out.println(indenter.makeString() + "<ResourceContent>" +
+ resourceContent + "</ResourceContent>");
+ encodeAttributes(resource, out, indenter);
+ out.println(indent + "</Resource>");
+ } else {
+ out.println(indent + "<Resource/>");
+ }
+
+ // now the action
+ if (action.size() != 0) {
+ out.println(indent + "<Action>");
+ encodeAttributes(action, out, indenter);
+ out.println(indent + "</Action>");
+ } else {
+ out.println(indent + "<Action/>");
+ }
+
+ // finally the environment, if there are any attrs
+ if (environment.size() != 0) {
+ out.println(indent + "<Environment>");
+ encodeAttributes(environment, out, indenter);
+ out.println(indent + "</Environment>");
+ }
+
+ // we're back to the top
+ indenter.out();
+ indenter.out();
+
+ out.println(topIndent + "</Request>");
+ }
+
+ /**
+ * Private helper function to encode the attribute sets
+ */
+ private void encodeAttributes(Set attributes, PrintStream out,
+ Indenter indenter) {
+ Iterator it = attributes.iterator();
+ while (it.hasNext()) {
+ Attribute attr = (Attribute)(it.next());
+ attr.encode(out, indenter);
+ }
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/ctx/ResponseCtx.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/ctx/ResponseCtx.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/ctx/ResponseCtx.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,202 @@
+
+/*
+ * @(#)ResponseCtx.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.ctx;
+
+import com.sun.xacml.Indenter;
+import com.sun.xacml.ParsingException;
+
+import java.io.InputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.io.PrintStream;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+
+/**
+ * Represents the response to a request made to the XACML PDP.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ * @author Marco Barreno
+ */
+public class ResponseCtx
+{
+
+ // The set of Result objects returned by the PDP
+ private Set results = null;
+
+ /**
+ * Constructor that creates a new <code>ResponseCtx</code> with only a
+ * single <code>Result</code> (a common case).
+ *
+ * @param result the single result in the response
+ */
+ public ResponseCtx(Result result) {
+ results = new HashSet();
+ results.add(result);
+ }
+
+ /**
+ * Constructor that creates a new <code>ResponseCtx</code> with a
+ * <code>Set</code> of <code>Result</code>s. The <code>Set</code> must
+ * be non-empty.
+ *
+ * @param results a <code>Set</code> of <code>Result</code> objects
+ */
+ public ResponseCtx(Set results) {
+ this.results = Collections.unmodifiableSet(new HashSet(results));
+ }
+
+ /**
+ * Creates a new instance of <code>ResponseCtx</code> based on the given
+ * DOM root node. A <code>ParsingException</code> is thrown if the DOM
+ * root doesn't represent a valid ResponseType.
+ *
+ * @param root the DOM root of a ResponseType
+ *
+ * @return a new <code>ResponseCtx</code>
+ *
+ * @throws ParsingException if the node is invalid
+ */
+ public static ResponseCtx getInstance(Node root) throws ParsingException
{
+ Set results = new HashSet();
+
+ NodeList nodes = root.getChildNodes();
+ for (int i = 0; i < nodes.getLength(); i++) {
+ Node node = nodes.item(i);
+ if (node.getNodeName().equals("Result")) {
+ results.add(Result.getInstance(node));
+ }
+ }
+
+ if (results.size() == 0)
+ throw new ParsingException("must have at least one Result");
+
+ return new ResponseCtx(results);
+ }
+
+ /**
+ * Creates a new <code>ResponseCtx</code> by parsing XML from an
+ * input stream. Note that this is a convenience method, and it will
+ * not do schema validation by default. You should be parsing the data
+ * yourself, and then providing the root node to the other
+ * <code>getInstance</code> method. If you use this convenience
+ * method, you probably want to turn on validation by setting the
+ * context schema file (see the programmer guide for more information
+ * on this).
+ *
+ * @param input a stream providing the XML data
+ *
+ * @return a new <code>ResponseCtx</code>
+ *
+ * @throws ParserException if there is an error parsing the input
+ */
+ public static ResponseCtx getInstance(InputStream input)
+ throws ParsingException
+ {
+ return getInstance(InputParser.parseInput(input, "Response"));
+ }
+
+ /**
+ * Get the set of <code>Result</code>s from this response.
+ *
+ * @return a <code>Set</code> of results
+ */
+ public Set getResults() {
+ return results;
+ }
+
+ /**
+ * Encodes this context into its XML representation and writes this
+ * encoding to the given <code>OutputStream</code> with no
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ */
+ public void encode(OutputStream output) {
+ encode(output, new Indenter(0));
+ }
+
+ /**
+ * Encodes this context into its XML representation and writes
+ * this encoding to the given <code>OutputStream</code> with
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ * @param indenter an object that creates indentation strings
+ */
+ public void encode(OutputStream output, Indenter indenter) {
+
+ // Make a PrintStream for a nicer printing interface
+ PrintStream out = new PrintStream(output);
+
+ // Prepare the indentation string
+ String indent = indenter.makeString();
+
+ // Now write the XML...
+
+ out.println(indent + "<Response>");
+
+ // Go through all results
+ Iterator it = results.iterator();
+ indenter.in();
+
+ while (it.hasNext()) {
+ Result result = (Result)(it.next());
+ result.encode(out, indenter);
+ }
+
+ indenter.out();
+
+ // Finish the XML for a response
+ out.println(indent + "</Response>");
+
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/ctx/Result.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/ctx/Result.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/ctx/Result.java 2010-06-18
08:40:01 UTC (rev 5711)
@@ -0,0 +1,453 @@
+
+/*
+ * @(#)Result.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.ctx;
+
+import com.sun.xacml.Indenter;
+import com.sun.xacml.Obligation;
+import com.sun.xacml.ParsingException;
+
+import java.io.OutputStream;
+import java.io.PrintStream;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+
+/**
+ * Represents the ResultType XML object from the Context schema. Any number
+ * of these may included in a <code>ResponseCtx</code>. This class encodes
the
+ * decision effect, as well as an optional resource identifier and optional
+ * status data. Any number of obligations may also be included.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ * @author Marco Barreno
+ */
+public class Result
+{
+
+ /**
+ * The decision to permit the request
+ */
+ public static final int DECISION_PERMIT = 0;
+
+ /**
+ * The decision to deny the request
+ */
+ public static final int DECISION_DENY = 1;
+
+ /**
+ * The decision that a decision about the request cannot be made
+ */
+ public static final int DECISION_INDETERMINATE = 2;
+
+ /**
+ * The decision that nothing applied to us
+ */
+ public static final int DECISION_NOT_APPLICABLE = 3;
+
+ // string versions of the 4 Decision types used for encoding
+ public static final String [] DECISIONS = { "Permit", "Deny",
+ "Indeterminate",
+ "NotApplicable" };
+
+ // the decision effect
+ private int decision = -1;
+
+ // the status data
+ private Status status = null;
+
+ // the resource identifier or null if there is none
+ private String resource = null;
+
+ // the set of obligations which may be empty
+ private Set obligations;
+
+ /**
+ * Constructs a <code>Result</code> object with default status data (OK).
+ *
+ * @param decision the decision effect to include in this result. This
+ * must be one of the four fields in this class.
+ *
+ * @throws IllegalArgumentException if decision is not valid
+ */
+ public Result(int decision) throws IllegalArgumentException {
+ this(decision, null, null, null);
+ }
+
+ /**
+ * Constructs a <code>Result</code> object with default status data (OK),
+ * and obligations, but no resource identifier.
+ *
+ * @param decision the decision effect to include in this result. This
+ * must be one of the four fields in this class.
+ * @param obligations the obligations the PEP must handle
+ *
+ * @throws IllegalArgumentException if decision is not valid
+ */
+ public Result(int decision, Set obligations)
+ throws IllegalArgumentException
+ {
+ this(decision, null, null, obligations);
+ }
+
+ /**
+ * Constructs a <code>Result</code> object with status data but without a
+ * resource identifier. Typically the decision is DECISION_INDETERMINATE
+ * in this case, though that's not always true.
+ *
+ * @param decision the decision effect to include in this result. This
+ * must be one of the four fields in this class.
+ * @param status the <code>Status</code> to include in this result
+ *
+ * @throws IllegalArgumentException if decision is not valid
+ */
+ public Result(int decision, Status status) throws
IllegalArgumentException {
+ this(decision, status, null, null);
+ }
+
+ /**
+ * Constructs a <code>Result</code> object with status data and
obligations
+ * but without a resource identifier. Typically the decision is
+ * DECISION_INDETERMINATE in this case, though that's not always true.
+ *
+ * @param decision the decision effect to include in this result. This
+ * must be one of the four fields in this class.
+ * @param status the <code>Status</code> to include in this result
+ * @param obligations the obligations the PEP must handle
+ *
+ * @throws IllegalArgumentException if decision is not valid
+ */
+ public Result(int decision, Status status, Set obligations)
+ throws IllegalArgumentException
+ {
+ this(decision, status, null, obligations);
+ }
+
+ /**
+ * Constructs a <code>Result</code> object with a resource identifier,
+ * but default status data (OK). The resource being named must match
+ * the resource (or a descendent of the resource in the case of a
+ * hierarchical resource) from the associated request.
+ *
+ * @param decision the decision effect to include in this result. This
+ * must be one of the four fields in this class.
+ * @param resource a <code>String</code> naming the resource
+ *
+ * @throws IllegalArgumentException if decision is not valid
+ */
+ public Result(int decision, String resource)
+ throws IllegalArgumentException
+ {
+ this(decision, null, resource, null);
+ }
+
+ /**
+ * Constructs a <code>Result</code> object with a resource identifier,
+ * and obligations, but default status data (OK). The resource being
named
+ * must match the resource (or a descendent of the resource in the case
of
+ * a hierarchical resource) from the associated request.
+ *
+ * @param decision the decision effect to include in this result. This
+ * must be one of the four fields in this class.
+ * @param resource a <code>String</code> naming the resource
+ * @param obligations the obligations the PEP must handle
+ *
+ * @throws IllegalArgumentException if decision is not valid
+ */
+ public Result(int decision, String resource, Set obligations)
+ throws IllegalArgumentException
+ {
+ this(decision, null, resource, obligations);
+ }
+
+ /**
+ * Constructs a <code>Result</code> object with status data and a
+ * resource identifier.
+ *
+ * @param decision the decision effect to include in this result. This
+ * must be one of the four fields in this class.
+ * @param status the <code>Status</code> to include in this result
+ * @param resource a <code>String</code> naming the resource
+ *
+ * @throws IllegalArgumentException if decision is not valid
+ */
+ public Result(int decision, Status status, String resource)
+ throws IllegalArgumentException
+ {
+ this(decision, status, resource, null);
+ }
+
+ /**
+ * Constructs a <code>Result</code> object with status data, a
+ * resource identifier, and obligations.
+ *
+ * @param decision the decision effect to include in this result. This
+ * must be one of the four fields in this class.
+ * @param status the <code>Status</code> to include in this result
+ * @param resource a <code>String</code> naming the resource
+ * @param obligations the obligations the PEP must handle
+ *
+ * @throws IllegalArgumentException if decision is not valid
+ */
+ public Result(int decision, Status status, String resource,
+ Set obligations)
+ throws IllegalArgumentException
+ {
+ // check that decision is valid
+ if ((decision != DECISION_PERMIT) && (decision != DECISION_DENY) &&
+ (decision != DECISION_INDETERMINATE) &&
+ (decision != DECISION_NOT_APPLICABLE))
+ throw new IllegalArgumentException("invalid decision value");
+
+ this.decision = decision;
+ this.resource = resource;
+
+ if (status == null)
+ this.status = Status.getOkInstance();
+ else
+ this.status = status;
+
+ if (obligations == null)
+ this.obligations = new HashSet();
+ else
+ this.obligations = obligations;
+ }
+
+ /**
+ * Creates a new instance of a <code>Result</code> based on the given
+ * DOM root node. A <code>ParsingException</code> is thrown if the DOM
+ * root doesn't represent a valid ResultType.
+ *
+ * @param root the DOM root of a ResultType
+ *
+ * @return a new <code>Result</code>
+ *
+ * @throws ParsingException if the node is invalid
+ */
+ public static Result getInstance(Node root) throws ParsingException {
+ int decision = -1;
+ Status status = null;
+ String resource = null;
+ Set obligations = null;
+
+ NamedNodeMap attrs = root.getAttributes();
+ Node resourceAttr = attrs.getNamedItem("ResourceId");
+ if (resourceAttr != null)
+ resource = resourceAttr.getNodeValue();
+
+ NodeList nodes = root.getChildNodes();
+ for (int i = 0; i < nodes.getLength(); i++) {
+ Node node = nodes.item(i);
+ String name = node.getNodeName();
+
+ if (name.equals("Decision")) {
+ String type = node.getFirstChild().getNodeValue();
+ for (int j = 0; j < DECISIONS.length; j++) {
+ if (DECISIONS[j].equals(type)) {
+ decision = j;
+ break;
+ }
+ }
+
+ if (decision == -1)
+ throw new ParsingException("Unknown Decision: " + type);
+ } else if (name.equals("Status")) {
+ status = Status.getInstance(node);
+ } else if (name.equals("Obligations")) {
+ obligations = parseObligations(node);
+ }
+ }
+
+ return new Result(decision, status, resource, obligations);
+ }
+
+ /**
+ * Helper method that handles the obligations
+ */
+ private static Set parseObligations(Node root) throws ParsingException {
+ Set set = new HashSet();
+
+ NodeList nodes = root.getChildNodes();
+ for (int i = 0; i < nodes.getLength(); i++) {
+ Node node = nodes.item(i);
+ if (node.getNodeName().equals("Obligation"))
+ set.add(Obligation.getInstance(node));
+ }
+
+ if (set.size() == 0)
+ throw new ParsingException("ObligationsType must not be empty");
+
+ return set;
+ }
+
+ /**
+ * Returns the decision associated with this <code>Result</code>. This
+ * will be one of the four <code>DECISION_*</code> fields in this class.
+ *
+ * @return the decision effect
+ */
+ public int getDecision() {
+ return decision;
+ }
+
+ /**
+ * Returns the status data included in this <code>Result</code>.
+ * Typically this will be <code>STATUS_OK</code> except when the decision
+ * is <code>INDETERMINATE</code>.
+ *
+ * @return status associated with this Result
+ */
+ public Status getStatus() {
+ return status;
+ }
+
+ /**
+ * Returns the resource to which this Result applies, or null if none
+ * is specified.
+ *
+ * @return a resource identifier or null
+ */
+ public String getResource() {
+ return resource;
+ }
+
+ /**
+ * Sets the resource identifier if it has not already been set before.
+ * The core code does not set the resource identifier, so this is useful
+ * if you want to write wrapper code that needs this information.
+ *
+ * @param resource the resource identifier
+ *
+ * @return true if the resource identifier was set, false if it already
+ * had a value
+ */
+ public boolean setResource(String resource) {
+ if (this.resource != null)
+ return false;
+
+ this.resource = resource;
+
+ return true;
+ }
+
+ /**
+ * Returns the set of obligations that the PEP must fulfill, which may
+ * be empty.
+ *
+ * @return the set of obligations
+ */
+ public Set getObligations() {
+ return obligations;
+ }
+
+ /**
+ * Adds an obligation to the set of obligations that the PEP must fulfill
+ *
+ * @param obligation the <code>Obligation</code> to add
+ */
+ public void addObligation(Obligation obligation) {
+ if (obligation != null)
+ obligations.add(obligation);
+ }
+
+ /**
+ * Encodes this <code>Result</code> into its XML form and writes this
+ * out to the provided <code>OutputStream<code> with no indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ */
+ public void encode(OutputStream output) {
+ encode(output, new Indenter(0));
+ }
+
+ /**
+ * Encodes this <code>Result</code> into its XML form and writes this
+ * out to the provided <code>OutputStream<code> with indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ * @param indenter an object that creates indentation strings
+ */
+ public void encode(OutputStream output, Indenter indenter) {
+ PrintStream out = new PrintStream(output);
+ String indent = indenter.makeString();
+
+ indenter.in();
+ String indentNext = indenter.makeString();
+
+ // encode the starting tag
+ if (resource == null)
+ out.println(indent + "<Result>");
+ else
+ out.println(indent + "<Result ResourceID=\"" + resource + "\">");
+
+ // encode the decision
+ out.println(indentNext + "<Decision>" + DECISIONS[decision] +
+ "</Decision>");
+
+ // encode the status
+ if (status != null)
+ status.encode(output, indenter);
+
+ // encode the obligations
+ if (obligations.size() != 0) {
+ out.println(indentNext + "<Obligations>");
+
+ Iterator it = obligations.iterator();
+ indenter.in();
+
+ while (it.hasNext()) {
+ Obligation obligation = (Obligation)(it.next());
+ obligation.encode(output, indenter);
+ }
+
+ indenter.out();
+ out.println(indentNext + "</Obligations>");
+ }
+
+ indenter.out();
+
+ // finish it off
+ out.println(indent + "</Result>");
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/ctx/Status.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/ctx/Status.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/ctx/Status.java 2010-06-18
08:40:01 UTC (rev 5711)
@@ -0,0 +1,324 @@
+
+/*
+ * @(#)Status.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.ctx;
+
+import com.sun.xacml.Indenter;
+import com.sun.xacml.ParsingException;
+
+import java.io.OutputStream;
+import java.io.PrintStream;
+
+import java.net.URI;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+
+/**
+ * Represents the status data that is included in a ResultType. By default,
+ * the status is OK.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class Status
+{
+
+ /**
+ * Standard identifier for the OK status
+ */
+ public static final String STATUS_OK =
+ "urn:oasis:names:tc:xacml:1.0:status:ok";
+
+ /**
+ * Standard identifier for the MissingAttribute status
+ */
+ public static final String STATUS_MISSING_ATTRIBUTE =
+ "urn:oasis:names:tc:xacml:1.0:status:missing-attribute";
+
+ /**
+ * Standard identifier for the SyntaxError status
+ */
+ public static final String STATUS_SYNTAX_ERROR =
+ "urn:oasis:names:tc:xacml:1.0:status:syntax-error";
+
+ /**
+ * Standard identifier for the ProcessingError status
+ */
+ public static final String STATUS_PROCESSING_ERROR =
+ "urn:oasis:names:tc:xacml:1.0:status:processing-error";
+
+ // the status code
+ private List code;
+
+ // the message
+ private String message;
+
+ // the detail
+ private StatusDetail detail;
+
+ // a single OK object we'll use most of the time
+ private static Status okStatus;
+
+ // initialize the OK Status object
+ static {
+ List code = new ArrayList();
+ code.add(STATUS_OK);
+ okStatus = new Status(code);
+ };
+
+ /**
+ * Constructor that takes only the status code.
+ *
+ * @param code a <code>List</code> of <code>String</code> codes,
typically
+ * just one code, but this may contain any number of minor
+ * codes after the first item in the list, which is the major
+ * code
+ */
+ public Status(List code) {
+ this(code, null, null);
+ }
+
+ /**
+ * Constructor that takes both the status code and a message to include
+ * with the status.
+ *
+ * @param code a <code>List</code> of <code>String</code> codes,
typically
+ * just one code, but this may contain any number of minor
+ * codes after the first item in the list, which is the major
+ * code
+ * @param message a message to include with the code
+ */
+ public Status(List code, String message) {
+ this(code, message, null);
+ }
+
+ /**
+ * Constructor that takes the status code, an optional message, and some
+ * detail to include with the status. Note that the specification
+ * explicitly says that a status code of OK, SyntaxError or
+ * ProcessingError may not appear with status detail, so an exception is
+ * thrown if one of these status codes is used and detail is included.
+ *
+ * @param code a <code>List</code> of <code>String</code> codes,
typically
+ * just one code, but this may contain any number of minor
+ * codes after the first item in the list, which is the major
+ * code
+ * @param message a message to include with the code, or null if there
+ * should be no message
+ * @param detail the status detail to include, or null if there is no
+ * detail
+ *
+ * @throws IllegalArgumentException if detail is included for a status
+ * code that doesn't allow detail
+ */
+ public Status(List code, String message, StatusDetail detail)
+ throws IllegalArgumentException
+ {
+ // if the code is ok, syntax error or processing error, there
+ // must not be any detail included
+ if (detail != null) {
+ String c = (String)(code.iterator().next());
+ if (c.equals(STATUS_OK) || c.equals(STATUS_SYNTAX_ERROR) ||
+ c.equals(STATUS_PROCESSING_ERROR))
+ throw new IllegalArgumentException("status detail cannot be
" +
+ "included with " + c);
+ }
+
+ this.code = Collections.unmodifiableList(new ArrayList(code));
+ this.message = message;
+ this.detail = detail;
+ }
+
+ /**
+ * Returns the status code.
+ *
+ * @return the status code
+ */
+ public List getCode() {
+ return code;
+ }
+
+ /**
+ * Returns the status message or null if there is none.
+ *
+ * @return the status message or null
+ */
+ public String getMessage() {
+ return message;
+ }
+
+ /**
+ * Returns the status detail or null if there is none.
+ *
+ * @return a <code>StatusDetail</code> or null
+ */
+ public StatusDetail getDetail() {
+ return detail;
+ }
+
+ /**
+ * Gets a <code>Status</code> instance that has the OK status and no
+ * other information. This is the default status data for all responses
+ * except Indeterminate ones.
+ *
+ * @return an instance with <code>STATUS_OK</code>
+ */
+ public static Status getOkInstance() {
+ return okStatus;
+ }
+
+ /**
+ * Creates a new instance of <code>Status</code> based on the given
+ * DOM root node. A <code>ParsingException</code> is thrown if the DOM
+ * root doesn't represent a valid StatusType.
+ *
+ * @param root the DOM root of a StatusType
+ *
+ * @return a new <code>Status</code>
+ *
+ * @throws ParsingException if the node is invalid
+ */
+ public static Status getInstance(Node root) throws ParsingException {
+ List code = null;
+ String message = null;
+ StatusDetail detail = null;
+
+ NodeList nodes = root.getChildNodes();
+ for (int i = 0; i < nodes.getLength(); i++) {
+ Node node = nodes.item(i);
+ String name = node.getNodeName();
+
+ if (name.equals("StatusCode")) {
+ code = parseStatusCode(node);
+ } else if (name.equals("StatusMessage")) {
+ message = node.getFirstChild().getNodeValue();
+ } else if (name.equals("StatusDetail")) {
+ detail = StatusDetail.getInstance(node);
+ }
+ }
+
+ return new Status(code, message, detail);
+ }
+
+ /**
+ * Private helper that parses the status code
+ */
+ private static List parseStatusCode(Node root) {
+ // get the top-level code
+ String val =
root.getAttributes().getNamedItem("Value").getNodeValue();
+ List code = new ArrayList();
+ code.add(val);
+
+ // now get the list of all sub-codes, and work through them
+ NodeList list = ((Element)root).getElementsByTagName("StatusCode");
+ for (int i = 0; i < list.getLength(); i++) {
+ Node node = list.item(i);
+ code.add(node.getAttributes().getNamedItem("Value").
+ getNodeValue());
+ }
+
+ return code;
+ }
+
+ /**
+ * Encodes this status data into its XML representation and writes
+ * this encoding to the given <code>OutputStream</code> with no
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ */
+ public void encode(OutputStream output) {
+ encode(output, new Indenter(0));
+ }
+
+ /**
+ * Encodes this status data into its XML representation and writes
+ * this encoding to the given <code>OutputStream</code> with
+ * indentation.
+ *
+ * @param output a stream into which the XML-encoded data is written
+ * @param indenter an object that creates indentation strings
+ */
+ public void encode(OutputStream output, Indenter indenter) {
+ PrintStream out = new PrintStream(output);
+ String indent = indenter.makeString();
+
+ out.println(indent + "<Status>");
+
+ indenter.in();
+
+ encodeStatusCode(out, indenter, code.iterator());
+
+ if (message != null)
+ out.println(indenter.makeString() + "<StatusMessage>" +
+ message + "</StatusMessage>");
+
+ if (detail != null)
+ out.println(detail.getEncoded());
+
+ indenter.out();
+
+ out.println(indent + "</Status>");
+ }
+
+ /**
+ * Encodes the object in XML
+ */
+ private void encodeStatusCode(PrintStream out, Indenter indenter,
+ Iterator iterator) {
+ String in = indenter.makeString();
+ String code = (String)(iterator.next());
+
+ if (iterator.hasNext()) {
+ indenter.in();
+ out.println(in + "<StatusCode Value=\"" + code + "\">");
+ encodeStatusCode(out, indenter, iterator);
+ out.println(in + "</StatusCode>");
+ indenter.out();
+ } else {
+ out.println(in + "<StatusCode Value=\"" + code + "\"/>");
+ }
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/ctx/StatusDetail.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/ctx/StatusDetail.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/ctx/StatusDetail.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,198 @@
+
+/*
+ * @(#)StatusDetail.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.ctx;
+
+import com.sun.xacml.ParsingException;
+
+import java.io.ByteArrayInputStream;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+
+
+/**
+ * This class represents the StatusDetailType in the context schema. Because
+ * status detail is defined as a sequence of xs:any XML type, the data in
+ * this class must be generic, and it is up to the application developer to
+ * interpret the data appropriately.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class StatusDetail
+{
+
+ // the root node
+ private Node detailRoot;
+
+ // the text version, if it's avilable already
+ private String detailText = null;
+
+ /**
+ * Constructor that uses a <code>List</code> of <code>Attribute</code>s
+ * to define the status detail. This is a common form of detail data,
+ * and can be used for things like providing the information included
+ * with the missing-attribute status code.
+ *
+ * @param attributes a <code>List</code> of <code>Attribute</code>s
+ *
+ * @throws IllegalArgumentException if there is a problem encoding the
+ * <code>Attribute</code>s
+ */
+ public StatusDetail(List attributes) throws IllegalArgumentException {
+ detailText = "<StatusDetail>\n";
+ Iterator it = attributes.iterator();
+
+ while (it.hasNext()) {
+ Attribute attr = (Attribute)(it.next());
+ detailText += attr.encode() + "\n";
+ }
+
+ detailText += "</StatusDetail>";
+
+ try {
+ detailRoot = textToNode(detailText);
+ } catch (ParsingException pe) {
+ // really, this should never happen, since we just made sure that
+ // we're working with valid text, but it's possible that encoding
+ // the attribute could have caused problems...
+ throw new IllegalArgumentException("invalid Attribute data");
+ }
+ }
+
+ /**
+ * Constructor that takes the text-encoded form of the XML to use as
+ * the status data. The encoded text will be wrapped with the
+ * <code>StatusDetail</code> XML tag, and the resulting text must
+ * be valid XML or a <code>ParsingException</code> will be thrown.
+ *
+ * @param encoded a non-null <code>String</code> that encodes the
+ * status detail
+ *
+ * @throws ParsingException if the encoded text is invalid XML
+ */
+ public StatusDetail(String encoded) throws ParsingException {
+ detailText = "<StatusDetail>\n" + encoded + "\n</StatusDetail>";
+ detailRoot = textToNode(detailText);
+ }
+
+ /**
+ * Private constructor that just sets the root node. This interface
+ * is provided publically through the getInstance method.
+ */
+ private StatusDetail(Node root) {
+ detailRoot = root;
+ }
+
+ /**
+ * Private helper routine that converts text into a node
+ */
+ private Node textToNode(String encoded) throws ParsingException {
+ try {
+ String text = "<?xml version=\"1.0\"?>\n";
+ byte [] bytes = (text + encoded).getBytes();
+
+ DocumentBuilderFactory factory =
+ DocumentBuilderFactory.newInstance();
+ DocumentBuilder db = factory.newDocumentBuilder();
+ Document doc = db.parse(new ByteArrayInputStream(bytes));
+
+ return doc.getDocumentElement();
+ } catch (Exception e) {
+ throw new ParsingException("invalid XML for status detail");
+ }
+ }
+
+ /**
+ * Creates an instance of a <code>StatusDetail</code> object based on
+ * the given DOM root node. The node must be a valid StatusDetailType
+ * root, or else a <code>ParsingException</code> is thrown.
+ *
+ * @param root the DOM root of the StatusDetailType XML type
+ *
+ * @return a new <code>StatusDetail</code> object
+ *
+ * @throws ParsingException if the root node is invalid
+ */
+ public static StatusDetail getInstance(Node root) throws
ParsingException {
+ // check that it's really a StatusDetailType root
+ if (! root.getNodeName().equals("StatusDetail"))
+ throw new ParsingException("not a StatusDetail node");
+
+ return new StatusDetail(root);
+ }
+
+ /**
+ * Returns the StatusDetailType DOM root node. This may contain within
+ * it any type of valid XML data, and it is up to the application writer
+ * to handle the data accordingly. One common use of status data is to
+ * include <code>Attribute</code>s, which can be created from their
+ * root DOM nodes using their <code>getInstance</code> method.
+ *
+ * @return the DOM root for the StatusDetailType XML type
+ */
+ public Node getDetail() {
+ return detailRoot;
+ }
+
+ /**
+ * Returns the text-encoded version of this data, if possible. If the
+ * <code>String</code> form constructor was used, this will just be the
+ * original text wrapped with the StatusData tag. If the
<code>List</code>
+ * form constructor was used, it will be the encoded attribute data.
+ * If this was created using the <code>getInstance</code> method, then
+ * <code>getEncoded</code> will throw an exception.
+ *
+ * @return the encoded form of this data
+ *
+ * @throws IllegalStateException if this object was created using the
+ * <code>getInstance</code> method
+ */
+ public String getEncoded() throws IllegalStateException {
+ if (detailText == null)
+ throw new IllegalStateException("no encoded form available");
+
+ return detailText;
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/ctx/Subject.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/ctx/Subject.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/ctx/Subject.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,145 @@
+
+/*
+ * @(#)Subject.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.ctx;
+
+import com.sun.xacml.Indenter;
+
+import com.sun.xacml.attr.AttributeDesignator;
+
+import java.io.OutputStream;
+import java.io.PrintStream;
+
+import java.net.URI;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+
+/**
+ * This class represents the collection of <code>Attribute</code>s associated
+ * with a particular subject.
+ *
+ * @since 1.1
+ * @author seth proctor
+ */
+public class Subject
+{
+
+ // the subject's category
+ private URI category;
+
+ // the attributes associated with the subject
+ private Set attributes;
+
+ /**
+ * <code>URI</code> form of the default subject category
+ */
+ public static final URI DEFAULT_CATEGORY;
+
+ // the exception thrown if the default category was invalid
+ private static RuntimeException earlyException = null;
+
+ /**
+ * Tries to initialize the default category, keeping track of the
+ * exception for later use (if there was a problem). Note that this
+ * should never happen, but the error case will be reported correctly
+ * if the default string is invalid.
+ */
+ static {
+ URI defaultURI = null;
+
+ try {
+ defaultURI = new
URI(AttributeDesignator.SUBJECT_CATEGORY_DEFAULT);
+ } catch (Exception e) {
+ earlyException = new IllegalArgumentException("invalid URI");
+ earlyException.initCause(e);
+ }
+
+ DEFAULT_CATEGORY = defaultURI;
+ }
+
+ /**
+ * Creates a new collection of subject attributes using the default
+ * subject cateorgy.
+ *
+ * @param attributes a non-null <code>Set</code> of
<code>Attribute</code>
+ * objects
+ */
+ public Subject(Set attributes) {
+ this(null, attributes);
+
+ if (earlyException != null)
+ throw earlyException;
+ }
+
+ /**
+ * Creates a new collection of subject attributes using the given
+ * subject category.
+ *
+ * @param category the subject category or null for the default category
+ * @param attributes a non-null <code>Set</code> of
<code>Attribute</code>
+ * objects
+ */
+ public Subject(URI category, Set attributes) {
+ if (category == null)
+ this.category = DEFAULT_CATEGORY;
+ else
+ this.category = category;
+
+ this.attributes = Collections.unmodifiableSet(new
HashSet(attributes));
+ }
+
+ /**
+ * Returns the category of this subject's attributes.
+ *
+ * @return the category
+ */
+ public URI getCategory() {
+ return category;
+ }
+
+ /**
+ * Returns the <code>Attribute</code>s associated with this subject.
+ *
+ * @return the immutable <code>Set</code> of <code>Attribute</code>s
+ */
+ public Set getAttributes() {
+ return attributes;
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/ctx/package.html
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/ctx/package.html
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/ctx/package.html
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,8 @@
+<body>
+ All of the classes that support the context schema are in this
+ package. The context schema contains the request and response formats,
+ and so there are classes to handle everything that goes into these
+ exchange formats. All of the classes in this package, and all the
+ related classes used by this package are parsable and encodable, so
+ it's easy to build a PEP and a PDP using these routines.
+</body>

Added: branches/authRengine/sunxacml/com/sun/xacml/finder/AttributeFinder.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/finder/AttributeFinder.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/finder/AttributeFinder.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,255 @@
+
+/*
+ * @(#)AttributeFinder.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.finder;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.BagAttribute;
+
+import com.sun.xacml.cond.EvaluationResult;
+
+import java.net.URI;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * This class is used by the PDP to find attribute values that weren't
+ * originally supplied in the request. It can be called with the data
supplied
+ * in <code>AttributeDesignator<code>s or <code>AttributeSelector</code>s.
+ * Because the modules in this finder may themselves need attribute data
+ * to search for attribute data, it's possible that the modules will look
+ * for values in the <code>EvaluationCtx</code>, which may in turn result
+ * in the invocation of this finder again, so module writers need to be
+ * careful about how they build their modules.
+ * 
+ * Note that unlike the PolicyFinder, this class doesn't always need to
+ * use every module it has to find a value. The ordering is maintained,
+ * however, so it will always start with the first module, and proceed
+ * in order until it finds a value or runs out of modules.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class AttributeFinder
+{
+
+ // the list of all modules
+ private List allModules;
+
+ //
+ private List designatorModules;
+
+ //
+ private List selectorModules;
+
+ // the logger we'll use for all messages
+ private static final Logger logger =
+ Logger.getLogger(AttributeFinder.class.getName());
+
+ /**
+ * Default constructor.
+ */
+ public AttributeFinder() {
+ allModules = new ArrayList();
+ designatorModules = new ArrayList();
+ selectorModules = new ArrayList();
+ }
+
+ /**
+ * Returns the ordered <code>List</code> of modules used by this class
+ * to find attribute values.
+ *
+ * @return the list of modules used by this class
+ */
+ public List getModules() {
+ return new ArrayList(allModules);
+ }
+
+ /**
+ * Sets the ordered <code>List</code> of modules used by this class
+ * to find attribute values. The ordering will be maintained.
+ *
+ * @param modules the modules this class will use
+ */
+ public void setModules(List modules) {
+ Iterator it = modules.iterator();
+
+ allModules = new ArrayList(modules);
+ designatorModules = new ArrayList();
+ selectorModules = new ArrayList();
+
+ while (it.hasNext()) {
+ AttributeFinderModule module =
(AttributeFinderModule)(it.next());
+
+ if (module.isDesignatorSupported())
+ designatorModules.add(module);
+
+ if (module.isSelectorSupported())
+ selectorModules.add(module);
+ }
+ }
+
+ /**
+ * Tries to find attribute values based on the given designator data.
+ * The result, if successful, will always contain a
+ * <code>BagAttribute</code>, even if only one value was found. If no
+ * values were found, but no other error occurred, an empty bag is
+ * returned.
+ *
+ * @param attributeType the datatype of the attributes to find
+ * @param attributeId the identifier of the attributes to find
+ * @param issuer the issuer of the attributes, or null if unspecified
+ * @param subjectCategory the category of the attribute if the
+ * designatorType is SUBJECT_TARGET, otherwise
null
+ * @param context the representation of the request data
+ * @param designatorType the type of designator as named by the *_TARGET
+ * fields in <code>AttributeDesignator</code>
+ *
+ * @return the result of attribute retrieval, which will be a bag of
+ * attributes or an error
+ */
+ public EvaluationResult findAttribute(URI attributeType, URI attributeId,
+ URI issuer, URI subjectCategory,
+ EvaluationCtx context,
+ int designatorType) {
+ Iterator it = designatorModules.iterator();
+
+ // go through each module in order
+ while (it.hasNext()) {
+ AttributeFinderModule module =
(AttributeFinderModule)(it.next());
+
+ // see if the module supports this type
+ Set types = module.getSupportedDesignatorTypes();
+ if ((types == null) || (types.
+ contains(new Integer(designatorType)))) {
+ // see if the module can find an attribute value
+ EvaluationResult result =
+ module.findAttribute(attributeType, attributeId, issuer,
+ subjectCategory, context,
+ designatorType);
+
+ // if there was an error, we stop right away
+ if (result.indeterminate()) {
+ if (logger.isLoggable(Level.INFO))
+ logger.info("Error while trying to resolve values: "
+
+ result.getStatus().getMessage());
+ return result;
+ }
+
+ // if the result wasn't empty, then return the result
+ BagAttribute bag =
(BagAttribute)(result.getAttributeValue());
+ if (! bag.isEmpty())
+ return result;
+ }
+ }
+
+ // if we got here then there were no errors but there were also no
+ // matches, so we have to return an empty bag
+ if (logger.isLoggable(Level.INFO))
+ logger.info("Failed to resolve any values for " +
+ attributeId.toString());
+
+ return new EvaluationResult(BagAttribute.
+ createEmptyBag(attributeType));
+ }
+
+ /**
+ * Tries to find attribute values based on the given selector data.
+ * The result, if successful, must always contain a
+ * <code>BagAttribute</code>, even if only one value was found. If no
+ * values were found, but no other error occurred, an empty bag is
+ * returned.
+ *
+ * @param contextPath the XPath expression to search against
+ * @param namespaceNode the DOM node defining namespace mappings to use,
+ * or null if mappings come from the context root
+ * @param attributeType the datatype of the attributes to find
+ * @param context the representation of the request data
+ * @param xpathVersion the XPath version to use
+ *
+ * @return the result of attribute retrieval, which will be a bag of
+ * attributes or an error
+ */
+ public EvaluationResult findAttribute(String contextPath,
+ Node namespaceNode,
+ URI attributeType,
+ EvaluationCtx context,
+ String xpathVersion) {
+ Iterator it = selectorModules.iterator();
+
+ // go through each module in order
+ while (it.hasNext()) {
+ AttributeFinderModule module =
(AttributeFinderModule)(it.next());
+
+ // see if the module can find an attribute value
+ EvaluationResult result =
+ module.findAttribute(contextPath, namespaceNode,
attributeType,
+ context, xpathVersion);
+
+ // if there was an error, we stop right away
+ if (result.indeterminate()) {
+ if (logger.isLoggable(Level.INFO))
+ logger.info("Error while trying to resolve values: " +
+ result.getStatus().getMessage());
+ return result;
+ }
+
+ // if the result wasn't empty, then return the result
+ BagAttribute bag = (BagAttribute)(result.getAttributeValue());
+ if (! bag.isEmpty())
+ return result;
+ }
+
+ // if we got here then there were no errors but there were also no
+ // matches, so we have to return an empty bag
+ if (logger.isLoggable(Level.INFO))
+ logger.info("Failed to resolve any values for " + contextPath);
+
+ return new EvaluationResult(BagAttribute.
+ createEmptyBag(attributeType));
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/finder/AttributeFinderModule.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/finder/AttributeFinderModule.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/finder/AttributeFinderModule.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,205 @@
+
+/*
+ * @(#)AttributeFinderModule.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.finder;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.BagAttribute;
+
+import com.sun.xacml.cond.EvaluationResult;
+
+import java.net.URI;
+
+import java.util.Set;
+
+import org.w3c.dom.Node;
+
+
+/**
+ * This is the abstract class that all <code>AttributeFinder</code> modules
+ * extend. All methods have default values to represent that the given
+ * feature isn't supported by this module, so module writers needs only
+ * implement the methods for the features they're supporting.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public abstract class AttributeFinderModule
+{
+
+ /**
+ * Returns this module's identifier. A module does not need to provide
+ * a unique identifier, but it is a good idea, especially in support of
+ * management software. Common identifiers would be the full package
+ * and class name (the default if this method isn't overridden), just the
+ * class name, or some other well-known string that identifies this
class.
+ *
+ * @return this module's identifier
+ */
+ public String getIdentifier() {
+ return getClass().getName();
+ }
+
+ /**
+ * Returns true if this module supports retrieving attributes based on
the
+ * data provided in an AttributeDesignatorType. By default this method
+ * returns false.
+ *
+ * @return true if retrieval based on designator data is supported
+ */
+ public boolean isDesignatorSupported() {
+ return false;
+ }
+
+ /**
+ * Returns true if this module supports retrieving attributes based on
the
+ * data provided in an AttributeSelectorType. By default this method
+ * returns false.
+ *
+ * @return true if retrieval based on selector data is supported
+ */
+ public boolean isSelectorSupported() {
+ return false;
+ }
+
+ /**
+ * Returns a <code>Set</code> of <code>Integer</code>s that represent
+ * which AttributeDesignator types are supported (eg, Subject, Resource,
+ * etc.), or null meaning that no particular types are supported. A
+ * return value of null can mean that this module doesn't support
+ * designator retrieval, or that it supports designators of all types.
+ * If the set is non-null, it should contain the values specified in
+ * the <code>AttributeDesignator</code> *_TARGET fields.
+ *
+ * @return a <code>Set</code> of <code>Integer</code>s, or null
+ */
+ public Set getSupportedDesignatorTypes() {
+ return null;
+ }
+
+ /**
+ * Returns a <code>Set</code> of <code>URI</code>s that represent the
+ * attributeIds handled by this module, or null if this module doesn't
+ * handle any specific attributeIds. A return value of null means that
+ * this module will try to resolve attributes of any id.
+ *
+ * @return a <code>Set</code> of <code>URI</code>s, or null
+ */
+ public Set getSupportedIds() {
+ return null;
+ }
+
+ /**
+ * This is an experimental method that asks the module to invalidate any
+ * cache values it may contain. This is not used by any of the core
+ * processing code, but it may be used by management software that wants
+ * to have some control over these modules. Since a module is free to
+ * decide how or if it caches values, and whether it is capable of
+ * updating values once in a cache, a module is free to intrepret this
+ * message in any way it sees fit (including igoring the message). It
+ * is preferable, however, for a module to make every effort to clear
+ * any dynamically cached values it contains.
+ * 
+ * This method has been introduced to see what people think of this
+ * functionality, and how they would like to use it. It may be removed
+ * in future versions, or it may be changed to a more general
+ * message-passing system (if other useful messages are identified).
+ *
+ * @since 1.2
+ */
+ public void invalidateCache() {
+
+ }
+
+ /**
+ * Tries to find attribute values based on the given designator data.
+ * The result, if successful, must always contain a
+ * <code>BagAttribute</code>, even if only one value was found. If no
+ * values were found, but no other error occurred, an empty bag is
+ * returned. This method may need to invoke the context data to look
+ * for other attribute values, so a module writer must take care not
+ * to create a scenario that loops forever.
+ *
+ * @param attributeType the datatype of the attributes to find
+ * @param attributeId the identifier of the attributes to find
+ * @param issuer the issuer of the attributes, or null if unspecified
+ * @param subjectCategory the category of the attribute if the
+ * designatorType is SUBJECT_TARGET, otherwise
null
+ * @param context the representation of the request data
+ * @param designatorType the type of designator as named by the *_TARGET
+ * fields in <code>AttributeDesignator</code>
+ *
+ * @return the result of attribute retrieval, which will be a bag of
+ * attributes or an error
+ */
+ public EvaluationResult findAttribute(URI attributeType, URI attributeId,
+ URI issuer, URI subjectCategory,
+ EvaluationCtx context,
+ int designatorType) {
+ return new EvaluationResult(BagAttribute.
+ createEmptyBag(attributeType));
+ }
+
+ /**
+ * Tries to find attribute values based on the given selector data.
+ * The result, if successful, must always contain a
+ * <code>BagAttribute</code>, even if only one value was found. If no
+ * values were found, but no other error occurred, an empty bag is
+ * returned. This method may need to invoke the context data to look
+ * for other attribute values, so a module writer must take care not
+ * to create a scenario that loops forever.
+ *
+ * @param contextPath the XPath expression to search against
+ * @param namespaceNode the DOM node defining namespace mappings to use,
+ * or null if mappings come from the context root
+ * @param attributeType the datatype of the attributes to find
+ * @param context the representation of the request data
+ * @param xpathVersion the XPath version to use
+ *
+ * @return the result of attribute retrieval, which will be a bag of
+ * attributes or an error
+ */
+ public EvaluationResult findAttribute(String contextPath,
+ Node namespaceNode,
+ URI attributeType,
+ EvaluationCtx context,
+ String xpathVersion) {
+ return new EvaluationResult(BagAttribute.
+ createEmptyBag(attributeType));
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/finder/PolicyFinder.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/finder/PolicyFinder.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/finder/PolicyFinder.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,276 @@
+
+/*
+ * @(#)PolicyFinder.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.finder;
+
+import com.sun.xacml.EvaluationCtx;
+import com.sun.xacml.PolicyReference;
+
+import com.sun.xacml.ctx.Status;
+
+import java.net.URI;
+
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+
+/**
+ * This class is used by the PDP to find all policies used in evaluation. A
+ * PDP is given a pre-configured <code>PolicyFinder</code> on construction.
+ * The <code>PolicyFinder</code> provides the functionality both to find
+ * policies based on a request (ie, retrieve policies and match against the
+ * target) and based on an idReference (as can be included in a PolicySet).
+ * 
+ * While this class is typically used by the PDP, it is intentionally
+ * designed to support stand-alone use, so it could be the base for a
+ * distributed service, or for some application that needs just this
+ * functionality. There is nothing in the <code>PolicyFinder</code that
+ * relies on the functionality in the PDP. An example of this is a PDP
+ * that offloads all policy work by passing requests to another server
+ * that does all the retrieval, and passes back the applicable policy.
+ * This would require custom code undefined in the XACML spec, but it would
+ * free up the server to focus on core policy processing.
+ * 
+ * Note that it is an error to have more than one top-level policy (as
+ * explained in the OnlyOneApplicable combining algorithm), so any module
+ * that is added to this finder will be evaluated each time a policy is
+ * requested. This means that you should think carefully about how many
+ * modules you include, and how they can cache policy data.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class PolicyFinder
+{
+
+ // all modules in this finder
+ private Set allModules;
+
+ // all the request modules
+ private Set requestModules;
+
+ // all the reference modules
+ private Set referenceModules;
+
+ // the logger we'll use for all messages
+ private static final Logger logger =
+ Logger.getLogger(PolicyFinder.class.getName());
+
+ /**
+ * Returns the unordered <code>Set</code> of modules used by this class
+ * to find policies.
+ *
+ * @return the set of modules used by this class
+ */
+ public Set getModules() {
+ return new HashSet(allModules);
+ }
+
+ /**
+ * Sets the unordered <code>Set</code> of modules used by this class
+ * to find policies.
+ *
+ * @param modules the modules this class will use
+ */
+ public void setModules(Set modules) {
+ Iterator it = modules.iterator();
+
+ allModules = new HashSet(modules);
+ requestModules = new HashSet();
+ referenceModules = new HashSet();
+
+ while (it.hasNext()) {
+ PolicyFinderModule module = (PolicyFinderModule)(it.next());
+
+ if (module.isRequestSupported())
+ requestModules.add(module);
+
+ if (module.isIdReferenceSupported())
+ referenceModules.add(module);
+ }
+ }
+
+ /**
+ *
+ */
+ public void init() {
+ logger.finer("Initializing PolicyFinder");
+
+ Iterator it = allModules.iterator();
+
+ while (it.hasNext()) {
+ PolicyFinderModule module = (PolicyFinderModule)(it.next());
+ module.init(this);
+ }
+ }
+
+ /**
+ * Finds a policy based on a request's context. This may involve using
+ * the request data as indexing data to lookup a policy. This will always
+ * do a Target match to make sure that the given policy applies. If more
+ * than one applicable policy is found, this will return an error.
+ *
+ * @param context the representation of the request data
+ *
+ * @return the result of trying to find an applicable policy
+ */
+ public PolicyFinderResult findPolicy(EvaluationCtx context) {
+ PolicyFinderResult result = null;
+ Iterator it = requestModules.iterator();
+
+ // look through all of the modules
+ while (it.hasNext()) {
+ PolicyFinderModule module = (PolicyFinderModule)(it.next());
+ PolicyFinderResult newResult = module.findPolicy(context);
+
+ // if there was an error, we stop right away
+ if (newResult.indeterminate()) {
+ if (logger.isLoggable(Level.INFO))
+ logger.info("An error occured while trying to find a " +
+ "single applicable policy for a request: " +
+ newResult.getStatus().getMessage());
+
+ return newResult;
+ }
+
+ // if we found a policy...
+ if (! newResult.notApplicable()) {
+ // ...if we already had found a policy, this is an error...
+ if (result != null) {
+ logger.info("More than one top-level applicable policy "
+
+ "for the request");
+
+ ArrayList code = new ArrayList();
+ code.add(Status.STATUS_PROCESSING_ERROR);
+ Status status = new Status(code, "too many applicable " +
+ "top-level policies");
+ return new PolicyFinderResult(status);
+ }
+
+ // ...otherwise we remember the result
+ result = newResult;
+ }
+ }
+
+ // if we got here then we didn't have any errors, so the only
+ // question is whether or not we found anything
+ if (result != null) {
+ return result;
+ } else {
+ logger.info("No applicable policies were found for the request");
+
+ return new PolicyFinderResult();
+ }
+ }
+
+ /**
+ * Finds a policy based on an id reference. This may involve using
+ * the reference as indexing data to lookup a policy. This will always
+ * do a Target match to make sure that the given policy applies. If more
+ * than one applicable policy is found, this will return an error.
+ *
+ * @param idReference the identifier used to resolve a policy
+ * @param type type of reference (policy or policySet) as identified by
+ * the fields in <code>PolicyReference</code>
+ *
+ * @return the result of trying to find an applicable policy
+ *
+ * @throws IllegalArgumentException if <code>type</code> is invalid
+ */
+ public PolicyFinderResult findPolicy(URI idReference, int type)
+ throws IllegalArgumentException
+ {
+ PolicyFinderResult result = null;
+ Iterator it = referenceModules.iterator();
+
+ if ((type != PolicyReference.POLICY_REFERENCE) &&
+ (type != PolicyReference.POLICYSET_REFERENCE))
+ throw new IllegalArgumentException("Unknown reference type");
+
+ // look through all of the modules
+ while (it.hasNext()) {
+ PolicyFinderModule module = (PolicyFinderModule)(it.next());
+ PolicyFinderResult newResult = module.findPolicy(idReference,
+ type);
+
+ // if there was an error, we stop right away
+ if (newResult.indeterminate()) {
+ if (logger.isLoggable(Level.INFO))
+ logger.info("An error occured while trying to find the "
+
+ "referenced policy " +
idReference.toString() +
+ ": " + newResult.getStatus().getMessage());
+
+ return newResult;
+ }
+
+ // if we found a policy...
+ if (! newResult.notApplicable()) {
+ // ...if we already had found a policy, this is an error...
+ if (result != null) {
+ if (logger.isLoggable(Level.INFO))
+ logger.info("More than one policy applies for the " +
+ "reference: " + idReference.toString());
+ ArrayList code = new ArrayList();
+ code.add(Status.STATUS_PROCESSING_ERROR);
+ Status status = new Status(code, "too many applicable " +
+ "top-level policies");
+ return new PolicyFinderResult(status);
+ }
+
+ // ...otherwise we remember the result
+ result = newResult;
+ }
+ }
+
+ // if we got here then we didn't have any errors, so the only
+ // question is whether or not we found anything
+ if (result != null) {
+ return result;
+ } else {
+ if (logger.isLoggable(Level.INFO))
+ logger.info("No policies were resolved for the reference: " +
+ idReference.toString());
+
+ return new PolicyFinderResult();
+ }
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/finder/PolicyFinderModule.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/finder/PolicyFinderModule.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/finder/PolicyFinderModule.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,158 @@
+
+/*
+ * @(#)PolicyFinderModule.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.finder;
+
+import com.sun.xacml.EvaluationCtx;
+
+import java.net.URI;
+
+
+/**
+ * This is the abstract class that all <code>PolicyFinder</code> modules
+ * extend. All methods have default values to represent that the given
+ * feature isn't supported by this module, so module writers needs only
+ * implement the methods for the features they're supporting.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public abstract class PolicyFinderModule
+{
+
+ /**
+ * Returns this module's identifier. A module does not need to provide
+ * a unique identifier, but it is a good idea, especially in support of
+ * management software. Common identifiers would be the full package
+ * and class name (the default if this method isn't overridden), just the
+ * class name, or some other well-known string that identifies this
class.
+ *
+ * @return this module's identifier
+ */
+ public String getIdentifier() {
+ return getClass().getName();
+ }
+
+ /**
+ * Returns true if the module supports finding policies based on a
+ * request (ie, target matching). By default this method returns false.
+ *
+ * @return true if request retrieval is supported
+ */
+ public boolean isRequestSupported() {
+ return false;
+ }
+
+ /**
+ * Returns true if the module supports finding policies based on an
+ * id reference (in a PolicySet). By default this method returns false.
+ *
+ * @return true if idReference retrieval is supported
+ */
+ public boolean isIdReferenceSupported() {
+ return false;
+ }
+
+ /**
+ * Initializes this module for use by the given finder. Typically this
+ * is called when a <code>PDP</code> is initialized with a
+ * <code>PDPConfig</code> containing the given <code>PolicyFinder</code>.
+ * Because <code>PolicyFinderModule</code>s usually need to parse
+ * policies, and this requires knowing their <code>PolicyFinder<code>,
+ * parsing is usually done at or after this point in the lifetime
+ * of this module. This might also be a good time to reset any internal
+ * caches or temporary data. Note that this method may be called more
+ * than once in the lifetime of a module.
+ *
+ * @param finder the <code>PolicyFinder</code> using this module
+ */
+ public abstract void init(PolicyFinder finder);
+
+ /**
+ * This is an experimental method that asks the module to invalidate any
+ * cache values it may contain. This is not used by any of the core
+ * processing code, but it may be used by management software that wants
+ * to have some control over these modules. Since a module is free to
+ * decide how or if it caches values, and whether it is capable of
+ * updating values once in a cache, a module is free to intrepret this
+ * message in any way it sees fit (including igoring the message). It
+ * is preferable, however, for a module to make every effort to clear
+ * any dynamically cached values it contains.
+ * 
+ * This method has been introduced to see what people think of this
+ * functionality, and how they would like to use it. It may be removed
+ * in future versions, or it may be changed to a more general
+ * message-passing system (if other useful messages are identified).
+ *
+ * @since 1.2
+ */
+ public void invalidateCache() {
+
+ }
+
+ /**
+ * Tries to find one and only one matching policy given the request
+ * represented by the context data. If more than one policy is found,
+ * this is an error and must be reported as such. If no policies are
+ * found, then an empty result must be returned. By default this
+ * method returns an empty result. This method should never return null.
+ *
+ * @param context the representation of the request
+ *
+ * @return the result of looking for a matching policy
+ */
+ public PolicyFinderResult findPolicy(EvaluationCtx context) {
+ return new PolicyFinderResult();
+ }
+
+ /**
+ * Tries to find one and only one matching policy given the idReference
+ * If more than one policy is found, this is an error and must be
reported
+ * as such. If no policies are found, then an empty result must be
+ * returned. By default this method returns an empty result. This method
+ * should never return null.
+ *
+ * @param idReference an identifier specifying some policy
+ * @param type type of reference (policy or policySet) as identified by
+ * the fields in <code>PolicyReference</code>
+ *
+ * @return the result of looking for a matching policy
+ */
+ public PolicyFinderResult findPolicy(URI idReference, int type) {
+ return new PolicyFinderResult();
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/finder/PolicyFinderResult.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/finder/PolicyFinderResult.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/finder/PolicyFinderResult.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,130 @@
+
+/*
+ * @(#)PolicyFinderResult.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.finder;
+
+import com.sun.xacml.AbstractPolicy;
+
+import com.sun.xacml.ctx.Status;
+
+
+/**
+ * This is used as the return value for the findPolicy() methods in the
+ * <code>PolicyFinder</code>. It communicates either a found policy that
+ * applied to the request (eg, the target matches), an Indeterminate state,
+ * or no applicable policies.
+ * 
+ * The OnlyOneApplicable combining logic is used in looking for a policy,
+ * so the result from calling findPolicy can never be more than one policy.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class PolicyFinderResult
+{
+
+ // the single policy being returned
+ private AbstractPolicy policy;
+
+ // status that represents an error occurred
+ private Status status;
+
+ /**
+ * Creates a result saying that no applicable policies were found.
+ */
+ public PolicyFinderResult() {
+ policy = null;
+ status = null;
+ }
+
+ /**
+ * Creates a result containing a single applicable policy.
+ *
+ * @param policy the applicable policy
+ */
+ public PolicyFinderResult(AbstractPolicy policy) {
+ this.policy = policy;
+ status = null;
+ }
+
+ /**
+ * Create a result of Indeterminate, including Status data.
+ *
+ * @param status the error information
+ */
+ public PolicyFinderResult(Status status) {
+ policy = null;
+ this.status = status;
+ }
+
+ /**
+ * Returns true if the result was NotApplicable.
+ *
+ * @return true if the result was NotApplicable
+ */
+ public boolean notApplicable() {
+ return ((policy == null) && (status == null));
+ }
+
+ /**
+ * Returns true if the result was Indeterminate.
+ *
+ * @return true if there was an error
+ */
+ public boolean indeterminate() {
+ return (status != null);
+ }
+
+ /**
+ * Returns the found policy, or null if there was an error or no policy
+ * was found.
+ *
+ * @return the applicable policy or null
+ */
+ public AbstractPolicy getPolicy() {
+ return policy;
+ }
+
+ /**
+ * Returns the status if there was an error, or null if no error
occurred.
+ *
+ * @return the error status data or null
+ */
+ public Status getStatus() {
+ return status;
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/finder/ResourceFinder.java
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/finder/ResourceFinder.java
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/finder/ResourceFinder.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,286 @@
+
+/*
+ * @(#)ResourceFinder.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.finder;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeValue;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+
+/**
+ * This class is used by the PDP to handle resource scopes other than
+ * Immediate. In the case of a scope of Children or Descendants, the PDP
+ * needs a list of Resource Ids to evaluate, each of which will get its
+ * own Result. Like the PolicyFinder, this is not tied in any way to the
+ * rest of the PDP code, and could be provided as a stand-alone resource.
+ * 
+ * This class basically is a coordinator that asks each module in turn
+ * if it can handle the given identifier. Evaluation proceeds in order
through
+ * the given modules, and once a module returns a non-empty response (whether
+ * or not it contains any errors or only errors), the evaluation is
+ * finished and the result is returned. One of the issues here is ordering,
+ * since a given resource may look to several modules like something that
+ * they can handle. So, you must be careful when assigning to ordering of
+ * the modules in this finder.
+ * 
+ * Note that in release 1.2 the interfaces were updated to include the
+ * evaluation context. In the next major release the interfaces without the
+ * context information will be removed, but for now both exist. This means
+ * that if this finder is called with the context, then only the methods
+ * in <code>ResourceFinderModule</code> supporting the context will be
+ * called (and likewise only the methods without context will be called
+ * when this finder is called without the context). In practice this
+ * means that the methods with context will always get invoked, since this
+ * is what the default PDP implementation calls.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class ResourceFinder
+{
+
+ // the list of all modules
+ private List allModules;
+
+ // the list of child modules
+ private List childModules;
+
+ // the list of descendant modules
+ private List descendantModules;
+
+ // the logger we'll use for all messages
+ private static final Logger logger =
+ Logger.getLogger(ResourceFinder.class.getName());
+
+ /**
+ * Default constructor.
+ */
+ public ResourceFinder() {
+ allModules = new ArrayList();
+ childModules = new ArrayList();
+ descendantModules = new ArrayList();
+ }
+
+ /**
+ * Returns the ordered <code>List</code> of modules used by this class
+ * to find resources.
+ *
+ * @return the list of modules used by this class
+ */
+ public List getModules() {
+ return new ArrayList(allModules);
+ }
+
+ /**
+ * Sets the ordered <code>List</code> of modules used by this class
+ * to find resources. The ordering will be maintained.
+ *
+ * @param modules the modules this class will use
+ */
+ public void setModules(List modules) {
+ Iterator it = modules.iterator();
+
+ allModules = new ArrayList(modules);
+ childModules = new ArrayList();
+ descendantModules = new ArrayList();
+
+ while (it.hasNext()) {
+ ResourceFinderModule module = (ResourceFinderModule)(it.next());
+
+ if (module.isChildSupported())
+ childModules.add(module);
+
+ if (module.isDescendantSupported())
+ descendantModules.add(module);
+ }
+ }
+
+ /**
+ * Finds Resource Ids using the Children scope, and returns all resolved
+ * identifiers as well as any errors that occurred. If no modules can
+ * handle the given Resource Id, then an empty result is returned.
+ *
+ * @param parentResourceId the root of the resources
+ * @param context the representation of the request data
+ *
+ * @return the result of looking for child resources
+ */
+ public ResourceFinderResult findChildResources(AttributeValue
+ parentResourceId,
+ EvaluationCtx context) {
+ Iterator it = childModules.iterator();
+
+ while (it.hasNext()) {
+ ResourceFinderModule module = (ResourceFinderModule)(it.next());
+
+ // ask the module to find the resources
+ ResourceFinderResult result =
+ module.findChildResources(parentResourceId, context);
+
+ // if we found something, then always return that result
+ if (! result.isEmpty())
+ return result;
+ }
+
+ // no modules applied, so we return an empty result
+ if (logger.isLoggable(Level.INFO))
+ logger.info("No ResourceFinderModule existed to handle the " +
+ "children of " + parentResourceId.encode());
+
+ return new ResourceFinderResult();
+ }
+
+ /**
+ * Finds Resource Ids using the Children scope, and returns all resolved
+ * identifiers as well as any errors that occurred. If no modules can
+ * handle the given Resource Id, then an empty result is returned.
+ *
+ * @deprecated As of version 1.2, replaced by
+ *
{@link
#findChildResources(AttributeValue,EvaluationCtx)}.
+ * This version does not provide the evaluation context to
+ * the modules, and will be removed in a future release.
+ *
+ * @param parentResourceId the root of the resources
+ *
+ * @return the result of looking for child resources
+ */
+ public ResourceFinderResult findChildResources(AttributeValue
+ parentResourceId) {
+ Iterator it = childModules.iterator();
+
+ while (it.hasNext()) {
+ ResourceFinderModule module = (ResourceFinderModule)(it.next());
+
+ // ask the module to find the resources
+ ResourceFinderResult result =
+ module.findChildResources(parentResourceId);
+
+ // if we found something, then always return that result
+ if (! result.isEmpty())
+ return result;
+ }
+
+ // no modules applied, so we return an empty result
+ if (logger.isLoggable(Level.INFO))
+ logger.info("No ResourceFinderModule existed to handle the " +
+ "children of " + parentResourceId.encode());
+
+ return new ResourceFinderResult();
+ }
+
+ /**
+ * Finds Resource Ids using the Descendants scope, and returns all
resolved
+ * identifiers as well as any errors that occurred. If no modules can
+ * handle the given Resource Id, then an empty result is returned.
+ *
+ * @param parentResourceId the root of the resources
+ * @param context the representation of the request data
+ *
+ * @return the result of looking for descendant resources
+ */
+ public ResourceFinderResult findDescendantResources(AttributeValue
+ parentResourceId,
+ EvaluationCtx
+ context) {
+ Iterator it = descendantModules.iterator();
+
+ while (it.hasNext()) {
+ ResourceFinderModule module = (ResourceFinderModule)(it.next());
+
+ // ask the module to find the resources
+ ResourceFinderResult result =
+ module.findDescendantResources(parentResourceId, context);
+
+ // if we found something, then always return that result
+ if (! result.isEmpty())
+ return result;
+ }
+
+ // no modules applied, so we return an empty result
+ if (logger.isLoggable(Level.INFO))
+ logger.info("No ResourceFinderModule existed to handle the " +
+ "descendants of " + parentResourceId.encode());
+
+ return new ResourceFinderResult();
+ }
+
+ /**
+ * Finds Resource Ids using the Descendants scope, and returns all
resolved
+ * identifiers as well as any errors that occurred. If no modules can
+ * handle the given Resource Id, then an empty result is returned.
+ *
+ * @deprecated As of version 1.2, replaced by
+ *
{@link
#findDescendantResources(AttributeValue,EvaluationCtx)}.
+ * This version does not provide the evaluation context to
+ * the modules, and will be removed in a future release.
+ *
+ * @param parentResourceId the root of the resources
+ *
+ * @return the result of looking for child resources
+ */
+ public ResourceFinderResult findDescendantResources(AttributeValue
+ parentResourceId) {
+ Iterator it = descendantModules.iterator();
+
+ while (it.hasNext()) {
+ ResourceFinderModule module = (ResourceFinderModule)(it.next());
+
+ // ask the module to find the resources
+ ResourceFinderResult result =
+ module.findDescendantResources(parentResourceId);
+
+ // if we found something, then always return that result
+ if (! result.isEmpty())
+ return result;
+ }
+
+ // no modules applied, so we return an empty result
+ if (logger.isLoggable(Level.INFO))
+ logger.info("No ResourceFinderModule existed to handle the " +
+ "descendants of " + parentResourceId.encode());
+
+ return new ResourceFinderResult();
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/finder/ResourceFinderModule.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/finder/ResourceFinderModule.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/finder/ResourceFinderModule.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,192 @@
+
+/*
+ * @(#)ResourceFinderModule.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.finder;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeValue;
+
+
+/**
+ * This is the abstract class that all <code>ResourceFinder</code> modules
+ * extend. All methods have default values to represent that the given
+ * feature isn't supported by this module, so module writers needs only
+ * implement the methods for the features they're supporting.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public abstract class ResourceFinderModule
+{
+
+ /**
+ * Returns this module's identifier. A module does not need to provide
+ * a unique identifier, but it is a good idea, especially in support of
+ * management software. Common identifiers would be the full package
+ * and class name (the default if this method isn't overridden), just the
+ * class name, or some other well-known string that identifies this
class.
+ *
+ * @return this module's identifier
+ */
+ public String getIdentifier() {
+ return getClass().getName();
+ }
+
+ /**
+ * Returns true if this module supports finding resources with the
+ * "Children" scope. By default this method returns false.
+ *
+ * @return true if the module supports the Children scope
+ */
+ public boolean isChildSupported() {
+ return false;
+ }
+
+ /**
+ * Returns true if this module supports finding resources with the
+ * "Descendants" scope. By default this method returns false.
+ *
+ * @return true if the module supports the Descendants scope
+ */
+ public boolean isDescendantSupported() {
+ return false;
+ }
+
+ /**
+ * This is an experimental method that asks the module to invalidate any
+ * cache values it may contain. This is not used by any of the core
+ * processing code, but it may be used by management software that wants
+ * to have some control over these modules. Since a module is free to
+ * decide how or if it caches values, and whether it is capable of
+ * updating values once in a cache, a module is free to intrepret this
+ * message in any way it sees fit (including igoring the message). It
+ * is preferable, however, for a module to make every effort to clear
+ * any dynamically cached values it contains.
+ * 
+ * This method has been introduced to see what people think of this
+ * functionality, and how they would like to use it. It may be removed
+ * in future versions, or it may be changed to a more general
+ * message-passing system (if other useful messages are identified).
+ *
+ * @since 1.2
+ */
+ public void invalidateCache() {
+
+ }
+
+ /**
+ * Tries to find the child Resource Ids associated with the parent. If
+ * this module cannot handle the given identifier, then an empty result
is
+ * returned, otherwise the result will always contain at least the
+ * parent Resource Id, either as a successfully resolved Resource Id or
an
+ * error case, but never both.
+ *
+ * @param parentResourceId the parent resource identifier
+ * @param context the representation of the request data
+ *
+ * @return the result of finding child resources
+ */
+ public ResourceFinderResult findChildResources(AttributeValue
+ parentResourceId,
+ EvaluationCtx context) {
+ return new ResourceFinderResult();
+ }
+
+ /**
+ * Tries to find the child Resource Ids associated with the parent. If
+ * this module cannot handle the given identifier, then an empty result
is
+ * returned, otherwise the result will always contain at least the
+ * parent Resource Id, either as a successfully resolved Resource Id or
an
+ * error case, but never both.
+ *
+ * @deprecated As of version 1.2, replaced by
+ *
{@link
#findChildResources(AttributeValue,EvaluationCtx)}.
+ * This version does not provide the evaluation context,
+ * and will be removed in a future release. Also, not that
+ * this will never get called when using the default PDP.
+ *
+ * @param parentResourceId the parent resource identifier
+ *
+ * @return the result of finding child resources
+ */
+ public ResourceFinderResult findChildResources(AttributeValue
+ parentResourceId) {
+ return new ResourceFinderResult();
+ }
+
+ /**
+ * Tries to find the descendant Resource Ids associated with the parent.
If
+ * this module cannot handle the given identifier, then an empty result
is
+ * returned, otherwise the result will always contain at least the
+ * parent Resource Id, either as a successfuly resolved Resource Id or an
+ * error case, but never both.
+ *
+ * @param parentResourceId the parent resource identifier
+ * @param context the representation of the request data
+ *
+ * @return the result of finding descendant resources
+ */
+ public ResourceFinderResult findDescendantResources(AttributeValue
+ parentResourceId,
+ EvaluationCtx
+ context) {
+ return new ResourceFinderResult();
+ }
+
+ /**
+ * Tries to find the descendant Resource Ids associated with the parent.
If
+ * this module cannot handle the given identifier, then an empty result
is
+ * returned, otherwise the result will always contain at least the
+ * parent Resource Id, either as a successfuly resolved Resource Id or an
+ * error case, but never both.
+ *
+ * @deprecated As of version 1.2, replaced by
+ *
{@link
#findDescendantResources(AttributeValue,EvaluationCtx)}.
+ * This version does not provide the evaluation context,
+ * and will be removed in a future release. Also, not that
+ * this will never get called when using the default PDP.
+ *
+ * @param parentResourceId the parent resource identifier
+ *
+ * @return the result of finding descendant resources
+ */
+ public ResourceFinderResult findDescendantResources(AttributeValue
+ parentResourceId) {
+ return new ResourceFinderResult();
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/finder/ResourceFinderResult.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/finder/ResourceFinderResult.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/finder/ResourceFinderResult.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,156 @@
+
+/*
+ * @(#)ResourceFinderResult.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.finder;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+
+/**
+ * This is used to return Resource Ids from the ResourceFinder. Unlike the
+ * PolicyFinder, this never returns an empty set, since it will always
+ * contain at least the original parent resource. This class will provide
+ * two sets of identifiers: those that were successfully resolved and those
+ * that had an error.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class ResourceFinderResult
+{
+
+ // the set of resource identifiers
+ private Set resources;
+
+ // the map of failed identifiers to their failure status data
+ private Map failures;
+
+ // a flag specifying whether or not result contains resource listings
+ private boolean empty;
+
+ /**
+ * Creates an empty result.
+ */
+ public ResourceFinderResult() {
+ resources = Collections.unmodifiableSet(new HashSet());
+ failures = Collections.unmodifiableMap(new HashMap());
+ empty = true;
+ }
+
+ /**
+ * Creates a result containing the given <code>Set</code> of resource
+ * identifiers. The <code>Set</code>must not be null. The new
+ * <code>ResourceFinderResult</code> represents a resource retrieval that
+ * encountered no errors.
+ *
+ * @param resources a non-null <code>Set</code> of
+ * <code>AttributeValue</code>s
+ */
+ public ResourceFinderResult(Set resources) {
+ this(resources, new HashMap());
+ }
+
+ /**
+ * Creates a result containing only Resource Ids that caused errors. The
+ * <code>Map</code> must not be null. The keys in the <code>Map</code>
+ * are <code>AttributeValue</code>s identifying the resources that could
+ * not be resolved, and they map to a <code>Status</code> object
+ * explaining the error. The new <code>ResourceFinderResult</code>
+ * represents a resource retrieval that did not succeed in finding any
+ * resource identifiers.
+ *
+ * @param failures a non-null <code>Map</code> mapping failed
+ * <code>AttributeValue</code> identifiers to their
+ * <code>Status</code>
+ */
+ public ResourceFinderResult(HashMap failures) {
+ this(new HashSet(), failures);
+ }
+
+ /**
+ * Creates a new result containing both successfully resolved Resource
Ids
+ * and resources that caused errors.
+ *
+ * @param resources a non-null <code>Set</code> of
+ * <code>AttributeValue</code>s
+ * @param failures a non-null <code>Map</code> mapping failed
+ * <code>AttributeValue</code> identifiers to their
+ * <code>Status</code>
+ */
+ public ResourceFinderResult(Set resources, Map failures) {
+ this.resources = Collections.unmodifiableSet(new HashSet(resources));
+ this.failures = Collections.unmodifiableMap(new HashMap(failures));
+ empty = false;
+ }
+
+ /**
+ * Returns whether or not this result contains any Resource Id listings.
+ * This will return false if either the set of successfully resolved
+ * resource identifiers or the map of failed resources is not empty.
+ *
+ * @return false if this result names any resources, otherwise true
+ */
+ public boolean isEmpty() {
+ return empty;
+ }
+
+ /**
+ * Returns the <code>Set</code> of successfully resolved Resource Id
+ * <code>AttributeValue</code>s, which will be empty if no resources
+ * were successfully resolved.
+ *
+ * @return a <code>Set</code> of <code>AttributeValue</code>s
+ */
+ public Set getResources() {
+ return resources;
+ }
+
+ /**
+ * Returns the <code>Map</code> of Resource Ids that caused an error on
+ * resolution, which will be empty if no resources caused any error.
+ *
+ * @return a <code>Map</code> of <code>AttributeValue</code>s to
+ * <code>Status</code>
+ */
+ public Map getFailures() {
+ return failures;
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/finder/impl/CurrentEnvModule.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/finder/impl/CurrentEnvModule.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/finder/impl/CurrentEnvModule.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,256 @@
+
+/*
+ * @(#)CurrentEnvModule.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.finder.impl;
+
+import com.sun.xacml.EvaluationCtx;
+
+import com.sun.xacml.attr.AttributeDesignator;
+import com.sun.xacml.attr.AttributeValue;
+import com.sun.xacml.attr.BagAttribute;
+import com.sun.xacml.attr.DateAttribute;
+import com.sun.xacml.attr.DateTimeAttribute;
+import com.sun.xacml.attr.TimeAttribute;
+
+import com.sun.xacml.cond.EvaluationResult;
+
+import com.sun.xacml.ctx.Status;
+
+import com.sun.xacml.finder.AttributeFinderModule;
+
+import java.net.URI;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Set;
+
+
+/**
+ * Supports the current date, time, and dateTime values. The XACML
+ * specification states that these three values must always be available to
+ * a PDP. They may be included in the request, but if they're not, a PDP
+ * must be able to recognize the attribute and generate the correct value.
+ * The module provides support for this feature by generating real-time
+ * values as known at the host where this module is running.
+ * 
+ * This class uses the caching functions of <code>EvaluationCtx</code> to
+ * make sure that values are constant within an evaluation, if that is the
+ * desired behavior.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class CurrentEnvModule extends AttributeFinderModule
+{
+
+ /**
+ * Standard environment variable that represents the current time
+ */
+ public static final String ENVIRONMENT_CURRENT_TIME =
+ "urn:oasis:names:tc:xacml:1.0:environment:current-time";
+
+ /**
+ * Standard environment variable that represents the current date
+ */
+ public static final String ENVIRONMENT_CURRENT_DATE =
+ "urn:oasis:names:tc:xacml:1.0:environment:current-date";
+
+ /**
+ * Standard environment variable that represents the current date and
time
+ */
+ public static final String ENVIRONMENT_CURRENT_DATETIME =
+ "urn:oasis:names:tc:xacml:1.0:environment:current-dateTime";
+
+ /**
+ * Returns true always because this module supports designators.
+ *
+ * @return true always
+ */
+ public boolean isDesignatorSupported() {
+ return true;
+ }
+
+ /**
+ * Returns a <code>Set</code> with a single <code>Integer</code>
+ * specifying that environment attributes are supported by this
+ * module.
+ *
+ * @return a <code>Set</code> with
+ * <code>AttributeDesignator.ENVIRONMENT_TARGET</code> included
+ */
+ public Set getSupportedDesignatorTypes() {
+ HashSet set = new HashSet();
+ set.add(new Integer(AttributeDesignator.ENVIRONMENT_TARGET));
+ return set;
+ }
+
+ /**
+ * Used to get the current time, date, or dateTime. If one of those
+ * values isn't being asked for, or if the types are wrong, then an
+ * empty bag is returned.
+ *
+ * @param attributeType the datatype of the attributes to find, which
+ * must be time, date, or dateTime for this module
+ * to resolve a value
+ * @param attributeId the identifier of the attributes to find, which
+ * must be one of the three ENVIRONMENT_* fields for
+ * this module to resolve a value
+ * @param issuer the issuer of the attributes, or null if unspecified
+ * @param subjectCategory the category of the attribute or null, which
+ * ignored since this only handles non-subjects
+ * @param context the representation of the request data
+ * @param designatorType the type of designator, which must be
+ * ENVIRONMENT_TARGET for this module to resolve
+ * a value
+ *
+ * @return the result of attribute retrieval, which will be a bag with
+ * a single attribute, an empty bag, or an error
+ */
+ public EvaluationResult findAttribute(URI attributeType, URI attributeId,
+ URI issuer, URI subjectCategory,
+ EvaluationCtx context,
+ int designatorType) {
+ // we only know about environment attributes
+ if (designatorType != AttributeDesignator.ENVIRONMENT_TARGET)
+ return new EvaluationResult(BagAttribute.
+ createEmptyBag(attributeType));
+
+ // figure out which attribute we're looking for
+ String attrName = attributeId.toString();
+
+ if (attrName.equals(ENVIRONMENT_CURRENT_TIME)) {
+ return handleTime(attributeType, issuer, context);
+ } else if (attrName.equals(ENVIRONMENT_CURRENT_DATE)) {
+ return handleDate(attributeType, issuer, context);
+ } else if (attrName.equals(ENVIRONMENT_CURRENT_DATETIME)) {
+ return handleDateTime(attributeType, issuer, context);
+ }
+
+ // if we got here, then it's an attribute that we don't know
+ return new EvaluationResult(BagAttribute.
+ createEmptyBag(attributeType));
+ }
+
+ /**
+ * Handles requests for the current Time.
+ */
+ private EvaluationResult handleTime(URI type, URI issuer,
+ EvaluationCtx context) {
+ // make sure they're asking for a time attribute
+ if (! type.toString().equals(TimeAttribute.identifier))
+ return new EvaluationResult(BagAttribute.
+ createEmptyBag(type));
+
+ // see if there's a value already cached that we should use
+ TimeAttribute attr = context.getCurrentTime();
+
+ if (attr == null) {
+ // create the current time data
+ attr = new TimeAttribute();
+ context.setCurrentTime(attr);
+ }
+
+ return makeBag(attr);
+ }
+
+ /**
+ * Handles requests for the current Date.
+ */
+ private EvaluationResult handleDate(URI type, URI issuer,
+ EvaluationCtx context) {
+ // make sure they're asking for a date attribute
+ if (! type.toString().equals(DateAttribute.identifier))
+ return new EvaluationResult(BagAttribute.
+ createEmptyBag(type));
+
+ // see if there's a value already cached that we should use
+ DateAttribute attr = context.getCurrentDate();
+
+ if (attr == null) {
+ // create the current date data
+ attr = new DateAttribute();
+ context.setCurrentDate(attr);
+ }
+
+ return makeBag(attr);
+ }
+
+ /**
+ * Handles requests for the current DateTime.
+ */
+ private EvaluationResult handleDateTime(URI type, URI issuer,
+ EvaluationCtx context) {
+ // make sure they're asking for a dateTime attribute
+ if (! type.toString().equals(DateTimeAttribute.identifier))
+ return new EvaluationResult(BagAttribute.
+ createEmptyBag(type));
+
+ // see if there's a value already cached that we should use
+ DateTimeAttribute attr = context.getCurrentDateTime();
+
+ if (attr == null) {
+ // create the current dateTime data
+ attr = new DateTimeAttribute();
+ context.setCurrentDateTime(attr);
+ }
+
+ return makeBag(attr);
+ }
+
+ /**
+ * Private helper that generates a new processing error status and
+ * includes the given string.
+ */
+ private EvaluationResult makeProcessingError(String message) {
+ ArrayList code = new ArrayList();
+ code.add(Status.STATUS_PROCESSING_ERROR);
+ return new EvaluationResult(new Status(code, message));
+ }
+
+ /**
+ * Private helper that makes a bag containing only the given attribute.
+ */
+ private EvaluationResult makeBag(AttributeValue attribute) {
+ Set set = new HashSet();
+ set.add(attribute);
+
+ BagAttribute bag = new BagAttribute(attribute.getType(), set);
+
+ return new EvaluationResult(bag);
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/finder/impl/FilePolicyModule.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/finder/impl/FilePolicyModule.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/finder/impl/FilePolicyModule.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,400 @@
+
+/*
+ * @(#)FilePolicyModule.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.finder.impl;
+
+import com.sun.xacml.AbstractPolicy;
+import com.sun.xacml.EvaluationCtx;
+import com.sun.xacml.MatchResult;
+import com.sun.xacml.Policy;
+import com.sun.xacml.PolicySet;
+
+import com.sun.xacml.ctx.Status;
+
+import com.sun.xacml.finder.PolicyFinder;
+import com.sun.xacml.finder.PolicyFinderModule;
+import com.sun.xacml.finder.PolicyFinderResult;
+
+import java.io.File;
+import java.io.FileInputStream;
+
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import org.xml.sax.ErrorHandler;
+import org.xml.sax.SAXException;
+import org.xml.sax.SAXParseException;
+
+
+/**
+ * This module represents a collection of files containing polices,
+ * each of which will be searched through when trying to find a
+ * policy that is applicable to a specific request.
+ * 
+ * Note: this module is provided only as an example and for testing
+ * purposes. It is not part of the standard, and it should not be
+ * relied upon for production systems. In the future, this will likely
+ * be moved into a package with other similar example and testing
+ * code.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class FilePolicyModule extends PolicyFinderModule
+ implements ErrorHandler
+{
+
+ /**
+ * The property which is used to specify the schema
+ * file to validate against (if any)
+ */
+ public static final String POLICY_SCHEMA_PROPERTY =
+ "com.sun.xacml.PolicySchema";
+
+
+ public static final String JAXP_SCHEMA_LANGUAGE =
+ "http://java.sun.com/xml/jaxp/properties/schemaLanguage";;
+
+ public static final String W3C_XML_SCHEMA =
+ "http://www.w3.org/2001/XMLSchema";;
+
+ public static final String JAXP_SCHEMA_SOURCE =
+ "http://java.sun.com/xml/jaxp/properties/schemaSource";;
+
+
+ // the finder that is using this module
+ private PolicyFinder finder;
+
+ //
+ private File schemaFile;
+
+ //
+ private Set fileNames;
+
+ //
+ private Set policies;
+
+ // the logger we'll use for all messages
+ private static final Logger logger =
+ Logger.getLogger(FilePolicyModule.class.getName());
+
+ /**
+ * Constructor which retrieves the schema file to validate policies
against
+ * from the POLICY_SCHEMA_PROPERTY. If the retrieved property
+ * is null, then no schema validation will occur.
+ */
+ public FilePolicyModule() {
+ fileNames = new HashSet();
+ policies = new HashSet();
+
+ String schemaName = System.getProperty(POLICY_SCHEMA_PROPERTY);
+
+ if (schemaName == null)
+ schemaFile = null;
+ else
+ schemaFile = new File(schemaName);
+ }
+
+ /**
+ * Constructor that uses the specified input as the schema file to
+ * validate policies against. If schema validation is not desired,
+ * a null value should be used.
+ *
+ * @param schemaFile the schema file to validate policies against,
+ * or null if schema validation is not desired.
+ */
+ public FilePolicyModule(File schemaFile) {
+ fileNames = new HashSet();
+ policies = new HashSet();
+
+ this.schemaFile = schemaFile;
+ }
+
+ /**
+ * Constructor that specifies a set of initial policy files to use.
+ * No schema validation is performed.
+ *
+ * @param fileNames a <code>List</code> of <code>String</code>s that
+ * identify policy files
+ */
+ public FilePolicyModule(List fileNames) {
+ this();
+
+ if (fileNames != null)
+ this.fileNames.addAll(fileNames);
+ }
+
+ /**
+ * Indicates whether this module supports finding policies based on
+ * a request (target matching). Since this module does support
+ * finding policies based on requests, it returns true.
+ *
+ * @return true, since finding policies based on requests is supported
+ */
+ public boolean isRequestSupported() {
+ return true;
+ }
+
+ /**
+ * Initializes the <code>FilePolicyModule</code> by loading
+ * the policies contained in the collection of files associated
+ * with this module. This method also uses the specified
+ * <code>PolicyFinder</code> to help in instantiating PolicySets.
+ *
+ * @param finder a PolicyFinder used to help in instantiating PolicySets
+ */
+ public void init(PolicyFinder finder) {
+ this.finder = finder;
+
+ Iterator it = fileNames.iterator();
+ while (it.hasNext()) {
+ String fname = (String)(it.next());
+ AbstractPolicy policy = loadPolicy(fname, finder,
+ schemaFile, this);
+ if (policy != null)
+ policies.add(policy);
+ }
+ }
+
+ /**
+ * Adds a file (containing a policy) to the collection of filenames
+ * associated with this module.
+ *
+ * @param filename the file to add to this module's collection of files
+ */
+ public boolean addPolicy(String filename) {
+ return fileNames.add(filename);
+ }
+
+ /**
+ * Loads a policy from the specified filename and uses the specified
+ * <code>PolicyFinder</code> to help with instantiating PolicySets.
+ *
+ * @param filename the file to load the policy from
+ * @param finder a PolicyFinder used to help in instantiating PolicySets
+ *
+ * @return a (potentially schema-validated) policy associated with the
+ * specified filename, or null if there was an error
+ */
+ public static AbstractPolicy loadPolicy(String filename,
+ PolicyFinder finder) {
+ return loadPolicy(filename, finder, null, null);
+ }
+
+ /**
+ * Loads a policy from the specified filename, using the specified
+ * <code>PolicyFinder</code> to help with instantiating PolicySets,
+ * and using the specified input as the schema file to validate
+ * policies against. If schema validation is not desired, a null
+ * value should be used for schemaFile
+ *
+ * @param filename the file to load the policy from
+ * @param finder a PolicyFinder used to help in instantiating PolicySets
+ * @param schemaFile the schema file to validate policies against, or
+ * null if schema validation is not desired
+ * @param handler an error handler used to print warnings and errors
+ * during parsing
+ *
+ * @return a (potentially schema-validated) policy associated with the
+ * specified filename, or null if there was an error
+ */
+ public static AbstractPolicy loadPolicy(String filename,
+ PolicyFinder finder,
+ File schemaFile,
+ ErrorHandler handler) {
+ try {
+ // create the factory
+ DocumentBuilderFactory factory =
+ DocumentBuilderFactory.newInstance();
+ factory.setIgnoringComments(true);
+
+ DocumentBuilder db = null;
+
+ // as of 1.2, we always are namespace aware
+ factory.setNamespaceAware(true);
+
+ // set the factory to work the way the system requires
+ if (schemaFile == null) {
+ // we're not doing any validation
+ factory.setValidating(false);
+
+ db = factory.newDocumentBuilder();
+ } else {
+ // we're using a validating parser
+ factory.setValidating(true);
+
+ factory.setAttribute(JAXP_SCHEMA_LANGUAGE, W3C_XML_SCHEMA);
+ factory.setAttribute(JAXP_SCHEMA_SOURCE, schemaFile);
+
+ db = factory.newDocumentBuilder();
+ db.setErrorHandler(handler);
+ }
+
+ // try to load the policy file
+ Document doc = db.parse(new FileInputStream(filename));
+
+ // handle the policy, if it's a known type
+ Element root = doc.getDocumentElement();
+ String name = root.getTagName();
+
+ if (name.equals("Policy")) {
+ return Policy.getInstance(root);
+ } else if (name.equals("PolicySet")) {
+ return PolicySet.getInstance(root, finder);
+ } else {
+ // this isn't a root type that we know how to handle
+ throw new Exception("Unknown root document type: " + name);
+ }
+
+ } catch (Exception e) {
+ if (logger.isLoggable(Level.WARNING))
+ logger.log(Level.WARNING, "Error reading policy from file " +
+ filename, e);
+ }
+
+ // a default fall-through in the case of an error
+ return null;
+ }
+
+ /**
+ * Finds a policy based on a request's context. This may involve using
+ * the request data as indexing data to lookup a policy. This will always
+ * do a Target match to make sure that the given policy applies. If more
+ * than one applicable policy is found, this will return an error.
+ * NOTE: this is basically just a subset of the OnlyOneApplicable Policy
+ * Combining Alg that skips the evaluation step. See comments in there
+ * for details on this algorithm.
+ *
+ * @param context the representation of the request data
+ *
+ * @return the result of trying to find an applicable policy
+ */
+ public PolicyFinderResult findPolicy(EvaluationCtx context) {
+ AbstractPolicy selectedPolicy = null;
+ Iterator it = policies.iterator();
+
+ while (it.hasNext()) {
+ AbstractPolicy policy = (AbstractPolicy)(it.next());
+
+ // see if we match
+ MatchResult match = policy.match(context);
+ int result = match.getResult();
+
+ // if there was an error, we stop right away
+ if (result == MatchResult.INDETERMINATE)
+ return new PolicyFinderResult(match.getStatus());
+
+ if (result == MatchResult.MATCH) {
+ // if we matched before, this is an error...
+ if (selectedPolicy != null) {
+ ArrayList code = new ArrayList();
+ code.add(Status.STATUS_PROCESSING_ERROR);
+ Status status = new Status(code, "too many applicable
top-"
+ + "level policies");
+ return new PolicyFinderResult(status);
+ }
+
+ // ...otherwise remember this policy
+ selectedPolicy = policy;
+ }
+ }
+
+ // if we found a policy, return it, otherwise we're N/A
+ if (selectedPolicy != null)
+ return new PolicyFinderResult(selectedPolicy);
+ else
+ return new PolicyFinderResult();
+ }
+
+ /**
+ * Standard handler routine for the XML parsing.
+ *
+ * @param exception information on what caused the problem
+ */
+ public void warning(SAXParseException exception) throws SAXException {
+ if (logger.isLoggable(Level.WARNING))
+ logger.warning("Warning on line " + exception.getLineNumber() +
+ ": " + exception.getMessage());
+ }
+
+ /**
+ * Standard handler routine for the XML parsing.
+ *
+ * @param exception information on what caused the problem
+ *
+ * @throws SAXException always to halt parsing on errors
+ */
+ public void error(SAXParseException exception) throws SAXException {
+ if (logger.isLoggable(Level.WARNING))
+ logger.warning("Error on line " + exception.getLineNumber() +
+ ": " + exception.getMessage() + " ... " +
+ "Policy will not be available");
+
+ throw new SAXException("error parsing policy");
+ }
+
+ /**
+ * Standard handler routine for the XML parsing.
+ *
+ * @param exception information on what caused the problem
+ *
+ * @throws SAXException always to halt parsing on errors
+ */
+ public void fatalError(SAXParseException exception) throws SAXException {
+ if (logger.isLoggable(Level.WARNING))
+ logger.warning("Fatal error on line " +
exception.getLineNumber() +
+ ": " + exception.getMessage() + " ... " +
+ "Policy will not be available");
+
+ throw new SAXException("fatal error parsing policy");
+ }
+
+}

Added:
branches/authRengine/sunxacml/com/sun/xacml/finder/impl/SelectorModule.java
===================================================================
---
branches/authRengine/sunxacml/com/sun/xacml/finder/impl/SelectorModule.java
(rev 0)
+++
branches/authRengine/sunxacml/com/sun/xacml/finder/impl/SelectorModule.java
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,238 @@
+
+/*
+ * @(#)SelectorModule.java
+ *
+ * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
met:
+ *
+ * 1. Redistribution of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistribution in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors
may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE
THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear
facility.
+ */
+
+package com.sun.xacml.finder.impl;
+
+import com.sun.xacml.AbstractPolicy;
+import com.sun.xacml.EvaluationCtx;
+import com.sun.xacml.ParsingException;
+import com.sun.xacml.UnknownIdentifierException;
+
+import com.sun.xacml.attr.AttributeFactory;
+import com.sun.xacml.attr.BagAttribute;
+
+import com.sun.xacml.cond.EvaluationResult;
+
+import com.sun.xacml.ctx.Status;
+
+import com.sun.xacml.finder.AttributeFinderModule;
+
+import java.net.URI;
+
+import java.util.ArrayList;
+
+import org.apache.xpath.XPathAPI;
+
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+
+/**
+ * This module implements the basic behavior of the AttributeSelectorType,
+ * looking for attribute values in the physical request document using the
+ * given XPath expression. This is implemented as a separate module (instead
+ * of being implemented directly in <code>AttributeSelector</code> so that
+ * programmers can remove this functionality if they want (it's optional in
+ * the spec), so they can replace this code with more efficient, specific
+ * code as needed, and so they can easily swap in different XPath libraries.
+ * 
+ * Note that if no matches are found, this module will return an empty bag
+ * (unless some error occurred). The <code>AttributeSelector</code> is still
+ * deciding what to return to the policy based on the MustBePresent
+ * attribute.
+ * 
+ * This module uses the Xalan XPath implementation, and supports only version
+ * 1.0 of XPath. It is a fully functional, correct implementation of XACML's
+ * AttributeSelector functionality, but is not designed for environments
+ * that make significant use of XPath queries. Developers for any such
+ * environment should consider implementing their own module.
+ *
+ * @since 1.0
+ * @author Seth Proctor
+ */
+public class SelectorModule extends AttributeFinderModule
+{
+
+ /**
+ * Returns true since this module supports retrieving attributes based on
+ * the data provided in an AttributeSelectorType.
+ *
+ * @return true
+ */
+ public boolean isSelectorSupported() {
+ return true;
+ }
+
+ /**
+ * Private helper to create a new processing error status result
+ */
+ private EvaluationResult createProcessingError(String msg) {
+ ArrayList code = new ArrayList();
+ code.add(Status.STATUS_PROCESSING_ERROR);
+ return new EvaluationResult(new Status(code, msg));
+ }
+
+ /**
+ * Tries to find attribute values based on the given selector data.
+ * The result, if successful, always contains a
<code>BagAttribute</code>,
+ * even if only one value was found. If no values were found, but no
other
+ * error occurred, an empty bag is returned.
+ *
+ * @param path the XPath expression to search against
+ * @param namespaceNode the DOM node defining namespace mappings to use,
+ * or null if mappings come from the context root
+ * @param type the datatype of the attributes to find
+ * @param context the representation of the request data
+ * @param xpathVersion the XPath version to use
+ *
+ * @return the result of attribute retrieval, which will be a bag of
+ * attributes or an error
+ */
+ public EvaluationResult findAttribute(String path, Node namespaceNode,
+ URI type, EvaluationCtx context,
+ String xpathVersion) {
+ // we only support 1.0
+ if (! xpathVersion.equals(AbstractPolicy.XPATH_1_0_VERSION))
+ return new EvaluationResult(BagAttribute.createEmptyBag(type));
+
+ // get the DOM root of the request document
+ Node root = context.getRequestRoot();
+
+ // if we were provided with a non-null namespace node, then use it
+ // to resolve namespaces, otherwise use the context root node
+ Node nsNode = (namespaceNode != null) ? namespaceNode : root;
+
+ // setup the root path (pre-pended to the context path), which...
+ String rootPath = "";
+
+ // ...only has content if the context path is relative
+ if (path.charAt(0) != '/') {
+ String rootName = root.getLocalName();
+
+ // see if the request root is in a namespace
+ String namespace = root.getNamespaceURI();
+
+ if (namespace == null) {
+ // no namespacing, so we're done
+ rootPath = "/" + rootName + "/";
+ } else {
+ // namespaces are used, so we need to lookup the correct
+ // prefix to use in the search string
+ NamedNodeMap nmap = namespaceNode.getAttributes();
+ rootPath = null;
+
+ for (int i = 0; i < nmap.getLength(); i++) {
+ Node n = nmap.item(i);
+ if (n.getNodeValue().equals(namespace)) {
+ // we found the matching namespace, so get the prefix
+ // and then break out
+ String name = n.getNodeName();
+ int pos = name.indexOf(':');
+
+ if (pos == -1) {
+ // the namespace was the default namespace
+ rootPath = "/";
+ } else {
+ // we found a prefixed namespace
+ rootPath = "/" + name.substring(pos + 1);
+ }
+
+ // finish off the string
+ rootPath += ":" + rootName + "/";
+
+ break;
+ }
+ }
+
+ // if the rootPath is still null, then we don't have any
+ // definitions for the namespace
+ if (rootPath == null)
+ return createProcessingError("Failed to map a namespace"
+
+ " in an XPath expression");
+ }
+ }
+
+ // now do the query, pre-pending the root path to the context path
+ NodeList matches = null;
+ try {
+ // NOTE: see comments in XALAN docs about why this is slow
+ matches = XPathAPI.selectNodeList(root, rootPath + path, nsNode);
+ } catch (Exception e) {
+ // in the case of any exception, we need to return an error
+ return createProcessingError("error in XPath: " +
e.getMessage());
+ }
+
+ if (matches.getLength() == 0) {
+ // we didn't find anything, so we return an empty bag
+ return new EvaluationResult(BagAttribute.createEmptyBag(type));
+ }
+
+ // there was at least one match, so try to generate the values
+ try {
+ ArrayList list = new ArrayList();
+ AttributeFactory attrFactory = AttributeFactory.getInstance();
+
+ for (int i = 0; i < matches.getLength(); i++) {
+ String text = null;
+ Node node = matches.item(i);
+ short nodeType = node.getNodeType();
+
+ // see if this is straight text, or a node with data under
+ // it and then get the values accordingly
+ if ((nodeType == Node.CDATA_SECTION_NODE) ||
+ (nodeType == Node.COMMENT_NODE) ||
+ (nodeType == Node.TEXT_NODE) ||
+ (nodeType == Node.ATTRIBUTE_NODE)) {
+ // there is no child to this node
+ text = node.getNodeValue();
+ } else {
+ // the data is in a child node
+ text = node.getFirstChild().getNodeValue();
+ }
+
+ list.add(attrFactory.createValue(type, text));
+ }
+
+ return new EvaluationResult(new BagAttribute(type, list));
+ } catch (ParsingException pe) {
+ return createProcessingError(pe.getMessage());
+ } catch (UnknownIdentifierException uie) {
+ return createProcessingError("unknown attribute type: " + type);
+ }
+ }
+
+}

Added: branches/authRengine/sunxacml/com/sun/xacml/finder/impl/package.html
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/finder/impl/package.html
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/finder/impl/package.html
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,8 @@
+<body>
+ The few included finder modules are provided in this package. These
+ provide some basic functionality to get an application started, but
+ should by no means be considered enterprise quality. They provide a
+ file-based access to a specific set of policies, a way of getting
+ current time/date/dateTime values, and simple XPath support for
+ selectors.
+</body>

Added: branches/authRengine/sunxacml/com/sun/xacml/finder/package.html
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/finder/package.html
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/finder/package.html
2010-06-18 08:40:01 UTC (rev 5711)
@@ -0,0 +1,11 @@
+<body>
+ The <code>finder</code> package supports all of the pieces of the
+ XACML specification that require custom implementation. Specifically,
+ there are classes here to manage looking for attributes outside of the
+ physical request document, finding policies, and resolving resource
+ identifiers. There are also base classes used to build new modules
+ that can perform different application specific tasks to support these
+ three kinds of operations. These managers are used directly by the
+ PDP, and the managers in turn use the modules, and return values using
+ the return-value classes in this package.
+</body>

Added: branches/authRengine/sunxacml/com/sun/xacml/package.html
===================================================================
--- branches/authRengine/sunxacml/com/sun/xacml/package.html
(rev 0)
+++ branches/authRengine/sunxacml/com/sun/xacml/package.html 2010-06-18
08:40:01 UTC (rev 5711)
@@ -0,0 +1,9 @@
+<body>
+ This is the root package, which contains the PDP class where most
+ people will want to start. This package also contains most of the
+ classes that represent the XML elements from the XACML policy schema,
+ like Target, Policy, Rule, and Obligation. Most of the classes here
+ are used when parsing or processing a policy, but a few (like
+ <code>EvaluationCtx</code>) are used throughout the code and by many
+ of the extension APIs. There are also some common Exceptions here.
+</body>

[GEANT/SA2/ps-java-services] r5711 - in branches/authRengine: . examples examples/pdp examples/pep examples/pep/sunxacml examples/perfsonar examples/pip lib src src/net src/net/geant src/net/geant/authr src/net/geant/authr/pap src/net/geant/authr/pap/sunxacml src/net/geant/authr/pdp src/net/geant/authr/pdp/sunxacml src/net/geant/authr/pep src/net/geant/authr/pep/exceptions src/net/geant/authr/pep/sunxacml src/net/geant/authr/pip stuff sunxacml sunxacml/com sunxacml/com/sun sunxacml/com/sun/xacml sunxacml/com/sun/xacml/attr sunxacml/com/sun/xacml/attr/proxy sunxacml/com/sun/xacml/combine sunxacml/com/sun/xacml/cond sunxacml/com/sun/xacml/cond/cluster sunxacml/com/sun/xacml/ctx sunxacml/com/sun/xacml/finder sunxacml/com/sun/xacml/finder/impl, svn-noreply, 06/18/2010

List archive