/** * Encodes this <code>Target</code> into its XML representation and writes * this encoding to the given <code>OutputStream</code> with no * indentation. * * @param output a stream into which the XML-encoded data is written */ public void encode(OutputStream output) { encode(output, new Indenter(0)); }
/** * Creates a <code>Target</code> by parsing a node. * * @deprecated As of 2.0 you should avoid using this method and should * instead use the version that takes a * <code>PolicyMetaData</code> instance. This method will * only work for XACML 1.x policies. * * @param root the node to parse for the <code>Target</code> * @param xpathVersion the XPath version to use in any selectors, or * null if this is unspecified (ie, not supplied in * the defaults section of the policy) * * @return a new <code>Target</code> constructed by parsing * * @throws ParsingException if the DOM node is invalid */ public static Target getInstance(Node root, String xpathVersion) throws ParsingException { return getInstance(root, new PolicyMetaData( PolicyMetaData.XACML_1_0_IDENTIFIER, xpathVersion)); }
/** * Given the input context sees whether or not the request matches this * policy. This must be called by combining algorithms before they * evaluate a policy. This is also used in the initial policy finding * operation to determine which top-level policies might apply to the * request. * * @param context the representation of the request * * @return the result of trying to match the policy and the request */ public MatchResult match(EvaluationCtx context) { //https://issues.jboss.org/browse/SECURITY-574 if( target == null) throw new RuntimeException("No Target found in policy with id="+idAttr); return target.match(context); }
policy.getTarget().getResourcesSection().getMatchGroups(); for (TargetMatchGroup t : tmg) { if (t.match(context).getResult() > 0) {
if (matchesAny()) return new MatchResult(MatchResult.MATCH);
m_policyFinder = policyFinder; m_target = new Target(new TargetSection(null, TargetMatch.SUBJECT, PolicyMetaData.XACML_VERSION_2_0),
policy.getTarget().getResourcesSection().getMatchGroups(); for (TargetMatchGroup t : tmg) { if (t.match(context).getResult() > 0) {
target.encode(output, indenter);
/** * Given the input context sees whether or not the request matches this * <code>Rule</code>'s <code>Target</code>. Note that unlike the matching * done by the <code>evaluate</code> method, if the <code>Target</code> * is missing than this will return Indeterminate. This lets you write * your own custom matching routines for rules but lets evaluation * proceed normally. * * @param context the representation of the request * * @return the result of trying to match this rule and the request */ public MatchResult match(EvaluationCtx context) { if (target == null) { ArrayList code = new ArrayList(); code.add(Status.STATUS_PROCESSING_ERROR); Status status = new Status(code, "no target available for " + "matching a rule"); return new MatchResult(MatchResult.INDETERMINATE, status); } return target.match(context); }
description = (child.getFirstChild() != null ? child.getFirstChild().getNodeValue() : "");; } else if (cname.equals("Target")) { target = Target.getInstance(child, metaData); } else if (cname.equals("Condition")) { condition = Condition.getInstance(child, metaData, manager);
"</XPathVersion></PolicyDefaults>"); getTarget().encode(output, indenter);
/** * Given the input context sees whether or not the request matches this * policy. This must be called by combining algorithms before they * evaluate a policy. This is also used in the initial policy finding * operation to determine which top-level policies might apply to the * request. If the policy is invalid or can't be retrieved, then a * runtime exception is thrown. * * @param context the representation of the request * * @return the result of trying to match the policy and the request */ public MatchResult match(EvaluationCtx context) { try { return getTarget().match(context); } catch (ProcessingException pe) { // this means that we couldn't resolve the policy ArrayList code = new ArrayList(); code.add(Status.STATUS_PROCESSING_ERROR); Status status = new Status(code, "couldn't resolve policy ref"); return new MatchResult(MatchResult.INDETERMINATE, status); } }
description = (child.getFirstChild() != null ? child.getFirstChild().getNodeValue() : ""); } else if (cname.equals("Target")) { target = Target.getInstance(child, metaData); } else if (cname.equals("Obligations")) { parseObligations(child);
"</XPathVersion></PolicySetDefaults>"); getTarget().encode(output, indenter); encodeCommonElements(output, indenter);
MatchResult match = target.match(context); int result = match.getResult();