/** * Applies the combining rule to the set of rules based on the * evaluation context. * * @param context the context from the request * @param parameters a (possibly empty) non-null <code>List</code> of * <code>CombinerParameter<code>s * @param ruleElements the rules to combine * * @return the result of running the combining algorithm */ public Result combine(EvaluationCtx context, List parameters, List ruleElements) { Iterator it = ruleElements.iterator(); while (it.hasNext()) { Rule rule = ((RuleCombinerElement)(it.next())).getRule(); Result result = rule.evaluate(context); int value = result.getDecision(); // in the case of PERMIT, DENY, or INDETERMINATE, we always // just return that result, so only on a rule that doesn't // apply do we keep going... if (value != Result.DECISION_NOT_APPLICABLE) return result; } // if we got here, then none of the rules applied return new Result(Result.DECISION_NOT_APPLICABLE, context.getResourceId().encode()); }
int designatorType) { String resourceId = context.getResourceId().encode(); if (resourceId == null || resourceId.isEmpty()) { String pid = PolicyFinderModule.getPid(context);
int designatorType) { String resourceId = context.getResourceId().encode(); if (resourceId == null || resourceId.isEmpty()) { String pid = PolicyFinderModule.getPid(context);
return new Result(Result.DECISION_INDETERMINATE, match.getStatus(), context.getResourceId().encode()); return new Result(Result.DECISION_INDETERMINATE, new Status(code, message), context.getResourceId().encode()); context.getResourceId().encode());
context.getResourceId().encode()); (effect == Result.DECISION_INDETERMINATE)) return new Result(Result.DECISION_DENY, context.getResourceId().encode(), result.getObligations()); context.getResourceId().encode(), permitObligations); else return new Result(Result.DECISION_NOT_APPLICABLE, context.getResourceId().encode());
int designatorType) { String resourceId = context.getResourceId().encode(); if (logger.isDebugEnabled()) { logger.debug("RIAttributeFinder: [" + attributeType.toString() + "] "
context.getResourceId().encode()); context.getResourceId().encode());
return new Result(Result.DECISION_DENY, context.getResourceId() .encode(), denyObligations); return new Result(Result.DECISION_PERMIT, context.getResourceId() .encode()); return new Result(Result.DECISION_INDETERMINATE, firstIndeterminateStatus, context.getResourceId().encode()); .getResourceId().encode());
context.getResourceId().encode()); context.getResourceId().encode());
return new Result(Result.DECISION_INDETERMINATE, match.getStatus(), context.getResourceId().encode()); context.getResourceId().encode());
/** * Tries to evaluate the policy by calling the combining algorithm on * the given policies or rules. The <code>match</code> method must always * be called first, and must always return MATCH, before this method * is called. * * @param context the representation of the request * * @return the result of evaluation */ public Result evaluate(EvaluationCtx context) { // if there is no finder, then we return NotApplicable if (finder == null) return new Result(Result.DECISION_NOT_APPLICABLE, context.getResourceId().encode()); PolicyFinderResult pfr = finder.findPolicy(reference, policyType, constraints, parentMetaData); // if we found nothing, then we return NotApplicable if (pfr.notApplicable()) return new Result(Result.DECISION_NOT_APPLICABLE, context.getResourceId().encode()); // if there was an error, we return that status data if (pfr.indeterminate()) return new Result(Result.DECISION_INDETERMINATE, pfr.getStatus(), context.getResourceId().encode()); // we must have found a policy return pfr.getPolicy().evaluate(context); }
return new Result(Result.DECISION_DENY, context.getResourceId() .encode(), denyObligations); return new Result(Result.DECISION_INDETERMINATE, firstIndeterminateStatus, context.getResourceId().encode()); .getResourceId().encode());
context.getResourceId().encode(), denyObligations); return new Result(Result.DECISION_INDETERMINATE, firstIndeterminateStatus, context.getResourceId().encode()); context.getResourceId().encode());
/** * A private helper routine that resolves a policy for the given * context, and then tries to evaluate based on the policy */ private Result evaluateContext(EvaluationCtx context) { // first off, try to find a policy PolicyFinderResult finderResult = policyFinder.findPolicy(context); // see if there weren't any applicable policies if (finderResult.notApplicable()) return new Result(Result.DECISION_NOT_APPLICABLE, context.getResourceId().encode()); // see if there were any errors in trying to get a policy if (finderResult.indeterminate()) return new Result(Result.DECISION_INDETERMINATE, finderResult.getStatus(), context.getResourceId().encode()); // we found a valid policy, so we can do the evaluation return finderResult.getPolicy().evaluate(context); }
context.getResourceId().encode()); return new Result(Result.DECISION_INDETERMINATE, match.getStatus(), context.getResourceId().encode()); return new Result(effectAttr, context.getResourceId().encode()); context.getResourceId().encode()); } else { context.getResourceId().encode()); else return new Result(Result.DECISION_NOT_APPLICABLE, context.getResourceId().encode());
AttributeValue parent = context.getResourceId(); ResourceFinderResult resourceResult = null; ResponseCtx(new Result(Result.DECISION_INDETERMINATE, new Status(code, msg), context.getResourceId().encode()));