Java tutorial
/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. * */ package org.apache.openaz.xacml.pdp.policy.dom; import java.util.Iterator; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.openaz.xacml.api.XACML3; import org.apache.openaz.xacml.pdp.policy.Condition; import org.apache.openaz.xacml.pdp.policy.Policy; import org.apache.openaz.xacml.pdp.policy.Rule; import org.apache.openaz.xacml.pdp.policy.RuleEffect; import org.apache.openaz.xacml.std.IdentifierImpl; import org.apache.openaz.xacml.std.StdStatusCode; import org.apache.openaz.xacml.std.dom.DOMProperties; import org.apache.openaz.xacml.std.dom.DOMStructureException; import org.apache.openaz.xacml.std.dom.DOMUtil; import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; /** * DOMRule extends {@link org.apache.openaz.xacml.pdp.policy.Rule} with methods for creation from DOM * {@link org.w3c.dom.Node}s. */ public class DOMRule extends Rule { private static final Log logger = LogFactory.getLog(DOMRule.class); protected DOMRule() { } /** * Creates a new <code>Rule</code> by parsing the given <code>Node</code> representing a XACML Rule * element. * * @param nodeRule the <code>Node</code> representing the XACML Rule element * @param policy the {@link org.apache.openaz.xacml.pdp.policy.Policy} encompassing the Rule element * @return a new <code>Rule</code> parsed from the given <code>Node</code> * @throws DOMStructureException if there is an error parsing the <code>Node</code> */ public static Rule newInstance(Node nodeRule, Policy policy) throws DOMStructureException { Element elementRule = DOMUtil.getElement(nodeRule); boolean bLenient = DOMProperties.isLenient(); DOMRule domRule = new DOMRule(); domRule.setPolicy(policy); Iterator<?> iterator; try { NodeList children = elementRule.getChildNodes(); int numChildren; if (children != null && (numChildren = children.getLength()) > 0) { for (int i = 0; i < numChildren; i++) { Node child = children.item(i); if (DOMUtil.isElement(child)) { if (DOMUtil.isInNamespace(child, XACML3.XMLNS)) { String childName = child.getLocalName(); if (XACML3.ELEMENT_DESCRIPTION.equals(childName)) { if (domRule.getDescription() != null && !bLenient) { throw DOMUtil.newUnexpectedElementException(child, nodeRule); } domRule.setDescription(child.getTextContent()); } else if (XACML3.ELEMENT_TARGET.equals(childName)) { if (domRule.getTarget() != null && !bLenient) { throw DOMUtil.newUnexpectedElementException(child, nodeRule); } domRule.setTarget(DOMTarget.newInstance(child)); } else if (XACML3.ELEMENT_CONDITION.equals(childName)) { if (domRule.getCondition() != null && !bLenient) { throw DOMUtil.newUnexpectedElementException(child, nodeRule); } Node nodeExpression = DOMUtil.getFirstChildElement(child); if (nodeExpression == null && !bLenient) { throw DOMUtil.newMissingElementException(child, XACML3.XMLNS, XACML3.ELEMENT_EXPRESSION); } domRule.setCondition( new Condition(DOMExpression.newInstance(nodeExpression, policy))); } else if (XACML3.ELEMENT_OBLIGATIONEXPRESSIONS.equals(childName)) { if ((iterator = domRule.getObligationExpressions()) != null && iterator.hasNext() && !bLenient) { throw DOMUtil.newUnexpectedElementException(child, nodeRule); } domRule.setObligationExpressions(DOMObligationExpression.newList(child, policy)); } else if (XACML3.ELEMENT_ADVICEEXPRESSIONS.equals(childName)) { if ((iterator = domRule.getAdviceExpressions()) != null && iterator.hasNext() && !bLenient) { throw DOMUtil.newUnexpectedElementException(child, nodeRule); } domRule.setAdviceExpressions(DOMAdviceExpression.newList(child, policy)); } else if (!bLenient) { throw DOMUtil.newUnexpectedElementException(child, nodeRule); } } else if (!bLenient) { throw DOMUtil.newUnexpectedElementException(child, nodeRule); } } } } domRule.setRuleId(DOMUtil.getStringAttribute(elementRule, XACML3.ATTRIBUTE_RULEID, !bLenient)); String string = DOMUtil.getStringAttribute(elementRule, XACML3.ATTRIBUTE_EFFECT, !bLenient); RuleEffect ruleEffect = RuleEffect.getRuleEffect(string); if (ruleEffect == null && !bLenient) { throw new DOMStructureException(elementRule, "Unknown RuleEffect \"" + string + "\" in \"" + DOMUtil.getNodeLabel(nodeRule) + "\""); } domRule.setRuleEffect(ruleEffect); } catch (DOMStructureException ex) { domRule.setStatus(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, ex.getMessage()); if (DOMProperties.throwsExceptions()) { throw ex; } } return domRule; } public static boolean repair(Node nodeRule) throws DOMStructureException { Element elementRule = DOMUtil.getElement(nodeRule); boolean result = false; NodeList children = elementRule.getChildNodes(); int numChildren; boolean sawDescription = false; boolean sawTarget = false; boolean sawCondition = false; boolean sawObligationExpressions = false; boolean sawAdviceExpressions = false; if (children != null && (numChildren = children.getLength()) > 0) { for (int i = 0; i < numChildren; i++) { Node child = children.item(i); if (DOMUtil.isElement(child)) { if (DOMUtil.isInNamespace(child, XACML3.XMLNS)) { String childName = child.getLocalName(); if (XACML3.ELEMENT_DESCRIPTION.equals(childName)) { if (sawDescription) { logger.warn("Unexpected element " + child.getNodeName()); elementRule.removeChild(child); result = true; } else { sawDescription = true; } } else if (XACML3.ELEMENT_TARGET.equals(childName)) { if (sawTarget) { logger.warn("Unexpected element " + child.getNodeName()); elementRule.removeChild(child); result = true; } else { sawTarget = true; result = DOMTarget.repair(child) || result; } } else if (XACML3.ELEMENT_CONDITION.equals(childName)) { if (sawCondition) { logger.warn("Unexpected element " + child.getNodeName()); elementRule.removeChild(child); result = true; } else { sawCondition = true; Node nodeExpression = DOMUtil.getFirstChildElement(child); if (nodeExpression == null) { throw DOMUtil.newMissingElementException(child, XACML3.XMLNS, XACML3.ELEMENT_EXPRESSION); } result = DOMExpression.repair(nodeExpression) || result; } } else if (XACML3.ELEMENT_OBLIGATIONEXPRESSIONS.equals(childName)) { if (sawObligationExpressions) { logger.warn("Unexpected element " + child.getNodeName()); elementRule.removeChild(child); result = true; } else { sawObligationExpressions = true; result = DOMObligationExpression.repairList(child) || result; } } else if (XACML3.ELEMENT_ADVICEEXPRESSIONS.equals(childName)) { if (sawAdviceExpressions) { logger.warn("Unexpected element " + child.getNodeName()); elementRule.removeChild(child); result = true; } else { sawAdviceExpressions = true; result = DOMAdviceExpression.repairList(child) || result; } } else { logger.warn("Unexpected element " + child.getNodeName()); elementRule.removeChild(child); result = true; } } else { logger.warn("Unexpected element " + child.getNodeName()); elementRule.removeChild(child); result = true; } } } } result = DOMUtil.repairStringAttribute(elementRule, XACML3.ATTRIBUTE_RULEID, IdentifierImpl.gensym().stringValue(), logger) || result; result = DOMUtil.repairStringAttribute(elementRule, XACML3.ATTRIBUTE_EFFECT, RuleEffect.DENY.getName(), logger) || result; String string = DOMUtil.getStringAttribute(elementRule, XACML3.ATTRIBUTE_EFFECT); RuleEffect ruleEffect = RuleEffect.getRuleEffect(string); if (ruleEffect == null) { logger.warn("Setting invalid " + XACML3.ATTRIBUTE_EFFECT + " attribute " + string + " to " + RuleEffect.DENY.getName()); elementRule.setAttribute(XACML3.ATTRIBUTE_EFFECT, RuleEffect.DENY.getName()); result = true; } return result; } }