Java PDP类代码示例

import org.herasaf.xacml.core.api.PDP; //导入依赖的package包/类
void deployPolicies(PDP pdp, List<Evaluatable> policies,
                    XacmlRequestDto xacmlRequest, boolean isAudited) {
    try {
        final PolicyRetrievalPoint repo = pdp.getPolicyRepository();
        final UnorderedPolicyRepository repository = (UnorderedPolicyRepository) repo;
        repository.deploy(policies);
        if (isAudited) {
            for (final Evaluatable policy : policies) {
                auditPolicy(policy, xacmlRequest);
            }
        }
    } catch (AuditException | WritingException | IOException
            | DocumentAccessorException | DocumentXmlConverterException e) {
        log.error(e.getMessage(), e);
        undeployAllPolicies(pdp);
        throw new C2SAuditException(e.getMessage(), e);
    }
}
 

import org.herasaf.xacml.core.api.PDP; //导入依赖的package包/类
private synchronized XacmlResponseDto managePoliciesAndEvaluateRequest(
        RequestType request, XacmlRequestDto xacmlRequest)
        throws C2SAuditException, NoPolicyFoundException,
        PolicyProviderException {
    PDP pdp = getSimplePDP();
    deployPolicies(pdp, xacmlRequest);
    return managePoliciesAndEvaluateRequest(pdp, request);
}
 

import org.herasaf.xacml.core.api.PDP; //导入依赖的package包/类
private XacmlResponseDto evaluateRequest(PDP simplePDP, RequestType request) {
    //final XacmlResponseDto xacmlResponse = new XacmlResponseDto();
    List<String> pdpObligations = new ArrayList<>();
    final XacmlResponseDto xacmlResponse = XacmlResponseDto.builder().pdpDecision("DENY").pdpObligations
            (pdpObligations).build();

    final ResponseType response = simplePDP.evaluate(request);
    for (final ResultType r : response.getResults()) {
        log.debug("PDP Decision: " + r.getDecision().toString());
        xacmlResponse.setPdpDecision(r.getDecision().toString());

        if (r.getObligations() != null) {
            final List<String> obligations = new LinkedList<>();
            for (final ObligationType o : r.getObligations()
                    .getObligations()) {
                for (final AttributeAssignmentType a : o
                        .getAttributeAssignments()) {
                    for (final Object c : a.getContent()) {
                        log.debug("With Obligation: " + c);
                        obligations.add(c.toString());
                    }
                }
            }
            xacmlResponse.setPdpObligations(obligations);
        }
    }

    log.debug("xacmlResponse.pdpDecision: "
            + xacmlResponse.getPdpDecision());
    log.debug("xacmlResponse is ready!");
    return xacmlResponse;
}
 

import org.herasaf.xacml.core.api.PDP; //导入依赖的package包/类
private void undeployAllPolicies(PDP pdp) {
    final PolicyRepository repo = (PolicyRepository) pdp
            .getPolicyRepository();
    final List<Evaluatable> policies = new LinkedList<>(
            repo.getDeployment());
    for (final Evaluatable policy : policies) {
        repo.undeploy(policy.getId());
    }
}
 

import org.herasaf.xacml.core.api.PDP; //导入依赖的package包/类
@Override
public XacmlResponse evaluateRequest(PDP pdp, RequestType request,
		String patientUniqueId) {
	LOGGER.info("evaluateRequest invoked");
	List<Evaluatable> deployedPolicies = deployPolicies(pdp,
			patientUniqueId);
	return managePoliciesAndEvaluateRequest(pdp, request, deployedPolicies);
}
 

import org.herasaf.xacml.core.api.PDP; //导入依赖的package包/类
/**
 * Access control:
 * Check the target elements of the policySetOrPolicy with HERAS against the request.	 * 
 *  
 * @param policySetOrPolicy - a list of PolicyType or PolicySetType objects from PPL
 * @param request - the XACML request
 * @return the decision (PERMIT, DENY, INDETERMINATE, NOT_APPLICABLE)
 * @throws WritingException
 * @throws SyntaxException
 * @throws com.sap.research.primelife.exceptions.SyntaxException
 * @throws JAXBException
 */
public DecisionType checkAccess(List<Object> policySetOrPolicy, RequestType request) 
	throws WritingException, SyntaxException, com.sap.research.primelife.exceptions.SyntaxException, JAXBException{
	
	// we evaluate request against policy repository associated with the PII
	SimplePDPFactory.useDefaultInitializers();
	PDP simplePDP = SimplePDPFactory.getSimplePDP();
	PolicyRepository repo = simplePDP.getPolicyRepository();
	// initialize policy repository
	for (Object obj : policySetOrPolicy) {
		Evaluatable evaluatable = null;
		
		if (obj instanceof PolicySetType) {
			evaluatable = ConverterFunctions.convertToHerasPolicySet(
					(PolicySetType) obj);
		}
		else if (obj instanceof PolicyType) {
			evaluatable = ConverterFunctions.convertToHerasPolicy(
					(PolicyType) obj);
		}
		else if (obj instanceof eu.primelife.ppl.policy.xacml.impl.PolicyType) {
			evaluatable = ConverterFunctions.convertToHerasPolicy((eu.primelife.ppl.policy.xacml.impl.PolicyType) obj);
		}
		repo.deploy(evaluatable);
	}
	ResponseCtx responseCtx = simplePDP.evaluate(new RequestCtx(request));
	DecisionType decision =	responseCtx.getResponse().getResults().get(0).getDecision();
	return decision;
}
 

import org.herasaf.xacml.core.api.PDP; //导入依赖的package包/类
/**
 * Enforces policy given in <code>preferencePath</code> against request
 * stored in <code>request</code>.
 *
 * @param preferencePath	preference policy path (in resources)
 * @param domain			data controller id
 * @param resource			resource attribute type
 * @return	policy enforcement result
 * @throws SyntaxException
 * @throws WritingException
 * @throws org.herasaf.xacml.core.SyntaxException
 * @throws JAXBException
 */
private DecisionType enforce(String preferencePath, String domain,
		String resource) throws SyntaxException, WritingException,
		org.herasaf.xacml.core.SyntaxException, JAXBException {
	SimplePDPFactory.useDefaultInitializers();
	PDP simplePDP = SimplePDPFactory.getSimplePDP();
	PolicyRepository repo = simplePDP.getPolicyRepository();
	PolicyType policy = (PolicyType) unmarshallerPrime.unmarshal(
			getClass().getResourceAsStream(preferencePath));
	repo.deploy(ConverterFunctions.convertToHerasPolicy(policy));
	RequestCtx request = createRequestContext(domain, resource);
	ResponseCtx responseCtx = simplePDP.evaluate(request);
	List<ResultType> results = responseCtx.getResponse().getResults();
	return results.get(0).getDecision();
}
 

import org.herasaf.xacml.core.api.PDP; //导入依赖的package包/类
private PDP getSimplePDP() {
    return SimplePDPFactory.getSimplePDP();
}
 

import org.herasaf.xacml.core.api.PDP; //导入依赖的package包/类
/**
 * Undeploy policies.
 * 
 * @param pdp
 *            the pdp
 * @param policies
 *            the policies
 */
public void undeployPolicies(PDP pdp, List<Evaluatable> policies) {
	PolicyRepository repo = (PolicyRepository) pdp.getPolicyRepository();
	for (Evaluatable policy : policies) {
		repo.undeploy(policy.getId());
	}
}
 

import org.herasaf.xacml.core.api.PDP; //导入依赖的package包/类
/**
 * Manage policies and evaluate request (deploys the policies, evaluates the
 * request. Policies are undeployed after evaluation).
 * 
 * @param pdp
 *            the pdp
 * @param request
 *            the request
 * @param patientUniqueId
 *            the patient unique id
 * @return the xacml response
 */
private XacmlResponse managePoliciesAndEvaluateRequest(PDP pdp,
		RequestType request, String patientUniqueId) {
	List<Evaluatable> deployedPolicies = deployPolicies(pdp,
			patientUniqueId);
	return managePoliciesAndEvaluateRequest(pdp, request, deployedPolicies);
}
 

import org.herasaf.xacml.core.api.PDP; //导入依赖的package包/类
/**
 * Evaluate the request using the simplePDP and retrieve the response from
 * the PDP.
 * 
 * @param pdp
 *            the pdp
 * @param request
 *            the request
 * @param policies
 *            the policies
 * @return the xacml response
 */
public abstract XacmlResponse evaluateRequest(PDP pdp, RequestType request,
		List<Evaluatable> policies);
 

import org.herasaf.xacml.core.api.PDP; //导入依赖的package包/类
/**
 * Deploy all policies of a patient unique id.
 * 
 * @param pdp
 *            the pdp
 * @param patientUniqueId
 *            the patient unique id
 * @return the list
 */
public List<Evaluatable> deployPolicies(PDP pdp, String patientUniqueId) {
	List<Evaluatable> deployedPolicies = getPolicies(patientUniqueId);
	deployPolicies(pdp, deployedPolicies);
	return deployedPolicies;
}
 

import org.herasaf.xacml.core.api.PDP; //导入依赖的package包/类
/**
 * Undeploy multiple policies on the policy repository.
 * 
 * @param pdp
 *            the pdp
 * @param policy
 *            the policy
 */
public void undeployPolicy(PDP pdp, Evaluatable policy) {
	PolicyRepository repo = (PolicyRepository) pdp.getPolicyRepository();
	repo.undeploy(policy.getId());

}
 

import org.herasaf.xacml.core.api.PDP; //导入依赖的package包/类
/**
 * Undeploy multiple policies on the policy repository.
 * 
 * @param pdp
 *            the pdp
 * @param policyIds
 *            the policy ids
 */
public void undeployPoliciesById(PDP pdp, List<EvaluatableID> policyIds) {
	PolicyRepository repo = (PolicyRepository) pdp.getPolicyRepository();
	repo.undeploy(policyIds);
}
 

import org.herasaf.xacml.core.api.PDP; //导入依赖的package包/类
/**
 * Gets the simple pdp.
 * 
 * @return the simple pdp
 */
public PDP getSimplePDP() {
	return SimplePDPFactory.getSimplePDP();
}