AnalysisConfig.java example

Explorer
Security-Service-Validation-and-Verification-master
/* Copyright 2012-2015 SAP SE
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package eu.aniketos.securebpmn.xacml;

import java.lang.reflect.Method;
import java.util.List;
import java.util.Map;
import java.util.Vector;

import org.apache.log4j.Logger;

import eu.aniketos.securebpmn.xacml.pdp.PDPServer;
import eu.aniketos.securebpmn.xacml.pdp.runtimeEvaluation.AnalysisFinderModule;
import eu.aniketos.securebpmn.xacml.pdp.runtimeEvaluation.attributes.AnalysisAttributeResolver;
import eu.aniketos.securebpmn.xacml.combine.AnalysisCombiningAlgFactory;
import eu.aniketos.securebpmn.xacml.combine.AnalysisCombiningAlgFactoryProxy;
import eu.aniketos.securebpmn.xacml.cond.AnalysisLogicalFunction;

import com.sun.xacml.PDPConfig;
import com.sun.xacml.combine.CombiningAlgFactory;
import com.sun.xacml.combine.CombiningAlgFactoryProxy;
import com.sun.xacml.cond.FunctionFactory;
import com.sun.xacml.cond.LogicalFunction;
import com.sun.xacml.finder.AttributeFinder;
import com.sun.xacml.finder.AttributeFinderModule;
import com.sun.xacml.finder.PolicyFinderModule;

/**
 * This configuration should be used when using the PDP in
 * analysis mode: Create an AnalysisConfig by using an existing
 * PDPConfig.<br/>
 *
 * Code sample for creating an Analysis PDP:
 * <ul>
 * <li>Create the normal Configuration, e.g., <br/>
 * 		ConfigurationStore config = new ConfigurationStore(new File("some/url/config.xml"));<br/>
		PDPConfig pdpConfig = config.getDefaultPDPConfig();</li>
 * <li>Create the AnalysisConfig<br/>
 *      AnalysisConfig analysisConfig = new AnalysisConfig(pdpConfig);</li>
 * <li>Create the PDPServer<br/>
 *     PDPServer pdp = new PDPServer(analysisConfig);</li>
 * <ul>
 *
 */
public class AnalysisConfig extends PDPConfig {

    private static Logger logger = Logger.getLogger(AnalysisConfig.class);

    private AnalysisFinderModule attrFinder = null;

    /**
     * this is more or less a copy constructor which modifies the PDPConfig
     * for analysis purposes
     * @param config
     */
    public AnalysisConfig(PDPConfig config) {
        //remove all attributeFinderModules and set to
        // eu.aniketos.securebpmn.xacml.pdp.runtimeEvaluation.EvaluationFinderModule
        super(getAnalysisAttrFinder(), config.getPolicyFinder(),
              config.getResourceFinder(), config.getRevocationFinder());
        //get EvaluationFinderModule "back" - cannot save it to the instance as created during super constructor call
        attrFinder = (AnalysisFinderModule) super.getAttributeFinder().getModules().get(0);
        logger.info("Created Analysis Configuration with " + attrFinder.getClass().getName() + " attributeFinder");
        if ( super.getAttributeFinder().getModules().size() != 1 ) {
            //should not be the case as we want to retrieve all attributes via our simulated environment
            logger.warn("More than the " + attrFinder.getClass().getName()  + " attributeFinders are in use!");
        }

        init(config, true);

    }

    private void init(PDPConfig config, boolean abstractEval) {

        /*
         *  set option conf:useLines:true of all loaded policyFinderModules
         *  this will give a more detailed information during load of policies
         *  and during evaluation
         */
        boolean finderModuleError = false;
        int patchCount = 0;
        for ( PolicyFinderModule policyModule : config.getPolicyFinder().getModules() ) {
            try {
                Method enfUseLines = policyModule.getClass().getMethod("enforceUseLines", (Class<?>[]) null);
                enfUseLines.invoke(policyModule, (Object[]) null);
                logger.debug("Enforced useLines on class " + policyModule.getClass());
                ++patchCount;
            } catch (NoSuchMethodException e) {
                logger.warn("Class " + policyModule.getClass() + " does not support useLines feature");
            } catch (Exception e) {
                logger.warn("Error when setting useLines to class " + policyModule.getClass() + " "
                            + e.getClass() + ": " + e.getMessage());
            }
        }
        if ( ! finderModuleError ) {
            logger.info("Successfully set option \"useLines\" to true for " + patchCount + " finderModules");
        }

        /*
         * copy constructor: copy custom attrs which are not created
         * with the super() constructor
         * but assure that no logServer is used
         */
        Map<String, Object> customAttr = config.getCustomAttrs();
        if ( customAttr.containsKey(PDPServer.LOG_SERVER)) {
            customAttr.remove(PDPServer.LOG_SERVER);
            logger.info("Removed " + PDPServer.LOG_SERVER + " from configuration (must not be use for non-productive usage)");
        }
        super.setCutomAttrs(customAttr);



        /*
         * if abstract evaluation is enabled, replace standard algorithms with
         * analysis versions
         */
        if ( abstractEval ) {
//			CombiningAlgFactory defaultCombAlg = CombiningAlgFactory.getInstance();
//			Set<String> algs = defaultCombAlg.getSupportedAlgorithms();

            AnalysisCombiningAlgFactory analysisAlgFactory = AnalysisCombiningAlgFactory.getFactory();
            CombiningAlgFactoryProxy analysisAlgProxy = new AnalysisCombiningAlgFactoryProxy(analysisAlgFactory);

            CombiningAlgFactory.setDefaultFactory(analysisAlgProxy);
            logger.info("Replaced default combining algorithms with analysis versions");

            FunctionFactory func = FunctionFactory.getGeneralInstance();
            func.addFunction(new AnalysisLogicalFunction(LogicalFunction.NAME_OR) , true);
            func.addFunction(new AnalysisLogicalFunction(LogicalFunction.NAME_AND) , true);
        }
    }


    public AnalysisFinderModule getEvaluationFinderModule() {
        return this.attrFinder;
    }

    public int addAnalysisAttributeResolver(AnalysisAttributeResolver attrResolver) {
        return attrFinder.addAnalysisAttributeResolver(attrResolver);
    }

    public boolean removeAttrResolver(AnalysisAttributeResolver attrResolver) {
        return attrFinder.removeAttrResolver(attrResolver);
    }

    public void clearAttrResolver() {
        attrFinder.clearAttrResolver();
    }


    /**
     * returns an AttributeFinder which only contains only
     * the attributeFinderModule required for analysis
     * @return
     */
    private static AttributeFinder getAnalysisAttrFinder() {
        AttributeFinder attrFinder = new AttributeFinder();
        List<AttributeFinderModule> attrModules = new Vector<AttributeFinderModule>();
        attrModules.add(new AnalysisFinderModule());
        attrFinder.setModules(attrModules);
        return attrFinder;
    }

}