org.exist.security.xacml
Class XACMLUtil

java.lang.Object
  org.exist.security.xacml.XACMLUtil

All Implemented Interfaces:

UpdateListener

public class XACMLUtil
extends Object
implements UpdateListener

This class contains utility methods for working with XACML in eXist.

Field Summary

Fields inherited from interface org.exist.storage.UpdateListener

ADD, REMOVE, UPDATE

Method Summary

void	close() Performs any necessary cleanup operations.
void	debug()
void	documentUpdated(DocumentImpl document, int event) This method is called by the NotificationService when documents are updated in the databases.
static PolicyFinderResult	errorResult(String message, Throwable t) Convenience method for errors occurring while processing.
AbstractPolicy	findPolicy(DBBroker broker, URI idReference, int type) Gets the policy (or policy set) specified by the given id.
static String	getEscape(char c) Escapes characters that are not allowed in various places in XML.
static QName	getIdAttributeQName(int type) Gets the name of the attribute that specifies the policy (if type == PolicyReference.POLICY_REFERENCE) or the policy set (if type == PolicyReference.POLICYSET_REFERENCE).
static Collection	getPolicyCollection(DBBroker broker) Gets the policy collection or creates it if it does not exist.
DocumentImpl	getPolicyDocument(DBBroker broker, QName attributeQName, URI attributeValue) Returns the single policy (or policy set) document that has the attribute specified by attributeQName with the value attributeValue, null if none match, or throws a ProcessingException if more than one match.
AbstractPolicy	getPolicyDocument(DocumentImpl policyDoc) Obtains a parsed representation of the specified XACML Policy or PolicySet document.
static DocumentSet	getPolicyDocuments(DBBroker broker, boolean recursive) This method returns all policy documents in the policies collection.
DocumentSet	getPolicyDocuments(DBBroker broker, QName attributeQName, URI attributeValue) Gets all policy (or policy set) documents that have the attribute specified by attributeQName with the value attributeValue.
static boolean	inPolicyCollection(DocumentImpl document) Returns true if the specified document is in the policy collection.
void	nodeMoved(NodeId oldNodeId, StoredNode newNode) nodeMoved is called after a defragmentation run occurred for a document during which the address and the nodeId of a node may have changed.
AbstractPolicy	parsePolicyDocument(Document policyDoc) Parses a DOM representation of a policy document into an AbstractPolicy.
static String	serialize(Apply apply, boolean indent) Serializes the specified Apply to a String as XML.
static String	serialize(PolicyTreeElement element, boolean indent) Serializes the specified PolicyTreeElement to a String as XML.
static String	serialize(Target target, boolean indent) Serializes the specified Target to a String as XML.
static void	storeDefaultPolicies(DBBroker broker) Stores the default policies
static void	storePolicy(DBBroker broker, XmldbURI docPath) Stores the resource at docPath into the policies collection.
static String	toString(InputStream in) Reads an InputStream into a string.
void	unsubscribe() Called when the listener is removed from the notification service
static String	XMLEscape(String in) Escapes characters that are not allowed in various places in XML by replacing all invalid characters with getEscape(c).
static void	XMLEscape(StringBuffer buffer) Escapes characters that are not allowed in various places in XML by replacing all invalid characters with getEscape(c).

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

documentUpdated

public void documentUpdated(DocumentImpl document,
                            int event)

This method is called by the NotificationService when documents are updated in the databases. If a document is removed or updated from the policy collection, it is removed from the policy cache.

Specified by:

documentUpdated in interface UpdateListener

nodeMoved

public void nodeMoved(NodeId oldNodeId,
                      StoredNode newNode)

Description copied from interface: UpdateListener

nodeMoved is called after a defragmentation run occurred for a document during which the address and the nodeId of a node may have changed. Defragmentation may only occur after a node update.

Specified by:

nodeMoved in interface UpdateListener

unsubscribe

public void unsubscribe()

Description copied from interface: UpdateListener

Called when the listener is removed from the notification service

Specified by:

unsubscribe in interface UpdateListener

inPolicyCollection

public static boolean inPolicyCollection(DocumentImpl document)

Returns true if the specified document is in the policy collection. This does not check subcollections.

Parameters:

document - The document in question

Returns:

if the document is in the policy collection

close

public void close()

Performs any necessary cleanup operations. Generally only called if XACML has been disabled.

findPolicy

public AbstractPolicy findPolicy(DBBroker broker,
                                 URI idReference,
                                 int type)
                          throws ParsingException,
                                 ProcessingException,
                                 XPathException

Gets the policy (or policy set) specified by the given id.

Parameters:

type - The type of id reference: PolicyReference.POLICY_REFERENCE for a policy reference or PolicyReference.POLICYSET_REFERENCE for a policy set reference.

idReference - The id of the policy (or policy set) to retrieve

broker - the broker to use to access the database

Returns:

The referenced policy.

Throws:

ProcessingException - if there is an error finding the policy (or policy set).

XPathException

ParsingException

getPolicyDocuments

public static DocumentSet getPolicyDocuments(DBBroker broker,
                                             boolean recursive)

This method returns all policy documents in the policies collection. If recursive is true, policies in subcollections are returned as well.

Parameters:

broker - the broker to use to access the database

recursive - true if policies in subcollections should be returned as well

Returns:

All policy documents in the policies collection

getPolicyCollection

public static Collection getPolicyCollection(DBBroker broker)

Gets the policy collection or creates it if it does not exist.

Parameters:

broker - The broker to use to access the database.

Returns:

A Collection object for the policy collection.

getPolicyDocument

public DocumentImpl getPolicyDocument(DBBroker broker,
                                      QName attributeQName,
                                      URI attributeValue)
                               throws ProcessingException,
                                      XPathException

Returns the single policy (or policy set) document that has the attribute specified by attributeQName with the value attributeValue, null if none match, or throws a ProcessingException if more than one match. This is performed by a QName range index lookup and so it requires a range index to be given on the attribute.

Parameters:

attributeQName - The name of the attribute

attributeValue - The value of the attribute

broker - the broker to use to access the database

Returns:

The referenced policy.

Throws:

ProcessingException - if there is an error finding the policy (or policy set) documents.

XPathException - if there is an error performing the index lookup

getPolicyDocuments

public DocumentSet getPolicyDocuments(DBBroker broker,
                                      QName attributeQName,
                                      URI attributeValue)
                               throws ProcessingException,
                                      XPathException

Gets all policy (or policy set) documents that have the attribute specified by attributeQName with the value attributeValue. This is performed by a QName range index lookup and so it requires a range index to be given on the attribute.

Parameters:

attributeQName - The name of the attribute

attributeValue - The value of the attribute

broker - the broker to use to access the database

Returns:

The referenced policy.

Throws:

ProcessingException - if there is an error finding the policy (or policy set) documents.

XPathException - if there is an error performing the index lookup

getIdAttributeQName

public static QName getIdAttributeQName(int type)

Gets the name of the attribute that specifies the policy (if type == PolicyReference.POLICY_REFERENCE) or the policy set (if type == PolicyReference.POLICYSET_REFERENCE).

Parameters:

type - The type of id reference: PolicyReference.POLICY_REFERENCE for a policy reference or PolicyReference.POLICYSET_REFERENCE for a policy set reference.

Returns:

The attribute name for the reference type

errorResult

public static PolicyFinderResult errorResult(String message,
                                             Throwable t)

Convenience method for errors occurring while processing. The message and exception are logged and a PolicyFinderResult is generated with Status.STATUS_PROCESSING_ERROR as the error condition and the message as the message.

Parameters:

message - The message describing the error.

t - The cause of the error, may be null

Returns:

A PolicyFinderResult representing the error.

getPolicyDocument

public AbstractPolicy getPolicyDocument(DocumentImpl policyDoc)
                                 throws ParsingException

Obtains a parsed representation of the specified XACML Policy or PolicySet document. If the document has already been parsed, this method returns the cached AbstractPolicy. Otherwise, it unmarshals the document into an AbstractPolicy and caches it.

Parameters:

policyDoc - the policy (or policy set) document for which a parsed representation should be obtained

Returns:

a parsed policy (or policy set)

Throws:

ParsingException - if an error occurs while parsing the specified document

parsePolicyDocument

public AbstractPolicy parsePolicyDocument(Document policyDoc)
                                   throws ParsingException

Parses a DOM representation of a policy document into an AbstractPolicy.

Parameters:

policyDoc - The DOM Document representing the XACML policy or policy set.

Returns:

The parsed policy

Throws:

ParsingException - if there is an error parsing the document

XMLEscape

public static void XMLEscape(StringBuffer buffer)

Escapes characters that are not allowed in various places in XML by replacing all invalid characters with getEscape(c).

Parameters:

buffer - The StringBuffer containing the text to escape in place.

getEscape

public static String getEscape(char c)

Escapes characters that are not allowed in various places in XML. Characters are replaced by the corresponding entity. The characters &, <, >, ", and ' are escaped.

Parameters:

c - The character to escape.

Returns:

A String representing the escaped character or null if the character does not need to be escaped.

XMLEscape

public static String XMLEscape(String in)

Escapes characters that are not allowed in various places in XML by replacing all invalid characters with getEscape(c).

Parameters:

in - The String containing the text to escape in place.

serialize

public static String serialize(PolicyTreeElement element,
                               boolean indent)

Serializes the specified PolicyTreeElement to a String as XML. The XML is indented if indent is true.

Parameters:

element - The PolicyTreeElement to serialize

indent - If the XML should be indented

Returns:

The XML representation of the element

serialize

public static String serialize(Target target,
                               boolean indent)

Serializes the specified Target to a String as XML. The XML is indented if indent is true.

Parameters:

target - The Target to serialize

indent - If the XML should be indented

Returns:

The XML representation of the target

serialize

public static String serialize(Apply apply,
                               boolean indent)

Serializes the specified Apply to a String as XML. The XML is indented if indent is true.

Parameters:

apply - The Apply to serialize

indent - If the XML should be indented

Returns:

The XML representation of the apply

storeDefaultPolicies

public static void storeDefaultPolicies(DBBroker broker)

Stores the default policies

Parameters:

broker - The broker with which to access the database

storePolicy

public static void storePolicy(DBBroker broker,
                               XmldbURI docPath)
                        throws EXistException,
                               IOException

Stores the resource at docPath into the policies collection.

Parameters:

broker - The broker with which to access the database

docPath - The location of the resource

Throws:

EXistException

IOException

toString

public static String toString(InputStream in)
                       throws IOException

Reads an InputStream into a string.

Parameters:

in - The stream to read into a string.

Returns:

The stream as a string

Throws:

IOException

debug

public void debug()

Specified by:

debug in interface UpdateListener