org.exist.security.xacml
Class XACMLUtil

java.lang.Object
  extended byorg.exist.security.xacml.XACMLUtil
All Implemented Interfaces:
UpdateListener

public class XACMLUtil
extends java.lang.Object
implements UpdateListener

This class contains utility methods for working with XACML in eXist.


Field Summary
 
Fields inherited from interface org.exist.storage.UpdateListener
ADD, REMOVE, UPDATE
 
Method Summary
 void close()
          Performs any necessary cleanup operations.
 void debug()
           
 void documentUpdated(DocumentImpl document, int event)
          This method is called by the NotificationService when documents are updated in the databases.
static com.sun.xacml.finder.PolicyFinderResult errorResult(java.lang.String message, java.lang.Throwable t)
          Convenience method for errors occurring while processing.
 com.sun.xacml.AbstractPolicy findPolicy(DBBroker broker, java.net.URI idReference, int type)
          Gets the policy (or policy set) specified by the given id.
static java.lang.String getEscape(char c)
          Escapes characters that are not allowed in various places in XML.
static QName getIdAttributeQName(int type)
          Gets the name of the attribute that specifies the policy (if type == PolicyReference.POLICY_REFERENCE) or the policy set (if type == PolicyReference.POLICYSET_REFERENCE).
static Collection getPolicyCollection(DBBroker broker)
          Gets the policy collection or creates it if it does not exist.
 DocumentImpl getPolicyDocument(DBBroker broker, QName attributeQName, java.net.URI attributeValue)
          Returns the single policy (or policy set) document that has the attribute specified by attributeQName with the value attributeValue, null if none match, or throws a ProcessingException if more than one match.
 com.sun.xacml.AbstractPolicy getPolicyDocument(DocumentImpl policyDoc)
          Obtains a parsed representation of the specified XACML Policy or PolicySet document.
static DocumentSet getPolicyDocuments(DBBroker broker, boolean recursive)
          This method returns all policy documents in the policies collection.
 DocumentSet getPolicyDocuments(DBBroker broker, QName attributeQName, java.net.URI attributeValue)
          Gets all policy (or policy set) documents that have the attribute specified by attributeQName with the value attributeValue.
static boolean inPolicyCollection(DocumentImpl document)
          Returns true if the specified document is in the policy collection.
 com.sun.xacml.AbstractPolicy parsePolicyDocument(org.w3c.dom.Document policyDoc)
          Parses a DOM representation of a policy document into an AbstractPolicy.
static java.lang.String serialize(com.sun.xacml.cond.Apply apply, boolean indent)
          Serializes the specified Apply to a String as XML.
static java.lang.String serialize(com.sun.xacml.PolicyTreeElement element, boolean indent)
          Serializes the specified PolicyTreeElement to a String as XML.
static java.lang.String serialize(com.sun.xacml.Target target, boolean indent)
          Serializes the specified Target to a String as XML.
static void storeDefaultPolicies(DBBroker broker)
          Stores the default policies
static void storePolicy(DBBroker broker, XmldbURI docPath)
          Stores the resource at docPath into the policies collection.
static java.lang.String toString(java.io.InputStream in)
          Reads an InputStream into a string.
static java.lang.String XMLEscape(java.lang.String in)
          Escapes characters that are not allowed in various places in XML by replacing all invalid characters with getEscape(c).
static void XMLEscape(java.lang.StringBuffer buffer)
          Escapes characters that are not allowed in various places in XML by replacing all invalid characters with getEscape(c).
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Method Detail

documentUpdated

public void documentUpdated(DocumentImpl document,
                            int event)
This method is called by the NotificationService when documents are updated in the databases. If a document is removed or updated from the policy collection, it is removed from the policy cache.

Specified by:
documentUpdated in interface UpdateListener
Parameters:
document -
event -

inPolicyCollection

public static boolean inPolicyCollection(DocumentImpl document)
Returns true if the specified document is in the policy collection. This does not check subcollections.

Parameters:
document - The document in question
Returns:
if the document is in the policy collection

close

public void close()
Performs any necessary cleanup operations. Generally only called if XACML has been disabled.


findPolicy

public com.sun.xacml.AbstractPolicy findPolicy(DBBroker broker,
                                               java.net.URI idReference,
                                               int type)
                                        throws com.sun.xacml.ParsingException,
                                               com.sun.xacml.ProcessingException,
                                               XPathException
Gets the policy (or policy set) specified by the given id.

Parameters:
type - The type of id reference: PolicyReference.POLICY_REFERENCE for a policy reference or PolicyReference.POLICYSET_REFERENCE for a policy set reference.
idReference - The id of the policy (or policy set) to retrieve
broker - the broker to use to access the database
Returns:
The referenced policy.
Throws:
com.sun.xacml.ProcessingException - if there is an error finding the policy (or policy set).
XPathException
com.sun.xacml.ParsingException

getPolicyDocuments

public static DocumentSet getPolicyDocuments(DBBroker broker,
                                             boolean recursive)
This method returns all policy documents in the policies collection. If recursive is true, policies in subcollections are returned as well.

Parameters:
broker - the broker to use to access the database
recursive - true if policies in subcollections should be returned as well
Returns:
All policy documents in the policies collection

getPolicyCollection

public static Collection getPolicyCollection(DBBroker broker)
Gets the policy collection or creates it if it does not exist.

Parameters:
broker - The broker to use to access the database.
Returns:
A Collection object for the policy collection.

getPolicyDocument

public DocumentImpl getPolicyDocument(DBBroker broker,
                                      QName attributeQName,
                                      java.net.URI attributeValue)
                               throws com.sun.xacml.ProcessingException,
                                      XPathException
Returns the single policy (or policy set) document that has the attribute specified by attributeQName with the value attributeValue, null if none match, or throws a ProcessingException if more than one match. This is performed by a QName range index lookup and so it requires a range index to be given on the attribute.

Parameters:
attributeQName - The name of the attribute
attributeValue - The value of the attribute
broker - the broker to use to access the database
Returns:
The referenced policy.
Throws:
com.sun.xacml.ProcessingException - if there is an error finding the policy (or policy set) documents.
XPathException - if there is an error performing the index lookup

getPolicyDocuments

public DocumentSet getPolicyDocuments(DBBroker broker,
                                      QName attributeQName,
                                      java.net.URI attributeValue)
                               throws com.sun.xacml.ProcessingException,
                                      XPathException
Gets all policy (or policy set) documents that have the attribute specified by attributeQName with the value attributeValue. This is performed by a QName range index lookup and so it requires a range index to be given on the attribute.

Parameters:
attributeQName - The name of the attribute
attributeValue - The value of the attribute
broker - the broker to use to access the database
Returns:
The referenced policy.
Throws:
com.sun.xacml.ProcessingException - if there is an error finding the policy (or policy set) documents.
XPathException - if there is an error performing the index lookup

getIdAttributeQName

public static QName getIdAttributeQName(int type)
Gets the name of the attribute that specifies the policy (if type == PolicyReference.POLICY_REFERENCE) or the policy set (if type == PolicyReference.POLICYSET_REFERENCE).

Parameters:
type - The type of id reference: PolicyReference.POLICY_REFERENCE for a policy reference or PolicyReference.POLICYSET_REFERENCE for a policy set reference.
Returns:
The attribute name for the reference type

errorResult

public static com.sun.xacml.finder.PolicyFinderResult errorResult(java.lang.String message,
                                                                  java.lang.Throwable t)
Convenience method for errors occurring while processing. The message and exception are logged and a PolicyFinderResult is generated with Status.STATUS_PROCESSING_ERROR as the error condition and the message as the message.

Parameters:
message - The message describing the error.
t - The cause of the error, may be null
Returns:
A PolicyFinderResult representing the error.

getPolicyDocument

public com.sun.xacml.AbstractPolicy getPolicyDocument(DocumentImpl policyDoc)
                                               throws com.sun.xacml.ParsingException
Obtains a parsed representation of the specified XACML Policy or PolicySet document. If the document has already been parsed, this method returns the cached AbstractPolicy. Otherwise, it unmarshals the document into an AbstractPolicy and caches it.

Parameters:
policyDoc - the policy (or policy set) document for which a parsed representation should be obtained
Returns:
a parsed policy (or policy set)
Throws:
com.sun.xacml.ParsingException - if an error occurs while parsing the specified document

parsePolicyDocument

public com.sun.xacml.AbstractPolicy parsePolicyDocument(org.w3c.dom.Document policyDoc)
                                                 throws com.sun.xacml.ParsingException
Parses a DOM representation of a policy document into an AbstractPolicy.

Parameters:
policyDoc - The DOM Document representing the XACML policy or policy set.
Returns:
The parsed policy
Throws:
com.sun.xacml.ParsingException - if there is an error parsing the document

XMLEscape

public static void XMLEscape(java.lang.StringBuffer buffer)
Escapes characters that are not allowed in various places in XML by replacing all invalid characters with getEscape(c).

Parameters:
buffer - The StringBuffer containing the text to escape in place.

getEscape

public static java.lang.String getEscape(char c)
Escapes characters that are not allowed in various places in XML. Characters are replaced by the corresponding entity. The characters &, <, >, ", and ' are escaped.

Parameters:
c - The character to escape.
Returns:
A String representing the escaped character or null if the character does not need to be escaped.

XMLEscape

public static java.lang.String XMLEscape(java.lang.String in)
Escapes characters that are not allowed in various places in XML by replacing all invalid characters with getEscape(c).

Parameters:
in - The String containing the text to escape in place.

serialize

public static java.lang.String serialize(com.sun.xacml.PolicyTreeElement element,
                                         boolean indent)
Serializes the specified PolicyTreeElement to a String as XML. The XML is indented if indent is true.

Parameters:
element - The PolicyTreeElement to serialize
indent - If the XML should be indented
Returns:
The XML representation of the element

serialize

public static java.lang.String serialize(com.sun.xacml.Target target,
                                         boolean indent)
Serializes the specified Target to a String as XML. The XML is indented if indent is true.

Parameters:
target - The Target to serialize
indent - If the XML should be indented
Returns:
The XML representation of the target

serialize

public static java.lang.String serialize(com.sun.xacml.cond.Apply apply,
                                         boolean indent)
Serializes the specified Apply to a String as XML. The XML is indented if indent is true.

Parameters:
apply - The Apply to serialize
indent - If the XML should be indented
Returns:
The XML representation of the apply

storeDefaultPolicies

public static void storeDefaultPolicies(DBBroker broker)
Stores the default policies

Parameters:
broker - The broker with which to access the database

storePolicy

public static void storePolicy(DBBroker broker,
                               XmldbURI docPath)
                        throws EXistException,
                               java.io.IOException
Stores the resource at docPath into the policies collection.

Parameters:
broker - The broker with which to access the database
docPath - The location of the resource
Throws:
EXistException
java.io.IOException

toString

public static java.lang.String toString(java.io.InputStream in)
                                 throws java.io.IOException
Reads an InputStream into a string.

Parameters:
in - The stream to read into a string.
Returns:
The stream as a string
Throws:
java.io.IOException

debug

public void debug()
Specified by:
debug in interface UpdateListener


Copyright (C) Wolfgang Meier. All rights reserved.