org.openpermis.policy.bean.basic
Class BasicPolicy

java.lang.Object
  extended by org.openpermis.policy.bean.basic.BasicPart
      extended by org.openpermis.policy.bean.basic.BasicPartBean
          extended by org.openpermis.policy.bean.basic.BasicPolicy
All Implemented Interfaces:
Serializable, PartBean, PolicyBean, Part, Policy, PolicyDecisionPoint

public class BasicPolicy
extends BasicPartBean
implements PolicyBean

Basic implementation of a policy.

See Also:
Serialized Form
Since:
0.1.0

Field Summary
private  org.joda.time.DateTimeZone dateTimeZone
           
private static org.slf4j.Logger LOGGER
           
private  RoleAssignmentRuleBeanCollection roleAssignmentRules
           
private  RoleHierarchyBeanCollection roleHierarchies
           
private static long serialVersionUID
           
private  TargetAccessRuleBeanCollection targetAccessRules
           
 
Constructor Summary
protected BasicPolicy(SerialNumber serialNumber)
          Creates a policy with the specified rules.
 
Method Summary
private
<M extends PartBean>
void
addPartToMap(Map<SerialNumber,PartBean> map, Class<M> type, PartBean part)
           
protected  void appendPartDetails(StringBuilder sb)
          Appends the details of this extended part for the string representation of this part.
private  boolean areRoleAssignmentRulesValid(PartProblemReporter reporter)
          Check if there is at least one role assignment rule and all is correct.
private  boolean areRoleHierarchiesValid(PartProblemReporter reporter)
          Check if there is at least one role-hierarchy, check if their name are unique,
private  boolean areTargetAccessRulesValid(PartProblemReporter reporter)
          Check if there is at least one target access rule and that the containment hierarchy of the role hierarchy is consistent.
private  void assertNotNull(String type, Object value)
          Asserts that a value is not null.
private  void assertParameters(Subject subject, URI resourceUri, String actionName, List<?> arguments, TimeStamp timeStamp)
          Checks the access decision parameters.
protected  boolean comparablePart(BasicPart part)
          Check if the part specified is comparable to this part.
protected  boolean equalPart(BasicPart part)
          Compares another part to this part.
 PartBean findBySerialNumber(SerialNumber partSerialNumber)
          Returns the part bean corresponding to the specified serial number. The basic implementation returns this bean if its serial number matches the one passed in or null if not.
private  AccessDecision getAccessDecision(List<AuthorizedRoles> authorizedRoleSets, Set<Role> verifiedRoles)
          Determines the access decision according to the list of authorized roles and verified roles.
 AccessDecision getAccessDecision(Subject subject, URI resourceUri, String actionName, List<?> arguments, TimeStamp timeStamp)
          Decides whether a subject may be given access to a target and what obligations need to be fulfilled.
 org.joda.time.DateTimeZone getDateTimeZone()
          Returns the time zone of this policy.
private  Set<Role> getEligibleRoles(List<AuthorizedRoles> authorizedRoles)
          Find all roles that are eligible according the the authorized roles specified.
 List<RoleAssignmentRuleBean> getParentRoleAssignmentRules(DomainBean searchPart)
          Returns the PartBean's containing the given part.
 List<RoleHierarchyBean> getParentRoleHierarchies(Role role)
          Returns the PartBean's containing the given part.
 List<TargetAccessRuleBean> getParentTargetAccessRules(ObligationBean searchPart)
          Returns the PartBean's containing the given part.
 List<TargetAccessRuleBean> getParentTargetAccessRules(Role searchRule)
          Returns the PartBean's containing the given part.
 List<TargetAccessRuleBean> getParentTargetAccessRules(TargetBean searchPart)
          Returns the PartBean's containing the given part.
 List<TargetBean> getParentTargets(ActionBean searchPart)
          Returns the PartBean's containing the given part.
 List<TargetBean> getParentTargets(DomainBean searchPart)
          Returns the PartBean's containing the given part.
<M extends PartBean>
List<M>
getPartsList(Class<M> type)
          Returns all parts of given type, unique by serial number.
private
<M extends PartBean>
Map<SerialNumber,PartBean>
getPartsMap(Class<M> type)
          Returns all parts of given type, unique by serial number.
 List<DomainBean> getResourceDomains()
          Returns all resource domains.
 RoleAssignmentRuleBeanCollection getRoleAssignmentRules()
          Returns the role assignment rule collection of this policy.
 RoleHierarchyBeanCollection getRoleHierarchies()
          Returns the role hierarchy collection of this policy.
 List<Role> getRoleRefList()
          Returns all rolerefs.
protected  String getSimpleClassName()
          Returns the simple implementation class name of this class.
 List<DomainBean> getSubjectDomains()
          Returns all subject domains.
 TargetAccessRuleBeanCollection getTargetAccessRules()
          Returns the target access rule collection of this policy.
private  Set<Role> getVerifiedRoles(Subject subject, TimeStamp timeStamp, Set<Role> eligibleRoles)
          Retrieve all verified roles of a subject that are a subset of the eligible roles.
 boolean isPartValid(PartProblemReporter reporter)
          Checks if the extended state of this part is valid.
protected  int partHashCode()
          Returns the hash code of the extended part state.
 void setDateTimeZone(org.joda.time.DateTimeZone dateTimeZone)
          Sets the time zone of this policy.
 void setRoleAssignmentRules(RoleAssignmentRuleBeanCollection roleAssignmentRules)
          Sets the role assignment rule collection of this policy.
 void setRoleHierarchies(RoleHierarchyBeanCollection roleHierarchies)
          Sets the role hierarchy collection of this policy.
 void setTargetAccessRules(TargetAccessRuleBeanCollection targetAccessRules)
          Sets the target access rule collection of this policy.
 
Methods inherited from class org.openpermis.policy.bean.basic.BasicPartBean
addPropertyChangeListener, equalSerialNumber, firePropertyChange, getPartBeanType, getSerialNumber, getSerialNumberString, notifyIdentityChange, notifyNameChange, removePropertyChangeListener, toShortString
 
Methods inherited from class org.openpermis.policy.bean.basic.BasicPart
appendDetails, equals, getIdentity, getName, hashCode, hasPartIdentity, hasPartName, isChildCollectionValid, isChildNotNull, isChildNullOrValid, isChildValid, isIdentityValid, isNameValid, isValid, reportProblem, setIdentity, setName, toString
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
 
Methods inherited from interface org.openpermis.policy.Part
equals, hashCode, isValid, toString
 
Methods inherited from interface org.openpermis.policy.bean.PartBean
addPropertyChangeListener, equalSerialNumber, getPartBeanType, getSerialNumber, removePropertyChangeListener, toShortString
 
Methods inherited from interface org.openpermis.policy.Part
equals, hashCode, isValid, toString
 

Field Detail

serialVersionUID

private static final long serialVersionUID
Constant Field Value:
-8888013228359169599L
Since:
0.1.0

LOGGER

private static final org.slf4j.Logger LOGGER
Since:
0.4.0

dateTimeZone

private org.joda.time.DateTimeZone dateTimeZone
Since:
0.1.0

roleAssignmentRules

private RoleAssignmentRuleBeanCollection roleAssignmentRules
Since:
0.1.0

targetAccessRules

private TargetAccessRuleBeanCollection targetAccessRules
Since:
0.1.0

roleHierarchies

private RoleHierarchyBeanCollection roleHierarchies
Since:
0.1.0
Constructor Detail

BasicPolicy

protected BasicPolicy(SerialNumber serialNumber)
Creates a policy with the specified rules.

Since:
0.1.0
Method Detail

areRoleAssignmentRulesValid

private boolean areRoleAssignmentRulesValid(PartProblemReporter reporter)
Check if there is at least one role assignment rule and all is correct. of the role hierarchy is consistent.

Parameters:
reporter - the reporter to use.
Returns:
true if the role assignment rules are valid.
Since:
0.1.0

areTargetAccessRulesValid

private boolean areTargetAccessRulesValid(PartProblemReporter reporter)
Check if there is at least one target access rule and that the containment hierarchy of the role hierarchy is consistent.

Parameters:
reporter - the reporter to use.
Returns:
true if the target access rules are valid.
Since:
0.1.0

areRoleHierarchiesValid

private boolean areRoleHierarchiesValid(PartProblemReporter reporter)
Check if there is at least one role-hierarchy, check if their name are unique,

Parameters:
reporter - the reporter to use.
Returns:
true if the role hierarchies are valid.
Since:
0.1.0

addPartToMap

private <M extends PartBean> void addPartToMap(Map<SerialNumber,PartBean> map,
                                               Class<M> type,
                                               PartBean part)

getPartsMap

private <M extends PartBean> Map<SerialNumber,PartBean> getPartsMap(Class<M> type)
Returns all parts of given type, unique by serial number.

Since:
0.1.0

getEligibleRoles

private Set<Role> getEligibleRoles(List<AuthorizedRoles> authorizedRoles)
Find all roles that are eligible according the the authorized roles specified.

Includes all super roles of the authorized roles passed in.

Parameters:
authorizedRoles - the list of authorized roles.
Returns:
the roles eligible for access, empty if there are none, never null.
Since:
0.4.0

getVerifiedRoles

private Set<Role> getVerifiedRoles(Subject subject,
                                   TimeStamp timeStamp,
                                   Set<Role> eligibleRoles)
Retrieve all verified roles of a subject that are a subset of the eligible roles.

Includes all inherited sub roles of the verified roles.

Parameters:
subject - the subject for which to retrieve the verified roles.
timeStamp - the timestamp of verification.
eligibleRoles - the set of eligible roles.
Returns:
the set of verified roles, may be empty if there are none, never null.
Since:
0.4.0

assertNotNull

private final void assertNotNull(String type,
                                 Object value)
Asserts that a value is not null.

Parameters:
type - descriptive type of the value to check.
value - the value to check.
Throws:
IllegalArgumentException - in case the value is null.
Since:
0.4.0

assertParameters

private void assertParameters(Subject subject,
                              URI resourceUri,
                              String actionName,
                              List<?> arguments,
                              TimeStamp timeStamp)
Checks the access decision parameters.

Parameters:
subject - a Subject to identify the user requesting access and to provide the roles assigned to her.
resourceUri - a URI to identify the resource that the subject wants to access.
actionName - the name of the action that the subject wants to perform on the resource.
arguments - an optional list of arguments for the action that the subject wants to perform on the resource.
timeStamp - the time at which the action is executed.
Throws:
IllegalArgumentException - in case there is an invalid parameter.
Since:
0.4.0

getAccessDecision

public AccessDecision getAccessDecision(Subject subject,
                                        URI resourceUri,
                                        String actionName,
                                        List<?> arguments,
                                        TimeStamp timeStamp)
Description copied from interface: PolicyDecisionPoint
Decides whether a subject may be given access to a target and what obligations need to be fulfilled.

Specified by:
getAccessDecision in interface Policy
Specified by:
getAccessDecision in interface PolicyDecisionPoint
Parameters:
subject - a Subject to identify the user requesting access and to provide the roles assigned to her.
resourceUri - a URI to identify the resource that the subject wants to access.
actionName - the name of the action that the subject wants to perform on the resource.
arguments - an optional list of arguments for the action that the subject wants to perform on the resource.
timeStamp - the time at which the action is executed.
Returns:
an AccessDecision containing the PDP's decision and the obligations associated with the decision.
Since:
0.1.0

getAccessDecision

private AccessDecision getAccessDecision(List<AuthorizedRoles> authorizedRoleSets,
                                         Set<Role> verifiedRoles)
Determines the access decision according to the list of authorized roles and verified roles.

If there is at least one authorized role set that matches the verified roles then a positive access decision is returned. The access decision includes the obligations of all authorized role sets that match.

Parameters:
authorizedRoleSets - the authorized role sets for which to determine the decision.
verifiedRoles - the verified roles to match.
Returns:
the access decision requested.
Since:
0.4.0

getDateTimeZone

public org.joda.time.DateTimeZone getDateTimeZone()
Description copied from interface: PolicyBean
Returns the time zone of this policy.

Specified by:
getDateTimeZone in interface PolicyBean
Returns:
the time zone of this policy.
Since:
0.1.0

setDateTimeZone

public void setDateTimeZone(org.joda.time.DateTimeZone dateTimeZone)
Description copied from interface: PolicyBean
Sets the time zone of this policy.

Specified by:
setDateTimeZone in interface PolicyBean
Parameters:
dateTimeZone - a DateTimeZone.
Since:
0.1.0

getRoleAssignmentRules

public RoleAssignmentRuleBeanCollection getRoleAssignmentRules()
Description copied from interface: PolicyBean
Returns the role assignment rule collection of this policy.

Specified by:
getRoleAssignmentRules in interface PolicyBean
Returns:
the role assignment rule collection of this policy.
Since:
0.3.0

setRoleAssignmentRules

public void setRoleAssignmentRules(RoleAssignmentRuleBeanCollection roleAssignmentRules)
Description copied from interface: PolicyBean
Sets the role assignment rule collection of this policy.

Specified by:
setRoleAssignmentRules in interface PolicyBean
Parameters:
roleAssignmentRules - the new role assignment rule collection of this policy.
Since:
0.3.0

getTargetAccessRules

public TargetAccessRuleBeanCollection getTargetAccessRules()
Description copied from interface: PolicyBean
Returns the target access rule collection of this policy.

Specified by:
getTargetAccessRules in interface PolicyBean
Returns:
the target access rule collection of this policy.
Since:
0.3.0

setTargetAccessRules

public void setTargetAccessRules(TargetAccessRuleBeanCollection targetAccessRules)
Description copied from interface: PolicyBean
Sets the target access rule collection of this policy.

Specified by:
setTargetAccessRules in interface PolicyBean
Parameters:
targetAccessRules - the new target access rule collection of this policy.
Since:
0.3.0

getRoleHierarchies

public RoleHierarchyBeanCollection getRoleHierarchies()
Description copied from interface: PolicyBean
Returns the role hierarchy collection of this policy.

Specified by:
getRoleHierarchies in interface PolicyBean
Returns:
the role hierarchy collection of this policy.
Since:
0.3.0

setRoleHierarchies

public void setRoleHierarchies(RoleHierarchyBeanCollection roleHierarchies)
Description copied from interface: PolicyBean
Sets the role hierarchy collection of this policy.

Specified by:
setRoleHierarchies in interface PolicyBean
Parameters:
roleHierarchies - the new role hierarchy collection of this policy.
Since:
0.3.0

getPartsList

public <M extends PartBean> List<M> getPartsList(Class<M> type)
Returns all parts of given type, unique by serial number.

Specified by:
getPartsList in interface PolicyBean
Since:
0.1.0

getRoleRefList

public List<Role> getRoleRefList()
Returns all rolerefs.

Specified by:
getRoleRefList in interface PolicyBean
Since:
0.3.0

getParentTargetAccessRules

public List<TargetAccessRuleBean> getParentTargetAccessRules(TargetBean searchPart)
Returns the PartBean's containing the given part.

Specified by:
getParentTargetAccessRules in interface PolicyBean
Returns:
list of found parts in the policy
Since:
0.1.0

getParentTargetAccessRules

public List<TargetAccessRuleBean> getParentTargetAccessRules(ObligationBean searchPart)
Returns the PartBean's containing the given part.

Specified by:
getParentTargetAccessRules in interface PolicyBean
Returns:
list of found parts in the policy
Since:
0.3.0

getParentTargetAccessRules

public List<TargetAccessRuleBean> getParentTargetAccessRules(Role searchRule)
Returns the PartBean's containing the given part.

Specified by:
getParentTargetAccessRules in interface PolicyBean
Parameters:
searchRule - the role for which to return the rules that contain it.
Returns:
list of found parts in the policy
Since:
0.1.0

getParentRoleHierarchies

public List<RoleHierarchyBean> getParentRoleHierarchies(Role role)
Returns the PartBean's containing the given part.

Returns:
list of found parts in the policy
Since:
0.3.0

getParentTargets

public List<TargetBean> getParentTargets(ActionBean searchPart)
Returns the PartBean's containing the given part.

Specified by:
getParentTargets in interface PolicyBean
Returns:
list of found parts in the policy
Since:
0.1.0

getParentTargets

public List<TargetBean> getParentTargets(DomainBean searchPart)
Returns the PartBean's containing the given part.

Specified by:
getParentTargets in interface PolicyBean
Returns:
list of found parts in the policy
Since:
0.1.0

getResourceDomains

public List<DomainBean> getResourceDomains()
Returns all resource domains.

Specified by:
getResourceDomains in interface PolicyBean
Returns:
all resource domains.
Since:
0.3.0

getSubjectDomains

public List<DomainBean> getSubjectDomains()
Returns all subject domains.

Specified by:
getSubjectDomains in interface PolicyBean
Returns:
all subject domains.
Since:
0.3.0

getParentRoleAssignmentRules

public List<RoleAssignmentRuleBean> getParentRoleAssignmentRules(DomainBean searchPart)
Returns the PartBean's containing the given part.

Specified by:
getParentRoleAssignmentRules in interface PolicyBean
Returns:
list of found parts in the policy
Since:
0.3.0

isPartValid

public boolean isPartValid(PartProblemReporter reporter)
Description copied from class: BasicPart
Checks if the extended state of this part is valid.

Overrides:
isPartValid in class BasicPart
Parameters:
reporter - the problem reporter to use, may be null.
See Also:
BasicPart, Part.isValid(PartProblemReporter), BasicPart.reportProblem(org.openpermis.policy.PartProblemReporter, org.openpermis.policy.PartProblemReporter.ProblemMessage, java.lang.Object...)
Since:
0.1.0

comparablePart

protected boolean comparablePart(BasicPart part)
Description copied from class: BasicPart
Check if the part specified is comparable to this part.

Specified by:
comparablePart in class BasicPart
Parameters:
part - the part to check.
Returns:
true if the part supplied is comparable to this part.
See Also:
BasicPart
Since:
0.1.0

equalPart

protected boolean equalPart(BasicPart part)
Description copied from class: BasicPart
Compares another part to this part.

Overrides:
equalPart in class BasicPart
Parameters:
part - the part to compare to this part.
Returns:
true if the part supplied is considered equivalent to this part.
See Also:
BasicUtilities.equalObjects(Object, Object), BasicPart
Since:
0.1.0

partHashCode

protected int partHashCode()
Description copied from class: BasicPart
Returns the hash code of the extended part state.

Overrides:
partHashCode in class BasicPart
Returns:
the hash code of the extended part state.
See Also:
BasicPart, BasicUtilities.multiHashCode(int...)
Since:
0.1.0

getSimpleClassName

protected String getSimpleClassName()
Description copied from class: BasicPart
Returns the simple implementation class name of this class.

If your implementation represents an interface implementation return the interface simple class name here. In short: return the instance you are checking against in BasicPart.comparablePart(BasicPart).

Overrides:
getSimpleClassName in class BasicPart
Returns:
the simple implementation class name of this class.
Since:
0.1.0

appendPartDetails

protected void appendPartDetails(StringBuilder sb)
Description copied from class: BasicPart
Appends the details of this extended part for the string representation of this part.

Overrides:
appendPartDetails in class BasicPart
Parameters:
sb - the string builder to add the details to.
See Also:
BasicPart, BasicPart.appendDetails(StringBuilder, String, Object)
Since:
0.1.0

findBySerialNumber

public PartBean findBySerialNumber(SerialNumber partSerialNumber)
Description copied from class: BasicPartBean
Returns the part bean corresponding to the specified serial number.

If the part bean contains other part beans, it searches its child beans recursively.

The basic implementation returns this bean if its serial number matches the one passed in or null if not. Subclasses that contain other parts must traverse their children.

Specified by:
findBySerialNumber in interface PartBean
Overrides:
findBySerialNumber in class BasicPartBean
Parameters:
partSerialNumber - the SerialNumber of the part bean to return.
Returns:
the matching PartBean or null if no matching part bean is found.
Since:
0.1.0


PERMIS Role Based Access Control 0.4.0 (Build 15)
2009/05/20 08:14:59
Copyright (c) 2002-2007 Ergon Informatik AG