summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docs/xacml/tutorial/app/pom.xml47
-rw-r--r--docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java15
-rw-r--r--docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java25
-rw-r--r--docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java75
-rw-r--r--docs/xacml/xacml-tutorial.rst56
5 files changed, 98 insertions, 120 deletions
diff --git a/docs/xacml/tutorial/app/pom.xml b/docs/xacml/tutorial/app/pom.xml
index 555f203f..bf8683a5 100644
--- a/docs/xacml/tutorial/app/pom.xml
+++ b/docs/xacml/tutorial/app/pom.xml
@@ -1,28 +1,29 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <modelVersion>4.0.0</modelVersion>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
- <groupId>org.onap.policy.tutorial</groupId>
- <artifactId>tutorial</artifactId>
- <version>0.0.1-SNAPSHOT</version>
+ <groupId>org.onap.policy.tutorial</groupId>
+ <artifactId>tutorial</artifactId>
+ <version>0.0.1-SNAPSHOT</version>
- <name>tutorial</name>
+ <name>tutorial</name>
- <properties>
- <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- </properties>
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ </properties>
- <dependencies>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <version>4.12</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.onap.policy.xacml-pdp.applications</groupId>
- <artifactId>common</artifactId>
- <version>2.1.0-SNAPSHOT</version>
- </dependency>
- </dependencies>
+ <dependencies>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.12</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.onap.policy.xacml-pdp.applications</groupId>
+ <artifactId>common</artifactId>
+ <version>2.1.0-SNAPSHOT</version>
+ </dependency>
+ </dependencies>
</project>
diff --git a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java b/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java
index 99cbdcef..24e84049 100644
--- a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java
+++ b/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java
@@ -2,15 +2,14 @@ package org.onap.policy.tutorial.tutorial;
import java.util.Arrays;
import java.util.List;
-
import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicyTypeIdentifier;
import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator;
import org.onap.policy.pdp.xacml.application.common.std.StdXacmlApplicationServiceProvider;
public class TutorialApplication extends StdXacmlApplicationServiceProvider {
-
- private final ToscaPolicyTypeIdentifier supportedPolicyType = new ToscaPolicyTypeIdentifier();
- private final TutorialTranslator translator = new TutorialTranslator();
+
+ private final ToscaPolicyTypeIdentifier supportedPolicyType = new ToscaPolicyTypeIdentifier();
+ private final TutorialTranslator translator = new TutorialTranslator();
@Override
public String applicationName() {
@@ -29,12 +28,12 @@ public class TutorialApplication extends StdXacmlApplicationServiceProvider {
@Override
public boolean canSupportPolicyType(ToscaPolicyTypeIdentifier policyTypeId) {
- return supportedPolicyType.equals(policyTypeId);
+ return supportedPolicyType.equals(policyTypeId);
}
@Override
- protected ToscaPolicyTranslator getTranslator(String type) {
- return translator;
- }
+ protected ToscaPolicyTranslator getTranslator(String type) {
+ return translator;
+ }
}
diff --git a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java b/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java
index 33442b27..1f890314 100644
--- a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java
+++ b/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java
@@ -2,14 +2,11 @@ package org.onap.policy.tutorial.tutorial;
import java.util.Map;
import java.util.Map.Entry;
-
import org.onap.policy.models.decisions.concepts.DecisionRequest;
-
import com.att.research.xacml.std.annotations.XACMLAction;
import com.att.research.xacml.std.annotations.XACMLRequest;
import com.att.research.xacml.std.annotations.XACMLResource;
import com.att.research.xacml.std.annotations.XACMLSubject;
-
import lombok.Getter;
import lombok.Setter;
import lombok.ToString;
@@ -25,7 +22,7 @@ public class TutorialRequest {
@XACMLSubject(attributeId = "urn:org:onap:onap-component", includeInResults = true)
private String onapComponent;
- @XACMLSubject(attributeId = "urn:org:onap:onap-instance", includeInResults = true)
+ @XACMLSubject(attributeId = "urn:org:onap:onap-instance", includeInResults = true)
private String onapInstance;
@XACMLAction()
@@ -41,10 +38,10 @@ public class TutorialRequest {
private String permission;
public static TutorialRequest createRequest(DecisionRequest decisionRequest) {
- //
- // Create our object
- //
- TutorialRequest request = new TutorialRequest();
+ //
+ // Create our object
+ //
+ TutorialRequest request = new TutorialRequest();
//
// Add the subject attributes
//
@@ -61,16 +58,16 @@ public class TutorialRequest {
Map<String, Object> resources = decisionRequest.getResource();
for (Entry<String, Object> entrySet : resources.entrySet()) {
if ("user".equals(entrySet.getKey())) {
- request.user = entrySet.getValue().toString();
+ request.user = entrySet.getValue().toString();
}
if ("entity".equals(entrySet.getKey())) {
- request.entity = entrySet.getValue().toString();
+ request.entity = entrySet.getValue().toString();
}
if ("permission".equals(entrySet.getKey())) {
- request.permission = entrySet.getValue().toString();
+ request.permission = entrySet.getValue().toString();
}
- }
-
- return request;
+ }
+
+ return request;
}
}
diff --git a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java b/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java
index d118aabf..80f0c68c 100644
--- a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java
+++ b/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java
@@ -2,7 +2,6 @@ package org.onap.policy.tutorial.tutorial;
import java.util.List;
import java.util.Map;
-
import org.onap.policy.models.decisions.concepts.DecisionRequest;
import org.onap.policy.models.decisions.concepts.DecisionResponse;
import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy;
@@ -10,7 +9,6 @@ import org.onap.policy.pdp.xacml.application.common.ToscaDictionary;
import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator;
import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslatorUtils;
-
import com.att.research.xacml.api.DataTypeException;
import com.att.research.xacml.api.Decision;
import com.att.research.xacml.api.Identifier;
@@ -20,7 +18,6 @@ import com.att.research.xacml.api.Result;
import com.att.research.xacml.api.XACML3;
import com.att.research.xacml.std.IdentifierImpl;
import com.att.research.xacml.std.annotations.RequestParser;
-
import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType;
@@ -29,18 +26,16 @@ import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType;
import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType;
public class TutorialTranslator implements ToscaPolicyTranslator {
-
- private static final Identifier ID_TUTORIAL_USER =
- new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-user");
- private static final Identifier ID_TUTORIAL_ENTITY =
+
+ private static final Identifier ID_TUTORIAL_USER = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-user");
+ private static final Identifier ID_TUTORIAL_ENTITY =
new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-entity");
- private static final Identifier ID_TUTORIAL_PERM =
- new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-perm");
+ private static final Identifier ID_TUTORIAL_PERM = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-perm");
- public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException {
- //
- // Here is our policy with a version and default combining algo
- //
+ public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException {
+ //
+ // Here is our policy with a version and default combining algo
+ //
PolicyType newPolicyType = new PolicyType();
newPolicyType.setPolicyId(toscaPolicy.getMetadata().get("policy-id"));
newPolicyType.setVersion(toscaPolicy.getMetadata().get("policy-version"));
@@ -59,20 +54,12 @@ public class TutorialTranslator implements ToscaPolicyTranslator {
//
// For simplicity, let's just match on the action "authorize" and the user
//
- MatchType matchAction = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
- XACML3.ID_FUNCTION_STRING_EQUAL,
- "authorize",
- XACML3.ID_DATATYPE_STRING,
- XACML3.ID_ACTION,
- XACML3.ID_ATTRIBUTE_CATEGORY_ACTION);
+ MatchType matchAction = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(XACML3.ID_FUNCTION_STRING_EQUAL,
+ "authorize", XACML3.ID_DATATYPE_STRING, XACML3.ID_ACTION, XACML3.ID_ATTRIBUTE_CATEGORY_ACTION);
Map<String, Object> props = toscaPolicy.getProperties();
String user = props.get("user").toString();
- MatchType matchUser = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
- XACML3.ID_FUNCTION_STRING_EQUAL,
- user,
- XACML3.ID_DATATYPE_STRING,
- ID_TUTORIAL_USER,
- XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
+ MatchType matchUser = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(XACML3.ID_FUNCTION_STRING_EQUAL, user,
+ XACML3.ID_DATATYPE_STRING, ID_TUTORIAL_USER, XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
AnyOfType anyOf = new AnyOfType();
//
// Create AllOf (AND) of just Policy Id
@@ -86,47 +73,41 @@ public class TutorialTranslator implements ToscaPolicyTranslator {
// Now add the rule for each permission
//
List<Object> permissions = (List<Object>) props.get("permissions");
- for (Object permission : permissions) {
-
- MatchType matchEntity = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
- XACML3.ID_FUNCTION_STRING_EQUAL,
- ((Map<String, String>) permission).get("entity"),
- XACML3.ID_DATATYPE_STRING,
- ID_TUTORIAL_ENTITY,
+ for (Object permission : permissions) {
+
+ MatchType matchEntity = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(XACML3.ID_FUNCTION_STRING_EQUAL,
+ ((Map<String, String>) permission).get("entity"), XACML3.ID_DATATYPE_STRING, ID_TUTORIAL_ENTITY,
XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
-
+
MatchType matchPermission = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
- XACML3.ID_FUNCTION_STRING_EQUAL,
- ((Map<String, String>) permission).get("permission"),
- XACML3.ID_DATATYPE_STRING,
- ID_TUTORIAL_PERM,
- XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
+ XACML3.ID_FUNCTION_STRING_EQUAL, ((Map<String, String>) permission).get("permission"),
+ XACML3.ID_DATATYPE_STRING, ID_TUTORIAL_PERM, XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
anyOf = new AnyOfType();
anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchEntity));
anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchPermission));
target = new TargetType();
target.getAnyOf().add(anyOf);
-
+
RuleType rule = new RuleType();
rule.setDescription("Default is to PERMIT if the policy matches.");
rule.setRuleId(newPolicyType.getPolicyId() + ":rule");
rule.setEffect(EffectType.PERMIT);
rule.setTarget(target);
-
+
newPolicyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
}
- return newPolicyType;
- }
+ return newPolicyType;
+ }
- public Request convertRequest(DecisionRequest request) {
+ public Request convertRequest(DecisionRequest request) {
try {
return RequestParser.parseRequest(TutorialRequest.createRequest(request));
} catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) {
}
- return null;
- }
+ return null;
+ }
- public DecisionResponse convertResponse(Response xacmlResponse) {
+ public DecisionResponse convertResponse(Response xacmlResponse) {
DecisionResponse decisionResponse = new DecisionResponse();
//
// Iterate through all the results
@@ -156,6 +137,6 @@ public class TutorialTranslator implements ToscaPolicyTranslator {
}
return decisionResponse;
- }
+ }
}
diff --git a/docs/xacml/xacml-tutorial.rst b/docs/xacml/xacml-tutorial.rst
index 72271adb..2a1d4acc 100644
--- a/docs/xacml/xacml-tutorial.rst
+++ b/docs/xacml/xacml-tutorial.rst
@@ -24,7 +24,7 @@ for a *user* to execute a *permission* on an *entity*.
:linenos:
We would expect then to be able to create the following policies to allow the demo user to Read/Write
-a entity called foo. While the audit user can only read the entity called foo. No user has Delete
+an entity called foo, while the audit user can only read the entity called foo. Neither user has Delete
permission.
.. literalinclude:: tutorial/tutorial-policies.yaml
@@ -107,11 +107,11 @@ that needs to be implemented is providing a custom translator.
public class TutorialApplication extends StdXacmlApplicationServiceProvider {
- @Override
- protected ToscaPolicyTranslator getTranslator(String type) {
- // TODO Auto-generated method stub
- return null;
- }
+ @Override
+ protected ToscaPolicyTranslator getTranslator(String type) {
+ // TODO Auto-generated method stub
+ return null;
+ }
}
@@ -134,7 +134,7 @@ Engine can determine how to route policy types and policies to the application.
public class TutorialApplication extends StdXacmlApplicationServiceProvider {
- private final ToscaPolicyTypeIdentifier supportedPolicyType = new ToscaPolicyTypeIdentifier();
+ private final ToscaPolicyTypeIdentifier supportedPolicyType = new ToscaPolicyTypeIdentifier();
@Override
public String applicationName() {
@@ -157,10 +157,10 @@ Engine can determine how to route policy types and policies to the application.
}
@Override
- protected ToscaPolicyTranslator getTranslator(String type) {
- // TODO Auto-generated method stub
- return null;
- }
+ protected ToscaPolicyTranslator getTranslator(String type) {
+ // TODO Auto-generated method stub
+ return null;
+ }
}
@@ -191,20 +191,20 @@ requests/response objects the XACML engine understands.
public class TutorialTranslator implements ToscaPolicyTranslator {
- public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException {
- // TODO Auto-generated method stub
- return null;
- }
+ public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException {
+ // TODO Auto-generated method stub
+ return null;
+ }
- public Request convertRequest(DecisionRequest request) {
- // TODO Auto-generated method stub
- return null;
- }
+ public Request convertRequest(DecisionRequest request) {
+ // TODO Auto-generated method stub
+ return null;
+ }
- public DecisionResponse convertResponse(Response xacmlResponse) {
- // TODO Auto-generated method stub
- return null;
- }
+ public DecisionResponse convertResponse(Response xacmlResponse) {
+ // TODO Auto-generated method stub
+ return null;
+ }
}
@@ -250,8 +250,8 @@ a policy when a new policy is deployed to the ONAP XACML PDP Engine.
public class TutorialApplication extends StdXacmlApplicationServiceProvider {
- private final ToscaPolicyTypeIdentifier supportedPolicyType = new ToscaPolicyTypeIdentifier();
- private final TutorialTranslator translator = new TutorialTranslator();
+ private final ToscaPolicyTypeIdentifier supportedPolicyType = new ToscaPolicyTypeIdentifier();
+ private final TutorialTranslator translator = new TutorialTranslator();
@Override
public String applicationName() {
@@ -274,9 +274,9 @@ a policy when a new policy is deployed to the ONAP XACML PDP Engine.
}
@Override
- protected ToscaPolicyTranslator getTranslator(String type) {
- return translator;
- }
+ protected ToscaPolicyTranslator getTranslator(String type) {
+ return translator;
+ }
}