diff options
5 files changed, 98 insertions, 120 deletions
diff --git a/docs/xacml/tutorial/app/pom.xml b/docs/xacml/tutorial/app/pom.xml index 555f203f..bf8683a5 100644 --- a/docs/xacml/tutorial/app/pom.xml +++ b/docs/xacml/tutorial/app/pom.xml @@ -1,28 +1,29 @@ -<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> - <modelVersion>4.0.0</modelVersion> +<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> - <groupId>org.onap.policy.tutorial</groupId> - <artifactId>tutorial</artifactId> - <version>0.0.1-SNAPSHOT</version> + <groupId>org.onap.policy.tutorial</groupId> + <artifactId>tutorial</artifactId> + <version>0.0.1-SNAPSHOT</version> - <name>tutorial</name> + <name>tutorial</name> - <properties> - <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> - </properties> + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + </properties> - <dependencies> - <dependency> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - <version>4.12</version> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.onap.policy.xacml-pdp.applications</groupId> - <artifactId>common</artifactId> - <version>2.1.0-SNAPSHOT</version> - </dependency> - </dependencies> + <dependencies> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <version>4.12</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.onap.policy.xacml-pdp.applications</groupId> + <artifactId>common</artifactId> + <version>2.1.0-SNAPSHOT</version> + </dependency> + </dependencies> </project> diff --git a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java b/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java index 99cbdcef..24e84049 100644 --- a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java +++ b/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java @@ -2,15 +2,14 @@ package org.onap.policy.tutorial.tutorial; import java.util.Arrays; import java.util.List; - import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicyTypeIdentifier; import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator; import org.onap.policy.pdp.xacml.application.common.std.StdXacmlApplicationServiceProvider; public class TutorialApplication extends StdXacmlApplicationServiceProvider { - - private final ToscaPolicyTypeIdentifier supportedPolicyType = new ToscaPolicyTypeIdentifier(); - private final TutorialTranslator translator = new TutorialTranslator(); + + private final ToscaPolicyTypeIdentifier supportedPolicyType = new ToscaPolicyTypeIdentifier(); + private final TutorialTranslator translator = new TutorialTranslator(); @Override public String applicationName() { @@ -29,12 +28,12 @@ public class TutorialApplication extends StdXacmlApplicationServiceProvider { @Override public boolean canSupportPolicyType(ToscaPolicyTypeIdentifier policyTypeId) { - return supportedPolicyType.equals(policyTypeId); + return supportedPolicyType.equals(policyTypeId); } @Override - protected ToscaPolicyTranslator getTranslator(String type) { - return translator; - } + protected ToscaPolicyTranslator getTranslator(String type) { + return translator; + } } diff --git a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java b/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java index 33442b27..1f890314 100644 --- a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java +++ b/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java @@ -2,14 +2,11 @@ package org.onap.policy.tutorial.tutorial; import java.util.Map; import java.util.Map.Entry; - import org.onap.policy.models.decisions.concepts.DecisionRequest; - import com.att.research.xacml.std.annotations.XACMLAction; import com.att.research.xacml.std.annotations.XACMLRequest; import com.att.research.xacml.std.annotations.XACMLResource; import com.att.research.xacml.std.annotations.XACMLSubject; - import lombok.Getter; import lombok.Setter; import lombok.ToString; @@ -25,7 +22,7 @@ public class TutorialRequest { @XACMLSubject(attributeId = "urn:org:onap:onap-component", includeInResults = true) private String onapComponent; - @XACMLSubject(attributeId = "urn:org:onap:onap-instance", includeInResults = true) + @XACMLSubject(attributeId = "urn:org:onap:onap-instance", includeInResults = true) private String onapInstance; @XACMLAction() @@ -41,10 +38,10 @@ public class TutorialRequest { private String permission; public static TutorialRequest createRequest(DecisionRequest decisionRequest) { - // - // Create our object - // - TutorialRequest request = new TutorialRequest(); + // + // Create our object + // + TutorialRequest request = new TutorialRequest(); // // Add the subject attributes // @@ -61,16 +58,16 @@ public class TutorialRequest { Map<String, Object> resources = decisionRequest.getResource(); for (Entry<String, Object> entrySet : resources.entrySet()) { if ("user".equals(entrySet.getKey())) { - request.user = entrySet.getValue().toString(); + request.user = entrySet.getValue().toString(); } if ("entity".equals(entrySet.getKey())) { - request.entity = entrySet.getValue().toString(); + request.entity = entrySet.getValue().toString(); } if ("permission".equals(entrySet.getKey())) { - request.permission = entrySet.getValue().toString(); + request.permission = entrySet.getValue().toString(); } - } - - return request; + } + + return request; } } diff --git a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java b/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java index d118aabf..80f0c68c 100644 --- a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java +++ b/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java @@ -2,7 +2,6 @@ package org.onap.policy.tutorial.tutorial; import java.util.List; import java.util.Map; - import org.onap.policy.models.decisions.concepts.DecisionRequest; import org.onap.policy.models.decisions.concepts.DecisionResponse; import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy; @@ -10,7 +9,6 @@ import org.onap.policy.pdp.xacml.application.common.ToscaDictionary; import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException; import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator; import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslatorUtils; - import com.att.research.xacml.api.DataTypeException; import com.att.research.xacml.api.Decision; import com.att.research.xacml.api.Identifier; @@ -20,7 +18,6 @@ import com.att.research.xacml.api.Result; import com.att.research.xacml.api.XACML3; import com.att.research.xacml.std.IdentifierImpl; import com.att.research.xacml.std.annotations.RequestParser; - import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType; import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType; import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType; @@ -29,18 +26,16 @@ import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType; import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType; public class TutorialTranslator implements ToscaPolicyTranslator { - - private static final Identifier ID_TUTORIAL_USER = - new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-user"); - private static final Identifier ID_TUTORIAL_ENTITY = + + private static final Identifier ID_TUTORIAL_USER = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-user"); + private static final Identifier ID_TUTORIAL_ENTITY = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-entity"); - private static final Identifier ID_TUTORIAL_PERM = - new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-perm"); + private static final Identifier ID_TUTORIAL_PERM = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-perm"); - public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException { - // - // Here is our policy with a version and default combining algo - // + public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException { + // + // Here is our policy with a version and default combining algo + // PolicyType newPolicyType = new PolicyType(); newPolicyType.setPolicyId(toscaPolicy.getMetadata().get("policy-id")); newPolicyType.setVersion(toscaPolicy.getMetadata().get("policy-version")); @@ -59,20 +54,12 @@ public class TutorialTranslator implements ToscaPolicyTranslator { // // For simplicity, let's just match on the action "authorize" and the user // - MatchType matchAction = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator( - XACML3.ID_FUNCTION_STRING_EQUAL, - "authorize", - XACML3.ID_DATATYPE_STRING, - XACML3.ID_ACTION, - XACML3.ID_ATTRIBUTE_CATEGORY_ACTION); + MatchType matchAction = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(XACML3.ID_FUNCTION_STRING_EQUAL, + "authorize", XACML3.ID_DATATYPE_STRING, XACML3.ID_ACTION, XACML3.ID_ATTRIBUTE_CATEGORY_ACTION); Map<String, Object> props = toscaPolicy.getProperties(); String user = props.get("user").toString(); - MatchType matchUser = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator( - XACML3.ID_FUNCTION_STRING_EQUAL, - user, - XACML3.ID_DATATYPE_STRING, - ID_TUTORIAL_USER, - XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE); + MatchType matchUser = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(XACML3.ID_FUNCTION_STRING_EQUAL, user, + XACML3.ID_DATATYPE_STRING, ID_TUTORIAL_USER, XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE); AnyOfType anyOf = new AnyOfType(); // // Create AllOf (AND) of just Policy Id @@ -86,47 +73,41 @@ public class TutorialTranslator implements ToscaPolicyTranslator { // Now add the rule for each permission // List<Object> permissions = (List<Object>) props.get("permissions"); - for (Object permission : permissions) { - - MatchType matchEntity = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator( - XACML3.ID_FUNCTION_STRING_EQUAL, - ((Map<String, String>) permission).get("entity"), - XACML3.ID_DATATYPE_STRING, - ID_TUTORIAL_ENTITY, + for (Object permission : permissions) { + + MatchType matchEntity = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(XACML3.ID_FUNCTION_STRING_EQUAL, + ((Map<String, String>) permission).get("entity"), XACML3.ID_DATATYPE_STRING, ID_TUTORIAL_ENTITY, XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE); - + MatchType matchPermission = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator( - XACML3.ID_FUNCTION_STRING_EQUAL, - ((Map<String, String>) permission).get("permission"), - XACML3.ID_DATATYPE_STRING, - ID_TUTORIAL_PERM, - XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE); + XACML3.ID_FUNCTION_STRING_EQUAL, ((Map<String, String>) permission).get("permission"), + XACML3.ID_DATATYPE_STRING, ID_TUTORIAL_PERM, XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE); anyOf = new AnyOfType(); anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchEntity)); anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchPermission)); target = new TargetType(); target.getAnyOf().add(anyOf); - + RuleType rule = new RuleType(); rule.setDescription("Default is to PERMIT if the policy matches."); rule.setRuleId(newPolicyType.getPolicyId() + ":rule"); rule.setEffect(EffectType.PERMIT); rule.setTarget(target); - + newPolicyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule); } - return newPolicyType; - } + return newPolicyType; + } - public Request convertRequest(DecisionRequest request) { + public Request convertRequest(DecisionRequest request) { try { return RequestParser.parseRequest(TutorialRequest.createRequest(request)); } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) { } - return null; - } + return null; + } - public DecisionResponse convertResponse(Response xacmlResponse) { + public DecisionResponse convertResponse(Response xacmlResponse) { DecisionResponse decisionResponse = new DecisionResponse(); // // Iterate through all the results @@ -156,6 +137,6 @@ public class TutorialTranslator implements ToscaPolicyTranslator { } return decisionResponse; - } + } } diff --git a/docs/xacml/xacml-tutorial.rst b/docs/xacml/xacml-tutorial.rst index 72271adb..2a1d4acc 100644 --- a/docs/xacml/xacml-tutorial.rst +++ b/docs/xacml/xacml-tutorial.rst @@ -24,7 +24,7 @@ for a *user* to execute a *permission* on an *entity*. :linenos: We would expect then to be able to create the following policies to allow the demo user to Read/Write -a entity called foo. While the audit user can only read the entity called foo. No user has Delete +an entity called foo, while the audit user can only read the entity called foo. Neither user has Delete permission. .. literalinclude:: tutorial/tutorial-policies.yaml @@ -107,11 +107,11 @@ that needs to be implemented is providing a custom translator. public class TutorialApplication extends StdXacmlApplicationServiceProvider { - @Override - protected ToscaPolicyTranslator getTranslator(String type) { - // TODO Auto-generated method stub - return null; - } + @Override + protected ToscaPolicyTranslator getTranslator(String type) { + // TODO Auto-generated method stub + return null; + } } @@ -134,7 +134,7 @@ Engine can determine how to route policy types and policies to the application. public class TutorialApplication extends StdXacmlApplicationServiceProvider { - private final ToscaPolicyTypeIdentifier supportedPolicyType = new ToscaPolicyTypeIdentifier(); + private final ToscaPolicyTypeIdentifier supportedPolicyType = new ToscaPolicyTypeIdentifier(); @Override public String applicationName() { @@ -157,10 +157,10 @@ Engine can determine how to route policy types and policies to the application. } @Override - protected ToscaPolicyTranslator getTranslator(String type) { - // TODO Auto-generated method stub - return null; - } + protected ToscaPolicyTranslator getTranslator(String type) { + // TODO Auto-generated method stub + return null; + } } @@ -191,20 +191,20 @@ requests/response objects the XACML engine understands. public class TutorialTranslator implements ToscaPolicyTranslator { - public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException { - // TODO Auto-generated method stub - return null; - } + public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException { + // TODO Auto-generated method stub + return null; + } - public Request convertRequest(DecisionRequest request) { - // TODO Auto-generated method stub - return null; - } + public Request convertRequest(DecisionRequest request) { + // TODO Auto-generated method stub + return null; + } - public DecisionResponse convertResponse(Response xacmlResponse) { - // TODO Auto-generated method stub - return null; - } + public DecisionResponse convertResponse(Response xacmlResponse) { + // TODO Auto-generated method stub + return null; + } } @@ -250,8 +250,8 @@ a policy when a new policy is deployed to the ONAP XACML PDP Engine. public class TutorialApplication extends StdXacmlApplicationServiceProvider { - private final ToscaPolicyTypeIdentifier supportedPolicyType = new ToscaPolicyTypeIdentifier(); - private final TutorialTranslator translator = new TutorialTranslator(); + private final ToscaPolicyTypeIdentifier supportedPolicyType = new ToscaPolicyTypeIdentifier(); + private final TutorialTranslator translator = new TutorialTranslator(); @Override public String applicationName() { @@ -274,9 +274,9 @@ a policy when a new policy is deployed to the ONAP XACML PDP Engine. } @Override - protected ToscaPolicyTranslator getTranslator(String type) { - return translator; - } + protected ToscaPolicyTranslator getTranslator(String type) { + return translator; + } } |