Back to index

nordugrid-arc-nox  1.1.0~rc6
Public Member Functions | Static Public Member Functions | Protected Attributes | Static Protected Attributes | Private Attributes
ArcSec::ArcPolicy Class Reference

ArcPolicy class to parse and operate Arc specific <Policy> node. More...

#include <ArcPolicy.h>

Inheritance diagram for ArcSec::ArcPolicy:
Inheritance graph
[legend]
Collaboration diagram for ArcSec::ArcPolicy:
Collaboration graph
[legend]

List of all members.

Public Member Functions

 ArcPolicy (void)
 Constructor.
 ArcPolicy (const Arc::XMLNode node)
 Constructor.
 ArcPolicy (const Arc::XMLNode node, EvaluatorContext *ctx)
 Constructor.
virtual ~ArcPolicy ()
virtual operator bool (void) const
 Returns true is object is valid.
virtual Result eval (EvaluationCtx *ctx)
 Evaluate policy For the <Rule> of Arc, only get the "Effect" from rules; For the <Policy> of Arc, combine the evaluation result from <Rule>; For the <Rule> of XACML, evaluate the <Condition> node by using information from request, and use the "Effect" attribute of <Rule>; For the <Policy> of XACML, combine the evaluation result from <Rule>
virtual void setEvaluatorContext (EvaluatorContext *evaluatorcontext)
 Set Evaluator Context for the usage in creating low-level policy object.
virtual void make_policy ()
 Parse XMLNode, and construct the low-level Rule object.
virtual MatchResult match (EvaluationCtx *ctx)
 Evaluate whether the two targets to be evaluated match to each other.
virtual std::string getEffect () const
 Get the "Effect" attribute.
virtual EvalResultgetEvalResult ()
 Get eveluation result.
virtual void setEvalResult (EvalResult &res)
 Set eveluation result.
const char * getEvalName () const
 Get the name of Evaluator which can evaluate this policy.
const char * getName () const
 Get the name of this policy.
virtual void addPolicy (Policy *pl)
 Add a policy element to into "this" object.

Static Public Member Functions

static Arc::Pluginget_policy (Arc::PluginArgument *arg)
 get_policy (in charge of class-loading of ArcPolicy) can only accept one type of argument--XMLNode

Protected Attributes

std::list< Policy * > subelements

Static Protected Attributes

static Arc::Logger logger

Private Attributes

std::string id
std::string version
CombiningAlgcomalg
 The combining algorithm between lower-lever element, <Rule>
std::string description
EvaluatorContextevaluatorctx
 Evaluator Context which contains factory object.
AlgFactoryalgfactory
 Algorithm factory.
EvalResult evalres
Arc::XMLNode policynode
 Corresponding <Policy> node.
Arc::XMLNode policytop
 Top element of policy tree.

Detailed Description

ArcPolicy class to parse and operate Arc specific <Policy> node.

Definition at line 14 of file ArcPolicy.h.


Constructor & Destructor Documentation

Constructor.

Definition at line 48 of file ArcPolicy.cpp.

                         : Policy(), comalg(NULL) {
  Arc::XMLNode newpolicy(policyns,"policy:Policy");
  newpolicy.New(policynode);
  policytop=policynode;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Constructor.

Definition at line 54 of file ArcPolicy.cpp.

                                       : Policy(node), comalg(NULL) {
  if((!node) || (node.Size() == 0)) {
    logger.msg(ERROR,"Policy is empty");
    return;
  }
  node.New(policynode);
  std::list<XMLNode> res = policynode.XPathLookup("//policy:Policy",policyns);
  if(res.empty()) {
    policynode.Destroy();
    return;
  }
  policytop = *(res.begin());
}

Here is the call graph for this function:

ArcPolicy::ArcPolicy ( const Arc::XMLNode  node,
EvaluatorContext ctx 
)

Constructor.

Definition at line 68 of file ArcPolicy.cpp.

                                                              : Policy(node), comalg(NULL) {
  if((!node) || (node.Size() == 0)) {
    logger.msg(WARNING,"Policy is empty");
    return;
  }
  node.New(policynode);
  std::list<XMLNode> res = policynode.XPathLookup("//policy:Policy",policyns);
  if(res.empty()) {
    policynode.Destroy();
    return;
  }
  policytop = *(res.begin());
  setEvaluatorContext(ctx); 
  make_policy();
}

Here is the call graph for this function:

ArcPolicy::~ArcPolicy ( ) [virtual]

Definition at line 161 of file ArcPolicy.cpp.

                     {
  while(!(subelements.empty())){
      delete subelements.back();
      subelements.pop_back();
  }
}

Member Function Documentation

virtual void ArcSec::Policy::addPolicy ( Policy pl) [inline, virtual, inherited]

Add a policy element to into "this" object.

Definition at line 64 of file Policy.h.

{subelements.push_back(pl);};

Evaluate policy For the <Rule> of Arc, only get the "Effect" from rules; For the <Policy> of Arc, combine the evaluation result from <Rule>; For the <Rule> of XACML, evaluate the <Condition> node by using information from request, and use the "Effect" attribute of <Rule>; For the <Policy> of XACML, combine the evaluation result from <Rule>

Implements ArcSec::Policy.

Definition at line 135 of file ArcPolicy.cpp.

                                        {
  Result result = comalg?comalg->combine(ctx, subelements):DECISION_INDETERMINATE;
  if(result == DECISION_PERMIT) evalres.effect = "Permit";
  else if(result == DECISION_DENY) evalres.effect = "Deny";
  else if(result == DECISION_INDETERMINATE) evalres.effect = "Indeterminate";
  else if(result == DECISION_NOT_APPLICABLE) evalres.effect = "Not_Applicable";

  return result;
}

Here is the call graph for this function:

get_policy (in charge of class-loading of ArcPolicy) can only accept one type of argument--XMLNode

Definition at line 18 of file ArcPolicy.cpp.

                                                             {
    //std::cout<<"Argument type of ArcPolicy:"<<typeid(arg).name()<<std::endl;
    if(arg==NULL) return NULL;
    Arc::ClassLoaderPluginArgument* clarg =
            arg?dynamic_cast<Arc::ClassLoaderPluginArgument*>(arg):NULL;
    if(!clarg) return NULL;
    // Check if empty or valid policy is supplied
    Arc::XMLNode* doc = (Arc::XMLNode*)(*clarg);
    if(doc==NULL) { 
        std::cerr<<"ArcPolicy creation requires XMLNode as argument"<<std::endl;
        return NULL;
    }
    // NOTE: Following line is not good for autodetection. Should it be removed?
    //if(!(*doc)) return new ArcSec::ArcPolicy;
    ArcSec::ArcPolicy* policy = new ArcSec::ArcPolicy(*doc);
    if((!policy) || (!(*policy))) {
      delete policy;
      return NULL;
    };
    return policy;
}

Here is the call graph for this function:

virtual std::string ArcSec::ArcPolicy::getEffect ( ) const [inline, virtual]

Get the "Effect" attribute.

Implements ArcSec::Policy.

Definition at line 38 of file ArcPolicy.h.

{ return "Not_applicable";};
const char * ArcPolicy::getEvalName ( ) const [virtual]

Get the name of Evaluator which can evaluate this policy.

Implements ArcSec::Policy.

Definition at line 153 of file ArcPolicy.cpp.

                                        {
  return "arc.evaluator";
}

Get eveluation result.

Implements ArcSec::Policy.

Definition at line 145 of file ArcPolicy.cpp.

                                     {
  return evalres;
}
const char * ArcPolicy::getName ( ) const [virtual]

Get the name of this policy.

Implements ArcSec::Policy.

Definition at line 157 of file ArcPolicy.cpp.

                                    {
  return "arc.policy";
}
void ArcPolicy::make_policy ( ) [virtual]

Parse XMLNode, and construct the low-level Rule object.

Reimplemented from ArcSec::Policy.

Definition at line 84 of file ArcPolicy.cpp.

                            {  
  //EvalResult.node record the policy(in XMLNode) information about evaluation result. 
  //According to the developer's requirement, EvalResult.node can include rules(in XMLNode) 
  //that "Permit" or "Deny" the request tuple. In the existing code, it include all 
  //the original rules.

  if(!policynode) return;
  if(!policytop) return;

  evalres.node = policynode;
  evalres.effect = "Not_applicable";

  ArcRule *rule;
  //Get AlgFactory from EvaluatorContext
  algfactory = (AlgFactory*)(*evaluatorctx); 

  XMLNode nd = policytop;
  XMLNode rnd;
  if((bool)nd){
    nd = policytop;
    id = (std::string)(nd.Attribute("PolicyId"));

    //Setup the rules' combining algorithm inside one policy, according to the "CombiningAlg" name
    if(nd.Attribute("CombiningAlg"))
      comalg = algfactory->createAlg((std::string)(nd.Attribute("CombiningAlg")));
    else comalg = algfactory->createAlg("Deny-Overrides");
    
    description = (std::string)(nd["Description"]);  
  }
  
  logger.msg(INFO, "PolicyId: %s  Alg inside this policy is:-- %s", id, comalg?(comalg->getalgId()):"");
 
  for ( int i=0;; i++ ){
    rnd = nd["Rule"][i];
    if(!rnd) break;
    rule = new ArcRule(rnd, evaluatorctx);
    subelements.push_back(rule);
  }
}

Here is the call graph for this function:

Here is the caller graph for this function:

Evaluate whether the two targets to be evaluated match to each other.

Implements ArcSec::Policy.

Definition at line 124 of file ArcPolicy.cpp.

                                          {// ctx){
  //RequestTuple* evaltuple = ctx->getEvalTuple();
  
  //Because ArcPolicy definition has no any <Subject, Resource, Action, Condition> directly;
  //All the <Subject, Resource, Action, Condition>s are only in ArcRule.
  //So the function always return "Match" 

  return MATCH;
  
}
virtual ArcSec::ArcPolicy::operator bool ( void  ) const [inline, virtual]

Returns true is object is valid.

Implements ArcSec::Policy.

Definition at line 27 of file ArcPolicy.h.

{ return (bool)policynode; };
void ArcPolicy::setEvalResult ( EvalResult res) [virtual]

Set eveluation result.

Implements ArcSec::Policy.

Definition at line 149 of file ArcPolicy.cpp.

                                            {
  evalres = res;
}
virtual void ArcSec::ArcPolicy::setEvaluatorContext ( EvaluatorContext ) [inline, virtual]

Set Evaluator Context for the usage in creating low-level policy object.

Reimplemented from ArcSec::Policy.

Definition at line 31 of file ArcPolicy.h.

{ evaluatorctx = evaluatorcontext; };

Here is the caller graph for this function:


Member Data Documentation

Algorithm factory.

Definition at line 63 of file ArcPolicy.h.

The combining algorithm between lower-lever element, <Rule>

Definition at line 56 of file ArcPolicy.h.

std::string ArcSec::ArcPolicy::description [private]

Definition at line 57 of file ArcPolicy.h.

Definition at line 65 of file ArcPolicy.h.

Evaluator Context which contains factory object.

Definition at line 60 of file ArcPolicy.h.

std::string ArcSec::ArcPolicy::id [private]

Definition at line 52 of file ArcPolicy.h.

Reimplemented from ArcSec::Policy.

Definition at line 74 of file ArcPolicy.h.

Corresponding <Policy> node.

Definition at line 68 of file ArcPolicy.h.

Top element of policy tree.

Definition at line 71 of file ArcPolicy.h.

std::list<Policy*> ArcSec::Policy::subelements [protected, inherited]

Definition at line 26 of file Policy.h.

std::string ArcSec::ArcPolicy::version [private]

Definition at line 53 of file ArcPolicy.h.


The documentation for this class was generated from the following files: