Back to index

nordugrid-arc-nox  1.1.0~rc6
Public Member Functions | Static Public Member Functions | Protected Member Functions | Private Member Functions | Private Attributes | Static Private Attributes | Friends
ArcSec::XACMLEvaluator Class Reference

Execute the policy evaluation, based on the request and policy. More...

#include <XACMLEvaluator.h>

Inheritance diagram for ArcSec::XACMLEvaluator:
Inheritance graph
[legend]
Collaboration diagram for ArcSec::XACMLEvaluator:
Collaboration graph
[legend]

List of all members.

Public Member Functions

 XACMLEvaluator (Arc::XMLNode *cfg)
 XACMLEvaluator (const char *cfgfile)
virtual ~XACMLEvaluator ()
virtual Responseevaluate (Request *request)
 Evaluate the request based on the policy information inside PolicyStore.
virtual Responseevaluate (const Source &request)
 Evaluates the request by using a specified source.
virtual Responseevaluate (Request *request, const Source &policy)
 Evaluate the specified request against the policy from specified source.
virtual Responseevaluate (const Source &request, const Source &policy)
 Evaluate the request from specified source against the policy from specified source.
virtual Responseevaluate (Request *request, Policy *policyobj)
 Evaluate the specified request against the specified policy.
virtual Responseevaluate (const Source &request, Policy *policyobj)
 Evaluate the request from specified source against the specified policy.
virtual AttributeFactorygetAttrFactory ()
 Get the AttributeFactory object.
virtual FnFactorygetFnFactory ()
 Get the FnFactory object.
virtual AlgFactorygetAlgFactory ()
 Get the AlgFactory object.
virtual void addPolicy (const Source &policy, const std::string &id="")
 Add policy from specified source to the evaluator.
virtual void addPolicy (Policy *policy, const std::string &id="")
 Add policy to the evaluator.
virtual void removePolicies (void)
virtual void setCombiningAlg (EvaluatorCombiningAlg alg)
 Specifies one of simple combining algorithms.
virtual void setCombiningAlg (CombiningAlg *alg)
 Specifies loadable combining algorithms.
virtual const char * getName (void) const
 Get the name of this evaluator.

Static Public Member Functions

static Arc::Pluginget_evaluator (Arc::PluginArgument *arg)

Protected Member Functions

virtual Responseevaluate (EvaluationCtx *ctx)
 Evaluate the request by using the EvaluationCtx object (which includes the information about request).

Private Member Functions

virtual void parsecfg (Arc::XMLNode &cfg)
 Parse the configuration, and dynamically create PolicyStore, AttributeFactory, FnFactory and AlgFactoryy.
virtual Requestmake_reqobj (Arc::XMLNode &reqnode)

Private Attributes

PolicyStoreplstore
FnFactoryfnfactory
AttributeFactoryattrfactory
AlgFactoryalgfactory
EvaluatorContextcontext
Arc::XMLNodem_cfg
std::string request_classname
EvaluatorCombiningAlg combining_alg
CombiningAlgcombining_alg_ex

Static Private Attributes

static Arc::Logger logger

Friends

class EvaluatorContext

Detailed Description

Execute the policy evaluation, based on the request and policy.

Definition at line 20 of file XACMLEvaluator.h.


Constructor & Destructor Documentation

Definition at line 124 of file XACMLEvaluator.cpp.

                                              : Evaluator(cfg), m_cfg(cfg) {
  plstore = NULL;;
  fnfactory = NULL;
  attrfactory = NULL;
  algfactory = NULL;
  combining_alg = EvaluatorFailsOnDeny;
  combining_alg_ex = NULL;
  context = NULL;

  parsecfg(*m_cfg);
}

Here is the call graph for this function:

Here is the caller graph for this function:

XACMLEvaluator::XACMLEvaluator ( const char *  cfgfile)

Definition at line 136 of file XACMLEvaluator.cpp.

                                                   : Evaluator(cfgfile){
  combining_alg = EvaluatorFailsOnDeny;
  combining_alg_ex = NULL;
  std::string str;
  std::string xml_str = "";
  std::ifstream f(cfgfile);
  while (f >> str) {
    xml_str.append(str);
    xml_str.append(" ");
  }
  f.close();

  Arc::XMLNode node(xml_str);
  parsecfg(node); 
}

Here is the call graph for this function:

Definition at line 289 of file XACMLEvaluator.cpp.

                               {
  //TODO delete all the object
  if(plstore)
    delete plstore;
  if(context)
    delete context;
  if(fnfactory)
    delete fnfactory;
  if(attrfactory)
    delete attrfactory;
  if(algfactory)
    delete algfactory;
}

Member Function Documentation

virtual void ArcSec::XACMLEvaluator::addPolicy ( const Source policy,
const std::string &  id = "" 
) [inline, virtual]

Add policy from specified source to the evaluator.

Policy will be marked with id.

Implements ArcSec::Evaluator.

Definition at line 56 of file XACMLEvaluator.h.

                                                                        {
    plstore->addPolicy(policy, context, id);
  };

Here is the call graph for this function:

virtual void ArcSec::XACMLEvaluator::addPolicy ( Policy policy,
const std::string &  id = "" 
) [inline, virtual]

Add policy to the evaluator.

Policy will be marked with id. The policy object is taken over by this instance and will be destroyed in destructor.

Implements ArcSec::Evaluator.

Definition at line 60 of file XACMLEvaluator.h.

                                                                  {
    plstore->addPolicy(policy, context, id);
  };

Here is the call graph for this function:

Response * XACMLEvaluator::evaluate ( Request request) [virtual]

Evaluate the request based on the policy information inside PolicyStore.

Implements ArcSec::Evaluator.

Definition at line 177 of file XACMLEvaluator.cpp.

                                                  {
  Request* req = request;
  req->setAttributeFactory(attrfactory);
  //req->make_request();

  EvaluationCtx * evalctx = NULL;
  evalctx =  new XACMLEvaluationCtx(req);

  //evaluate the request based on policy
  if(evalctx)
    return evaluate(evalctx);
  return NULL;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Response * XACMLEvaluator::evaluate ( const Source request) [virtual]

Evaluates the request by using a specified source.

Implements ArcSec::Evaluator.

Definition at line 192 of file XACMLEvaluator.cpp.

                                                   {
  //0.Prepare request for evaluation
  Arc::XMLNode node = req.Get();
  NS ns;
  ns["ra"]="http://www.nordugrid.org/schemas/request-arc";
  node.Namespaces(ns);

  //1.Create the request object according to the configuration
  Request* request = NULL;
  request = make_reqobj(node);
  
  //2.Pre-process the Request object
  request->setAttributeFactory(attrfactory);
  //request->make_request();
  
  EvaluationCtx * evalctx = NULL;
  evalctx =  new XACMLEvaluationCtx(request);
  
  //3.evaluate the request based on policy
  Response* resp = NULL;
  if(evalctx)
    resp = evaluate(evalctx);
  if(request)
    delete request;

  return resp;
}

Here is the call graph for this function:

Response * XACMLEvaluator::evaluate ( Request request,
const Source policy 
) [virtual]

Evaluate the specified request against the policy from specified source.

In some implementations all of the existing policies inside the evaluator may be destroyed by this method.

Implements ArcSec::Evaluator.

Definition at line 253 of file XACMLEvaluator.cpp.

                                                                         {
  plstore->removePolicies();
  plstore->addPolicy(policy, context, "");
  Response* resp = evaluate(request);
  plstore->removePolicies();
  return resp;
}

Here is the call graph for this function:

Response * XACMLEvaluator::evaluate ( const Source request,
const Source policy 
) [virtual]

Evaluate the request from specified source against the policy from specified source.

In some implementations all of the existing policie inside the evaluator may be destroyed by this method.

Implements ArcSec::Evaluator.

Definition at line 261 of file XACMLEvaluator.cpp.

                                                                              {
  plstore->removePolicies();
  plstore->addPolicy(policy, context, "");
  Response* resp = evaluate(request);
  plstore->removePolicies();
  return resp;
}

Here is the call graph for this function:

Response * XACMLEvaluator::evaluate ( Request request,
Policy policyobj 
) [virtual]

Evaluate the specified request against the specified policy.

In some implementations all of the existing policy inside the evaluator may be destroyed by this method.

Implements ArcSec::Evaluator.

Definition at line 269 of file XACMLEvaluator.cpp.

                                                                      {
  plstore->removePolicies();
  plstore->addPolicy(policyobj, context, "");
  Response* resp = evaluate(request);
  plstore->releasePolicies();
  return resp;
}

Here is the call graph for this function:

Response * XACMLEvaluator::evaluate ( const Source request,
Policy policyobj 
) [virtual]

Evaluate the request from specified source against the specified policy.

In some implementations all of the existing policie inside the evaluator may be destroyed by this method.

Implements ArcSec::Evaluator.

Definition at line 277 of file XACMLEvaluator.cpp.

                                                                           {
  plstore->removePolicies();
  plstore->addPolicy(policyobj, context, "");
  Response* resp = evaluate(request);
  plstore->releasePolicies();
  return resp;
}

Here is the call graph for this function:

Response * XACMLEvaluator::evaluate ( EvaluationCtx ctx) [protected, virtual]

Evaluate the request by using the EvaluationCtx object (which includes the information about request).

The ctx is destroyed inside this method (why?!?!?).

Implements ArcSec::Evaluator.

Definition at line 220 of file XACMLEvaluator.cpp.

                                                        {
  //Split request into <subject, action, object, environment> tuples
  XACMLEvaluationCtx* ctx = dynamic_cast<XACMLEvaluationCtx*>(evl_ctx);
  
  std::list<PolicyStore::PolicyElement> policies;
  std::list<PolicyStore::PolicyElement>::iterator policyit;

  Response* resp = new Response();

  policies = plstore->findPolicy(ctx);
  std::list<PolicyStore::PolicyElement> permitset;
  
  //Combining algorithm should be present if there are mutiple <Policy/>
  std::list<Policy*> plist;
  // Preparing list of policies to evaluate
  for(policyit = policies.begin(); policyit != policies.end(); policyit++){
    plist.push_back((Policy*)(*policyit));
  };
  Result result;
  if(plist.size() == 1)
    result = ((Policy*)(*(policies.begin())))->eval(ctx);
  else
    result = combining_alg_ex->combine(ctx,plist);

  ResponseItem* item = new ResponseItem;
  item->res = result;
  resp->addResponseItem(item);

  if(ctx)
    delete ctx; 
  return resp;
}

Here is the call graph for this function:

Definition at line 16 of file XACMLEvaluator.cpp.

                                                                     {
    Arc::ClassLoaderPluginArgument* clarg =
            arg?dynamic_cast<Arc::ClassLoaderPluginArgument*>(arg):NULL;
    if(!clarg) return NULL;
    return new ArcSec::XACMLEvaluator((Arc::XMLNode*)(*clarg));
}

Here is the call graph for this function:

virtual AlgFactory* ArcSec::XACMLEvaluator::getAlgFactory ( ) [inline, virtual]

Get the AlgFactory object.

Implements ArcSec::Evaluator.

Definition at line 54 of file XACMLEvaluator.h.

{ return algfactory; };

Get the AttributeFactory object.

Implements ArcSec::Evaluator.

Definition at line 52 of file XACMLEvaluator.h.

{ return attrfactory;};
virtual FnFactory* ArcSec::XACMLEvaluator::getFnFactory ( ) [inline, virtual]

Get the FnFactory object.

Implements ArcSec::Evaluator.

Definition at line 53 of file XACMLEvaluator.h.

{ return fnfactory; };
const char * XACMLEvaluator::getName ( void  ) const [virtual]

Get the name of this evaluator.

Implements ArcSec::Evaluator.

Definition at line 285 of file XACMLEvaluator.cpp.

                                              {
  return "xacml.evaluator";
}
Request * XACMLEvaluator::make_reqobj ( Arc::XMLNode reqnode) [private, virtual]

Definition at line 160 of file XACMLEvaluator.cpp.

                                                    {
  Request* request = NULL;
  std::string requestor;

  Arc::ClassLoader* classloader = NULL;
  //Since the configuration information for loader has been got before (when create XACMLEvaluator), 
  //it is not necessary to get once more here
  classloader = ClassLoader::getClassLoader();

  //Load the Request object
  request = (ArcSec::Request*)(classloader->Instance(request_classname,&reqnode));
  if(request == NULL)
    logger.msg(Arc::ERROR, "Can not dynamically produce Request");

  return request;
}

Here is the call graph for this function:

Here is the caller graph for this function:

void XACMLEvaluator::parsecfg ( Arc::XMLNode cfg) [private, virtual]

Parse the configuration, and dynamically create PolicyStore, AttributeFactory, FnFactory and AlgFactoryy.

Implements ArcSec::Evaluator.

Definition at line 28 of file XACMLEvaluator.cpp.

                                            {
  std::string policystore, policylocation, functionfactory, attributefactory, combingalgfactory;
  XMLNode nd;

  Arc::NS nsList;
  std::list<XMLNode> res;
  nsList.insert(std::pair<std::string, std::string>("pdp","http://www.nordugrid.org/schemas/pdp/Config"));
  
  //Get the name of "PolicyStore" class
  //res = cfg.XPathLookup("//pdp:PolicyStore", nsList);
  //presently, there can be only one PolicyStore
  //if(!(res.empty())){
  //  nd = *(res.begin());
  //  policystore = (std::string)(nd.Attribute("name"));
  //  policylocation =  (std::string)(nd.Attribute("location"));
  //}
  //else if (res.empty()){ 
  //  logger.msg(ERROR, "No any policy exists, the policy engine can not be loaded");
  //  exit(1);
  //}

  //Get the name of "FunctionFactory" class
  res = cfg.XPathLookup("//pdp:FunctionFactory", nsList);
  if(!(res.empty())){
    nd = *(res.begin());
    functionfactory = (std::string)(nd.Attribute("name"));
  } 
  else { logger.msg(ERROR, "Can not parse classname for FunctionFactory from configuration"); return;}
          
  //Get the name of "AttributeFactory" class
  res = cfg.XPathLookup("//pdp:AttributeFactory", nsList);
  if(!(res.empty())){
    nd = *(res.begin());
    attributefactory = (std::string)(nd.Attribute("name"));
  }  
  else { logger.msg(ERROR, "Can not parse classname for AttributeFactory from configuration"); return;}

  //Get the name of "CombiningAlgorithmFactory" class
  res = cfg.XPathLookup("//pdp:CombingAlgorithmFactory", nsList);
  if(!(res.empty())){
    nd = *(res.begin());
    combingalgfactory = (std::string)(nd.Attribute("name"));
  }
  else { logger.msg(ERROR, "Can not parse classname for CombiningAlgorithmFactory from configuration"); return;}

  //Get the name of the "Request" class
  res = m_cfg->XPathLookup("//pdp:Request", nsList);
  if(!(res.empty())){
    nd = *(res.begin());
    request_classname = (std::string)(nd.Attribute("name"));
  }
  else { logger.msg(ERROR, "Can not parse classname for Request from configuration"); return;}

  //Get the name of the "Policy" class
  std::string policy_classname;
  res = m_cfg->XPathLookup("//pdp:Policy", nsList);
  if(!(res.empty())){
    nd = *(res.begin());
    policy_classname = (std::string)(nd.Attribute("name"));
  }
  else { logger.msg(ERROR, "Can not parse classname for Policy from configuration"); return;}

  //Get the ClassLoader object; The object which loads this XACMLEvaluator should have 
  //constructed ClassLoader by using ClassLoader(cfg), and putting the configuration 
  //information into it; meanwhile ClassLoader is designed as a Singleton, so here 
  //we don't need to intialte ClassLoader by using ClassLoader(cfg);
  ClassLoader* classloader;
  classloader=ClassLoader::getClassLoader();

  attrfactory=NULL;
  attrfactory = (AttributeFactory*)(classloader->Instance(attributefactory));
  if(attrfactory == NULL)
    logger.msg(ERROR, "Can not dynamically produce AttributeFactory");

  fnfactory=NULL;
  fnfactory = (FnFactory*)(classloader->Instance(functionfactory));
  if(fnfactory == NULL)
    logger.msg(ERROR, "Can not dynamically produce FnFactory");

  algfactory=NULL;
  algfactory = (AlgFactory*)(classloader->Instance(combingalgfactory));
  if(algfactory == NULL)
    logger.msg(ERROR, "Can not dynamically produce AlgFacroty");

  //Create the EvaluatorContext for the usage of creating Policy
  context = new EvaluatorContext(this);

  std::string alg("Permit-Overrides");
  //std::list<std::string> filelist;
  //filelist.push_back(policylocation);
  //plstore = new PolicyStore(filelist, alg, policy_classname, context);
  plstore = new PolicyStore(alg, policy_classname, context);
  if(plstore == NULL)
    logger.msg(ERROR, "Can not create PolicyStore object");
}

Here is the call graph for this function:

Here is the caller graph for this function:

virtual void ArcSec::XACMLEvaluator::removePolicies ( void  ) [inline, virtual]

Definition at line 64 of file XACMLEvaluator.h.

Here is the call graph for this function:

Specifies one of simple combining algorithms.

In case of multiple policies their results will be combined using this algorithm.

Implements ArcSec::Evaluator.

Definition at line 152 of file XACMLEvaluator.cpp.

                                                              {
  combining_alg = alg;
}
void XACMLEvaluator::setCombiningAlg ( CombiningAlg alg) [virtual]

Specifies loadable combining algorithms.

In case of multiple policies their results will be combined using this algorithm. To switch to simple algorithm specify NULL argument.

Implements ArcSec::Evaluator.

Definition at line 156 of file XACMLEvaluator.cpp.

                                                      {
  combining_alg_ex = alg;
}

Friends And Related Function Documentation

friend class EvaluatorContext [friend]

Definition at line 21 of file XACMLEvaluator.h.


Member Data Documentation

Definition at line 27 of file XACMLEvaluator.h.

Definition at line 26 of file XACMLEvaluator.h.

Definition at line 34 of file XACMLEvaluator.h.

Definition at line 36 of file XACMLEvaluator.h.

Definition at line 29 of file XACMLEvaluator.h.

Definition at line 25 of file XACMLEvaluator.h.

Reimplemented from ArcSec::Evaluator.

Definition at line 23 of file XACMLEvaluator.h.

Definition at line 31 of file XACMLEvaluator.h.

Definition at line 24 of file XACMLEvaluator.h.

Definition at line 32 of file XACMLEvaluator.h.


The documentation for this class was generated from the following files: