Back to index

nordugrid-arc-nox  1.1.0~rc6
Public Member Functions | Protected Attributes | Static Protected Attributes | Private Attributes
ArcSec::XACMLRule Class Reference

XACMLRule class to parse XACML specific <Rule> node. More...

#include <XACMLRule.h>

Inheritance diagram for ArcSec::XACMLRule:
Inheritance graph
[legend]
Collaboration diagram for ArcSec::XACMLRule:
Collaboration graph
[legend]

List of all members.

Public Member Functions

 XACMLRule (Arc::XMLNode &node, EvaluatorContext *ctx)
virtual std::string getEffect ()
virtual Result eval (EvaluationCtx *ctx)
 Evaluate policy For the <Rule> of Arc, only get the "Effect" from rules; For the <Policy> of Arc, combine the evaluation result from <Rule>; For the <Rule> of XACML, evaluate the <Condition> node by using information from request, and use the "Effect" attribute of <Rule>; For the <Policy> of XACML, combine the evaluation result from <Rule>
virtual MatchResult match (EvaluationCtx *ctx)
 Evaluate whether the two targets to be evaluated match to each other.
virtual ~XACMLRule ()
virtual operator bool (void) const
 Returns true is object is valid.
virtual std::string getEffect () const
 Get the "Effect" attribute.
virtual EvalResultgetEvalResult ()
 Get eveluation result.
virtual void setEvalResult (EvalResult &res)
 Set eveluation result.
const char * getEvalName () const
 Get the name of Evaluator which can evaluate this policy.
const char * getName () const
 Get the name of this policy.
virtual void addPolicy (Policy *pl)
 Add a policy element to into "this" object.
virtual void setEvaluatorContext (EvaluatorContext *)
 Set Evaluator Context for the usage in creating low-level policy object.
virtual void make_policy ()
 Parse XMLNode, and construct the low-level Rule object.

Protected Attributes

std::list< Policy * > subelements

Static Protected Attributes

static Arc::Logger logger

Private Attributes

std::string effect
std::string id
std::string version
std::string description
AttributeFactoryattrfactory
FnFactoryfnfactory
EvalResult evalres
Arc::XMLNode rulenode
XACMLTargettarget
XACMLConditioncondition

Detailed Description

XACMLRule class to parse XACML specific <Rule> node.

Definition at line 19 of file XACMLRule.h.


Constructor & Destructor Documentation

Definition at line 19 of file XACMLRule.cpp.

                                                         : Policy(node), 
  target(NULL), condition(NULL) {
  rulenode = node;
  evalres.node = node;
  evalres.effect = "Not_applicable";

  attrfactory = (AttributeFactory*)(*ctx);
  fnfactory = (FnFactory*)(*ctx);
  
  id = (std::string)(node.Attribute("RuleId"));
  description = (std::string)(node["Description"]);
  if((std::string)(node.Attribute("Effect"))=="Permit")
    effect="Permit";
  else if((std::string)(node.Attribute("Effect"))=="Deny")
    effect="Deny";
  else
    logger.msg(Arc::ERROR, "Invalid Effect");

  XMLNode targetnode = node["Target"];
  if(((bool)targetnode) && ((bool)(targetnode.Child()))) 
    target = new XACMLTarget(targetnode, ctx);

  XMLNode conditionnode = node["Condition"];
  if((bool)conditionnode) condition = new XACMLCondition(conditionnode, ctx);
}

Here is the call graph for this function:

XACMLRule::~XACMLRule ( ) [virtual]

Definition at line 92 of file XACMLRule.cpp.

                     {
  if(target != NULL) delete target;
  if(condition != NULL) delete condition;
}

Member Function Documentation

virtual void ArcSec::Policy::addPolicy ( Policy pl) [inline, virtual, inherited]

Add a policy element to into "this" object.

Definition at line 64 of file Policy.h.

{subelements.push_back(pl);};

Evaluate policy For the <Rule> of Arc, only get the "Effect" from rules; For the <Policy> of Arc, combine the evaluation result from <Rule>; For the <Rule> of XACML, evaluate the <Condition> node by using information from request, and use the "Effect" attribute of <Rule>; For the <Policy> of XACML, combine the evaluation result from <Rule>

Implements ArcSec::Policy.

Definition at line 52 of file XACMLRule.cpp.

                                        {
  Result result = DECISION_NOT_APPLICABLE;
  if(target != NULL) {
    MatchResult matchres = target->match(ctx);
    if(matchres == NO_MATCH)  return result;
    else if(matchres == INDETERMINATE) {result = DECISION_INDETERMINATE; return result;}
  }

  //evaluate the "Condition"
  bool cond_res = false;
  if(condition != NULL) {
    std::list<AttributeValue*> res_list = condition->evaluate(ctx);
    AttributeValue* attrval = *(res_list.begin()); 
    //Suppose only one "bool" attribute value in the evaluation result.
    BooleanAttribute bool_attr(true);
    if(attrval->equal(&bool_attr))
      cond_res = true;
    if(attrval) delete attrval;
    if(!cond_res) { result = DECISION_INDETERMINATE; return result; } 
  }

  if (effect == "Permit") { 
    result = DECISION_PERMIT;
    evalres.effect = "Permit";
  }
  else if (effect == "Deny") {
    result = DECISION_DENY;
    evalres.effect = "Deny";
  }
  return result;
}

Here is the call graph for this function:

std::string XACMLRule::getEffect ( ) [virtual]

Definition at line 84 of file XACMLRule.cpp.

                              {
  return effect;
}
virtual std::string ArcSec::XACMLRule::getEffect ( ) const [inline, virtual]

Get the "Effect" attribute.

Implements ArcSec::Policy.

Definition at line 34 of file XACMLRule.h.

{ return effect; };
const char* ArcSec::XACMLRule::getEvalName ( ) const [inline, virtual]

Get the name of Evaluator which can evaluate this policy.

Implements ArcSec::Policy.

Definition at line 40 of file XACMLRule.h.

{   return "xacml.evaluator"; };

Get eveluation result.

Implements ArcSec::Policy.

Definition at line 88 of file XACMLRule.cpp.

                                    {
  return evalres;
}
const char* ArcSec::XACMLRule::getName ( ) const [inline, virtual]

Get the name of this policy.

Implements ArcSec::Policy.

Definition at line 42 of file XACMLRule.h.

{   return "xacml.rule"; };
virtual void ArcSec::Policy::make_policy ( ) [inline, virtual, inherited]

Parse XMLNode, and construct the low-level Rule object.

Reimplemented in ArcSec::XACMLPolicy, and ArcSec::ArcPolicy.

Definition at line 70 of file Policy.h.

{};

Here is the caller graph for this function:

Evaluate whether the two targets to be evaluated match to each other.

Implements ArcSec::Policy.

Definition at line 45 of file XACMLRule.cpp.

                                              {
  MatchResult res;
  if(target != NULL) res = target->match(ctx);
  else { logger.msg(Arc::ERROR, "No target available inside the rule"); res = INDETERMINATE; }
  return res;
}

Here is the call graph for this function:

virtual ArcSec::XACMLRule::operator bool ( void  ) const [inline, virtual]

Returns true is object is valid.

Implements ArcSec::Policy.

Definition at line 32 of file XACMLRule.h.

{ return true; };
virtual void ArcSec::XACMLRule::setEvalResult ( EvalResult res) [inline, virtual]

Set eveluation result.

Implements ArcSec::Policy.

Definition at line 38 of file XACMLRule.h.

{ evalres = res; };
virtual void ArcSec::Policy::setEvaluatorContext ( EvaluatorContext ) [inline, virtual, inherited]

Set Evaluator Context for the usage in creating low-level policy object.

Reimplemented in ArcSec::XACMLPolicy, and ArcSec::ArcPolicy.

Definition at line 67 of file Policy.h.

{};

Here is the caller graph for this function:


Member Data Documentation

Definition at line 50 of file XACMLRule.h.

Definition at line 57 of file XACMLRule.h.

std::string ArcSec::XACMLRule::description [private]

Definition at line 48 of file XACMLRule.h.

std::string ArcSec::XACMLRule::effect [private]

Definition at line 42 of file XACMLRule.h.

Definition at line 53 of file XACMLRule.h.

Definition at line 51 of file XACMLRule.h.

std::string ArcSec::XACMLRule::id [private]

Definition at line 46 of file XACMLRule.h.

Reimplemented from ArcSec::Policy.

Definition at line 59 of file XACMLRule.h.

Definition at line 54 of file XACMLRule.h.

std::list<Policy*> ArcSec::Policy::subelements [protected, inherited]

Definition at line 26 of file Policy.h.

Definition at line 56 of file XACMLRule.h.

std::string ArcSec::XACMLRule::version [private]

Definition at line 47 of file XACMLRule.h.


The documentation for this class was generated from the following files: