Changeset 5395


Ignore:
Timestamp:
16/06/09 17:04:48 (10 years ago)
Author:
pjkersha
Message:

XACML implementation: fixes to Apply class added separate exceptions module

Location:
TI12-security/trunk/python
Files:
1 added
8 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/xacml/__init__.py

    r5393 r5395  
    22 
    33NERC DataGrid Project 
     4 
     5This package is adapted from the Sun Java XACML implementation ... 
     6 
     7Copyright 2004 Sun Microsystems, Inc. All Rights Reserved. 
     8 
     9Redistribution and use in source and binary forms, with or without 
     10modification, are permitted provided that the following conditions are met: 
     11 
     12  1. Redistribution of source code must retain the above copyright notice, 
     13     this list of conditions and the following disclaimer. 
     14 
     15  2. Redistribution in binary form must reproduce the above copyright 
     16     notice, this list of conditions and the following disclaimer in the 
     17     documentation and/or other materials provided with the distribution. 
     18 
     19Neither the name of Sun Microsystems, Inc. or the names of contributors may 
     20be used to endorse or promote products derived from this software without 
     21specific prior written permission. 
     22 
     23This software is provided "AS IS," without a warranty of any kind. ALL 
     24EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING 
     25ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE 
     26OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") 
     27AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE 
     28AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS 
     29DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST 
     30REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, 
     31INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY 
     32OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, 
     33EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 
     34 
     35You acknowledge that this software is not designed or intended for use in 
     36the design, construction, operation or maintenance of any nuclear facility. 
    437""" 
    538__author__ = "P J Kershaw" 
     
    1548 
    1649from elementtree import ElementTree 
    17  
     50from ndg.security.common.utils import getLocalName 
     51 
     52from ndg.security.common.authz.xacml.exceptions import ParsingException, \ 
     53    UnknownIdentifierException 
     54     
    1855from ndg.security.common.authz.xacml.cond.factory import FunctionFactory, \ 
    19     UnknownIdentifierException, FunctionTypeException 
    20      
    21 from ndg.security.common.authz.xacml.attr import AttributeFactory 
     56    FunctionTypeException 
     57 
     58from ndg.security.common.authz.xacml.attr import AttributeFactory, \ 
     59    AttributeDesignator 
    2260from ndg.security.common.authz.xacml.ctx import Result 
    23    
    24 getNs = lambda elem: elem.tag.split('}')[0][1:] 
    25 getLocalName = lambda elem: elem.tag.rsplit('}',1)[-1] 
    26  
    27 class UnknownIdentifierException(Exception): 
    28     pass 
    29  
    30 class ParsingException(Exception): 
    31     pass 
     61from ndg.security.common.authz.xacml.cond import Apply 
    3262 
    3363class XacmlBase(object): 
     
    173203 
    174204        return tuple(list) 
    175      
    176      
    177 class AttributeDesignator(XacmlBase): 
    178     elemNames = [n+'AttributeDesignator' for n in ('Action', 'Environment', 
    179                                                   'Resource', 'Subject')] 
    180     targetCodes = range(4) 
    181     targetLUT = dict(zip(elemNames, targetCodes)) 
    182      
    183     (ACTION_TARGET,  
    184     ENVIRONMENT_TARGET,  
    185     RESOURCE_TARGET,  
    186     SUBJECT_TARGET) = targetCodes 
    187      
    188     def __init__(self, target, type, id, mustBePresent=False, issuer=None): 
    189         if target not in AttributeDesignator.targetCodes: 
    190             raise AttributeError("Target code must be one of %r; input code " 
    191                                  "is %r" % (AttributeDesignator.targetCodes, 
    192                                             target)) 
    193         self.target = target 
    194         self.type = type 
    195         self.id = id 
    196         self.mustBePresent = mustBePresent 
    197         self.issuer = issuer 
    198  
    199     @classmethod 
    200     def getInstance(cls, elem, target): 
    201         """Create a new instance from an ElementTree element 
    202         @type elem: ElementTree.Element 
    203         @param elem: AttributeDesignator XML element 
    204         @type target: int 
    205         @param target: target code 
    206         @rtype: AttributeDesignator 
    207         @return: new AttributeDesignator instance 
    208         """ 
    209         localName = getLocalName(elem) 
    210         if localName not in cls.elemNames: 
    211             raise AttributeError("Element name [%s] is not a recognised " 
    212                                  "AttributeDesignator name %r" %  
    213                                  (localName, cls.elemNames)) 
    214              
    215          
    216         if target not in cls.targetCodes: 
    217             raise AttributeError("Target code [%d] is not a recognised " 
    218                                  "AttributeDesignator target code %r" %  
    219                                  (localName, cls.targetCodes)) 
    220              
    221         id = elem.attrib['AttributeId'] 
    222         type = elem.attrib['DataType'] 
    223         mustBePresent=elem.attrib.get('mustBePresent','false').lower()=='true' 
    224         issuer = elem.attrib.get('issuer') 
    225         return cls(target, type, id, mustBePresent=mustBePresent,issuer=issuer) 
    226      
     205         
    227206     
    228207class TargetMatch(XacmlBase): 
     
    463442    of most policies. 
    464443    ''' 
    465     def __init__(self, id, effect, description, target, condition): 
     444    def __init__(self, ruleId, effect, description, target, condition): 
    466445        '''Creates a new <code>Rule</code> object. 
    467446         
    468         @param id: the rule's identifier 
     447        @param ruleId: the rule's identifier 
    469448        @param effect: the effect to return if the rule applies (either 
    470449                      Permit or Deny) as specified in <code>Result</code> 
     
    475454        ''' 
    476455         
    477         self.idAttr = id 
     456        self.idAttr = ruleId 
    478457         
    479458        # Effect is the intended consequence of the satisfied rule. It can  
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/xacml/attr.py

    r5393 r5395  
    1 """XACML Attribute Package 
     1"""XACML Attribute module 
    22 
    33NERC DataGrid Project 
     4 
     5This code is adapted from the Sun Java XACML implementation ... 
     6 
     7Copyright 2004 Sun Microsystems, Inc. All Rights Reserved. 
     8 
     9Redistribution and use in source and binary forms, with or without 
     10modification, are permitted provided that the following conditions are met: 
     11 
     12  1. Redistribution of source code must retain the above copyright notice, 
     13     this list of conditions and the following disclaimer. 
     14 
     15  2. Redistribution in binary form must reproduce the above copyright 
     16     notice, this list of conditions and the following disclaimer in the 
     17     documentation and/or other materials provided with the distribution. 
     18 
     19Neither the name of Sun Microsystems, Inc. or the names of contributors may 
     20be used to endorse or promote products derived from this software without 
     21specific prior written permission. 
     22 
     23This software is provided "AS IS," without a warranty of any kind. ALL 
     24EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING 
     25ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE 
     26OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") 
     27AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE 
     28AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS 
     29DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST 
     30REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, 
     31INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY 
     32OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, 
     33EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 
     34 
     35You acknowledge that this software is not designed or intended for use in 
     36the design, construction, operation or maintenance of any nuclear facility. 
    437""" 
    538__author__ = "P J Kershaw" 
     
    1548import sys 
    1649 
     50from ndg.security.common.authz.xacml import getLocalName 
    1751from ndg.security.common.authz.xacml.cond.eval import Evaluatable 
     52 
     53class AttributeDesignator(object): 
     54    elemNames = [n+'AttributeDesignator' for n in ('Action', 'Environment', 
     55                                                  'Resource', 'Subject')] 
     56    targetCodes = range(4) 
     57    targetLUT = dict(zip(elemNames, targetCodes)) 
     58     
     59    (ACTION_TARGET,  
     60    ENVIRONMENT_TARGET,  
     61    RESOURCE_TARGET,  
     62    SUBJECT_TARGET) = targetCodes 
     63     
     64    def __init__(self, target, type, id, mustBePresent=False, issuer=None): 
     65        if target not in AttributeDesignator.targetCodes: 
     66            raise AttributeError("Target code must be one of %r; input code " 
     67                                 "is %r" % (AttributeDesignator.targetCodes, 
     68                                            target)) 
     69        self.target = target 
     70        self.type = type 
     71        self.id = id 
     72        self.mustBePresent = mustBePresent 
     73        self.issuer = issuer 
     74 
     75    @classmethod 
     76    def getInstance(cls, elem, target): 
     77        """Create a new instance from an ElementTree element 
     78        @type elem: ElementTree.Element 
     79        @param elem: AttributeDesignator XML element 
     80        @type target: int 
     81        @param target: target code 
     82        @rtype: AttributeDesignator 
     83        @return: new AttributeDesignator instance 
     84        """ 
     85        localName = getLocalName(elem) 
     86        if localName not in cls.elemNames: 
     87            raise AttributeError("Element name [%s] is not a recognised " 
     88                                 "AttributeDesignator name %r" %  
     89                                 (localName, cls.elemNames)) 
     90             
     91         
     92        if target not in cls.targetCodes: 
     93            raise AttributeError("Target code [%d] is not a recognised " 
     94                                 "AttributeDesignator target code %r" %  
     95                                 (localName, cls.targetCodes)) 
     96             
     97        id = elem.attrib['AttributeId'] 
     98        type = elem.attrib['DataType'] 
     99        mustBePresent=elem.attrib.get('mustBePresent','false').lower()=='true' 
     100        issuer = elem.attrib.get('issuer') 
     101        return cls(target, type, id, mustBePresent=mustBePresent,issuer=issuer) 
    18102 
    19103class AttributeValue(Evaluatable): 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/xacml/cond/__init__.py

    r5393 r5395  
    22 
    33NERC DataGrid Project 
     4 
     5This code is adapted from the Sun Java XACML implementation ... 
     6 
     7Copyright 2004 Sun Microsystems, Inc. All Rights Reserved. 
     8 
     9Redistribution and use in source and binary forms, with or without 
     10modification, are permitted provided that the following conditions are met: 
     11 
     12  1. Redistribution of source code must retain the above copyright notice, 
     13     this list of conditions and the following disclaimer. 
     14 
     15  2. Redistribution in binary form must reproduce the above copyright 
     16     notice, this list of conditions and the following disclaimer in the 
     17     documentation and/or other materials provided with the distribution. 
     18 
     19Neither the name of Sun Microsystems, Inc. or the names of contributors may 
     20be used to endorse or promote products derived from this software without 
     21specific prior written permission. 
     22 
     23This software is provided "AS IS," without a warranty of any kind. ALL 
     24EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING 
     25ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE 
     26OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") 
     27AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE 
     28AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS 
     29DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST 
     30REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, 
     31INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY 
     32OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, 
     33EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 
     34 
     35You acknowledge that this software is not designed or intended for use in 
     36the design, construction, operation or maintenance of any nuclear facility. 
    437""" 
    538__author__ = "P J Kershaw" 
     
    1346log = logging.getLogger(__name__) 
    1447 
     48from ndg.security.common.utils import getLocalName 
     49from ndg.security.common.authz.xacml.exceptions import \ 
     50    UnknownIdentifierException, ParsingException 
    1551from ndg.security.common.authz.xacml.cond.eval import Evaluatable 
    1652from ndg.security.common.authz.xacml.attr import AnyURIAttribute, \ 
     
    1854    DayTimeDurationAttribute, DoubleAttribute, HexBinaryAttribute, \ 
    1955    IntegerAttribute, RFC822NameAttribute, StringAttribute, TimeAttribute, \ 
    20     X500NameAttribute, YearMonthDurationAttribute 
     56    X500NameAttribute, YearMonthDurationAttribute, AttributeFactory, \ 
     57    AttributeDesignator 
    2158 
    2259 
     
    4683 
    4784        # if everything checks out, then store the inputs 
    48         self.function = function 
    49         self.evals = tuple(evals) 
     85        self._function = function 
     86        self._evals = tuple(evals) 
    5087        self.bagFunction = bagFunction 
    5188        self.isCondition = isCondition 
    5289     
    5390     
    54     @staticmethod 
    55     def getConditionInstance(root, xpathVersion): 
     91    @classmethod 
     92    def getConditionInstance(cls, root): 
    5693        '''Returns an instance of an Apply based on the given DOM 
    5794        root node. This will actually return a special kind of 
     
    6299         
    63100        @param root the DOM root of a ConditionType XML type 
    64         @param xpathVersion the XPath version to use in any selectors or XPath 
    65                             functions, or null if this is unspecified (ie, not 
    66                             supplied in the defaults section of the policy) 
    67          
    68101        ''' 
    69         raise NotImplementedError() 
     102        from ndg.security.common.authz.xacml.cond.factory import \ 
     103            FunctionFactory 
     104        cls.__getInstance(root, FunctionFactory.getConditionInstance(), True) 
     105     
     106     
     107    @classmethod 
     108    def getInstance(cls, root): 
     109        '''Returns an instance of Apply based on the given root. 
    70110          
    71     def getInstance(self,  
    72                     root,  
    73                     factory=None,  
    74                     isCondition=False,  
    75                     xpathVersion=None): 
    76         '''Returns an instance of Apply based on the given DOM root. 
    77          
    78         @param root the DOM root of an ApplyType XML type 
    79         @param xpathVersion the XPath version to use in any selectors or XPath 
    80                             functions, or null if this is unspecified (ie, not 
    81                             supplied in the defaults section of the policy)''' 
    82          
    83         raise NotImplementedError() 
    84      
    85     @staticmethod 
    86     def getFunction(root, version, factory): 
     111        @param root: the ElementTree.Element root of a ConditionType XML type 
     112        @raise ParsingException: if this is not a valid ApplyType 
     113        ''' 
     114        from ndg.security.common.authz.xacml.cond.factory import \ 
     115            FunctionFactory 
     116        cls.__getInstance(root, FunctionFactory.getGeneralInstance(), True) 
     117          
     118         
     119    @classmethod 
     120    def __getInstance(cls, root, factory, isCondition): 
     121        '''This is a helper method that is called by the two getInstance 
     122        methods. It takes a factory so we know that we're getting the right 
     123        kind of function.''' 
     124      
     125        function = cls.__getFunction(root, factory) 
     126        bagFunction = None 
     127        evals = [] 
     128         
     129        attrFactory = AttributeFactory.getInstance() 
     130 
     131        for elem in root:  
     132            name = getLocalName(elem) 
     133 
     134            if name == "Apply": 
     135                evals.append(Apply.getInstance(elem)) 
     136                
     137            elif name == "AttributeValue": 
     138                try:  
     139                    evals.append(attrFactory.createValue(elem)) 
     140                     
     141                except UnknownIdentifierException, e: 
     142                    raise ParsingException("Unknown DataType: %s" % e) 
     143                 
     144            elif name == "SubjectAttributeDesignator": 
     145                evals.append(AttributeDesignator.getInstance(elem, 
     146                                      AttributeDesignator.SUBJECT_TARGET)) 
     147                 
     148            elif name =="ResourceAttributeDesignator": 
     149                evals.append(AttributeDesignator.getInstance(elem, 
     150                                      AttributeDesignator.RESOURCE_TARGET)) 
     151                 
     152            elif name == "ActionAttributeDesignator":  
     153                evals.append(AttributeDesignator.getInstance(elem, 
     154                                      AttributeDesignator.ACTION_TARGET)) 
     155                 
     156            elif name == "EnvironmentAttributeDesignator": 
     157                evals.append(AttributeDesignator.getInstance(elem, 
     158                                      AttributeDesignator.ENVIRONMENT_TARGET)) 
     159                 
     160            elif name == "AttributeSelector": 
     161                evals.append(AttributeSelector.getInstance(elem)) 
     162                 
     163            elif name == "Function":  
     164                # while the schema doesn't enforce this, it's illegal to 
     165                # have more than one FunctionType in a given ApplyType 
     166                if bagFunction != None: 
     167                    raise ParsingException("Too many FunctionTypes") 
     168 
     169                from ndg.security.common.authz.xacml.cond.factory import \ 
     170                    FunctionFactory 
     171                bagFunction = cls.__getFunction(elem,  
     172                                        FunctionFactory.getGeneralInstance()) 
     173             
     174        return Apply(function, evals, bagFunction, isCondition) 
     175 
     176 
     177    @classmethod 
     178    def __getFunction(cls, root, factory): 
    87179        '''Helper method that tries to get a function instance''' 
    88         raise NotImplementedError() 
     180 
     181        functionName = root.attrib["FunctionId"] 
     182        try: 
     183            # try to get an instance of the given function 
     184            return factory.createFunction(functionName) 
     185         
     186        except UnknownIdentifierException, e: 
     187            raise ParsingException("Unknown FunctionId in Apply: %s" % e) 
     188         
     189        except FunctionTypeException, e: 
     190            # try creating as an abstract function, using a general factory 
     191            try: 
     192                from ndg.security.common.authz.xacml.cond.factory import \ 
     193                    FunctionFactory 
     194                functionFactory = FunctionFactory.getGeneralInstance() 
     195                return functionFactory.createAbstractFunction(functionName,  
     196                                                              root) 
     197            except Exception, e: 
     198                # any exception at this point is a failure 
     199                raise ParsingException("failed to create abstract function %s " 
     200                                       ": %s" % (functionName, e))   
    89201             
    90202    def getFunction(self): 
     
    92204         
    93205        @return the Function''' 
    94         return function 
     206        return self._function 
    95207     
    96208    def getChildren(self): 
     
    100212         
    101213        @return a List of Evaluatables''' 
    102         return self.evals 
     214        return self._evals 
    103215     
    104216    def getHigherOrderFunction(self): 
     
    456568         
    457569class HigherOrderFunction(Function): 
     570    supportedIdentifiers = () 
    458571    def __init__(self, *arg, **kw): 
    459572        raise NotImplementedError() 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/xacml/cond/eval.py

    r5375 r5395  
    22 
    33NERC DataGrid Project 
     4 
     5This code is adapted from the Sun Java XACML implementation ... 
     6 
     7Copyright 2004 Sun Microsystems, Inc. All Rights Reserved. 
     8 
     9Redistribution and use in source and binary forms, with or without 
     10modification, are permitted provided that the following conditions are met: 
     11 
     12  1. Redistribution of source code must retain the above copyright notice, 
     13     this list of conditions and the following disclaimer. 
     14 
     15  2. Redistribution in binary form must reproduce the above copyright 
     16     notice, this list of conditions and the following disclaimer in the 
     17     documentation and/or other materials provided with the distribution. 
     18 
     19Neither the name of Sun Microsystems, Inc. or the names of contributors may 
     20be used to endorse or promote products derived from this software without 
     21specific prior written permission. 
     22 
     23This software is provided "AS IS," without a warranty of any kind. ALL 
     24EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING 
     25ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE 
     26OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") 
     27AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE 
     28AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS 
     29DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST 
     30REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, 
     31INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY 
     32OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, 
     33EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 
     34 
     35You acknowledge that this software is not designed or intended for use in 
     36the design, construction, operation or maintenance of any nuclear facility. 
    437""" 
    538__author__ = "P J Kershaw" 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/xacml/cond/factory.py

    r5393 r5395  
    1  
     1"""XACML function factory module 
     2 
     3NERC DataGrid Project 
     4 
     5This code is adapted from the Sun Java XACML implementation ... 
     6 
     7Copyright 2004 Sun Microsystems, Inc. All Rights Reserved. 
     8 
     9Redistribution and use in source and binary forms, with or without 
     10modification, are permitted provided that the following conditions are met: 
     11 
     12  1. Redistribution of source code must retain the above copyright notice, 
     13     this list of conditions and the following disclaimer. 
     14 
     15  2. Redistribution in binary form must reproduce the above copyright 
     16     notice, this list of conditions and the following disclaimer in the 
     17     documentation and/or other materials provided with the distribution. 
     18 
     19Neither the name of Sun Microsystems, Inc. or the names of contributors may 
     20be used to endorse or promote products derived from this software without 
     21specific prior written permission. 
     22 
     23This software is provided "AS IS," without a warranty of any kind. ALL 
     24EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING 
     25ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE 
     26OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") 
     27AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE 
     28AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS 
     29DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST 
     30REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, 
     31INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY 
     32OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, 
     33EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 
     34 
     35You acknowledge that this software is not designed or intended for use in 
     36the design, construction, operation or maintenance of any nuclear facility. 
     37""" 
    238import logging 
    339log = logging.getLogger(__name__) 
     
    642from ndg.security.common.authz.xacml.cond import Function, EqualFunction, \ 
    743    LogicalFunction, NOfFunction, NotFunction, ComparisonFunction, \ 
    8     MatchFunction 
    9  
    10  
    11 class UnknownIdentifierException(Exception): 
    12     """Function name isn't known""" 
    13  
    14 class FunctionTypeException(Exception): 
    15     """The function name is known to map to an abstract function and needs 
    16     to be implemented""" 
    17  
    18 class ParsingException(Exception): 
    19     """A function can't be created with the given inputs""" 
    20  
     44    MatchFunction, ConditionBagFunction, ConditionSetFunction, \ 
     45    HigherOrderFunction, AddFunction, SubtractFunction, MultiplyFunction, \ 
     46    DivideFunction, ModFunction, AbsFunction, RoundFunction, FloorFunction, \ 
     47    DateMathFunction, GeneralBagFunction, NumericConvertFunction, \ 
     48    StringNormalizeFunction, GeneralSetFunction, MapFunction, \ 
     49    MapFunctionProxy, FunctionProxy 
     50 
     51from ndg.security.common.authz.xacml.exceptions import ParsingException, \ 
     52    UnknownIdentifierException, FunctionTypeException 
     53       
    2154 
    2255class FunctionFactoryProxy(object): 
     
    2861    @classmethod 
    2962    def getTargetFactory(cls): 
     63        """Return a Target instance 
     64        @type cls: FunctionFactoryProxy 
     65        @param cls: class instance 
     66        """ 
    3067        raise NotImplementedError() 
    3168 
    3269    @classmethod 
    3370    def getConditionFactory(cls): 
     71        """Return a Condition instance 
     72        @type cls: FunctionFactoryProxy 
     73        @param cls: class instance 
     74        """ 
    3475        raise NotImplementedError() 
    3576 
    3677    @classmethod 
    3778    def getGeneralFactory(cls): 
     79        """General Factory method 
     80        @type cls: FunctionFactoryProxy 
     81        @param cls: class instance 
     82        """ 
    3883        raise NotImplementedError() 
    3984 
     
    138183    generalFactory = None 
    139184 
    140     def __init__(targetFactory, conditionFactory, generalFactory):  
     185    def __init__(self, targetFactory, conditionFactory, generalFactory):  
    141186        '''Creates a new proxy. 
    142187         
     
    145190        @param generalFactory the general factory provided by this proxy 
    146191        ''' 
    147         self.targetFactory = targetFactory 
    148         self.conditionFactory = conditionFactory 
    149         self.generalFactory = generalFactory 
    150      
    151     def getTargetFactory(): 
    152         return targetFactory 
    153  
    154     def getConditionFactory(): 
    155         return conditionFactory 
    156  
    157     def getGeneralFactory(): 
    158         return generalFactory 
     192        BasicFunctionFactoryProxy.targetFactory = targetFactory 
     193        BasicFunctionFactoryProxy.conditionFactory = conditionFactory 
     194        BasicFunctionFactoryProxy.generalFactory = generalFactory 
     195     
     196    @classmethod 
     197    def getTargetFactory(cls): 
     198        return cls.targetFactory 
     199 
     200    @classmethod 
     201    def getConditionFactory(cls): 
     202        return cls.conditionFactory 
     203     
     204    @classmethod 
     205    def getGeneralFactory(cls): 
     206        return cls.generalFactory 
    159207     
    160208 
     
    219267                self.functionMap[function.functionName] = function 
    220268         
    221         for id in supportedAbstractFunctions.keys(): 
    222             proxy = supportedAbstractFunctions.get(id) 
    223             self.functionMap[id] = proxy 
     269        for functionId in supportedAbstractFunctions.keys(): 
     270            proxy = supportedAbstractFunctions.get(functionId) 
     271            self.functionMap[functionId] = proxy 
    224272  
    225273    def addFunction(self, function): 
     
    233281        function is non-boolean (when this is a Target or Condition factory) 
    234282        ''' 
    235         id = function.functionId 
     283        functionId = function.functionId 
    236284 
    237285        # make sure this doesn't already exist 
    238         if id in self.functionMap: 
    239             raise TypeError("function %s already exists" % id) 
     286        if functionId in self.functionMap: 
     287            raise TypeError("function %s already exists" % functionId) 
    240288 
    241289        # add to the superset factory 
     
    244292 
    245293        # Add to this factory 
    246         self.functionMap[id] = function 
    247      
    248          
    249     def addAbstractFunction(self, proxy, id): 
     294        self.functionMap[functionId] = function 
     295     
     296         
     297    def addAbstractFunction(self, proxy, functionId): 
    250298        '''Adds the abstract function proxy to the factory. This is used for 
    251299        those functions which have state, or change behaviour (for instance 
     
    254302         
    255303        @param proxy: the FunctionProxy to add to the factory 
    256         @param id: the function's identifier 
     304        @param functionId: the function's identifier 
    257305         
    258306        @raise TypeError if the function's identifier is already used''' 
    259307 
    260308        # make sure this doesn't already exist 
    261         if id in self.functionMap: 
     309        if functionId in self.functionMap: 
    262310            raise TypeError("function already exists") 
    263311 
    264312        # add to the superset factory 
    265313        if self.superset != None: 
    266             self.superset.addAbstractFunction(proxy, id) 
     314            self.superset.addAbstractFunction(proxy, functionId) 
    267315 
    268316        # finally, add to this factory 
    269         functionMap[id] = proxy 
     317        self.functionMap[functionId] = proxy 
    270318     
    271319 
     
    309357     
    310358     
    311     def createAbstractFunction(identity, root): 
     359    def createAbstractFunction(self, identity, root): 
    312360        '''Tries to get an instance of the specified abstract function. 
    313361         
     
    428476 
    429477        if cls.targetFunctions is None: 
    430             self._initTargetFunctions() 
    431  
    432         cls.conditionFunctions = cls.targetFunctions.copy() 
     478            cls._initTargetFunctions() 
     479 
     480        cls.conditionFunctions = cls.targetFunctions[:] 
    433481 
    434482        # add condition functions from BagFunction 
    435         conditionFunctions.extend(getSupportedFunctions(ConditionBagFunction)) 
    436          
    437         # add condition functions from SetFunction 
    438         conditionFunctions.extend(getSupportedFunctions(ConditionSetFunction)) 
    439          
    440         # add condition functions from HigherOrderFunction 
    441         conditionFunctions.extend(getSupportedFunctions(HigherOrderFunction)) 
    442  
     483        try: 
     484            cls.conditionFunctions.extend( 
     485                                getSupportedFunctions(ConditionBagFunction)) 
     486        except NotImplementedError: 
     487            log.warning("ConditionBagFunction is not implemented") 
     488         
     489        try: 
     490            # add condition functions from SetFunction 
     491            cls.conditionFunctions.extend( 
     492                                getSupportedFunctions(ConditionSetFunction)) 
     493        except NotImplementedError: 
     494            log.warning("ConditionSetFunction is not implemented") 
     495         
     496        try: 
     497            # add condition functions from HigherOrderFunction 
     498            cls.conditionFunctions.extend( 
     499                                getSupportedFunctions(HigherOrderFunction)) 
     500        except NotImplementedError: 
     501            log.warning("HigherOrderFunction is not implemented") 
     502             
    443503        cls.conditionAbstractFunctions = cls.targetAbstractFunctions.copy() 
    444504     
     
    451511 
    452512        if cls.conditionFunctions is None: 
    453             self._initConditionFunctions() 
    454  
    455         cls.generalFunctions = cls.conditionFunctions.copy() 
     513            cls._initConditionFunctions() 
     514 
     515        cls.generalFunctions = cls.conditionFunctions[:] 
    456516 
    457517        # add AddFunction 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/xacml/ctx.py

    r5393 r5395  
    22 
    33NERC DataGrid Project 
     4 
     5This code is adapted from the Sun Java XACML implementation ... 
     6 
     7Copyright 2004 Sun Microsystems, Inc. All Rights Reserved. 
     8 
     9Redistribution and use in source and binary forms, with or without 
     10modification, are permitted provided that the following conditions are met: 
     11 
     12  1. Redistribution of source code must retain the above copyright notice, 
     13     this list of conditions and the following disclaimer. 
     14 
     15  2. Redistribution in binary form must reproduce the above copyright 
     16     notice, this list of conditions and the following disclaimer in the 
     17     documentation and/or other materials provided with the distribution. 
     18 
     19Neither the name of Sun Microsystems, Inc. or the names of contributors may 
     20be used to endorse or promote products derived from this software without 
     21specific prior written permission. 
     22 
     23This software is provided "AS IS," without a warranty of any kind. ALL 
     24EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING 
     25ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE 
     26OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") 
     27AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE 
     28AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS 
     29DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST 
     30REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, 
     31INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY 
     32OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, 
     33EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 
     34 
     35You acknowledge that this software is not designed or intended for use in 
     36the design, construction, operation or maintenance of any nuclear facility. 
    437""" 
    538__author__ = "P J Kershaw" 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/utils/__init__.py

    r5165 r5395  
    1010__revision__ = '$Id: $' 
    1111 
     12# ElementTree helpers   
     13getNs = lambda elem: elem.tag.split('}')[0][1:] 
     14getLocalName = lambda elem: elem.tag.rsplit('}',1)[-1] 
     15 
     16 
    1217class UniqList(list): 
    1318    """Extended version of list type to enable a list with unique items""" 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/unit/xacml/xacml.xml

    r5393 r5395  
    7272            something more specific 
    7373        --> 
    74         <Condition FunctionId="urn:oasis:names:tc:xacml:1.0:function:equal"> 
     74        <Condition FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> 
    7575            <!--  
    7676                The user must have at least one of the roles set - in this 
Note: See TracChangeset for help on using the changeset viewer.