Ignore:
Timestamp:
27/10/10 16:05:18 (10 years ago)
Author:
pjkersha
Message:

ndg_xacml:

  • added support for custom AttributeValue? DataTypes? - this means that the ESGF GroupRole? attribute type can be added directly into XACML policies.
  • TODO: add support for adding custom functions so that a PDP can correctly apply rules based on custom types like the ESGF GroupRole?.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/ndg_xacml/ndg/xacml/core/attributevalue.py

    r7652 r7661  
    241241 
    242242 
    243 # Dynamically Create classes based on AttributeValue for all the XACML primitive 
    244 # types 
    245 _IDENTIFIER2CLASS_MAP = AttributeValueClassMap() 
    246  
    247 for typeName, _type in AttributeValue.TYPE_MAP.items(): 
    248     identifier = AttributeValue.TYPE_URI_MAP[typeName] 
    249  
    250     className = typeName + AttributeValue.CLASS_NAME_SUFFIX                
    251     classVars = {'TYPE': _type, 'IDENTIFIER': identifier} 
    252      
    253     attributeValueClass = type(className, (AttributeValue, ), classVars) 
    254     AttributeValue.register(attributeValueClass) 
    255     _IDENTIFIER2CLASS_MAP[identifier] = attributeValueClass 
    256      
    257      
    258 def extendAttributeValueClassMap(classMap, overwrite=False): 
    259     """Extend Default AttributeValue Class Map with custom types.  This enables 
    260     the policy to support additional attribute types 
    261      
    262     @param classMap: input an alternative to the default class mapping  
    263     object _IDENTIFIER2CLASS_MAP, if None, it will default to this setting 
    264     @type classMap: ndg.xacml.core.attributevalue.AttributeValueClassMap   
    265     @param overwrite: set to True to allow overwriting of existing map entries, 
    266     defaults to disable overwrite 
    267     @type overwrite: bool 
    268     """ 
    269     if not isinstance(classMap, AttributeValueClassMap): 
    270         raise TypeError('Expecting %r derived type for "map" input; got %r' %  
    271                         (AttributeValueClassMap, type(map))) 
    272  
    273     if overwrite: 
    274         _IDENTIFIER2CLASS_MAP.update(classMap) 
    275     else: 
    276         for k, v in classMap.items(): 
    277             if k not in _IDENTIFIER2CLASS_MAP: 
    278                 _IDENTIFIER2CLASS_MAP[k] = v 
    279     
    280     
    281243class AttributeValueClassFactory(object): 
    282244    """Create AttributeValue types based on the XML namespace identifier 
    283245     
    284     Convenience wrapper for _IDENTIFIER2CLASS_MAP instance of  
     246    Convenience wrapper for IDENTIFIER2CLASS_MAP instance of  
    285247    AttributeValueClassMap 
    286248     
     
    291253    __slots__ = ('__classMap',) 
    292254     
     255    # Dynamically Create classes based on AttributeValue for all the XACML  
     256    # primitive types 
     257    IDENTIFIER2CLASS_MAP = AttributeValueClassMap() 
     258    _typeName, _type, _identifier, _className, _classVars, \ 
     259        _attributeValueClass = (None,)*6 
     260         
     261    for _typeName, _type in AttributeValue.TYPE_MAP.items(): 
     262        _identifier = AttributeValue.TYPE_URI_MAP[_typeName] 
     263     
     264        _className = _typeName + AttributeValue.CLASS_NAME_SUFFIX                
     265        _classVars = {'TYPE': _type, 'IDENTIFIER': _identifier} 
     266         
     267        _attributeValueClass = type(_className, (AttributeValue, ), _classVars) 
     268        AttributeValue.register(_attributeValueClass) 
     269        IDENTIFIER2CLASS_MAP[_identifier] = _attributeValueClass 
     270     
     271    del _typeName, _type, _identifier, _className, _classVars, \ 
     272        _attributeValueClass 
     273         
    293274    def __init__(self, classMap=None): 
    294275        """Set a mapping object to map attribute value URIs to their  
     
    296277         
    297278        @param classMap: input an alternative to the default class mapping  
    298         object _IDENTIFIER2CLASS_MAP, if None, it will default to this setting 
     279        object IDENTIFIER2CLASS_MAP, if None, it will default to this setting 
    299280        @type classMap: ndg.xacml.core.attributevalue.AttributeValueClassMap 
    300281        """ 
    301282        if classMap is None: 
    302             self.__classMap = _IDENTIFIER2CLASS_MAP 
     283            self.__classMap = self.__class__.IDENTIFIER2CLASS_MAP 
    303284        elif isinstance(classMap, AttributeValueClassMap): 
    304285            self.__classMap = classMap 
     
    316297        """ 
    317298        return self.__classMap.get(identifier) 
    318          
     299     
     300    @classmethod 
     301    def addClass(cls, identifier, attributeValueClass, overwrite=False): 
     302        """Extend Default AttributeValue Class Map with custom types.  This  
     303        enables the policy to support additional attribute types 
     304         
     305        @param identifier: ID for candidate Attribute Value class 
     306        @type identifier: ndg.xacml.core.attributevalue.AttributeValueClassMap  
     307        @param attributeValueClass: new Attribute Value class to be added 
     308        @type attributeValueClass: ndg.xacml.core.attributevalue.AttributeValue 
     309        @param overwrite: set to True to allow overwriting of existing map  
     310        entries, defaults to disable overwrite 
     311        @type overwrite: bool 
     312        """ 
     313        # Instantiate class map to validate input types. 
     314        classMap = AttributeValueClassMap() 
     315        classMap[identifier] = attributeValueClass 
     316         
     317        if overwrite: 
     318            cls.IDENTIFIER2CLASS_MAP.update(classMap) 
     319        else: 
     320            for k, v in classMap.items(): 
     321                if k not in cls.IDENTIFIER2CLASS_MAP: 
     322                    cls.IDENTIFIER2CLASS_MAP[k] = v         
     323                     
Note: See TracChangeset for help on using the changeset viewer.