Changeset 7072

Timestamp:

24/06/10 14:30:12 (11 years ago)

Author:

pjkersha

Message:

Incomplete - task 2: XACML-Security Integration

• Major cleanup of function factories for efficiency. Only the required factories and function classes are loaded and any loaded classes are cached for future calls. All unit tests pass.

Location:

TI12-security/trunk/NDG_XACML/ndg/xacml

Files:

• core/apply.py (modified) (1 diff)
• core/attributevalue.py (modified) (1 diff)
• core/context/handler.py (modified) (3 diffs)
• core/functions/__init__.py (modified) (11 diffs)
• core/match.py (modified) (1 diff)
• parsers/etree/factory.py (modified) (1 diff)
• test/test_context.py (modified) (3 diffs)
• test/test_matchfunctions.py (modified) (2 diffs)
• utils/__init__.py (modified) (5 diffs)
• utils/factory.py (modified) (4 diffs)

TI12-security/trunk/NDG_XACML/ndg/xacml/core/apply.py

@@ -34 +34 @@
         self.__functionId = None
         self.__function = None
-        self.__functionMap = FunctionMap.withLoadedMap()
+        self.__functionMap = FunctionMap()
         self.__loadFunctionFromId = True
         self.__expressions = TypedList(Expression)

TI12-security/trunk/NDG_XACML/ndg/xacml/core/attributevalue.py

@@ -135 +135 @@
         # enable derived class to override them as standard methods without
         # needing to redefine this __init__ method            
-        super(AttributeValueClassMap, self).__init__(self.keyFilter, 
-                                                     self.valueFilter)
+        VettedDict.__init__(self, self.keyFilter, self.valueFilter)
         
     @staticmethod

TI12-security/trunk/NDG_XACML/ndg/xacml/core/context/handler.py

@@ -11 +11 @@
 __revision__ = "$Id$"
 from abc import ABCMeta, abstractmethod
-from ndg.xacml.core.context.pdpinterface import PDPInterface
 
 
@@ -18 +17 @@
     __metaclass__ = ABCMeta
     __slots__ = ()
-    
-    @classmethod
-    def __subclasshook__(cls, C):
-        """Derived class must implement __call__"""
-        if cls is PEPInterface:
-            if any("handlePEPRequest" in B.__dict__ for B in C.__mro__):
-                return True
             
-        return NotImplemented
-        
     @abstractmethod
     def handlePEPRequest(self, pepRequest):
@@ -46 +36 @@
     __slots__ = ()
     
-    def pepQuery(self, request, designator):
+    def pipQuery(self, request, designator):
         """Query a Policy Information Point to retrieve the attribute values
         corresponding to the specified input designator.  Optionally, update the

TI12-security/trunk/NDG_XACML/ndg/xacml/core/functions/__init__.py

@@ -282 +282 @@
 
 class FunctionClassFactoryBase(FunctionClassFactoryInterface):
-    """Base implementation for XACML Function Class Factory.  Derived types 
-    should be implemented in sub-modules of ndg.xacml.core.functions 
+    """Base implementation for XACML Function Class Factory.  There should be
+    one derived type for each function family implemented in sub-modules of 
+    ndg.xacml.core.functions 
     
     e.g.
     
-    for urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of a 
+    for urn:oasis:names:tc:xacml:1.0:function:<type>-at-least-one-member-of a 
     class factory should exist,
     
     ndg.xacml.core.functions.v1.at_least_one_member_of.FunctionClassFactory
     
-    which will be capable of returning an AbstractFunction derived type:
-    
-    StringAtLeastOneMemberOf    
+    which will be capable of returning a type derived from AbstractFunction:
+    
+    <type>AtLeastOneMemberOf    
+    
+    e.g. StringAtLeastOneMemberOf, BooleanAtLeastOneMemberOf.
     
     This class is for convenience only some function factories are better 
@@ -318 +321 @@
     ndg.xacml.core.functions.v1.at_least_one_member_of.AtLeastOneMemberOfBase
     @type FUNCTION_BASE_CLASS: NoneType (but AbstractFunction derived type in 
-    derived function facotry class)
+    derived function factory class)
     """
     
@@ -327 +330 @@
     URN_SEP = ':'
     FUNCTION_NAME_SEP = '-'
-
+    __slots__ = ('__map', 'attributeValueClassFactory', 'functionSuffix')
+    
     def __init__(self):
-        """Create classes for each <type>-at-least-one-member-of function and
-        place in a look-up table
-        """
+        '''This class is in fact abstract - derived types must define the 
+        FUNCTION_NS_SUFFIX and FUNCTION_BASE_CLASS class variables
+        '''
         if None in (self.__class__.FUNCTION_NS_SUFFIX, 
                     self.__class__.FUNCTION_BASE_CLASS):
@@ -343 +347 @@
                             'iterable of string type function identifiers; got '
                             '%r' % self.__class__.FUNCTION_NAMES)
-            
-        self.__map = {}
+
+        self.__map = {}   
+        
+        # Enables creation of matching attribute types to relevant to the 
+        # function classes    
+        self.attributeValueClassFactory = AttributeValueClassFactory()
+            
+        
         functionSuffixParts = self.__class__.FUNCTION_NS_SUFFIX.split(
                                             self.__class__.FUNCTION_NAME_SEP)
-        functionSuffix = ''.join([n[0].upper() + n[1:] 
+        self.functionSuffix = ''.join([n[0].upper() + n[1:] 
                                   for n in functionSuffixParts if n])
         
-        attributeValueClassFactory = AttributeValueClassFactory()
-        
-        for identifier in self.__class__.FUNCTION_NAMES:            
-            # Extract the function name and the type portion of the function
-            # name in order to make an implementation of a class to handle it
-            functionName = identifier.split(self.__class__.URN_SEP)[-1]
-            if functionName == 'xpath-node-match':
-                pass
-            typePart = functionName.split(self.__class__.FUNCTION_NS_SUFFIX)[0]
-            
-            # Attempt to infer from the function name the associated type
-            typeName = typePart[0].upper() + typePart[1:]
-            
-            # Remove any hyphens converting to camel case
-            if '-' in typeName:
-                typeName = ''.join([i[0].upper() + i[1:]
-                                    for i in typeName.split('-')])
-                
-            typeURI = AttributeValue.TYPE_URI_MAP.get(typeName)
-            if typeURI is None:
-                # Ugly hack to allow for XPath node functions
-                if typePart == 'xpath-node':
-                    typeURI = AttributeValue.TYPE_URI_MAP['String']
-                else:
-                    raise TypeError('No AttributeValue.TYPE_URI_MAP entry for '
-                                    '%r type' % typePart) 
-                
-            _type = attributeValueClassFactory(typeURI)
-            if _type is None:
-                raise TypeError('No AttributeValue.TYPE_MAP entry for %r type' %
-                                typeName)
-              
-            className = typeName + functionSuffix
-            classVars = {
-                'TYPE': _type,
-                'FUNCTION_NS': identifier
-            }
-            
-            functionClass = type(className, 
-                                 (self.__class__.FUNCTION_BASE_CLASS, ), 
-                                 classVars)
-            
-            self.__map[identifier] = functionClass
+    def initAllFunctionClasses(self):
+        """Create classes for all functions for a data type e.g. a derived class
+        could implement a factory for <type>-at-least-one-member-of functions:
+        string-at-least-one-member-of, boolean-at-least-one-member-of, etc. 
+        
+        Function classes are placed in a look-up table __map for the __call__()
+        method to access
+        
+        In practice, there shouldn't be a need to load all the functions in
+        one go.  The __call__ method loads functions and caches them as needed.
+        """        
+        for identifier in self.__class__.FUNCTION_NAMES:
+            self.loadFunction(identifier)        
+
+    def loadFunction(self, identifier):
+        """Create a class for the given function namespace and cache it in the 
+        function class look-up table for future requests.  Note that this call
+        overwrites any existing entry in the cache whereas __call__ will try
+        to use an entry in the cache if it already exists
+        
+        @param identifier: XACML function namespace
+        @type identifier: basestring
+        """
+
+        # str.capitalize doesn't do what's required: need to capitalize the 
+        # first letter of the word BUT retain camel case for the rest of it
+        _capitalize = lambda s: s[0].upper() + s[1:]
+        
+        # Extract the function name and the type portion of the function
+        # name in order to make an implementation of a class to handle it
+        functionName = identifier.split(self.__class__.URN_SEP)[-1]
+        typePart = functionName.split(self.__class__.FUNCTION_NS_SUFFIX)[0]
+        
+        # Attempt to infer from the function name the associated type
+        typeName = _capitalize(typePart)
+        
+        # Remove any hyphens converting to camel case
+        if '-' in typeName:
+            typeName = ''.join([_capitalize(i) for i in typeName.split('-')])
+            
+        typeURI = AttributeValue.TYPE_URI_MAP.get(typeName)
+        if typeURI is None:
+            # Ugly hack to allow for XPath node functions
+            if typePart == 'xpath-node':
+                typeURI = AttributeValue.TYPE_URI_MAP['String']
+            else:
+                raise TypeError('No AttributeValue.TYPE_URI_MAP entry for '
+                                '%r type' % typePart) 
+            
+        _type = self.attributeValueClassFactory(typeURI)
+        if _type is None:
+            raise TypeError('No AttributeValue.TYPE_MAP entry for %r type' %
+                            typeName)
+          
+        className = typeName + self.functionSuffix
+        classVars = {
+            'TYPE': _type,
+            'FUNCTION_NS': identifier
+        }
+        
+        functionClass = type(className, 
+                             (self.__class__.FUNCTION_BASE_CLASS, ), 
+                             classVars)
+        
+        self.__map[identifier] = functionClass
             
     def __call__(self, identifier):
@@ -405 +437 @@
         found
         """
+        # Check the cache first
+        functionClass = self.__map.get(identifier)
+        if functionClass is None:
+            # No class set in the cache - try loading the new class and updating
+            # the cache.
+            self.loadFunction(identifier)
+            
+        # This should result in a safe retrieval from the cache because of the
+        # above check - None return would result otherwise.
         return self.__map.get(identifier)
         
@@ -417 +458 @@
         
 class FunctionMap(VettedDict):
-    """Map function IDs to their implementations"""
+    """Map function IDs to their class implementations in the various function
+    sub-modules.  It provide a layer over the various 
+    FunctionClassFactoryInterface implementations so that a function class can 
+    be obtained directly from a given XACML function URN.  
+    """
     FUNCTION_PKG_PREFIX = 'ndg.xacml.core.functions.'
     
@@ -433 +478 @@
     
     def __init__(self):
-        """Force function entries to derive from AbstractFunction and IDs to
-        be string type
+        """Force type for dictionary key value pairs: function values must be
+        of AbstractFunction derived type and ID keys string type
         """        
         # Filters are defined as staticmethods but reference via self here to 
         # enable derived class to override them as standard methods without
         # needing to redefine this __init__ method            
-        super(FunctionMap, self).__init__(self.keyFilter, self.valueFilter)
+        VettedDict.__init__(self, self.keyFilter, self.valueFilter)
+        
+        # This classes maintains a list of XACML function URN -> Function class
+        # mappings.  This additional dict enables caching of class factories 
+        # used to obtain the function classes.  There is one class factory per
+        # function module e.g. ndg.xacml.core.functions.v1.equal contains a 
+        # class factory which creates the various 
+        # urn:oasis:names:tc:xacml:1.0:function:<type>-equal function classes
+        self.__classFactoryMap = {}
         
     @staticmethod
@@ -462 +515 @@
         return True 
            
-    def load(self):
+    def loadAll(self):
         """Load function map with implementations from the relevant function
         package"""
         
         for functionNs in XacmlFunctionNames.FUNCTION_NAMES:
-            self._loadFunction(functionNs)
-            
-    @classmethod
-    def withLoadedMap(cls):
-        """Return a pre-loaded map"""
-        functionMap = cls()
-        functionMap.load()
-        return functionMap
-            
-    def _loadFunction(self, functionNs):
-        """Get package to retrieve function class from for given namespace
+            self.loadFunction(functionNs)
+            
+    def loadFunction(self, functionNs):
+        """Get package to retrieve function class for the given XACML function
+        namespace
+        
+        @param functionNs: XACML function namespace
+        @type functionNs: basestring
         """
+        functionFactory = self.__classFactoryMap.get(functionNs)
+        if functionFactory is not None:
+            # Get function class from previously cached factory
+            self[functionNs] = functionFactory(functionNs)
+            return
+            
+        # No Factory has been cached for this function yet
         cls = FunctionMap
         classPath = None
@@ -484 +541 @@
         for namespacePrefix, pkgNamePrefix in cls.SUPPORTED_NSS.items():
             if functionNs.startswith(namespacePrefix):
-                # Namespace is recognised - translate into a path to a function
-                # class in the right functions package
+                # Namespace is recognised - translate into a path to a 
+                # function class in the right functions package
                 functionName = functionNs.split(namespacePrefix)[-1]
                 functionNameParts = functionName.split('-')
@@ -506 +563 @@
                                          'recognised: %r' % functionNs) 
                        
-        # Try instantiating the function class and loading it into the 
-        # map
+        # Try instantiating the function class and loading it into the map
         try:
             functionFactory = callModuleObject(classPath)
                       
-        except (ImportError, AttributeError):
+        except (ImportError, AttributeError), e:
             log.error("Error importing function factory class %r for function "
-                      "identifier %r: %s", classPath, functionNs, 
-                      traceback.format_exc())
+                      "identifier %r: %s", classPath, functionNs, str(e))
             
             # No implementation exists - default to Abstract function
@@ -520 +575 @@
         else:
             self[functionNs] = functionFactory(functionNs)
-            
-        
-            
-
-
-        
+            self.__classFactoryMap[functionNs] = functionFactory
+                       
+    def __getitem__(self, key):
+        """Override base class implementation to load and cache function classes
+        if they don't otherwise exist
+        """
+        functionClass = VettedDict.get(self, key)
+        if functionClass is None:
+            self.loadFunction(key)
+            
+        return VettedDict.__getitem__(self, key)
+        
+    def get(self, key, *arg):
+        """Likewise to __getitem__, enable loading and caching of function 
+        classes if they don't otherwise exist
+        """
+        functionClass = VettedDict.get(self, key, *arg)
+        if functionClass is None:
+            self.loadFunction(key)
+            return VettedDict.get(self, key, *arg)    
+        else:
+            return functionClass
+
+
+        

TI12-security/trunk/NDG_XACML/ndg/xacml/core/match.py

@@ -54 +54 @@
         
         self.__function = None
-        self.__functionMap = FunctionMap.withLoadedMap()
+        self.__functionMap = FunctionMap()
         self.__loadFunctionFromId = True
         

TI12-security/trunk/NDG_XACML/ndg/xacml/parsers/etree/factory.py

@@ -51 +51 @@
                                                         xacmlTypeName)
         readerClass = importModuleObject(readerClassName)
-        
-        log.debug('Returning %r ElementTree based reader for %r type',
-                  readerClass, xacmlType)
         return readerClass
             

TI12-security/trunk/NDG_XACML/ndg/xacml/test/test_context.py

@@ -20 +20 @@
 from ndg.xacml.core.context.pdpinterface import PDPInterface
 from ndg.xacml.core.context.pdp import PDP
-from ndg.xacml.core.context.handler import AbstractContextHandler
+from ndg.xacml.core.context.handler import CtxHandlerInterface
 from ndg.xacml.core.attribute import Attribute
 from ndg.xacml.core.attributevalue import AttributeValueClassFactory
@@ -31 +31 @@
 
                 
-class TestContextHandler(AbstractContextHandler):
+class TestContextHandler(CtxHandlerInterface):
     """Test implementation of Context Handler"""
     
     def __init__(self):
+        """Add an attribute to hold a reference to a policy information point"""
+        
         super(TestContextHandler, self).__init__()
         self.pip = None        
         
     def handlePEPRequest(self, myRequest):
+        """Handle request from Policy Enforcement Point
         
-        # Convert myRequest to XACML context request
+        @param pepRequest: request from PEP, derived class determines its type
+        e.g. SAML AuthzDecisionQuery
+        @type pepRequest: type
+        @return: PEP response - derived class determines type
+        @rtype: None
+        """
+        
+        # Convert myRequest to XACML context request - var assignment here is 
+        # representative of this process rather than actually doing anything.
         request = myRequest
         
@@ -128 +139 @@
         
     def test03AbstractCtxHandler(self):
-        self.assertRaises(TypeError, AbstractContextHandler)
+        self.assertRaises(TypeError, CtxHandlerInterface, 
+                          "Context handler is an abstract base class")
         
     def test04CreateCtxHandler(self):

TI12-security/trunk/NDG_XACML/ndg/xacml/test/test_matchfunctions.py

@@ -17 +17 @@
 
 from ndg.xacml.core.functions import FunctionMap
-from ndg.xacml.core.functions.v2.anyuri_regexp_match import AnyURIRegexpMatch
+from ndg.xacml.core.functions.v2.regexp_match import RegexpMatchBase
 
 
@@ -29 +29 @@
             'urn:oasis:names:tc:xacml:2.0:function:anyURI-regexp-match'
             
-        self.assert_(isinstance(funcMap.get(anyUriMatchNs), AnyURIRegexpMatch))
+        self.assert_(issubclass(funcMap.get(anyUriMatchNs), RegexpMatchBase))
 
         

TI12-security/trunk/NDG_XACML/ndg/xacml/utils/__init__.py

@@ -9 +9 @@
 __contact__ = "Philip.Kershaw@stfc.ac.uk"
 __revision__ = '$Id$'
+import UserDict
 
 # Interpret a string as a boolean
@@ -114 +115 @@
 
   
-class VettedDict(dict):
-    """Enforce custom checking on keys and items before addition to the 
+class VettedDict(UserDict.DictMixin):
+    """Enforce custom checking on keys and items before addition to a 
     dictionary"""
     
@@ -126 +127 @@
         @type args: tuple
         """
-        super(VettedDict, self).__init__()
-        
         if len(args) != 2:
             raise TypeError('__init__() takes 2 arguments, KeyFilter and '
@@ -139 +138 @@
 
         self.__KeyFilter, self.__valueFilter = args
+        
+        self.__map = {}
         
     def _verifyKeyValPair(self, key, val):
@@ -155 +156 @@
                   
     def __setitem__(self, key, val):
-        """Override base class implementation to enforce type checking"""       
+        """Enforce type checking when setting new items"""       
         if self._verifyKeyValPair(key, val):
-            dict.__setitem__(self, key, val)
+            self.__map[key] = val
 
-    def update(self, d, **kw): 
-        """Override base class implementation to enforce type checking"""       
-        for dictArg in (d, kw):
-            for key, val in dictArg.items():
-                if not self._verifyKeyValPair(key, val):
-                    del dictArg[key]
+    def __getitem__(self, key):
+        """Provde implementation for getting items"""
+        if key not in self.__map:
+            raise KeyError('%r key not found in dict' % key)
         
-        dict.update(self, d, **kw)        
+        return self.__map[key]
     
+    def get(self, key, *arg):
+        """Provide implementation of get item with default"""
+        if key in self.__map:
+            return self.__map[key]
+        
+        elif len(arg) > 1:
+            # Default value set
+            return arg[1]
+        else:
+            return None
+            
+
+    

TI12-security/trunk/NDG_XACML/ndg/xacml/utils/factory.py

@@ -41 +41 @@
             objectName = [objectName]
     
-    log.debug("Importing %r ..." % objectName) 
-      
     module = __import__(_moduleName, globals(), locals(), [])
     components = _moduleName.split('.')
@@ -50 +48 @@
     except AttributeError, e:
         raise AttributeError("Error importing %r: %s" %
-                             (objectName, traceback.format_exc()))
+                             (objectName[0], traceback.format_exc()))
 
     importedObject = module
@@ -61 +59 @@
                         (objectName, objectType, importedObject))
     
-    log.info('Imported %r from module, %r', objectName, _moduleName)
+    log.info('Imported %r from module %r', objectName[0], _moduleName)
     return importedObject
 
@@ -121 +119 @@
                             
     except Exception, e:
-        log.error('%r module import raised %r type exception: %r' % 
-                  (moduleName, e.__class__, traceback.format_exc()))
+        log.debug('%r module import raised %r type exception: %s', 
+                  moduleName, e.__class__, traceback.format_exc())
         raise 
 
     # Instantiate class
-    log.debug('Instantiating object "%s"' % importedObject.__name__)
-    try:
-        if objectArgs:
-            object = importedObject(*objectArgs, **objectProperties)
-        else:
-            object = importedObject(**objectProperties)
-            
-        return object
-
-    except Exception, e:
-        log.error("Instantiating module object, %r: %r" % 
-                                                    (importedObject.__name__, 
-                                                     traceback.format_exc()))
-        raise
+    if objectArgs:
+        object = importedObject(*objectArgs, **objectProperties)
+    else:
+        object = importedObject(**objectProperties)
+        
+    return object