Changeset 7351
- Timestamp:
- 20/08/10 15:46:35 (10 years ago)
- Location:
- TI12-security/trunk/ndg_xacml/ndg/xacml
- Files:
-
- 1 deleted
- 11 edited
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/ndg_xacml/ndg/xacml/core/apply.py
r7109 r7351 12 12 from ndg.xacml.utils import TypedList 13 13 from ndg.xacml.core.expression import Expression 14 from ndg.xacml.core.functions import FunctionMap 15 from ndg.xacml.core.exceptions import (UnsupportedStdFunctionError, 16 UnsupportedFunctionError) 14 from ndg.xacml.core.functions import (FunctionMap, UnsupportedStdFunctionError, 15 UnsupportedFunctionError) 17 16 18 17 -
TI12-security/trunk/ndg_xacml/ndg/xacml/core/attributedesignator.py
r7324 r7351 10 10 __contact__ = "Philip.Kershaw@stfc.ac.uk" 11 11 __revision__ = "$Id$" 12 import logging 13 log = logging.getLogger(__name__) 14 12 15 from ndg.xacml.utils import TypedList 13 16 from ndg.xacml.core.expression import Expression … … 162 165 issuer = self.issuer 163 166 167 log.debug("In SubjectAttributeDesignator for attribute %r", attributeId) 168 164 169 if issuer is not None: 165 170 _issuerMatch = lambda _issuer: issuer == _issuer … … 182 187 # designator can be retrieved externally. If retrieved, they're 183 188 # added to the bag. 189 log.debug("Making query to PIP for additional subject " 190 "attributes to satify match") 191 184 192 attributeValues = context.ctxHandler.pipQuery(context, self) 185 193 if attributeValues is not None: 186 attributeValueBag.extend(attributeValues) 194 log.debug("PIP retrieved additional subject attributes: %r", 195 attributeValues) 196 197 # Weed out any duplicates 198 if len(attributeValueBag) > 0: 199 filtAttributeValues = [attrVal 200 for attrVal in attributeValues 201 if attrVal not in attributeValueBag] 202 203 attributeValueBag.extend(filtAttributeValues) 187 204 188 205 if len(attributeValueBag) == 0 and self.mustBePresent: -
TI12-security/trunk/ndg_xacml/ndg/xacml/core/attributevalue.py
r7324 r7351 131 131 return "%s = %r " % (super(AttributeValue, self).__repr__(), 132 132 self.__value) 133 134 def __eq__(self, attrVal): 135 """Check for equality by comparing the value attributes""" 136 if not isinstance(attrVal, self.__class__): 137 raise TypeError('Expecting %r type for "value" ' 138 'attribute; got %r' % (self.__class__.TYPE, 139 type(attrVal))) 140 141 return self.__value == attrVal.value 133 142 134 143 def _get_value(self): -
TI12-security/trunk/ndg_xacml/ndg/xacml/core/functions/__init__.py
r7109 r7351 278 278 ) 279 279 280 280 from ndg.xacml import XacmlError 281 282 283 class UnsupportedFunctionError(XacmlError): 284 """Encountered a function type that is not recognised as part of the XACML 285 specification and is not supported in this implementation""" 286 287 288 class UnsupportedStdFunctionError(UnsupportedFunctionError): 289 """Encountered a function type that is not supported even though it is 290 part of the XACML specification""" 291 292 293 def unsupportedFunctionErrorFactory(identifier, msg=None): 294 """Factory function to return an unsupported function exception based on 295 the function identifier passed in 296 297 @param identifier: XACML function namespace to check 298 @type identifier: basestring 299 300 @return: unsupported function exception instance 301 @rtype: UnsupportedFunctionError or UnsupportedStdFunctionError depending 302 on the identifier passed 303 """ 304 if identifier in XacmlFunctionNames.FUNCTION_NAMES: 305 if msg is None: 306 msg = "%s: %s" % (UnsupportedStdFunctionError.__doc__, identifier) 307 308 raise UnsupportedStdFunctionError(msg) 309 else: 310 if msg is None: 311 msg = "%s: %s" % (UnsupportedFunctionError.__doc__, identifier) 312 313 raise UnsupportedFunctionError(msg) 314 315 281 316 class FunctionClassFactoryInterface(object): 282 317 """Interface class for function module class factory class … … 443 478 444 479 def __call__(self, identifier): 445 """Return the class for the given XACML *-at-least-one-member-of type446 function identifier480 """Return the class for the given XACML type function identifier 481 447 482 @param identifier: XACML *-at-least-one-member-of type function 448 483 identifier … … 622 657 self[functionNs] = NotImplemented 623 658 else: 624 self[functionNs] = functionFactory(functionNs) 659 function = functionFactory(functionNs) 660 if function is None: 661 raise unsupportedFunctionErrorFactory(functionNs) 662 663 self[functionNs] = function 625 664 self.__classFactoryMap[functionNs] = functionFactory 626 665 -
TI12-security/trunk/ndg_xacml/ndg/xacml/core/functions/v1/at_least_one_member_of.py
r7087 r7351 54 54 '"set2"; got %r' % 55 55 (self.__class__.TYPE, set2.elementType)) 56 57 _set1 = set([attr.value for attr in set1]) 58 _set2 = set([attr.value for attr in set2]) 56 59 57 set2Values = [attr.value for attr in set2] 58 for i in set1: 59 if i.value in set2Values: 60 return True 61 62 return False 60 return len(list(_set1 & _set2)) > 0 63 61 64 62 -
TI12-security/trunk/ndg_xacml/ndg/xacml/core/functions/v1/match.py
r7087 r7351 24 24 TYPE = None 25 25 26 def evaluate(self, string1, string2):27 """Match input strings26 def evaluate(self, input1, input2): 27 """Match two inputs of type self.__class__.TYPE 28 28 29 @param string1: first of two strings to match30 @type string1: basestring31 @param string2: second string32 @type string2: basestring33 @return: True if strings match, False otherwise29 @param input1: first of two inputs to match 30 @type input1: self.__class__.TYPE 31 @param input2: second input 32 @type input2: self.__class__.TYPE 33 @return: True if inputs match, False otherwise 34 34 @rtype: bool 35 35 """ 36 if not isinstance( string1, basestring):36 if not isinstance(input1, self.__class__.TYPE): 37 37 raise XacmlContextTypeError('Expecting %r derived type for ' 38 '" string1"; got %r' %38 '"input1"; got %r' % 39 39 (self.__class__.TYPE, 40 type( string1)))40 type(input1))) 41 41 42 if not isinstance( string2, self.__class__.TYPE):42 if not isinstance(input2, self.__class__.TYPE): 43 43 raise XacmlContextTypeError('Expecting %r derived type for ' 44 '" string2"; got %r' %44 '"input2"; got %r' % 45 45 (self.__class__.TYPE, 46 type( string2)))46 type(input2))) 47 47 48 return string1 == string248 return input1 == input2 49 49 50 50 -
TI12-security/trunk/ndg_xacml/ndg/xacml/core/functions/v1/regexp_match.py
r7088 r7351 89 89 @type identifier: basestring 90 90 @return: at least one member of class corresponding to the given input 91 identifier 92 @rtype: ndg.xacml.core.functions.v1.r ound.Round91 identifier, if no match is found returns None 92 @rtype: ndg.xacml.core.functions.v1.regexp_match.StringRegexMatch / None 93 93 ''' 94 94 if identifier == StringRegexMatch.FUNCTION_NS: -
TI12-security/trunk/ndg_xacml/ndg/xacml/core/match.py
r7103 r7351 17 17 from ndg.xacml.core.attributedesignator import AttributeDesignator 18 18 from ndg.xacml.core.attributeselector import AttributeSelector 19 from ndg.xacml.core.functions import FunctionMap 19 from ndg.xacml.core.functions import (FunctionMap, UnsupportedStdFunctionError, 20 UnsupportedFunctionError) 20 21 from ndg.xacml.core.context.exceptions import XacmlContextError 21 from ndg.xacml.core.exceptions import (UnsupportedStdFunctionError,22 UnsupportedFunctionError)23 22 24 23 … … 335 334 self.matchId) 336 335 337 # Need check for len() because a ny([]) yields True!336 # Need check for len() because all([]) yields True! 338 337 matchStatus = (len(attrMatchStatusValues) > 0 and 339 338 all(attrMatchStatusValues)) -
TI12-security/trunk/ndg_xacml/ndg/xacml/core/policy.py
r7109 r7351 23 23 from ndg.xacml.core.rule_combining_alg import (RuleCombiningAlgClassFactory, 24 24 RuleCombiningAlgInterface) 25 from ndg.xacml.core. exceptions import (UnsupportedStdFunctionError,26 25 from ndg.xacml.core.functions import (UnsupportedStdFunctionError, 26 UnsupportedFunctionError) 27 27 28 28 # Evaluation of a request context -
TI12-security/trunk/ndg_xacml/ndg/xacml/core/rule.py
r7108 r7351 353 353 log.debug('Evaluating rule %r ...', self.id) 354 354 355 # Default to indeterminate355 # Instantiation implicitly sets to default value of Indeterminate 356 356 decision = Decision() 357 357 … … 384 384 conditionStatus = True 385 385 386 # Ref. Spec. 7.9 Rule evaluation, Nb. to get this far, the target 387 # must evaluated as True 386 388 if conditionStatus: 387 389 decision = Decision(decision=self.effect.value) 390 else: 391 decision = Decision.NOT_APPLICABLE 388 392 389 393 return decision -
TI12-security/trunk/ndg_xacml/ndg/xacml/test/ndg1.xml
r7112 r7351 58 58 59 59 The user must have at least one of the roles set - in this 60 case ' urn:siteA:security:authz:1.0:attr:staff'60 case 'staff' 61 61 --> 62 62 <Condition>
Note: See TracChangeset
for help on using the changeset viewer.