Clover Coverage Report
Coverage timestamp: Sun Mar 23 2008 08:24:39 GMT
Overview   Package   File
    FRAMES   NO FRAMES     
24   177   6   3.43
8   60   0.5   7
7     1.71  
1    
 
 
  AccessRule       Line # 60 24 6 87.2% 0.8717949
 
No Tests
 
1    /*
2    * Copyright (c) 2000-2005, University of Salford
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions are met:
7    *
8    * Redistributions of source code must retain the above copyright notice, this
9    * list of conditions and the following disclaimer.
10    *
11    * Redistributions in binary form must reproduce the above copyright notice,
12    * this list of conditions and the following disclaimer in the documentation
13    * and/or other materials provided with the distribution.
14    *
15    * Neither the name of the University of Salford nor the names of its
16    * contributors may be used to endorse or promote products derived from this
17    * software without specific prior written permission.
18    *
19    * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
20    * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21    * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22    * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
23    * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24    * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25    * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26    * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27    * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28    * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29    * POSSIBILITY OF SUCH DAMAGE.
30    */
31   
32    package issrg.pba.rbac.policies;
33   
34    import issrg.pba.Obligation;
35    import issrg.pba.Obligations;
36    import issrg.pba.rbac.xmlpolicy.ifstatement.Term;
37    import org.apache.log4j.*;
38    /**
39    * This is the object representing an Access Rule. It can verify if the given
40    * set of credentials is enough to access certain target domain in accordance
41    * with
42    * the IF-statement. It is not aware of what action it is applied to, this is
43    * the
44    * responsibility of the caller to create an appropriate action definition, to
45    * name the parameters to the action and pass this environment to this object
46    * for decision making.
47    * <p>
48    * Note that if the rule does not allow access to the target, it does not mean
49    * that access should be denied: there could exist another rule that allows the
50    * action.
51    * <p>
52    * This is the kind of objects that are stored as the Target Access Policy.
53    *
54    * @see AccessPolicy
55    *
56    * @author A Otenko
57    * @version 1.0
58    */
59   
 
60    public class AccessRule {
61   
62    private Subtree targetDomain;
63    private Term ifStatement;
64    private issrg.pba.Credentials cred;
65    private Obligations oblgs;
66    private Logger logger = Logger.getLogger(AccessRule.class);
 
67  0 toggle protected AccessRule(){}
68   
69    /**
70    * This constructor builds the AccessRule object that can make a decision for
71    * one Target Domain.
72    *
73    * @param targetDomain is the target domain to which this rule is applicable
74    * @param cred is the minimal set of credentials that the user must possess
75    * in
76    * order to access the target
77    * @param ifStatement is the IF-statement that is applied in this rule
78    */
 
79  181 toggle public AccessRule(Subtree targetDomain, issrg.pba.Credentials cred,
80    Term ifStatement) {
81    //System.err.println("\t\t*** BUILDING AN ACCESS RULE ***\n\t"+cred); //*****
82  181 this.targetDomain=targetDomain;
83  181 this.ifStatement=ifStatement;
84  181 this.cred=cred;
85    }
86   
 
87  181 toggle public AccessRule(Subtree targetDomain, issrg.pba.Credentials cred,
88    Term ifStatement, Obligations obligations) {
89  181 this(targetDomain, cred, ifStatement);
90  181 this.oblgs=obligations;
91    }
92   
93    /**
94    * This method decides if the action can be performed or not. It compares if
95    * the given set of credentials contains the initial set, if the target to
96    * access is contained within the specified domain. If the target is in the
97    * specified domain
98    * it then executes the IF-statement passing the action arguments and the
99    * environment to it.
100    *
101    * @param c is the credential the user possesses
102    * @param t is the TargetADI of the target the user wants to access; note
103    * that it is not an
104    * abstract target, it should be the Entry object, corresponding to
105    * the target; if it is not an Entry object, the target domain matching
106    * cannot
107    * be performed, so the access is denied: false is returned
108    * @param args is the collection of arguments to the action, indexed by the
109    * argument name; note that the argument type is defined inside the
110    * IF-statement
111    * @param env is the environmental variables: the contextual ADI
112    *
113    * @return true, if access can be granted, false, if not (but this does not
114    * mean the policy denied access - there may be another rule that grants
115    * access; deny access only if there was no rule that grants access)
116    *
117    * @throws PbaException, if anything goes wrong within the IF-statement
118    */
 
119  3490 toggle public boolean decide(issrg.pba.Credentials c,
120    Object t,
121    java.util.Map args,
122    java.util.Map env) throws issrg.pba.PbaException{
123  3490 if (!(t instanceof issrg.utils.repository.Entry &&
124    targetDomain.contains((issrg.utils.repository.Entry)t)
125    )){
126  2424 logger.debug("target domain match: "+targetDomain.contains((issrg.utils.repository.Entry)t));
127    //System.out.println("target domain match: "+targetDomain.contains(t)); //***
128  2424 return false;
129    }
130  1066 logger.debug("target domain match");
131    //System.err.println("credentials are contained : "+c.contains(cred) + cred + "**" + c); //****
132  1066 if (!c.contains(cred)){
133  905 logger.debug(c.toString());
134  905 logger.debug(cred.toString());
135  905 logger.debug("credentials are contained: "+c.contains(cred));
136    //System.err.println("credentials are contained: "+c.contains(cred)); //****
137  905 return false;
138    }
139  161 logger.debug("credentials are contained");
140  161 if (ifStatement==null){
141  89 return true;
142    }
143   
144  72 Object result=ifStatement.evaluate(new issrg.pba.rbac.xmlpolicy.ifstatement.Environment(args, env));
145   
146  72 if (!(result instanceof Boolean)){
147  0 throw new issrg.pba.rbac.xmlpolicy.ifstatement.EvaluationException("Evaluation error: the comparison result is not boolean");
148    }
149   
150  72 return ((Boolean)result).booleanValue();
151    }
152   
 
153  3490 toggle public String toString(){
154  3490 return "Access Rule: TargetDomain="+targetDomain+",\n required creds="+cred+",\n if-statement="+ifStatement;
155    }
156   
157    // changed for MSoD, to get the activated role.
 
158  0 toggle public issrg.pba.Credentials getCreds(){
159  0 return cred;
160    }
161   
162   
163    /*
164    * This function retrieves the obligations associated with the access rule.
165    * if no obligation is associated with the access rule, an empty object will
166    * be returned.
167    * @return the object of a set of obligations. An empty object might be
168    * returned when no obligations are associated with it.
169    */
 
170  117 toggle public Obligations getObligations() {
171   
172    //Gansen 2006-6-29
173   
174  117 return this.oblgs;
175    }
176    }
177   
 
CloverReport generated by Clover Code Coverage v2.0.3
Sun Mar 23 2008 08:29:30 GMT.		   Clover: Open Source License registered to OpenPERMIS.