Home       Trees       Indices       Help   
NDG XACML
Package ndg :: Package xacml :: Package core :: Module target
[hide private]

Source Code for Module ndg.xacml.core.target

  1  ''' 
  2  Created on 24 Feb 2010 
  3   
  4  @author: pjkersha 
  5  ''' 
  6  from ndg.xacml.utils import TypedList 
  7  """NDG Security Target type definition 
  8   
  9  NERC DataGrid 
 10  """ 
 11  __author__ = "P J Kershaw" 
 12  __date__ = "25/02/10" 
 13  __copyright__ = "(C) 2010 Science and Technology Facilities Council" 
 14  __contact__ = "Philip.Kershaw@stfc.ac.uk" 
 15  __license__ = "BSD - see LICENSE file in top-level directory" 
 16  __contact__ = "Philip.Kershaw@stfc.ac.uk" 
 17  __revision__ = "$Id: target.py 7955 2011-12-21 18:29:45Z rwilkinson $" 
 18  import logging 
 19  log = logging.getLogger(__name__) 
 20   
 21  from ndg.xacml.core import XacmlCoreBase 
 22  from ndg.xacml.core.action import Action 
 23  from ndg.xacml.core.resource import Resource 
 24  from ndg.xacml.core.subject import Subject 
 25  from ndg.xacml.core.environment import Environment 

 26   
 27   
 28 -class Target(XacmlCoreBase): 

 29      """XACML Target element 
 30       
 31      @cvar ELEMENT_LOCAL_NAME: XML local name for this element 
 32      @type ELEMENT_LOCAL_NAME: string 
 33      @cvar SUBJECTS_ELEMENT_LOCAL_NAME: XML local name for the subjects element 
 34      @type SUBJECTS_ELEMENT_LOCAL_NAME: string 
 35      @cvar ACTIONS_ELEMENT_LOCAL_NAME: XML local name for the actions element 
 36      @type ACTIONS_ELEMENT_LOCAL_NAME: string 
 37      @cvar RESOURCES_ELEMENT_LOCAL_NAME: XML local name for the resources element 
 38      @type RESOURCES_ELEMENT_LOCAL_NAME: string 
 39      @cvar ENVIRONMENTS_ELEMENT_LOCAL_NAME: XML local name for the environments 
 40      element 
 41      @type ENVIRONMENTS_ELEMENT_LOCAL_NAME: string 
 42      @cvar CHILD_ATTRS: list of the XML child element names for <Target/> 
 43      @type CHILD_ATTRS: tuple 
 44       
 45      @ivar __subjects: list of subjects for this target 
 46      @type __subjects: ndg.xacml.utils.TypedList 
 47      @ivar __resources: list of resources for this target 
 48      @type __resources: ndg.xacml.utils.TypedList 
 49      @ivar __actions: list of actions for this target 
 50      @type __actions: ndg.xacml.utils.TypedList 
 51      @ivar __environments: list of environment settings for this target 
 52      @type __environments: ndg.xacml.utils.TypedList 
 53      """ 
 54      ELEMENT_LOCAL_NAME = "Target" 
 55      SUBJECTS_ELEMENT_LOCAL_NAME = "Subjects" 
 56      ACTIONS_ELEMENT_LOCAL_NAME = "Actions" 
 57      RESOURCES_ELEMENT_LOCAL_NAME = "Resources" 
 58      ENVIRONMENTS_ELEMENT_LOCAL_NAME = "Environments" 
 59      CHILD_ATTRS = ('subjects', 'resources', 'actions', 'environments') 
 60      
 61      __slots__ = ('__subjects', '__resources', '__actions', '__environments') 
 62       

 63 -    def __init__(self): 

 64          """Initial attributes""" 
 65          self.__subjects = TypedList(Subject) 
 66          self.__resources = TypedList(Resource) 
 67          self.__actions = TypedList(Action) 
 68          self.__environments = TypedList(Environment) 

 69       
 70      @property 

 71 -    def subjects(self): 

 72          """Get subjects 
 73          @return: list of subjects for this target 
 74          @rtype: ndg.xacml.utils.TypedList 
 75          """ 
 76          return self.__subjects 

 77       
 78      @property 

 79 -    def resources(self): 

 80          """Get resources 
 81          @return: list of resources for this target 
 82          @rtype: ndg.xacml.utils.TypedList 
 83          """ 
 84          return self.__resources 

 85       
 86      @property 

 87 -    def actions(self): 

 88          """Get actions 
 89          @return: list of actions for this target 
 90          @rtype: ndg.xacml.utils.TypedList 
 91          """ 
 92          return self.__actions 

 93       
 94      @property 

 95 -    def environments(self): 

 96          """Get environments 
 97          @return: list of environments for this target 
 98          @rtype: ndg.xacml.utils.TypedList 
 99          """ 
100          return self.__environments 

101               

102 -    def match(self, request): 

103          """Generic method to match a <Target> element to the request context 
104           
105          @param request: XACML request context 
106          @type request: ndg.xacml.core.context.request.Request 
107          @return: True if request context matches the given target,  
108          False otherwise 
109          @rtype: bool 
110          """ 
111           
112          # From section 5.5 of the XACML 2.0 Core Spec: 
113          # 
114          # For the parent of the <Target> element to be applicable to the  
115          # decision request, there MUST be at least one positive match between  
116          # each section of the <Target> element and the corresponding section of  
117          # the <xacml-context:Request> element. 
118          #  
119          # Also, 7.6: 
120          # 
121          # The target value SHALL be "Match" if the subjects, resources, actions  
122          # and environments specified in the target all match values in the  
123          # request context.  
124          statusValues = [False]*len(self.__class__.CHILD_ATTRS)  
125           
126          # Iterate for target subjects, resources, actions and environments  
127          # elements 
128          for i, attrName in enumerate(self.__class__.CHILD_ATTRS): 
129              # If any one of the <Target> children is missing then it counts as 
130              # a match e.g. for <Subjects> child element - Section 5.5: 
131              # 
132              # <Subjects> [Optional] Matching specification for the subject  
133              # attributes in the context. If this element is missing, 
134              # then the target SHALL match all subjects. 
135              targetElem = getattr(self, attrName) 
136              if len(targetElem) == 0: 
137                  statusValues[i] = True 
138                  continue 
139               
140              # Iterate over each for example, subject in the list of subjects: 
141              # <Target> 
142              #     <Subjects> 
143              #          <Subject> 
144              #              ... 
145              #          </Subject> 
146              #          <Subject> 
147              #              ... 
148              #          </Subject> 
149              #     ... 
150              # or resource in the list of resources and so on 
151              for targetSubElem in targetElem: 
152                  if self._matchChild(targetSubElem, request): 
153                      # Within the list of e.g. subjects if one subject  
154                      # matches then this counts as a subject match overall  
155                      # for this target 
156                      statusValues[i] = True 
157    
158          # Target matches if all the children (i.e. subjects, resources, actions 
159          # and environment sections) have at least one match.  Otherwise it  
160          # doesn't count as a match 
161          return all(statusValues) 

162       

163 -    def _matchChild(self, targetChild, request): 

164          """Match a request child element (a <Subject>, <Resource>, <Action> or  
165          <Environment>) with the corresponding target's <Subject>, <Resource>,  
166          <Action> or <Environment>. 
167           
168          @param targetChild: Target Subject, Resource, Action or Environment 
169          object 
170          @type targetChild: ndg.xacml.core.TargetChildBase 
171          @param request: Request context object 
172          @type request: ndg.xacml.core.context.request.Request 
173          @return: True if request context matches something in the target 
174          @rtype: bool 
175          @raise UnsupportedStdFunctionError: policy references a function type  
176          which is in the XACML spec. but is not supported by this implementation 
177          @raise UnsupportedFunctionError: policy references a function type which 
178          is not supported by this implementation 
179          """ 
180          if targetChild is None: 
181              # Default if target child is not set is to match all children 
182              return True 
183           
184          matchStatusValues = [True]*len(targetChild.matches) 
185           
186          # Section 7.6 
187          # 
188          # A subject, resource, action or environment SHALL match a value in the 
189          # request context if the value of all its <SubjectMatch>,  
190          # <ResourceMatch>, <ActionMatch> or <EnvironmentMatch> elements,  
191          # respectively, are "True". 
192          # 
193          # e.g. for <SubjectMatch>es in <Subject> ... 
194          for i, childMatch in enumerate(targetChild.matches): 
195              matchStatusValues[i] = childMatch.evaluate(request) 
196               
197          # All match => overall match       
198          return all(matchStatusValues) 

199

   Home       Trees       Indices       Help   
NDG XACML
Generated by Epydoc 3.0.1 on Thu Apr 5 08:44:42 2012 http://epydoc.sourceforge.net