Skip to main content

[nobis~git:b9a44de8] split getPredicate into 2 methods to match change in the Interface defini

  • From: monzillo@...
  • To: commits@...
  • Subject: [nobis~git:b9a44de8] split getPredicate into 2 methods to match change in the Interface defini
  • Date: Thu, 12 Sep 2013 18:24:13 +0000

Project:    nobis
Repository: git
Revision:   b9a44de88ad3b041d2720a164723e568cc2b6912
Author:     monzillo
Date:       2013-09-12 18:20:10 UTC
Link:       

Log Message:
------------
added repository Proxy to be able to be able to compose new providers from 
other composed providers and 
without being forced to repeat permission checking within the internal 
composition.

added Permission checking layered over AttributeRepositoryProxy objects
made internal predicate lists unmodifiable
improved predicate action typing
added permission checking, and integrated with security manager
removed getRepositoryDescriptor
split getPredicate into 2 differentiated methods (for the 2 types of 
getPredicate methods defined by the ArttributeProvider and 
AttributeRepository interfaces)
removed getRepositoryDescriptor method

added test of AttributeService with security manager enabled, which will 
check permissions.
These new tests will be run by the build, and these tests require permission 
grants, which
will be submitted in a separate file.
added policy file to support tests of attribute service with security manager 
enabled.
removed getRepositoryDescriptor
differentiated getPredicate impl into 2 methods to match change in Interface 
definition
changed predicate constructors tp allign with changes to predicate operator 
typing
split getPredicate into 2 methods to match change in the Interface definition
split getPredicate into 2 methods to match change in the Interface definition
removed impl of getRepositoryDescriptor


Revisions:
----------
8ea07a3be974e9bd95aba00ce452493882d916ea
dd42af9f93acdba9ac517cdffcd78b6e1972b99a
46e9413f542fc7f0e20fdab7d3ad02d8bbac253f
61c8d5efcb6e6deeaf54a84bf58bf2e6a68638eb
23dd2d320de47766b9a8d6337ee2381900cf45f7
021d710242bacd5afb38815e10c2f3449e01bda3
a8f67c3b05db34e634a6b4cb62af7228ad564c0b
52402ba4c3a1983d09daf0ad614877bf9c3b8183
3ab76c6b6b3bf676bc5f0502cfa99b283a73b373
de44037d978d136c5e407769d521b6d264e293db
4dcfacd59edb8c4aaea437647c43e65675c709ff
b9a44de88ad3b041d2720a164723e568cc2b6912


Modified Paths:
---------------
Nobis/nobis-core/src/main/java/org/glassfish/nobis/provider/AttributeProviderProxy.java
Nobis/nobis-core/src/main/java/org/glassfish/nobis/provider/BasicIDPredicate.java
Nobis/nobis-core/src/main/java/org/glassfish/nobis/provider/NobisAttributeService.java
Nobis/nobis-core/src/main/java/org/glassfish/nobis/annotation/processor/IDEntityProviderProcessor.java
Nobis/nobis-core/src/test/java/org/glassfish/nobis/test/factory/RepositoryAdapter.java
Nobis/providers/facebook-provider/src/main/java/org/glassfish/nobis/provider/facebook/FacebookAttributeRepository.java
Nobis/providers/facebook-provider/src/main/java/org/glassfish/nobis/provider/facebook/FacebookPredicate.java
Nobis/providers/inmemory-provider/src/main/java/org/glassfish/nobis/provider/inmemory/PredicateFactory.java
Nobis/providers/jpa-provider/src/main/java/org/glassfish/nobis/provider/jpa/JPAAttributeProvider.java


Added Paths:
------------
Nobis/nobis-core/src/main/java/org/glassfish/nobis/provider/AttributeRepositoryProxy.java
Nobis/nobis-core/src/test/java/org/glassfish/nobis/test/security/CheckProxySecurity.java
Nobis/nobis-core/src/test/java/org/glassfish/nobis/test/security/TestNobisWithSecurityManager.java
Nobis/java.policy


Diffs:
------
--- /dev/null
+++ 
b/Nobis/nobis-core/src/main/java/org/glassfish/nobis/provider/AttributeRepositoryProxy.java
@@ -0,0 +1,1008 @@
+/*
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ *
+ * Copyright (c) 2011-2012 Oracle and/or its affiliates. All rights reserved.
+ *
+ * The contents of this file are subject to the JSR 351 Reference 
+ * Implementation License.
+ *
+ * The JSR 351 Reference Implementation is Licensed under Apache License, 
+ * version 2.0, at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * The License for the JSR 351 Specification is available at:
+ *
+ * 
http://jcp.org/aboutJava/communityprocess/licenses/jsr351/351SpecLicenseIdentityJSR.pdf
+ */
+package org.glassfish.nobis.provider;
+
+import java.io.Serializable;
+import java.util.*;
+import javax.security.identity.*;
+import javax.security.identity.client.*;
+import javax.security.identity.client.expression.IDExpression;
+import javax.security.identity.client.expression.IDName;
+import javax.security.identity.client.expression.NameExpression;
+import javax.security.identity.client.expression.RegularExpression;
+import javax.security.identity.provider.RepositoryLookupService;
+import javax.security.identity.provider.AttributeProvider;
+import javax.security.identity.provider.AttributeRepository;
+import javax.security.identity.provider.AttributeUpdateService;
+import javax.security.identity.provider.RepositoryUpdateService;
+
+/**
+ * Class used by reference implementation of ProviderLookupService to derive 
new
+ * AttributeProvider objects by selection, union, and join. In addition to 
its
+ * virtualization function, the Proxy is expected to be an enforcement point 
for
+ * the access control policy of the attribute service.
+ *
+ * NOTE; entity and attribute references returned by proxies should contain
+ * ProviderLookupContext of proxy, and these references should be 
dereferenced
+ * at the provider corresponding to the lookup context (as apposed to at the
+ * internal provider from which the entity or attribute is ultimately 
derived.)
+ *
+ * @author ronmonzillo
+ */
+class AttributeRepositoryProxy implements AttributeRepository {
+
+    /**
+     * Construct a new AttributeProviderProxy that wraps the 
AttributeProvider
+     * arguments.
+     *
+     * @param context a ProviderLookupContext describing the Proxy that is 
to be
+     * constructed.
+     *
+     * @param _providers an array containing the AttributeProvider objects 
from
+     * which the Proxy is to be constructed.
+     */
+    AttributeRepositoryProxy(ProviderLookupContext context, final 
AttributeRepository ... providers) {
+
+        _context = context;
+        _providers = providers;
+        _providerCount = providers == null ? 0 : providers.length;
+        _isJoin = context.getSelector() == null && 
context.getNameExpressions() != null
+                && _providerCount == 2;
+    }
+    private final boolean _isJoin;
+    private final int _providerCount;
+    private final ProviderLookupContext _context;
+    private final AttributeRepository[] _providers;
+    private final AttributeRepository _provider = new AttributeRepository() {
+        private RepositoryUpdateService _update = null;
+        private RepositoryLookupService _lookup = null;
+
+        @Override
+        public ProviderLookupContext getProviderLookupContext() {
+            return _context;
+        }
+
+        @Override
+        public synchronized RepositoryLookupService 
getAttributeLookupService() {
+
+            if (_lookup == null) {
+
+                _lookup = new RepositoryLookupService() {
+                    @Override
+                    public Collection<IDEntityReference> 
search(AttributeSelector... entitySelectors) {
+
+                        if (nativeSelectors(_context, entitySelectors)) {
+
+                            Collection<IDEntityReference> rvalue = new 
ArrayList<IDEntityReference>();
+                            int selectorCount = entitySelectors == null ? 0 
: entitySelectors.length;
+
+                            // processing provider created by join
+                            if (_isJoin) {
+
+                                NameExpression[] expressions = 
_context.getNameExpressions();
+                                final IDPredicate[] _joinPredicates = new 
IDPredicate[_providerCount];
+                                for (int i = 0; i < _providerCount; i++) {
+                                    // Compute predicate to apply join 
expression to corresponding side of the join 
+                                    _joinPredicates[i] = 
_providers[i].contains(expressions[i]);
+                                }
+
+                                /*
+                                 * combine the entity selectors into the
+                                 * designated sides of the join, so that the
+                                 * selectors can be used to reduce the
+                                 * cardinality prior to entering the join
+                                 * matching loop.
+                                 */
+                                BitSet selectorHistory = new 
BitSet(selectorCount);
+                                ArrayList<AttributeSelector>[] 
proxySelectors = new ArrayList[_providerCount];
+                                Collection<IDEntityReference>[] collections 
= new Collection[_providerCount];
+                                // providerCount must == 2, it is the number 
of joined providers
+                                for (int i = 0; i < _providerCount; i++) {
+                                    proxySelectors[i] = new 
ArrayList<AttributeSelector>();
+                                    //add a selector containing the join 
predicate for side of the joing being processed 
+                                    proxySelectors[i].add(new 
AttributeSelector(_joinPredicates[i]));
+                                    // there may be a variable number of 
entity selectors, for each selector
+                                    for (int j = 0; j < selectorCount; j++) {
+                                        /*
+                                         * determine if the selector applies 
to
+                                         * the side of the join being 
processed,
+                                         * and if so, add it to the list of
+                                         * selectors to be applied to the 
side.
+                                         */
+
+                                        if 
(_providers[i].getProviderLookupContext().predicateInContext(entitySelectors[j].getPredicate()))
 {
+                                            proxySelectors[i].add(new 
AttributeSelector(getPredicateFromSwimLane(i, entitySelectors[j])));
+                                            selectorHistory.set(j);
+                                        }
+                                    }
+                                    // obtain selected entities from each 
side of the join
+                                    // should we only get collection[0]
+                                    collections[i] = 
_providers[i].getAttributeLookupService().search(proxySelectors[i].toArray(new
 AttributeSelector[0]));
+                                }
+                                /*
+                                 * ensure that all entitySelectors are 
satisfied
+                                 * by at least one side of the join.
+                                 */
+                                int firstClearBit = 
selectorHistory.nextClearBit(0);
+                                if (firstClearBit < selectorCount) {
+                                    throw new RuntimeException("Entity 
Selector specifies foreign expression binding");
+                                }
+
+                                // put the right side selectors into an 
array, leaving slot zero available to receive the
+                                // selector establishing the join attribute 
and value (see s1 below)
+
+                                AttributeSelector[] rightProxySelectors = 
new AttributeSelector[proxySelectors[1].size() + 1];
+                                for (int i = 1; i <= 
proxySelectors[1].size(); i++) {
+                                    rightProxySelectors[i] = 
proxySelectors[1].get(i - 1);
+                                }
+
+                                // selected entities from left side of the 
join
+                                Collection<IDEntityReference> leftEntities = 
_providers[0].getAttributeLookupService().search(proxySelectors[0].toArray(new
 AttributeSelector[0]));
+
+                                AttributeSelector s0 = new 
AttributeSelector(_joinPredicates[0]);
+                                // iterate over the entities selected from 
the left side of the join
+                                for (IDEntityReference r0 : leftEntities) {
+                                    //get the join attribute of the entity 
+                                    Collection<IDAttribute> attributes = 
_providers[0].getAttributeLookupService().getAttributes(r0, s0);
+                                    for (IDAttribute<Serializable> a : 
attributes) {
+                                        IDExpression<Serializable> valueExp;
+                                        //get the value of the join 
attribute, and create a value expression
+                                        Serializable v = 
a.getAttributeValue().getValue();
+                                        if (v == null) {
+                                            valueExp = new 
IDExpression(a.getAttributeValue().getValues());
+                                        } else {
+                                            valueExp = new IDExpression(v);
+                                        }
+                                        // create the selector establishing 
the join attribute and value
+                                        AttributeSelector s1 = new 
AttributeSelector(_providers[1].and(_joinPredicates[1], 
_providers[1].equal(valueExp)));
+                                        //insert slector in the selector 
array that will be used in the join
+                                        rightProxySelectors[0] = s1;
+
+                                        // select entities from right side 
of the join
+                                        Collection<IDEntityReference> 
rightEntities = 
_providers[1].getAttributeLookupService().search(rightProxySelectors);
+                                        // iterate over the entities 
selected from the right side of the join
+                                        for (IDEntityReference r1 : 
rightEntities) {
+                                            /// ensure that each entity has 
an attribute that matches the name and value of the join attribute
+                                            Collection<IDAttributeReference> 
references = 
_providers[1].getAttributeLookupService().getAttributeReferences(r1, s1);
+                                            if (!references.isEmpty()) {
+                                                //if so, add a reference to 
the joined entity to the result
+                                                rvalue.add(new 
ProxyEntityReference(_context, r0, r1));
+                                            }
+                                        }
+                                    }
+                                }
+                            } else if (_context.getSelector() == null) {
+                                // processing singular repository-based 
provider or provider created by union of n providers
+                                for (int i = 0; i < _providerCount & 
selectorCount > 0; i++) {
+                                    for (IDEntityReference r : 
_providers[i].getAttributeLookupService().search(getEntitySelectorsFromSwimLane(i,
 entitySelectors))) {
+                                        rvalue.add(new 
ProxyEntityReference(_context, r));
+                                    }
+                                }
+                            } else {
+
+                                // processing provider created using 
AttributeSelector; providerCount should == 1
+                                for (int i = 0; i < _providerCount & 
selectorCount > 0; i++) {
+                                    AttributeSelector[] proxySelectors = new 
AttributeSelector[selectorCount + 1];
+                                    
System.arraycopy(getEntitySelectorsFromSwimLane(i, entitySelectors), 0, 
proxySelectors, 1, selectorCount);
+                                    for (int j = 0; j < selectorCount; j++) {
+                                        //prepend provider defining selector 
at the front of the selector array
+                                        proxySelectors[0] = 
_context.getSelector();
+                                        for (IDEntityReference r : 
_providers[i].getAttributeLookupService().search(proxySelectors)) {
+                                            rvalue.add(new 
ProxyEntityReference(_context, r));
+                                        }
+                                    }
+                                }
+                            }
+
+                            return rvalue;
+                        }
+
+                        throw new RuntimeException(
+                                "Foreign Entity Selector");
+                    }
+
+                    @Override
+                    public Collection<IDAttributeReference> 
getAttributeReferences(IDEntityReference entity, AttributeSelector 
attributeSelector, PropertySelector... propertySelectors) {
+
+                        Collection<IDAttributeReference> rvalue = null;
+
+                        if (nativeSelectors(_context, attributeSelector, 
propertySelectors)) {
+                            ProxyEntityReference jER = 
getProxyEntityReference(entity, true);
+                            rvalue = new ArrayList<IDAttributeReference>();
+                            for (int i = 0; i < _providers.length; i++) {
+
+                                if 
(!nativeEntityReference(jER._references[i], 
_providers[i].getProviderLookupContext())) {
+                                    throw new RuntimeException("Entity 
Reference Encapsulates Foreign Entity Reference");
+                                }
+
+                                Collection<IDAttributeReference> c =
+                                        
_providers[i].getAttributeLookupService().getAttributeReferences(jER._references[i],
+                                        getAttributeSelectorFromSwimLane(i, 
attributeSelector), getPropertySelectorsFromSwimLane(i, propertySelectors));
+                                for (IDAttributeReference r : c) {
+                                    rvalue.add(new 
ProxyAttributeReference(_context, r));
+                                }
+                            }
+                        }
+                        return rvalue;
+                    }
+
+                    @Override
+                    public Collection<IDAttribute> 
getAttributes(IDEntityReference entity, AttributeSelector attributeSelector, 
PropertySelector... propertySelectors) {
+                        
+                        if (!nativeSelectors(_context, attributeSelector, 
propertySelectors)) {
+                            throw new RuntimeException("Foreign Attribute or 
Property Selector");
+                        }
+
+                        ProxyEntityReference jER = 
getProxyEntityReference(entity, true);
+                        Collection<IDAttribute> rvalue = new 
ArrayList<IDAttribute>();
+
+                        for (int i = 0; i < _providers.length; i++) {
+
+                            if (!nativeEntityReference(jER._references[i], 
_providers[i].getProviderLookupContext())) {
+                                throw new RuntimeException("Entity Reference 
Encapsulates Foreign Entity Reference");
+                            }
+
+                            Collection<IDAttribute> c =
+                                    
_providers[i].getAttributeLookupService().getAttributes(jER._references[i],
+                                    getAttributeSelectorFromSwimLane(i, 
attributeSelector), getPropertySelectorsFromSwimLane(i, propertySelectors));
+                            for (IDAttribute a : c) {
+                                rvalue.add(new ProxyAttribute(_context, a));
+                            }
+
+                        }
+                        return rvalue;
+                    }
+
+                    @Override
+                    public Collection<IDAttribute> 
getAttributes(Collection<IDAttributeReference> references) {
+                        
+                        Collection<IDAttribute> attributes = new 
ArrayList<IDAttribute>();
+                        for (IDAttributeReference r : references) {
+                            IDAttribute a = getAttribute(r);
+                            if (a != null) {
+                                attributes.add(a);
+                            }
+                        }
+                        return attributes;
+                    }
+
+                    @Override
+                    public IDAttribute getAttribute(IDAttributeReference 
reference) {
+
+                        ProxyAttributeReference jAR = 
getProxyAttributeReference(reference, true);
+                        for (AttributeRepository p : _providers) {
+                            if (nativeAttributeReference(jAR._reference, 
p.getProviderLookupContext())) {
+                                IDAttribute a = 
p.getAttributeLookupService().getAttribute(jAR._reference);
+                                if (a != null) {
+                                    return new ProxyAttribute(_context, a);
+                                }
+                                return null;
+                            }
+                        }
+                        throw new RuntimeException("Invalid _providers array 
within ProxyAttributeProvider");
+                    }
+
+                    @Override
+                    public Collection<IDAttributeReference> 
getAttributeReferences(IDEntityReference entity) {
+                        
+                        AttributeSelector s = new 
AttributeSelector(_provider.and());
+                        return this.getAttributeReferences(entity, s);
+                    }
+
+                    @Override
+                    public Collection<IDAttribute> 
getAttributes(IDEntityReference entity) {
+                        
+                        AttributeSelector s = new 
AttributeSelector(_provider.and());
+                        return getAttributes(entity, s);
+                    }
+                };
+            }
+            return _lookup;
+        }
+
+        @Override
+        public synchronized RepositoryUpdateService 
getAttributeUpdateService() {
+
+            // only update through simple leaf provider
+            if (_update == null && _context.getNameExpressions() == null
+                    && _context.getSelector() == null && _providerCount == 
1) {
+
+                _update = new AttributeUpdateService() {
+                    @Override
+                    public IDEntityReference 
addEntity(Collection<IDNamedAttributeValue> attributes) {
+                        
+                        return new ProxyEntityReference(_context, 
_providers[0].getAttributeUpdateService().addEntity(attributes));
+                    }
+
+                    @Override
+                    public IDAttributeReference 
addAttribute(IDEntityReference entity, IDNamedAttributeValue attribute) {
+                        
+                        ProxyEntityReference jER = 
getProxyEntityReference(entity, true);
+                        return new ProxyAttributeReference(_context, 
_providers[0].getAttributeUpdateService().addAttribute(jER._references[0], 
attribute));
+                    }
+
+                    @Override
+                    public Collection<IDAttributeReference> 
addAttributes(IDEntityReference entity, Collection<IDNamedAttributeValue> 
attributes) {
+                        
+                        ProxyEntityReference jER = 
getProxyEntityReference(entity, true);
+                        Collection<IDAttributeReference> proxyRefs = null;
+                        for (IDAttributeReference r : 
_providers[0].getAttributeUpdateService().addAttributes(jER._references[0], 
attributes)) {
+                            if (proxyRefs == null) {
+                                proxyRefs = new 
ArrayList<IDAttributeReference>();
+                            }
+                            proxyRefs.add(new 
ProxyAttributeReference(_context, r));
+                        }
+                        return proxyRefs;
+                    }
+
+                    @Override
+                    public boolean addProperty(IDAttributeReference 
attribute, IDName propertyName, IDAttributeValue propertyValue) {
+                        
+                        ProxyAttributeReference jAR = 
getProxyAttributeReference(attribute, false);
+                        if (jAR != null) {
+                            return 
_providers[0].getAttributeUpdateService().addProperty(jAR._reference, 
propertyName, propertyValue);
+                        }
+                        return false;
+                    }
+
+                    @Override
+                    public boolean deleteEntity(IDEntityReference entity) {
+
+                        ProxyEntityReference jER = 
getProxyEntityReference(entity, false);
+                        if (jER != null) {
+                            return 
_providers[0].getAttributeUpdateService().deleteEntity(jER._references[0]);
+                        }
+                        return false;
+                    }
+
+                    @Override
+                    public boolean deleteAttribute(IDAttributeReference 
attribute) {
+
+                        ProxyAttributeReference jAR = 
getProxyAttributeReference(attribute, false);
+                        if (jAR != null) {
+                            return 
_providers[0].getAttributeUpdateService().deleteAttribute(jAR._reference);
+                        }
+                        return false;
+                    }
+
+                    @Override
+                    public Collection<IDAttributeReference> 
deleteAttributes(Collection<IDAttributeReference> attributes) {
+                        
+                        Collection<IDAttributeReference> rejects = null;
+                        Collection<IDAttributeReference> candidates = null;
+                        for (IDAttributeReference r : attributes) {
+                            ProxyAttributeReference jAR = 
getProxyAttributeReference(r, false);
+                            if (jAR != null) {
+                                if (candidates == null) {
+                                    candidates = new 
ArrayList<IDAttributeReference>();
+                                }
+                                candidates.add(jAR._reference);
+                            } else {
+                                if (rejects == null) {
+                                    rejects = new 
ArrayList<IDAttributeReference>();
+                                }
+                                rejects.add(r);
+                            }
+                        }
+                        if (candidates != null) {
+                            for (IDAttributeReference r : 
_providers[0].getAttributeUpdateService().deleteAttributes(candidates)) {
+                                if (rejects == null) {
+                                    rejects = new 
ArrayList<IDAttributeReference>();
+                                }
+                                rejects.add(new 
ProxyAttributeReference(_context, r));
+                            }
+                        }
+                        return rejects;
+                    }
+
+                    @Override
+                    public boolean deleteProperty(IDAttributeReference 
attribute, IDName propertyName) {
+                        
+                        ProxyAttributeReference jAR = 
getProxyAttributeReference(attribute, false);
+                        if (jAR != null) {
+                            return 
_providers[0].getAttributeUpdateService().deleteProperty(jAR._reference, 
propertyName);
+                        }
+                        return false;
+                    }
+
+                    @Override
+                    public Collection<IDAttributeReference> 
deleteProperty(Collection<IDAttributeReference> attributes, IDName 
propertyName) {
+                        
+                        Collection<IDAttributeReference> rejects = null;
+                        Collection<IDAttributeReference> candidates = null;
+                        for (IDAttributeReference r : attributes) {
+                            ProxyAttributeReference jAR = 
getProxyAttributeReference(r, false);
+                            if (jAR != null) {
+                                if (candidates == null) {
+                                    candidates = new 
ArrayList<IDAttributeReference>();
+                                }
+                                candidates.add(jAR._reference);
+                            } else {
+                                if (rejects == null) {
+                                    rejects = new 
ArrayList<IDAttributeReference>();
+                                }
+                                rejects.add(r);
+                            }
+                        }
+                        if (candidates != null) {
+                            for (IDAttributeReference r : 
_providers[0].getAttributeUpdateService().deleteProperty(candidates, 
propertyName)) {
+                                if (rejects == null) {
+                                    rejects = new 
ArrayList<IDAttributeReference>();
+                                }
+                                rejects.add(new 
ProxyAttributeReference(_context, r));
+                            }
+                        }
+                        return rejects;
+                    }
+
+                    @Override
+                    public Collection<IDAttributeReference> 
replaceEntity(IDEntityReference entity, Collection<IDNamedAttributeValue> 
attributes) {
+                        
+                        throw new UnsupportedOperationException("Not 
supported yet.");
+                    }
+
+                    @Override
+                    public boolean renameAttribute(IDAttributeReference 
attribute, Collection<IDName> names) {
+
+                        throw new UnsupportedOperationException("Not 
supported yet.");
+                    }
+
+                    @Override
+                    public Collection<IDAttributeReference> 
renameAttributes(Collection<IDAttributeReference> attribute, 
Collection<IDName> names) {
+                        
+                        throw new UnsupportedOperationException("Not 
supported yet.");
+                    }
+
+                    @Override
+                    public boolean 
replaceAttributeValue(IDAttributeReference attribute, IDAttributeValue value) 
{
+
+                        throw new UnsupportedOperationException("Not 
supported yet.");
+                    }
+
+                    @Override
+                    public Collection<IDAttributeReference> 
replaceAttributeValues(Collection<IDAttributeReference> attribute, 
IDAttribute value) {
+                        
+                        throw new UnsupportedOperationException("Not 
supported yet.");
+                    }
+
+                    @Override
+                    public boolean replacePropertyValue(IDAttributeReference 
attribute, IDName propertyName, IDAttributeValue propertyValue) {
+
+                        throw new UnsupportedOperationException("Not 
supported yet.");
+                    }
+
+                    @Override
+                    public Collection<IDAttributeReference> 
replacePropertyValue(Collection<IDAttributeReference> attribute, IDName 
propertyName, IDAttributeValue propertyValue) {
+
+                        throw new UnsupportedOperationException("Not 
supported yet.");
+                    }
+                };
+            }
+            return _update;
+        }
+
+        @Override
+        public IDPredicate and(IDPredicate... predicates) {
+
+            return new SwimLanePredicate(_context, IDBooleanOperator.and, 
predicates, _providers);
+        }
+
+        @Override
+        public IDPredicate or(IDPredicate... predicates) {
+
+            return new SwimLanePredicate(_context, IDBooleanOperator.or, 
predicates, _providers);
+        }
+
+        @Override
+        public IDPredicate equal(final IDExpression<?> x) {
+
+            return new SwimLanePredicate(_context, IDOperator.equal, x, 
_providers);
+        }
+
+        @Override
+        public <C extends Serializable & Comparable<C>> IDPredicate 
greaterThan(IDExpression<C> x) {
+
+            return new SwimLanePredicate(_context, IDOperator.greaterThan, 
x, _providers);
+
+        }
+
+        @Override
+        public <C extends Serializable & Comparable<C>> IDPredicate 
lessThan(IDExpression<C> x) {
+            
+            return new SwimLanePredicate(_context, IDOperator.lessThan, x, 
_providers);
+        }
+
+        @Override
+        public IDPredicate contains(IDExpression<?> x) {
+
+            return new SwimLanePredicate(_context, IDOperator.contains, x, 
_providers);
+        }
+
+        @Override
+        public IDPredicate startsWith(IDExpression<String> x) {

+            return new SwimLanePredicate(_context, IDOperator.startsWith, x, 
_providers);
+        }
+
+        @Override
+        public IDPredicate endsWith(IDExpression<String> x) {
+
+            return new SwimLanePredicate(_context, IDOperator.endsWith, x, 
_providers);
+        }
+
+        @Override
+        public IDPredicate matches(RegularExpression x) {
+
+            return new SwimLanePredicate(_context, IDOperator.matches, x, 
_providers);
+        }
+
+        @Override
+        public IDPredicate getPredicate(ExpressionPredicateOperator<? 
extends Enum<?>> operator, IDExpression<? extends Serializable> x) {
+
+            return new SwimLanePredicate(_context, operator, x, _providers);
+        }
+
+        @Override
+        public IDPredicate getPredicate(BooleanPredicateOperator<? extends 
Enum<?>> operator, IDPredicate... predicates) {
+
+            return new SwimLanePredicate(_context, operator, predicates, 
_providers);
+        }
+    };
+
+    @Override
+    public ProviderLookupContext getProviderLookupContext() {
+        return _context;
+    }
+
+    @Override
+    public RepositoryLookupService getAttributeLookupService() {
+        return _provider.getAttributeLookupService();
+    }
+
+    @Override
+    public RepositoryUpdateService getAttributeUpdateService() {
+        return _provider.getAttributeUpdateService();
+    }
+
+    @Override
+    public IDPredicate and(IDPredicate... predicates) {
+        return _provider.and(predicates);
+    }
+
+    @Override
+    public IDPredicate or(IDPredicate... predicates) {
+        return _provider.or(predicates);
+    }
+
+    @Override
+    public IDPredicate equal(IDExpression<?> x) {
+        return _provider.equal(x);
+    }
+
+    @Override
+    public <C extends Serializable & Comparable<C>> IDPredicate 
greaterThan(IDExpression<C> x) {
+        return _provider.greaterThan(x);
+    }
+
+    @Override
+    public <C extends Serializable & Comparable<C>> IDPredicate 
lessThan(IDExpression<C> x) {
+        return _provider.lessThan(x);
+    }
+
+    @Override
+    public IDPredicate contains(IDExpression<?> x) {
+        return _provider.contains(x);
+    }
+
+    @Override
+    public IDPredicate startsWith(IDExpression<String> x) {
+        return _provider.startsWith(x);
+    }
+
+    @Override
+    public IDPredicate endsWith(IDExpression<String> x) {
+        return _provider.endsWith(x);
+    }
+
+    @Override
+    public IDPredicate matches(RegularExpression x) {
+        return _provider.matches(x);
+    }
+
+    @Override
+    public IDPredicate getPredicate(ExpressionPredicateOperator<? extends 
Enum<?>> operator, IDExpression<? extends Serializable> x) {
+        return _provider.getPredicate(operator, x);
+    }
+
+    @Override
+    public IDPredicate getPredicate(BooleanPredicateOperator<? extends 
Enum<?>> operator, IDPredicate... predicates) {
+        return _provider.getPredicate(operator, predicates);
+    }
+
+    /**
+     * Inner class used to encapsulate predicates of the component
+     * AttributeProvider objects when an AttributeProvider is constructed 
from
+     * other AttributeProvider object via union, join, or selection.
+     */
+    private static class SwimLanePredicate implements IDPredicate {
+
+        IDPredicate[] _innerPredicates;
+        ProviderLookupContext _context;
+        PredicateOperator<? extends Enum<?>> _operator;
+        IDExpression _expression;
+        List<IDPredicate> _predicates;
+
+        SwimLanePredicate(ProviderLookupContext context, 
ExpressionPredicateOperator<? extends Enum<?>> operator, IDExpression x, 
AttributeRepository... providers) {
+            _context = context;
+            _operator = operator;
+            _expression = x;
+            int count = providers == null ? 0 : providers.length;
+            _innerPredicates = new IDPredicate[count];
+            for (int i = 0; i < count; i++) {
+                /*
+                 * determine if the expression is either implicitly or
+                 * explicitly bound to the provider context. If so, obtain an
+                 * inner predicate from the corresponding provider.
+                 */
+                if 
(providers[i].getProviderLookupContext().expressionInContext(x)) {
+                    _innerPredicates[i] = 
providers[i].getPredicate(operator, x);
+                } else {
+                    /*
+                     * assign a not predicate as the inner predicate, to 
ensure
+                     * that the predicate cannot match any attributes from 
that
+                     * provider
+                     */
+                    _innerPredicates[i] = providers[i].and().not();
+                }
+            }
+        }
+
+        SwimLanePredicate(ProviderLookupContext context, 
BooleanPredicateOperator<? extends Enum<?>> operator, IDPredicate[] 
predicates, AttributeRepository[] providers) {
+            _context = context;
+            _operator = operator;
+            int count = providers == null ? 0 : providers.length;
+            _innerPredicates = new IDPredicate[count];
+            for (int i = 0; i < count; i++) {
+                _innerPredicates[i] = providers[i].getPredicate(operator, 
getPredicatesFromSwimLane(i, predicates));
+            }
+            _predicates = new ArrayList<IDPredicate>();
+            if (predicates != null && predicates.length > 0) {
+                _predicates.addAll(Arrays.asList(predicates));
+            }
+        }
+
+        @Override
+        public IDPredicate not() {
+            return new SwimLanePredicate(_context, IDBooleanOperator.not, 
new IDPredicate[]{this}, new AttributeProvider[_innerPredicates.length]);
+        }
+
+        @Override
+        public IDExpression<?> getExpression() {
+            return _expression;
+        }
+
+        @Override
+        public List<IDPredicate> getPredicates() {
+            return _predicates;
+        }
+
+        @Override
+        public PredicateOperator<? extends Enum<?>> getPredicateOperator() {
+            return _operator;
+        }
+
+        @Override
+        public ProviderLookupContext getProviderLookupContext() {
+            return _context;
+        }
+
+        IDPredicate getSwimLane(int idx) {
+            return _innerPredicates[idx];
+        }
+    };
+
+    private static IDPredicate getPredicateFromSwimLane(int idx, IDPredicate 
predicate) {
+        if (predicate instanceof SwimLanePredicate) {
+            return ((SwimLanePredicate) predicate).getSwimLane(idx);
+        }
+        throw new IllegalArgumentException("predicate is not 
SwimLanePredicate");
+    }
+
+    private static IDPredicate[] getPredicatesFromSwimLane(int idx, 
IDPredicate... predicates) {
+        int count = predicates == null ? 0 : predicates.length;
+        IDPredicate[] rvalue = new IDPredicate[count];
+        for (int i = 0; i < count; i++) {
+            rvalue[i] = getPredicateFromSwimLane(idx, predicates[i]);
+        }
+        return rvalue;
+    }
+
+    private IDPredicate getPredicateFromSwimLane(int idx, AttributeSelector 
selector) {
+        IDPredicate p = selector.getPredicate();
+        return getPredicateFromSwimLane(idx, p);
+    }
+
+    private AttributeSelector getAttributeSelectorFromSwimLane(int idx, 
AttributeSelector selector) {
+        return new AttributeSelector(getPredicateFromSwimLane(idx, 
selector));
+    }
+
+    private AttributeSelector[] getEntitySelectorsFromSwimLane(int idx, 
AttributeSelector... selectors) {
+        int count = selectors == null ? 0 : selectors.length;
+        AttributeSelector[] rvalue = new AttributeSelector[count];
+        for (int i = 0; i < count; i++) {
+            rvalue[i] = new AttributeSelector(getPredicateFromSwimLane(idx, 
selectors[i]));
+        }
+        return rvalue;
+    }
+
+    private PropertySelector[] getPropertySelectorsFromSwimLane(int idx, 
PropertySelector... selectors) {
+        int count = selectors == null ? 0 : selectors.length;
+        PropertySelector[] rvalue = new PropertySelector[count];
+        for (int i = 0; i < count; i++) {
+            rvalue[i] = new PropertySelector(getPredicateFromSwimLane(idx, 
selectors[i].getPredicate()));
+        }
+        return rvalue;
+    }
+
+    /**
+     * Inner class used to reference entities within an 
AttributeProviderProxy
+     * that was constructed by join, union, or selection.
+     */
+    private static class ProxyEntityReference implements IDEntityReference {
+
+        public static final long serialVersionUID = 1L;
+        ProviderLookupContext _context;
+        IDEntityReference[] _references;
+
+        ProxyEntityReference(ProviderLookupContext context, 
IDEntityReference... references) {
+            _context = context;
+            _references = references;
+        }
+
+        @Override
+        public ProviderLookupContext getProviderLookupContext() {
+            return _context;
+        }
+
+        @Override
+        public int hashCode() {
+            int rvalue = (int) serialVersionUID + _context.hashCode();
+            if (_references != null) {
+                for (IDEntityReference r : _references) {
+                    rvalue += r.hashCode();
+                }
+            }
+            return rvalue;
+        }
+
+        @Override
+        public boolean equals(Object obj) {
+            if (obj == null) {
+                return false;
+            }
+            if (getClass() != obj.getClass()) {
+                return false;
+            }
+            final ProxyEntityReference other = (ProxyEntityReference) obj;
+            // serialVersionUID is static, so this check seems meaningless
+            if (serialVersionUID != other.serialVersionUID) {
+                return false;
+            }
+            if ((_references != null && other._references == null)
+                    || (_references == null && other._references != null)) {
+                return false;
+            } else if (_references != null) {
+                if (_references.length != other._references.length) {
+                    return false;
+                }
+                for (int i = 0; i < _references.length; i++) {
+                    if (!_references[i].equals(other._references[i])) {
+                        return false;
+                    }
+                }
+            }
+            return _context.equals(other._context);
+        }
+    }
+
+    /**
+     * Inner class used to reference attributes within an 
AttributeProviderProxy
+     * constructed by join, union, or selection
+     */
+    private static class ProxyAttributeReference implements 
IDAttributeReference {
+
+        public static final long serialVersionUID = 1L;
+        ProviderLookupContext _context;
+        IDAttributeReference _reference;
+
+        ProxyAttributeReference(ProviderLookupContext context, 
IDAttributeReference reference) {
+            _context = context;
+            _reference = reference;
+        }
+
+        @Override
+        public ProviderLookupContext getProviderLookupContext() {
+            return _context;
+        }
+
+        @Override
+        public int hashCode() {
+            return _context.hashCode()
+                    + (_reference != null ? _reference.hashCode() : 0)
+                    + (int) serialVersionUID;
+        }
+
+        @Override
+        public boolean equals(Object obj) {
+            if (obj == null) {
+                return false;
+            }
+            if (getClass() != obj.getClass()) {
+                return false;
+            }
+            final ProxyAttributeReference other = (ProxyAttributeReference) 
obj;
+            if (serialVersionUID != other.serialVersionUID) {
+                return false;
+            }
+            if ((_reference == null) ? (other._reference != null) : 
!_reference.equals(other._reference)) {
+                return false;
+            }
+            return _context.equals(other._context);
+        }
+    }
+
+    /**
+     * Inner class used to represent attributes obtained from an
+     * AttributeProvider that was constructed by join, union, or selection.
+     */
+    private static class ProxyAttribute<T extends Serializable> implements 
IDAttribute<T> {
+
+        ProviderLookupContext _context;
+        IDAttribute _attribute;
+        ProxyAttributeReference _reference;
+
+        ProxyAttribute(ProviderLookupContext context, IDAttribute attribute) 
{
+            _context = context;
+            _attribute = attribute;
+            _reference = new ProxyAttributeReference(context, 
attribute.getAttributeReference());
+        }
+        /*
+         * @Override public URI getAttributeIdentifier() { return
+         * _attribute.getAttributeIdentifier(); }
+         */
+
+        @Override
+        public Collection getAttributeNames() {
+            return _attribute.getAttributeNames();
+        }
+
+        @Override
+        public IDAttributeValue getAttributeValue() {
+            return _attribute.getAttributeValue();
+        }
+
+        @Override
+        public Map getPropertyMap() {
+            return _attribute.getPropertyMap();
+        }
+
+        @Override
+        public IDAttributeReference getAttributeReference() {
+            return _reference;
+        }
+    }
+
+    private static boolean nativeEntityReference(IDEntityReference eRef, 
ProviderLookupContext context) {
+        return eRef.getProviderLookupContext().equals(context);
+    }
+
+    private static boolean nativeAttributeReference(IDAttributeReference 
aRef, ProviderLookupContext context) {
+        return aRef.getProviderLookupContext().equals(context);
+    }
+
+    private static boolean nativeAttribute(IDAttribute attribute, 
ProviderLookupContext context) {
+        return 
attribute.getAttributeReference().getProviderLookupContext().equals(context);
+    }
+
+    private static boolean nativeSelector(AttributeSelector selector, 
ProviderLookupContext context) {
+        return selector.getProviderLookupContext().equals(context);
+    }
+
+    private static boolean nativeSelector(PropertySelector selector, 
ProviderLookupContext context) {
+        return selector.getProviderLookupContext().equals(context);
+    }
+
+    private static boolean nativeSelectors(ProviderLookupContext context, 
AttributeSelector selector, PropertySelector... propertySelectors) {
+
+        if (!nativeSelector(selector, context)) {
+            return false;
+        }
+        for (PropertySelector p : propertySelectors) {
+            if (!nativeSelector(p, context)) {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    private static boolean nativeSelectors(ProviderLookupContext context, 
AttributeSelector... selectors) {
+
+        for (AttributeSelector s : selectors) {
+            if (!nativeSelector(s, context)) {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    /**
+     * converts provider specific entity reference to leaf providers with
+     * matching ProviderLookupContext into a proxy entity reference, so that
+     * reference obtained directly from leaf providers, can be processed by
+     * their corresponding proxy provider.
+     *
+     * @param reference
+     * @param throwException when true, throws an exception if conversion 
cannot
+     * be done; otherwise return null;
+     */
+    private ProxyEntityReference getProxyEntityReference(IDEntityReference 
reference, boolean throwException) {
+
+        if (!nativeEntityReference(reference, _context)) {
+            if (throwException) {
+                throw new RuntimeException("Foreign Entity Reference");
+            }
+        } else if (reference instanceof ProxyEntityReference) {
+            return (ProxyEntityReference) reference;
+        } else if (_providers.length == 1 && _context.getSelector() == null) 
{
+            return new ProxyEntityReference(_context, reference);
+        }
+        if (throwException) {
+            throw new RuntimeException("Entity Reference is not convertable 
to ProxyEntityReference");
+        }
+        return null;
+    }
+
+    /**
+     * converts provider specific attribute reference of leaf providers with
+     * matching ProviderLookupContext into a proxy attribute reference, so 
that
+     * attribute references obtained directly from leaf providers, can be
+     * processed by their corresponding proxy attribute provider.
+     *
+     * @param reference
+     * @param throwException when true, throws an exception if conversion 
cannot
+     * be done; otherwise return null.
+     *
+     * @return
+     */
+    private ProxyAttributeReference 
getProxyAttributeReference(IDAttributeReference reference, boolean 
throwException) {
+
+        if (!nativeAttributeReference(reference, _context)) {
+            if (throwException) {
+                throw new RuntimeException("Foreign Attribute Reference");
+            }
+        } else if (reference instanceof ProxyAttributeReference) {
+            return (ProxyAttributeReference) reference;
+        } else if (_providers.length == 1 && _context.getSelector() == null) 
{
+            return new ProxyAttributeReference(_context, reference);
+        }
+        if (throwException) {
+            throw new RuntimeException("Attribute Reference is not 
convertable to ProxyAttributeReference");
+        }
+        return null;
+    }
+}
\ No newline at end of file

--- 
a/Nobis/nobis-core/src/main/java/org/glassfish/nobis/provider/AttributeProviderProxy.java
+++ 
b/Nobis/nobis-core/src/main/java/org/glassfish/nobis/provider/AttributeProviderProxy.java
@@ -23,10 +23,13 @@ import javax.security.identity.*;
 import javax.security.identity.client.*;
 import javax.security.identity.client.expression.IDExpression;
 import javax.security.identity.client.expression.IDName;
-import javax.security.identity.client.expression.NameExpression;
 import javax.security.identity.client.expression.RegularExpression;
+import javax.security.identity.permission.AttributeRepositoryPermission;
+import javax.security.identity.permission.ServiceAction;
+import javax.security.identity.permission.AttributeAction;
 import javax.security.identity.provider.AttributeLookupService;
 import javax.security.identity.provider.AttributeProvider;
+import javax.security.identity.provider.AttributeRepository;
 import javax.security.identity.provider.AttributeUpdateService;
 
 /**
@@ -42,7 +45,10 @@ import 
javax.security.identity.provider.AttributeUpdateService;
  *
  * @author ronmonzillo
  */
-class AttributeProviderProxy implements AttributeProvider {
+class AttributeProviderProxy extends AttributeRepositoryProxy implements 
AttributeProvider {
+
+    AttributeLookupService _protectedLookup;
+    AttributeUpdateService _protectedUpdate;
 
     /**
      * Construct a new AttributeProviderProxy that wraps the 
AttributeProvider
@@ -54,931 +60,504 @@ class AttributeProviderProxy implements 
AttributeProvider {
      * @param _providers an array containing the AttributeProvider objects 
from
      * which the Proxy is to be constructed.
      */
-    AttributeProviderProxy(ProviderLookupContext context, final 
AttributeProvider... providers) {
-
-        _context = context;
-        _providers = providers;
-        _providerCount = providers == null ? 0 : providers.length;
-        _isJoin = context.getSelector() == null && 
context.getNameExpressions() != null
-                && _providerCount == 2;
+    AttributeProviderProxy(ProviderLookupContext context, final 
AttributeRepository ... providers) {
+        super(context, providers);
     }
-    
-    boolean _isJoin;
-    boolean _isLeafProvider;
-    int _providerCount;
-    ProviderLookupContext _context;
-    AttributeProvider[] _providers;
-    
-    AttributeProvider _provider = new AttributeProvider() {
-
-        AttributeUpdateService _update = null;
-        
-        AttributeLookupService _lookup = null;
-
-        @Override
-        public ProviderLookupContext getProviderLookupContext() {
-            return _context;
-        }
 
-        @Override
-        public synchronized AttributeLookupService 
getAttributeLookupService() {
-            if (_lookup == null) {
-      
-                _lookup = new AttributeLookupService() {
-
-                    @Override
-                    public Collection<IDEntityReference> 
search(AttributeSelector... entitySelectors) {
-
-                        if (nativeSelectors(_context, entitySelectors)) {
-
-                            Collection<IDEntityReference> rvalue = new 
ArrayList<IDEntityReference>();
-                            int selectorCount = entitySelectors == null ? 0 
: entitySelectors.length;
-
-                            // processing provider created by join
-                            if (_isJoin) {
-
-                                NameExpression[] expressions = 
_context.getNameExpressions();
-                                final IDPredicate[] _joinPredicates = new 
IDPredicate[_providerCount];
-                                for (int i = 0; i < _providerCount; i++) {
-                                    // Compute predicate to apply join 
expression to corresponding side of the join 
-                                    _joinPredicates[i] = 
_providers[i].contains(expressions[i]);
-    
[truncated due to length]



[nobis~git:b9a44de8] split getPredicate into 2 methods to match change in the Interface defini

monzillo 09/12/2013
 
 
Close
loading
Please Confirm
Close