Index: org/apache/imperius/spl/evaluator/impl/PolicyEvaluatorImpl.java =================================================================== --- org/apache/imperius/spl/evaluator/impl/PolicyEvaluatorImpl.java (revision 689481) +++ org/apache/imperius/spl/evaluator/impl/PolicyEvaluatorImpl.java (working copy) @@ -32,6 +32,7 @@ import org.apache.imperius.spl.external.Actuator; import org.apache.imperius.spl.external.DataCollector; import org.apache.imperius.spl.parser.exceptions.SPLException; +import org.apache.imperius.spl.parser.statements.EvaluationResults; import org.apache.imperius.spl.parser.statements.impl.SPLPolicy; import org.apache.imperius.spl.parser.util.ActuatorFactory; import org.apache.imperius.spl.parser.util.DataCollectorFactory; @@ -99,7 +100,8 @@ { logger.fine(Thread.currentThread().getName() + " Policy Evaluator calling evaluate method of SPLPolicy"); - result = cp.evaluate(_dataCollector, _actuator, instances); + EvaluationResults er = cp.evaluateForResults(_dataCollector, _actuator, instances); + result = er.getStatusCode() == SPLPolicy.POLICY_EVALUATED_SUCCESSFULLY ? SUCCESS : FAILURE; auditLogger.fine(Thread.currentThread().getName() + "\n" + cp.getAuditLogString()); } Index: org/apache/imperius/spl/parser/statements/EvaluationResults.java =================================================================== --- org/apache/imperius/spl/parser/statements/EvaluationResults.java (revision 0) +++ org/apache/imperius/spl/parser/statements/EvaluationResults.java (revision 0) @@ -0,0 +1,129 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.imperius.spl.parser.statements; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.imperius.spl.parser.statements.impl.SPLPolicy; + + +/** + * Used by {@link SPLPolicy} and its cohorts to capture the results of a policy evaluation. + * This can hold the results of nested policies (i.e. policy groups) and multiple policy statements. + * EventResults objects which contain the results of policy group results are appended and are + * considered nested results. + * {@link PolicyStatementResults} are appended for each policy statement (..., condition, decision set). + * Statement and group results may be retrieved from an instance via the {@link #getPolicyStatementResults()} + * and {@link #getNestedResults()} methods. + * + * @author dawood + * + */ +public class EvaluationResults { + + protected int statusCode = SPLPolicy.POLICY_NOT_EVALUATED; + protected List statementResults = null; + protected List evaluationResults = null; + + /** + * Create an result indicating that it has not been evaluated. + */ + public EvaluationResults() { } + + + /** + * Create the result to include the given statement result and its status code. + * @param psr + */ + public EvaluationResults(PolicyStatementResult psr) { + statementResults = new ArrayList(1); + statementResults.add(psr); + addNewStatusCode(psr.statusCode); + } + + /** + * Add the given result to the list of nested results + * The status code from the given result is merged with the current status code. + * @param er + */ + public void appendResult(EvaluationResults er) { + if (evaluationResults == null) + evaluationResults = new ArrayList(1); + evaluationResults.add(er); + addNewStatusCode(er.statusCode); + } + + /** + * Add the given result to the list of statement results + * The status code from the given result is merged with the current status code. + * @param psr + */ + public void appendResult(PolicyStatementResult psr) { + if (statementResults == null) + statementResults = new ArrayList(1); + statementResults.add(psr); + addNewStatusCode(psr.statusCode); + } + + /** + * Get the current status code for this result. + * The current status code is a merger of status codes from all the + * statement and evaluation results. + * @return + */ + public int getStatusCode() { return statusCode; } + + /** + * Gets the list of statement results in this instance. + * Nested statement results are not returned by this method. + * @return null if not statement results + */ + public List getPolicyStatementResults() { return statementResults; } + + /** + * Gets the list of nested evaluation results. + * Results nested within immediately nested results are not returned in the list. + * @return null if no nested results are present. + */ + public List getNestedResults() { return evaluationResults; } + + private void addNewStatusCode(int newStatus) { + switch (newStatus) { + case SPLPolicy.POLICY_EVALUATION_FAILED: + statusCode = SPLPolicy.POLICY_EVALUATION_FAILED; + break; + case SPLPolicy.POLICY_EVALUATED_SUCCESSFULLY: + switch (statusCode) { + case SPLPolicy.POLICY_EVALUATION_FAILED: break; + case SPLPolicy.POLICY_EVALUATED_SUCCESSFULLY: break; + case SPLPolicy.POLICY_NOT_EVALUATED: statusCode = SPLPolicy.POLICY_EVALUATED_SUCCESSFULLY; + } + break; + case SPLPolicy.POLICY_NOT_EVALUATED: + break; + default: + throw new RuntimeException("Illegal status " + newStatus); + + } + + } + + +} Index: org/apache/imperius/spl/parser/statements/PolicyStatement.java =================================================================== --- org/apache/imperius/spl/parser/statements/PolicyStatement.java (revision 689481) +++ org/apache/imperius/spl/parser/statements/PolicyStatement.java (working copy) @@ -36,6 +36,8 @@ int evaluate(DataCollector dc,Actuator ac) throws SPLException; + EvaluationResults evaluateForResults(DataCollector dc,Actuator ac) throws SPLException; + String toString(); String getAuditLogString(); Index: org/apache/imperius/spl/parser/statements/PolicyStatementResult.java =================================================================== --- org/apache/imperius/spl/parser/statements/PolicyStatementResult.java (revision 0) +++ org/apache/imperius/spl/parser/statements/PolicyStatementResult.java (revision 0) @@ -0,0 +1,84 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.imperius.spl.parser.statements; + +/** + * Holds the information about the evaluation of a single policy statement. + * This includes: + * + * @author dawood + * + */ +public class PolicyStatementResult { + + protected int statusCode; + protected Boolean conditionResult = null; + protected Boolean decisionResult = null; + + /** + * Create a result for a statement that has a condition. + * @param result - overall status of evaluation + * @param conditionResult - value of the condition statement + * @param decisionResult - success status of decision evaluation + */ + public PolicyStatementResult(int result, Boolean conditionResult, Boolean decisionResult) { + this.statusCode = result; + this.conditionResult = conditionResult; + this.decisionResult = decisionResult; + } + + /** + * Create a result for a statement that does NOT have a condition. + * @param result - overall status of evaluation + * @param decisionResult - success status of decision evaluation + */ + public PolicyStatementResult(int result, Boolean decisionResult) { + this(result,null, decisionResult); + } + + /** + * Get the overall status of the evaluation. + * @return + */ + public int getStatusCode() { return statusCode; } + + /** + * Get the result of the condition evaluation if one existed. + * @return true or false or null if no condition existed in policy. + */ + public Boolean getConditionResult() { return conditionResult; } + + /** + * Get the result of the decision. + * @return true, false. + */ + public Boolean getDecisionResult() { return decisionResult; } + +} Index: org/apache/imperius/spl/parser/statements/impl/PolicyDefinition.java =================================================================== --- org/apache/imperius/spl/parser/statements/impl/PolicyDefinition.java (revision 689481) +++ org/apache/imperius/spl/parser/statements/impl/PolicyDefinition.java (working copy) @@ -33,7 +33,9 @@ import org.apache.imperius.spl.parser.compiler.symboltable.SPLSymbolTable; import org.apache.imperius.spl.parser.exceptions.SPLException; import org.apache.imperius.spl.parser.statements.ActionBlock; +import org.apache.imperius.spl.parser.statements.EvaluationResults; import org.apache.imperius.spl.parser.statements.PolicyStatement; +import org.apache.imperius.spl.parser.statements.PolicyStatementResult; import org.apache.imperius.util.SPLLogger; @@ -165,11 +167,21 @@ } - public int evaluate(DataCollector dc , Actuator ac) throws SPLException + public int evaluate(DataCollector dc , Actuator ac) throws SPLException { + EvaluationResults er = evaluateForResults(dc,ac); + return er.getStatusCode(); + } + + + public EvaluationResults evaluateForResults(DataCollector dc , Actuator ac) throws SPLException { logger.entering(sourceClass,Thread.currentThread().getName()+" "+ "evaluate"); this.auditloggerString=""; +// EvaluationResult result = new EvaluationResult(EvaluationResult.POLICY_EVALUATED_SUCCESSFULLY); int result = SPLPolicy.POLICY_EVALUATED_SUCCESSFULLY; + Boolean conditionResult = null; + Boolean decisionResult = null; + if(_declStmt != null) { _declStmt.evaluate(); @@ -182,7 +194,7 @@ logger.fine(Thread.currentThread().getName()+ "evaluating condition of Policy Definition"); } - Boolean conditionResult = (Boolean)_condition.evaluate(); + conditionResult = (Boolean)_condition.evaluate(); System.out.println(" "+"policy :"+_condition.toString()); auditloggerString+=" "+"policy :"+_condition.toString()+"\n"; System.out.println(" "+"result :"+conditionResult); @@ -222,6 +234,7 @@ // if(auditLogger.isLoggable(Level.FINE)) // auditLogger.fine(Thread.currentThread().getName()+" Executing Decision "); boolean executionResult = _decision.execute(ac); + decisionResult = Boolean.valueOf(executionResult); // System.out.println(" "+"decision executed :"+executionResult); auditloggerString+=" "+"decision executed :"+executionResult+"\n"; @@ -243,7 +256,7 @@ logger.exiting(sourceClass,Thread.currentThread().getName()+" "+ "evaluate"); - return result; +// return result; } else{ @@ -258,7 +271,7 @@ logger.exiting(sourceClass,Thread.currentThread().getName()+" "+ "evaluate"); - return result; +// return result; } } @@ -281,7 +294,7 @@ if(logger.isLoggable(Level.FINE)) logger.fine(Thread.currentThread().getName()+"PolicyDefinition Evalaute return value="+result); - return result; +// return result; } } else @@ -290,6 +303,7 @@ auditloggerString+=" "+"sub policy has no condition"+"\n"; boolean executionResult=_decision.execute(ac); + decisionResult = Boolean.valueOf(executionResult); if(logger.isLoggable(Level.FINE)) logger.fine(Thread.currentThread().getName()+"PolicyDefinition decision.execute return value="+executionResult); System.out.println(" "+"decision executed :"+executionResult); @@ -312,7 +326,7 @@ if(logger.isLoggable(Level.FINE)) logger.fine(Thread.currentThread().getName()+"PolicyDefinition Evalaute return value="+result); - return result; +// return result; } else{ // if(auditLogger.isLoggable(Level.FINE)) @@ -328,11 +342,17 @@ if(logger.isLoggable(Level.FINE)) logger.fine(Thread.currentThread().getName()+"PolicyDefinition Evalaute return value="+result); - return result; +// return result; } } - + PolicyStatementResult psr; + if (conditionResult != null) { + psr = new PolicyStatementResult(result, conditionResult, decisionResult); + } else { + psr = new PolicyStatementResult(result, decisionResult); + } + return new EvaluationResults(psr); } Index: org/apache/imperius/spl/parser/statements/impl/PolicyGroup.java =================================================================== --- org/apache/imperius/spl/parser/statements/impl/PolicyGroup.java (revision 689481) +++ org/apache/imperius/spl/parser/statements/impl/PolicyGroup.java (working copy) @@ -30,6 +30,7 @@ import org.apache.imperius.spl.external.DataCollector; import org.apache.imperius.spl.parser.compiler.symboltable.SPLSymbolTable; import org.apache.imperius.spl.parser.exceptions.SPLException; +import org.apache.imperius.spl.parser.statements.EvaluationResults; import org.apache.imperius.spl.parser.statements.PolicyStatement; import org.apache.imperius.util.SPLLogger; @@ -160,11 +161,17 @@ } - public int evaluate(DataCollector dc,Actuator ac) throws SPLException + public int evaluate(DataCollector dc,Actuator ac) throws SPLException { + EvaluationResults er = evaluateForResults(dc,ac); + return er.getStatusCode(); + } + + + public EvaluationResults evaluateForResults(DataCollector dc,Actuator ac) throws SPLException { logger.entering(sourceClass,Thread.currentThread().getName()+" "+ "evaluate"); this.auditloggerString=""; - int result = SPLPolicy.POLICY_EVALUATION_FAILED; + EvaluationResults result = null; //System.out.println("Policy Gp::evaluate::symTab.getInstance().getCimObjectName() "+symTab.getAnchorClassList()); // Map classToInstanceMap = null; // Iterator it = classToInstanceMap.keySet().iterator(); @@ -178,7 +185,7 @@ System.out.println("-----------"+"Starting Evaluation of Policy Group"+"-----------"); this.auditloggerString+="-----------"+"Starting Evaluation of Policy Group"+"-----------"+"\n"; - result = cimPolicy.evaluate(dc,ac,anchorClassName,symTab.getDefaultQualifier(),symTab.getInstance(anchorClassName),assocName,role1,role2); + result = cimPolicy.evaluateForResults(dc,ac,anchorClassName,symTab.getDefaultQualifier(),symTab.getInstance(anchorClassName),assocName,role1,role2); this.auditloggerString+=cimPolicy.getAuditLogString(); this.auditloggerString+="-----------"+"Completed Evaluation of Policy Group"+"-----------"+"\n"; System.out.println("-----------"+"Completed Evaluation of Policy Group"+"-----------"); Index: org/apache/imperius/spl/parser/statements/impl/SPLPolicy.java =================================================================== --- org/apache/imperius/spl/parser/statements/impl/SPLPolicy.java (revision 689481) +++ org/apache/imperius/spl/parser/statements/impl/SPLPolicy.java (working copy) @@ -37,7 +37,9 @@ import org.apache.imperius.spl.external.InstanceInfo; import org.apache.imperius.spl.parser.compiler.symboltable.SPLSymbolTable; import org.apache.imperius.spl.parser.exceptions.SPLException; +import org.apache.imperius.spl.parser.statements.EvaluationResults; import org.apache.imperius.spl.parser.statements.PolicyStatement; +import org.apache.imperius.spl.parser.statements.PolicyStatementResult; import org.apache.imperius.util.SPLLogger; @@ -48,9 +50,11 @@ private DeclarationStatement _declaration; private ArrayList _policyList; private SPLSymbolTable _symTab; + public static final int POLICY_EVALUATED_SUCCESSFULLY = 1; public static final int POLICY_NOT_EVALUATED = 0; public static final int POLICY_EVALUATION_FAILED = -1; + private static Logger logger = SPLLogger.getSPLLogger().getLogger(); private String auditloggerString = ""; @@ -97,7 +101,7 @@ - private int _evaluatePolicies(Map instanceMap, + private EvaluationResults _evaluatePolicies(Map instanceMap, DataCollector dc, Actuator ac) throws SPLException @@ -105,7 +109,7 @@ logger.entering(sourceClass,Thread.currentThread().getName()+" "+ "evaluatePolicies"); // Iterate over the List of maps - int result = POLICY_EVALUATED_SUCCESSFULLY; + EvaluationResults result = new EvaluationResults(); Iterator instanceMapKeyIt = instanceMap.keySet().iterator(); System.out.println("Iterating over all instances of Anchor class"); @@ -148,16 +152,18 @@ auditloggerString+="***********"+"evaluating sub policy number "+(j+1)+"***********"+"\n"; PolicyStatement pStatement = (PolicyStatement)_policyList.get(j); // evaluate each policy - int result1 = pStatement.evaluate(dc,ac); + EvaluationResults er1 = pStatement.evaluateForResults(dc,ac); + result.appendResult(er1); + int result1 = result.getStatusCode(); // pStatement.evaluate(dc,ac); auditloggerString+=pStatement.getAuditLogString(); if(result1 == POLICY_EVALUATION_FAILED) // report failure even if a single policy fails { - result = result1; +// result = result1; System.out.println(" "+"SPLPolicy evaluation failed "); auditloggerString+=" "+"SPLPolicy evaluation failed "+"\n"; - logger.severe(Thread.currentThread().getName()+"SPLPolicy evaluation failed return value="+result); + logger.severe(Thread.currentThread().getName()+"SPLPolicy evaluation failed return value="+result1); } @@ -295,7 +301,8 @@ } - public int evaluate(DataCollector dc, Actuator ac, + + public EvaluationResults evaluateForResults(DataCollector dc, Actuator ac, String anchorClassName,String anchornamespace, Object anchorInstance, String assocName, String role1, String role2) throws SPLException @@ -303,7 +310,7 @@ logger.entering(sourceClass,Thread.currentThread().getName()+" "+ "evaluate"); this.auditloggerString=""; - int result = POLICY_EVALUATED_SUCCESSFULLY; + EvaluationResults result = new EvaluationResults(); System.out.println("cimObjectName "+anchorClassName+" "+anchornamespace+" "+anchorInstance.toString()); //Map keys=this.symTab.getInstance().getMapOfKeys(); ImportStatement imp=(ImportStatement)this._importStmtList.get(0); @@ -324,7 +331,7 @@ Map objMap=new HashMap(); objMap.put(targetclassnm, inst); - result = evaluate(dc,ac,objMap); + result.appendResult(evaluateForResults(dc,ac,objMap)); } // System.out.println(">>>>>>>>>>>"+"policy evaluation complete, result :"+result+"<<<<<<<<<<<"); @@ -336,9 +343,14 @@ return result; } - public int evaluate(DataCollector dc, Actuator ac, Map iMap) throws SPLException { + EvaluationResults er = evaluateForResults(dc,ac,iMap); + return er.getStatusCode(); + } + + public EvaluationResults evaluateForResults(DataCollector dc, Actuator ac, Map iMap) throws SPLException + { logger.entering(sourceClass,Thread.currentThread().getName()+" "+ "evaluate2"); this.auditloggerString=""; if (logger.isLoggable(Level.FINE)) @@ -346,7 +358,7 @@ Map instanceMap = _buildInstanceMap(iMap,dc); - int result = POLICY_EVALUATION_FAILED; + EvaluationResults result; if(!instanceMap.isEmpty()) { if (logger.isLoggable(Level.FINE)) @@ -368,7 +380,7 @@ } else { - + result = new EvaluationResults(); logger.warning(Thread.currentThread().getName()+" "+"No valid instances for policy evaluation"); //throw new SPLException("Out of the Instances that were passed in for Evaluation, none have passed the filter"); }