Omaha #3509 Minor fixes to custom XACML policy processing

Former-commit-id: 085c6407d5 [formerly 21efa23f4c1236e874312c03a60f5c6dc2bd0c9a]
Former-commit-id: ca6c4093b7

edexOsgi/com.raytheon.uf.edex.registry.ebxml/res/spring/ebxml-xacml.xml

@@ -757,7 +757,9 @@
 	<bean id="VariableReferenceExpression"
 		class="com.raytheon.uf.edex.registry.acp.xacml.engine.expression.impl.VariableReferenceExpression" />
 	<bean id="AttributeDesignatorExpression"
-		class="com.raytheon.uf.edex.registry.acp.xacml.engine.expression.impl.AttributeDesignatorExpression" />
+		class="com.raytheon.uf.edex.registry.acp.xacml.engine.expression.impl.AttributeDesignatorExpression" >
+			<property name="xacmlContextHandler" ref="XACMLContextHandler" />
+		</bean>
 
 	<!-- End of Classes for XACML Expressions -->
 

edexOsgi/com.raytheon.uf.edex.registry.ebxml/src/com/raytheon/uf/edex/registry/acp/xacml/interceptor/XACMLInterceptor.java

@@ -21,7 +21,6 @@ package com.raytheon.uf.edex.registry.acp.xacml.interceptor;
 
 import java.security.Principal;
 import java.util.ArrayList;
-import java.util.Collections;
 import java.util.List;
 import java.util.Set;
 
@@ -56,10 +55,10 @@ import org.opensaml.xacml.ctx.ResponseType;
 import org.opensaml.xacml.ctx.ResultType;
 import org.opensaml.xacml.policy.ObligationType;
 import org.opensaml.xacml.policy.ObligationsType;
+import org.springframework.transaction.annotation.Transactional;
 
 import com.raytheon.uf.common.status.IUFStatusHandler;
 import com.raytheon.uf.common.status.UFStatus;
-import com.raytheon.uf.common.util.CollectionUtil;
 import com.raytheon.uf.edex.registry.acp.xacml.XACMLPolicyAdministrator;
 import com.raytheon.uf.edex.registry.acp.xacml.XACMLPolicyDecisionPoint;
 import com.raytheon.uf.edex.registry.acp.xacml.engine.obligation.XACMLObligationEvaluator;
@@ -90,6 +89,7 @@ import com.raytheon.uf.edex.registry.ebxml.exception.EbxmlRegistryException;
  * @author bphillip
  * @version 1
  */
+@Transactional
 public class XACMLInterceptor extends AbstractPhaseInterceptor<Message> {
 
     /** The logger */
@@ -117,6 +117,10 @@ public class XACMLInterceptor extends AbstractPhaseInterceptor<Message> {
      */
     private RegistryXACMLRequestBuilder requestBuilder;
 
+    public XACMLInterceptor() {
+        super(Phase.PRE_INVOKE);
+    }
+
     /**
      * Constructs a new XACMLInterceptor
      * 
@@ -129,7 +133,7 @@ public class XACMLInterceptor extends AbstractPhaseInterceptor<Message> {
      */
     public XACMLInterceptor(XACMLPolicyAdministrator xacmlPolicyAdmin,
             XACMLPolicyDecisionPoint pdp, RegistryObjectDao registryObjectDao) {
-        super(Phase.POST_INVOKE);
+        super(Phase.PRE_INVOKE);
         OpenSAMLUtil.initSamlEngine();
         this.xacmlPolicyAdmin = xacmlPolicyAdmin;
         this.pdp = pdp;
@@ -190,7 +194,9 @@ public class XACMLInterceptor extends AbstractPhaseInterceptor<Message> {
                     return;
                 }
             } catch (Exception e) {
-                statusHandler.error("An error occurred during XACML authorization. Defaulting to Unauthorized", e);
+                statusHandler
+                        .error("An error occurred during XACML authorization. Defaulting to Unauthorized",
+                                e);
                 throw new AccessDeniedException("Unauthorized");
             }
         } else {
@@ -236,31 +242,6 @@ public class XACMLInterceptor extends AbstractPhaseInterceptor<Message> {
         return response;
     }
 
-    /**
-     * Gets the resources from the message and retrieves them from the registry
-     * database if possible
-     * 
-     * @param message
-     *            The message to get the resources from
-     * @param isSoapCall
-     *            True if this is a SOAP call
-     * @return The list of registry object resources referenced by the message
-     * @throws EbxmlRegistryException
-     *             If errors occur while querying for the objects from the
-     *             registry database
-     */
-    private List<RegistryObjectType> getResources(Message message,
-            boolean isSoapCall) throws EbxmlRegistryException {
-        List<RegistryObjectType> registryObjects = Collections.emptyList();
-
-        List<String> ids = getResourceIds(message, isSoapCall);
-        if (!CollectionUtil.isNullOrEmpty(ids)) {
-            registryObjects = registryObjectDao.getById(ids);
-        }
-
-        return registryObjects;
-    }
-
     /**
      * Extracts the ids of the resources from the message
      * 
@@ -272,8 +253,9 @@ public class XACMLInterceptor extends AbstractPhaseInterceptor<Message> {
      * @throws EbxmlRegistryException
      *             If an invalid message is submitted
      */
-    private List<String> getResourceIds(Message message, boolean isSoapCall)
+    private List<RegistryObjectType> getResources(Message message,
-            throws EbxmlRegistryException {
+            boolean isSoapCall) throws EbxmlRegistryException {
+        List<RegistryObjectType> registryObjects = new ArrayList<RegistryObjectType>();
         List<String> ids = new ArrayList<String>();
         ObjectRefListType refList = null;
         RegistryObjectListType objList = null;
@@ -327,12 +309,13 @@ public class XACMLInterceptor extends AbstractPhaseInterceptor<Message> {
                 }
             }
             if (objList != null) {
-                for (RegistryObjectType regObj : objList.getRegistryObject()) {
+                registryObjects.addAll(objList.getRegistryObject());
-                    ids.add(regObj.getId());
+            }
-                }
+            if (!ids.isEmpty()) {
+                registryObjects.addAll(registryObjectDao.getById(ids));
             }
         }
-        return ids;
+        return registryObjects;
     }
 
     /**