From 8f760277a925208eadd8c2ba379c9a6149ee5d53 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Mar 2024 14:05:59 -0400 Subject: [PATCH 01/10] Bump com.fasterxml.jackson.datatype:jackson-datatype-jdk8 from 2.16.1 to 2.16.2 in /CedarJava (#103) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- CedarJava/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CedarJava/build.gradle b/CedarJava/build.gradle index 6c96a485..d88802c8 100644 --- a/CedarJava/build.gradle +++ b/CedarJava/build.gradle @@ -68,7 +68,7 @@ dependencies { // Do not upgrade to Jackson 3.x without addressing stack overflow issues in ValueCedarDeserializer // The upgrade should be reviewed by AppSec implementation 'com.fasterxml.jackson.core:jackson-databind:2.16.1' - implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.16.1' + implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.16.2' implementation 'org.slf4j:slf4j-api:2.0.12' implementation 'com.google.guava:guava:33.0.0-jre' compileOnly 'com.github.spotbugs:spotbugs-annotations:4.8.3' From b785280b64d15681fca0bdfae0760b6491c9ef3b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Mar 2024 14:19:39 -0400 Subject: [PATCH 02/10] Bump com.fasterxml.jackson.core:jackson-databind from 2.16.1 to 2.16.2 in /CedarJava (#102) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- CedarJava/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CedarJava/build.gradle b/CedarJava/build.gradle index d88802c8..10b809d8 100644 --- a/CedarJava/build.gradle +++ b/CedarJava/build.gradle @@ -67,7 +67,7 @@ configurations { dependencies { // Do not upgrade to Jackson 3.x without addressing stack overflow issues in ValueCedarDeserializer // The upgrade should be reviewed by AppSec - implementation 'com.fasterxml.jackson.core:jackson-databind:2.16.1' + implementation 'com.fasterxml.jackson.core:jackson-databind:2.16.2' implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.16.2' implementation 'org.slf4j:slf4j-api:2.0.12' implementation 'com.google.guava:guava:33.0.0-jre' From 87e13a3797f4c0b06135f2b6eea2775383abe446 Mon Sep 17 00:00:00 2001 From: Sarah Cecchetti Date: Fri, 15 Mar 2024 06:22:17 -0700 Subject: [PATCH 03/10] Update NOTICE to reflect accurate copyright (#105) Signed-off-by: Sarah Cecchetti --- NOTICE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NOTICE b/NOTICE index 616fc588..f78889f8 100644 --- a/NOTICE +++ b/NOTICE @@ -1 +1 @@ -Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +Copyright Cedar Contributors From 16ec8c3f2c73ece7d6a510a506e6dcfec70e48e1 Mon Sep 17 00:00:00 2001 From: shaobo-he-aws <130499339+shaobo-he-aws@users.noreply.github.com> Date: Fri, 15 Mar 2024 11:44:14 -0700 Subject: [PATCH 04/10] Update build process of CedarJavaFFI (#107) Signed-off-by: Shaobo He --- CedarJava/config.sh | 3 --- CedarJavaFFI/Cargo.toml | 7 +++---- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/CedarJava/config.sh b/CedarJava/config.sh index b0125b80..264a3522 100755 --- a/CedarJava/config.sh +++ b/CedarJava/config.sh @@ -43,9 +43,6 @@ if [ "$#" -ne 0 ] && [ "$1" == "run_int_tests" ]; then replace_once build.gradle ".*CEDAR_INTEGRATION_TESTS_ROOT.*" "$integration_tests_str" export MUST_RUN_CEDAR_INTEGRATION_TESTS=1 - - cargo_str='cedar-policy = { version = "3.0", path = "../cedar/cedar-policy" }' - replace_once ../CedarJavaFFI/Cargo.toml ".*cedar-policy =.*" "$cargo_str" else unset MUST_RUN_CEDAR_INTEGRATION_TESTS export CEDAR_INTEGRATION_TESTS_ROOT=/tmp diff --git a/CedarJavaFFI/Cargo.toml b/CedarJavaFFI/Cargo.toml index bba03ea3..5fde7739 100644 --- a/CedarJavaFFI/Cargo.toml +++ b/CedarJavaFFI/Cargo.toml @@ -9,13 +9,13 @@ version = "3.0.0" [dependencies] serde = { version = "1.0", features = ["derive", "rc"] } serde_json = "1.0" -cedar-policy = { version = "3.0", path = "../../cedar/cedar-policy" } # Need latest version from github +thiserror = "1.0" +itertools = "0.12" +cedar-policy = "3.0" # JNI Support jni = "0.21.0" jni_fn = "0.1.0" -thiserror = "1.0.49" -itertools = "0.11.0" [features] partial-eval = ["cedar-policy/partial-eval"] @@ -23,4 +23,3 @@ partial-eval = ["cedar-policy/partial-eval"] # Dynamic linked library, used for linked to java process at runtime. [lib] crate_type = ["cdylib"] - From 87066897ba19a99d56c306a979a06af891655182 Mon Sep 17 00:00:00 2001 From: David Handermann Date: Tue, 19 Mar 2024 13:33:55 -0500 Subject: [PATCH 05/10] Add Gradle tasks for bundling native libraries (#104) Signed-off-by: David Handermann --- .github/workflows/ci.yml | 47 ++---- .gitignore | 19 +++ CedarJava/README.md | 39 ++--- CedarJava/build.gradle | 157 +++++++++++++++++- .../cedarpolicy/BasicAuthorizationEngine.java | 3 +- .../com/cedarpolicy/loader/LibraryLoader.java | 40 +++++ .../com/cedarpolicy/model/schema/Schema.java | 3 +- .../com/cedarpolicy/model/slice/Policy.java | 5 +- .../com/cedarpolicy/serializer/JsonEUID.java | 2 + .../java/com/cedarpolicy/value/Decimal.java | 2 + .../cedarpolicy/value/EntityIdentifier.java | 6 +- .../com/cedarpolicy/value/EntityTypeName.java | 3 +- .../java/com/cedarpolicy/value/EntityUID.java | 5 +- .../java/com/cedarpolicy/value/IpAddress.java | 2 + .../cedarpolicy/SharedIntegrationTests.java | 2 + 15 files changed, 269 insertions(+), 66 deletions(-) create mode 100644 .gitignore create mode 100644 CedarJava/src/main/java/com/cedarpolicy/loader/LibraryLoader.java diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4d18d4f0..627458c6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,47 +2,30 @@ name: Build & Test (CedarJava & CedarJavaFFI) on: pull_request: + workflow_dispatch: env: CARGO_TERM_COLOR: always jobs: - build_and_test_cedar_java_ffi: - name: Rust project - latest + build: + name: Build FFI and Java runs-on: ubuntu-latest - strategy: - matrix: - toolchain: - - stable steps: - - name: Checkout CedarJava - uses: actions/checkout@v3 - - name: Checkout cedar - uses: actions/checkout@v3 - with: - repository: cedar-policy/cedar - ref: main - path: ./cedar - - name: rustup - run: rustup update ${{ matrix.toolchain }} && rustup default ${{ matrix.toolchain }} - - name: cargo fmt + - name: Checkout cedar-java + uses: actions/checkout@v4 + - name: Prepare Rust Build + run: rustup update stable && rustup default stable + - name: Check FFI Formatting working-directory: ./CedarJavaFFI run: cargo fmt --all --check - - name: configure + - name: Install Zig + run: sudo snap install zig --beta --classic + - name: Build FFI and Java Libraries working-directory: ./CedarJava - shell: bash - run: bash config.sh run_int_tests - - name: cargo build - working-directory: ./CedarJavaFFI - run: RUSTFLAGS="-D warnings -F unsafe-code" cargo build --verbose - - name: cargo test - working-directory: ./CedarJavaFFI - run: RUSTFLAGS="-D warnings -F unsafe-code" cargo test --verbose - - name: Build and Test CedarJava - working-directory: ./CedarJava - shell: bash - run: export MUST_RUN_CEDAR_INTEGRATION_TESTS=1 && ./gradlew build - - name: JavaDoc Cedarjava + env: + MUST_RUN_CEDAR_INTEGRATION_TESTS: 1 + run: ./gradlew build + - name: Generate Java Documentation working-directory: ./CedarJava - shell: bash run: ./gradlew javadoc diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..abd9a560 --- /dev/null +++ b/.gitignore @@ -0,0 +1,19 @@ +.gradle/ +.idea/ +/build +/buildSrc/build/ +/gradle/ +/gradlew +/gradlew.bat +/wrapper/ +.DS_Store +.jqwik-database +*.iml +.classpath +.factorypath +.project +.settings/ +target/ + +# Ignore changes to gradle.properties because we enter passwords here for releases +/gradle.properties diff --git a/CedarJava/README.md b/CedarJava/README.md index 8b8a2375..851897da 100644 --- a/CedarJava/README.md +++ b/CedarJava/README.md @@ -4,44 +4,33 @@ This package provides the Java interface for the Cedar language. You can use the For more information about Cedar, please see: https://www.cedarpolicy.com/ -## Usage -This package depends on [Cedar](https://www.cedarpolicy.com/), a library -that needs to be compiled so that it can be run on the used platform. -You need JDK 17 or later to run the code. +## Prerequisites -You need to ensure the `CEDAR_JAVA_FFI_LIB` variable is set correctly. Typically ./config.sh will set this for you. +- [JDK 17](https://openjdk.org/projects/jdk/17/) or later +- [Rust](https://rustup.rs/) with `rustup` +- [Zig](https://ziglang.org/learn/getting-started/) for cross compiling with [cargo-zigbuild](https://github.com/rust-cross/cargo-zigbuild) + +## Building + +Run the [Gradle Wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper_basics.html) +with the `build` task to compile both the Cedar Java Foreign Function Interface and the Cedar Java library. -### Building -- Ensure Rust, Gradle and a JDK are installed. -- then: ```shell -cd CedarJavaFFI -cargo build -cargo test -cd ../CedarJava -bash config.sh ./gradlew build ``` -This will run the tests as well (but not the integration tests). -If you want to run the integration tests, you'll also need: -```shell -export CEDAR_INTEGRATION_TESTS_ROOT=`path_to_cedar/cedar-integration-tests` -``` +## Integration Testing + +Set the `CEDAR_INTEGRATION_TESTS_ROOT` environment variable to enable integration tests when building. -Otherwise you can do (done for you in `config.sh`): ```shell -export CEDAR_INTEGRATION_TESTS_ROOT=`/tmp` +export CEDAR_INTEGRATION_TESTS_ROOT=`path_to_cedar/cedar-integration-tests` ``` -And the tests won't be found (and hence won't be run). - ## Debugging If you're encountering unexpected errors, a good first step in debugging can be to enable TRACE-level logging for -`cedarpolicy`, which will then show the exact messages being passed to Cedar. You can do this for -the unit tests by modifying the `test/resources/log4j2.xml` file; this file also gives an example for what to do in -other Log4j2-based packages. +`com.cedarpolicy`, which will then show the exact messages being passed to Cedar. Debugging calls across the JNI boundary is a bit tricky (as ever a bit more so on a Mac), but can be done by attaching both a Java and native debugger (such as GDB/LLDB) to the program. diff --git a/CedarJava/build.gradle b/CedarJava/build.gradle index 10b809d8..d5e6b00a 100644 --- a/CedarJava/build.gradle +++ b/CedarJava/build.gradle @@ -5,7 +5,7 @@ buildscript { } } dependencies { - classpath "com.github.spotbugs.snom:spotbugs-gradle-plugin:5.0.14" + classpath "com.github.spotbugs.snom:spotbugs-gradle-plugin:6.0.8" classpath "gradle.plugin.com.github.sherter.google-java-format:google-java-format-gradle-plugin:0.9" } } @@ -21,6 +21,9 @@ plugins { // JaCoCo for coverage metrics and reports of Java source files. Read more at: // https://docs.gradle.org/current/userguide/jacoco_plugin.html id 'jacoco' + + // Maven Publish for publishing artifacts to an Apache Maven repository + id 'maven-publish' } /* @@ -70,6 +73,7 @@ dependencies { implementation 'com.fasterxml.jackson.core:jackson-databind:2.16.2' implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.16.2' implementation 'org.slf4j:slf4j-api:2.0.12' + implementation 'com.fizzed:jne:4.1.1' implementation 'com.google.guava:guava:33.0.0-jre' compileOnly 'com.github.spotbugs:spotbugs-annotations:4.8.3' testImplementation 'org.slf4j:slf4j-simple:2.0.12' @@ -86,3 +90,154 @@ test { exceptionFormat 'full' } } + +def ffiDir = '../CedarJavaFFI' +def compiledLibDir = 'resources/compiled' + +def rustLibraryTargets = [ + 'aarch64-apple-darwin' : 'libcedar_java_ffi.dylib', + 'aarch64-unknown-linux-gnu' : 'libcedar_java_ffi.so', + 'x86_64-apple-darwin' : 'libcedar_java_ffi.dylib', + 'x86_64-pc-windows-gnu' : 'cedar_java_ffi.dll', + 'x86_64-unknown-linux-gnu' : 'libcedar_java_ffi.so' +] + +def rustJavaTargets = [ + 'aarch64-apple-darwin' : 'macos/aarch64', + 'aarch64-unknown-linux-gnu' : 'linux/aarch64', + 'x86_64-apple-darwin' : 'macos/x86_64', + 'x86_64-pc-windows-gnu' : 'windows/x86_64', + 'x86_64-unknown-linux-gnu' : 'linux/x86_64' +] + +tasks.register('installCargoZigbuild', Exec) { + group 'Build' + description 'Installs Cargo Zigbuild for Rust compilation.' + + commandLine 'cargo', 'install', 'cargo-zigbuild' +} + +tasks.register('installRustTargets') { + dependsOn('installCargoZigbuild') + group 'Build' + description 'Installs Rust platform build targets.' + + doLast { + rustLibraryTargets.keySet().forEach { rustTarget -> + exec { + commandLine 'rustup', 'target', 'add', rustTarget + } + } + } +} + +tasks.register('compileFFI') { + dependsOn('installRustTargets') + group 'Build' + description 'Compiles Foreign Function Interface libraries.' + + doLast { + rustLibraryTargets.forEach { rustTarget, libraryFile -> + exec { + workingDir = ffiDir + commandLine 'cargo', 'zigbuild', '--release', '--target', rustTarget + } + + def sourcePath = "${ffiDir}/target/${rustTarget}/release/${libraryFile}" + def javaTargetPath = rustJavaTargets.get(rustTarget) + + copy { + from(sourcePath) + into layout.buildDirectory.dir("${compiledLibDir}/jne/${javaTargetPath}") + } + } + } +} + +tasks.register('testFFI') { + dependsOn('compileFFI') + group 'Build' + description 'Tests Foreign Function Interface libraries.' + + doLast { + exec { + workingDir = ffiDir + commandLine 'cargo', 'test' + } + } +} + +tasks.register('cleanFFI', Exec) { + group 'Build' + description 'Deletes the build directory for Foreign Function Interface libraries.' + + workingDir ffiDir + commandLine 'cargo', 'clean' +} + +tasks.register('uberJar', Jar) { + dependsOn('compileFFI') + group 'Build' + description 'Assembles a jar archive containing standard classes and native libraries.' + + archiveClassifier = 'uber' + with jar + + from(layout.buildDirectory.dir(compiledLibDir)) +} + +tasks.named('test') { + dependsOn('compileFFI') + classpath += files(layout.buildDirectory.dir(compiledLibDir)) +} + +tasks.named('build') { + dependsOn('uberJar') +} + +/* + Configures Maven publishing + */ +publishing { + publications { + maven(MavenPublication) { + groupId = 'com.cedarpolicy' + artifactId = 'cedar-java' + version = '3.1.0-SNAPSHOT' + + from components.java + + artifacts { + jar + artifact tasks.named('uberJar') + } + + pom { + name = 'cedar-java' + description = 'Java bindings for Cedar policy language.' + url = 'http://www.cedarpolicy.com' + + licenses { + license { + name = 'The Apache License, Version 2.0' + url = 'http://www.apache.org/licenses/LICENSE-2.0.txt' + } + } + + developers { + developer { + id = 'cedar' + name = 'Cedar Team' + email = 'cedar-sonatype-team@amazon.com' + } + } + + scm { + connection = 'scm:git:https://github.com/cedar-policy/cedar-java.git' + developerConnection = 'scm:git:https://github.com/cedar-policy/cedar-java.git' + url = 'https://github.com/cedar-policy/cedar-java' + } + } + } + } +} diff --git a/CedarJava/src/main/java/com/cedarpolicy/BasicAuthorizationEngine.java b/CedarJava/src/main/java/com/cedarpolicy/BasicAuthorizationEngine.java index 6dd73a1c..adc40f52 100644 --- a/CedarJava/src/main/java/com/cedarpolicy/BasicAuthorizationEngine.java +++ b/CedarJava/src/main/java/com/cedarpolicy/BasicAuthorizationEngine.java @@ -21,6 +21,7 @@ import java.io.IOException; +import com.cedarpolicy.loader.LibraryLoader; import com.cedarpolicy.model.*; import com.cedarpolicy.model.exception.AuthException; import com.cedarpolicy.model.exception.BadRequestException; @@ -40,7 +41,7 @@ public final class BasicAuthorizationEngine implements AuthorizationEngine { private static final Logger LOG = LoggerFactory.getLogger(BasicAuthorizationEngine.class); static { - System.load(System.getenv("CEDAR_JAVA_FFI_LIB")); + LibraryLoader.loadLibrary(); } /** Construct a basic authorization engine. */ diff --git a/CedarJava/src/main/java/com/cedarpolicy/loader/LibraryLoader.java b/CedarJava/src/main/java/com/cedarpolicy/loader/LibraryLoader.java new file mode 100644 index 00000000..e83cf247 --- /dev/null +++ b/CedarJava/src/main/java/com/cedarpolicy/loader/LibraryLoader.java @@ -0,0 +1,40 @@ +/* + * Copyright 2022-2023 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.cedarpolicy.loader; + +import com.fizzed.jne.JNE; + +/** + * Native Library Loader encapsulates runtime loading of the Cedar Java FFI library + */ +public class LibraryLoader { + private static final String LIBRARY_PATH_VARIABLE_NAME = "CEDAR_JAVA_FFI_LIB"; + + private static final String LIBRARY_NAME = "cedar_java_ffi"; + + /** + * Load Cedar Java FFI library based on runtime operating system and architecture of the Java Virtual Machine + */ + public static void loadLibrary() { + final String libraryPath = System.getenv(LIBRARY_PATH_VARIABLE_NAME); + if (libraryPath == null || libraryPath.isEmpty()) { + JNE.loadLibrary(LIBRARY_NAME); + } else { + System.load(libraryPath); + } + } +} diff --git a/CedarJava/src/main/java/com/cedarpolicy/model/schema/Schema.java b/CedarJava/src/main/java/com/cedarpolicy/model/schema/Schema.java index f6cdf563..c03d1425 100644 --- a/CedarJava/src/main/java/com/cedarpolicy/model/schema/Schema.java +++ b/CedarJava/src/main/java/com/cedarpolicy/model/schema/Schema.java @@ -16,6 +16,7 @@ package com.cedarpolicy.model.schema; +import com.cedarpolicy.loader.LibraryLoader; import com.cedarpolicy.model.exception.InternalException; import com.fasterxml.jackson.annotation.JsonValue; import com.fasterxml.jackson.databind.JsonNode; @@ -29,7 +30,7 @@ public final class Schema { private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper(); static { - System.load(System.getenv("CEDAR_JAVA_FFI_LIB")); + LibraryLoader.loadLibrary(); } // The schema after being parsed as a JSON object. diff --git a/CedarJava/src/main/java/com/cedarpolicy/model/slice/Policy.java b/CedarJava/src/main/java/com/cedarpolicy/model/slice/Policy.java index 943710ea..7c9e21d2 100644 --- a/CedarJava/src/main/java/com/cedarpolicy/model/slice/Policy.java +++ b/CedarJava/src/main/java/com/cedarpolicy/model/slice/Policy.java @@ -16,9 +16,11 @@ package com.cedarpolicy.model.slice; +import com.cedarpolicy.loader.LibraryLoader; import com.cedarpolicy.model.exception.InternalException; import com.cedarpolicy.value.EntityUID; import com.fasterxml.jackson.annotation.JsonProperty; +import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -31,7 +33,7 @@ public class Policy { private static final Logger LOG = LoggerFactory.getLogger(Policy.class); private static final AtomicInteger idCounter = new AtomicInteger(0); static { - System.load(System.getenv("CEDAR_JAVA_FFI_LIB")); + LibraryLoader.loadLibrary(); } /** Policy string. */ @@ -47,6 +49,7 @@ public class Policy { * @param policyID The id of this policy. Must be unique. Note: We may flip the order of the * arguments here for idiomatic reasons. */ + @SuppressFBWarnings("CT_CONSTRUCTOR_THROW") public Policy( @JsonProperty("policySrc") String policy, @JsonProperty("policyID") String policyID) throws NullPointerException { diff --git a/CedarJava/src/main/java/com/cedarpolicy/serializer/JsonEUID.java b/CedarJava/src/main/java/com/cedarpolicy/serializer/JsonEUID.java index 5ae42e65..51460012 100644 --- a/CedarJava/src/main/java/com/cedarpolicy/serializer/JsonEUID.java +++ b/CedarJava/src/main/java/com/cedarpolicy/serializer/JsonEUID.java @@ -23,6 +23,7 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.databind.annotation.JsonSerialize; import com.cedarpolicy.value.EntityUID; +import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; /** Represent JSON format of Entity Unique Identifier. */ @JsonDeserialize @@ -56,6 +57,7 @@ public JsonEUID(String type, String id) { this.type = type; this.id = id; } + @SuppressFBWarnings("CT_CONSTRUCTOR_THROW") public JsonEUID(String src) throws InvalidEUIDException { var o = EntityUID.parse(src); if (o.isPresent()) { diff --git a/CedarJava/src/main/java/com/cedarpolicy/value/Decimal.java b/CedarJava/src/main/java/com/cedarpolicy/value/Decimal.java index 9206d29f..6835d266 100644 --- a/CedarJava/src/main/java/com/cedarpolicy/value/Decimal.java +++ b/CedarJava/src/main/java/com/cedarpolicy/value/Decimal.java @@ -16,6 +16,7 @@ package com.cedarpolicy.value; +import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import java.util.Objects; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -51,6 +52,7 @@ public static boolean validDecimal(String d) { * * @param decimal Decimal as a String. */ + @SuppressFBWarnings("CT_CONSTRUCTOR_THROW") public Decimal(String decimal) throws NullPointerException, IllegalArgumentException { if (!DecimalValidator.validDecimal(decimal)) { throw new IllegalArgumentException( diff --git a/CedarJava/src/main/java/com/cedarpolicy/value/EntityIdentifier.java b/CedarJava/src/main/java/com/cedarpolicy/value/EntityIdentifier.java index d3693153..504b4491 100644 --- a/CedarJava/src/main/java/com/cedarpolicy/value/EntityIdentifier.java +++ b/CedarJava/src/main/java/com/cedarpolicy/value/EntityIdentifier.java @@ -1,6 +1,8 @@ package com.cedarpolicy.value; +import com.cedarpolicy.loader.LibraryLoader; + /** * Class representing Entity Identifiers. * All strings are valid Entity Identifiers @@ -8,8 +10,8 @@ public final class EntityIdentifier { private String id; - static { - System.load(System.getenv("CEDAR_JAVA_FFI_LIB")); + static { + LibraryLoader.loadLibrary(); } /** diff --git a/CedarJava/src/main/java/com/cedarpolicy/value/EntityTypeName.java b/CedarJava/src/main/java/com/cedarpolicy/value/EntityTypeName.java index 26ba0537..8aca71b8 100644 --- a/CedarJava/src/main/java/com/cedarpolicy/value/EntityTypeName.java +++ b/CedarJava/src/main/java/com/cedarpolicy/value/EntityTypeName.java @@ -1,6 +1,7 @@ package com.cedarpolicy.value; +import com.cedarpolicy.loader.LibraryLoader; import com.google.common.base.Suppliers; import java.util.List; @@ -22,7 +23,7 @@ public final class EntityTypeName { private final Supplier entityTypeNameRepr; static { - System.load(System.getenv("CEDAR_JAVA_FFI_LIB")); + LibraryLoader.loadLibrary(); } /** diff --git a/CedarJava/src/main/java/com/cedarpolicy/value/EntityUID.java b/CedarJava/src/main/java/com/cedarpolicy/value/EntityUID.java index 41a62b25..b8e7773f 100644 --- a/CedarJava/src/main/java/com/cedarpolicy/value/EntityUID.java +++ b/CedarJava/src/main/java/com/cedarpolicy/value/EntityUID.java @@ -20,6 +20,7 @@ import java.util.Objects; import java.util.function.Supplier; +import com.cedarpolicy.loader.LibraryLoader; import com.cedarpolicy.serializer.JsonEUID; import com.google.common.base.Suppliers; @@ -32,8 +33,8 @@ public final class EntityUID extends Value { private final EntityIdentifier id; private final Supplier euidRepr; - static { - System.load(System.getenv("CEDAR_JAVA_FFI_LIB")); + static { + LibraryLoader.loadLibrary(); } /** diff --git a/CedarJava/src/main/java/com/cedarpolicy/value/IpAddress.java b/CedarJava/src/main/java/com/cedarpolicy/value/IpAddress.java index 9d4ef02c..bd71e227 100644 --- a/CedarJava/src/main/java/com/cedarpolicy/value/IpAddress.java +++ b/CedarJava/src/main/java/com/cedarpolicy/value/IpAddress.java @@ -16,6 +16,7 @@ package com.cedarpolicy.value; +import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import java.util.Objects; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -78,6 +79,7 @@ public static boolean validIPv6(String ip) { * * @param ipAddress IP address as a String. */ + @SuppressFBWarnings("CT_CONSTRUCTOR_THROW") public IpAddress(String ipAddress) throws NullPointerException, IllegalArgumentException { if (!IpAddressValidator.validIPv4(ipAddress) && !IpAddressValidator.validIPv6(ipAddress)) { throw new IllegalArgumentException( diff --git a/CedarJava/src/test/java/com/cedarpolicy/SharedIntegrationTests.java b/CedarJava/src/test/java/com/cedarpolicy/SharedIntegrationTests.java index 77217123..a2d1a850 100644 --- a/CedarJava/src/test/java/com/cedarpolicy/SharedIntegrationTests.java +++ b/CedarJava/src/test/java/com/cedarpolicy/SharedIntegrationTests.java @@ -58,6 +58,7 @@ import java.util.Set; import java.util.stream.Collectors; import java.util.stream.Stream; +import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import org.junit.jupiter.api.DynamicContainer; import org.junit.jupiter.api.DynamicTest; import org.junit.jupiter.api.TestFactory; @@ -258,6 +259,7 @@ public List integrationTestsFromJson() throws IOException { * Generates a test container for all the test requests in a json file. Each request is its own * test, and all the test in the json file are grouped into the returned container. */ + @SuppressFBWarnings("NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD") private DynamicContainer loadJsonTests(String jsonFile) throws IOException { JsonTest test; try (InputStream jsonIn = From 928fbc3a3640a138a9e9c46f2042d16630c00e61 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 Mar 2024 12:42:35 -0400 Subject: [PATCH 06/10] Bump com.google.guava:guava from 33.0.0-jre to 33.1.0-jre in /CedarJava (#111) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- CedarJava/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CedarJava/build.gradle b/CedarJava/build.gradle index d5e6b00a..443521e0 100644 --- a/CedarJava/build.gradle +++ b/CedarJava/build.gradle @@ -74,7 +74,7 @@ dependencies { implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.16.2' implementation 'org.slf4j:slf4j-api:2.0.12' implementation 'com.fizzed:jne:4.1.1' - implementation 'com.google.guava:guava:33.0.0-jre' + implementation 'com.google.guava:guava:33.1.0-jre' compileOnly 'com.github.spotbugs:spotbugs-annotations:4.8.3' testImplementation 'org.slf4j:slf4j-simple:2.0.12' testImplementation 'org.junit.jupiter:junit-jupiter-api:5.10.2' From db55d0dbcd1618650b2f387f2d1b66c26341aa78 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 Mar 2024 12:43:58 -0400 Subject: [PATCH 07/10] Bump net.jqwik:jqwik from 1.8.3 to 1.8.4 in /CedarJava (#110) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- CedarJava/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CedarJava/build.gradle b/CedarJava/build.gradle index 443521e0..13bfbf8b 100644 --- a/CedarJava/build.gradle +++ b/CedarJava/build.gradle @@ -78,7 +78,7 @@ dependencies { compileOnly 'com.github.spotbugs:spotbugs-annotations:4.8.3' testImplementation 'org.slf4j:slf4j-simple:2.0.12' testImplementation 'org.junit.jupiter:junit-jupiter-api:5.10.2' - testImplementation 'net.jqwik:jqwik:1.8.3' + testImplementation 'net.jqwik:jqwik:1.8.4' } test { From 45ebfc93154df0fe68c29893f5086b7e7871face Mon Sep 17 00:00:00 2001 From: Andrew Wells <130512013+andrewmwells-amazon@users.noreply.github.com> Date: Fri, 22 Mar 2024 12:28:41 -0700 Subject: [PATCH 08/10] actually run junit tests (#112) Signed-off-by: Andrew Wells --- .github/workflows/ci.yml | 7 ++++++ CedarJava/build.gradle | 25 ++++++++++---------- CedarJava/config.sh | 49 ---------------------------------------- 3 files changed, 20 insertions(+), 61 deletions(-) delete mode 100755 CedarJava/config.sh diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 627458c6..66865560 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,6 +14,12 @@ jobs: steps: - name: Checkout cedar-java uses: actions/checkout@v4 + - name: Checkout cedar + uses: actions/checkout@v4 + with: + repository: cedar-policy/cedar + ref: main + path: /home/runner/work/cedar-java/cedar-java/cedar - name: Prepare Rust Build run: rustup update stable && rustup default stable - name: Check FFI Formatting @@ -25,6 +31,7 @@ jobs: working-directory: ./CedarJava env: MUST_RUN_CEDAR_INTEGRATION_TESTS: 1 + CEDAR_INTEGRATION_TESTS_ROOT: /home/runner/work/cedar-java/cedar-java/cedar/cedar-integration-tests run: ./gradlew build - name: Generate Java Documentation working-directory: ./CedarJava diff --git a/CedarJava/build.gradle b/CedarJava/build.gradle index 13bfbf8b..c8736e22 100644 --- a/CedarJava/build.gradle +++ b/CedarJava/build.gradle @@ -77,18 +77,9 @@ dependencies { implementation 'com.google.guava:guava:33.1.0-jre' compileOnly 'com.github.spotbugs:spotbugs-annotations:4.8.3' testImplementation 'org.slf4j:slf4j-simple:2.0.12' - testImplementation 'org.junit.jupiter:junit-jupiter-api:5.10.2' testImplementation 'net.jqwik:jqwik:1.8.4' -} - -test { - useJUnitPlatform() - //environment "CEDAR_INTEGRATION_TESTS_ROOT", ''set to absolute path of `cedar-integration-tests`' - //environment 'CEDAR_JAVA_FFI_LIB', 'set to absolute path of cedar_java_ffi native library (including file extension)' - testLogging { - showStandardStreams false - exceptionFormat 'full' - } + testImplementation 'org.junit.jupiter:junit-jupiter-api:5.10.2' + testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.10.2' } def ffiDir = '../CedarJavaFFI' @@ -140,7 +131,7 @@ tasks.register('compileFFI') { rustLibraryTargets.forEach { rustTarget, libraryFile -> exec { workingDir = ffiDir - commandLine 'cargo', 'zigbuild', '--release', '--target', rustTarget + commandLine 'cargo', 'zigbuild', '--features', 'partial-eval', '--release', '--target', rustTarget } def sourcePath = "${ffiDir}/target/${rustTarget}/release/${libraryFile}" @@ -187,10 +178,20 @@ tasks.register('uberJar', Jar) { } tasks.named('test') { + useJUnitPlatform() dependsOn('compileFFI') classpath += files(layout.buildDirectory.dir(compiledLibDir)) } +test { + //environment "CEDAR_INTEGRATION_TESTS_ROOT", ''set to absolute path of `cedar-integration-tests`' + testLogging { + events "skipped", "failed", "standardOut", "standardError" + showStandardStreams false + exceptionFormat 'full' + } +} + tasks.named('build') { dependsOn('uberJar') } diff --git a/CedarJava/config.sh b/CedarJava/config.sh deleted file mode 100755 index 264a3522..00000000 --- a/CedarJava/config.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash - -# If we run with anything but 1 or 2 args, exit with error code 1 -if [ "$#" -ne 0 ] && [ "$#" -ne 1 ]; then - echo "Wrong number of args:" $# - exit 1; -fi - -# Find and replace a pattern with some text in a file using `sed`, but first -# check that the pattern occurs in the file exactly once. -replace_once() { - local replace_in_file="$1" - local pattern="$2" - local replace_with="$3" - - local match_count - match_count="$(grep -c "$pattern" "$replace_in_file")" - if [ "$match_count" -ne 1 ]; then - echo "Expected $pattern would match exactly once in $replace_in_file, but it matched $match_count times" - exit 1 - fi - - sed -i.bak "s;$pattern;$replace_with;" "$replace_in_file" - rm "$replace_in_file".bak -} - -parent_dir="$(dirname $(pwd))" - -#Try to set correctly for Mac and Linux machines -if [ "$(uname)" == "Darwin" ]; then - ffi_lib_str=" environment 'CEDAR_JAVA_FFI_LIB', '"$parent_dir"/CedarJavaFFI/target/debug/libcedar_java_ffi.dylib'" -else - ffi_lib_str=" environment 'CEDAR_JAVA_FFI_LIB', '"$parent_dir"/CedarJavaFFI/target/debug/libcedar_java_ffi.so'" -fi -replace_once build.gradle ".*CEDAR_JAVA_FFI_LIB.*" "$ffi_lib_str" - -# In CI, we need to pull the latest cedar-policy to match the latest cedar-integration-tests -# We require that integration tests be run -# Outside of CI, we can skip the integration tests (run script with no args) -# If you call this script with `run_int_tests`, we assume you have `cedar` checkout out in the `cedar-java` dir -if [ "$#" -ne 0 ] && [ "$1" == "run_int_tests" ]; then - integration_tests_str=" environment 'CEDAR_INTEGRATION_TESTS_ROOT', '"$parent_dir"/cedar/cedar-integration-tests'" - replace_once build.gradle ".*CEDAR_INTEGRATION_TESTS_ROOT.*" "$integration_tests_str" - - export MUST_RUN_CEDAR_INTEGRATION_TESTS=1 -else - unset MUST_RUN_CEDAR_INTEGRATION_TESTS - export CEDAR_INTEGRATION_TESTS_ROOT=/tmp -fi From 5df53d184a203ddb97502311c82220e0e762accb Mon Sep 17 00:00:00 2001 From: David Handermann Date: Mon, 25 Mar 2024 10:26:23 -0500 Subject: [PATCH 09/10] Update Gradle build to download integration tests (#114) Signed-off-by: David Handermann --- .github/workflows/ci.yml | 39 +++++++++++-------- CedarJava/README.md | 8 ---- CedarJava/build.gradle | 22 +++++++++++ .../cedarpolicy/SharedIntegrationTests.java | 20 ++++------ README.md | 14 +++---- 5 files changed, 59 insertions(+), 44 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 66865560..55b45dc1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,4 +1,4 @@ -name: Build & Test (CedarJava & CedarJavaFFI) +name: Continuous Integration Build on: pull_request: @@ -9,30 +9,37 @@ env: jobs: build: - name: Build FFI and Java - runs-on: ubuntu-latest + strategy: + matrix: + os: [ubuntu-latest, macos-14] + include: + - os: ubuntu-latest + name: Build on Linux + zigInstall: sudo snap install zig --beta --classic + - os: macos-14 + name: Build on macOS + zigInstall: brew install zig + runs-on: ${{ matrix.os }} + name: ${{ matrix.name }} steps: - name: Checkout cedar-java uses: actions/checkout@v4 - - name: Checkout cedar - uses: actions/checkout@v4 - with: - repository: cedar-policy/cedar - ref: main - path: /home/runner/work/cedar-java/cedar-java/cedar - name: Prepare Rust Build run: rustup update stable && rustup default stable - name: Check FFI Formatting - working-directory: ./CedarJavaFFI + working-directory: CedarJavaFFI run: cargo fmt --all --check - name: Install Zig - run: sudo snap install zig --beta --classic + run: ${{ matrix.zigInstall }} + - name: Setup Java JDK + uses: actions/setup-java@v4 + with: + java-version: '17' + distribution: 'corretto' + cache: 'gradle' - name: Build FFI and Java Libraries - working-directory: ./CedarJava - env: - MUST_RUN_CEDAR_INTEGRATION_TESTS: 1 - CEDAR_INTEGRATION_TESTS_ROOT: /home/runner/work/cedar-java/cedar-java/cedar/cedar-integration-tests + working-directory: CedarJava run: ./gradlew build - name: Generate Java Documentation - working-directory: ./CedarJava + working-directory: CedarJava run: ./gradlew javadoc diff --git a/CedarJava/README.md b/CedarJava/README.md index 851897da..e1488b65 100644 --- a/CedarJava/README.md +++ b/CedarJava/README.md @@ -19,14 +19,6 @@ with the `build` task to compile both the Cedar Java Foreign Function Interface ./gradlew build ``` -## Integration Testing - -Set the `CEDAR_INTEGRATION_TESTS_ROOT` environment variable to enable integration tests when building. - -```shell -export CEDAR_INTEGRATION_TESTS_ROOT=`path_to_cedar/cedar-integration-tests` -``` - ## Debugging If you're encountering unexpected errors, a good first step in debugging can be to enable TRACE-level logging for diff --git a/CedarJava/build.gradle b/CedarJava/build.gradle index c8736e22..0e3f2cbb 100644 --- a/CedarJava/build.gradle +++ b/CedarJava/build.gradle @@ -24,6 +24,9 @@ plugins { // Maven Publish for publishing artifacts to an Apache Maven repository id 'maven-publish' + + // Download Task for integration tests + id 'de.undercouch.download' version '5.6.0' } /* @@ -177,9 +180,28 @@ tasks.register('uberJar', Jar) { from(layout.buildDirectory.dir(compiledLibDir)) } +tasks.register('downloadIntegrationTests', Download) { + group 'Build' + description 'Downloads Cedar repository with integration tests.' + + src 'https://codeload.github.com/cedar-policy/cedar/zip/main' + dest layout.buildDirectory.file('cedar-main.zip') + overwrite false +} + +tasks.register('extractIntegrationTests', Copy) { + group 'Build' + description 'Extracts Cedar integration tests.' + + dependsOn('downloadIntegrationTests') + from zipTree(layout.buildDirectory.file('cedar-main.zip')) + into layout.buildDirectory.dir('resources/test') +} + tasks.named('test') { useJUnitPlatform() dependsOn('compileFFI') + dependsOn('extractIntegrationTests') classpath += files(layout.buildDirectory.dir(compiledLibDir)) } diff --git a/CedarJava/src/test/java/com/cedarpolicy/SharedIntegrationTests.java b/CedarJava/src/test/java/com/cedarpolicy/SharedIntegrationTests.java index a2d1a850..a4e5e817 100644 --- a/CedarJava/src/test/java/com/cedarpolicy/SharedIntegrationTests.java +++ b/CedarJava/src/test/java/com/cedarpolicy/SharedIntegrationTests.java @@ -45,6 +45,7 @@ import java.io.IOException; import java.io.InputStream; import java.io.UncheckedIOException; +import java.net.URL; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; @@ -53,7 +54,6 @@ import java.util.HashSet; import java.util.List; import java.util.Map; -import java.util.Objects; import java.util.Optional; import java.util.Set; import java.util.stream.Collectors; @@ -66,11 +66,6 @@ /** Integration tests Used by Cedar / corpus tests saved from the fuzzer. */ public class SharedIntegrationTests { private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper(); - private static final String CEDAR_INTEGRATION_TESTS_ROOT = - Objects.requireNonNull( - System.getenv("CEDAR_INTEGRATION_TESTS_ROOT"), - "Environment variable CEDAR_INTEGRATION_TESTS_ROOT is required " - + "for shared integration tests but is not present."); /** * For relative paths, return an absolute path rooted in the shared integration test root. For @@ -81,10 +76,12 @@ public class SharedIntegrationTests { * @return A Path object containing an absolute path. */ private Path resolveIntegrationTestPath(String path) { - if (Paths.get(path).isAbsolute()) { - return Paths.get(path); + final Path resolved = Paths.get(path); + if (resolved.isAbsolute()) { + return resolved; } else { - return Paths.get(CEDAR_INTEGRATION_TESTS_ROOT, path); + final URL integrationTestsLocation = getClass().getResource("/cedar-main/cedar-integration-tests"); + return integrationTestsLocation == null ? resolved : Paths.get(integrationTestsLocation.getPath(), path); } } @@ -220,8 +217,7 @@ private static class JsonEntity { public List integrationTestsFromJson() throws IOException { List tests = new ArrayList<>(); //If we can't find the `cedar` package, don't try to load integration tests. - //In CI, MUST_RUN_CEDAR_INTEGRATION_TESTS is set - if(System.getenv("MUST_RUN_CEDAR_INTEGRATION_TESTS") == null && Files.notExists(Paths.get(CEDAR_INTEGRATION_TESTS_ROOT, "corpus_tests"))) { + if (Files.notExists(resolveIntegrationTestPath("corpus_tests"))) { return tests; } // tests other than corpus tests @@ -230,7 +226,7 @@ public List integrationTestsFromJson() throws IOException { } // corpus tests try (Stream stream = - Files.list(Paths.get(CEDAR_INTEGRATION_TESTS_ROOT, "corpus_tests"))) { + Files.list(resolveIntegrationTestPath("corpus_tests"))) { stream // ignore non-JSON files .filter(path -> path.getFileName().toString().endsWith(".json")) diff --git a/README.md b/README.md index 13a2040d..17781bc9 100644 --- a/README.md +++ b/README.md @@ -5,21 +5,19 @@ It also contains source code for a Rust crate `CedarJavaFFI` that enables callin ## Getting Started -You can find detailed build instructions and more information in the subfolders [CedarJavaFFI](https://github.com/cedar-policy/cedar-java/blob/main/CedarJavaFFI/README.md), [CedarJava](https://github.com/cedar-policy/cedar-java/blob/main/CedarJava/README.md). -For typical use, you'll want something like: +The [CedarJavaFFI](https://github.com/cedar-policy/cedar-java/blob/main/CedarJavaFFI/README.md) and [CedarJava](https://github.com/cedar-policy/cedar-java/blob/main/CedarJava/README.md) directories contain detailed instructions on building individual modules. + +The `CedarJava` module uses Gradle to build both modules and run integration tests. The following commands provide general usage for getting started. ```shell -cd CedarJavaFFI && cargo build -cd ../CedarJava -export CEDAR_INTEGRATION_TESTS_ROOT=/tmp #(assuming you don't want to run them) -export CEDAR_JAVA_FFI_LIB=path_to_CedarJavaFFI/target/debug/libcedar_java_ffi.so #(or wherever you built CedarJavaFFI) -gradle test +cd CedarJava +./gradlew build ``` ## Notes -You need JDK 17 or later to run the Java code. +`CedarJava` requires JDK 17 or later. Cedar is primarily developed in Rust (in the [cedar](https://github.com/cedar-policy/cedar) repository). As such, `CedarJava` typically lags behind the newest Cedar features. Notably, as of this writing, `CedarJava` does not expose APIs for partial evaluation. From 904e216b61b9c2a9dba57448255831c6f8236e1d Mon Sep 17 00:00:00 2001 From: Kesha Hietala Date: Mon, 25 Mar 2024 13:00:01 -0400 Subject: [PATCH 10/10] bump versions Signed-off-by: Kesha Hietala --- .../src/main/java/com/cedarpolicy/AuthorizationEngine.java | 2 +- CedarJavaFFI/Cargo.toml | 4 ++-- CedarJavaFFI/src/interface.rs | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CedarJava/src/main/java/com/cedarpolicy/AuthorizationEngine.java b/CedarJava/src/main/java/com/cedarpolicy/AuthorizationEngine.java index 22394173..d0d88693 100644 --- a/CedarJava/src/main/java/com/cedarpolicy/AuthorizationEngine.java +++ b/CedarJava/src/main/java/com/cedarpolicy/AuthorizationEngine.java @@ -81,6 +81,6 @@ public interface AuthorizationEngine { * @return The Cedar language major version supported */ static String getCedarLangVersion() { - return "3.0"; + return "3.1"; } } diff --git a/CedarJavaFFI/Cargo.toml b/CedarJavaFFI/Cargo.toml index 5fde7739..b9e93f00 100644 --- a/CedarJavaFFI/Cargo.toml +++ b/CedarJavaFFI/Cargo.toml @@ -4,14 +4,14 @@ name = "cedar-java-ffi" edition = "2021" -version = "3.0.0" +version = "3.1.0" [dependencies] serde = { version = "1.0", features = ["derive", "rc"] } serde_json = "1.0" thiserror = "1.0" itertools = "0.12" -cedar-policy = "3.0" +cedar-policy = "3.1" # JNI Support jni = "0.21.0" diff --git a/CedarJavaFFI/src/interface.rs b/CedarJavaFFI/src/interface.rs index aade182f..fc2641c8 100644 --- a/CedarJavaFFI/src/interface.rs +++ b/CedarJavaFFI/src/interface.rs @@ -104,7 +104,7 @@ pub fn callCedarJNI( /// The main JNI entry point #[jni_fn("com.cedarpolicy.BasicAuthorizationEngine")] pub fn getCedarJNIVersion(env: JNIEnv<'_>) -> jstring { - env.new_string("3.0") + env.new_string("3.1") .expect("error creating Java string") .into_raw() }