INPUT_ATTRIBUTE
- type of raw input attribute object (not yet parsed into AuthzForce internal model), typically from original XACML Request, e.g. JAXB-annotated Attribute for XACML/XML request, or
JSON object for XACML/JSON requestpublic final class NonIssuedLikeIssuedLaxXacmlAttributeParser<INPUT_ATTRIBUTE> extends XacmlRequestAttributeParser<INPUT_ATTRIBUTE,MutableAttributeBag<?>>
IssuedToNonIssuedCopyingLaxXacmlAttributeParser
, this XACML Attribute parser does not copy the values of Attributes having an Issuer to the corresponding Attributes
without Issuer (same Category, AttributeId...) in the resulting attribute map. Therefore it does not comply with what XACML 3.0, ยง5.29 says on <AttributeDesignator> evaluation. However,
it is more performant. In this implementation, an Attribute with no Issuer is handled like an attribute with an Issuer, except the Issuer has the special value "null". Therefore, an
AttributeDesignator with "null" Issuer (undefined) will still match any attribute in the request with "null" Issuer (but not any other Attribute with same AttributeId but a defined/non-null
Issuer, for which a different AttributeDesignator with a defined Issuer must be used).Constructor and Description |
---|
NonIssuedLikeIssuedLaxXacmlAttributeParser(NamedXacmlAttributeParser<INPUT_ATTRIBUTE> namedAttributeParser)
Creates instance of XACML Attribute Parser
|
Modifier and Type | Method and Description |
---|---|
protected boolean |
copyIssuedAttributeValuesToNonIssued(AttributeFqn attributeFQN)
Decide whether to copy values of attributes with Issuer to attributes with same category and ID but null Issuer
|
void |
parseNamedAttribute(String attributeCategoryId,
INPUT_ATTRIBUTE inputXacmlAttribute,
net.sf.saxon.s9api.XPathCompiler xPathCompiler,
Map<AttributeFqn,MutableAttributeBag<?>> attributeMap)
Parse a given named attribute.
|
parseNamedAttribute, validateResourceScope
public NonIssuedLikeIssuedLaxXacmlAttributeParser(NamedXacmlAttributeParser<INPUT_ATTRIBUTE> namedAttributeParser) throws IllegalArgumentException
namedAttributeParser
- low-level parser for named attributes of type INPUT_ATTRIBUTE
IllegalArgumentException
- iff namedAttributeParser == null
protected boolean copyIssuedAttributeValuesToNonIssued(AttributeFqn attributeFQN)
public final void parseNamedAttribute(String attributeCategoryId, INPUT_ATTRIBUTE inputXacmlAttribute, net.sf.saxon.s9api.XPathCompiler xPathCompiler, Map<AttributeFqn,MutableAttributeBag<?>> attributeMap) throws IllegalArgumentException
XacmlRequestAttributeParser
parseNamedAttribute
in class XacmlRequestAttributeParser<INPUT_ATTRIBUTE,MutableAttributeBag<?>>
attributeCategoryId
- attribute category IDinputXacmlAttribute
- input attribute object (not yet parsed into AuthzForce internal model), typically from original XACML requestxPathCompiler
- XPath compiler for compiling/evaluating XPath expressions in values, such as XACML xpathExpressionsattributeMap
- request attribute map to be updated by the result of parsing inputXacmlAttribute
IllegalArgumentException
- if parsing of the inputXacmlAttribute
failed because of invalid syntax, e.g. invalid datatype or mixing different datatypesCopyright © 2012–2020. All rights reserved.