Package org.ow2.authzforce.core.pdp.api
Interface DecisionResultPostprocessor<INDIVIDUAL_DECISION_REQUEST extends DecisionRequest,OUTPUT_DECISION_RESPONSE>
-
- Type Parameters:
INDIVIDUAL_DECISION_REQUEST- type of individual decision request.OUTPUT_DECISION_RESPONSE- type of output decision response. Usually serializable, e.g. XACML-schema-derived JAXB Result for XML.
- All Known Implementing Classes:
BaseXacmlJaxbResultPostprocessor
public interface DecisionResultPostprocessor<INDIVIDUAL_DECISION_REQUEST extends DecisionRequest,OUTPUT_DECISION_RESPONSE>XACML Decision Result post-processor, i.e. a PDP extension that processes decision Results after policy evaluation. Each Result corresponds to an Individual Decision Request. Besides, a typical Result post-processor may combine multiple individual decision results into a single decision Result if and only if the XACML Request's 'CombinedDecision' is set to true, as defined in XACML Multiple Decision Profile specification, section 3.Note: this interface is meant to be generic enough to be independent of the Result data serialization format (XML, JSON...).
-
-
Nested Class Summary
Nested Classes Modifier and Type Interface Description static interfaceDecisionResultPostprocessor.Factory<IDREQ extends DecisionRequest,RES>Factory of result post-processorsstatic classDecisionResultPostprocessor.FeaturesStandard feature identifiers that may be returned bygetFeatures()
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Modifier and Type Method Description default Set<String>getFeatures()Get supported features, e.g.Class<INDIVIDUAL_DECISION_REQUEST>getRequestType()Gets the class of supported individual decision request objectsClass<OUTPUT_DECISION_RESPONSE>getResponseType()Gets the class of output decision responseOUTPUT_DECISION_RESPONSEprocess(Collection<Map.Entry<INDIVIDUAL_DECISION_REQUEST,? extends DecisionResult>> resultsByRequest)Process multiple individual decision results (e.g.OUTPUT_DECISION_RESPONSEprocessClientError(IndeterminateEvaluationException error)Process an indeterminate result, i.e.OUTPUT_DECISION_RESPONSEprocessInternalError(IndeterminateEvaluationException error)Process an indeterminate result, i.e.
-
-
-
Method Detail
-
getRequestType
Class<INDIVIDUAL_DECISION_REQUEST> getRequestType()
Gets the class of supported individual decision request objects- Returns:
- (individual decision) request type parameter
-
getResponseType
Class<OUTPUT_DECISION_RESPONSE> getResponseType()
Gets the class of output decision response- Returns:
- result type parameter
-
getFeatures
default Set<String> getFeatures()
Get supported features, e.g. "urn:oasis:names:tc:xacml:3.0:profile:multiple:combined-decision" for Combined Decision- Returns:
- list of identifiers of supported features
-
process
OUTPUT_DECISION_RESPONSE process(Collection<Map.Entry<INDIVIDUAL_DECISION_REQUEST,? extends DecisionResult>> resultsByRequest)
Process multiple individual decision results (e.g. combine them if CombinedDecision=true)- Parameters:
resultsByRequest- results mapped to corresponding individual decision requests for correlation- Returns:
- output response
-
processClientError
OUTPUT_DECISION_RESPONSE processClientError(IndeterminateEvaluationException error)
Process an indeterminate result, i.e. evaluation error, in case of client request error.- Parameters:
error- client request error- Returns:
- error result
-
processInternalError
OUTPUT_DECISION_RESPONSE processInternalError(IndeterminateEvaluationException error)
Process an indeterminate result, i.e. evaluation error, in case of PDP engine's internal error, as opposed to client request errors.For security reasons, error details should not be included in this case as they may disclose PDP internal issues (e.g. bad configuration) to clients.
- Parameters:
error- internal error- Returns:
- error Result
-
-