Package org.ow2.authzforce.core.pdp.api

Class DecisionResults

    • Field Detail

      • SIMPLE_PERMIT

        public static final DecisionResult SIMPLE_PERMIT
        Simple immutable Permit Decision result (no status, no obligation/advice)

      • SIMPLE_DENY

        public static final DecisionResult SIMPLE_DENY
        Simple immutable Deny Decision result (no status, no obligation/advice)

      • SIMPLE_NOT_APPLICABLE

        public static final DecisionResult SIMPLE_NOT_APPLICABLE
        Simple immutable NotApplicable Decision result (no status)

    • Method Detail

      • getPermit

        public static DecisionResult getPermit​(oasis.names.tc.xacml._3_0.core.schema.wd_17.Status status,
                                       com.google.common.collect.ImmutableList<PepAction> pepActions,
                                       com.google.common.collect.ImmutableList<PrimaryPolicyMetadata> applicablePolicyIdList)
        Instantiates a Permit decision with optional PEP actions (obligations and advice).
        Parameters:
        status - status; even if decision is Permit/Deny, there may be a status "ok" (standard status in XACML 3.0) or internal error on attribute resolution but not resulting in Indeterminate because of special combining algorithm ignoring such results (like deny-unless-permit) or MustBePresent="false"
        pepActions - PEP actions (obligations/advices)
        applicablePolicyIdList - list of identifiers of applicable policies that contributed to this result. If not null, the created instance uses only an immutable copy of this list.
        Returns:
        permit result, more particularly SIMPLE_PERMIT iff status == null && pepActions == null.

      • getDeny

        public static DecisionResult getDeny​(oasis.names.tc.xacml._3_0.core.schema.wd_17.Status status,
                                     com.google.common.collect.ImmutableList<PepAction> pepActions,
                                     com.google.common.collect.ImmutableList<PrimaryPolicyMetadata> applicablePolicyIdList)
        Instantiates a Deny decision with optional PEP actions (obligations and advice).
        Parameters:
        status - status; even if decision is Permit/Deny, there may be a status "ok" (standard status in XACML 3.0) or internal error on attribute resolution but not resulting in Indeterminate because of special combining algorithm ignoring such results (like deny-unless-permit) or MustBePresent="false"
        pepActions - PEP actions (obligations/advices)
        applicablePolicyIdList - list of identifiers of applicable policies that contributed to this result. If not null, the created instance uses only an immutable copy of this list.
        Returns:
        deny result, more particularly SIMPLE_DENY iff status == null && pepActions == null.

      • getNotApplicable

        public static DecisionResult getNotApplicable​(oasis.names.tc.xacml._3_0.core.schema.wd_17.Status status)
        Instantiates a NotApplicable decision with optional status.
        Parameters:
        status - status; even if decision is NotApplicable, there may be a status "ok" (standard status in XACML 3.0) or internal error on attribute resolution but not resulting in Indeterminate because of special combining algorithm ignoring such results (like deny-unless-permit) or MustBePresent="false"
        Returns:
        deny result, more particularly SIMPLE_DENY iff status == null && pepActions == null.

      • newIndeterminate

        public static DecisionResult newIndeterminate​(oasis.names.tc.xacml._3_0.core.schema.wd_17.DecisionType extendedIndeterminate,
                                              IndeterminateEvaluationException cause,
                                              com.google.common.collect.ImmutableList<PrimaryPolicyMetadata> applicablePolicyIdList)
                                       throws IllegalArgumentException
        Instantiates a Indeterminate Decision result with a given error status
        Parameters:
        extendedIndeterminate - Extended Indeterminate value (XACML 3.0 Core, section 7.10). We use the following convention:
        • DecisionType.DENY means "Indeterminate{D}"
        • DecisionType.PERMIT means "Indeterminate{P}"
        • DecisionType.INDETERMINATE or null means "Indeterminate{DP}"
        • DecisionType.NOT_APPLICABLE is the default value and means the decision is not Indeterminate, and therefore any extended Indeterminate value should be ignored
        applicablePolicyIdList - list of identifiers of applicable policies that contributed to this result. If not null, the created instance uses only an immutable copy of this list.
        cause - cause of the Indeterminate result
        Returns:
        Indeterminate result
        Throws:
        IllegalArgumentException - if cause == null

      • getInstance

        public static DecisionResult getInstance​(ExtendedDecision extendedDecision,
                                         com.google.common.collect.ImmutableList<PepAction> pepActions,
                                         com.google.common.collect.ImmutableList<PrimaryPolicyMetadata> applicablePolicyIdList)
                                  throws IllegalArgumentException
        Get immutable decision result from extended decision and obligations/advice elements
        Parameters:
        extendedDecision - extended decision
        pepActions - obligations/advice elements
        applicablePolicyIdList - list of identifiers of applicable policies that contributed to this result. If not null, the created instance uses only an immutable copy of this list.
        Returns:
        decision result
        Throws:
        IllegalArgumentException - if extendedDecision == null || extendedDecision.getDecision() ==null || (extendedDecision.getDecision() == INDETERMINATE && !extendedDecision.getCauseForIndeterminate().isPresent())