Package org.ow2.authzforce.core.pdp.api

Interface PdpEngine

  • All Known Subinterfaces:
    CloseablePdpEngine
    public interface PdpEngine
    This is the interface for the Authorization PDP engines, providing the starting point for decision request evaluation, independent of data representation/serialization formats.

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      <INDIVIDUAL_DECISION_REQ_T extends DecisionRequest>
      Collection<Map.Entry<INDIVIDUAL_DECISION_REQ_T,​? extends DecisionResult>>      		 evaluate​(List<INDIVIDUAL_DECISION_REQ_T> requests)
      Generic API (serialization-format-agnostic) for evaluating multiple individual decision requests (see Multiple Decision Profile of XACML for the concept of "Individual Decision Request"), i.e.
      DecisionResult evaluate​(DecisionRequest request)
      Generic API (serialization-format-agnostic) for evaluating an individual decision request (see Multiple Decision Profile of XACML for the concept of "Individual Decision Request").
      Iterable<PrimaryPolicyMetadata> getApplicablePolicies()
      Get the PDP engine's root policy and policies referenced - directly or indirectly - from the root policy, independent from the evaluation context, i.e.
      DecisionRequestBuilder<?> newRequestBuilder​(int expectedNumOfAttributeCategories, int expectedTotalNumOfAttributes)
      Gets the PDP-engine-specific individual decision request builder.

    • Method Detail

      • newRequestBuilder

        DecisionRequestBuilder<?> newRequestBuilder​(int expectedNumOfAttributeCategories,
                                            int expectedTotalNumOfAttributes)
        Gets the PDP-engine-specific individual decision request builder.
        Parameters:
        expectedNumOfAttributeCategories - expected number of attribute categories in the request. This helps the implementation to allocate the right amount of memory and limit memory waste. Use negative value if unknown.
        expectedTotalNumOfAttributes - expected total number of attributes (over all categories). This helps the implementation to allocate the right amount of memory and limit memory waste. Use negative value if unknown.
        Returns:
        implementation-specific request builder. May not be thread-safe.

      • evaluate

        DecisionResult evaluate​(DecisionRequest request)
        Generic API (serialization-format-agnostic) for evaluating an individual decision request (see Multiple Decision Profile of XACML for the concept of "Individual Decision Request").

        This method DOES NOT use any DecisionRequestPreprocessor or any DecisionResultPostprocessor. (Only based on core PDP engine.)

        This method does not throw any exception but may still return an Indeterminate result if an error occurred. Therefore, clients should check whether == DecisionType#INDETERMINATE, in which case they can get more error info from ExtendedDecision.getCauseForIndeterminate()).

        Parameters:
        request - Individual Decision Request, as defined in the XACML Multiple Decision Profile (also mentioned in the Hierarchical Resource Profile)
        Returns:
        decision result.

      • evaluate

        <INDIVIDUAL_DECISION_REQ_T extends DecisionRequestCollection<Map.Entry<INDIVIDUAL_DECISION_REQ_T,​? extends DecisionResult>> evaluate​(List<INDIVIDUAL_DECISION_REQ_T> requests)
                                                                                                                                      throws IndeterminateEvaluationException
        Generic API (serialization-format-agnostic) for evaluating multiple individual decision requests (see Multiple Decision Profile of XACML for the concept of "Individual Decision Request"), i.e. as part of the same context. As a result, if any attribute is set by the PDP itself, e.g. the XACML standard environment attributes (current-date/current-time/current-date-time), it MUST have the same values for all input requests.

        This method DOES NOT use any DecisionRequestPreprocessor or any DecisionResultPostprocessor. (Only based on core PDP engine.)

        If the PDP uses any remote cache/database service, it should send all decision requests in the same service request and get all existing cache results in the service response, for performance reasons.

        Parameters:
        requests - Individual Decision Requests (see Multiple Decision Profile of XACML for the concept of "Individual Decision Request")
        Returns:
        decision request-result pairs
        Throws:
        IndeterminateEvaluationException - error occurred preventing any request evaluation. (This error is not specific to a particular decision request. Such request-specific error results in a Indeterminate decision result with error cause available via ExtendedDecision.getCauseForIndeterminate())

      • getApplicablePolicies

        Iterable<PrimaryPolicyMetadata> getApplicablePolicies()
        Get the PDP engine's root policy and policies referenced - directly or indirectly - from the root policy, independent from the evaluation context, i.e. assuming all are statically resolved
        Returns:
        the root - always in first position - and referenced policies; null if any of these policies is not statically resolved (once and for all)