Package org.ow2.authzforce.core.pdp.api.io

Class NonIssuedLikeIssuedLaxXacmlAttributeParser<INPUT_ATTRIBUTE>

  • Type Parameters:
    INPUT_ATTRIBUTE - type of raw input attribute object (not yet parsed into AuthzForce internal model), typically from original XACML Request, e.g. JAXB-annotated Attribute for XACML/XML request, or JSON object for XACML/JSON request
    public final class NonIssuedLikeIssuedLaxXacmlAttributeParser<INPUT_ATTRIBUTE>
extends XacmlRequestAttributeParser<INPUT_ATTRIBUTE,​MutableAttributeBag<?>>
    On the contrary to IssuedToNonIssuedCopyingLaxXacmlAttributeParser, this XACML Attribute parser does not copy the values of Attributes having an Issuer to the corresponding Attributes without Issuer (same Category, AttributeId...) in the resulting attribute map. Therefore it does not comply with what XACML 3.0, ยง5.29 says on <AttributeDesignator> evaluation. However, it is more performant. In this implementation, an Attribute with no Issuer is handled like an attribute with an Issuer, except the Issuer has the special value "null". Therefore, an AttributeDesignator with "null" Issuer (undefined) will still match any attribute in the request with "null" Issuer (but not any other Attribute with same AttributeId but a defined/non-null Issuer, for which a different AttributeDesignator with a defined Issuer must be used).

    • Method Detail

      • copyIssuedAttributeValuesToNonIssued

        protected boolean copyIssuedAttributeValuesToNonIssued​(AttributeFqn attributeFQN)
        Decide whether to copy values of attributes with Issuer to attributes with same category and ID but null Issuer
        Returns:
        true iff the caller is required to make the copy

      • parseNamedAttribute

        public final void parseNamedAttribute​(String attributeCategoryId,
                                      INPUT_ATTRIBUTE inputXacmlAttribute,
                                      net.sf.saxon.s9api.XPathCompiler xPathCompiler,
                                      Map<AttributeFqn,​MutableAttributeBag<?>> attributeMap)
                               throws IllegalArgumentException
        Description copied from class: XacmlRequestAttributeParser
        Parse a given named attribute.
        Specified by:
        parseNamedAttribute in class XacmlRequestAttributeParser<INPUT_ATTRIBUTE,​MutableAttributeBag<?>>
        Parameters:
        attributeCategoryId - attribute category ID
        inputXacmlAttribute - input attribute object (not yet parsed into AuthzForce internal model), typically from original XACML request
        xPathCompiler - XPath compiler for compiling/evaluating XPath expressions in values, such as XACML xpathExpressions
        attributeMap - request attribute map to be updated by the result of parsing inputXacmlAttribute
        Throws:
        IllegalArgumentException - if parsing of the inputXacmlAttribute failed because of invalid syntax, e.g. invalid datatype or mixing different datatypes