Package org.ow2.authzforce.core.pdp.api.policy

Interface PolicyEvaluator

    • Method Detail

      • isApplicableByTarget

        boolean isApplicableByTarget​(EvaluationContext context)
                      throws IndeterminateEvaluationException
        "isApplicable()" as defined by Only-one-applicable algorithm (section C.9), i.e. applicable by virtue of its target, i.e. the target matches the context. Decidable.evaluate(EvaluationContext) already checks first if the policy Target matches, therefore you may call isApplicable() only if you only want to check if the policy is applicable by virtue of its Target. If you want to evaluate the policy, call Decidable.evaluate(EvaluationContext) right away. To be used by Only-one-applicable algorithm in particular.
        Parameters:
        context - evaluation context to match
        Returns:
        whether it is applicable
        Throws:
        IndeterminateEvaluationException - if Target evaluation in this context is "Indeterminate"

      • getPolicyElementType

        TopLevelPolicyElementType getPolicyElementType()
        Get type of evaluated policy element (either XACML Policy or XACML PolicySet)
        Returns:
        evaluated policy element type

      • getPolicyId

        String getPolicyId()
        Get policy ID, e.g. for auditing
        Returns:
        evaluated Policy(Set)Id

      • getPolicyVersion

        PolicyVersion getPolicyVersion​(EvaluationContext evaluationCtx)
                        throws IndeterminateEvaluationException
        Get policy version, e.g. for auditing. This may depend on the evaluation context in case of a Policy(Set)IdReference evaluator when using dynamic aka context-dependent PolicyProvider that resolve policy references at evaluation time based on the context, especially if the policy reference does not specify the version or use non-literal version match rules (with wildcards).

        Implementations must still guarantee that the result - once computed in a given request context - remains constant over the lifetime of this request context. This is required for consistent evaluation. The result may only change from one request to the other. For that purpose, implementations may use EvaluationContext.putOther(String, Object) to cache the result in the request context and EvaluationContext.getOther(String) to retrieve it later.

        Parameters:
        evaluationCtx - request evaluation context
        Returns:
        extra metadata of the evaluated policy
        Throws:
        IndeterminateEvaluationException - if the policy version could not be determined in evaluationCtx

      • getEnclosedPolicies

        Set<PrimaryPolicyMetadata> getEnclosedPolicies()
        Get metadata about the policies enclosed in the evaluated policy (including itself), i.e. whose actual content is enclosed inside the evaluated policy (as opposed to policy references).

        This allows to detect duplicates, i.e. when the same policy (ID and version) is re-used multiple times in the same enclosing policy.

        Returns:
        the set of enclosed policies, including itself. (May be empty if the policy corresponds to a XACML Policy (no child Policy(Set)s, but never null );

      • getPolicyRefsMetadata

        Optional<PolicyRefsMetadata> getPolicyRefsMetadata​(EvaluationContext evaluationCtx)
                                            throws IndeterminateEvaluationException
        Get metadata about the child policy references of the evaluated policy, present iff there is any (e.g. no the case for a XACML Policy element). These metadata may depend on the evaluation context in case of a Policy(Set)IdReference evaluator when using dynamic aka context-dependent PolicyProvider that resolve policy references at evaluation time based on the context, especially if the policy reference does not specify the version or use non-literal version match rules (with wildcards).

        Implementations must still guarantee that the result - once computed in a given request context - remains constant over the lifetime of this request context. This is required for consistent evaluation. The result may only change from one request to the other. For that purpose, implementations may use EvaluationContext.putOther(String, Object) to cache the result in the request context and EvaluationContext.getOther(String) to retrieve it later.

        Parameters:
        evaluationCtx - request evaluation context
        Returns:
        child policy references metadata of the evaluated policy
        Throws:
        IndeterminateEvaluationException - if the metadata could not be determined in evaluationCtx