Package org.ow2.authzforce.core.pdp.api

Class BaseEvaluationContext

  • All Implemented Interfaces:
    EvaluationContext
    public abstract class BaseEvaluationContext
extends Object
implements EvaluationContext
    A basic partial implementation of EvaluationContext associated to an XACML Request (abstract in a sense that is not XML or JSON (or other format) specific).
    Version:
    $Id: $

    • Constructor Detail

      • BaseEvaluationContext

        protected BaseEvaluationContext​(Map<AttributeFqn,​AttributeBag<?>> namedAttributeMap,
                                boolean returnApplicablePolicyIdList,
                                Optional<Instant> requestTimestamp)
        Constructs a new IndividualDecisionRequestContext based on the given request attributes and extra contents with support for XPath evaluation against Content element in Attributes
        Parameters:
        namedAttributeMap - updatable named attribute map (attribute key and value pairs) from the original Request; null iff none. An attribute key is a global ID based on attribute category,issuer,id. An attribute value is a bag of primitive values.
        returnApplicablePolicyIdList - true iff list of IDs of policies matched during evaluation must be returned

    • Method Detail

      • getCreationTimestamp

        public final Instant getCreationTimestamp()
        Description copied from interface: EvaluationContext
        Returns the date/time when this evaluation context was created. May be used to set one of XACML current-* attributes.
        Specified by:
        getCreationTimestamp in interface EvaluationContext
        Returns:
        the context creation timestamp

      • getNamedAttributeValue

        public final <AV extends AttributeValueAttributeBag<AV> getNamedAttributeValue​(AttributeFqn attributeFqn,
                                                                                 Datatype<AV> datatype)
                                                                          throws IndeterminateEvaluationException
        Returns the value of a named attribute available in the request context. Used to evaluate AttributeDesignatorExpression, ContextSelectorId of AttributeSelectorExpression, or to get values of attributes on which NamedAttributeProviders depends to resolve their own attributes (e.g. some module may need attribute X, such as a subject ID, as input to resolve attribute Y from an external source, such as subject role from a user database).
        Specified by:
        getNamedAttributeValue in interface EvaluationContext
        Parameters:
        attributeFqn - attribute GUID (global ID = Category,Issuer,AttributeId)
        datatype - attribute value datatype
        Returns:
        attribute value(s), null iff attribute unknown (not set) in this context, empty if attribute known in this context but no value
        Throws:
        IndeterminateEvaluationException - if error occurred trying to determine the attribute value(s) in context. This is different from finding without error that the attribute is not in the context (and/or no value), e.g. if there is a result but type is different from attributeDatatype.

      • putNamedAttributeValue

        public final boolean putNamedAttributeValue​(AttributeFqn attributeFqn,
                                            AttributeBag<?> result,
                                            boolean override)
        Description copied from interface: EvaluationContext
        Put Attribute values in the context, only if the attribute is not already known to this context. Indeed, an attribute value cannot be overridden once it is set in the context to comply with 7.3.5 Attribute retrieval: "Regardless of any dynamic modifications of the request context during policy evaluation, the PDP SHALL behave as if each bag of attribute values is fully populated in the context before it is first tested, and is thereafter immutable during evaluation." Therefore, EvaluationContext.getNamedAttributeValue(AttributeFqn, Datatype) should be called always before calling this, for the same attributeFQN
        Specified by:
        putNamedAttributeValue in interface EvaluationContext
        Parameters:
        attributeFqn - attribute's global ID
        result - attribute values
        override - if and only if true, override the existing value if there is any (e.g. current-date/time attribute provider may be allowed to override any value from the request context)
        Returns:
        false iff there is already a matching value in this context

      • putVariableIfAbsent

        public final boolean putVariableIfAbsent​(String variableId,
                                         Value value)
        Caches the value of a VariableDefinition's expression evaluated in this context only if variable is not already set in this context, for later retrieval by EvaluationContext.getVariableValue(String, Datatype) when evaluating ValueReferences to the same VariableId.

        The variable is set only if it was absent from context. In other words, this method does/must not allow setting the same variable twice. The reason is compliance with XACML spec 7.8 VariableReference evaluation: "the value of an Expression element remains the same for the entire policy evaluation."

        Specified by:
        putVariableIfAbsent in interface EvaluationContext
        Parameters:
        variableId - identifies the VariableDefinition
        value - value of the VariableDefinition's expression evaluated in this context
        Returns:
        false iff there is already a value for this variable in context (this operation could NOT succeed).

      • removeVariable

        public final Value removeVariable​(String variableId)
        Removes a variable (defined by VariableDefinition) from this context.
        Specified by:
        removeVariable in interface EvaluationContext
        Parameters:
        variableId - identifies the Variable to remove
        Returns:
        the value of the variable before removal, or null if there was no such variable set in this context.

      • containsKey

        public final boolean containsKey​(String key)
        Check whether custom property is in the context
        Specified by:
        containsKey in interface EvaluationContext
        Parameters:
        key - property key
        Returns:
        true if and only if key exists in updatable property keys
        See Also:
        Map.containsKey(Object)

      • remove

        public final Object remove​(String key)
        Removes custom property from the context
        Specified by:
        remove in interface EvaluationContext
        Parameters:
        key - property key
        Returns:
        the previous value associated with key, or null if there was no mapping for key.
        See Also:
        Map.remove(Object)

      • isApplicablePolicyIdListRequested

        public final boolean isApplicablePolicyIdListRequested()
        Description copied from interface: EvaluationContext
        Equivalent of XACML Request ReturnPolicyIdList attribute. XACML ยง5.4.2: "This attribute is used to request that the PDP return a list of all fully applicable policies and policy sets which were used in the decision as a part of the decision response." For a more precise definition of "applicable" in this context, see DecisionResult.getApplicablePolicies().
        Specified by:
        isApplicablePolicyIdListRequested in interface EvaluationContext
        Returns:
        true iff original XACML Request's ReturnPolicyIdList=true

      • putListener

        public final <L extends EvaluationContext.Listener> L putListener​(Class<L> listenerType,
                                                                  L listener)
        Description copied from interface: EvaluationContext
        Registers a listener on this evaluation context
        Specified by:
        putListener in interface EvaluationContext
        Parameters:
        listenerType - listener type used as key for retrieving the listener with EvaluationContext.getListener(Class)
        listener - the new listener to be registered
        Returns:
        the listener previously associated with this class (possibly null), or null if there was no previous entry.

      • getListener

        public final <L extends EvaluationContext.Listener> L getListener​(Class<L> listenerType)
        Description copied from interface: EvaluationContext
        Returns the listener the specified class is mapped to. This will only return a value that was bound to this specific class, not a value that may have been bound to a subtype.
        Specified by:
        getListener in interface EvaluationContext
        Parameters:
        listenerType - listener type, used as key to retrieve the listener registered with this type with EvaluationContext.putListener(Class, Listener)
        Returns:
        the listener associated with this class, or null if no entry for this class is present