Class NonIssuedLikeIssuedLaxXacmlAttributeParser<INPUT_ATTRIBUTE>
- java.lang.Object
-
- org.ow2.authzforce.core.pdp.api.io.XacmlRequestAttributeParser<INPUT_ATTRIBUTE,MutableAttributeBag<?>>
-
- org.ow2.authzforce.core.pdp.api.io.NonIssuedLikeIssuedLaxXacmlAttributeParser<INPUT_ATTRIBUTE>
-
- Type Parameters:
INPUT_ATTRIBUTE
- type of raw input attribute object (not yet parsed into AuthzForce internal model), typically from original XACML Request, e.g. JAXB-annotated Attribute for XACML/XML request, or JSON object for XACML/JSON request
public final class NonIssuedLikeIssuedLaxXacmlAttributeParser<INPUT_ATTRIBUTE> extends XacmlRequestAttributeParser<INPUT_ATTRIBUTE,MutableAttributeBag<?>>
On the contrary toIssuedToNonIssuedCopyingLaxXacmlAttributeParser
, this XACML Attribute parser does not copy the values of Attributes having an Issuer to the corresponding Attributes without Issuer (same Category, AttributeId...) in the resulting attribute map. Therefore, it does not comply with what XACML 3.0, ยง5.29 says on <AttributeDesignator> evaluation. However, it is more performant. In this implementation, an Attribute with no Issuer is handled like an attribute with an Issuer, except the Issuer has the special value "null". Therefore, an AttributeDesignator with "null" Issuer (undefined) will still match any attribute in the request with "null" Issuer (but not any other Attribute with same AttributeId but a defined/non-null Issuer, for which a different AttributeDesignator with a defined Issuer must be used).
-
-
Constructor Summary
Constructors Constructor Description NonIssuedLikeIssuedLaxXacmlAttributeParser(NamedXacmlAttributeParser<INPUT_ATTRIBUTE> namedAttributeParser)
Creates instance of XACML Attribute Parser
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected boolean
copyIssuedAttributeValuesToNonIssued(AttributeFqn attributeFQN)
Decide whether to copy values of attributes with Issuer to attributes with same category and ID but null Issuervoid
parseNamedAttribute(String attributeCategoryId, INPUT_ATTRIBUTE inputXacmlAttribute, net.sf.saxon.s9api.XPathCompiler xPathCompiler, Map<AttributeFqn,MutableAttributeBag<?>> attributeMap)
Parse a given named attribute.-
Methods inherited from class org.ow2.authzforce.core.pdp.api.io.XacmlRequestAttributeParser
parseNamedAttribute, validateResourceScope
-
-
-
-
Constructor Detail
-
NonIssuedLikeIssuedLaxXacmlAttributeParser
public NonIssuedLikeIssuedLaxXacmlAttributeParser(NamedXacmlAttributeParser<INPUT_ATTRIBUTE> namedAttributeParser) throws IllegalArgumentException
Creates instance of XACML Attribute Parser- Parameters:
namedAttributeParser
- low-level parser for named attributes of typeINPUT_ATTRIBUTE
- Throws:
IllegalArgumentException
- iffnamedAttributeParser == null
-
-
Method Detail
-
copyIssuedAttributeValuesToNonIssued
protected boolean copyIssuedAttributeValuesToNonIssued(AttributeFqn attributeFQN)
Decide whether to copy values of attributes with Issuer to attributes with same category and ID but null Issuer- Returns:
- true iff the caller is required to make the copy
-
parseNamedAttribute
public final void parseNamedAttribute(String attributeCategoryId, INPUT_ATTRIBUTE inputXacmlAttribute, net.sf.saxon.s9api.XPathCompiler xPathCompiler, Map<AttributeFqn,MutableAttributeBag<?>> attributeMap) throws IllegalArgumentException
Description copied from class:XacmlRequestAttributeParser
Parse a given named attribute.- Specified by:
parseNamedAttribute
in classXacmlRequestAttributeParser<INPUT_ATTRIBUTE,MutableAttributeBag<?>>
- Parameters:
attributeCategoryId
- attribute category IDinputXacmlAttribute
- input attribute object (not yet parsed into AuthzForce internal model), typically from original XACML requestxPathCompiler
- XPath compiler for compiling/evaluating XPath expressions in values, such as XACML xpathExpressionsattributeMap
- request attribute map to be updated by the result of parsinginputXacmlAttribute
- Throws:
IllegalArgumentException
- if parsing of theinputXacmlAttribute
failed because of invalid syntax, e.g. invalid datatype or mixing different datatypes
-
-