Package org.ow2.authzforce.core.pdp.api.io

Class XacmlRequestAttributeParser<INPUT_ATTRIBUTE,​BAG extends Iterable<? extends AttributeValue>>

  • Type Parameters:
    INPUT_ATTRIBUTE - type of attribute object from input XACML Request, e.g. JAXB-annotated Attribute for XACML/XML request or JSON object for XACML/JSON request
    BAG - type of attribute value bag resulting from parsing the AttributeValues
    Direct Known Subclasses:
    IssuedToNonIssuedCopyingLaxXacmlAttributeParser, NonIssuedLikeIssuedLaxXacmlAttributeParser, NonIssuedLikeIssuedStrictXacmlAttributeParser
    public abstract class XacmlRequestAttributeParser<INPUT_ATTRIBUTE,​BAG extends Iterable<? extends AttributeValue>>
extends Object
    XACML Request Attribute parser that is aware of all named attributes parsed in the request. This kind of parser has side effects as it modifies/updates a map of attributes that can be passed to the parser from one call to another, for parsing a whole set of request attributes.

    • Method Detail

      • validateResourceScope

        protected static void validateResourceScope​(AttributeFqn attributeFQN,
                                            Iterable<? extends AttributeValue> attributeValues)
                                     throws IllegalArgumentException
        Validates the 'scope' attribute as defined in Multiple Decision Profile (§2.1 and §5)
        Parameters:
        attributeFQN - attribute name
        attributeValues - attribute values
        Throws:
        IllegalArgumentException - if the values are not actually the singleton string "Immediate" (other values are not supported)

      • parseNamedAttribute

        protected final NamedXacmlAttributeParsingResult<?> parseNamedAttribute​(String attributeCategoryId,
                                                                        INPUT_ATTRIBUTE inputXacmlAttribute,
                                                                        net.sf.saxon.s9api.XPathCompiler xPathCompiler)
                                                                 throws IllegalArgumentException
        Parse a given named attribute alone.
        Parameters:
        inputXacmlAttribute - input attribute object (not yet parsed into AuthzForce internal model), typically from original XACML request
        xPathCompiler - XPath compiler for compiling/evaluating XPath expressions in values, such as XACML xpathExpressions
        Throws:
        IllegalArgumentException - if parsing of the inputXacmlAttribute failed because of invalid syntax, e.g. invalid datatype or mixing different datatypes

      • parseNamedAttribute

        public abstract void parseNamedAttribute​(String attributeCategoryId,
                                         INPUT_ATTRIBUTE inputXacmlAttribute,
                                         net.sf.saxon.s9api.XPathCompiler xPathCompiler,
                                         Map<AttributeFqn,​BAG> attributeMap)
                                  throws IllegalArgumentException
        Parse a given named attribute.
        Parameters:
        attributeCategoryId - attribute category ID
        attributeMap - request attribute map to be updated by the result of parsing inputXacmlAttribute
        inputXacmlAttribute - input attribute object (not yet parsed into AuthzForce internal model), typically from original XACML request
        xPathCompiler - XPath compiler for compiling/evaluating XPath expressions in values, such as XACML xpathExpressions
        Throws:
        IllegalArgumentException - if parsing of the inputXacmlAttribute failed because of invalid syntax, e.g. invalid datatype or mixing different datatypes