Package org.ow2.authzforce.core.pdp.api
Class BaseEvaluationContext
- java.lang.Object
-
- org.ow2.authzforce.core.pdp.api.BaseEvaluationContext
-
- All Implemented Interfaces:
EvaluationContext
public abstract class BaseEvaluationContext extends Object implements EvaluationContext
A basic partial implementation ofEvaluationContext
associated to an XACML Request (abstract in a sense that is not XML or JSON (or other format) specific).- Version:
- $Id: $
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.ow2.authzforce.core.pdp.api.EvaluationContext
EvaluationContext.Listener
-
-
Field Summary
Fields Modifier and Type Field Description protected com.google.common.collect.ClassToInstanceMap<EvaluationContext.Listener>
listeners
-
Constructor Summary
Constructors Modifier Constructor Description protected
BaseEvaluationContext(Map<AttributeFqn,AttributeBag<?>> namedAttributeMap, boolean returnApplicablePolicyIdList, Optional<Instant> requestTimestamp)
Constructs a newIndividualDecisionRequestContext
based on the given request attributes and extra contents with support for XPath evaluation against Content element in Attributes
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
containsKey(String key)
Check whether custom property is in the contextInstant
getCreationTimestamp()
Returns the date/time when this evaluation context was created.<L extends EvaluationContext.Listener>
LgetListener(Class<L> listenerType)
Returns the listener the specified class is mapped to.Iterator<Map.Entry<AttributeFqn,AttributeBag<?>>>
getNamedAttributes()
Get immutable iterator over the context attributes.<AV extends AttributeValue>
AttributeBag<AV>getNamedAttributeValue(AttributeFqn attributeFqn, Datatype<AV> datatype)
Returns the value of a named attribute available in the request context.Object
getOther(String key)
Get custom propertycom.google.common.collect.ImmutableList<Map.Entry<VariableReference<?>,Value>>
getVariables()
Get snapshot of all Variable values in this context<V extends Value>
VgetVariableValue(String variableId, Datatype<V> expectedDatatype)
Get value of a VariableDefinition's expression evaluated in this context and whose value has been cached withEvaluationContext.putVariableIfAbsent(VariableReference, Value)
.boolean
isApplicablePolicyIdListRequested()
Equivalent of XACML Request ReturnPolicyIdList attribute.<L extends EvaluationContext.Listener>
LputListener(Class<L> listenerType, L listener)
Registers a listener on this evaluation contextboolean
putNamedAttributeValue(AttributeFqn attributeFqn, AttributeBag<?> result, boolean override)
Put Attribute values in the context, only if the attribute is not already known to this context.void
putOther(String key, Object val)
Puts custom property in the contextboolean
putVariableIfAbsent(VariableReference<?> variableRef, Value value)
Caches the value of a VariableDefinition's expression evaluated in this context only if variable is not already set in this context, for later retrieval byEvaluationContext.getVariableValue(String, Datatype)
when evaluating ValueReferences to the same VariableId.Object
remove(String key)
Removes custom property from the contextMap.Entry<VariableReference<?>,Value>
removeVariable(String variableId)
Removes a variable (defined by VariableDefinition) from this context.-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.ow2.authzforce.core.pdp.api.EvaluationContext
getAttributesContent, getAttributeSelectorResult, putAttributeSelectorResultIfAbsent
-
-
-
-
Field Detail
-
listeners
protected final com.google.common.collect.ClassToInstanceMap<EvaluationContext.Listener> listeners
-
-
Constructor Detail
-
BaseEvaluationContext
protected BaseEvaluationContext(Map<AttributeFqn,AttributeBag<?>> namedAttributeMap, boolean returnApplicablePolicyIdList, Optional<Instant> requestTimestamp)
Constructs a newIndividualDecisionRequestContext
based on the given request attributes and extra contents with support for XPath evaluation against Content element in Attributes- Parameters:
namedAttributeMap
- updatable named attribute map (attribute key and value pairs) from the original Request; null iff none. An attribute key is a global ID based on attribute category,issuer,id. An attribute value is a bag of primitive values.returnApplicablePolicyIdList
- true iff list of IDs of policies matched during evaluation must be returned
-
-
Method Detail
-
getCreationTimestamp
public final Instant getCreationTimestamp()
Description copied from interface:EvaluationContext
Returns the date/time when this evaluation context was created. May be used to set one of XACML current-* attributes.- Specified by:
getCreationTimestamp
in interfaceEvaluationContext
- Returns:
- the context creation timestamp
-
getNamedAttributeValue
public final <AV extends AttributeValue> AttributeBag<AV> getNamedAttributeValue(AttributeFqn attributeFqn, Datatype<AV> datatype) throws IndeterminateEvaluationException
Returns the value of a named attribute available in the request context. Used to evaluateAttributeDesignatorExpression
, ContextSelectorId ofAttributeSelectorExpression
, or to get values of attributes on whichNamedAttributeProvider
s depends to resolve their own attributes (e.g. some module may need attribute X, such as a subject ID, as input to resolve attribute Y from an external source, such as subject role from a user database).- Specified by:
getNamedAttributeValue
in interfaceEvaluationContext
- Parameters:
attributeFqn
- attribute GUID (global ID = Category,Issuer,AttributeId)datatype
- attribute value datatype- Returns:
- attribute value(s), null iff attribute unknown (not set) in this context, empty if attribute known in this context but no value
- Throws:
IndeterminateEvaluationException
- if error occurred trying to determine the attribute value(s) in context. This is different from finding without error that the attribute is not in the context (and/or no value), e.g. if there is a result but type is different fromattributeDatatype
.
-
putNamedAttributeValue
public final boolean putNamedAttributeValue(AttributeFqn attributeFqn, AttributeBag<?> result, boolean override)
Description copied from interface:EvaluationContext
Put Attribute values in the context, only if the attribute is not already known to this context. Indeed, an attribute value cannot be overridden once it is set in the context to comply with 7.3.5 Attribute retrieval: "Regardless of any dynamic modifications of the request context during policy evaluation, the PDP SHALL behave as if each bag of attribute values is fully populated in the context before it is first tested, and is thereafter immutable during evaluation." Therefore,EvaluationContext.getNamedAttributeValue(AttributeFqn, Datatype)
should be called always before calling this, for the sameattributeFQN
- Specified by:
putNamedAttributeValue
in interfaceEvaluationContext
- Parameters:
attributeFqn
- attribute's global IDresult
- attribute valuesoverride
- if and only if true, override the existing value if there is any (e.g. current-date/time attribute provider may be allowed to override any value from the request context)- Returns:
- false iff there is already a matching value in this context
-
getVariableValue
public final <V extends Value> V getVariableValue(String variableId, Datatype<V> expectedDatatype) throws IndeterminateEvaluationException
Get value of a VariableDefinition's expression evaluated in this context and whose value has been cached withEvaluationContext.putVariableIfAbsent(VariableReference, Value)
. To be used when evaluating VariableReferences.- Specified by:
getVariableValue
in interfaceEvaluationContext
- Parameters:
variableId
- identifies the VariableDefinitionexpectedDatatype
- datatype- Returns:
- value of the evaluated VariableDefinition's expression, or null if not evaluated (yet) in this context
- Throws:
IndeterminateEvaluationException
- if actual datatype of variable value in context does not match expecteddatatype
-
getVariables
public final com.google.common.collect.ImmutableList<Map.Entry<VariableReference<?>,Value>> getVariables()
Description copied from interface:EvaluationContext
Get snapshot of all Variable values in this context- Specified by:
getVariables
in interfaceEvaluationContext
- Returns:
- Variable values in this context
-
putVariableIfAbsent
public final boolean putVariableIfAbsent(VariableReference<?> variableRef, Value value)
Caches the value of a VariableDefinition's expression evaluated in this context only if variable is not already set in this context, for later retrieval byEvaluationContext.getVariableValue(String, Datatype)
when evaluating ValueReferences to the same VariableId.The variable is set only if it was absent from context. In other words, this method does/must not allow setting the same variable twice. The reason is compliance with XACML spec 7.8 VariableReference evaluation: "the value of an Expression element remains the same for the entire policy evaluation."
- Specified by:
putVariableIfAbsent
in interfaceEvaluationContext
- Parameters:
variableRef
- references the VariableDefinitionvalue
- value of the VariableDefinition's expression evaluated in this context- Returns:
- false iff there is already a value for this variable in context (this operation could NOT succeed).
-
removeVariable
public final Map.Entry<VariableReference<?>,Value> removeVariable(String variableId)
Removes a variable (defined by VariableDefinition) from this context.- Specified by:
removeVariable
in interfaceEvaluationContext
- Parameters:
variableId
- identifies the Variable to remove- Returns:
- the value of the variable before removal, or null if there was no such variable set in this context.
-
getOther
public final Object getOther(String key)
Get custom property- Specified by:
getOther
in interfaceEvaluationContext
- Parameters:
key
- property key- Returns:
- property
- See Also:
Map.get(Object)
-
containsKey
public final boolean containsKey(String key)
Check whether custom property is in the context- Specified by:
containsKey
in interfaceEvaluationContext
- Parameters:
key
- property key- Returns:
- true if and only if key exists in updatable property keys
- See Also:
Map.containsKey(Object)
-
putOther
public final void putOther(String key, Object val)
Puts custom property in the context- Specified by:
putOther
in interfaceEvaluationContext
- Parameters:
key
- property keyval
- property value- See Also:
Map.put(Object, Object)
-
remove
public final Object remove(String key)
Removes custom property from the context- Specified by:
remove
in interfaceEvaluationContext
- Parameters:
key
- property key- Returns:
- the previous value associated with key, or null if there was no mapping for key.
- See Also:
Map.remove(Object)
-
getNamedAttributes
public final Iterator<Map.Entry<AttributeFqn,AttributeBag<?>>> getNamedAttributes()
Get immutable iterator over the context attributes. DO NOT ever use this method to retrieve one or more specific attributes, in which case you must useEvaluationContext.getNamedAttributeValue(AttributeFqn, Datatype)
instead. This is only for iterating over all the attributes, e.g. for debugging/auditing.- Specified by:
getNamedAttributes
in interfaceEvaluationContext
- Returns:
- context attributes iterator (implementations must guarantee that the iterator is immutable, i.e. does not allow changing the internal context)
-
isApplicablePolicyIdListRequested
public final boolean isApplicablePolicyIdListRequested()
Description copied from interface:EvaluationContext
Equivalent of XACML Request ReturnPolicyIdList attribute. XACML ยง5.4.2: "This attribute is used to request that the PDP return a list of all fully applicable policies and policy sets which were used in the decision as a part of the decision response." For a more precise definition of "applicable" in this context, seeDecisionResult.getApplicablePolicies()
.- Specified by:
isApplicablePolicyIdListRequested
in interfaceEvaluationContext
- Returns:
- true iff original XACML Request's ReturnPolicyIdList=true
-
putListener
public final <L extends EvaluationContext.Listener> L putListener(Class<L> listenerType, L listener)
Description copied from interface:EvaluationContext
Registers a listener on this evaluation context- Specified by:
putListener
in interfaceEvaluationContext
- Parameters:
listenerType
- listener type used as key for retrieving the listener withEvaluationContext.getListener(Class)
listener
- the new listener to be registered- Returns:
- the listener previously associated with this class (possibly null), or null if there was no previous entry.
-
getListener
public final <L extends EvaluationContext.Listener> L getListener(Class<L> listenerType)
Description copied from interface:EvaluationContext
Returns the listener the specified class is mapped to. This will only return a value that was bound to this specific class, not a value that may have been bound to a subtype.- Specified by:
getListener
in interfaceEvaluationContext
- Parameters:
listenerType
- listener type, used as key to retrieve the listener registered with this type withEvaluationContext.putListener(Class, Listener)
- Returns:
- the listener associated with this class, or null if no entry for this class is present
-
-