Package org.ow2.authzforce.core.pdp.api
Interface PdpEngine
-
- All Known Subinterfaces:
CloseablePdpEngine
public interface PdpEngine
This is the interface for the Authorization PDP engines, providing the starting point for decision request evaluation, independent of data representation/serialization formats.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description <INDIVIDUAL_DECISION_REQ_T extends DecisionRequest>
Collection<Map.Entry<INDIVIDUAL_DECISION_REQ_T,? extends DecisionResult>>evaluate(List<INDIVIDUAL_DECISION_REQ_T> requests, EvaluationContext mdpContext)
Generic API (serialization-format-agnostic) for evaluating multiple individual decision requests (see Multiple Decision Profile of XACML for the concept of "Individual Decision Request"), i.e.DecisionResult
evaluate(DecisionRequest request)
Generic API (serialization-format-agnostic) for evaluating an individual decision request (see Multiple Decision Profile of XACML for the concept of "Individual Decision Request").Iterable<PrimaryPolicyMetadata>
getApplicablePolicies()
Get the PDP engine's root policy and policies referenced - directly or indirectly - from the root policy, independent of the evaluation context, i.e.DecisionRequestBuilder<?>
newRequestBuilder(int expectedNumOfAttributeCategories, int expectedTotalNumOfAttributes)
Gets the PDP-engine-specific individual decision request builder.
-
-
-
Method Detail
-
newRequestBuilder
DecisionRequestBuilder<?> newRequestBuilder(int expectedNumOfAttributeCategories, int expectedTotalNumOfAttributes)
Gets the PDP-engine-specific individual decision request builder.- Parameters:
expectedNumOfAttributeCategories
- expected number of attribute categories in the request. This helps the implementation to allocate the right amount of memory and limit memory waste. Use negative value if unknown.expectedTotalNumOfAttributes
- expected total number of attributes (over all categories). This helps the implementation to allocate the right amount of memory and limit memory waste. Use negative value if unknown.- Returns:
- implementation-specific request builder. May not be thread-safe.
-
evaluate
DecisionResult evaluate(DecisionRequest request)
Generic API (serialization-format-agnostic) for evaluating an individual decision request (see Multiple Decision Profile of XACML for the concept of "Individual Decision Request").This method DOES NOT use any
DecisionRequestPreprocessor
or anyDecisionResultPostprocessor
. (Only based on core PDP engine.)This method does not throw any exception but may still return an Indeterminate result if an error occurred. Therefore, clients should check whether
== DecisionType#INDETERMINATE
, in which case they can get more error info fromExtendedDecision.getCauseForIndeterminate()
).- Parameters:
request
- Individual Decision Request, as defined in the XACML Multiple Decision Profile (also mentioned in the Hierarchical Resource Profile)- Returns:
- decision result.
-
evaluate
<INDIVIDUAL_DECISION_REQ_T extends DecisionRequest> Collection<Map.Entry<INDIVIDUAL_DECISION_REQ_T,? extends DecisionResult>> evaluate(List<INDIVIDUAL_DECISION_REQ_T> requests, EvaluationContext mdpContext) throws IndeterminateEvaluationException
Generic API (serialization-format-agnostic) for evaluating multiple individual decision requests (see Multiple Decision Profile of XACML for the concept of "Individual Decision Request"), i.e. as part of the same context. As a result, if any attribute is set by the PDP itself, e.g. the XACML standard environment attributes (current-date/current-time/current-date-time), it MUST have the same values for all input requests.This method DOES NOT use any
DecisionRequestPreprocessor
or anyDecisionResultPostprocessor
. (Only based on core PDP engine.)If the PDP uses any remote cache/database service, it should send all decision requests in the same service request and get all existing cache results in the service response, for performance reasons.
- Parameters:
requests
- Individual Decision Requests (see Multiple Decision Profile of XACML for the concept of "Individual Decision Request")mdpContext
- the context of the Multiple Decision request that therequests
belong to, i.e. may be used to reuse common variables/attributes to all its individual decision requests. for any request in {code requests},request.getCreationTimestamp()
must matchmdpContext.getCreationTimestamp()
- Returns:
- decision request-result pairs
- Throws:
IndeterminateEvaluationException
- error occurred preventing any request evaluation. (This error is not specific to a particular decision request. Such request-specific error results in an Indeterminate decision result with error cause available viaExtendedDecision.getCauseForIndeterminate()
)
-
getApplicablePolicies
Iterable<PrimaryPolicyMetadata> getApplicablePolicies()
Get the PDP engine's root policy and policies referenced - directly or indirectly - from the root policy, independent of the evaluation context, i.e. assuming all are statically resolved- Returns:
- the root - always in first position - and referenced policies; null if any of these policies is not statically resolved (once and for all)
-
-