Interface PolicyEvaluator
-
- All Superinterfaces:
Decidable
- All Known Subinterfaces:
StaticPolicyEvaluator
,StaticTopLevelPolicyElementEvaluator
,TopLevelPolicyElementEvaluator
,VersionFixedPolicyEvaluator
public interface PolicyEvaluator extends Decidable
Policy evaluator interface, "Policy" referring to any XACML Policy* element: Policy(Set), Policy(Set)IdReference.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description DecisionResult
evaluate(EvaluationContext context, Optional<EvaluationContext> mdpContext, boolean skipTarget)
Same asDecidable.evaluate(EvaluationContext, Optional)
except Target evaluation may be skipped.Set<PrimaryPolicyMetadata>
getEnclosedPolicies()
Get metadata about the policies enclosed in the evaluated policy (including itself), i.e.TopLevelPolicyElementType
getPolicyElementType()
Get type of evaluated policy element (either XACML Policy or XACML PolicySet)String
getPolicyId()
Get policy ID, e.g.Optional<PolicyRefsMetadata>
getPolicyRefsMetadata(EvaluationContext evaluationCtx, Optional<EvaluationContext> mdpContext)
Get metadata about the child policy references of the evaluated policy, present iff there is any (e.g.PolicyVersion
getPolicyVersion(EvaluationContext evaluationCtx, Optional<EvaluationContext> mdpContext)
Get policy version, e.g.boolean
isApplicableByTarget(EvaluationContext context, Optional<EvaluationContext> mdpContext)
"isApplicable()" as defined by Only-one-applicable algorithm (section C.9), i.e.
-
-
-
Method Detail
-
isApplicableByTarget
boolean isApplicableByTarget(EvaluationContext context, Optional<EvaluationContext> mdpContext) throws IndeterminateEvaluationException
"isApplicable()" as defined by Only-one-applicable algorithm (section C.9), i.e. applicable by virtue of its target, i.e. the target matches the context.Decidable.evaluate(EvaluationContext, Optional)
already checks first if the policy Target matches, therefore you may call this method only if you want to check whether the policy is applicable by virtue of its Target. If you want to evaluate the policy, callDecidable.evaluate(EvaluationContext, Optional)
right away. To be used by Only-one-applicable algorithm in particular.- Parameters:
context
- Individual Decision evaluation context to matchmdpContext
- the context of the Multiple Decision request that thecontext
belongs to if the Multiple Decision Profile is used.- Returns:
- whether it is applicable
- Throws:
IndeterminateEvaluationException
- if Target evaluation in this context is "Indeterminate"
-
evaluate
DecisionResult evaluate(EvaluationContext context, Optional<EvaluationContext> mdpContext, boolean skipTarget)
Same asDecidable.evaluate(EvaluationContext, Optional)
except Target evaluation may be skipped. To be used by Only-one-applicable algorithm withskipTarget
=true, after callingisApplicableByTarget(EvaluationContext, Optional)
in particular.- Parameters:
context
- Individual Decision evaluation contextmdpContext
- the context of the Multiple Decision request that thecontext
belongs to if the Multiple Decision Profile is used.skipTarget
- whether to evaluate the Target. If false, this must be equivalent toDecidable.evaluate(EvaluationContext, Optional)
- Returns:
- decision result
-
getPolicyElementType
TopLevelPolicyElementType getPolicyElementType()
Get type of evaluated policy element (either XACML Policy or XACML PolicySet)- Returns:
- evaluated policy element type
-
getPolicyId
String getPolicyId()
Get policy ID, e.g. for auditing- Returns:
- evaluated Policy(Set)Id
-
getPolicyVersion
PolicyVersion getPolicyVersion(EvaluationContext evaluationCtx, Optional<EvaluationContext> mdpContext) throws IndeterminateEvaluationException
Get policy version, e.g. for auditing. This may depend on the evaluation context in case of a Policy(Set)IdReference evaluator when using dynamic aka context-dependentPolicyProvider
that resolve policy references at evaluation time based on the context, especially if the policy reference does not specify the version or use non-literal version match rules (with wildcards).Implementations must still guarantee that the result - once computed in a given request context - remains constant over the lifetime of this request context. This is required for consistent evaluation. The result may only change from one request to the other. For that purpose, implementations may use
EvaluationContext.putOther(String, Object)
to cache the result in the request context andEvaluationContext.getOther(String)
to retrieve it later.- Parameters:
evaluationCtx
- Individual Decision request evaluation contextmdpContext
- the context of the Multiple Decision request that thecontext
belongs to if the Multiple Decision Profile is used.- Returns:
- extra metadata of the evaluated policy
- Throws:
IndeterminateEvaluationException
- if the policy version could not be determined inevaluationCtx
-
getEnclosedPolicies
Set<PrimaryPolicyMetadata> getEnclosedPolicies()
Get metadata about the policies enclosed in the evaluated policy (including itself), i.e. whose actual content is enclosed inside the evaluated policy (as opposed to policy references).This allows to detect duplicates, i.e. when the same policy (ID and version) is re-used multiple times in the same enclosing policy.
- Returns:
- the set of enclosed policies, including itself. (May be empty if the policy corresponds to a XACML Policy (no child Policy(Set)s, but never null );
-
getPolicyRefsMetadata
Optional<PolicyRefsMetadata> getPolicyRefsMetadata(EvaluationContext evaluationCtx, Optional<EvaluationContext> mdpContext) throws IndeterminateEvaluationException
Get metadata about the child policy references of the evaluated policy, present iff there is any (e.g. not the case for a XACML Policy element). These metadata may depend on the evaluation context in case of a Policy(Set)IdReference evaluator when using dynamic aka context-dependentPolicyProvider
that resolve policy references at evaluation time based on the context, especially if the policy reference does not specify the version or use non-literal version match rules (with wildcards).Implementations must still guarantee that the result - once computed in a given request context - remains constant over the lifetime of this request context. This is required for consistent evaluation. The result may only change from one request to the other. For that purpose, implementations may use
EvaluationContext.putOther(String, Object)
to cache the result in the request context andEvaluationContext.getOther(String)
to retrieve it later.- Parameters:
evaluationCtx
- Individual Decision request evaluation contextmdpContext
- the context of the Multiple Decision request that thecontext
belongs to if the Multiple Decision Profile is used.- Returns:
- child policy references metadata of the evaluated policy
- Throws:
IndeterminateEvaluationException
- if the metadata could not be determined inevaluationCtx
-
-