Class MultipleDecisionXacmlJsonRequestPreprocessor
- java.lang.Object
-
- org.ow2.authzforce.core.pdp.io.xacml.json.BaseXacmlJsonRequestPreprocessor
-
- org.ow2.authzforce.core.pdp.io.xacml.json.MultipleDecisionXacmlJsonRequestPreprocessor
-
- All Implemented Interfaces:
org.ow2.authzforce.core.pdp.api.DecisionRequestPreprocessor<org.json.JSONObject,IndividualXacmlJsonRequest>
public final class MultipleDecisionXacmlJsonRequestPreprocessor extends BaseXacmlJsonRequestPreprocessor
XACML/JSON - according to XACML JSON Profile - Request preprocessor implementing Multiple Decision Profile, section 2.3 (repeated attribute categories). Other schemes are not supported.- Version:
- $Id: $
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
MultipleDecisionXacmlJsonRequestPreprocessor.LaxVariantFactory
Factory for this type of request preprocessor that allows duplicate <Attribute> with same meta-data in the same <Attributes> element of a Request (complying with XACML 3.0 core spec, §7.3.3) but using JSON-Profile-defined format.static class
MultipleDecisionXacmlJsonRequestPreprocessor.StrictVariantFactory
Factory for this type of request preprocessor that does NOT allow duplicate <Attribute> with same meta-data in the same <Attributes> element of a Request (NOT complying fully with XACML 3.0 core spec, §7.3.3) but using JSON-Profile-defined format.-
Nested classes/interfaces inherited from class org.ow2.authzforce.core.pdp.io.xacml.json.BaseXacmlJsonRequestPreprocessor
BaseXacmlJsonRequestPreprocessor.Factory
-
-
Field Summary
-
Fields inherited from class org.ow2.authzforce.core.pdp.io.xacml.json.BaseXacmlJsonRequestPreprocessor
UNSUPPORTED_MULTI_REQUESTS_EXCEPTION
-
-
Constructor Summary
Constructors Constructor Description MultipleDecisionXacmlJsonRequestPreprocessor(org.ow2.authzforce.core.pdp.api.value.AttributeValueFactoryRegistry datatypeFactoryRegistry, boolean strictAttributeIssuerMatch, boolean allowAttributeDuplicates, boolean requireContentForXPath, Set<String> extraPdpFeatures)
Creates instance of default request preprocessor
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description List<IndividualXacmlJsonRequest>
process(org.json.JSONArray jsonArrayOfRequestAttributeCategoryObjects, org.ow2.authzforce.core.pdp.api.io.SingleCategoryXacmlAttributesParser<org.json.JSONObject> xacmlAttrsParser, boolean isApplicablePolicyIdListReturned, boolean combinedDecision, net.sf.saxon.s9api.XPathCompiler xPathCompiler, Map<String,String> namespaceURIsByPrefix)
Pre-processes (validates and/or transforms) a Request, may result in multiple individual decision requests, e.g.-
Methods inherited from class org.ow2.authzforce.core.pdp.io.xacml.json.BaseXacmlJsonRequestPreprocessor
getInputRequestType, getOutputRequestType, process
-
-
-
-
Constructor Detail
-
MultipleDecisionXacmlJsonRequestPreprocessor
public MultipleDecisionXacmlJsonRequestPreprocessor(org.ow2.authzforce.core.pdp.api.value.AttributeValueFactoryRegistry datatypeFactoryRegistry, boolean strictAttributeIssuerMatch, boolean allowAttributeDuplicates, boolean requireContentForXPath, Set<String> extraPdpFeatures)
Creates instance of default request preprocessor- Parameters:
datatypeFactoryRegistry
- attribute datatype registrystrictAttributeIssuerMatch
- true iff strict attribute Issuer match must be enforced (in particular request attributes with empty Issuer only match corresponding AttributeDesignators with empty Issuer)allowAttributeDuplicates
- true iff duplicate Attribute (with same metadata) elements in Request (for multi-valued attributes) must be allowedrequireContentForXPath
- true iff Content elements must be parsed, else ignoredextraPdpFeatures
- extra - not mandatory per XACML 3.0 core specification - features supported by the PDP engine. This preprocessor checks whether it is supported by the PDP before processing the request further.
-
-
Method Detail
-
process
public List<IndividualXacmlJsonRequest> process(org.json.JSONArray jsonArrayOfRequestAttributeCategoryObjects, org.ow2.authzforce.core.pdp.api.io.SingleCategoryXacmlAttributesParser<org.json.JSONObject> xacmlAttrsParser, boolean isApplicablePolicyIdListReturned, boolean combinedDecision, net.sf.saxon.s9api.XPathCompiler xPathCompiler, Map<String,String> namespaceURIsByPrefix) throws org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException
Description copied from class:BaseXacmlJsonRequestPreprocessor
Pre-processes (validates and/or transforms) a Request, may result in multiple individual decision requests, e.g. if implementing the Multiple Decision Profile or Hierarchical Resource profile- Specified by:
process
in classBaseXacmlJsonRequestPreprocessor
- Parameters:
jsonArrayOfRequestAttributeCategoryObjects
- array of XACML JSON Category objects, null if nonexacmlAttrsParser
- XACML Attributes element Parser instance, used to parse each Attributes inattributesList
.isApplicablePolicyIdListReturned
- XACML Request's propertyreturnPolicyIdList
.combinedDecision
- XACML Request's propertyisCombinedDecision
xPathCompiler
- xpathExpression compiler, corresponding to the XACML RequestDefaults element, or null if no RequestDefaults element.namespaceURIsByPrefix
- namespace prefix-URI mappings (e.g. "... xmlns:prefix=uri") in the original XACML Request bound toreq
, used as part of the context for XPath evaluation- Returns:
- individual decision requests, as defined in Multiple Decision Profile, e.g. a singleton list if no multiple decision requested or supported by the pre-processor
Return a Collection and not array to make it easy for the implementer to create a defensive copy with Collections#unmodifiableList() and alike.
- Throws:
org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException
- if some feature requested in the Request is not supported by this pre-processor
-
-