Class SingleDecisionXacmlJsonRequestPreprocessor
- java.lang.Object
-
- org.ow2.authzforce.core.pdp.io.xacml.json.BaseXacmlJsonRequestPreprocessor
-
- org.ow2.authzforce.core.pdp.io.xacml.json.SingleDecisionXacmlJsonRequestPreprocessor
-
- All Implemented Interfaces:
org.ow2.authzforce.core.pdp.api.DecisionRequestPreprocessor<org.json.JSONObject,IndividualXacmlJsonRequest>
public final class SingleDecisionXacmlJsonRequestPreprocessor extends BaseXacmlJsonRequestPreprocessor
Default XACML/JSON - according to XACML JSON Profile - Request preprocessor for Individual Decision Requests only (no support of Multiple Decision Profile in particular)- Version:
- $Id: $
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
SingleDecisionXacmlJsonRequestPreprocessor.LaxVariantFactory
Factory for this type of request preprocessor that allows duplicate <Attribute> with same meta-data in the same <Attributes> element of a Request (complying with XACML 3.0 core spec, §7.3.3) but using JSON-Profile-defined format.static class
SingleDecisionXacmlJsonRequestPreprocessor.StrictVariantFactory
Factory for this type of request preprocessor that does NOT allow duplicate <Attribute> with same meta-data in the same <Attributes> element of a Request (NOT complying fully with XACML 3.0 core spec, §7.3.3) but using JSON-Profile-defined format.-
Nested classes/interfaces inherited from class org.ow2.authzforce.core.pdp.io.xacml.json.BaseXacmlJsonRequestPreprocessor
BaseXacmlJsonRequestPreprocessor.Factory
-
-
Field Summary
-
Fields inherited from class org.ow2.authzforce.core.pdp.io.xacml.json.BaseXacmlJsonRequestPreprocessor
UNSUPPORTED_MULTI_REQUESTS_EXCEPTION
-
-
Constructor Summary
Constructors Constructor Description SingleDecisionXacmlJsonRequestPreprocessor(org.ow2.authzforce.core.pdp.api.value.AttributeValueFactoryRegistry datatypeFactoryRegistry, org.ow2.authzforce.core.pdp.api.DecisionRequestFactory<org.ow2.authzforce.core.pdp.api.ImmutableDecisionRequest> requestFactory, boolean strictAttributeIssuerMatch, boolean allowAttributeDuplicates, boolean requireContentForXPath, Set<String> extraPdpFeatures)
Creates instance of default request preprocessor
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description List<IndividualXacmlJsonRequest>
process(org.json.JSONArray jsonArrayOfRequestAttributeCategoryObjects, org.ow2.authzforce.core.pdp.api.io.SingleCategoryXacmlAttributesParser<org.json.JSONObject> xacmlAttrsParser, boolean isApplicablePolicyIdListReturned, boolean combinedDecision, Optional<org.ow2.authzforce.core.pdp.api.expression.XPathCompilerProxy> xPathCompiler, Map<String,String> namespaceURIsByPrefix)
Pre-processes (validates and/or transforms) a Request, may result in multiple individual decision requests, e.g.-
Methods inherited from class org.ow2.authzforce.core.pdp.io.xacml.json.BaseXacmlJsonRequestPreprocessor
getInputRequestType, getOutputRequestType, process
-
-
-
-
Constructor Detail
-
SingleDecisionXacmlJsonRequestPreprocessor
public SingleDecisionXacmlJsonRequestPreprocessor(org.ow2.authzforce.core.pdp.api.value.AttributeValueFactoryRegistry datatypeFactoryRegistry, org.ow2.authzforce.core.pdp.api.DecisionRequestFactory<org.ow2.authzforce.core.pdp.api.ImmutableDecisionRequest> requestFactory, boolean strictAttributeIssuerMatch, boolean allowAttributeDuplicates, boolean requireContentForXPath, Set<String> extraPdpFeatures)
Creates instance of default request preprocessor- Parameters:
datatypeFactoryRegistry
- attribute datatype registryrequestFactory
- decision request factorystrictAttributeIssuerMatch
- true iff strict attribute Issuer match must be enforced (in particular request attributes with empty Issuer only match corresponding AttributeDesignators with empty Issuer)allowAttributeDuplicates
- true iff duplicate Attribute (with same metadata) elements in Request (for multi-valued attributes) must be allowedrequireContentForXPath
- true iff Content elements must be parsed, else ignoredextraPdpFeatures
- extra - not mandatory per XACML 3.0 core specification - features supported by the PDP engine. This preprocessor checks whether it is supported by the PDP before processing the request further.
-
-
Method Detail
-
process
public List<IndividualXacmlJsonRequest> process(org.json.JSONArray jsonArrayOfRequestAttributeCategoryObjects, org.ow2.authzforce.core.pdp.api.io.SingleCategoryXacmlAttributesParser<org.json.JSONObject> xacmlAttrsParser, boolean isApplicablePolicyIdListReturned, boolean combinedDecision, Optional<org.ow2.authzforce.core.pdp.api.expression.XPathCompilerProxy> xPathCompiler, Map<String,String> namespaceURIsByPrefix) throws org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException
Description copied from class:BaseXacmlJsonRequestPreprocessor
Pre-processes (validates and/or transforms) a Request, may result in multiple individual decision requests, e.g. if implementing the Multiple Decision Profile or Hierarchical Resource profile- Specified by:
process
in classBaseXacmlJsonRequestPreprocessor
- Parameters:
jsonArrayOfRequestAttributeCategoryObjects
- array of XACML JSON Category objects, null if nonexacmlAttrsParser
- XACML Attributes element Parser instance, used to parse each Attributes inattributesList
.isApplicablePolicyIdListReturned
- XACML Request's propertyreturnPolicyIdList
.combinedDecision
- XACML Request's propertyisCombinedDecision
xPathCompiler
- xpathExpression compiler, corresponding to the XACML RequestDefaults element, or null if no RequestDefaults element.namespaceURIsByPrefix
- namespace prefix-URI mappings (e.g. "... xmlns:prefix=uri") in the original XACML Request bound toreq
, used as part of the context for XPath evaluation- Returns:
- individual decision requests, as defined in Multiple Decision Profile, e.g. a singleton list if no multiple decision requested or supported by the pre-processor
Return a Collection and not array to make it easy for the implementer to create a defensive copy with Collections#unmodifiableList() and alike.
- Throws:
org.ow2.authzforce.core.pdp.api.IndeterminateEvaluationException
- if some feature requested in the Request is not supported by this pre-processor
-
-