public class Rule extends Object implements PolicyTreeElement
Constructor and Description |
---|
Rule(URI id,
int effect,
String description,
Target target,
Apply condition)
Deprecated.
As of 2.0 you should use the Constructor that accepts
the new
Condition class. |
Rule(URI id,
int effect,
String description,
Target target,
Condition condition)
Creates a new
Rule object for XACML 1.x and 2.0. |
Modifier and Type | Method and Description |
---|---|
void |
encode(OutputStream output)
Encodes this
Rule into its XML representation and writes
this encoding to the given OutputStream with no
indentation. |
void |
encode(OutputStream output,
Indenter indenter)
Encodes this
Rule into its XML representation and writes
this encoding to the given OutputStream with
indentation. |
Result |
evaluate(EvaluationCtx context)
Evaluates the rule against the supplied context.
|
List |
getChildren()
Since a rule is always a leaf in a policy tree because it can have
no children, this always returns an empty
List . |
Condition |
getCondition()
Returns the condition for this
Rule or null if there
is no condition |
String |
getDescription()
Returns the given description of this
Rule or null if
there is no description |
int |
getEffect()
Returns the effect that this
Rule will return from
the evaluate method (Permit or Deny) if the request applies. |
URI |
getId()
Returns the id of this
Rule |
static Rule |
getInstance(Node root,
PolicyMetaData metaData,
VariableManager manager)
Returns a new instance of the
Rule class based on a
DOM node. |
static Rule |
getInstance(Node root,
String xpathVersion)
Deprecated.
As of 2.0 you should avoid using this method and should
instead use the version that takes a
PolicyMetaData instance. This method will
only work for XACML 1.x policies. |
Target |
getTarget()
Returns the target for this
Rule or null if there
is no target |
MatchResult |
match(EvaluationCtx context)
Given the input context sees whether or not the request matches this
Rule 's Target . |
public Rule(URI id, int effect, String description, Target target, Condition condition)
Rule
object for XACML 1.x and 2.0.id
- the rule's identifiereffect
- the effect to return if the rule applies (either
Pemit or Deny) as specified in Result
description
- a textual description, or nulltarget
- the rule's target, or null if the target is to be
inherited from the encompassing policycondition
- the rule's condition, or null if there is nonepublic Rule(URI id, int effect, String description, Target target, Apply condition)
Condition
class.Rule
object for XACML 1.x only.id
- the rule's identifiereffect
- the effect to return if the rule applies (either
Pemit or Deny) as specified in Result
description
- a textual description, or nulltarget
- the rule's target, or null if the target is to be
inherited from the encompassing policycondition
- the rule's condition, or null if there is nonepublic static Rule getInstance(Node root, String xpathVersion) throws ParsingException
PolicyMetaData
instance. This method will
only work for XACML 1.x policies.Rule
class based on a
DOM node. The node must be the root of an XML RuleType.root
- the DOM root of a RuleType XML typexpathVersion
- the XPath version to use in any selectors or XPath
functions, or null if this is unspecified (ie, not
supplied in the defaults section of the policy)ParsingException
- if the RuleType is invalidpublic static Rule getInstance(Node root, PolicyMetaData metaData, VariableManager manager) throws ParsingException
Rule
class based on a
DOM node. The node must be the root of an XML RuleType.root
- the DOM root of a RuleType XML typemetaData
- the meta-data associated with this Rule's policymanager
- the VariableManager
used to connect
VariableReference
s to their cooresponding
VariableDefinitions
ParsingException
- if the RuleType is invalidpublic int getEffect()
Rule
will return from
the evaluate method (Permit or Deny) if the request applies.Result
public URI getId()
Rule
getId
in interface PolicyTreeElement
public String getDescription()
Rule
or null if
there is no descriptiongetDescription
in interface PolicyTreeElement
public Target getTarget()
Rule
or null if there
is no targetgetTarget
in interface PolicyTreeElement
public List getChildren()
List
.getChildren
in interface PolicyTreeElement
List
with no elementspublic Condition getCondition()
Rule
or null if there
is no conditionpublic MatchResult match(EvaluationCtx context)
Rule
's Target
. Note that unlike the matching
done by the evaluate
method, if the Target
is missing than this will return Indeterminate. This lets you write
your own custom matching routines for rules but lets evaluation
proceed normally.match
in interface PolicyTreeElement
context
- the representation of the requestpublic Result evaluate(EvaluationCtx context)
Note that rules are not required to have targets. If no target is
specified, then the rule inherits its parent's target. In the event
that this Rule
has no Target
then the
match is assumed to be true, since evaluating a policy tree to this
level required the parent's target to match.
evaluate
in interface PolicyTreeElement
context
- the representation of the request we're evaluatingpublic void encode(OutputStream output)
Rule
into its XML representation and writes
this encoding to the given OutputStream
with no
indentation.encode
in interface PolicyTreeElement
output
- a stream into which the XML-encoded data is writtenpublic void encode(OutputStream output, Indenter indenter)
Rule
into its XML representation and writes
this encoding to the given OutputStream
with
indentation.encode
in interface PolicyTreeElement
output
- a stream into which the XML-encoded data is writtenindenter
- an object that creates indentation stringsCopyright © 2023 JBoss by Red Hat. All rights reserved.