public class StaticPolicyFinderModule extends PolicyFinderModule
PolicyFinderModule
that
supports retrieval based on context, and is designed for use with a
run-time configuration. Its constructor accepts a List
of
String
s that represent URLs or files, and these are resolved
to policies when the module is initialized. Beyond this, there is no
modifying or re-loading the policies represented by this class. This
class will optionally wrap multiple applicable policies into a dynamic
PolicySet.
Note that this class is designed to complement
StaticRefPolicyFinderModule
. It would be easy to support both
kinds of policy retrieval in a single class, but the functionality is
instead split between two classes. The reason is that when you define a
configuration for your PDP, it's easier to specify the two sets of policies
by using two different finder modules. Typically, there aren't many
policies that exist in both sets, so loading the sets separately isn't
a problem. If this is a concern to you, simply create your own class and
merge the two existing classes.
This module is provided as an example, but is still fully functional, and
should be useful for many simple applications. This is provided in the
support
package rather than the core codebase because it
implements non-standard behavior.
Constructor and Description |
---|
StaticPolicyFinderModule(List policyList)
Creates a
StaticPolicyFinderModule that provides
access to the given collection of policies and returns an error when
more than one policy matches a given context. |
StaticPolicyFinderModule(List policyList,
String schemaFile)
Creates a
StaticPolicyFinderModule that provides
access to the given collection of policies and returns an error when
more than one policy matches a given context. |
StaticPolicyFinderModule(String combiningAlg,
List policyList)
Creates a
StaticPolicyFinderModule that provides
access to the given collection of policies. |
StaticPolicyFinderModule(String combiningAlg,
List policyList,
String schemaFile)
Creates a
StaticPolicyFinderModule that provides
access to the given collection of policies. |
Modifier and Type | Method and Description |
---|---|
PolicyFinderResult |
findPolicy(EvaluationCtx context)
Finds a policy based on a request's context.
|
void |
init(PolicyFinder finder)
Initialize this module.
|
boolean |
isRequestSupported()
Always returns
true since this module does support
finding policies based on context. |
findPolicy, getIdentifier, invalidateCache, isIdReferenceSupported
public StaticPolicyFinderModule(List policyList)
StaticPolicyFinderModule
that provides
access to the given collection of policies and returns an error when
more than one policy matches a given context. Any policy that cannot
be loaded will be noted in the log, but will not cause an error. The
schema file used to validate policies is defined by the property
PolicyReader.POLICY_SCHEMA_PROPERTY
. If the retrieved
property is null, then no schema validation will occur.policyList
- a List
of String
s that
represent URLs or files pointing to XACML policiespublic StaticPolicyFinderModule(List policyList, String schemaFile)
StaticPolicyFinderModule
that provides
access to the given collection of policies and returns an error when
more than one policy matches a given context. Any policy that cannot
be loaded will be noted in the log, but will not cause an error.policyList
- a List
of String
s that
represent URLs or files pointing to XACML policiesschemaFile
- the schema file to validate policies against,
or null if schema validation is not desiredpublic StaticPolicyFinderModule(String combiningAlg, List policyList) throws URISyntaxException, UnknownIdentifierException
StaticPolicyFinderModule
that provides
access to the given collection of policies. The given combining
algorithm is used to create new PolicySets when more than one
policy applies. Any policy that cannot be loaded will be noted in
the log, but will not cause an error. The schema file used to
validate policies is defined by the property
PolicyReader.POLICY_SCHEMA_PROPERTY
. If the retrieved
property is null, then no schema validation will occur.combiningAlg
- the algorithm to use in a new PolicySet when more
than one policy appliespolicyList
- a List
of String
s that
represent URLs or files pointing to XACML policiesURISyntaxException
- if the combining algorithm is not a
well-formed URIUnknownIdentifierException
- if the combining algorithm identifier
isn't knownpublic StaticPolicyFinderModule(String combiningAlg, List policyList, String schemaFile) throws URISyntaxException, UnknownIdentifierException
StaticPolicyFinderModule
that provides
access to the given collection of policies. The given combining
algorithm is used to create new PolicySets when more than one
policy applies. Any policy that cannot be loaded will be noted in
the log, but will not cause an error.combiningAlg
- the algorithm to use in a new PolicySet when more
than one policy appliespolicyList
- a List
of String
s that
represent URLs or files pointing to XACML policiesschemaFile
- the schema file to validate policies against,
or null if schema validation is not desiredURISyntaxException
- if the combining algorithm is not a
well-formed URIUnknownIdentifierException
- if the combining algorithm identifier
isn't knownpublic boolean isRequestSupported()
true
since this module does support
finding policies based on context.isRequestSupported
in class PolicyFinderModule
public void init(PolicyFinder finder)
PolicyFinder
when a PDP is created. This method is
where the policies are actually loaded.init
in class PolicyFinderModule
finder
- the PolicyFinder
using this modulepublic PolicyFinderResult findPolicy(EvaluationCtx context)
findPolicy
in class PolicyFinderModule
context
- the representation of the request dataCopyright © 2023 JBoss by Red Hat. All rights reserved.