JBoss port of sunxacml 2.0.8.Final-redhat-1

org.jboss.security.xacml.sunxacml
Class Rule

java.lang.Object
  extended by org.jboss.security.xacml.sunxacml.Rule
All Implemented Interfaces:
PolicyTreeElement

public class Rule
extends Object
implements PolicyTreeElement

Represents the RuleType XACML type. This has a target for matching, and encapsulates the condition and all sub-operations that make up the heart of most policies.

Since:
1.0
Author:
Seth Proctor

Constructor Summary
Rule(URI id, int effect, String description, Target target, Apply condition)
          Deprecated. As of 2.0 you should use the Constructor that accepts the new Condition class.
Rule(URI id, int effect, String description, Target target, Condition condition)
          Creates a new Rule object for XACML 1.x and 2.0.
 
Method Summary
 void encode(OutputStream output)
          Encodes this Rule into its XML representation and writes this encoding to the given OutputStream with no indentation.
 void encode(OutputStream output, Indenter indenter)
          Encodes this Rule into its XML representation and writes this encoding to the given OutputStream with indentation.
 Result evaluate(EvaluationCtx context)
          Evaluates the rule against the supplied context.
 List getChildren()
          Since a rule is always a leaf in a policy tree because it can have no children, this always returns an empty List.
 Condition getCondition()
          Returns the condition for this Rule or null if there is no condition
 String getDescription()
          Returns the given description of this Rule or null if there is no description
 int getEffect()
          Returns the effect that this Rule will return from the evaluate method (Permit or Deny) if the request applies.
 URI getId()
          Returns the id of this Rule
static Rule getInstance(Node root, PolicyMetaData metaData, VariableManager manager)
          Returns a new instance of the Rule class based on a DOM node.
static Rule getInstance(Node root, String xpathVersion)
          Deprecated. As of 2.0 you should avoid using this method and should instead use the version that takes a PolicyMetaData instance. This method will only work for XACML 1.x policies.
 Target getTarget()
          Returns the target for this Rule or null if there is no target
 MatchResult match(EvaluationCtx context)
          Given the input context sees whether or not the request matches this Rule's Target.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

Rule

public Rule(URI id,
            int effect,
            String description,
            Target target,
            Condition condition)
Creates a new Rule object for XACML 1.x and 2.0.

Parameters:
id - the rule's identifier
effect - the effect to return if the rule applies (either Pemit or Deny) as specified in Result
description - a textual description, or null
target - the rule's target, or null if the target is to be inherited from the encompassing policy
condition - the rule's condition, or null if there is none

Rule

public Rule(URI id,
            int effect,
            String description,
            Target target,
            Apply condition)
Deprecated. As of 2.0 you should use the Constructor that accepts the new Condition class.

Creates a new Rule object for XACML 1.x only.

Parameters:
id - the rule's identifier
effect - the effect to return if the rule applies (either Pemit or Deny) as specified in Result
description - a textual description, or null
target - the rule's target, or null if the target is to be inherited from the encompassing policy
condition - the rule's condition, or null if there is none
Method Detail

getInstance

public static Rule getInstance(Node root,
                               String xpathVersion)
                        throws ParsingException
Deprecated. As of 2.0 you should avoid using this method and should instead use the version that takes a PolicyMetaData instance. This method will only work for XACML 1.x policies.

Returns a new instance of the Rule class based on a DOM node. The node must be the root of an XML RuleType.

Parameters:
root - the DOM root of a RuleType XML type
xpathVersion - the XPath version to use in any selectors or XPath functions, or null if this is unspecified (ie, not supplied in the defaults section of the policy)
Throws:
ParsingException - if the RuleType is invalid

getInstance

public static Rule getInstance(Node root,
                               PolicyMetaData metaData,
                               VariableManager manager)
                        throws ParsingException
Returns a new instance of the Rule class based on a DOM node. The node must be the root of an XML RuleType.

Parameters:
root - the DOM root of a RuleType XML type
metaData - the meta-data associated with this Rule's policy
manager - the VariableManager used to connect VariableReferences to their cooresponding VariableDefinitions
Throws:
ParsingException - if the RuleType is invalid

getEffect

public int getEffect()
Returns the effect that this Rule will return from the evaluate method (Permit or Deny) if the request applies.

Returns:
a decision effect, as defined in Result

getId

public URI getId()
Returns the id of this Rule

Specified by:
getId in interface PolicyTreeElement
Returns:
the rule id

getDescription

public String getDescription()
Returns the given description of this Rule or null if there is no description

Specified by:
getDescription in interface PolicyTreeElement
Returns:
the description or null

getTarget

public Target getTarget()
Returns the target for this Rule or null if there is no target

Specified by:
getTarget in interface PolicyTreeElement
Returns:
the rule's target

getChildren

public List getChildren()
Since a rule is always a leaf in a policy tree because it can have no children, this always returns an empty List.

Specified by:
getChildren in interface PolicyTreeElement
Returns:
a List with no elements

getCondition

public Condition getCondition()
Returns the condition for this Rule or null if there is no condition

Returns:
the rule's condition

match

public MatchResult match(EvaluationCtx context)
Given the input context sees whether or not the request matches this Rule's Target. Note that unlike the matching done by the evaluate method, if the Target is missing than this will return Indeterminate. This lets you write your own custom matching routines for rules but lets evaluation proceed normally.

Specified by:
match in interface PolicyTreeElement
Parameters:
context - the representation of the request
Returns:
the result of trying to match this rule and the request

evaluate

public Result evaluate(EvaluationCtx context)
Evaluates the rule against the supplied context. This will check that the target matches, and then try to evaluate the condition. If the target and condition apply, then the rule's effect is returned in the result.

Note that rules are not required to have targets. If no target is specified, then the rule inherits its parent's target. In the event that this Rule has no Target then the match is assumed to be true, since evaluating a policy tree to this level required the parent's target to match.

Specified by:
evaluate in interface PolicyTreeElement
Parameters:
context - the representation of the request we're evaluating
Returns:
the result of the evaluation

encode

public void encode(OutputStream output)
Encodes this Rule into its XML representation and writes this encoding to the given OutputStream with no indentation.

Specified by:
encode in interface PolicyTreeElement
Parameters:
output - a stream into which the XML-encoded data is written

encode

public void encode(OutputStream output,
                   Indenter indenter)
Encodes this Rule into its XML representation and writes this encoding to the given OutputStream with indentation.

Specified by:
encode in interface PolicyTreeElement
Parameters:
output - a stream into which the XML-encoded data is written
indenter - an object that creates indentation strings

JBoss port of sunxacml 2.0.8.Final-redhat-1

Copyright © 2012 JBoss by Red Hat. All Rights Reserved.