|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.wso2.balana.Rule
public class Rule
Represents the RuleType XACML type. This has a target for matching, and encapsulates the condition and all sub-operations that make up the heart of most policies.
Constructor Summary | |
---|---|
Rule(URI id,
int effect,
String description,
AbstractTarget target,
Apply condition,
int xacmlVersion)
Deprecated. As of 2.0 you should use the Constructor that accepts the new Condition class. |
|
Rule(URI id,
int effect,
String description,
AbstractTarget target,
Condition condition)
Deprecated. As of 2.0 you should use the Constructor that accepts the new Condition class. |
|
Rule(URI id,
int effect,
String description,
AbstractTarget target,
Condition condition,
Set<AbstractObligation> obligationExpressions,
Set<AdviceExpression> adviceExpressions,
int xacmlVersion)
Creates a new Rule object for XACML 1.x and 2.0. |
Method Summary | |
---|---|
String |
encode()
Encodes this PolicyTreeElement into its XML form |
void |
encode(StringBuilder builder)
Encodes this PolicyTreeElement into its XML form and writes this out to the provided
StringBuilder |
AbstractResult |
evaluate(EvaluationCtx context)
Evaluates the rule against the supplied context. |
List |
getChildren()
Since a rule is always a leaf in a policy tree because it can have no children, this always returns an empty List . |
Condition |
getCondition()
Returns the condition for this Rule or null if there is no condition |
String |
getDescription()
Returns the given description of this Rule or null if there is no description |
int |
getEffect()
Returns the effect that this Rule will return from the evaluate method (Permit
or Deny) if the request applies. |
URI |
getId()
Returns the id of this Rule |
static Rule |
getInstance(Node root,
PolicyMetaData metaData,
VariableManager manager)
Returns a new instance of the Rule class based on a DOM node. |
static Rule |
getInstance(Node root,
String xpathVersion)
Deprecated. As of 2.0 you should avoid using this method and should instead use the version that takes a PolicyMetaData instance. This method will only work for
XACML 1.x policies. |
AbstractTarget |
getTarget()
Returns the target for this Rule or null if there is no target |
MatchResult |
match(EvaluationCtx context)
Given the input context sees whether or not the request matches this Rule 's
Target . |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public Rule(URI id, int effect, String description, AbstractTarget target, Condition condition, Set<AbstractObligation> obligationExpressions, Set<AdviceExpression> adviceExpressions, int xacmlVersion)
Rule
object for XACML 1.x and 2.0.
id
- the rule's identifiereffect
- the effect to return if the rule applies (either Pemit or Deny) as specified in
Result
description
- a textual description, or nulltarget
- the rule's target, or null if the target is to be inherited from the
encompassing policycondition
- the rule's condition, or null if there is noneobligationExpressions
- the rule's ObligationExpressionsadviceExpressions
- the rule's AdviceExpressionsxacmlVersion
- xacml versionpublic Rule(URI id, int effect, String description, AbstractTarget target, Apply condition, int xacmlVersion)
Condition
class.
Rule
object for XACML 1.x only.
id
- the rule's identifiereffect
- the effect to return if the rule applies (either Pemit or Deny) as specified in
Result
description
- a textual description, or nulltarget
- the rule's target, or null if the target is to be inherited from the
encompassing policycondition
- the rule's condition, or null if there is nonexacmlVersion
- xacml versionpublic Rule(URI id, int effect, String description, AbstractTarget target, Condition condition)
Condition
class.
Rule
object for XACML 1.x only.
id
- the rule's identifiereffect
- the effect to return if the rule applies (either Pemit or Deny) as specified in
Result
description
- a textual description, or nulltarget
- the rule's target, or null if the target is to be inherited from the
encompassing policycondition
- the rule's condition, or null if there is noneMethod Detail |
---|
public static Rule getInstance(Node root, String xpathVersion) throws ParsingException
PolicyMetaData
instance. This method will only work for
XACML 1.x policies.
Rule
class based on a DOM node. The node must be
the root of an XML RuleType.
root
- the DOM root of a RuleType XML typexpathVersion
- the XPath version to use in any selectors or XPath functions, or null if
this is unspecified (ie, not supplied in the defaults section of the policy)
ParsingException
- if the RuleType is invalidpublic static Rule getInstance(Node root, PolicyMetaData metaData, VariableManager manager) throws ParsingException
Rule
class based on a DOM node. The node must be
the root of an XML RuleType.
root
- the DOM root of a RuleType XML typemetaData
- the meta-data associated with this Rule's policymanager
- the VariableManager
used to connect
VariableReference
s to their cooresponding
VariableDefinitions
- Throws:
ParsingException
- if the RuleType is invalid
public int getEffect()
Rule
will return from the evaluate method (Permit
or Deny) if the request applies.
Result
public URI getId()
Rule
getId
in interface PolicyTreeElement
public String getDescription()
Rule
or null if there is no description
getDescription
in interface PolicyTreeElement
public AbstractTarget getTarget()
Rule
or null if there is no target
getTarget
in interface PolicyTreeElement
public List getChildren()
List
.
getChildren
in interface PolicyTreeElement
List
with no elementspublic Condition getCondition()
Rule
or null if there is no condition
public MatchResult match(EvaluationCtx context)
Rule
's
Target
. Note that unlike the matching done by the evaluate
method,
if the Target
is missing than this will return Indeterminate. This lets you
write your own custom matching routines for rules but lets evaluation proceed normally.
match
in interface PolicyTreeElement
context
- the representation of the request
public AbstractResult evaluate(EvaluationCtx context)
Note that rules are not required to have targets. If no target is specified, then the rule
inherits its parent's target. In the event that this Rule
has no
Target
then the match is assumed to be true, since evaluating a policy tree to
this level required the parent's target to match.
evaluate
in interface PolicyTreeElement
context
- the representation of the request we're evaluating
public String encode()
PolicyTreeElement
PolicyTreeElement
into its XML form
encode
in interface PolicyTreeElement
String
public void encode(StringBuilder builder)
PolicyTreeElement
PolicyTreeElement
into its XML form and writes this out to the provided
StringBuilder
- Specified by:
encode
in interface PolicyTreeElement
- Parameters:
builder
- string stream into which the XML-encoded data is written
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |