|Home >> All >> com >> sun >> xacml >> [ finder Javadoc ]|
com.sun.xacml.finder: Javadoc index of package com.sun.xacml.finder.
com.sun.xacml.finder.impl: The finder package supports all of the pieces of the XACML specification that require custom implementation.
ResourceFinder: This class is used by the PDP to handle resource scopes other than Immediate. In the case of a scope of Children or Descendants, the PDP needs a list of Resource Ids to evaluate, each of which will get its own Result. Like the PolicyFinder, this is not tied in any way to the rest of the PDP code, and could be provided as a stand-alone resource. This class basically is a coordinator that asks each module in turn if it can handle the given identifier. Evaluation proceeds in order through the given modules, and once a module returns a non-empty response (whether or not it contains any errors or only ...
PolicyFinder: This class is used by the PDP to find all policies used in evaluation. A PDP is given a pre-configured PolicyFinder on construction. The PolicyFinder provides the functionality both to find policies based on a request (ie, retrieve policies and match against the target) and based on an idReference (as can be included in a PolicySet). While this class is typically used by the PDP, it is intentionally designed to support stand-alone use, so it could be the base for a distributed service, or for some application that needs just this functionality. There is nothing in the PolicyFinder Note that it ...
SelectorModule: This module implements the basic behavior of the AttributeSelectorType, looking for attribute values in the physical request document using the given XPath expression. This is implemented as a separate module (instead of being implemented directly in AttributeSelector so that programmers can remove this functionality if they want (it's optional in the spec), so they can replace this code with more efficient, specific code as needed, and so they can easily swap in different XPath libraries. Note that if no matches are found, this module will return an empty bag (unless some error occurred). The ...
AttributeFinder: This class is used by the PDP to find attribute values that weren't originally supplied in the request. It can be called with the data supplied in AttributeDesignator s or AttributeSelector s. Because the modules in this finder may themselves need attribute data to search for attribute data, it's possible that the modules will look for values in the EvaluationCtx , which may in turn result in the invocation of this finder again, so module writers need to be careful about how they build their modules. Note that unlike the PolicyFinder, this class doesn't always need to use every module it has to ...
CurrentEnvModule: Supports the current date, time, and dateTime values. The XACML specification states that these three values must always be available to a PDP. They may be included in the request, but if they're not, a PDP must be able to recognize the attribute and generate the correct value. The module provides support for this feature by generating real-time values as known at the host where this module is running. This class uses the caching functions of EvaluationCtx to make sure that values are constant within an evaluation, if that is the desired behavior.
FilePolicyModule: This module represents a collection of files containing polices, each of which will be searched through when trying to find a policy that is applicable to a specific request. Note: this module is provided only as an example and for testing purposes. It is not part of the standard, and it should not be relied upon for production systems. In the future, this will likely be moved into a package with other similar example and testing code.
PolicyFinderResult: This is used as the return value for the findPolicy() methods in the PolicyFinder . It communicates either a found policy that applied to the request (eg, the target matches), an Indeterminate state, or no applicable policies. The OnlyOneApplicable combining logic is used in looking for a policy, so the result from calling findPolicy can never be more than one policy.
ResourceFinderResult: This is used to return Resource Ids from the ResourceFinder. Unlike the PolicyFinder, this never returns an empty set, since it will always contain at least the original parent resource. This class will provide two sets of identifiers: those that were successfully resolved and those that had an error.
AttributeFinderModule: This is the abstract class that all AttributeFinder modules extend. All methods have default values to represent that the given feature isn't supported by this module, so module writers needs only implement the methods for the features they're supporting.
ResourceFinderModule: This is the abstract class that all ResourceFinder modules extend. All methods have default values to represent that the given feature isn't supported by this module, so module writers needs only implement the methods for the features they're supporting.
PolicyFinderModule: This is the abstract class that all PolicyFinder modules extend. All methods have default values to represent that the given feature isn't supported by this module, so module writers needs only implement the methods for the features they're supporting.