Docjar: A Java Source and Docuemnt Enginecom.*    java.*    javax.*    org.*    all    new    plug-in

Quick Search    Search Deep

com.sun.xacml.attr.* (38)com.sun.xacml.combine.* (18)com.sun.xacml.cond.* (61)
com.sun.xacml.ctx.* (8)com.sun.xacml.finder.* (11)com.sun.xacml.test.* (8)

com.sun.xacml: Javadoc index of package com.sun.xacml.


Package Samples:

com.sun.xacml.finder.impl: The finder package supports all of the pieces of the XACML specification that require custom implementation.  
com.sun.xacml.cond: This is the root package, which contains the PDP class where most people will want to start.  
com.sun.xacml.attr.proxy: Contains many of the classes related to attributes and attribute retrieval.  
com.sun.xacml.cond.cluster: Support for Conditions is in this package.  
com.sun.xacml.attr
com.sun.xacml.combine
com.sun.xacml.ctx
com.sun.xacml.finder
com.sun.xacml.test

Classes:

ResourceFinder: This class is used by the PDP to handle resource scopes other than Immediate. In the case of a scope of Children or Descendants, the PDP needs a list of Resource Ids to evaluate, each of which will get its own Result. Like the PolicyFinder, this is not tied in any way to the rest of the PDP code, and could be provided as a stand-alone resource. This class basically is a coordinator that asks each module in turn if it can handle the given identifier. Evaluation proceeds in order through the given modules, and once a module returns a non-empty response (whether or not it contains any errors or only ...
PolicyFinder: This class is used by the PDP to find all policies used in evaluation. A PDP is given a pre-configured PolicyFinder on construction. The PolicyFinder provides the functionality both to find policies based on a request (ie, retrieve policies and match against the target) and based on an idReference (as can be included in a PolicySet). While this class is typically used by the PDP, it is intentionally designed to support stand-alone use, so it could be the base for a distributed service, or for some application that needs just this functionality. There is nothing in the PolicyFinder Note that it ...
SelectorModule: This module implements the basic behavior of the AttributeSelectorType, looking for attribute values in the physical request document using the given XPath expression. This is implemented as a separate module (instead of being implemented directly in AttributeSelector so that programmers can remove this functionality if they want (it's optional in the spec), so they can replace this code with more efficient, specific code as needed, and so they can easily swap in different XPath libraries. Note that if no matches are found, this module will return an empty bag (unless some error occurred). The ...
ConfigurationStore: This class supports run-time loading of configuration data. It loads the configurations from an XML file that conforms to the configuration schema. By design this class does not get used automatically, nor does it change the state of the system directly. A programmer must choose to support this mechanism in their program, and then must explicitly use loaded elements. This way, the programmer still has full control over their security model, but also has the convenience of re-using a common configuration mechanism. See http://sunxacml.sourceforge.net/schema/config-0.3.xsd for the valid schema. Note ...
BaseFunctionFactory: This is a basic implementation of FunctionFactory . It implements the insertion and retrieval methods, but it doesn't actually setup the factory with any functions. It also assumes a certain model with regard to the different kinds of functions (Target, Condition, and General). For this reason, you may want to re-use this class, or you may want to extend FunctionFactory directly, if you're writing a new factory implementation. Note that while this class is thread-safe on all creation methods, it is not safe to add support for a new function while creating an instance of a function. This follows ...
StandardFunctionFactory: This factory supports the standard set of functions specified in XACML 1.0 and 1.1. It is the default factory used by the system, and imposes a singleton pattern insuring that there is only ever one instance of this class. Note that because this supports only the standard functions, this factory does not allow the addition of any other functions. If you call addFunction on an instance of this class, an exception will be thrown. If you need a standard factory that is modifiable, you can either create a new BaseFunctionFactory (or some other implementation of FunctionFactory ) populated with the ...
AttributeFinder: This class is used by the PDP to find attribute values that weren't originally supplied in the request. It can be called with the data supplied in AttributeDesignator s or AttributeSelector s. Because the modules in this finder may themselves need attribute data to search for attribute data, it's possible that the modules will look for values in the EvaluationCtx , which may in turn result in the invocation of this finder again, so module writers need to be careful about how they build their modules. Note that unlike the PolicyFinder, this class doesn't always need to use every module it has to ...
StandardCombiningAlgFactory: This factory supports the standard set of algorithms specified in XACML 1.0 and 1.1. It is the default factory used by the system, and imposes a singleton pattern insuring that there is only ever one instance of this class. Note that because this supports only the standard algorithms, this factory does not allow the addition of any other algorithms. If you call addAlgorithm on an instance of this class, an exception will be thrown. If you need a standard factory that is modifiable, you should create a new BaseCombiningAlgFactory (or some other CombiningAlgFactory ) and configure it with the standard ...
StandardAttributeFactory: This factory supports the standard set of datatypes specified in XACML 1.0 and 1.1. It is the default factory used by the system, and imposes a singleton pattern insuring that there is only ever one instance of this class. Note that because this supports only the standard datatypes, this factory does not allow the addition of any other datatypes. If you call addDatatype on an instance of this class, an exception will be thrown. If you need a standard factory that is modifiable, you should create a new BaseAttributeFactory (or some other AttributeFactory ) and configure it with the standard datatypes ...
PolicyReference: This class is used as a placeholder for the PolicyIdReference and PolicySetIdReference fields in a PolicySetType. When a reference is used in a policy set, it is telling the PDP to use an external policy in the current policy. Each time the PDP needs to evaluate that policy reference, it asks the policy finder for the policy. Typically the policy finder will have cached the referenced policy, so this isn't too slow. NOTE: all of the accessor methods, the match method, and the evaluate method require this class to ask its PolicyFinder for the referenced policy, which can be a slow operation. Care ...
EvaluationCtx: Manages the context of a single policy evaluation. Typically, an instance is instantiated whenever the PDP gets a request and needs to perform an evaluation as a result. Note that this class does some optional caching for current date, time, and dateTime values (defined by a boolean flag to the constructors). The XACML specification requires that these values always be available, but it does not specify whether or not they must remain constant over the course of an evaluation if the values are being generated by the PDP (if the values are provided in the Request, then obviously they will remain ...
NOfFunction: A class that implements the n-of function. It requires at least one argument. The first argument must be an integer and the rest of the arguments must be booleans. If the number of boolean arguments that evaluate to true is at least the value of the first argument, the function returns true. Otherwise, it returns false (or indeterminate, as described in the next paragraph. This function evaluates the arguments one at a time, starting with the first one. As soon as the result of the function can be determined, evaluation stops and that result is returned. During this process, if any argument evaluates ...
BaseCombiningAlgFactory: This is a basic implementation of CombiningAlgFactory . It implements the insertion and retrieval methods, but doesn't actually setup the factory with any algorithms. Note that while this class is thread-safe on all creation methods, it is not safe to add support for a new algorithm while creating an instance of an algorithm. This follows from the assumption that most people will initialize these factories up-front, and then start processing without ever modifying the factories. If you need these mutual operations to be thread-safe, then you should write a wrapper class that implements the right ...
BaseAttributeFactory: This is a basic implementation of AttributeFactory . It implements the insertion and retrieval methods, but doesn't actually setup the factory with any datatypes. Note that while this class is thread-safe on all creation methods, it is not safe to add support for a new datatype while creating an instance of a value. This follows from the assumption that most people will initialize these factories up-front, and then start processing without ever modifying the factories. If you need these mutual operations to be thread-safe, then you should write a wrapper class that implements the right synchronization ...
PolicyCombiningAlgorithm: The base type for all Policy combining algorithms. Unlike in Rule Combining Algorithms, each policy must be matched before they're evaluated to make sure they apply. Also, in combining policies, obligations must be handled correctly. Specifically, no obligation may be included in the Result that doesn't match the effect being returned. So, if INDETERMINATE or NOT_APPLICABLE is the returned effect, no obligations may be included in the result. If the effect of the combining algorithm is PERMIT or DENY, then obligations with a matching fulfillOn effect are also included in the result.
CurrentEnvModule: Supports the current date, time, and dateTime values. The XACML specification states that these three values must always be available to a PDP. They may be included in the request, but if they're not, a PDP must be able to recognize the attribute and generate the correct value. The module provides support for this feature by generating real-time values as known at the host where this module is running. This class uses the caching functions of EvaluationCtx to make sure that values are constant within an evaluation, if that is the desired behavior.
FunctionFactory: Factory used to create all functions. There are three kinds of factories: general, condition, and target. These provide functions that can be used anywhere, only in a condition's root and only in a target (respectively). Note that all functions, except for abstract functions, are singletons, so any instance that is added to a factory will be the same one returned from the create methods. This is done because most functions don't have state, so there is no need to have more than one, or to spend the time creating multiple instances that all do the same thing.
StringAttribute: Representation of an xs:string value. This class supports parsing xs:string values. All objects of this class are immutable and all methods of the class are thread-safe. Note that there is currently some confusion in the XACML specification about whether this datatype should be able to handle XML elements (ie, whether <AttributeValue DataType="...string"><foo/> </AttributeValue> is valid). Until that is clarified the strict definition of the string datatype is used in this code, which means that elements are not valid.
BagAttribute: Represents a bag used in the XACML spec as return values from functions and designators/selectors that provide more than one value. All values in the bag are of the same type, and the bag may be empty. The bag is immutable, although its contents may not be. NOTE: This is the one standard attribute type that can't be created from the factory, since you can't have this in an XML block (it is used only in return values & dynamic inputs). I think this is right, but we may need to add some functionality to let this go into the factory.
EvaluationResult: This is used in cases where a normal result is some AttributeValue, but if an attribute couldn't be resolved (or some other problem occurred), then a Status object needs to be returned instead. This is used instead of throwing an exception for performance, but mainly because failure to resolve an attribute is not an error case for the code, merely for the evaluation, and represents normal operation. Separate exception types will be added later to represent errors in pdp operation.
DateMathFunction: A class that implements several of the date math functions. They all take two arguments. The first is a DateTimeAttribute or a DateAttribute (as the case may be) and the second is a DayTimeDurationAttribute or a YearMonthDurationAttribute (as the case may be). The function adds or subtracts the second argument to/from the first and returns a value of the same type as the first argument. If either of the arguments evaluates to indeterminate, an indeterminate result is returned.
FunctionCluster: Interface used by classes that support more than one function. It's a common design model to have a single class support more than one XACML function. In those cases, you should provide a proxy that implements FunctionCluster in addition to the Function . This is particularly important for the run-time configuration system, which uses this interface to create "clusters" of functions and therefore can use a smaller configuration file.
AttributeValue: The base type for all datatypes used in a policy or request/response, this abstract class represents a value for a given attribute type. All the required types defined in the XACML specification are provided as instances of AttributeValue s. If you want to provide a new type, extend this class and implement the equals(Object) and hashCode methods from Object , which are used for equality checking.
FilePolicyModule: This module represents a collection of files containing polices, each of which will be searched through when trying to find a policy that is applicable to a specific request. Note: this module is provided only as an example and for testing purposes. It is not part of the standard, and it should not be relied upon for production systems. In the future, this will likely be moved into a package with other similar example and testing code.
Base64: Class that knows how to encode and decode Base64 values. Base64 Content-Transfer-Encoding rules are defined in Section 6.8 of IETF RFC 2045 Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies , available at ftp://ftp.isi.edu/in-notes/rfc2045.txt . All methods of this class are static and thread-safe.

Home | Contact Us | Privacy Policy | Terms of Service