org.jboss.security.xacml.sunxacml

Class Rule

java.lang.Object

org.jboss.security.xacml.sunxacml.Rule

All Implemented Interfaces:

PolicyTreeElement

public class Rule
extends Object
implements PolicyTreeElement

Represents the RuleType XACML type. This has a target for matching, and encapsulates the condition and all sub-operations that make up the heart of most policies.

Since:

1.0

Author:

Seth Proctor

Constructor Summary

Constructors

Constructor and Description
Rule(URI id, int effect, String description, Target target, Apply condition) Deprecated. As of 2.0 you should use the Constructor that accepts the new Condition class.
Rule(URI id, int effect, String description, Target target, Condition condition) Creates a new Rule object for XACML 1.x and 2.0.

Method Summary

Methods

Modifier and Type	Method and Description
void	encode(OutputStream output) Encodes this Rule into its XML representation and writes this encoding to the given OutputStream with no indentation.
void	encode(OutputStream output, Indenter indenter) Encodes this Rule into its XML representation and writes this encoding to the given OutputStream with indentation.
Result	evaluate(EvaluationCtx context) Evaluates the rule against the supplied context.
List	getChildren() Since a rule is always a leaf in a policy tree because it can have no children, this always returns an empty List.
Condition	getCondition() Returns the condition for this Rule or null if there is no condition
String	getDescription() Returns the given description of this Rule or null if there is no description
int	getEffect() Returns the effect that this Rule will return from the evaluate method (Permit or Deny) if the request applies.
URI	getId() Returns the id of this Rule
static Rule	getInstance(Node root, PolicyMetaData metaData, VariableManager manager) Returns a new instance of the Rule class based on a DOM node.
static Rule	getInstance(Node root, String xpathVersion) Deprecated. As of 2.0 you should avoid using this method and should instead use the version that takes a PolicyMetaData instance. This method will only work for XACML 1.x policies.
Target	getTarget() Returns the target for this Rule or null if there is no target
MatchResult	match(EvaluationCtx context) Given the input context sees whether or not the request matches this Rule's Target.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Rule

public Rule(URI id,
    int effect,
    String description,
    Target target,
    Condition condition)

Creates a new Rule object for XACML 1.x and 2.0.

Parameters:

id - the rule's identifier

effect - the effect to return if the rule applies (either Pemit or Deny) as specified in Result

description - a textual description, or null

target - the rule's target, or null if the target is to be inherited from the encompassing policy

condition - the rule's condition, or null if there is none

Rule

public Rule(URI id,
    int effect,
    String description,
    Target target,
    Apply condition)

Deprecated. As of 2.0 you should use the Constructor that accepts the new Condition class.

Creates a new Rule object for XACML 1.x only.

Parameters:

id - the rule's identifier

effect - the effect to return if the rule applies (either Pemit or Deny) as specified in Result

description - a textual description, or null

target - the rule's target, or null if the target is to be inherited from the encompassing policy

condition - the rule's condition, or null if there is none

Method Detail

getInstance

public static Rule getInstance(Node root,
               String xpathVersion)
                        throws ParsingException

Deprecated. As of 2.0 you should avoid using this method and should instead use the version that takes a PolicyMetaData instance. This method will only work for XACML 1.x policies.

Returns a new instance of the Rule class based on a DOM node. The node must be the root of an XML RuleType.

Parameters:

root - the DOM root of a RuleType XML type

xpathVersion - the XPath version to use in any selectors or XPath functions, or null if this is unspecified (ie, not supplied in the defaults section of the policy)

Throws:

ParsingException - if the RuleType is invalid

getInstance

public static Rule getInstance(Node root,
               PolicyMetaData metaData,
               VariableManager manager)
                        throws ParsingException

Returns a new instance of the Rule class based on a DOM node. The node must be the root of an XML RuleType.

Parameters:

root - the DOM root of a RuleType XML type

metaData - the meta-data associated with this Rule's policy

manager - the VariableManager used to connect VariableReferences to their cooresponding VariableDefinitions

Throws:

ParsingException - if the RuleType is invalid

getEffect

public int getEffect()

Returns the effect that this Rule will return from the evaluate method (Permit or Deny) if the request applies.

Returns:

a decision effect, as defined in Result

getId

public URI getId()

Returns the id of this Rule

Specified by:

getId in interface PolicyTreeElement

Returns:

the rule id

getDescription

public String getDescription()

Returns the given description of this Rule or null if there is no description

Specified by:

getDescription in interface PolicyTreeElement

Returns:

the description or null

getTarget

public Target getTarget()

Returns the target for this Rule or null if there is no target

Specified by:

getTarget in interface PolicyTreeElement

Returns:

the rule's target

getChildren

public List getChildren()

Since a rule is always a leaf in a policy tree because it can have no children, this always returns an empty List.

Specified by:

getChildren in interface PolicyTreeElement

Returns:

a List with no elements

getCondition

public Condition getCondition()

Returns the condition for this Rule or null if there is no condition

Returns:

the rule's condition

match

public MatchResult match(EvaluationCtx context)

Given the input context sees whether or not the request matches this Rule's Target. Note that unlike the matching done by the evaluate method, if the Target is missing than this will return Indeterminate. This lets you write your own custom matching routines for rules but lets evaluation proceed normally.

Specified by:

match in interface PolicyTreeElement

Parameters:

context - the representation of the request

Returns:

the result of trying to match this rule and the request

evaluate

public Result evaluate(EvaluationCtx context)

Evaluates the rule against the supplied context. This will check that the target matches, and then try to evaluate the condition. If the target and condition apply, then the rule's effect is returned in the result.

Note that rules are not required to have targets. If no target is specified, then the rule inherits its parent's target. In the event that this Rule has no Target then the match is assumed to be true, since evaluating a policy tree to this level required the parent's target to match.

Specified by:

evaluate in interface PolicyTreeElement

Parameters:

context - the representation of the request we're evaluating

Returns:

the result of the evaluation

encode

public void encode(OutputStream output)

Encodes this Rule into its XML representation and writes this encoding to the given OutputStream with no indentation.

Specified by:

encode in interface PolicyTreeElement

Parameters:

output - a stream into which the XML-encoded data is written

encode

public void encode(OutputStream output,
          Indenter indenter)

Encodes this Rule into its XML representation and writes this encoding to the given OutputStream with indentation.

Specified by:

encode in interface PolicyTreeElement

Parameters:

output - a stream into which the XML-encoded data is written

indenter - an object that creates indentation strings