org.jboss.security.xacml.sunxacml.combine
Class PolicyCombiningAlgorithm
java.lang.Object
org.jboss.security.xacml.sunxacml.combine.CombiningAlgorithm
org.jboss.security.xacml.sunxacml.combine.PolicyCombiningAlgorithm
- Direct Known Subclasses:
- DenyOverridesPolicyAlg, FirstApplicablePolicyAlg, OnlyOneApplicablePolicyAlg, PermitOverridesPolicyAlg
public abstract class PolicyCombiningAlgorithm
- extends CombiningAlgorithm
The base type for all Policy combining algorithms. Unlike in Rule
Combining Algorithms, each policy must be matched before they're evaluated
to make sure they apply. Also, in combining policies, obligations must be
handled correctly. Specifically, no obligation may be included in the
Result
that doesn't match the effect being returned. So, if
INDETERMINATE or NOT_APPLICABLE is the returned effect, no obligations
may be included in the result. If the effect of the combining algorithm
is PERMIT or DENY, then obligations with a matching fulfillOn effect
are also included in the result.
- Since:
- 1.0
- Author:
- Seth Proctor, Marco Barreno
Method Summary |
abstract Result |
combine(EvaluationCtx context,
List parameters,
List policyElements)
Combines the policies based on the context to produce some unified
result. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
PolicyCombiningAlgorithm
public PolicyCombiningAlgorithm(URI identifier)
- Constructor that takes the algorithm's identifier.
- Parameters:
identifier
- the algorithm's identifier
combine
public abstract Result combine(EvaluationCtx context,
List parameters,
List policyElements)
- Combines the policies based on the context to produce some unified
result. This is the one function of a combining algorithm.
Note that unlike in the RuleCombiningAlgorithms, here you must
explicitly match the sub-policies to make sure that you should
consider them, and you must handle Obligations.
- Specified by:
combine
in class CombiningAlgorithm
- Parameters:
context
- the representation of the requestparameters
- a (possibly empty) non-null List
of
CombinerParameterspolicyElements
- a List
of
CombinerElements
- Returns:
- a single unified result based on the combining logic
Copyright © 2011 JBoss, a division of Red Hat, Inc.. All Rights Reserved.