com.sun.identity.xacml.saml2.impl

Class XACMLAuthzDecisionQueryImpl

java.lang.Object

com.sun.identity.saml2.protocol.impl.RequestAbstractImpl

com.sun.identity.xacml.saml2.impl.XACMLAuthzDecisionQueryImpl

All Implemented Interfaces:

RequestAbstract, XACMLAuthzDecisionQuery

public class XACMLAuthzDecisionQueryImpl
extends RequestAbstractImpl
implements XACMLAuthzDecisionQuery

The XACMLAuthzDecisionQueryImpl is an impelmentation of XACMLAuthzDecisionQuery interface. The XACMLAuthzDecisionQuery element is a SAML Query that extends SAML Protocol schema type RequestAbstractType. It allows an XACML PEP to submit an XACML Request Context in a SAML Query along with other information. This element is an alternative to SAML defined that allows an XACML PEP to communicate with an XACML PDP using SAML2 protocol.

<xs:element name="XACMLAuthzDecisionQuery"
         type="XACMLAuthzDecisionQueryType"/>
<xs:complexType name="XACMLAuthzDecisionQueryType">
  <xs:complexContent>
    <xs:extension base="samlp:RequestAbstractType">
      <xs:sequence>
        <xs:element ref="xacml-context:Request"/>
      <xs:sequence>
      <xs:attribute name="InputContextOnly"
                    type="boolean"
                    use="optional"
                    default="false"/>
      <xs:attribute name="ReturnContext"
                    type="boolean"
                    use="optional"
                    default="false"/>
    <xs:extension>
  <xs:complexContent>
<xs:complexType>
 

Schema for Base:

  <complexType name="RequestAbstractType" abstract="true">
      <sequence>
          <element ref="saml:Issuer" minOccurs="0"/>
          <element ref="ds:Signature" minOccurs="0"/>
          <element ref="samlp:Extensions" minOccurs="0"/>
      <sequence>
      <attribute name="ID" type="ID" use="required"/>
      <attribute name="Version" type="string" use="required"/>
      <attribute name="IssueInstant" type="dateTime" use="required"/>
      <attribute name="Destination" type="anyURI" use="optional"/>
        <attribute name="Consent" type="anyURI" use="optional"/>
  <complexType>
 

Constructor Summary

Constructors

Constructor and Description
XACMLAuthzDecisionQueryImpl() Default constructor
XACMLAuthzDecisionQueryImpl(Element element) This constructor is used to build XACMLAuthzDecisionQuery object from a block of existing XML that has already been built into a DOM.
XACMLAuthzDecisionQueryImpl(String xml) This constructor is used to build XACMLAuthzDecisionQuery object from a XML string.

Method Summary

Modifier and Type	Method and Description
boolean	getInputContextOnly() Returns the XML attribute boolean value which governs the source of information that the PDP is allowed to use in making an authorization decision.
Request	getRequest() Returns the xacml-context:Request element of this object
boolean	getReturnContext() Returns the XML attribute boolean value which provides means to PEP to request that an xacml-context:Request element be included in the XACMlAuthzdecisionStatement resulting from the request.
void	makeImmutable() Makes the object immutable
protected void	parseDOMElement(Element element) Parses the Docuemnt Element for this object.
void	setInputContextOnly(boolean inputContextOnly) Sets the XML attribute boolean value which governs the source of information that the PDP is allowed to use in making an authorization decision.
void	setRequest(Request request) Sets the xacml-context:Request element of this object
void	setReturnContext(boolean returnContext) Sets the boolean value for this XML attribute
String	toXMLString() Returns a string representation of this object
String	toXMLString(boolean includeNSPrefix, boolean declareNS) Returns a String representation of this object
protected void	validateData()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.sun.identity.xacml.saml2.XACMLAuthzDecisionQuery

isMutable

Methods inherited from interface com.sun.identity.saml2.protocol.RequestAbstract

getConsent, getDestination, getExtensions, getID, getIssueInstant, getIssuer, getSignature, getVersion, isSignatureValid, isSigned, setConsent, setDestination, setExtensions, setID, setIssueInstant, setIssuer, setVersion, sign

Constructor Detail

XACMLAuthzDecisionQueryImpl

public XACMLAuthzDecisionQueryImpl()

Default constructor

XACMLAuthzDecisionQueryImpl

public XACMLAuthzDecisionQueryImpl(Element element)
                            throws SAML2Exception

This constructor is used to build XACMLAuthzDecisionQuery object from a block of existing XML that has already been built into a DOM.

Parameters:

element - A org.w3c.dom.Element representing DOM tree for XACMLAuthzDecisionQuery object

Throws:

SAML2Exception - if it could not process the Element

XACMLAuthzDecisionQueryImpl

public XACMLAuthzDecisionQueryImpl(String xml)
                            throws SAML2Exception

This constructor is used to build XACMLAuthzDecisionQuery object from a XML string.

Parameters:

xml - A java.lang.String representing an XACMLAuthzDecisionQuery object

Throws:

XACMLException - if it could not process the XML string

SAML2Exception

Method Detail

getInputContextOnly

public boolean getInputContextOnly()

Returns the XML attribute boolean value which governs the source of information that the PDP is allowed to use in making an authorization decision. If this attribute is "true" then it indiactes that the authorization decision has been made solely on the basis of information contained in the XACMLAuthzDecisionQuery; no external attributes have been used. If this value is "false" then the decision may have been made on the basis of external attributes not conatined in the XACMLAuthzDecisionQuery.

Specified by:

getInputContextOnly in interface XACMLAuthzDecisionQuery

Returns:

boolean indicating the value of this attribute.

setInputContextOnly

public void setInputContextOnly(boolean inputContextOnly)
                         throws XACMLException

Sets the XML attribute boolean value which governs the source of information that the PDP is allowed to use in making an authorization decision. If this attribute is "true" then it indicates to the PDP that the authorization decision has to be made solely on the basis of information contained in the XACMLAuthzDecisionQuery; no external attributes may be used. If this value is "false" then the decision can be made on the basis of external attributes not conatined in the XACMlAuthzDecisionQuery.

Specified by:

setInputContextOnly in interface XACMLAuthzDecisionQuery

Parameters:

inputContextOnly - boolean indicating the value of this attribute.

Throws:

XACMLException - if the object is immutable An object is considered immutable if makeImmutable() has been invoked on it. It can be determined by calling isMutable on the object.

getReturnContext

public boolean getReturnContext()

Returns the XML attribute boolean value which provides means to PEP to request that an xacml-context:Request element be included in the XACMlAuthzdecisionStatement resulting from the request. It also governs the contents of that Request element. If this attribute is "true" then the PDP SHALL include the xacml-context:Request element in the XACMLAuthzDecisionStatement element in the XACMLResponse. The xacml-context:Request SHALL include all the attributes supplied by the PEP in the AuthzDecisionQuery which were used in making the authz decision. Other additional attributes which may have been used by the PDP may be included. If this attribute is "false" then the PDP SHALL NOT include the xacml-context:Request element in the XACMLAuthzDecisionStatement.

Specified by:

getReturnContext in interface XACMLAuthzDecisionQuery

Returns:

boolean indicating the value of this attribute.

setReturnContext

public void setReturnContext(boolean returnContext)
                      throws XACMLException

Sets the boolean value for this XML attribute

Specified by:

setReturnContext in interface XACMLAuthzDecisionQuery

Parameters:

returnContext - boolean indicating the value of this attribute.

Throws:

XACMLException - if the object is immutable An object is considered immutable if makeImmutable() has been invoked on it. It can be determined by calling isMutable on the object.

See Also:

XACMLAuthzDecisionQueryImpl.getReturnContext()

getRequest

public Request getRequest()

Returns the xacml-context:Request element of this object

Specified by:

getRequest in interface XACMLAuthzDecisionQuery

Returns:

the xacml-context:Request elements of this object

setRequest

public void setRequest(Request request)
                throws XACMLException

Sets the xacml-context:Request element of this object

Specified by:

setRequest in interface XACMLAuthzDecisionQuery

Parameters:

request - the xacml-context:Request element of this object.

Throws:

XACMLException - if the object is immutable An object is considered immutable if makeImmutable() has been invoked on it. It can be determined by calling isMutable on the object.

toXMLString

public String toXMLString()
                   throws XACMLException

Returns a string representation of this object

Specified by:

toXMLString in interface RequestAbstract

Specified by:

toXMLString in interface XACMLAuthzDecisionQuery

Overrides:

toXMLString in class RequestAbstractImpl

Returns:

a string representation of this object

Throws:

XACMLException - if conversion fails for any reason

toXMLString

public String toXMLString(boolean includeNSPrefix,
                          boolean declareNS)
                   throws XACMLException

Returns a String representation of this object

Specified by:

toXMLString in interface RequestAbstract

Specified by:

toXMLString in interface XACMLAuthzDecisionQuery

Overrides:

toXMLString in class RequestAbstractImpl

Parameters:

includeNSPrefix - Determines whether or not the namespace qualifier is prepended to the Element when converted

declareNS - Determines whether or not the namespace is declared within the Element.

Returns:

a string representation of this object

Throws:

XACMLException - if conversion fails for any reason

parseDOMElement

protected void parseDOMElement(Element element)
                        throws SAML2Exception

Description copied from class: RequestAbstractImpl

Parses the Docuemnt Element for this object.

Overrides:

parseDOMElement in class RequestAbstractImpl

Parameters:

element - the Document Element of this object.

Throws:

SAML2Exception - if error parsing the Document Element.

makeImmutable

public void makeImmutable()

Makes the object immutable

Specified by:

makeImmutable in interface RequestAbstract

Specified by:

makeImmutable in interface XACMLAuthzDecisionQuery

Overrides:

makeImmutable in class RequestAbstractImpl

validateData

protected void validateData()
                     throws SAML2Exception

Overrides:

validateData in class RequestAbstractImpl

Throws:

SAML2Exception