public final class PolicyBasedAccessControlHandler extends AccessControlHandler<PolicyBasedAccessControlHandlerCfg> implements RequestFilter
AccessController
.
Implementation notes: this class provides two policy enforcement points. Firstly, it inserts itself in the global
router filter chain by invoking PolicyBasedAccessControlRequestFilter.enable(RequestFilter)
, where it is
able to intercept all requests before they are processed by the global router. Secondly, as a side-effect of
implementing the AccessControlHandler
interface, it is also invoked at the local backend layer, after the
router. However, there is no additional access control performed - all of the AccessControlHandler
methods
are stubbed out.
Constructor and Description |
---|
PolicyBasedAccessControlHandler() |
Modifier and Type | Method and Description |
---|---|
Flowable<Response> |
filter(org.forgerock.services.context.Context context,
Request request,
RequestHandler next)
Filters the request and/or response of an exchange.
|
void |
finalizeAccessControlHandler()
Performs any necessary finalization for the access control handler implementation.
|
void |
initializeAccessControlHandler(PolicyBasedAccessControlHandlerCfg configuration,
ServerContext serverContext)
Initializes the access control handler implementation based on the information in the provided configuration
entry.
|
boolean |
isConfigurationAcceptable(PolicyBasedAccessControlHandlerCfg configuration,
List<LocalizableMessage> unacceptableReasons,
ServerContext serverContext)
Indicates whether the provided configuration is acceptable for this access control handler.
|
public void initializeAccessControlHandler(PolicyBasedAccessControlHandlerCfg configuration, ServerContext serverContext) throws ConfigException, InitializationException
AccessControlHandler
initializeAccessControlHandler
in class AccessControlHandler<PolicyBasedAccessControlHandlerCfg>
configuration
- The configuration object that contains the information to use to initialize this access control
handler.serverContext
- the server context for this Directory Server instance.ConfigException
- If an unrecoverable problem arises in the process of performing the initialization.InitializationException
- If a problem occurs during initialization that is not related to the server configuration.public boolean isConfigurationAcceptable(PolicyBasedAccessControlHandlerCfg configuration, List<LocalizableMessage> unacceptableReasons, ServerContext serverContext)
AccessControlHandler
isConfigurationAcceptable
in class AccessControlHandler<PolicyBasedAccessControlHandlerCfg>
configuration
- The access control handler configuration for which to make the determination.unacceptableReasons
- A list that may be used to hold the reasons that the provided configuration is not acceptable.serverContext
- the server context for this Directory Server instance.true
if the provided configuration is acceptable for this access control handler, or
false
if not.public void finalizeAccessControlHandler()
AccessControlHandler
finalizeAccessControlHandler
in class AccessControlHandler<PolicyBasedAccessControlHandlerCfg>
public Flowable<Response> filter(org.forgerock.services.context.Context context, Request request, RequestHandler next) throws Exception
RequestFilter
next.handle(context, request)
.
This method may elect not to pass the request to the next filter or handler, and instead handle the request
itself. It can achieve this by merely avoiding a call to next.handle(context, request)
and creating its
own response object. The filter is also at liberty to replace a response with another of its own by intercepting
the response returned by the next handler.
filter
in interface RequestFilter
context
- The request context.request
- The request.next
- The next filter or handler in the chain to handle the request.Flowable
representing the response to be returned to the client.Exception
- If an error occurred during the processing of the request.Copyright 2010-2022 ForgeRock AS.