public final class PolicyBasedAccessControlHandler extends AccessControlHandler<PolicyBasedAccessControlHandlerCfg> implements RequestFilter
AccessController.
Implementation notes: this class provides two policy enforcement points. Firstly, it inserts itself in the global
router filter chain by invoking PolicyBasedAccessControlRequestFilter.enable(RequestFilter), where it is
able to intercept all requests before they are processed by the global router. Secondly, as a side-effect of
implementing the AccessControlHandler interface, it is also invoked at the local backend layer, after the
router. However, there is no additional access control performed - all of the AccessControlHandler methods
are stubbed out.
| Constructor and Description |
|---|
PolicyBasedAccessControlHandler() |
| Modifier and Type | Method and Description |
|---|---|
Flowable<Response> |
filter(org.forgerock.services.context.Context context,
Request request,
RequestHandler next)
Filters the request and/or response of an exchange.
|
void |
finalizeAccessControlHandler()
Performs any necessary finalization for the access control handler implementation.
|
void |
initializeAccessControlHandler(PolicyBasedAccessControlHandlerCfg configuration,
ServerContext serverContext)
Initializes the access control handler implementation based on the information in the provided configuration
entry.
|
boolean |
isConfigurationAcceptable(PolicyBasedAccessControlHandlerCfg configuration,
List<LocalizableMessage> unacceptableReasons,
ServerContext serverContext)
Indicates whether the provided configuration is acceptable for this access control handler.
|
public void initializeAccessControlHandler(PolicyBasedAccessControlHandlerCfg configuration, ServerContext serverContext) throws ConfigException, InitializationException
AccessControlHandlerinitializeAccessControlHandler in class AccessControlHandler<PolicyBasedAccessControlHandlerCfg>configuration - The configuration object that contains the information to use to initialize this access control
handler.serverContext - the server context for this Directory Server instance.ConfigException - If an unrecoverable problem arises in the process of performing the initialization.InitializationException - If a problem occurs during initialization that is not related to the server configuration.public boolean isConfigurationAcceptable(PolicyBasedAccessControlHandlerCfg configuration, List<LocalizableMessage> unacceptableReasons, ServerContext serverContext)
AccessControlHandlerisConfigurationAcceptable in class AccessControlHandler<PolicyBasedAccessControlHandlerCfg>configuration - The access control handler configuration for which to make the determination.unacceptableReasons - A list that may be used to hold the reasons that the provided configuration is not acceptable.serverContext - the server context for this Directory Server instance.true if the provided configuration is acceptable for this access control handler, or
false if not.public void finalizeAccessControlHandler()
AccessControlHandlerfinalizeAccessControlHandler in class AccessControlHandler<PolicyBasedAccessControlHandlerCfg>public Flowable<Response> filter(org.forgerock.services.context.Context context, Request request, RequestHandler next) throws Exception
RequestFilternext.handle(context, request).
This method may elect not to pass the request to the next filter or handler, and instead handle the request
itself. It can achieve this by merely avoiding a call to next.handle(context, request) and creating its
own response object. The filter is also at liberty to replace a response with another of its own by intercepting
the response returned by the next handler.
filter in interface RequestFiltercontext - The request context.request - The request.next - The next filter or handler in the chain to handle the request.Flowable representing the response to be returned to the client.Exception - If an error occurred during the processing of the request.Copyright 2010-2022 ForgeRock AS.