PolicyRequest.java revision c8ab19d28fde5eda3b2daab4b1124887681fedf9
/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2014 ForgeRock AS.
*/
/**
* Basic policy request that captures the common attributes for all policy requests.
*
* @since 12.0.0
*/
public abstract class PolicyRequest {
// Used to map a list to a set.
/** Used to parse Json Web Tokens. */
private final Subject restSubject;
private final Subject policySubject;
private final String application;
}
public Subject getRestSubject() {
return restSubject;
}
public Subject getPolicySubject() {
return policySubject;
}
public String getApplication() {
return application;
}
return realm;
}
return environment;
}
/**
* Given the policy evaluator dispatch oneself as one knows best.
*
* @param evaluator
* the non-null policy evaluator
*
* @return a list of policy decisions retrieved from the evaluator
*
* @throws EntitlementException
* should dispatch and evaluation fail
*/
/**
* Policy request builder used to assist with the construction of policy requests and to bring some separation.
*
* @param <T>
* the concrete request type this builder makes
*/
static abstract class PolicyRequestBuilder<T extends PolicyRequest> {
private final Subject restSubject;
private final Subject policySubject;
private final String application;
/**
* Standard builder constructor.
*
* @param context
* non-null context
* @param request
* non-null request
*
* @throws EntitlementException
* should the request construction fail
*/
PolicyRequestBuilder(final ServerContext context, final ActionRequest request) throws EntitlementException {
}
if (restSubject == null) {
// Caller of the REST service is required to have been authenticated.
}
return restSubject;
}
/**
* Gets the subject for which policy is being evaluated (i.e., the target of the decision). Checks to see if a
* "subject" attribute is present in the request. If so, then the JSON object it contains is parsed, with each
* key of the object resulting in a new Principal in the resulting Subject. The following keys are supported:
* <ul>
* <li>{@code ssoToken} - value is an SSO token id</li>
* <li>{@code jwt} - value is a (possibly signed) Json Web Token (e.g., OIDC id_token)</li>
* <li>{@code claims} - value is a JSON object containing raw JWT claims</li>
* </ul>
* The latter two options must include a {@code sub} claim containing the name of the subject. If multiple
* principals are specified, there is no guarantee about the order they will appear in the subject.
*
* @param context the subject context in which the request is being processed.
* @param value the request JSON body.
* @param defaultSubject the default subject to use if the request does not specify one.
* @return the subject to use in evaluating the request.
* @throws EntitlementException if a subject is present in the request but invalid.
*/
return defaultSubject;
}
try {
}
}
}
// Invalid subject defined.
}
return policySubject;
} catch (JwtReconstructionException ex) {
} catch (IllegalArgumentException ex) {
} catch (NullPointerException ex) {
}
}
return value.get(APPLICATION).defaultTo(ApplicationTypeManager.URL_APPLICATION_TYPE_NAME).asString();
}
}
return (environment != null) ?
}
/**
* @return a concrete policy request instance
*/
abstract T build();
}
/**
* Mapper function used to transform a list of strings to a set of strings.
*/
private final static class ListToSetMapper implements Function<List<String>, Set<String>, NeverThrowsException> {
}
}
}