SunTM's XACML Implementation for JavaTM

com.sun.xacml.finder
Class AttributeFinderModule

java.lang.Object
  extended bycom.sun.xacml.finder.AttributeFinderModule
Direct Known Subclasses:
CurrentEnvModule, SelectorModule

public abstract class AttributeFinderModule
extends Object

This is the abstract class that all AttributeFinder modules extend. All methods have default values to represent that the given feature isn't supported by this module, so module writers needs only implement the methods for the features they're supporting.

Since:
1.0

Constructor Summary
AttributeFinderModule()
           
 
Method Summary
 EvaluationResult findAttribute(String contextPath, Node namespaceNode, URI attributeType, EvaluationCtx context, String xpathVersion)
          Tries to find attribute values based on the given selector data.
 EvaluationResult findAttribute(URI attributeType, URI attributeId, URI issuer, URI subjectCategory, EvaluationCtx context, int designatorType)
          Tries to find attribute values based on the given designator data.
 String getIdentifier()
          Returns this module's identifier.
 Set getSupportedDesignatorTypes()
          Returns a Set of Integers that represent which AttributeDesignator types are supported (eg, Subject, Resource, etc.), or null meaning that no particular types are supported.
 Set getSupportedIds()
          Returns a Set of URIs that represent the attributeIds handled by this module, or null if this module doesn't handle any specific attributeIds.
 void invalidateCache()
          This is an experimental method that asks the module to invalidate any cache values it may contain.
 boolean isDesignatorSupported()
          Returns true if this module supports retrieving attributes based on the data provided in an AttributeDesignatorType.
 boolean isSelectorSupported()
          Returns true if this module supports retrieving attributes based on the data provided in an AttributeSelectorType.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AttributeFinderModule

public AttributeFinderModule()
Method Detail

getIdentifier

public String getIdentifier()
Returns this module's identifier. A module does not need to provide a unique identifier, but it is a good idea, especially in support of management software. Common identifiers would be the full package and class name (the default if this method isn't overridden), just the class name, or some other well-known string that identifies this class.

Returns:
this module's identifier

isDesignatorSupported

public boolean isDesignatorSupported()
Returns true if this module supports retrieving attributes based on the data provided in an AttributeDesignatorType. By default this method returns false.

Returns:
true if retrieval based on designator data is supported

isSelectorSupported

public boolean isSelectorSupported()
Returns true if this module supports retrieving attributes based on the data provided in an AttributeSelectorType. By default this method returns false.

Returns:
true if retrieval based on selector data is supported

getSupportedDesignatorTypes

public Set getSupportedDesignatorTypes()
Returns a Set of Integers that represent which AttributeDesignator types are supported (eg, Subject, Resource, etc.), or null meaning that no particular types are supported. A return value of null can mean that this module doesn't support designator retrieval, or that it supports designators of all types. If the set is non-null, it should contain the values specified in the AttributeDesignator *_TARGET fields.

Returns:
a Set of Integers, or null

getSupportedIds

public Set getSupportedIds()
Returns a Set of URIs that represent the attributeIds handled by this module, or null if this module doesn't handle any specific attributeIds. A return value of null means that this module will try to resolve attributes of any id.

Returns:
a Set of URIs, or null

invalidateCache

public void invalidateCache()
This is an experimental method that asks the module to invalidate any cache values it may contain. This is not used by any of the core processing code, but it may be used by management software that wants to have some control over these modules. Since a module is free to decide how or if it caches values, and whether it is capable of updating values once in a cache, a module is free to intrepret this message in any way it sees fit (including igoring the message). It is preferable, however, for a module to make every effort to clear any dynamically cached values it contains.

This method has been introduced to see what people think of this functionality, and how they would like to use it. It may be removed in future versions, or it may be changed to a more general message-passing system (if other useful messages are identified).

Since:
1.2

findAttribute

public EvaluationResult findAttribute(URI attributeType,
                                      URI attributeId,
                                      URI issuer,
                                      URI subjectCategory,
                                      EvaluationCtx context,
                                      int designatorType)
Tries to find attribute values based on the given designator data. The result, if successful, must always contain a BagAttribute, even if only one value was found. If no values were found, but no other error occurred, an empty bag is returned. This method may need to invoke the context data to look for other attribute values, so a module writer must take care not to create a scenario that loops forever.

Parameters:
attributeType - the datatype of the attributes to find
attributeId - the identifier of the attributes to find
issuer - the issuer of the attributes, or null if unspecified
subjectCategory - the category of the attribute if the designatorType is SUBJECT_TARGET, otherwise null
context - the representation of the request data
designatorType - the type of designator as named by the *_TARGET fields in AttributeDesignator
Returns:
the result of attribute retrieval, which will be a bag of attributes or an error

findAttribute

public EvaluationResult findAttribute(String contextPath,
                                      Node namespaceNode,
                                      URI attributeType,
                                      EvaluationCtx context,
                                      String xpathVersion)
Tries to find attribute values based on the given selector data. The result, if successful, must always contain a BagAttribute, even if only one value was found. If no values were found, but no other error occurred, an empty bag is returned. This method may need to invoke the context data to look for other attribute values, so a module writer must take care not to create a scenario that loops forever.

Parameters:
contextPath - the XPath expression to search against
namespaceNode - the DOM node defining namespace mappings to use, or null if mappings come from the context root
attributeType - the datatype of the attributes to find
context - the representation of the request data
xpathVersion - the XPath version to use
Returns:
the result of attribute retrieval, which will be a bag of attributes or an error

Sun's XACML Implementation Version 1.2

Copyright 2003-2004 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms.

Sun, Sun Microsystems, the Sun Logo, and Java are trademarks or registered trademarks of Sun Microsystems, Inc. in the US and other countries.