Package com.sun.identity.xacml.saml2.impl

Class XACMLAuthzDecisionQueryImpl

java.lang.Object
com.sun.identity.saml2.protocol.impl.RequestAbstractImpl
com.sun.identity.xacml.saml2.impl.XACMLAuthzDecisionQueryImpl
All Implemented Interfaces:
XmlSerializable, RequestAbstract, XACMLAuthzDecisionQuery
@SupportedAll public class XACMLAuthzDecisionQueryImpl extends com.sun.identity.saml2.protocol.impl.RequestAbstractImpl implements XACMLAuthzDecisionQuery
The XACMLAuthzDecisionQueryImpl is an impelmentation of XACMLAuthzDecisionQuery interface. The XACMLAuthzDecisionQuery element is a SAML Query that extends SAML Protocol schema type RequestAbstractType. It allows an XACML PEP to submit an XACML Request Context in a SAML Query along with other information. This element is an alternative to SAML defined <samlp:AuthzDecisionQuery> that allows an XACML PEP to communicate with an XACML PDP using SAML2 protocol. 

<xs:element name="XACMLAuthzDecisionQuery"
         type="XACMLAuthzDecisionQueryType"/>
<xs:complexType name="XACMLAuthzDecisionQueryType">
  <xs:complexContent>
    <xs:extension base="samlp:RequestAbstractType">
      <xs:sequence>
        <xs:element ref="xacml-context:Request"/>
      <xs:sequence>
      <xs:attribute name="InputContextOnly"
                    type="boolean"
                    use="optional"
                    default="false"/>
      <xs:attribute name="ReturnContext"
                    type="boolean"
                    use="optional"
                    default="false"/>
    <xs:extension>
  <xs:complexContent>
<xs:complexType>
Schema for Base: 
  <complexType name="RequestAbstractType" abstract="true">
      <sequence>
          <element ref="saml:Issuer" minOccurs="0"/>
          <element ref="ds:Signature" minOccurs="0"/>
          <element ref="samlp:Extensions" minOccurs="0"/>
      <sequence>
      <attribute name="ID" type="ID" use="required"/>
      <attribute name="Version" type="string" use="required"/>
      <attribute name="IssueInstant" type="dateTime" use="required"/>
      <attribute name="Destination" type="anyURI" use="optional"/>
        <attribute name="Consent" type="anyURI" use="optional"/>
  <complexType>

  • Constructor Details

    • XACMLAuthzDecisionQueryImpl

      public XACMLAuthzDecisionQueryImpl()
      Default constructor

    • XACMLAuthzDecisionQueryImpl

      public XACMLAuthzDecisionQueryImpl(Element element) throws com.sun.identity.saml2.common.SAML2Exception
      This constructor is used to build XACMLAuthzDecisionQuery object from a block of existing XML that has already been built into a DOM.
      Parameters:
      element - A org.w3c.dom.Element representing DOM tree for XACMLAuthzDecisionQuery object
      Throws:
      com.sun.identity.saml2.common.SAML2Exception - if it could not process the Element

    • XACMLAuthzDecisionQueryImpl

      public XACMLAuthzDecisionQueryImpl(String xml) throws com.sun.identity.saml2.common.SAML2Exception
      This constructor is used to build XACMLAuthzDecisionQuery object from a XML string.
      Parameters:
      xml - A java.lang.String representing an XACMLAuthzDecisionQuery object
      Throws:
      XACMLException - if it could not process the XML string
      com.sun.identity.saml2.common.SAML2Exception

  • Method Details

    • getInputContextOnly

      public boolean getInputContextOnly()
      Returns the XML attribute boolean value which governs the source of information that the PDP is allowed to use in making an authorization decision. If this attribute is "true" then it indiactes that the authorization decision has been made solely on the basis of information contained in the XACMLAuthzDecisionQuery; no external attributes have been used. If this value is "false" then the decision may have been made on the basis of external attributes not conatined in the XACMLAuthzDecisionQuery.
      Specified by:
      getInputContextOnly in interface XACMLAuthzDecisionQuery
      Returns:
      boolean indicating the value of this attribute.

    • setInputContextOnly

      public void setInputContextOnly(boolean inputContextOnly) throws XACMLException
      Sets the XML attribute boolean value which governs the source of information that the PDP is allowed to use in making an authorization decision. If this attribute is "true" then it indicates to the PDP that the authorization decision has to be made solely on the basis of information contained in the XACMLAuthzDecisionQuery; no external attributes may be used. If this value is "false" then the decision can be made on the basis of external attributes not conatined in the XACMlAuthzDecisionQuery.
      Specified by:
      setInputContextOnly in interface XACMLAuthzDecisionQuery
      Parameters:
      inputContextOnly - boolean indicating the value of this attribute.
      Throws:
      XACMLException - if the object is immutable An object is considered immutable if makeImmutable() has been invoked on it. It can be determined by calling isMutable on the object.

    • getReturnContext

      public boolean getReturnContext()
      Returns the XML attribute boolean value which provides means to PEP to request that an xacml-context:Request element be included in the XACMlAuthzdecisionStatement resulting from the request. It also governs the contents of that Request element. If this attribute is "true" then the PDP SHALL include the xacml-context:Request element in the XACMLAuthzDecisionStatement element in the XACMLResponse. The xacml-context:Request SHALL include all the attributes supplied by the PEP in the AuthzDecisionQuery which were used in making the authz decision. Other additional attributes which may have been used by the PDP may be included. If this attribute is "false" then the PDP SHALL NOT include the xacml-context:Request element in the XACMLAuthzDecisionStatement.
      Specified by:
      getReturnContext in interface XACMLAuthzDecisionQuery
      Returns:
      boolean indicating the value of this attribute.

    • setReturnContext

      public void setReturnContext(boolean returnContext) throws XACMLException
      Sets the boolean value for this XML attribute
      Specified by:
      setReturnContext in interface XACMLAuthzDecisionQuery
      Parameters:
      returnContext - boolean indicating the value of this attribute.
      Throws:
      XACMLException - if the object is immutable An object is considered immutable if makeImmutable() has been invoked on it. It can be determined by calling isMutable on the object.
      See Also:

    • getRequest

      public Request getRequest()
      Returns the xacml-context:Request element of this object
      Specified by:
      getRequest in interface XACMLAuthzDecisionQuery
      Returns:
      the xacml-context:Request elements of this object

    • setRequest

      public void setRequest(Request request) throws XACMLException
      Sets the xacml-context:Request element of this object
      Specified by:
      setRequest in interface XACMLAuthzDecisionQuery
      Parameters:
      request - the xacml-context:Request element of this object.
      Throws:
      XACMLException - if the object is immutable An object is considered immutable if makeImmutable() has been invoked on it. It can be determined by calling isMutable on the object.

    • toDocumentFragment

      public DocumentFragment toDocumentFragment(Document document, boolean includeNSPrefix, boolean declareNS) throws com.sun.identity.saml2.common.SAML2Exception
      Description copied from interface: XmlSerializable
      Serializes the element into an XML DocumentFragment. A default implementation is provided for compatibility with legacy code that implements XmlSerializable.toXMLString(), but it is highly recommended to override this method.
      Specified by:
      toDocumentFragment in interface XmlSerializable
      Parameters:
      document - the parent Document to create the document fragment from.
      includeNSPrefix - whether to include a namespace prefix in the document elements.
      declareNS - whether to declare any namespaces or assume that they are already declared.
      Returns:
      the XML document fragment representing this SAML2 element.
      Throws:
      com.sun.identity.saml2.common.SAML2Exception - if the element cannot be serialized for any reason.

    • parseDOMElement

      protected void parseDOMElement(Element element) throws com.sun.identity.saml2.common.SAML2Exception
      Throws:
      com.sun.identity.saml2.common.SAML2Exception

    • makeImmutable

      public void makeImmutable()
      Makes the object immutable
      Specified by:
      makeImmutable in interface RequestAbstract
      Specified by:
      makeImmutable in interface XACMLAuthzDecisionQuery

    • validateData

      protected void validateData() throws com.sun.identity.saml2.common.SAML2Exception
      Throws:
      com.sun.identity.saml2.common.SAML2Exception