java.lang.Object

org.forgerock.openig.heap.GenericHeaplet

org.forgerock.openig.ping.PingOneApiAccessManagementFilterHeaplet

All Implemented Interfaces:: Heaplet

public class PingOneApiAccessManagementFilterHeaplet extends GenericHeaplet

This filter permits to evaluate the HTTP request and response against Ping One API Access Management (P1 AAM).

P1 AAM may decide to:

Block the incoming request and return a specific HTTP response (HTTP 403 with reason, for example)
Permit the incoming request, but update some of its attributes, such as its method, URL, headers and body.
Analyze the incoming response and update some of its attributes, such as its status, headers and body.

Limitation: This Filter does not permit to send client certificate, nor a pre-validated access token yet.

Usage:

 
 {
   "type": "PingOneApiAccessManagementFilter",
   "config": {
     "gatewayServiceURL"         : URL,             [REQUIRED - The Gateway service URL, can be found on PingOne under
                                                                'Authorization' > 'API Gateways' > 'Service URL']
     "secretsProvider"           : SecretsProvider, [REQUIRED - Contains the PingOne API Gateway credential]
     "gatewayCredentialSecretId" : boolean,         [REQUIRED - The secret ID pointing to the API Gateway credential
                                                                in the Secret Provider]
     "includeBody"               : boolean,         [OPTIONAL - Whether to include the request and response body to
                                                                Ping requests. Default to 'true']
     "sidebandHandler"           : Handler,         [OPTIONAL - The ClientHandler to use to contact PingOne API.
                                                                default to the Forgerock HttpClient]
  }
 }

Note: Including the body to every Ping Request will have impacts on HTTP exchange latency.

Field Summary

Fields inherited from class org.forgerock.openig.heap.GenericHeaplet
config, heap, name, object, qualified
Constructor Summary

Constructors

Constructor

Description

PingOneApiAccessManagementFilterHeaplet()
Method Summary

Modifier and Type

Method

Description

Object

create()

Called to request the heaplet create an object.

Methods inherited from class org.forgerock.openig.heap.GenericHeaplet
create, destroy, endpointRegistry, evaluatedWithHeapProperties, expression, getConfig, getHeap, getType, initialBindings, meterRegistryHolder, start

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- PingOneApiAccessManagementFilterHeaplet
  
  public PingOneApiAccessManagementFilterHeaplet()
Method Details
- create
  
  public Object create() throws HeapException
  
  Description copied from class: GenericHeaplet
  
  Called to request the heaplet create an object. Called by Heaplet.create(Name, JsonValue, Heap) after initializing the protected field members. Implementations should parse configuration but not acquire resources, start threads, or log any initialization messages. These tasks should be performed by the GenericHeaplet.start() method.
  
  Specified by:
  
  create in class GenericHeaplet
  
  Returns:
  
  The created object.
  
  Throws:
  
  HeapException - if an exception occurred during creation of the heap object or any of its dependencies.

Class PingOneApiAccessManagementFilterHeaplet

Field Summary

Fields inherited from class org.forgerock.openig.heap.GenericHeaplet

Constructor Summary

Method Summary

Methods inherited from class org.forgerock.openig.heap.GenericHeaplet

Methods inherited from class java.lang.Object

Constructor Details

PingOneApiAccessManagementFilterHeaplet

Method Details

create