Class PingOneProtectFeedbackFilter
java.lang.Object
org.forgerock.openig.ping.protect.PingOneProtectFeedbackFilter
- All Implemented Interfaces:
Filter
The
PingOneProtectFeedbackFilter
provides a feedback mechanism to capture the outcome of actions completed
as a result of the risk evaluation. That is, it enables us to update Protect and internal assumptions based on the
actions configured in the route for a given risk-level. The 'completionStatus' indicates the perceived success of the
actions completed.
{
"type": "PingOneProtectFeedbackFilter",
"config": {
"completionStatus" : enum [OPTIONAL - Completion status indicating the result of actions
completed as a result of a previous risk evaluation.
Values are limited to 'success' and 'failed'. For
safety reasons, the default is 'failed', meaning the
configurer must state explicitly that completion of
the actions indicate successful completion.]
"postSuccessSessionStateRiskLevel" : Expression<String>
[OPTIONAL - Configure to reset the local session state risk
level with the given value on successful completion
(only). This enables the cached last evaluation
level to be reduced on successful post-evaluation
actions, in order to avoid users having to repeat
authentication/ authorization actions. This is only
applicable if the PingOneProtectEvaluationFilter
is configured to throttle calls to Protect (see
'lowRiskThrottlePeriod'). Default is unset, meaning
no update to session state will be made.]
}
}
Note: This implementation does not currently feed back to PingOne Protect - it just maintains user session data.-
Nested Class Summary
Modifier and TypeClassDescriptionstatic class
Creates and initialises aPingOneProtectFeedbackFilter
in a heap environment. -
Method Summary
-
Method Details
-
filter
public Promise<Response,NeverThrowsException> filter(Context context, Request request, Handler next) Description copied from interface:Filter
Filters the request and/or response of an exchange. To pass the request to the next filter or handler in the chain, the filter callsnext.handle(context, request)
.This method may elect not to pass the request to the next filter or handler, and instead handle the request itself. It can achieve this by merely avoiding a call to
next.handle(context, request)
and creating its own response object. The filter is also at liberty to replace a response with another of its own by intercepting the response returned by the next handler.
-