Class PingOneProtectFeedbackFilter

java.lang.Object
org.forgerock.openig.ping.protect.PingOneProtectFeedbackFilter
All Implemented Interfaces:
Filter

public class PingOneProtectFeedbackFilter extends Object implements Filter
The PingOneProtectFeedbackFilter provides a feedback mechanism to capture the outcome of actions completed as a result of the risk evaluation. That is, it enables us to update Protect and internal assumptions based on the actions configured in the route for a given risk-level. The 'completionStatus' indicates the perceived success of the actions completed.
 {
      "type": "PingOneProtectFeedbackFilter",
      "config": {
        "completionStatus"      : enum                [OPTIONAL - Completion status indicating the result of actions
                                                                  completed as a result of a previous risk evaluation.
                                                                  Values are limited to 'success' and 'failed'. For
                                                                  safety reasons, the default is 'failed', meaning the
                                                                  configurer must state explicitly that completion of
                                                                  the actions indicate successful completion.]
        "postSuccessSessionStateRiskLevel" : Expression<String>
                                                      [OPTIONAL - Configure to reset the local session state risk
                                                                  level with the given value on successful completion
                                                                  (only). This enables the cached last evaluation
                                                                  level to be reduced on successful post-evaluation
                                                                  actions, in order to avoid users having to repeat
                                                                  authentication/ authorization actions. This is only
                                                                  applicable if the PingOneProtectEvaluationFilter
                                                                  is configured to throttle calls to Protect (see
                                                                  'lowRiskThrottlePeriod'). Default is unset, meaning
                                                                  no update to session state will be made.]
      }
  }
  
 
Note: This implementation does not currently feed back to PingOne Protect - it just maintains user session data.
See Also:
  • Method Details

    • filter

      public Promise<Response,NeverThrowsException> filter(Context context, Request request, Handler next)
      Description copied from interface: Filter
      Filters the request and/or response of an exchange. To pass the request to the next filter or handler in the chain, the filter calls next.handle(context, request).

      This method may elect not to pass the request to the next filter or handler, and instead handle the request itself. It can achieve this by merely avoiding a call to next.handle(context, request) and creating its own response object. The filter is also at liberty to replace a response with another of its own by intercepting the response returned by the next handler.

      Specified by:
      filter in interface Filter
      Parameters:
      context - The request context.
      request - The request.
      next - The next filter or handler in the chain to handle the request.
      Returns:
      A Promise representing the response to be returned to the client.