Use value processing on responses returned from attributes or services to transform the resolved value.
You can add a value processor when you create or edit an attribute or service. For ease of reuse, you can also define a value processor to reference by name by going to
.The PingAuthorize Policy Editor supports the following value processors:
- Collection filter
- Collection transform
- JSON Path
- X Path
- Spring Expression Language (SpEL)
- Named
You can combine these processors to form a chain of processors.
All processors have a type that indicates what the output data type should be after applying the expression.
You can reorder collapsed value processors by dragging the handles on the left or by using the keyboard.
To reorder using the keyboard:
- Press Tab to go to the processor,
- Press Enter to select the processor.
- Press the Up Arrow or Down Arrow to go to the desired location.
- Press Enter to drop the processor in the new location.
Collection filter
When the data being processed is a collection, you can set a collection filter to examine each item in the collection and keep only the items that satisfy a condition. A collection filter uses a value processor to yield a true or false for each item in the collection. When true, the original item goes in the resulting collection; when false, it is omitted.
Each item in the collection can optionally be preprocessed by one or more value
processors before applying the condition. For example, suppose you received a JSON
collection from a service invocation and want to filter the items by the
score
field. The input data might look like the following:
[
{ "name": "Alice", "role": "Sender", "score": 72 },
{ "name": "Bob", "role": "Receiver", "score": 36 },
{ "name": "Carol", "role": "Observer", "score": 47 },
{ "name": "Dave", "role": "Attacker", "score": 99 }
]
A collection filter processor could achieve this by using a JSON Path preprocessor to
extract the score
:
$.score
The following SpEL condition yields a true or false decision for each item:
#this > 50
Each list item is, in turn, passed through the preprocessing and the condition. The first item has a score of 72, which is greater than 50, so the condition yields true and the item is retained for the result collection. The second and third items have scores less than 50, so the condition yields false and these items are omitted. The final item also has a score higher than 50 and is retained.
The result of the collection filter is:
[
{ "name": "Alice", "role": "Sender", "score": 72 },
{ "name": "Dave", "role": "Attacker", "score": 99 }
]
The values produced by the preprocessing and condition are only used to determine inclusion. The final result of a collection filter consists of those original collection items that satisfied the predicate after preprocessing.
If the condition or preprocessing produces an error for any item in the input
collection (for example, if a score
field is missing or is not a
number in the source data), the whole collection filter is considered to have
failed.
Collection transform
When the data being processed is a collection, you can set a transform to apply a processor or a sequence of processors to each item in the collection.
Assume you have the following input collection:
[
{ "name": "Alice", "role": "Sender", "score": 72 },
{ "name": "Bob", "role": "Receiver", "score": 36 },
{ "name": "Carol", "role": "Observer", "score": 47 },
{ "name": "Dave", "role": "Attacker", "score": 99 }
]
The following JSON Path processor extracts the name
field for each
item:
$.name
This SpEL processor converts each name
to upper case:
#this.toUpperCase()
Then the resulting collection consists of just the extracted names converted to upper case, preserving the order of the original collection:
[ "ALICE", "BOB", "CAROL", "DAVE" ]
If the item processor produces an error for any item, the overall collection transform processor produces an error.
JSON Path
With JSON Path, you can extract data from JSON objects. For example, assume you have a service that resolves to the following JSON:
{
"name": "Joe Bloggs",
"requestedItems": [
{
"id": "b5f963fa-111e-49ff-994b-b89a20a2c1d5",
"price": 125.00
},
{
"id": "84e204dd-44f5-4a84-8e58-972c2a9c80b4",
"price": 299.99
}
]
}
To extract the price
fields of all requested items, you set the
Value Processor to JSON Path with
the expression $.requestedItems[*].price
.
For more information about JSON Path expressions, see https://github.com/json-path/JsonPath.
XPath
XPath is the XML-equivalent of JSON Path and follows a very similar syntax.Learn more about XPath expressions in the XPath tutorial on w3schools.com.
The Policy Editor only supports the use of XPath 1.0. Functions added in later versions are not available.
SpEL (Spring Expression Language)
With the SpEL, you can perform more complicated data processing. Expressions are applied directly to the resolved value. For example, assume you want to search for a substring that matches the following regular expression:
\[[0-9]*\.[0-9]\]
You then set the processor to SpEL and set the expression to the following:
matches(\[[0-9]*\.[0-9]\])
Attribute values can be interpolated into the SpEL expression directly using curly brackets, which can be useful if you want to combine multiple attribute values into a single value:
{{Customer.Age}} - {{State.Drinking Age}} >= 0
Learn more in Attribute interpolation.
When interpolating an attribute in a SpEL expression, such as
Customer.Age
, you cannot surround this attribute with
quotation marks. For example, to concatenate a string with an interpolated
attribute value:
"Age" + {{Customer.Age}}
Learn more about tSpEL in the official Spring Framework docs.
Learn more about the Java classes available for SpEL processing in Configuring SpEL Java classes for value processing.
Named
Use named value processors to create reusable value processing logic.
Extracting this logic into reusable components helps abstract some of the complexity when you define an attribute or a service and reduces repetition.
You can still create inline value processors that co-exist with named value processors.
To define a named value processor that you can reference, go to
.Chained value processors
You can chain processors together to combine data preprocessing steps.
For example, you can extract data using JSON Path and then apply a SpEL processor to the extracted data. Suppose you have a service response that resolves to the following JSON:
{
"name": "Joe Bloggs",
"city": "London",
"country": "UK"
}
Suppose you want to extract the country
data and transform the value
to United Kingdom
, whenever the current value is
UK
. You would add a JSON Path processor to extract the
country
value, followed by a SpEL expression to transform the
value:
You can make a chained processor reusable by creating it as named processor. That way, you can implement even more complex processing by using named processors as the building blocks.