org.apache.cxf.rt.security.xacml
Class DefaultXACMLRequestBuilder

java.lang.Object
  org.apache.cxf.rt.security.xacml.DefaultXACMLRequestBuilder

All Implemented Interfaces:

XACMLRequestBuilder

public class DefaultXACMLRequestBuilder
extends Object
implements XACMLRequestBuilder

This class constructs an XACML Request given a Principal, list of roles and MessageContext, following the SAML 2.0 profile of XACML 2.0. The principal name is inserted as the Subject ID, and the list of roles associated with that principal are inserted as Subject roles. The action to send defaults to "execute". For a SOAP Service, the resource-id Attribute refers to the "{serviceNamespace}serviceName#{operationNamespace}operationName" String (shortened to "{serviceNamespace}serviceName#operationName" if the namespaces are identical). The "{serviceNamespace}serviceName", "{operationNamespace}operationName" and resource URI are also sent to simplify processing at the PDP side. For a REST service the request URI is the resource. You can also configure the ability to send the full request URL instead for a SOAP or REST service. The current DateTime is also sent in an Environment, however this can be disabled via configuration.

DefaultXACMLRequestBuilder

public DefaultXACMLRequestBuilder()

setAction

public void setAction(String newAction)

Set a new Action String to use

getAction

public String getAction()

Get the Action String currently in use

createRequest

public org.opensaml.xacml.ctx.RequestType createRequest(Principal principal,
                                                        List<String> roles,
                                                        org.apache.cxf.message.Message message)
                                                 throws Exception

Create an XACML Request given a Principal, list of roles and Message.

Specified by:

createRequest in interface XACMLRequestBuilder

Parameters:

principal - The principal to insert into the Subject of the Request

roles - The list of roles associated with the principal

message - The Message from which to retrieve the resource

Returns:

An OpenSAML RequestType object

Throws:

Exception

isSendDateTime

public boolean isSendDateTime()

setSendDateTime

public void setSendDateTime(boolean sendDateTime)

isSendFullRequestURL

public boolean isSendFullRequestURL()

setSendFullRequestURL

public void setSendFullRequestURL(boolean sendFullRequestURL)

Whether to send the full Request URL as the resource or not. If set to true, the full Request URL will be sent for both a JAX-WS and JAX-RS service. If set to false, a JAX-WS service will send the "{namespace}operation" QName, and a JAX-RS service will send the RequestURI (i.e. minus the initial https: prefix).

getResources

public List<String> getResources(org.apache.cxf.message.Message message)

Description copied from interface: XACMLRequestBuilder

Return the list of Resources that have been inserted into the Request.

Specified by:

getResources in interface XACMLRequestBuilder

Parameters:

message - The Message from which to retrieve the resource

Returns:

the list of Resources that have been inserted into the Request

getResource

public String getResource(org.apache.cxf.message.Message message)

Description copied from interface: XACMLRequestBuilder

Return the Resource that has been inserted into the Request.

Specified by:

getResource in interface XACMLRequestBuilder

Parameters:

message - The Message from which to retrieve the resource

Returns:

the Resource that has been inserted into the Request