/**
* Create a PepRequest just using Strings
*
* <p>Note to developers: all the newPepRequest methods eventually call {@link
* #newPEPRequest}({@link PepRequestOperation}), which
*
* @param subjectName String representing the name of the subject ex: Josh
* @param actionId String representing the action ex: read
* @param resourceId String representing the resource ex: file1234
* @return a PepRequest populated with attributes mapped from the params
* @throws PepException Indicates that there is some issue creating the <code>PEPRequest</code>
*/
public PepRequest newPepRequest(String subjectName, String actionId, String resourceId)
throws PepException {
if (log.isTraceEnabled()) log.trace("Start Simple Decide");
PepRequest request = this.newPEPRequest(PepRequestOperation.DECIDE);
request.setAccessSubject(subjectName);
request.setResourceAction(resourceId, actionId);
// request.setEnvironment(new Date());
return request;
}
/**
* Create a PepRequest using any set of objects for the Subject, Action, Resource, Environment
* entities.
*
* <p>Note: for this PepRequest to work, the appropriate {@link JavaObjectMapper} classes must be
* configured and set using {@link RequestAttributesFactoryImpl#setMappers(List)}
*
* @param subjectObj Object representing the Subject ex: javax.auth.security.Subject
* @param actionObj Object representing the Action ex: String (read)
* @param resourceObj Object representing the Resource ex: String (file) or File
* @param environmentObj Object representing the Environment ex: Map containing attributes name
* and values
* @return a PepRequest populated with attributes mapped from params
* @throws PepException if there is no <code>JavObjectMapper</code> configured for the objects
* passed into the factory.
* @see JavaObjectMapper
*/
public PepRequest newPepRequest(
Object subjectObj, Object actionObj, Object resourceObj, Object environmentObj)
throws PepException {
if (log.isTraceEnabled()) log.trace("\n\tBegin creation of Mapper-based PepRequest");
PepRequest request = this.newPEPRequest(PepRequestOperation.DECIDE);
request.setAccessSubject(subjectObj);
request.setResourceAction(resourceObj, actionObj);
request.setEnvironment(environmentObj);
if (log.isTraceEnabled()) log.trace("\n\tCompleted creation of Mapper-based PepRequest");
return request;
}
/**
* Create a PepRequest using objects, where a list of n action objects and a corresponding list of
* n resource objects are provided to represent n resource-action pairs. A decision for each
* resource-action pair will be returned, when PepRequest.decide() is invoked.
*
* @param subjectObj Object representing the Subject ex: javax.auth.security.Subject
* @param actionObjects a list of length n, of actionObj Objects representing the Actions ex:
* String (read)
* @param resourceObjects a list of length n, of resourceObj Objects representing the Resources
* ex: String (file) or File
* @param environmentObj Object representing the Environment ex: Map containing attributes name
* and values
* @return a PepRequest populated with mapped Attributes
* @throws PepException
*/
public PepRequest newBulkPepRequest(
Object subjectObj, List actionObjects, List resourceObjects, Object environmentObj)
throws PepException {
if (log.isTraceEnabled()) log.trace("\n\tBegin creation of Bulk Mapper-based PepRequest");
PepRequest request = (PepRequestImpl) this.newPEPRequest(PepRequestOperation.BULK_DECIDE);
request.setAccessSubject(subjectObj);
// This sets up the correlations
request.setBulkResourceActions(resourceObjects, actionObjects);
request.setEnvironment(environmentObj);
if (log.isTraceEnabled()) log.trace("\n\tCompleted creation of Mapper-based PepRequest");
return request;
}
/**
* Create a PepRequest using subject and environment objects, plus a "scope" String that
* represents a PDP policy-specific resource representation.
*
* <p>When the PepRequest.decide() method is invoked, based on queryType it will return either
*
* <pre>
* - a list of Allowed ResourceAction pairs within scope
* - a list of Denied ResourceAction pairs within scope
* - or a list of full detailed results for all
* ResourceAction pairs within scope
* </pre>
*
* @param subjectObj
* @param environmentObj
* @param scope a string containing a PDP policy-specific resource representation
* @param queryType an enum containing a choice of allowed, denied, or full/verbose
* @return a PepRequest populated with info mapper from the params
* @throws PepException
*/
public PepRequest newQueryPepRequest(
Object subjectObj, Object environmentObj, String scope, PepRequestQueryType queryType)
throws PepException {
PepRequest request =
(PepRequestImpl)
this.newPEPRequest(
queryType == PepRequestQueryType.VERBOSE
? PepRequestOperation.QUERY_VERBOSE
: PepRequestOperation.QUERY);
request.setAccessSubject(subjectObj);
request.setEnvironment(environmentObj);
request.setScope(scope);
if (queryType != PepRequestQueryType.VERBOSE) {
// Set to true if allowed results requested,
// otherwise false.
request.setQueryReturnAllowed(
queryType.equals(PepRequestQueryType.RETURN_ONLY_ALLOWED_RESULTS));
}
return request;
}