Package org.apache.cxf.rt.security.saml.xacml2

Class DefaultXACMLRequestBuilder

  • All Implemented Interfaces:
    XACMLRequestBuilder
    public class DefaultXACMLRequestBuilder
extends Object
implements XACMLRequestBuilder
    This class constructs an XACML 2.0 Request given a Principal, list of roles and MessageContext, following the SAML 2.0 profile of XACML 2.0. The principal name is inserted as the Subject ID, and the list of roles associated with that principal are inserted as Subject roles. The current DateTime is also sent in an Environment, however this can be disabled via configuration. For a SOAP Service, the resource-id Attribute refers to the "{serviceNamespace}serviceName#{operationNamespace}operationName" String (shortened to "{serviceNamespace}serviceName#operationName" if the namespaces are identical). The "{serviceNamespace}serviceName", "{operationNamespace}operationName" and resource URI are also sent to simplify processing at the PDP side. The action to send defaults to "execute". For a REST service the request URL is the resource. You can also configure the ability to send the truncated request URI instead for a SOAP or REST service. The action to send defaults to the HTTP verb.

    • Constructor Detail

      • DefaultXACMLRequestBuilder

        public DefaultXACMLRequestBuilder()

    • Method Detail

      • createRequest

        public org.opensaml.xacml.ctx.RequestType createRequest​(Principal principal,
                                                        List<String> roles,
                                                        org.apache.cxf.message.Message message)
                                                 throws Exception
        Create an XACML Request given a Principal, list of roles and Message.
        Specified by:
        createRequest in interface XACMLRequestBuilder
        Parameters:
        principal - The principal to insert into the Subject of the Request
        roles - The list of roles associated with the principal
        message - The Message from which to retrieve the resource
        Returns:
        An OpenSAML RequestType object
        Throws:
        Exception

      • setAction

        public void setAction​(String action)
        Set a new Action String to use

      • setSendDateTime

        public void setSendDateTime​(boolean sendDateTime)

      • setSendFullRequestURL

        public void setSendFullRequestURL​(boolean sendFullRequestURL)
        Whether to send the full Request URL as the resource or not. If set to true, the full Request URL will be sent for both a JAX-WS and JAX-RS service. If set to false (the default), a JAX-WS service will send the "{namespace}operation" QName, and a JAX-RS service will send the RequestURI (i.e. minus the initial https: prefix).