Is there a way to set the XPathVersion that came from Request Defaults ? And couple of question about PIP #85
-
|
Hi. There are 3 questions that cause difficulties. I set all parameters for evaluation via api (like Bags.singletonAttributeBag etc... not from jaxb Request). In this case. Is there a way to set the XPathVersion that came from Request Defaults ? I also implemented my own attribute provider, but I also couldn't find a way to insert the content that came from PIP into the context, is it possible ? And the last one. Can an attribute from PIP have includeInResult=true? Is there a way to return it after executing the request ? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
Yes, when you instantiate the XPathCompilerProxy to be passed as argument to the XPathValue constructor, you can set the XPath version. The easy way is to instantiate it with final DecisionRequestBuilder<?> reqBuilder = pdpEngine.newRequestBuilder(-1, -1);
// Create the XPath compiler according to the XPath version you want (as would be set in RequestDefaults)
// If you need to use custom XML namespace prefixes in your XPath expressions, you need to pass the prefix-to-URI declarations (Map<String, String>) to the XPath compiler, as done below using §4.4.2 of XACML spec as example.
final Map<String, String> customXmlNamespacePrefixToUriDeclarations = Map.of("md","urn:example:med:schemas:record");
// Create the XPath compiler for AuthzForce API (i.e. Authzforce proxy for SAXON XPath compiler). Replace 'XPathVersion.V2_0' with 'XPathVersion.V1_0' as first argument, if you are using XPath 1.0 expressions instead of 2.0.
final XPathCompilerProxy xPathCompiler = new BasicImmutableXPathCompilerProxy(XPathVersion.V2_0, customXmlNamespacePrefixToUriDeclarations);
// For each xpathExpression attribute, create the XPathValue (i.e. the Authzforce API equivalent of xpathExpression AttributeValue) using the XPath compiler created previously
final XPathValue xpathAttValue = new XPathValue("/md:record/md:patient/md:patientDoB", Map.of(XPathValue.XPATH_CATEGORY_ATTRIBUTE_QNAME, "urn:oasis:names:tc:xacml:3.0:attribute-category:resource"), xPathCompiler);
reqBuilder.putNamedAttributeIfAbsent(AttributeFqns.newInstance("urn:oasis:names:tc:xacml:3.0:attribute-category:resource", Optional.empty(), "urn:oasis:names:tc:xacml:3.0:content-selector"), Bags.singletonAttributeBag(StandardDatatypes.XPATH, xpathAttValue ));
// other attributes, etc.
Your attribute provider is called by the PDP when an AttributeDesignator is evaluated and designates an attribute that your provider supports, and only if this attribute is still missing from the request context. Once your attribute provider has been called by the PDP and it has returned the attribute value bag successfully, this bag is automatically saved by the PDP to the request context as new attribute value (
I'm afraid includeInResult=true is only for Request attributes in the XACML spec, i.e. attributes from the Request initially received by the PDP. If you need to return extra attributes in the final Result, you can use AttributeAssignments in an Obligation or Advice. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks three times. As part of the second question, i.e. can we put content right in the bag? I mean content that can be defined as any inside an attribute (xacml:Content) ? |
Beta Was this translation helpful? Give feedback.
-
|
In order to allow |
Beta Was this translation helpful? Give feedback.
Yes, when you instantiate the XPathCompilerProxy to be passed as argument to the XPathValue constructor, you can set the XPath version. The easy way is to instantiate it with
BasicImmutableXPathCompilerProxyclass constructor, which takes a XPathVersion argument. Then you can reuse it for each XPathValue (xpathExpression attribute) you create. Here is an example: