public class ConditionEnforcementFilter extends Object implements Filter
ConditionEnforcementFilter
makes sure that the handled Request
verifies
a condition. If the condition is verified, the chain of execution continues.
If the condition is not verified, it returns a 403 Forbidden response by default,
that actually stops the chain or could refers to a failure handler.
Configuration options:
{
"condition" : expression, [REQUIRED]
"failureHandler : handler [OPTIONAL - default to 403]
}
For example:
{
"type": "ConditionEnforcementFilter",
"config": {
"condition" : "${not empty(attributes.myAttribute)}",
"failureHandler" : "ConditionFailed"
}
}
Modifier and Type | Class and Description |
---|---|
static class |
ConditionEnforcementFilter.Heaplet
Creates and initializes an ConditionEnforcementFilter in a heap environment.
|
Constructor and Description |
---|
ConditionEnforcementFilter(Expression<Boolean> condition)
Creates a new
ConditionEnforcementFilter . |
ConditionEnforcementFilter(Expression<Boolean> condition,
Handler failureHandler)
Creates a new
ConditionEnforcementFilter . |
Modifier and Type | Method and Description |
---|---|
Promise<Response,NeverThrowsException> |
filter(Context context,
Request request,
Handler next)
Filters the request and/or response of an exchange.
|
public ConditionEnforcementFilter(Expression<Boolean> condition)
ConditionEnforcementFilter
. If the condition fails,
default Handlers.FORBIDDEN
will be used.condition
- Expression
that needs to evaluates to true
to continue the chain of execution.public ConditionEnforcementFilter(Expression<Boolean> condition, Handler failureHandler)
ConditionEnforcementFilter
.condition
- Expression
that needs to evaluates to true
to continue the chain of execution.failureHandler
- The handler which will be invoked when condition fails.public Promise<Response,NeverThrowsException> filter(Context context, Request request, Handler next)
Filter
next.handle(context, request)
.
This method may elect not to pass the request to the next filter or
handler, and instead handle the request itself. It can achieve this by
merely avoiding a call to next.handle(context, request)
and creating its own response object. The filter is also at liberty to
replace a response with another of its own by intercepting the response
returned by the next handler.
Copyright 2011-2017 ForgeRock AS.