@Override
public void executePolicy(String policyStatement, Errors.Collector collector, ProviderRequest request) {
StandardELContext context = new StandardELContext(ef);
context.addELResolver(ATTRIBUTE_RESOLVER);
FunctionMapper functions = context.getFunctionMapper();
VariableMapper variables = context.getVariableMapper();
customMethods.forEach(customFunction -> functions.mapFunction(customFunction.prefix,
customFunction.localName,
customFunction.method));
Subject userSubject = request.getSubject().orElse(SecurityContext.ANONYMOUS);
variable(variables, "user", userSubject, Subject.class);
variable(variables, "subject", userSubject, Subject.class);
variable(variables, "service", request.getService().orElse(SecurityContext.ANONYMOUS), Subject.class);
variable(variables, "env", request.getEnv(), SecurityEnvironment.class);
variable(variables, "object", request.getObject().orElse(null), Object.class);
variable(variables, "request", request, ProviderRequest.class);
try {
ValueExpression expression = ef.createValueExpression(context, policyStatement, boolean.class);
boolean value = (boolean) expression.getValue(context);
if (!value) {
collector.fatal(this, "Policy statement \"" + policyStatement + "\" evaluated to false");
}
} catch (Exception e) {
collector.fatal(this,
"Policy statement \"" + policyStatement + "\" evaluated to an exception " + e.getClass()
.getName() + " with message: " + e.getMessage());
LOGGER.log(Level.FINEST, e, () -> "Statement " + policyStatement + " evaluation failed");
}
}