SQL queries

SQL queries to retrieve attributes from SQL datasources are passed as is to the SQL database driver. Therefore, the author of the query is responsible for using the syntax specific to the SQL dialect supported by the datasource.

In order to query for the value of a target attribute, the Attribute Connector will in most cases need to make use of the value of other attributes from the evaluation context. These values can come either from the request itself or from another attribute connector.

The author can refer to these attribute values by using the ? symbol as a placeholder in the SQL query. For example, a SQL search can look for a username in the directory given the userid value.

SELECT name FROM tbl_user WHERE id=?

A ? placeholder needs to be associated with an XACML attribute, from where it will get its value.

Associations are defined by the key elements in the configuration. The association of the placeholders is positional, in that the first placeholder will be replaced by the value of the first key attribute. The association also needs to specify the corresponding SQL datatype of the key attribute as described here.

Key values

An attribute passed to the SQL Attribute Finder in runtime as a key to lookup another attribute can either contain no key value (an empty set), a single key value, or multiple key values. In cases where

• No key value is given - the Attribute Finder will return empty set

• A single key value is given - the Attribute Finder runs the query and returns the retrieved data

• Multiple key values are given - the Attribute Finder runs the query multiple times, iterating over the set of key values and collects the full set of all the values returned for each query