ProxyPolicyEvaluator (OpenSSO Public API)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.sun.identity.policy
Class ProxyPolicyEvaluator

java.lang.Object
  com.sun.identity.policy.ProxyPolicyEvaluator

public class ProxyPolicyEvaluator
extends Object
extends Object

Class that lets a priviliged user to compute policy results for another user. Only privileged users can get ProxyPolicyEvaluator - only top level administrator, realm level policy administrator, realm administrator or realm policy administrator can get ProxyPolicyEvaluator. Top level administrator can compute policy results for any user. Realm administrator or policy administrator can compute policy results only for users who are members of the realm (including sub realm) that they manage. If they try to compute policys result for any other user, they would get a PolicyException. This class can be used only within the web container running policy server.

Method Summary
`PolicyDecision`	`getPolicyDecision(String principalName, String resourceName, Map env)` Gets policy decision for the user identified by the `principalName` for the given resource
`PolicyDecision`	`getPolicyDecision(String principalName, String realm, String resourceName, Map env)` Gets policy decision for the user identified by the `principalName` for the given resource
`PolicyDecision`	`getPolicyDecisionIgnoreSubjects(String resourceName, Set actionNames, Map env)` Gets policy decision for a resource, skipping subject evaluation.
`Set`	`getProtectedResourcesIgnoreConditions(String principalName, String rootResource)` Gets protected resources for a user identified by the `principalName`.
`Set`	`getProtectedResourcesIgnoreConditions(String principalName, String realm, String rootResource)` Gets protected resources for a user identified by the `principalName`.
`boolean`	`isAllowed(String principalName, String resourceName, String actionName, Map env)` Evaluates a simple privilege of boolean type.
`boolean`	`isAllowed(String principalName, String realm, String resourceName, String actionName, Map env)` Evaluates a simple privilege of boolean type.

Method Detail

isAllowed

public boolean isAllowed(String principalName,
                         String realm,
                         String resourceName,
                         String actionName,
                         Map env)
                  throws PolicyException,
                         SSOException

Evaluates a simple privilege of boolean type. The privilege indicates if the user identified by the principalName can perform specified action on the specified resource.

Parameters:: principalName - principal name for whom to compute the privilege.; realm - realm of the user principal "/" separated format; resourceName - name of the resource for which to compute policy result.; actionName - name of the action the user is trying to perform on the resource; env - run time environment parameters
Returns:: the result of the evaluation as a boolean value
Throws:: PolicyException - exception form policy framework; SSOException - if single sign on token is invalid

isAllowed

public boolean isAllowed(String principalName,
                         String resourceName,
                         String actionName,
                         Map env)
                  throws PolicyException,
                         SSOException

Evaluates a simple privilege of boolean type. The privilege indicates if the user identified by the principalName can perform specified action on the specified resource.

Parameters:: principalName - principal name for whom to compute the privilege.; resourceName - name of the resource for which to compute policy result.; actionName - name of the action the user is trying to perform on the resource; env - run time environment parameters
Returns:: the result of the evaluation as a boolean value
Throws:: PolicyException - exception form policy framework; SSOException - if single sign on token is invalid

getPolicyDecision

public PolicyDecision getPolicyDecision(String principalName,
                                        String realm,
                                        String resourceName,
                                        Map env)
                                 throws PolicyException,
                                        SSOException

Gets policy decision for the user identified by the principalName for the given resource

Parameters:: principalName - principal name for whom to compute the policy decision; realm - realm of the user principal "/" separated format; resourceName - name of the resource for which to compute policy decision; env - run time environment parameters
Returns:: the policy decision for the principal for the given resource
Throws:: PolicyException - exception form policy framework; SSOException - if single sign on token is invalid

getPolicyDecision

public PolicyDecision getPolicyDecision(String principalName,
                                        String resourceName,
                                        Map env)
                                 throws PolicyException,
                                        SSOException

Gets policy decision for the user identified by the principalName for the given resource

Parameters:: principalName - principal name for whom to compute the policy decision; resourceName - name of the resource for which to compute policy decision; env - run time environment parameters
Returns:: the policy decision for the principal for the given resource
Throws:: PolicyException - exception form policy framework; SSOException - if single sign on token is invalid

getPolicyDecisionIgnoreSubjects

public PolicyDecision getPolicyDecisionIgnoreSubjects(String resourceName,
                                                      Set actionNames,
                                                      Map env)
                                               throws PolicyException,
                                                      SSOException

Gets policy decision for a resource, skipping subject evaluation. Conditions would be evaluated and would include applicable advices in policy decisions. Hence, you could get details such as AuthLevel, AuthScheme that would be required to access the resource.

Parameters:: resourceName - name of the resource for which to compute policy decision; actionNames - names of the actions the user is trying to perform on the resource; env - run time environment parameters
Returns:: the policy decision for the principal for the given resource
Throws:: PolicyException - exception form policy framework; SSOException - if single sign on token is invalid

getProtectedResourcesIgnoreConditions

public Set getProtectedResourcesIgnoreConditions(String principalName,
                                                 String rootResource)
                                          throws PolicyException,
                                                 SSOException

Gets protected resources for a user identified by the principalName. Conditions defined in the policies are ignored while computing protected resources. Only resources that are sub resources of the given rootResource or equal to the given rootResource would be returned. If all policies applicable to a resource are only referral policies, no ProtectedResource would be returned for such a resource.

Parameters:: principalName - principal name for whom to compute the privilege.; rootResource - only resources that are sub resources of the given rootResource or equal to the given rootResource would be returned. If PolicyEvaluator.ALL_RESOURCES is passed as rootResource, resources under all root resources of the service type are considered while computing protected resources.
Returns:: set of protected resources. The set contains ProtectedResource objects.
Throws:: PolicyException - exception form policy framework; SSOException - if single sign on token is invalid
See Also:: ProtectedResource

getProtectedResourcesIgnoreConditions

public Set getProtectedResourcesIgnoreConditions(String principalName,
                                                 String realm,
                                                 String rootResource)
                                          throws PolicyException,
                                                 SSOException

Parameters:: principalName - principal name for whom to compute the privilege.; realm - realm of the user principal "/" separated format; rootResource - only resources that are sub resources of the given rootResource or equal to the given rootResource would be returned. If PolicyEvaluator.ALL_RESOURCES is passed as rootResource, resources under all root resources of the service type are considered while computing protected resources.
Returns:: set of protected resources. The set contains ProtectedResource objects.
Throws:: PolicyException - exception form policy framework; SSOException - if single sign on token is invalid
See Also:: ProtectedResource

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.sun.identity.policy Class ProxyPolicyEvaluator

isAllowed

isAllowed

getPolicyDecision

getPolicyDecision

getPolicyDecisionIgnoreSubjects

getProtectedResourcesIgnoreConditions

getProtectedResourcesIgnoreConditions

com.sun.identity.policy
Class ProxyPolicyEvaluator