com.sun.identity.policy.client
Class PolicyEvaluator
java.lang.Object
|
+--com.sun.identity.policy.client.PolicyEvaluator
- public class PolicyEvaluator
- extends java.lang.Object
The class PolicyEvaluator
evaluates policies
and provides policy decisions.
This is a remote policy evaluator. It is usually used when
the caller doesn't have direct access to the directory server
of the Identity Server. This API uses XML/HTTP protocol to
communicate with the Policy Framework on the Identity Server.
The API has the capability of caching the policy decisions.
The cache is updated through policy change notifications and
polling.
Constructor Summary |
PolicyEvaluator(java.lang.String serviceName)
Creates an instance of remote policy evaluator object |
Method Summary |
PolicyDecision |
getPolicyDecision(SSOToken token,
java.lang.String resourceName,
java.util.Set actionNames,
java.util.Map envParameters)
Evaluates privileges of the user to perform the specified actions
the the specified resource. |
boolean |
isAllowed(SSOToken token,
java.lang.String resourceName,
java.lang.String actionName,
java.util.Map envParameters)
Evaluates simple privileges of boolean type. |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
PolicyEvaluator
public PolicyEvaluator(java.lang.String serviceName)
throws PolicyException,
SSOException
- Creates an instance of remote policy evaluator object
- Parameters:
serviceName
- policy service name- Throws:
PolicyException
- if required properties cannot be retrieved.SSOException
- if application single-sign-on token is invalid
isAllowed
public boolean isAllowed(SSOToken token,
java.lang.String resourceName,
java.lang.String actionName,
java.util.Map envParameters)
throws PolicyException,
SSOException
- Evaluates simple privileges of boolean type. The privilege indicates
if the user can perform specified action on the specified resource.
The evaluation depends on user's application environment parameters.
- Parameters:
token
- single sign on token of the user evaluating policies.resourceName
- name of the resource the user is trying to accessactionName
- name of the action the user is trying to perform on
the resourceenvParameters
- run-time environment parameters- Returns:
- the result of the evaluation as a boolean value
- Throws:
PolicyException
- if result could not be computed for
reason other than single sign on token problem.SSOException
- if single sign on token is invalid or expired
getPolicyDecision
public PolicyDecision getPolicyDecision(SSOToken token,
java.lang.String resourceName,
java.util.Set actionNames,
java.util.Map envParameters)
throws PolicyException,
SSOException
- Evaluates privileges of the user to perform the specified actions
the the specified resource. The evaluation depends on user's
application environment parameters.
- Parameters:
token
- single sign on token of the user evaluating policies.resourceName
- name of the resource the user is trying to access.actionNames
- Set of action names the user is trying to perform on
the resource.envParameters
- run-time environment parameters- Returns:
- policy decision
- Throws:
PolicyException
- if result could not be computed for any
reason other than single sign on token problem.SSOException
- if single sign on token is invalid or expired.