|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.sun.identity.policy.PolicyEvaluator
The class PolicyEvaluator
evaluates policies
and provides policy decisions.
Field Summary | |
static java.lang.String |
ALL_RESOURCES
Constant used to identity all the resources of a service type. |
static java.lang.String |
EMPTY_RESOURCE_NAME
Constant used to identity empty resource |
Constructor Summary | |
PolicyEvaluator(java.lang.String serviceTypeName)
Constructor to create a PolicyEvaluator given the service
type name. |
Method Summary | |
void |
addPolicyListener(PolicyListener policyListener)
Adds a policy listener that would be notified whenever a policy is added, removed or changed |
PolicyDecision |
getPolicyDecision(SSOToken token,
java.lang.String resourceName,
java.util.Set actionNames,
java.util.Map envParameters)
Evaluates privileges of the user to perform the specified actions the the specified resource. |
java.util.Set |
getProtectedResourcesIgnoreConditions(SSOToken token,
java.lang.String rootResource)
Gets protected resources for a user identified by single sign on token Conditions defined in the policies are ignored while computing protected resources. |
ResourceResult |
getResourceResult(SSOToken token,
java.lang.String resourceName,
java.lang.String scope,
java.util.Map envParameters)
Deprecated. Use getResourceResults() |
java.util.Set |
getResourceResults(SSOToken token,
java.lang.String resourceName,
java.lang.String scope,
java.util.Map envParameters)
Gets resource result objects given a resource name. |
boolean |
isAllowed(SSOToken token,
java.lang.String resourceName,
java.lang.String actionName,
java.util.Map envParameters)
Evaluates simple privileges of boolean type. |
void |
removePolicyListener(PolicyListener policyListener)
Removes a policy listener that was previously registered to receive notifications whenever a policy is added, removed or changed. |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
public static final java.lang.String ALL_RESOURCES
public static final java.lang.String EMPTY_RESOURCE_NAME
Constructor Detail |
public PolicyEvaluator(java.lang.String serviceTypeName) throws SSOException, NameNotFoundException, PolicyException
PolicyEvaluator
given the service
type name.serviceTypeName
- the name of the service type for which this
evaluator can be used forSSOException
- if SSOToken
used by
PolicyEvaluator
is invalidNameNotFoundException
- if the service with name
serviceTypeName
is not foundPolicyException
- for any other abnormal conditionMethod Detail |
public boolean isAllowed(SSOToken token, java.lang.String resourceName, java.lang.String actionName, java.util.Map envParameters) throws SSOException, PolicyException
PolicyException
,
if the syntax for the actionName
is not declared to be
boolean, in the service schema.token
- single sign on token of the user evaluating policiesresourceName
- name of the resource the user is trying to accessactionName
- name of the action the user is trying to perform on
the resourceenvParameters
- run-time environment parametersSSOException
- single-sign-on token invalid or expiredPolicyException
- for any other abnormal conditionpublic PolicyDecision getPolicyDecision(SSOToken token, java.lang.String resourceName, java.util.Set actionNames, java.util.Map envParameters) throws SSOException, PolicyException
token
- single sign on token of the user evaluating policiesresourceName
- name of the resource the user is trying to accessactionNames
- name of the action the user is trying to perform on
the resourceenvParameters
- run-time environment parametersSSOException
- single-sign-on token invalid or expiredPolicyException
- for any other abnormal conditionpublic java.util.Set getProtectedResourcesIgnoreConditions(SSOToken token, java.lang.String rootResource) throws SSOException, PolicyException
rootResource
or equal to the given rootResource
would be returned.
If all policies applicable to a resource are
only referral policies, no ProtectedResource
would be
returned for such a resource.token
- single sign on token of the userrootResource
- only resources that are sub resources of the
given rootResource
or equal to the
given rootResource
would be returned
rootResource
would be returned.
If PolicyEvaluator.ALL_RESOURCES
is
passed as rootResource
, resources under
all root resources of the service
type are considered while computing protected
resources.ProtectedResource
objects.SSOException
- if single sign on token is invalidPolicyException
- for any other abnormal conditionProtectedResource
public java.util.Set getResourceResults(SSOToken token, java.lang.String resourceName, java.lang.String scope, java.util.Map envParameters) throws SSOException, PolicyException
ResourceResult
objects for all resources
that would affect policy decisions for any resource associated with the
argument resource name. To determine whether to include the
ResourceResult
of a resource, we compare argument resource
name and policy resource name, treating wild characters in the policy
resource name as wild. If the comparison resulted in
EXACT_MATCH
, WILD_CARD_MACTH
or
SUB_RESOURCE_MACTH
, the resource result would be
included.token
- single sign on token of the user evaluating policiesresourceName
- name of the resourcescope
- indicates whether to compute the resource result based on
the policy decision for only the resourceName
or all the resources associated with the resource name.
The valid scope values are:
ResourceResult.SUBTREE_SCOPE
ResourceResult.STRICT_SUBTREE_SCOPE
ResourceResult.SELF_SCOPE
ResourceResult.SUBTREE_SCOPE
,
the method will return a set of ResourceResult
objects, one of them for the resourceName
and
its sub resources; the others are for resources that match
the resourceName
by wildcard. If the scope is
ResourceResult.STRICT_SUBTREE_SCOPE
, the
method will return a set object that contains one
ResourceResult
object. The
ResourceResult
contains the policy decisions
regarding the resourceName
and its sub
resources. If the scope is
ResourceResult.SELF_SCOPE
, the method will
return a set object that contains one
ResourceResult
object.
The ResourceResult
contains the policy decision
regarding the resourceName
only.envParameters
- run-time environment parametersResourceResult
objectsSSOException
- if token
is invalidPolicyException
- for any other abnormal conditionResourceMatch.EXACT_MATCH
,
ResourceMatch.SUB_RESOURCE_MATCH
,
ResourceMatch.WILDCARD_MATCH
,
ResourceResult.SUBTREE_SCOPE
,
ResourceResult.STRICT_SUBTREE_SCOPE
,
ResourceResult.SELF_SCOPE
public ResourceResult getResourceResult(SSOToken token, java.lang.String resourceName, java.lang.String scope, java.util.Map envParameters) throws SSOException, PolicyException
getResourceResults()
ResourceResult
is a tree representation of policy decisions for all resources rooted
at the resource name.
To determine whether a resource defined in the policy
is a sub resource of argument resource name, argument resource name
and policy resource name are compared, treating wild characters as
literals. If comparison resulted in EXACT_MACTH
or
SUB_RESOURCE_MACTH
, the resource would be includedtoken
- single sign on token of the user evaluating policiesresourceName
- name of the resourcescope
- indicates whether to compute the resource result based on
the policy decision for only the resourceName
or all the resources associated with the resource name.
The valid scope values are:
ResourceResult.SUBTREE_SCOPE
ResourceResult.STRICT_SUBTREE_SCOPE
ResourceResult.SELF_SCOPE
ResourceResult.SUBTREE_SCOPE
or
ResourceResult.STRICT_SUBTREE_SCOPE
, the method
will return a ResourceResult
object that
contains the policy decisions regarding the
resourceName
and its sub resources.
If the scope is ResourceResult.SELF_SCOPE
, the
method will return a ResourceResult
object that
contains the policy decision regarding the
resourceName
only. Note, scope values
ResourceResult.SUBTREE_SCOPE
and
ResourceResult.STRICT_SUBTREE_SCOPE
are being
treated as the same for backword compatibility reasons. This
method is being deprecated. The method
getResourceResults()
should be used instead.envParameters
- run-time environment parametersResourceResult
.SSOException
- if token
is invalidPolicyException
- for any other abnormal conditionResourceMatch.EXACT_MATCH
,
ResourceMatch.SUB_RESOURCE_MATCH
,
ResourceMatch.WILDCARD_MATCH
,
ResourceResult.SUBTREE_SCOPE
,
ResourceResult.STRICT_SUBTREE_SCOPE
,
ResourceResult.SELF_SCOPE
public void addPolicyListener(PolicyListener policyListener)
policyListener
- the listener to be addedpublic void removePolicyListener(PolicyListener policyListener)
policyListener
- the listener to be removed
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |