com.sun.identity.policy.ProxyPolicyEvaluator allows a privileged user (top-level administrator, organization administrator, policy administrator, or organization policy administrator) to get policy privileges and evaluate policy decisions for any user in their respective scope of administration. com.sun.identity.policy.ProxyPolicyEvaluatorFactory is the singleton class used to get ProxyPolicyEvaluator instances.
/** * Evaluates a simple privilege of boolean type. The privilege * indicates if the user identified by the principalName * can perform specified action on the specified resource. * * @param principalName principal name for whom to * compute the privilege. * @param resourceName name of the resource * for which to compute policy result. * @param actionName name of the action the user is trying to * perform on the resource * @param env run time environment parameters * * @return the result of the evaluation as a boolean value * * @throws PolicyException exception form policy framework * @throws SSOException if sso token is invalid * */ public boolean isAllowed(String principalName, String resourceName, String actionName, Map env) throws PolicyException, SSOException; /** * Gets policy decision for the user identified by the * principalName for the given resource * * @param principalName principal name for whom to compute the * policy decision * @param resourceName name of the resource for which to * compute policy decision * @param env run time environment parameters * * @return the policy decision for the principal for the given * resource * @throws PolicyException exception form policy framework * @throws SSOException if sso token is invalid * */ public PolicyDecision getPolicyDecision(String principalName, String resourceName, Map env) throws PolicyException, SSOException; /** * Gets protected resources for a user identified by the * principalName. Conditions defined in the policies * are ignored while computing protected resources. * Only resources that are subresources of the given * rootResource or equal to the given rootResource would * be returned. * If all policies applicable to a resource are * only referral policies, no ProtectedResource would be * returned for such a resource. * @param principalName principal name for whom * to compute the privilege. * @param rootResource only resources that are subresources * of the given rootResource or equal to the given * rootResource would be returned. If * <code>PolicyEvaluator.ALL_RESOURCES</code> * is passed as rootResource, resources under * all root resources of the service * type are considered while computing protected * resources. * * @return set of protected resources. The set contains * ProtectedResource objects. * * @throws PolicyException exception form policy framework * @throws SSOException if sso token is invalid * @see ProtectedResource * */ public Set getProtectedResourcesIgnoreConditions(String principalName, String rootResource) throws PolicyException, SSOException |