test

Sun Java System Access Manager 7.1 Developer's Guide

ProxyPolicyEvaluator Class

com.sun.identity.policy.ProxyPolicyEvaluator allows a privileged user (top-level administrator, organization administrator, policy administrator, or organization policy administrator) to get policy privileges and evaluate policy decisions for any user in their respective scope of administration. com.sun.identity.policy.ProxyPolicyEvaluatorFactory is the singleton class used to get ProxyPolicyEvaluator instances.

Example 3–1 Public Methods For ProxyPolicyEvaluator


    /**
     * Evaluates a simple privilege of boolean type. The privilege
     * indicates if the user identified by the principalName
     * can perform specified action on the specified resource.
     *
     * @param principalName principal name for whom to
     * compute the privilege.
     * @param resourceName name of the resource
     * for which to compute policy result.
     * @param actionName name of the action the user is trying to
     * perform on the resource
     * @param env run time environment parameters
     *
     * @return the result of the evaluation as a boolean value
     *
     * @throws PolicyException exception form policy framework
     * @throws SSOException if sso token is invalid
     *
     */
    public boolean isAllowed(String principalName, String resourceName,
        String actionName, Map env) throws PolicyException, SSOException;

    /**
     * Gets policy decision for the user identified by the
     * principalName for the given resource
     *
     * @param principalName principal name for whom to compute the
     * policy decision
     * @param resourceName name of the resource for which to
     * compute policy decision
     * @param env run time environment parameters
     *
     * @return the policy decision for the principal for the given
     * resource
     * @throws PolicyException exception form policy framework
     * @throws SSOException if sso token is invalid
     *
     */
    public PolicyDecision getPolicyDecision(String principalName,
        String resourceName, Map env)
        throws PolicyException, SSOException;

    /**
     * Gets protected resources for a user identified by the
     * principalName. Conditions defined in the policies
     * are ignored while computing protected resources.
     * Only resources that are  subresources of the  given
     * rootResource or equal to the  given rootResource would
     * be returned.
     * If all policies applicable to a resource are
     * only referral policies, no ProtectedResource would be
     * returned for such a resource.
     * @param principalName principal name for whom
     * to compute the privilege.
     * @param rootResource  only resources that are subresources
     * of the given rootResource or equal to the  given
     * rootResource would be returned. If
     * <code>PolicyEvaluator.ALL_RESOURCES</code>
     * is passed as rootResource, resources under
     * all root  resources of the service
     * type are considered while computing protected
     * resources.
     *
     * @return set of protected resources. The set contains
     * ProtectedResource objects.
     *
     * @throws PolicyException exception form policy framework
     * @throws SSOException if sso token is invalid
     * @see ProtectedResource
     *
     */
    public Set getProtectedResourcesIgnoreConditions(String principalName,
        String rootResource)  throws PolicyException, SSOException