Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.sun.identity.policy
Class Policy

java.lang.Object
  extended bycom.sun.identity.policy.Policy
All Implemented Interfaces:
java.lang.Cloneable
public class Policy
extends java.lang.Object
implements java.lang.Cloneable

The class Policy represents a policy definition. A policy contains a set of rules associated with a collection of users and conditions. The policy object is saved in the data store only when the store method of the policy is called, or if the methods addPolicy or replacePolicy of PolicyManager instance is invoked with this policy. The policy object is accessible to policy evaluation and enforcement points only after it is saved in data store.

Constructor Summary
Policy(java.lang.String policyName)
          Constructs a policy given the policy name.
Policy(java.lang.String policyName, java.lang.String description)
          Constructs a policy given the policy name and description.
Policy(java.lang.String policyName, java.lang.String description, boolean referralPolicy)
          Constructs a policy given the policy name,description.
Policy(java.lang.String policyName, java.lang.String description, boolean referralPolicy, boolean active)
          Constructs a policy given the policy name , description.
 
Method Summary
 void addCondition(java.lang.String name, Condition condition)
          Adds a new policy condition.
 void addRealmSubject(SSOToken token, java.lang.String subjectName, java.lang.String realmName, boolean exclusive)
          Adds a reference in the policy to a Subject defined at the realm.
 void addRealmSubject(java.lang.String subjectName, SubjectTypeManager stm, boolean exclusive)
          Adds a reference in the policy to a Subject defined at the realm.
 void addReferral(java.lang.String name, Referral referral)
          Adds a new policy referral.
 void addRule(Rule rule)
          Adds a new policy rule.
 void addSubject(java.lang.String name, Subject subject)
          Adds a new policy subject.
 void addSubject(java.lang.String name, Subject subject, boolean exclusive)
          Adds a new policy subject.
 Condition getCondition(java.lang.String condition)
          Gets the condition object identified by name.
 java.util.Set getConditionNames()
          Get the set of condition names associated with the policy.
 java.lang.String getDescription()
          Gets the description for the policy.
 java.lang.String getOrganizationName()
          Gets the organization name under which the policy is created This would be set only for policies that have been read from data store.
 Referral getReferral(java.lang.String referralName)
          Gets the Referral object identified by name.
 java.util.Set getReferralNames()
          Get the set of referral names associated with the policy.
 Rule getRule(java.lang.String ruleName)
          Gets the rule object identified by name.
 java.util.Set getRuleNames()
          Gets the set of rule names associated with the policy.
 Subject getSubject(java.lang.String subjectName)
          Gets the Subject object identified by name.
 java.util.Set getSubjectNames()
          Get the set of subject names associated with the policy.
 boolean isActive()
          Checks whether the policy is active or inactive An inactive policy is not used to make policy evaluations.
 boolean isRealmSubject(java.lang.String subjectName)
          Checks if the subjectName is a reference to a Subject defined at the realm
 boolean isReferralPolicy()
          Checks whether the policy is a referral policy.
 boolean isSubjectExclusive(java.lang.String subjectName)
          Checks if the subject is exclusive.
 void removeCondition(Condition condition)
          Removes the Condition object identified by object's equals method.
 Condition removeCondition(java.lang.String condition)
          Removes the condition with the given name.
 void removeReferral(Referral referral)
          Removes the Referral object identified by object's equals method.
 Referral removeReferral(java.lang.String referralName)
          Removes the referral with the given name.
 Rule removeRule(java.lang.String ruleName)
          Removes the rule with the given name.
 Subject removeSubject(java.lang.String subjectName)
          Removes the subject with the given name.
 void removeSubject(Subject subject)
          Removes the Subject object identified by object's equals method.
 void replaceCondition(java.lang.String name, Condition condition)
          Replaces an existing condition with the same name by the current one.
 void replaceReferral(java.lang.String name, Referral referral)
          Replaces an existing referral with the same name by the current one.
 void replaceRule(Rule rule)
          Replaces an existing rule with the same name by the current one.
 void replaceSubject(java.lang.String name, Subject subject)
          Replaces an existing subject with the same name by the current one.
 void replaceSubject(java.lang.String name, Subject subject, boolean exclusive)
          Replaces an existing subject with the same name by the current one.
 void setActive(boolean active)
          Set the active flag for policy.
 void setDescription(java.lang.String description)
          Sets the description for the policy.
 void setName(java.lang.String policyName)
          Sets the name of the policy.
 void store(SSOToken token, java.lang.String name)
          Stores the policy object in a persistent data store under the organization, sub-organization or a container object, specified as a parameter.
 java.lang.String toString()
          Gets string representation of the policy object.
 java.lang.String toXML()
          Gets the serialized policy in XML
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

Policy

public Policy(java.lang.String policyName)
       throws InvalidNameException
Constructs a policy given the policy name.

Parameters:
policyName - name of the policy
Throws:
InvalidNameException - if policy name is not valid

Policy

public Policy(java.lang.String policyName,
              java.lang.String description)
       throws InvalidNameException
Constructs a policy given the policy name and description.

Parameters:
policyName - name of the policy
description - description for the policy
Throws:
InvalidNameException - if policy name is not valid

Policy

public Policy(java.lang.String policyName,
              java.lang.String description,
              boolean referralPolicy)
       throws InvalidNameException
Constructs a policy given the policy name,description. referralPolicy flag.

Parameters:
policyName - name of the policy
description - description for the policy
referralPolicy - indicates whether the policy is a referral policy or a standard policy. A referral policy is used only to delegate policy definitions to sub/peer organizations. A referral policy does not make use of any action values
Throws:
InvalidNameException - if policy name is not valid

Policy

public Policy(java.lang.String policyName,
              java.lang.String description,
              boolean referralPolicy,
              boolean active)
       throws InvalidNameException
Constructs a policy given the policy name , description. referralPolicy flag, and active flag

Parameters:
policyName - name of the policy
description - description for the policy
referralPolicy - indicates whether the policy is a referral policy or a standard policy.
active - indicates if the policy is active or not. A referral policy is used only to delegate policy definitions to sub/peer organizations. A referral policy does not make use of any action values
Throws:
InvalidNameException - if policy name is not valid
Method Detail

setName

public void setName(java.lang.String policyName)
             throws InvalidNameException
Sets the name of the policy.

Parameters:
policyName - name of the policy.
Throws:
InvalidNameException - if policyName is an invalid name.

getOrganizationName

public java.lang.String getOrganizationName()
Gets the organization name under which the policy is created This would be set only for policies that have been read from data store. Otherwise this would be null

Returns:
the organization name under which the policy is created

getDescription

public java.lang.String getDescription()
Gets the description for the policy. If the description for the policy has not been set the method will return an empty string; not null.

Returns:
description of the policy

setDescription

public void setDescription(java.lang.String description)
                    throws InvalidNameException
Sets the description for the policy.

Parameters:
description - description for the policy
Throws:
InvalidNameException - if the description is invalid

isReferralPolicy

public boolean isReferralPolicy()
Checks whether the policy is a referral policy. A referral policy is used only to delegate policy definitions to sub/peer organizations. A referral policy does not make use of any action values

Returns:
true if this is a referral policy. Otherwise returns false

isActive

public boolean isActive()
Checks whether the policy is active or inactive An inactive policy is not used to make policy evaluations.

Returns:
true if this is an active policy. Otherwise returns false

setActive

public void setActive(boolean active)
Set the active flag for policy. An inactive policy is not used to make policy evaluations.

getRuleNames

public java.util.Set getRuleNames()
Gets the set of rule names associated with the policy.

Returns:
set of rule names

getRule

public Rule getRule(java.lang.String ruleName)
             throws NameNotFoundException
Gets the rule object identified by name.

Parameters:
ruleName - name of rule.
Returns:
rule object.
Throws:
NameNotFoundException - if a rule with the given name does not exist

addRule

public void addRule(Rule rule)
             throws NameAlreadyExistsException,
                    InvalidNameException
Adds a new policy rule.

Parameters:
rule - rule object to be added to the policy
Throws:
NameAlreadyExistsException - a rule with the given name already exists
InvalidNameException - if the rule name is invalid same service name as the policy

replaceRule

public void replaceRule(Rule rule)
                 throws InvalidNameException
Replaces an existing rule with the same name by the current one. If a rule with the same name does not exist, it will be added.

Parameters:
rule - rule that will replace an existing rule with the same name
Throws:
InvalidNameException - if rule name is invalid

removeRule

public Rule removeRule(java.lang.String ruleName)
Removes the rule with the given name.

Parameters:
ruleName - name of the rule
Returns:
returns the rule object being removed; if not present returns null

getSubjectNames

public java.util.Set getSubjectNames()
Get the set of subject names associated with the policy.

Returns:
set of subject names

getSubject

public Subject getSubject(java.lang.String subjectName)
                   throws NameNotFoundException
Gets the Subject object identified by name.

Parameters:
subjectName - name of subject.
Returns:
Subject object
Throws:
NameNotFoundException - if a Subject with the given name does not exist

addSubject

public void addSubject(java.lang.String name,
                       Subject subject)
                throws NameAlreadyExistsException,
                       InvalidNameException
Adds a new policy subject. The subject is added as a normal (non exclusive) subject. So, policy will apply to members of the subject. The policy will apply to a user if he is a member of any normal (non exclusive) subject in the policy or not a member of any exclusive subject subject in the policy.

Parameters:
name - name of the Subject instance
subject - Subject object to be added to the policy
Throws:
NameAlreadyExistsException - if a Subject with the given name already exists
InvalidNameException - if the subject name is invalid

addRealmSubject

public void addRealmSubject(SSOToken token,
                            java.lang.String subjectName,
                            java.lang.String realmName,
                            boolean exclusive)
                     throws NameAlreadyExistsException,
                            InvalidNameException,
                            PolicyException,
                            SSOException
Adds a reference in the policy to a Subject defined at the realm.

Parameters:
token - SSOToken of the user adding the subject
subjectName - name of the Subject as defined at the realm
realmName - name of the realm in which the subject is defined
Throws:
NameAlreadyExistsException - if a Subject with the given name already exists in the policy
InvalidNameException - if the subject name is invalid or the subject is not found at the realm
SSOException - if the SSO token is invalid
PolicyException - if the subject could not be added for any other reason

addRealmSubject

public void addRealmSubject(java.lang.String subjectName,
                            SubjectTypeManager stm,
                            boolean exclusive)
                     throws NameAlreadyExistsException,
                            InvalidNameException,
                            PolicyException,
                            SSOException
Adds a reference in the policy to a Subject defined at the realm.

Parameters:
subjectName - name of the Subject as defined at the realm
stm - SubjectTypeManager of the realm. You have to pass the SubjectTypeManager of realm in which you would save the policy. Trying to save the policy at a different realm would throw PolicyException.
Throws:
NameAlreadyExistsException - if a Subject with the given name already exists in the policy
InvalidNameException - if the subject name is invalid or the subject is not found at the realm
SSOException - if the SSO token is invalid
PolicyException - if the subject could not be added for any other reason

addSubject

public void addSubject(java.lang.String name,
                       Subject subject,
                       boolean exclusive)
                throws NameAlreadyExistsException,
                       InvalidNameException
Adds a new policy subject. The policy will apply to a user if he is a member of any normal (non exclusive) subject in the policy or not a member of any exclusive subject in the policy.

Parameters:
name - name of the Subject instance
subject - Subject object to be added to the policy
exclusive - boolean flag indicating whether the subject is to be exclusive subject. If subject is exclusive, policy applies to users who are not members of the subject. Otherwise, policy applies to members of the subject.
Throws:
NameAlreadyExistsException - if a Subject with the given name already exists
InvalidNameException - if the subject name is invalid

replaceSubject

public void replaceSubject(java.lang.String name,
                           Subject subject)
                    throws NameNotFoundException
Replaces an existing subject with the same name by the current one. If a subject with the same name does not exist, it will be added. The subject is replaced as a normal (non exclusive) subject. So, policy will apply to members of the subject. The policy will apply to a user if he is a member of any normal (non exclusive) subject subject in the policy or not a member of any exclusive subject subject in the policy.

Parameters:
name - name of the Subject instance
subject - Subject that will replace an existing Subject with the same name
Throws:
NameNotFoundException - if a Subject instance with the given name is not present

replaceSubject

public void replaceSubject(java.lang.String name,
                           Subject subject,
                           boolean exclusive)
                    throws NameNotFoundException
Replaces an existing subject with the same name by the current one. If a subject with the same name does not exist, it will be added. The policy will apply to a user if he is a member of any normal (non exclusive) subject in the policy or not a member of any exclusive subject in the policy.

Parameters:
name - name of the Subject instance
subject - Subject that will replace an existing Subject with the same name
exclusive - boolean flag indicating whether the subject is to be exclusive subject. If subject is exclusive, policy applies to users who are not members of the subject. Otherwise, policy applies to members of the subject.
Throws:
NameNotFoundException - if a Subject instance with the given name is not present

removeSubject

public Subject removeSubject(java.lang.String subjectName)
Removes the subject with the given name.

Parameters:
subjectName - name of the Subject
Returns:
returns the Subject object being removed. if not present returns null

removeSubject

public void removeSubject(Subject subject)
Removes the Subject object identified by object's equals method. If a Subject instance does not exist, the method will return silently.

Parameters:
subject - Subject object that will be removed from the user collection

isSubjectExclusive

public boolean isSubjectExclusive(java.lang.String subjectName)
                           throws NameNotFoundException
Checks if the subject is exclusive. If subject is exclusive, policy applies to users who are not members of the subject. Otherwise, policy applies to members of the subject. The policy will apply to a user if he is a member of any normal (non exclusive) subject in the policy or not a member of any exclusive subject in the policy.

Parameters:
subjectName - name of the subject
Returns:
true if the subject is exclusive, false otherwise.
Throws:
NameNotFoundException - if the subject with the given subjectName does not exist in the policy.

isRealmSubject

public boolean isRealmSubject(java.lang.String subjectName)
                       throws NameNotFoundException
Checks if the subjectName is a reference to a Subject defined at the realm

Parameters:
subjectName - name of the subject
Returns:
true if the subject is a reference to a Subject defined at the realm, false otherwise.
Throws:
NameNotFoundException - if the subject with the given subjectName does not exist in the policy.

getReferralNames

public java.util.Set getReferralNames()
Get the set of referral names associated with the policy.

Returns:
set of referral names

getReferral

public Referral getReferral(java.lang.String referralName)
                     throws NameNotFoundException
Gets the Referral object identified by name.

Parameters:
referralName - name of referral.
Returns:
Referral object
Throws:
NameNotFoundException - if a Referral with the given name does not exist

addReferral

public void addReferral(java.lang.String name,
                        Referral referral)
                 throws NameAlreadyExistsException,
                        InvalidNameException
Adds a new policy referral.

Parameters:
name - name of the Referral instance
referral - Referral object to be added to the policy
Throws:
NameAlreadyExistsException - if a Referral with the given name already exists
InvalidNameException - if the referral name is invalid

replaceReferral

public void replaceReferral(java.lang.String name,
                            Referral referral)
                     throws NameNotFoundException
Replaces an existing referral with the same name by the current one. If a referral with the same name does not exist, it will be added.

Parameters:
name - name of the Referral instance
referral - Referral that will replace an existing Referral with the same name
Throws:
NameNotFoundException - if a Referral instance with the given name is not present

removeReferral

public Referral removeReferral(java.lang.String referralName)
Removes the referral with the given name.

Parameters:
referralName - name of the Referral
Returns:
returns the Referral object being removed; if not present returns null

removeReferral

public void removeReferral(Referral referral)
Removes the Referral object identified by object's equals method. If a Referral instance does not exist, the method will return silently.

Parameters:
referral - Referral object that will be removed

getConditionNames

public java.util.Set getConditionNames()
Get the set of condition names associated with the policy.

Returns:
set of condition names

getCondition

public Condition getCondition(java.lang.String condition)
                       throws NameNotFoundException
Gets the condition object identified by name.

Parameters:
condition - name of condition.
Returns:
Condition object.
Throws:
NameNotFoundException - if a Condition with the given name does not exist.

addCondition

public void addCondition(java.lang.String name,
                         Condition condition)
                  throws NameAlreadyExistsException,
                         InvalidNameException
Adds a new policy condition.

Parameters:
name - name of the Condition instance
condition - Condition object to be added to the policy
Throws:
NameAlreadyExistsException - if a Condition with the given name already exists
InvalidNameException - if the condition name is invalid

replaceCondition

public void replaceCondition(java.lang.String name,
                             Condition condition)
                      throws NameNotFoundException
Replaces an existing condition with the same name by the current one. If a condition with the same name does not exist, it will be added.

Parameters:
name - name of the Condition instance
condition - Condition that will replace an existing Condition with the same name
Throws:
NameNotFoundException - if a Condition instance with the given name is not present

removeCondition

public Condition removeCondition(java.lang.String condition)
Removes the condition with the given name.

Parameters:
condition - name of the Condition
Returns:
returns the Condition object being removed; if not present returns null

removeCondition

public void removeCondition(Condition condition)
Removes the Condition object identified by object's equals method. If a condition instance does not exist, the method will return silently.

Parameters:
condition - Condition object that will be removed

store

public void store(SSOToken token,
                  java.lang.String name)
           throws SSOException,
                  NoPermissionException,
                  NameAlreadyExistsException,
                  NameNotFoundException,
                  PolicyException
Stores the policy object in a persistent data store under the organization, sub-organization or a container object, specified as a parameter. The organization, sub-organization, or the container can be either a LDAP distinguished name (dn) or slash "/" separated as per SMS. This method uses the SSOToken provided to perform the store operation, and hence if the single sign token has expired SSOException will be thrown, and if the user does not have the required privileges NoPermissionException exception will be thrown.

If a policy with the same name exists for the organization the method will throw NameAlreadyExistsException. And if the organization name does not exist, the method will throw NameNotFoundException.

Parameters:
token - SSO token of the user managing policy
name - name of the organization, sub-organization or a container in which the policy will be stored.
Throws:
SSOException - invalid or expired single-sign-on token
NoPermissionException - user does not have sufficient privileges to add policy
NameAlreadyExistsException - a policy with the same name already exists
NameNotFoundException - the given organization name does not exist
PolicyException - for any other abnormal condition

toXML

public java.lang.String toXML()
Gets the serialized policy in XML

Returns:
serialized policy in XML

toString

public java.lang.String toString()
Gets string representation of the policy object.

Returns:
XML string representation of the policy object
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright 2006 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms.