|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
The class Condition
defines an interface
to allow pluggable condition. These are used to control
policy decisions based on parameters such as time,
authentication level of the user session and IP address from which
the user is making the request.
A condition computes a ConditionDecision
based on the state
of condition object as set by setProperties
method call and
the environment passed in a map of key/value pairs.
ConditionDecision
encapsulates whether a policy applies for
the request and advice messages generated by the condition.
The following Condition implementation are provided with the
Policy framework:
AuthLevelCondition
, AuthSchemeCondition
,
IPCondition
, SimpleTimeCondition
AuthenticateToRealmCondition
,
AuthenticateToServiceCondition
, LDAPFilterCondition
LEAuthLevelCondition
,SessionCondition
and
SessionPropertyCondition
All condition implementations should have a public no argument
constructor.
ConditionDecision
Field Summary | |
static java.lang.String |
AUTH_LEVEL
Key that is used to define the minimum authentication level in an AuthLevelCondition or the maximum authentication
level in a LEAuthLevelCondition of a policy being
evaluated. |
static java.lang.String |
AUTH_SCHEME
Key that is used to define the authentication scheme in an AuthSchemeCondition of a policy. |
static java.lang.String |
AUTHENTICATE_TO_REALM
Key used in AuthenticateToRealmCondition to specify the
realm for which the user should authenticate for the policy to apply. |
static java.lang.String |
AUTHENTICATE_TO_SERVICE
Key that is used in AuthenticateToServiceCondition to
specify the authentication chain for which the user should authenticate
for the policy to apply. |
static java.lang.String |
DNS_NAME
Key that is used in an IPCondition to define the DNS
name values for which a policy applies. |
static java.lang.String |
END_DATE
Key that is used in a SimpleTimeCondition to define the
end of date range for which a policy applies.The value corresponding to
the key has to be a Set that has just one element which is
a String that corresponds to the pattern described below. |
static java.lang.String |
END_DAY
Key that is used in a SimpleTimeCondition to define the
end of day of week range for which a policy applies. |
static java.lang.String |
END_IP
Key that is used in IPCondition to define the end of
IP address range for which a policy applies. |
static java.lang.String |
END_TIME
Key that is used in a SimpleTimeCondition to define the
end of time range during which a policy applies.The value corresponding
to the key has to be a Set that has just one element which
is a String that conforms to the pattern described here. |
static java.lang.String |
ENFORCEMENT_TIME_ZONE
Key that is used in a SimpleTimeCondition to define the
time zone basis to evaluate the policy. |
static java.lang.String |
LDAP_FILTER
Key that is used in a LDAPFilterCondition to define the
ldap filter that should be satisfied by the ldap entry of the user
for the condition to be satisifed
The value should be a Set with only one element. |
static java.lang.String |
MAX_SESSION_TIME
Key that is used in SessionCondition to define the maximum
session time in minutes for which a policy applies. |
static java.lang.String |
REQUEST_AUTH_LEVEL
Key that is used to define the authentication level of the request. |
static java.lang.String |
REQUEST_AUTH_SCHEMES
Key that is used to define the name of authentication scheme of the request. |
static java.lang.String |
REQUEST_AUTHENTICATED_TO_REALMS
Key that is used to identify the names of authenticated realms in the request. |
static java.lang.String |
REQUEST_AUTHENTICATED_TO_SERVICES
Key that is used to identify the names of authentication chains in the request. |
static java.lang.String |
REQUEST_DNS_NAME
Key that is used to define request DNS name that is passed in the env parameter while invoking
getConditionDecision method of an IPCondition . |
static java.lang.String |
REQUEST_IP
Key that is used to define request IP address that is passed in the env parameter while invoking
getConditionDecision method of an IPCondition . |
static java.lang.String |
REQUEST_TIME_ZONE
Key that is used to define the time zone that is passed in the env parameter while invoking
getConditionDecision method of a
SimpleTimeCondition
Value for the key should be a TimeZone object. |
static java.lang.String |
START_DATE
Key that is used in a SimpleTimeCondition to define the
start of date range for which a policy applies. |
static java.lang.String |
START_DAY
Key that is used in a SimpleTimeCondition to define the
start of day of week range for which a policy applies. |
static java.lang.String |
START_IP
Key used in IPCondition to define the start of IP
address range for which a policy applies. |
static java.lang.String |
START_TIME
Key that is used in SimpleTimeCondition to define the
beginning of time range during which a policy applies. |
static java.lang.String |
TERMINATE_SESSION
Key in SessionCondition that is used to define the option
to terminate the session if the session exceeds the maximum session
time. |
static java.lang.String |
VALUE_CASE_INSENSITIVE
Key that is passed in the env parameter while invoking
getConditionDecision method of a
SessionPropertyCondition to indicate if a case insensitive
match needs to done of the property value against same name property in
the user's single sign on token. |
Method Summary | |
java.lang.Object |
clone()
Returns a copy of this object. |
ConditionDecision |
getConditionDecision(SSOToken token,
java.util.Map env)
Gets the decision computed by this condition object, based on the map of environment parameters |
java.lang.String |
getDisplayName(java.lang.String property,
java.util.Locale locale)
Gets the display name for the property name. |
java.util.Map |
getProperties()
Gets the properties of the condition |
java.util.List |
getPropertyNames()
Returns a list of property names for the condition. |
Syntax |
getPropertySyntax(java.lang.String property)
Returns the syntax for a property name |
java.util.Set |
getValidValues(java.lang.String property)
Returns a set of valid values given the property name. |
void |
setProperties(java.util.Map properties)
Sets the properties of the condition. |
Field Detail |
public static final java.lang.String AUTH_LEVEL
AuthLevelCondition
or the maximum authentication
level in a LEAuthLevelCondition
of a policy being
evaluated. In case of AuthLevelCondition
policy would
apply if the request authentication level is at least the level
defined in condition while in case of LEAuthLevelCondition
policy would apply if the request authentication level is less than
or equal to the level defined in the condition.
The value should be a Set
with only one
element. The element should be a String
, parse-able as
an integer or a realm qualified integer like "sun:1" where "sun" is a
realm name.":" needs to used a delimiter between realm name and the
level.
setProperties(Map)
,
Constant Field Valuespublic static final java.lang.String REQUEST_AUTH_LEVEL
env
Map to the
getConditionDecision
call of an AuthLevelCondition
or LEAuthLevelCondition
for condition evaluation.
The value should be an Integer or a Set
of
String
s. If it is a Set
of
String
s, each element of the set has to be parseable as
integer or should be a realm qualified integer like "sun:1". If the
env
parameter is null or does not
define value for REQUEST_AUTH_LEVEL
, the value for
REQUEST_AUTH_LEVEL
is obtained from the single sign
on token of the user
getConditionDecision(SSOToken, Map)
,
AUTH_LEVEL
,
Constant Field Valuespublic static final java.lang.String AUTH_SCHEME
AuthSchemeCondition
of a policy.
Policy would apply if the authentication scheme of the request is same
as defined in the condition. The value should be
a Set
with only one element. The element should be a
String
, the authentication scheme name.
setProperties(Map)
,
Constant Field Valuespublic static final java.lang.String REQUEST_AUTH_SCHEMES
env
Map to
getConditionDecision
of an AuthSchemeCondition
for condition evaluation.
Value for the key should be a Set
with each element being
a String
.
If the env
parameter is null or does not
define value for REQUEST_AUTH_SCHEMES
, the value for
REQUEST_AUTH_SCHEMES
is obtained from the single sign
on token of the user
getConditionDecision(SSOToken, Map)
,
AUTH_SCHEME
,
Constant Field Valuespublic static final java.lang.String AUTHENTICATE_TO_REALM
AuthenticateToRealmCondition
to specify the
realm for which the user should authenticate for the policy to apply.
The value should be a Set
with only one element.
The should be a String
, the realm name.
setProperties(Map)
,
Constant Field Valuespublic static final java.lang.String REQUEST_AUTHENTICATED_TO_REALMS
env
Map to
getConditionDecision
of an
AuthenticateToRealmCondition
for condition evaluation.
Value for the key should be a Set
with each element being
a String
If the env
parameter is null or does not
define value for REQUEST_AUTHENTICATED_TO_REALMS
, the
value for REQUEST_AUTHENTICATED_TO_REALMS
is obtained
from the single sign on token of the user
getConditionDecision(SSOToken, Map)
,
AUTHENTICATE_TO_REALM
,
Constant Field Valuespublic static final java.lang.String AUTHENTICATE_TO_SERVICE
AuthenticateToServiceCondition
to
specify the authentication chain for which the user should authenticate
for the policy to apply.
The value should be a Set
with only one element.
The should be a String
, the realm name.
setProperties(Map)
,
Constant Field Valuespublic static final java.lang.String REQUEST_AUTHENTICATED_TO_SERVICES
env
Map to
getConditionDecision
of an
AuthenticateToServiceCondition
for condition evaluation.
Value for the key should be a Set
with each element being
a String
.
If the env
parameter is null or does not
define value for REQUEST_AUTHENTICATED_TO_SERVICES
, the
value for REQUEST_AUTHENTICATED_TO_SERVICES
is obtained
from the single sign on token of the user
getConditionDecision(SSOToken, Map)
,
AUTHENTICATE_TO_SERVICE
,
Constant Field Valuespublic static final java.lang.String START_IP
IPCondition
to define the start of IP
address range for which a policy applies.
The value corresponding to the key has to be a Set
that
has just one element which is a String
that conforms to the pattern described here. If a value is
defined for START_IP, a value should also be defined for END_IP.
The patterns is :
n.n.n.n
where n would take any integer value between 0 and 255 inclusive.
Some sample values are
122.100.85.45
145.64.55.35
15.64.55.35
setProperties(Map)
,
Constant Field Valuespublic static final java.lang.String END_IP
IPCondition
to define the end of
IP address range for which a policy applies.
The value corresponding to the key has to be a Set
that
has just one element which is a String
that conforms to the pattern described here. If a value is
defined for END_IP, a value should also be defined for START_IP.
The patterns is :
n.n.n.n
where n would take any integer value between 0 and 255 inclusive.
Some sample values are
122.100.85.45
145.64.55.35
15.64.55.35
setProperties(Map)
,
Constant Field Valuespublic static final java.lang.String DNS_NAME
IPCondition
to define the DNS
name values for which a policy applies. The value corresponding to the
key has to be a Set
where each element is a String
that conforms to the patterns described here.
The patterns is :
ccc.ccc.ccc.ccc *.ccc.ccc.cccwhere c is any valid character for DNS domain/host name. There could be any number of
.ccc
components.
Some sample values are:
www.sun.com finace.yahoo.com *.yahoo.com
setProperties(Map)
,
Constant Field Valuespublic static final java.lang.String REQUEST_IP
env
parameter while invoking
getConditionDecision
method of an IPCondition
.
Value for the key should be a String
that is a string
representation of IP of the client, in the form n.n.n.n where n is a
value between 0 and 255 inclusive.
getConditionDecision(SSOToken, Map)
,
REQUEST_DNS_NAME
,
Constant Field Valuespublic static final java.lang.String REQUEST_DNS_NAME
env
parameter while invoking
getConditionDecision
method of an IPCondition
.
Value for the key should be a set of strings representing the
DNS names of the client, in the form ccc.ccc.ccc
.
If the env
parameter is null or does not
define value for REQUEST_DNS_NAME
, the
value for REQUEST_DNS_NAME
is obtained
from the single sign on token of the user
getConditionDecision(SSOToken, Map)
,
Constant Field Valuespublic static final java.lang.String LDAP_FILTER
LDAPFilterCondition
to define the
ldap filter that should be satisfied by the ldap entry of the user
for the condition to be satisifed
The value should be a Set
with only one element.
The element should be a String
.
setProperties(Map)
,
Constant Field Valuespublic static final java.lang.String MAX_SESSION_TIME
SessionCondition
to define the maximum
session time in minutes for which a policy applies.
The value corresponding to the key has to be a Set
that
has just one element which is a string and parse-able as an
Integer
.
public static final java.lang.String TERMINATE_SESSION
SessionCondition
that is used to define the option
to terminate the session if the session exceeds the maximum session
time. The value corresponding to the key has to be a Set
that has just one element which is a string. The option is on if
the string value is equal to true
.
public static final java.lang.String START_TIME
SimpleTimeCondition
to define the
beginning of time range during which a policy applies.
The value corresponding to the key has to be a Set
that
has just one element which is a String
that conforms to
the pattern described here. If a value is defined for
START_TIME
,
a value should also be defined for END_TIME
.
The patterns is:
HH:mmSome sample values are
08:25 18:45
setProperties(Map)
,
END_TIME
,
Constant Field Valuespublic static final java.lang.String END_TIME
SimpleTimeCondition
to define the
end of time range during which a policy applies.The value corresponding
to the key has to be a Set
that has just one element which
is a String
that conforms to the pattern described here.
If a value is defined for END_TIME
, a value should also
be defined for START_TIME
.
The patterns is:
HH:mmSome sample values are
08:25 18:45
setProperties(Map)
,
START_TIME
,
Constant Field Valuespublic static final java.lang.String START_DAY
SimpleTimeCondition
to define the
start of day of week range for which a policy applies. The value
corresponding to the key has to be a Set
that has just one
element which is a String
that is one of the values
Sun, Mon, Tue, Wed, Thu, Fri, Sat.
If a value is defined for START_DAY
, a value should also be
defined for END_DAY
.
Some sample values are
Sun Mon
setProperties(Map)
,
END_DAY
,
Constant Field Valuespublic static final java.lang.String END_DAY
SimpleTimeCondition
to define the
end of day of week range for which a policy applies. Its defined in a
SimpleTimeCondition
associated with the policy. The value
corresponding to the key has to be a Set
that has just one
element which is a String
that is one of the values
Sun, Mon, Tue, Wed, Thu, Fri, Sat.
If a value is defined for END_DAY
, a value should also be
defined for START_DAY
.
Some sample values are
Sun Mon
setProperties(Map)
,
START_DAY
,
Constant Field Valuespublic static final java.lang.String START_DATE
SimpleTimeCondition
to define the
start of date range for which a policy applies.
The value corresponding to the key has to be a Set
that has
just one element which is a String
that corresponds to the
pattern described below. If a value is defined for
START_DATE
, a value should also be defined for
END_DATE
.
The pattern is
yyyy:MM:dd Some sample values are 2001:02:26 2002:12:31
setProperties(Map)
,
END_DATE
,
Constant Field Valuespublic static final java.lang.String END_DATE
SimpleTimeCondition
to define the
end of date range for which a policy applies.The value corresponding to
the key has to be a Set
that has just one element which is
a String
that corresponds to the pattern described below.
If a value is defined for END_DATE
, a value should
also be defined for START_DATE
.
The pattern is
yyyy:MM:dd Some sample values are 2001:02:26 2002:12:31
setProperties(Map)
,
START_DATE
,
Constant Field Valuespublic static final java.lang.String ENFORCEMENT_TIME_ZONE
SimpleTimeCondition
to define the
time zone basis to evaluate the policy.
The value corresponding to the key
has to be a one element Set
where the element is a
String
that is one of the standard timezone IDs supported
by java or a String
of the pattern
GMT[+|-]hh[[:]mm]
here. If the value is not a valid time zone id and does
not match the pattern GMT[+|-]hh[[:]mm]
, it would default
to GMT
TimeZone
,
Constant Field Valuespublic static final java.lang.String REQUEST_TIME_ZONE
env
parameter while invoking
getConditionDecision
method of a
SimpleTimeCondition
Value for the key should be a TimeZone
object. This
would be used only if the ENFORCEMENT_TIME_ZONE
is not
defined for the SimpleTimeCondition
getConditionDecision(SSOToken, Map)
,
ENFORCEMENT_TIME_ZONE
,
TimeZone
,
Constant Field Valuespublic static final java.lang.String VALUE_CASE_INSENSITIVE
env
parameter while invoking
getConditionDecision
method of a
SessionPropertyCondition
to indicate if a case insensitive
match needs to done of the property value against same name property in
the user's single sign on token.
Method Detail |
public java.util.List getPropertyNames()
public Syntax getPropertySyntax(java.lang.String property)
property
- property name
Syntax for the property name- See Also:
Syntax
public java.lang.String getDisplayName(java.lang.String property, java.util.Locale locale) throws PolicyException
locale
variable could be used by the plugin to
customize the display name for the given locale.
The locale
variable could be null
, in which
case the plugin must use the default locale.
property
- property namelocale
- locale for which the property name must be customized
PolicyException
public java.util.Set getValidValues(java.lang.String property) throws PolicyException
property
- property name
PolicyException
- if unable to get the Syntax.public void setProperties(java.util.Map properties) throws PolicyException
ConditionDecision
that would be
computed by a call to method getConditionDecision(Map)
and
the advice messages generated included in the
ConditionDecision
.
ConditionDecision
encapsulates whether a policy applies for
the request and advice messages generated by the condition.
For example, for a TimeCondition
, the properties would
define StartTime
and EndTime
, to define
the time range during which the policy applies
properties
- the properties of the condition
that would influence the ConditionDecision
returned
by a call to method getConditionDecision(Map)
.
Keys of the properties have to be String.
Value corresponding to each key have to be a Set of String
elements. Each implementation of Condition could add further
restrictions on the keys and values of this map.
PolicyException
- for any abnormal conditionConditionDecision
public java.util.Map getProperties()
setProperties(java.util.Map)
public ConditionDecision getConditionDecision(SSOToken token, java.util.Map env) throws PolicyException, SSOException
token
- single-sign-on token of the userenv
- request specific environment map of key/value pairs
For example this would contain IP address of remote
client for an IPCondition
.
ConditionDecision
.
Otherwise, further evaluation of the policy is skipped. However, the
advice messages encapsulated in the ConditionDecision
are aggregated and passed up, encapsulated in the policy decision.
PolicyException
- if the decision could not be computed
SSOException
- if SSO token is not validConditionDecision
public java.lang.Object clone()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |