|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object com.sun.identity.policy.PolicyEvaluator
public class PolicyEvaluator
The class PolicyEvaluator
evaluates policies
and provides policy decisions.
Field Summary | |
---|---|
static String |
ALL_RESOURCES
Constant used to identity all the resources of a service type. |
static String |
EMPTY_RESOURCE_NAME
Constant used to identity empty resource |
Constructor Summary | |
---|---|
PolicyEvaluator(String serviceTypeName)
Constructor to create a PolicyEvaluator given the
ServiceType name. |
Method Summary | |
---|---|
void |
addPolicyListener(PolicyListener policyListener)
Adds a policy listener that would be notified whenever a policy is added, removed or changed |
PolicyDecision |
getPolicyDecision(SSOToken token,
String resourceName,
Set actionNames,
Map envParameters)
Evaluates privileges of the user to perform the specified actions on the specified resource. |
Set |
getProtectedResourcesIgnoreConditions(SSOToken token,
String rootResource)
Gets protected resources for a user identified by single sign on token Conditions defined in the policies are ignored while computing protected resources. |
ResourceResult |
getResourceResult(SSOToken token,
String resourceName,
String scope,
Map envParameters)
Deprecated. Use getResourceResults() |
Set |
getResourceResults(SSOToken token,
String resourceName,
String scope,
Map envParameters)
Gets resource result objects given a resource name. |
boolean |
isAllowed(SSOToken token,
String resourceName,
String actionName,
Map envParameters)
Evaluates simple privileges of boolean type. |
void |
removePolicyListener(PolicyListener policyListener)
Removes a policy listener that was previously registered to receive notifications whenever a policy is added, removed or changed. |
Field Detail |
---|
public static final String ALL_RESOURCES
public static final String EMPTY_RESOURCE_NAME
Constructor Detail |
---|
public PolicyEvaluator(String serviceTypeName) throws SSOException, NameNotFoundException, PolicyException
PolicyEvaluator
given the
ServiceType
name.
serviceTypeName
- the name of the ServiceType
for
which this evaluator can be used.
SSOException
- if SSOToken
used by
PolicyEvaluator
is invalid
NameNotFoundException
- if the service with name
serviceTypeName
is not found
PolicyException
- for any other abnormal conditionMethod Detail |
---|
public boolean isAllowed(SSOToken token, String resourceName, String actionName, Map envParameters) throws SSOException, PolicyException
PolicyException
,
if the syntax for the actionName
is not declared to be
boolean, in the service schema.
token
- single sign on token of the user evaluating policiesresourceName
- name of the resource the user is trying to accessactionName
- name of the action the user is trying to perform on
the resourceenvParameters
- run-time environment parameters
SSOException
- single-sign-on token invalid or expired
PolicyException
- for any other abnormal conditionpublic PolicyDecision getPolicyDecision(SSOToken token, String resourceName, Set actionNames, Map envParameters) throws SSOException, PolicyException
token
- single sign on token of the user evaluating policiesresourceName
- name of the resource the user is trying to accessactionNames
- Set
of names(String
) of
the action the user is trying to perform on the resourceenvParameters
- Map
of run-time environment parameters
SSOException
- single-sign-on token invalid or expired
PolicyException
- for any other abnormal conditionpublic Set getProtectedResourcesIgnoreConditions(SSOToken token, String rootResource) throws SSOException, PolicyException
rootResource
or equal to the given rootResource
would be returned.
If all policies applicable to a resource are
only referral policies, no ProtectedResource
would be
returned for such a resource.
token
- single sign on token of the userrootResource
- only resources that are sub resources of the
given rootResource
or equal to the
given rootResource
would be returned
rootResource
would be returned.
If PolicyEvaluator.ALL_RESOURCES
is
passed as rootResource
, resources under
all root resources of the service
type are considered while computing protected
resources.
Set
of protected resources. The set
contains ProtectedResource
objects.
SSOException
- if single sign on token is invalid
PolicyException
- for any other abnormal conditionProtectedResource
public Set getResourceResults(SSOToken token, String resourceName, String scope, Map envParameters) throws SSOException, PolicyException
ResourceResult
objects for all resources
that would affect policy decisions for any resource associated with the
argument resource name. To determine whether to include the
ResourceResult
of a resource, we compare argument resource
name and policy resource name, treating wild characters in the policy
resource name as wild. If the comparison resulted in
EXACT_MATCH
, WILD_CARD_MACTH
or
SUB_RESOURCE_MACTH
, the resource result would be
included.
token
- single sign on token of the user evaluating policiesresourceName
- name of the resourcescope
- indicates whether to compute the resource result based on
the policy decision for only the resourceName
or all the resources associated with the resource name.
The valid scope values are:
ResourceResult.SUBTREE_SCOPE
ResourceResult.STRICT_SUBTREE_SCOPE
ResourceResult.SELF_SCOPE
ResourceResult.SUBTREE_SCOPE
,
the method will return a set of ResourceResult
objects, one of them for the resourceName
and
its sub resources; the others are for resources that match
the resourceName
by wildcard. If the scope is
ResourceResult.STRICT_SUBTREE_SCOPE
, the
method will return a set object that contains one
ResourceResult
object. The
ResourceResult
contains the policy decisions
regarding the resourceName
and its sub
resources. If the scope is
ResourceResult.SELF_SCOPE
, the method will
return a set object that contains one
ResourceResult
object.
The ResourceResult
contains the policy decision
regarding the resourceName
only.envParameters
- run-time environment parameters
ResourceResult
objects
SSOException
- if token
is invalid
PolicyException
- for any other abnormal conditionResourceMatch.EXACT_MATCH
,
ResourceMatch.SUB_RESOURCE_MATCH
,
ResourceMatch.WILDCARD_MATCH
,
ResourceResult.SUBTREE_SCOPE
,
ResourceResult.STRICT_SUBTREE_SCOPE
,
ResourceResult.SELF_SCOPE
public ResourceResult getResourceResult(SSOToken token, String resourceName, String scope, Map envParameters) throws SSOException, PolicyException
getResourceResults()
ResourceResult
is a tree representation of policy decisions for all resources rooted
at the resource name.
To determine whether a resource defined in the policy
is a sub resource of argument resource name, argument resource name
and policy resource name are compared, treating wild characters as
literals. If comparison resulted in EXACT_MACTH
or
SUB_RESOURCE_MACTH
, the resource would be included
token
- single sign on token of the user evaluating policiesresourceName
- name of the resourcescope
- indicates whether to compute the resource result based on
the policy decision for only the resourceName
or all the resources associated with the resource name.
The valid scope values are:
ResourceResult.SUBTREE_SCOPE
ResourceResult.STRICT_SUBTREE_SCOPE
ResourceResult.SELF_SCOPE
ResourceResult.SUBTREE_SCOPE
or
ResourceResult.STRICT_SUBTREE_SCOPE
, the method
will return a ResourceResult
object that
contains the policy decisions regarding the
resourceName
and its sub resources.
If the scope is ResourceResult.SELF_SCOPE
, the
method will return a ResourceResult
object that
contains the policy decision regarding the
resourceName
only. Note, scope values
ResourceResult.SUBTREE_SCOPE
and
ResourceResult.STRICT_SUBTREE_SCOPE
are being
treated as the same for backword compatibility reasons. This
method is being deprecated. The method
getResourceResults()
should be used instead.envParameters
- run-time environment parameters
ResourceResult
.
SSOException
- if token
is invalid
PolicyException
- for any other abnormal conditionResourceMatch.EXACT_MATCH
,
ResourceMatch.SUB_RESOURCE_MATCH
,
ResourceMatch.WILDCARD_MATCH
,
ResourceResult.SUBTREE_SCOPE
,
ResourceResult.STRICT_SUBTREE_SCOPE
,
ResourceResult.SELF_SCOPE
public void addPolicyListener(PolicyListener policyListener)
policyListener
- the listener to be addedpublic void removePolicyListener(PolicyListener policyListener)
policyListener
- the listener to be removed
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |