|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object com.sun.identity.policy.ProxyPolicyEvaluator
public class ProxyPolicyEvaluator
Class that lets a priviliged user to compute policy results for
another user.
Only privileged users can get ProxyPolicyEvaluator
- only top level administrator, realm level policy administrator,
realm administrator or realm policy administrator can get
ProxyPolicyEvaluator
. Top level administrator can compute policy
results for any user. Realm administrator or policy administrator can
compute policy results only for users who are members of the realm
(including sub realm) that they manage. If they try to compute policys
result for any other user, they would get a PolicyException
.
This class can be used only within the web container running policy server.
Method Summary | |
---|---|
PolicyDecision |
getPolicyDecision(String principalName,
String resourceName,
Map env)
Gets policy decision for the user identified by the principalName for the given resource |
PolicyDecision |
getPolicyDecision(String principalName,
String realm,
String resourceName,
Map env)
Gets policy decision for the user identified by the principalName for the given resource |
PolicyDecision |
getPolicyDecisionIgnoreSubjects(String resourceName,
Set actionNames,
Map env)
Gets policy decision for a resource, skipping subject evaluation. |
Set |
getProtectedResourcesIgnoreConditions(String principalName,
String rootResource)
Gets protected resources for a user identified by the principalName . |
Set |
getProtectedResourcesIgnoreConditions(String principalName,
String realm,
String rootResource)
Gets protected resources for a user identified by the principalName . |
boolean |
isAllowed(String principalName,
String resourceName,
String actionName,
Map env)
Evaluates a simple privilege of boolean type. |
boolean |
isAllowed(String principalName,
String realm,
String resourceName,
String actionName,
Map env)
Evaluates a simple privilege of boolean type. |
Method Detail |
---|
public boolean isAllowed(String principalName, String realm, String resourceName, String actionName, Map env) throws PolicyException, SSOException
principalName
can perform specified action on the specified resource.
principalName
- principal name for whom to compute the privilege.realm
- realm of the user principal "/" separated formatresourceName
- name of the resource for which to compute
policy result.actionName
- name of the action the user is trying to perform on
the resourceenv
- run time environment parameters
PolicyException
- exception form policy framework
SSOException
- if single sign on token is invalidpublic boolean isAllowed(String principalName, String resourceName, String actionName, Map env) throws PolicyException, SSOException
principalName
can perform specified action on the specified resource.
principalName
- principal name for whom to compute the privilege.resourceName
- name of the resource for which to compute
policy result.actionName
- name of the action the user is trying to perform on
the resourceenv
- run time environment parameters
PolicyException
- exception form policy framework
SSOException
- if single sign on token is invalidpublic PolicyDecision getPolicyDecision(String principalName, String realm, String resourceName, Map env) throws PolicyException, SSOException
principalName
for the given resource
principalName
- principal name for whom to compute the policy
decisionrealm
- realm of the user principal "/" separated formatresourceName
- name of the resource for which to compute policy
decisionenv
- run time environment parameters
PolicyException
- exception form policy framework
SSOException
- if single sign on token is invalidpublic PolicyDecision getPolicyDecision(String principalName, String resourceName, Map env) throws PolicyException, SSOException
principalName
for the given resource
principalName
- principal name for whom to compute the policy
decisionresourceName
- name of the resource for which to compute policy
decisionenv
- run time environment parameters
PolicyException
- exception form policy framework
SSOException
- if single sign on token is invalidpublic PolicyDecision getPolicyDecisionIgnoreSubjects(String resourceName, Set actionNames, Map env) throws PolicyException, SSOException
AuthLevel
, AuthScheme
that would be required to
access the resource.
resourceName
- name of the resource for which to compute policy
decisionactionNames
- names of the actions the user is trying to perform on
the resourceenv
- run time environment parameters
PolicyException
- exception form policy framework
SSOException
- if single sign on token is invalidpublic Set getProtectedResourcesIgnoreConditions(String principalName, String rootResource) throws PolicyException, SSOException
principalName
. Conditions defined in the policies are
ignored while computing protected resources.
Only resources that are sub resources of the given
rootResource
or equal to the given rootResource
would be returned.
If all policies applicable to a resource are
only referral policies, no ProtectedResource
would be
returned for such a resource.
principalName
- principal name for whom to compute the privilege.rootResource
- only resources that are sub resources of the
given rootResource
or equal to the
given rootResource
would be returned.
If PolicyEvaluator.ALL_RESOURCES
is
passed as rootResource
, resources under
all root resources of the service
type are considered while computing protected
resources.
ProtectedResource
objects.
PolicyException
- exception form policy framework
SSOException
- if single sign on token is invalidProtectedResource
public Set getProtectedResourcesIgnoreConditions(String principalName, String realm, String rootResource) throws PolicyException, SSOException
principalName
. Conditions defined in the policies are
ignored while computing protected resources.
Only resources that are sub resources of the given
rootResource
or equal to the given rootResource
would be returned.
If all policies applicable to a resource are
only referral policies, no ProtectedResource
would be
returned for such a resource.
principalName
- principal name for whom to compute the privilege.realm
- realm of the user principal "/" separated formatrootResource
- only resources that are sub resources of the
given rootResource
or equal to the
given rootResource
would be returned.
If PolicyEvaluator.ALL_RESOURCES
is
passed as rootResource
, resources under
all root resources of the service
type are considered while computing protected
resources.
ProtectedResource
objects.
PolicyException
- exception form policy framework
SSOException
- if single sign on token is invalidProtectedResource
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |