oracle.security.am.common.policy.runtime

Interface PolicyRuntime

All Known Implementing Classes:

PolicyRuntimeImpl

public interface PolicyRuntime

PolicyRuntime provides the policy runtime evaluation functionality. It delegates requests to the associated PolicyRuntimeProvider instance. PolicyRuntime implementation object is instantiated by PolicyRuntimeFactory with a PolicyRuntimeProvider.

Since:

11gR1

See Also:

oracle.security.am.common.policy.PolicyRuntimeFactory, oracle.security.am.common.policy.PolicyRuntimeProvider

Method Summary

Modifier and Type	Method and Description
void	addPolicyChangeEventListener(PolicyChangeEventListener listener) Adds the specified event listener to receive policy runtime change events.
OAuthClient	createClient(OAuthClientImpl clientMetadata)
java.util.List<PolicyChangeEvent>	getAllPolicyChangeEvents() Returns all the policy change events.
java.util.List<PolicyChangeEvent>	getAllPolicyChangeEvents(long fromChangeVersion) Returns all the policy change events starting from the input change version to the latest version.
RuntimeAuthnScheme	getAuthnScheme(java.lang.String schemeName) Returns RuntimeAuthnScheme for the given scheme name.
OAuthClient	getClient(java.lang.String clientId, java.lang.String domainName)
java.lang.String	getHostIdentifier(java.lang.String host, int port) Returns Host Identifier associated with a host and port.
OAuthIdentityDomain	getIdentityDomain(java.lang.String domainName)
PolicyChangeEvent	getLatestPolicyChangeEvent() Returns the latest policy change event.
PolicyChangeEvent	getPolicyChangeEvent(long changeVersion) Returns the policy change event associated with the input change version.
OAuthResourceServer	getResource(java.lang.String resourceServerName, OAuthIdentityDomain domain)
OAuthResourceServer	getResource(java.lang.String resourceId, java.lang.String domainName)
ServerDiagnosticsDataInfo	getServerDiagnostics(boolean verbose)
long	getStoreVersionInUse() Returns the policy store version currently in use.
AccessResult	isAuthorized(AccessRequest request) Determines if a given Subject is permitted to access a RuntimeResource.
java.lang.Boolean	isPolicyCacheValid() returns true if cache has been initialized otherwise return false.
AccessResult	isResourceProtected(AccessRequest request) Determines if a given RuntimeResource is protected with an authentication policy, if so, it evaluates the policy and returns the evaluation result,the authentication scheme specified for the resource, and any responses specified in the authentication policy.
AccessResult	isSessionValid(AccessRequest request) Determines if a given user session is valid for the access request.
AccessResult	isTokenRequestAuthorized(AccessRequest request) Determines if a given Subject is permitted to request a token that will be used to access RuntimeResource.
PolicyCacheRefreshResponse	refreshPolicyCacheOnDemand(java.lang.String desiredVersion)
void	removePolicyChangeEventListener(PolicyChangeEventListener listener) Removes the specified policy runtime change event listener.
void	shutdown() Shutdown hook for cleaning up
PolicyCacheWriteResponse	writePolicyCacheToFile()

Method Detail

isResourceProtected

AccessResult isResourceProtected(AccessRequest request)
                          throws PolicyEvaluationException

Determines if a given RuntimeResource is protected with an authentication policy, if so, it evaluates the policy and returns the evaluation result,the authentication scheme specified for the resource, and any responses specified in the authentication policy. (It does not do the processing by itself, it forwards the requests to PolicyRuntimeProvider for the actual processing of the request)

Parameters:

request - AccessRequest containing resource (required), identity (optional), and access context (optional).

Returns:

AccessResult Access Result containing the policy evaluation result and authentication scheme

Throws:

PolicyEvaluationException - stores root cause for failure.

isAuthorized

AccessResult isAuthorized(AccessRequest request)
                   throws PolicyEvaluationException

Determines if a given Subject is permitted to access a RuntimeResource. It returns the authorization policy evaluation result and any responses specified in the authorization policy. (It does not do the processing by itself, it forwards the requests to PolicyRuntimeProvider for the actual processing of the request)

Parameters:

request - AccessRequest containing resource (required), identity (required), and access context (optional).

Returns:

AccessResult Access Result containing the authorization policy evaluation result and responses

Throws:

PolicyEvaluationException - stores root cause for failure.

isSessionValid

AccessResult isSessionValid(AccessRequest request)
                     throws PolicyEvaluationException

Determines if a given user session is valid for the access request.

Parameters:

request - AccessRequest containing resource (required), and access context (required, should contain session)

Returns:

access result containing the session validity check result.

Throws:

PolicyEvaluationException

isTokenRequestAuthorized

AccessResult isTokenRequestAuthorized(AccessRequest request)
                               throws PolicyEvaluationException

Determines if a given Subject is permitted to request a token that will be used to access RuntimeResource.

Parameters:

request - access request

Returns:

AccessResult token issuance authorization policy evaluation result

Throws:

PolicyEvaluationException

Since:

11gR1PS1

getAuthnScheme

RuntimeAuthnScheme getAuthnScheme(java.lang.String schemeName)
                           throws PolicyEvaluationException

Returns RuntimeAuthnScheme for the given scheme name.

Parameters:

String - scheme name.

Returns:

RuntimeAuthnScheme

Throws:

PolicyEvaluationException

getHostIdentifier

java.lang.String getHostIdentifier(java.lang.String host,
                                   int port)
                            throws PolicyEvaluationException

Returns Host Identifier associated with a host and port.

Parameters:

host - - hostname

port - - for preferred hosts port value is 0

Returns:

String Host Identifier Name

Throws:

PolicyEvaluationException

getPolicyChangeEvent

PolicyChangeEvent getPolicyChangeEvent(long changeVersion)
                                throws PolicyEvaluationException

Returns the policy change event associated with the input change version.

Parameters:

version -

Returns:

policy change event list

Throws:

PolicyEvaluationException

getAllPolicyChangeEvents

java.util.List<PolicyChangeEvent> getAllPolicyChangeEvents()
                                                    throws PolicyEvaluationException

Returns all the policy change events.

Parameters:

version -

Returns:

policy change event list

Throws:

PolicyEvaluationException

getAllPolicyChangeEvents

java.util.List<PolicyChangeEvent> getAllPolicyChangeEvents(long fromChangeVersion)
                                                    throws PolicyEvaluationException

Returns all the policy change events starting from the input change version to the latest version.

Parameters:

version -

Returns:

policy change event list

Throws:

PolicyEvaluationException

getLatestPolicyChangeEvent

PolicyChangeEvent getLatestPolicyChangeEvent()
                                      throws PolicyEvaluationException

Returns the latest policy change event.

Parameters:

version -

Returns:

policy change event

Throws:

PolicyEvaluationException

addPolicyChangeEventListener

void addPolicyChangeEventListener(PolicyChangeEventListener listener)
                           throws PolicyEvaluationException

Adds the specified event listener to receive policy runtime change events.

Parameters:

listener -

Throws:

PolicyEvaluationException

removePolicyChangeEventListener

void removePolicyChangeEventListener(PolicyChangeEventListener listener)
                              throws PolicyEvaluationException

Removes the specified policy runtime change event listener.

Parameters:

listener -

Throws:

PolicyEvaluationException

getStoreVersionInUse

long getStoreVersionInUse()
                   throws PolicyEvaluationException

Returns the policy store version currently in use.

Returns:

store version

Throws:

PolicyEvaluationException

Since:

11gR1PS1

getClient

OAuthClient getClient(java.lang.String clientId,
                      java.lang.String domainName)
               throws PolicyEvaluationException

Throws:

PolicyEvaluationException

createClient

OAuthClient createClient(OAuthClientImpl clientMetadata)
                  throws PolicyEvaluationException

Throws:

PolicyEvaluationException

getResource

OAuthResourceServer getResource(java.lang.String resourceId,
                                java.lang.String domainName)
                         throws PolicyEvaluationException

Throws:

PolicyEvaluationException

getIdentityDomain

OAuthIdentityDomain getIdentityDomain(java.lang.String domainName)
                               throws PolicyEvaluationException

Throws:

PolicyEvaluationException

getResource

OAuthResourceServer getResource(java.lang.String resourceServerName,
                                OAuthIdentityDomain domain)
                         throws PolicyEvaluationException

Throws:

PolicyEvaluationException

getServerDiagnostics

ServerDiagnosticsDataInfo getServerDiagnostics(boolean verbose)

Parameters:

verbose - Boolean parameter when set to true provides additional information such Application domains and their IDs. The number of application domains displayed is controlled by the VerboseMaxSize configuration parameter the defauly value of which is 50.

Returns:

Returns data obect that contain some or all values populated. Returned object, can itself be null.

Since:

12.2.1.3.BP03 This method provides the diagnostics data about the policy cache in the runtime server. All the data provied back in the data object is not calculated on demand, but it provided from already calcualted values. Thus this call does not add any additional computation when invoked.

writePolicyCacheToFile

PolicyCacheWriteResponse writePolicyCacheToFile()

Returns:

Returns data obect contains status of the request. In case of error, minor error code should be populated also. Returned object, can itself be null.

Since:

12.2.1.3.BP03 This method provides capability to write policy cache to disk file on server system. File will be written in the fmwconfig directory. File name will be typically of the form __.policy. File write operation may continue even after this function call completes.

refreshPolicyCacheOnDemand

PolicyCacheRefreshResponse refreshPolicyCacheOnDemand(java.lang.String desiredVersion)

Parameters:

desiredVersion - Cache version which it desire for the server to sync to. This can be null or empty string, in that case cache will be refreshed to latest version. If this is provided and provided version is incorrect or not available in persistent store, then cache will be refreshed to latest version available in the store.

Returns:

Returns data obect contains status of the request. In case of error, minor error code should be populated also. In case of success also, minor code should be populated if the desired version (non-null) was not avialble in the store. If null/empty version was provided, then response code wil not contain, minor code if request was successful Returned object, can itself be null.

Since:

12.2.1.3.BP03 This method provides capability to to refresh policy cache on demand to a given cache version. This method, merely triggers the refresh and the refresh itself may contonue after the method call is complete.

shutdown

void shutdown()
       throws PolicyEvaluationException

Shutdown hook for cleaning up

Throws:

PolicyEvaluationException

isPolicyCacheValid

java.lang.Boolean isPolicyCacheValid()

returns true if cache has been initialized otherwise return false.