| 
 | |||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Object | +--com.sun.identity.policy.PolicyEvaluator
The class PolicyEvaluator evaluates policies
 and provides policy decisions.
| Field Summary | |
| static java.lang.String | ALL_RESOURCESConstant used to identity all the resources of a service type. | 
| static java.lang.String | EMPTY_RESOURCE_NAMEConstant used to identity empty resource | 
| Constructor Summary | |
| PolicyEvaluator(java.lang.String serviceTypeName)Constructor to create a PolicyEvaluatorgiven the service
 type name. | |
| Method Summary | |
|  void | addPolicyListener(PolicyListener policyListener)Adds a policy listener that would be notified whenever a policy is added, removed or changed | 
|  PolicyDecision | getPolicyDecision(SSOToken token,
                  java.lang.String resourceName,
                  java.util.Set actionNames,
                  java.util.Map envParameters)Evaluates privileges of the user to perform the specified actions the the specified resource. | 
|  java.util.Set | getProtectedResourcesIgnoreConditions(SSOToken token,
                                      java.lang.String rootResource)Gets protected resources for a user identified by single sign on token Conditions defined in the policies are ignored while computing protected resources. | 
|  ResourceResult | getResourceResult(SSOToken token,
                  java.lang.String resourceName,
                  java.lang.String scope,
                  java.util.Map envParameters)Deprecated. Use getResourceResults() | 
|  java.util.Set | getResourceResults(SSOToken token,
                   java.lang.String resourceName,
                   java.lang.String scope,
                   java.util.Map envParameters)Gets resource result objects given a resource name. | 
|  boolean | isAllowed(SSOToken token,
          java.lang.String resourceName,
          java.lang.String actionName,
          java.util.Map envParameters)Evaluates simple privileges of boolean type. | 
|  void | removePolicyListener(PolicyListener policyListener)Removes a policy listener that was previously registered to receive notifications whenever a policy is added, removed or changed. | 
| Methods inherited from class java.lang.Object | 
| equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait | 
| Field Detail | 
public static final java.lang.String ALL_RESOURCES
public static final java.lang.String EMPTY_RESOURCE_NAME
| Constructor Detail | 
public PolicyEvaluator(java.lang.String serviceTypeName)
                throws SSOException,
                       NameNotFoundException,
                       PolicyException
PolicyEvaluator given the service
 type name.serviceTypeName - the name of the service type for which this
 evaluator can be used forSSOException - if SSOToken used by
                      PolicyEvaluator is invalidNameNotFoundException - if the service with name 
                      serviceTypeName is not foundPolicyException - for any other abnormal condition| Method Detail | 
public boolean isAllowed(SSOToken token,
                         java.lang.String resourceName,
                         java.lang.String actionName,
                         java.util.Map envParameters)
                  throws SSOException,
                         PolicyException
PolicyException,
 if the syntax for the actionName is not declared to be
 boolean, in the service schema.token - single sign on token of the user evaluating policiesresourceName - name of the resource the user is trying to accessactionName - name of the action the user is trying to perform on
 the resourceenvParameters - run-time environment parametersSSOException - single-sign-on token invalid or expiredPolicyException - for any other abnormal condition
public PolicyDecision getPolicyDecision(SSOToken token,
                                        java.lang.String resourceName,
                                        java.util.Set actionNames,
                                        java.util.Map envParameters)
                                 throws SSOException,
                                        PolicyException
token - single sign on token of the user evaluating policiesresourceName - name of the resource the user is trying to accessactionNames - name of the action the user is trying to perform on
 the resourceenvParameters - run-time environment parametersSSOException - single-sign-on token invalid or expiredPolicyException - for any other abnormal condition
public java.util.Set getProtectedResourcesIgnoreConditions(SSOToken token,
                                                           java.lang.String rootResource)
                                                    throws SSOException,
                                                           PolicyException
rootResource or equal to the given rootResource
 would be returned. 
 If all policies applicable to a resource are 
 only referral policies, no ProtectedResource would be
 returned for such a resource.token - single sign on token of the userrootResource - only resources that are sub resources of the  
                      given rootResource or equal to the
                      given rootResource would be returned
                      rootResource would be returned.
                      If PolicyEvaluator.ALL_RESOURCES is 
                      passed as rootResource, resources under
                      all root  resources of the service 
                      type are considered while computing protected 
                      resources.ProtectedResource objects.SSOException - if single sign on token is invalidPolicyException - for any other abnormal conditionProtectedResource
public java.util.Set getResourceResults(SSOToken token,
                                        java.lang.String resourceName,
                                        java.lang.String scope,
                                        java.util.Map envParameters)
                                 throws SSOException,
                                        PolicyException
ResourceResult objects for all resources 
 that would affect policy decisions for any resource associated with the 
 argument resource name. To determine whether to include the
 ResourceResult of a resource,  we compare argument resource
 name and policy resource name, treating wild characters in the policy 
 resource name as wild. If the comparison resulted in
 EXACT_MATCH, WILD_CARD_MACTH or
 SUB_RESOURCE_MACTH, the resource result would be
 included.token - single sign on token of the user evaluating policiesresourceName - name of the resourcescope - indicates whether to compute the resource result based on
              the policy decision for only the resourceName
              or all the resources associated with the resource name.
              The valid scope values are:
              ResourceResult.SUBTREE_SCOPE
              ResourceResult.STRICT_SUBTREE_SCOPE
              ResourceResult.SELF_SCOPE
              ResourceResult.SUBTREE_SCOPE,
              the method will return a set of ResourceResult
              objects, one of them for the resourceName and
              its sub resources; the others are for resources that match
              the resourceName by wildcard. If the scope is
              ResourceResult.STRICT_SUBTREE_SCOPE, the 
              method will return a set object that contains one 
              ResourceResult object. The
              ResourceResult contains the policy decisions
              regarding the resourceName and its sub
              resources. If the scope is
              ResourceResult.SELF_SCOPE, the method will
              return a set object that contains one
              ResourceResult object.
              The ResourceResult contains the policy decision
              regarding the resourceName only.envParameters - run-time environment parametersResourceResult objectsSSOException - if token is invalidPolicyException - for any other abnormal conditionResourceMatch.EXACT_MATCH, 
ResourceMatch.SUB_RESOURCE_MATCH, 
ResourceMatch.WILDCARD_MATCH, 
ResourceResult.SUBTREE_SCOPE, 
ResourceResult.STRICT_SUBTREE_SCOPE, 
ResourceResult.SELF_SCOPE
public ResourceResult getResourceResult(SSOToken token,
                                        java.lang.String resourceName,
                                        java.lang.String scope,
                                        java.util.Map envParameters)
                                 throws SSOException,
                                        PolicyException
getResourceResults()
ResourceResult
 is a tree representation of policy decisions for all resources rooted 
 at the resource name.
 To determine whether a resource defined in the policy
 is a sub resource of argument resource name, argument resource name 
 and policy resource name are compared, treating wild characters as 
 literals. If comparison resulted in EXACT_MACTH or
 SUB_RESOURCE_MACTH, the resource would be includedtoken - single sign on token of the user evaluating policiesresourceName - name of the resourcescope - indicates whether to compute the resource result based on
              the policy decision for only the resourceName
              or all the resources associated with the resource name.
              The valid scope values are:
              ResourceResult.SUBTREE_SCOPE
              ResourceResult.STRICT_SUBTREE_SCOPE
              ResourceResult.SELF_SCOPE
              ResourceResult.SUBTREE_SCOPE or
              ResourceResult.STRICT_SUBTREE_SCOPE, the method
              will return a ResourceResult object that
              contains the policy decisions regarding the
              resourceName and its sub resources.
              If the scope is ResourceResult.SELF_SCOPE, the
              method will return a ResourceResult object that
              contains the policy decision regarding the
              resourceName only. Note, scope values
              ResourceResult.SUBTREE_SCOPE and
              ResourceResult.STRICT_SUBTREE_SCOPE are being
              treated as the same for backword compatibility reasons. This
              method is being deprecated. The method
              getResourceResults() should be used instead.envParameters - run-time environment parametersResourceResult.SSOException - if token is invalidPolicyException - for any other abnormal conditionResourceMatch.EXACT_MATCH, 
ResourceMatch.SUB_RESOURCE_MATCH, 
ResourceMatch.WILDCARD_MATCH, 
ResourceResult.SUBTREE_SCOPE, 
ResourceResult.STRICT_SUBTREE_SCOPE, 
ResourceResult.SELF_SCOPEpublic void addPolicyListener(PolicyListener policyListener)
policyListener - the listener to be addedpublic void removePolicyListener(PolicyListener policyListener)
policyListener - the listener to be removed| 
 | |||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||