com.sun.identity.policy
Class  ProxyPolicyEvaluator
java.lang.Object
  |
  +--com.sun.identity.policy.ProxyPolicyEvaluator
- public class ProxyPolicyEvaluator- extends java.lang.Object
Class that lets a priviliged user to compute policy results for 
  another user.
 Only privileged users can get ProxyPolicyEvaluator
  - only top level administrator, top level policy administrator, 
 organization administrator or organization policy administrator can get
 ProxyPolicyEvaluator. Top level administrator can compute policy
 results for any user. Organization administrator or policy administrator can
 compute policy results only for users who are members of the organization
 (including sub organization) that they manage. If they try to compute policys
 result for any other user, they would get a PolicyException.
| Method Summary | 
|  PolicyDecision | getPolicyDecision(java.lang.String principalName,
                  java.lang.String resourceName,
                  java.util.Map env)Gets policy decision for the user identified by the
 principalNamefor the given resource | 
|  PolicyDecision | getPolicyDecisionIgnoreSubjects(java.lang.String resourceName,
                                java.util.Set actionNames,
                                java.util.Map env)Gets policy decision for a resource, skipping subject evaluation.
 | 
|  java.util.Set | getProtectedResourcesIgnoreConditions(java.lang.String principalName,
                                      java.lang.String rootResource)Gets protected resources for a user identified by the
 principalName. | 
|  boolean | isAllowed(java.lang.String principalName,
          java.lang.String resourceName,
          java.lang.String actionName,
          java.util.Map env)Evaluates a simple privilege of boolean type.
 | 
 
| Methods inherited from class java.lang.Object | 
| equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait | 
 
isAllowed
public boolean isAllowed(java.lang.String principalName,
                         java.lang.String resourceName,
                         java.lang.String actionName,
                         java.util.Map env)
                  throws PolicyException,
                         SSOException
- Evaluates a simple privilege of boolean type. The privilege indicates
 if the user identified by the principalNamecan perform specified action on the specified resource.
- 
- Parameters:
- principalName- principal name for whom to compute the privilege.
- resourceName- name of the resource for which to compute 
                     policy result.
- actionName- name of the action the user is trying to perform on
 the resource
- env- run time environment parameters
- Returns:
- the result of the evaluation as a boolean value
- Throws:
- PolicyException- exception form policy framework
- SSOException- if single sign on token is invalid
 
getPolicyDecision
public PolicyDecision getPolicyDecision(java.lang.String principalName,
                                        java.lang.String resourceName,
                                        java.util.Map env)
                                 throws PolicyException,
                                        SSOException
- Gets policy decision for the user identified by the
 principalNamefor the given resource
- 
- Parameters:
- principalName- principal name for whom to compute the policy 
                      decision
- resourceName- name of the resource for which to compute policy 
                      decision
- env- run time environment parameters
- Returns:
- the policy decision for the principal for the given resource
- Throws:
- PolicyException- exception form policy framework
- SSOException- if single sign on token is invalid
 
getPolicyDecisionIgnoreSubjects
public PolicyDecision getPolicyDecisionIgnoreSubjects(java.lang.String resourceName,
                                                      java.util.Set actionNames,
                                                      java.util.Map env)
                                               throws PolicyException,
                                                      SSOException
- Gets policy decision for a resource, skipping subject evaluation. 
 Conditions would be evaluated and would include applicable advices 
 in policy decisions. Hence, you could get details such as
 AuthLevel,AuthSchemethat would be required to
 access the resource.
- 
- Parameters:
- resourceName- name of the resource for which to compute policy 
                      decision
- actionNames- names of the actions the user is trying to perform on
                   the resource
- env- run time environment parameters
- Returns:
- the policy decision for the principal for the given resource
- Throws:
- PolicyException- exception form policy framework
- SSOException- if single sign on token is invalid
 
getProtectedResourcesIgnoreConditions
public java.util.Set getProtectedResourcesIgnoreConditions(java.lang.String principalName,
                                                           java.lang.String rootResource)
                                                    throws PolicyException,
                                                           SSOException
- Gets protected resources for a user identified by the
 principalName.  Conditions defined  in the policies are
 ignored while computing protected resources. 
 Only resources that are  sub resources of the  givenrootResourceor equal to the givenrootResourcewould be returned.
 If all policies applicable to a resource are 
 only referral policies, noProtectedResourcewould be
 returned for such a resource.
- 
- Parameters:
- principalName- principal name for whom to compute the privilege.
- rootResource- only resources that are sub resources of the  
                      given- rootResourceor equal to the
                      given- rootResourcewould be returned.
                      If- PolicyEvaluator.ALL_RESOURCESis 
                      passed as- rootResource, resources under
                      all root  resources of the service 
                      type are considered while computing protected 
                      resources.
- Returns:
- set of protected resources. The set contains
         ProtectedResourceobjects.
- Throws:
- PolicyException- exception form policy framework
- SSOException- if single sign on token is invalid
- See Also: 
- ProtectedResource
 
Copyright 2005 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms.