Package com.sun.identity.delegation.interfaces

Interface DelegationInterface

  • All Known Implementing Classes:
    DelegationPolicyImpl
    public interface DelegationInterface
    The interface DelegationInterface defines an interface for delegation plugins that would register with delegation framework to manage and evaluate delegation access control privileges and permissions.

    • Method Detail

      • initialize

        void initialize​(SSOToken appToken,
                Map configParams)
         throws DelegationException
        Initialize (or configure) the DelegationInterface object. Usually it will be initialized with the environmrnt parameters set by the system administrator. Usually it will be initialized with the environment parameters set by the system administrator.
        Parameters:
        appToken - SSOToken of the administrative user.
        configParams - configuration parameters as a Map. The values in the map is java.util.Set, which contains one or more configuration parameters.
        Throws:
        DelegationException - if an error occurred during initialization of DelegationInterface instance

      • getPrivileges

        Set getPrivileges​(SSOToken token,
                  String orgName)
           throws SSOException,
                  DelegationException
        Returns all the delegation privileges associated with a realm.
        Parameters:
        token - The SSOToken of the requesting user
        orgName - The name of the realm from which the delegation privileges are fetched.
        Returns:
        Set of DelegationPrivilege objects associated with the realm.
        Throws:
        SSOException - if invalid or expired single-sign-on token
        DelegationException - for any abnormal condition

      • addPrivilege

        void addPrivilege​(SSOToken token,
                  String orgName,
                  DelegationPrivilege privilege)
           throws SSOException,
                  DelegationException
        Adds a delegation privilege to a specific realm. The permission will be added to the existing privilege in the event that this method is trying to add to an existing privilege.
        Parameters:
        token - The SSOToken of the requesting user
        orgName - The name of the realm to which the delegation privilege is to be added.
        privilege - The delegation privilege to be added.
        Throws:
        SSOException - if invalid or expired single-sign-on token
        DelegationException - if any abnormal condition occurred.

      • removePrivilege

        void removePrivilege​(SSOToken token,
                     String orgName,
                     String privilegeName)
              throws SSOException,
                     DelegationException
        Removes a delegation privilege from a specific realm.
        Parameters:
        token - The SSOToken of the requesting user
        orgName - The name of the realm from which the delegation privilege is to be removed.
        privilegeName - The name of the delegation privilege to be removed.
        Throws:
        SSOException - if invalid or expired single-sign-on token
        DelegationException - for any abnormal condition

      • getSubjects

        Set getSubjects​(SSOToken token,
                String orgName,
                Set types,
                String pattern)
         throws SSOException,
                DelegationException
        Returns a set of selected subjects of specified types matching the pattern in the given realm. The pattern accepts "*" as the wild card for searching subjects. For example, "a*c" matches with any subject starting with a and ending with c.
        Parameters:
        token - The SSOToken of the requesting user
        orgName - The name of the realm from which the subjects are fetched.
        types - a set of subject types. e.g. ROLE, GROUP.
        pattern - a filter used to select the subjects.
        Returns:
        a set of subjects associated with the realm.
        Throws:
        SSOException - if invalid or expired single-sign-on token
        DelegationException - for any abnormal condition

      • getManageableOrganizationNames

        Set getManageableOrganizationNames​(SSOToken token,
                                   Set organizationNames)
                            throws SSOException,
                                   DelegationException
        Returns a set of realm names, based on the input parameter organizationNames, in which the "user" has some delegation permissions.
        Parameters:
        token - The SSOToken of the requesting user
        organizationNames - a Set of realm names.
        Returns:
        a Set of realm names in which the user has some delegation permissions. It is a subset of organizationNames
        Throws:
        SSOException - if invalid or expired single-sign-on token
        DelegationException - for any abnormal condition

      • isAllowed

        boolean isAllowed​(SSOToken token,
                  DelegationPermission permission,
                  Map envParams)
           throws SSOException,
                  DelegationException
        Returns a boolean value indicating if a user has the the specified permission.
        Parameters:
        token - Single sign on token of the user evaluating permission.
        permission - Delegation permission to be evaluated
        envParams - Run-time environment parameters.
        Returns:
        the result of the evaluation as a boolean value
        Throws:
        SSOException - if single-sign-on token invalid or expired.
        DelegationException - for any other abnormal condition.

      • getPermissions

        Set getPermissions​(SSOToken token,
                   String orgName)
            throws SSOException,
                   DelegationException
        Returns a set of permissions that a user has.
        Parameters:
        token - sso token of the user requesting permissions
        orgName - The name of the realm from which the delegation permissions are fetched.
        Returns:
        a Set of permissions that a user has
        Throws:
        SSOException - if single-sign-on token invalid or expired
        DelegationException - for any other abnormal condition