DelegationInterface (OpenAM Project 15.1.7-SNAPSHOT API)

All Known Implementing Classes:

DelegationPolicyImpl
```
public interface DelegationInterface
```
The interface DelegationInterface defines an interface for delegation plugins that would register with delegation framework to manage and evaluate delegation access control privileges and permissions.

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method and Description
`void`	`addPrivilege(SSOToken token, String orgName, DelegationPrivilege privilege)` Adds a delegation privilege to a specific realm.
`Set`	`getManageableOrganizationNames(SSOToken token, Set organizationNames)` Returns a set of realm names, based on the input parameter `organizationNames`, in which the "user" has some delegation permissions.
`Set`	`getPermissions(SSOToken token, String orgName)` Returns a set of permissions that a user has.
`Set`	`getPrivileges(SSOToken token, String orgName)` Returns all the delegation privileges associated with a realm.
`Set`	`getSubjects(SSOToken token, String orgName, Set types, String pattern)` Returns a set of selected subjects of specified types matching the pattern in the given realm.
`void`	`initialize(SSOToken appToken, Map configParams)` Initialize (or configure) the `DelegationInterface` object.
`boolean`	`isAllowed(SSOToken token, DelegationPermission permission, Map envParams)` Returns a boolean value indicating if a user has the the specified permission.
`void`	`removePrivilege(SSOToken token, String orgName, String privilegeName)` Removes a delegation privilege from a specific realm.

- Method Detail
  - initialize
```
void initialize(SSOToken appToken,
                Map configParams)
         throws DelegationException
```
    Initialize (or configure) the DelegationInterface object. Usually it will be initialized with the environmrnt parameters set by the system administrator. Usually it will be initialized with the environment parameters set by the system administrator.
    
    Parameters:
    
    appToken - SSOToken of the administrative user.
    
    configParams - configuration parameters as a Map. The values in the map is java.util.Set, which contains one or more configuration parameters.
    
    Throws:
    
    DelegationException - if an error occurred during initialization of DelegationInterface instance
  - getPrivileges
```
Set getPrivileges(SSOToken token,
                  String orgName)
           throws SSOException,
                  DelegationException
```
    Returns all the delegation privileges associated with a realm.
    
    Parameters:
    
    token - The SSOToken of the requesting user
    
    orgName - The name of the realm from which the delegation privileges are fetched.
    
    Returns:
    
    Set of DelegationPrivilege objects associated with the realm.
    
    Throws:
    
    SSOException - if invalid or expired single-sign-on token
    
    DelegationException - for any abnormal condition
  - addPrivilege
```
void addPrivilege(SSOToken token,
                  String orgName,
                  DelegationPrivilege privilege)
           throws SSOException,
                  DelegationException
```
    Adds a delegation privilege to a specific realm. The permission will be added to the existing privilege in the event that this method is trying to add to an existing privilege.
    
    Parameters:
    
    token - The SSOToken of the requesting user
    
    orgName - The name of the realm to which the delegation privilege is to be added.
    
    privilege - The delegation privilege to be added.
    
    Throws:
    
    SSOException - if invalid or expired single-sign-on token
    
    DelegationException - if any abnormal condition occurred.
  - removePrivilege
```
void removePrivilege(SSOToken token,
                     String orgName,
                     String privilegeName)
              throws SSOException,
                     DelegationException
```
    Removes a delegation privilege from a specific realm.
    
    Parameters:
    
    token - The SSOToken of the requesting user
    
    orgName - The name of the realm from which the delegation privilege is to be removed.
    
    privilegeName - The name of the delegation privilege to be removed.
    
    Throws:
    
    SSOException - if invalid or expired single-sign-on token
    
    DelegationException - for any abnormal condition
  - getSubjects
```
Set getSubjects(SSOToken token,
                String orgName,
                Set types,
                String pattern)
         throws SSOException,
                DelegationException
```
    Returns a set of selected subjects of specified types matching the pattern in the given realm. The pattern accepts "*" as the wild card for searching subjects. For example, "a*c" matches with any subject starting with a and ending with c.
    
    Parameters:
    
    token - The SSOToken of the requesting user
    
    orgName - The name of the realm from which the subjects are fetched.
    
    types - a set of subject types. e.g. ROLE, GROUP.
    
    pattern - a filter used to select the subjects.
    
    Returns:
    
    a set of subjects associated with the realm.
    
    Throws:
    
    SSOException - if invalid or expired single-sign-on token
    
    DelegationException - for any abnormal condition
  - getManageableOrganizationNames
```
Set getManageableOrganizationNames(SSOToken token,
                                   Set organizationNames)
                            throws SSOException,
                                   DelegationException
```
    Returns a set of realm names, based on the input parameter organizationNames, in which the "user" has some delegation permissions.
    
    Parameters:
    
    token - The SSOToken of the requesting user
    
    organizationNames - a Set of realm names.
    
    Returns:
    
    a Set of realm names in which the user has some delegation permissions. It is a subset of organizationNames
    
    Throws:
    
    SSOException - if invalid or expired single-sign-on token
    
    DelegationException - for any abnormal condition
  - isAllowed
```
boolean isAllowed(SSOToken token,
                  DelegationPermission permission,
                  Map envParams)
           throws SSOException,
                  DelegationException
```
    Returns a boolean value indicating if a user has the the specified permission.
    
    Parameters:
    
    token - Single sign on token of the user evaluating permission.
    
    permission - Delegation permission to be evaluated
    
    envParams - Run-time environment parameters.
    
    Returns:
    
    the result of the evaluation as a boolean value
    
    Throws:
    
    SSOException - if single-sign-on token invalid or expired.
    
    DelegationException - for any other abnormal condition.
  - getPermissions
```
Set getPermissions(SSOToken token,
                   String orgName)
            throws SSOException,
                   DelegationException
```
    Returns a set of permissions that a user has.
    
    Parameters:
    
    token - sso token of the user requesting permissions
    
    orgName - The name of the realm from which the delegation permissions are fetched.
    
    Returns:
    
    a Set of permissions that a user has
    
    Throws:
    
    SSOException - if single-sign-on token invalid or expired
    
    DelegationException - for any other abnormal condition

Interface DelegationInterface

Method Summary

Method Detail

initialize

getPrivileges

addPrivilege

removePrivilege

getSubjects

getManageableOrganizationNames

isAllowed

getPermissions