Package com.sun.identity.delegation.plugins

Class DelegationPolicyImpl

    • Constructor Detail

      • DelegationPolicyImpl

        public DelegationPolicyImpl()

    • Method Detail

      • initialize

        public void initialize​(SSOToken token,
                       Map configParams)
                throws DelegationException
        Initialize (or configure) the DelegationInterface object. Usually it will be initialized with the environmrnt parameters set by the system administrator via Service management service.
        Specified by:
        initialize in interface DelegationInterface
        Parameters:
        token - SSOToken of an administrator
        configParams - configuration parameters as a Map. The values in the Map is java.util.Set, which contains one or more configuration parameters.
        Throws:
        DelegationException - if an error occurred during initialization of DelegationInterface instance

      • getPrivileges

        public Set getPrivileges​(SSOToken token,
                         String orgName)
                  throws SSOException,
                         DelegationException
        Returns all the delegation privileges associated with a realm.
        Specified by:
        getPrivileges in interface DelegationInterface
        Parameters:
        token - The SSOToken of the requesting user
        orgName - The name of the realm from which the delegation privileges are fetched.
        Returns:
        Set of DelegationPrivilege objects associated with the realm.
        Throws:
        SSOException - invalid or expired single-sign-on token
        DelegationException - for any abnormal condition

      • addPrivilege

        public void addPrivilege​(SSOToken token,
                         String orgName,
                         DelegationPrivilege privilege)
                  throws SSOException,
                         DelegationException
        Adds a delegation privilege to a specific realm. The permission will be added to the existing privilege in the event that this method is trying to add to an existing privilege.
        Specified by:
        addPrivilege in interface DelegationInterface
        Parameters:
        token - The SSOToken of the requesting user
        orgName - The name of the realm to which the delegation privilege is to be added.
        privilege - The delegation privilege to be added.
        Throws:
        SSOException - invalid or expired single-sign-on token
        DelegationException - if any abnormal condition occurred.

      • removePrivilege

        public void removePrivilege​(SSOToken token,
                            String orgName,
                            String privilegeName)
                     throws SSOException,
                            DelegationException
        Removes a delegation privilege from a specific realm.
        Specified by:
        removePrivilege in interface DelegationInterface
        Parameters:
        token - The SSOToken of the requesting user
        orgName - The name of the realm from which the delegation privilege is to be removed.
        privilegeName - The name of the delegation privilege to be removed.
        Throws:
        SSOException - invalid or expired single-sign-on token
        DelegationException - for any abnormal condition

      • getSubjects

        public Set getSubjects​(SSOToken token,
                       String orgName,
                       Set types,
                       String pattern)
                throws SSOException,
                       DelegationException
        Returns a set of selected subjects of specified types matching the pattern in the given realm. The pattern accepts "*" as the wild card for searching subjects. For example, "a*c" matches with any subject starting with a and ending with c.
        Specified by:
        getSubjects in interface DelegationInterface
        Parameters:
        token - The SSOToken of the requesting user
        orgName - The name of the realm from which the subjects are fetched.
        types - a set of subject types. e.g. ROLE, GROUP.
        pattern - a filter used to select the subjects.
        Returns:
        a set of subjects associated with the realm.
        Throws:
        SSOException - invalid or expired single-sign-on token
        DelegationException - for any abnormal condition
        SSOException - invalid or expired single-sign-on token
        DelegationException - for any abnormal condition

      • getManageableOrganizationNames

        public Set getManageableOrganizationNames​(SSOToken token,
                                          Set organizationNames)
                                   throws SSOException,
                                          DelegationException
        Returns a set of realm names, based on the input parameter organizationNames, in which the "user" has some delegation permissions.
        Specified by:
        getManageableOrganizationNames in interface DelegationInterface
        Parameters:
        token - The SSOToken of the requesting user
        organizationNames - a Set of realm names.
        Returns:
        a Set of realm names in which the user has some delegation permissions. It is a subset of organizationNames
        Throws:
        SSOException - invalid or expired single-sign-on token
        DelegationException - for any abnormal condition

      • isAllowed

        public boolean isAllowed​(SSOToken token,
                         DelegationPermission permission,
                         Map envParams)
                  throws SSOException,
                         DelegationException
        Returns a boolean value; if a user has the specified permission returns true, false otherwise.
        Specified by:
        isAllowed in interface DelegationInterface
        Parameters:
        token - Single sign on token of the user evaluating permission.
        permission - Delegation permission to be evaluated
        envParams - Run-time environment parameters.
        Returns:
        the result of the evaluation as a boolean value
        Throws:
        SSOException - single-sign-on token invalid or expired.
        DelegationException - for any other abnormal condition.

      • schemaChanged

        public void schemaChanged​(String serviceName,
                          String version)
        This method will be invoked when a service's schema has been changed.
        Specified by:
        schemaChanged in interface ServiceListener
        Parameters:
        serviceName - name of the service
        version - version of the service

      • globalConfigChanged

        public void globalConfigChanged​(String serviceName,
                                String version,
                                String groupName,
                                String serviceComponent,
                                int type)
        This method will be invoked when a service's global configuration data has been changed. The parameter groupName denote the name of the configuration grouping (e.g. default) and serviceComponent denotes the service's sub-component that changed (e.g. /NamedPolicy, /Templates).
        Specified by:
        globalConfigChanged in interface ServiceListener
        Parameters:
        serviceName - name of the service.
        version - version of the service.
        groupName - name of the configuration grouping.
        serviceComponent - name of the service components that changed.
        type - change type, i.e., ADDED, REMOVED or MODIFIED.

      • organizationConfigChanged

        public void organizationConfigChanged​(String serviceName,
                                      String version,
                                      String orgName,
                                      String groupName,
                                      String serviceComponent,
                                      int type)
        This method will be invoked when a service's organization configuration data has been changed. The parameters orgName, groupName and serviceComponent denotes the organization name, configuration grouping name and service's sub-component that are changed respectively.
        Specified by:
        organizationConfigChanged in interface ServiceListener
        Parameters:
        serviceName - name of the service
        version - version of the service
        orgName - organization name as DN
        groupName - name of the configuration grouping
        serviceComponent - the name of the service components that changed
        type - change type, i.e., ADDED, REMOVED or MODIFIED

      • identityChanged

        public void identityChanged​(String universalId)
        This method is called back for all identities that are modified in a repository.
        Specified by:
        identityChanged in interface IdEventListener
        Parameters:
        universalId - Universal Identifier of the identity.

      • identityDeleted

        public void identityDeleted​(String universalId)
        This method is called back for all identities that are deleted from a repository. The universal identifier of the identity is passed in as an argument
        Specified by:
        identityDeleted in interface IdEventListener
        Parameters:
        universalId - Univerval Identifier

      • identityRenamed

        public void identityRenamed​(String universalId)
        This method is called for all identities that are renamed in a repository. The universal identifier of the identity is passed in as an argument
        Specified by:
        identityRenamed in interface IdEventListener
        Parameters:
        universalId - Universal Identifier

      • allIdentitiesChanged

        public void allIdentitiesChanged()
        The method is called when all identities in the repository are changed. This could happen due to a organization deletion or permissions change etc
        Specified by:
        allIdentitiesChanged in interface IdEventListener

      • getServiceTypeName

        public String getServiceTypeName()
        Gets the service type name for which this listener wants to get notifications
        Specified by:
        getServiceTypeName in interface PolicyListener
        Returns:
        delegation service name

      • policyChanged

        public void policyChanged​(PolicyEvent policyEvent)
        This method is called by the policy framework whenever a policy is added, removed or changed. The notification is sent only if the policy has any rule that has the serviceTypeName of this listener
        Specified by:
        policyChanged in interface PolicyListener
        Parameters:
        policyEvent - event object sent by the policy framework
        See Also:
        PolicyEvent