com.sun.identity.delegation.plugins

Class DelegationPolicyImpl

java.lang.Object

com.sun.identity.delegation.plugins.DelegationPolicyImpl

All Implemented Interfaces:

DelegationInterface, IdEventListener, PolicyListener, ServiceListener

public class DelegationPolicyImpl
extends Object
implements DelegationInterface, ServiceListener, IdEventListener, PolicyListener

The class DelegationPolicyImpl implements the interface DelegationInterface using OpenAM Policy Management and Evaluation APIs. It provides access control for access manager using the OpenAM's internal policy framework.

Field Summary

Fields inherited from interface com.sun.identity.sm.ServiceListener

ADDED, MODIFIED, REMOVED

Constructor Summary

Constructors

Constructor and Description
DelegationPolicyImpl()

Method Summary

Modifier and Type	Method and Description
void	addPrivilege(SSOToken token, String orgName, DelegationPrivilege privilege) Adds a delegation privilege to a specific realm.
void	allIdentitiesChanged() The method is called when all identities in the repository are changed.
Set	getManageableOrganizationNames(SSOToken token, Set organizationNames) Returns a set of realm names, based on the input parameter organizationNames, in which the "user" has some delegation permissions.
Set	getPermissions(SSOToken token, String orgName) Returns a set of permissions that a user has.
Set	getPrivileges(SSOToken token, String orgName) Returns all the delegation privileges associated with a realm.
String	getServiceTypeName() Gets the service type name for which this listener wants to get notifications
Set	getSubjects(SSOToken token, String orgName, Set types, String pattern) Returns a set of selected subjects of specified types matching the pattern in the given realm.
void	globalConfigChanged(String serviceName, String version, String groupName, String serviceComponent, int type) This method will be invoked when a service's global configuration data has been changed.
void	identityChanged(String universalId) This method is called back for all identities that are modified in a repository.
void	identityDeleted(String universalId) This method is called back for all identities that are deleted from a repository.
void	identityRenamed(String universalId) This method is called for all identities that are renamed in a repository.
void	initialize(SSOToken token, Map configParams) Initialize (or configure) the DelegationInterface object.
boolean	isAllowed(SSOToken token, DelegationPermission permission, Map envParams) Returns a boolean value; if a user has the specified permission returns true, false otherwise.
void	organizationConfigChanged(String serviceName, String version, String orgName, String groupName, String serviceComponent, int type) This method will be invoked when a service's organization configuration data has been changed.
void	policyChanged(PolicyEvent policyEvent) This method is called by the policy framework whenever a policy is added, removed or changed.
void	removePrivilege(SSOToken token, String orgName, String privilegeName) Removes a delegation privilege from a specific realm.
void	schemaChanged(String serviceName, String version) This method will be invoked when a service's schema has been changed.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DelegationPolicyImpl

public DelegationPolicyImpl()

Method Detail

initialize

public void initialize(SSOToken token,
                       Map configParams)
                throws DelegationException

Initialize (or configure) the DelegationInterface object. Usually it will be initialized with the environmrnt parameters set by the system administrator via Service management service.

Specified by:

initialize in interface DelegationInterface

Parameters:

token - SSOToken of an administrator

configParams - configuration parameters as a Map. The values in the Map is java.util.Set, which contains one or more configuration parameters.

Throws:

DelegationException - if an error occurred during initialization of DelegationInterface instance

getPrivileges

public Set getPrivileges(SSOToken token,
                         String orgName)
                  throws SSOException,
                         DelegationException

Returns all the delegation privileges associated with a realm.

Specified by:

getPrivileges in interface DelegationInterface

Parameters:

token - The SSOToken of the requesting user

orgName - The name of the realm from which the delegation privileges are fetched.

Returns:

Set of DelegationPrivilege objects associated with the realm.

Throws:

SSOException - invalid or expired single-sign-on token

DelegationException - for any abnormal condition

addPrivilege

public void addPrivilege(SSOToken token,
                         String orgName,
                         DelegationPrivilege privilege)
                  throws SSOException,
                         DelegationException

Adds a delegation privilege to a specific realm. The permission will be added to the existing privilege in the event that this method is trying to add to an existing privilege.

Specified by:

addPrivilege in interface DelegationInterface

Parameters:

token - The SSOToken of the requesting user

orgName - The name of the realm to which the delegation privilege is to be added.

privilege - The delegation privilege to be added.

Throws:

SSOException - invalid or expired single-sign-on token

DelegationException - if any abnormal condition occurred.

removePrivilege

public void removePrivilege(SSOToken token,
                            String orgName,
                            String privilegeName)
                     throws SSOException,
                            DelegationException

Removes a delegation privilege from a specific realm.

Specified by:

removePrivilege in interface DelegationInterface

Parameters:

token - The SSOToken of the requesting user

orgName - The name of the realm from which the delegation privilege is to be removed.

privilegeName - The name of the delegation privilege to be removed.

Throws:

SSOException - invalid or expired single-sign-on token

DelegationException - for any abnormal condition

getSubjects

public Set getSubjects(SSOToken token,
                       String orgName,
                       Set types,
                       String pattern)
                throws SSOException,
                       DelegationException

Returns a set of selected subjects of specified types matching the pattern in the given realm. The pattern accepts "*" as the wild card for searching subjects. For example, "a*c" matches with any subject starting with a and ending with c.

Specified by:

getSubjects in interface DelegationInterface

Parameters:

token - The SSOToken of the requesting user

orgName - The name of the realm from which the subjects are fetched.

types - a set of subject types. e.g. ROLE, GROUP.

pattern - a filter used to select the subjects.

Returns:

a set of subjects associated with the realm.

Throws:

SSOException - invalid or expired single-sign-on token

DelegationException - for any abnormal condition

SSOException - invalid or expired single-sign-on token

DelegationException - for any abnormal condition

getManageableOrganizationNames

public Set getManageableOrganizationNames(SSOToken token,
                                          Set organizationNames)
                                   throws SSOException,
                                          DelegationException

Returns a set of realm names, based on the input parameter organizationNames, in which the "user" has some delegation permissions.

Specified by:

getManageableOrganizationNames in interface DelegationInterface

Parameters:

token - The SSOToken of the requesting user

organizationNames - a Set of realm names.

Returns:

a Set of realm names in which the user has some delegation permissions. It is a subset of organizationNames

Throws:

SSOException - invalid or expired single-sign-on token

DelegationException - for any abnormal condition

isAllowed

public boolean isAllowed(SSOToken token,
                         DelegationPermission permission,
                         Map envParams)
                  throws SSOException,
                         DelegationException

Returns a boolean value; if a user has the specified permission returns true, false otherwise.

Specified by:

isAllowed in interface DelegationInterface

Parameters:

token - Single sign on token of the user evaluating permission.

permission - Delegation permission to be evaluated

envParams - Run-time environment parameters.

Returns:

the result of the evaluation as a boolean value

Throws:

SSOException - single-sign-on token invalid or expired.

DelegationException - for any other abnormal condition.

getPermissions

public Set getPermissions(SSOToken token,
                          String orgName)
                   throws SSOException,
                          DelegationException

Returns a set of permissions that a user has.

Specified by:

getPermissions in interface DelegationInterface

Parameters:

token - sso token of the user requesting permissions

orgName - The name of the realm from which the delegation permissions are fetched.

Returns:

a Set of permissions that a user has

Throws:

SSOException - if single-sign-on token invalid or expired

DelegationException - for any other abnormal condition

schemaChanged

public void schemaChanged(String serviceName,
                          String version)

This method will be invoked when a service's schema has been changed.

Specified by:

schemaChanged in interface ServiceListener

Parameters:

serviceName - name of the service

version - version of the service

globalConfigChanged

public void globalConfigChanged(String serviceName,
                                String version,
                                String groupName,
                                String serviceComponent,
                                int type)

This method will be invoked when a service's global configuration data has been changed. The parameter groupName denote the name of the configuration grouping (e.g. default) and serviceComponent denotes the service's sub-component that changed (e.g. /NamedPolicy, /Templates).

Specified by:

globalConfigChanged in interface ServiceListener

Parameters:

serviceName - name of the service.

version - version of the service.

groupName - name of the configuration grouping.

serviceComponent - name of the service components that changed.

type - change type, i.e., ADDED, REMOVED or MODIFIED.

organizationConfigChanged

public void organizationConfigChanged(String serviceName,
                                      String version,
                                      String orgName,
                                      String groupName,
                                      String serviceComponent,
                                      int type)

This method will be invoked when a service's organization configuration data has been changed. The parameters orgName, groupName and serviceComponent denotes the organization name, configuration grouping name and service's sub-component that are changed respectively.

Specified by:

organizationConfigChanged in interface ServiceListener

Parameters:

serviceName - name of the service

version - version of the service

orgName - organization name as DN

groupName - name of the configuration grouping

serviceComponent - the name of the service components that changed

type - change type, i.e., ADDED, REMOVED or MODIFIED

identityChanged

public void identityChanged(String universalId)

This method is called back for all identities that are modified in a repository.

Specified by:

identityChanged in interface IdEventListener

Parameters:

universalId - Universal Identifier of the identity.

identityDeleted

public void identityDeleted(String universalId)

This method is called back for all identities that are deleted from a repository. The universal identifier of the identity is passed in as an argument

Specified by:

identityDeleted in interface IdEventListener

Parameters:

universalId - Univerval Identifier

identityRenamed

public void identityRenamed(String universalId)

This method is called for all identities that are renamed in a repository. The universal identifier of the identity is passed in as an argument

Specified by:

identityRenamed in interface IdEventListener

Parameters:

universalId - Universal Identifier

allIdentitiesChanged

public void allIdentitiesChanged()

The method is called when all identities in the repository are changed. This could happen due to a organization deletion or permissions change etc

Specified by:

allIdentitiesChanged in interface IdEventListener

getServiceTypeName

public String getServiceTypeName()

Gets the service type name for which this listener wants to get notifications

Specified by:

getServiceTypeName in interface PolicyListener

Returns:

delegation service name

policyChanged

public void policyChanged(PolicyEvent policyEvent)

This method is called by the policy framework whenever a policy is added, removed or changed. The notification is sent only if the policy has any rule that has the serviceTypeName of this listener

Specified by:

policyChanged in interface PolicyListener

Parameters:

policyEvent - event object sent by the policy framework

See Also:

PolicyEvent