com.sun.identity.entitlement

Class Evaluator

java.lang.Object

com.sun.identity.entitlement.Evaluator

public class Evaluator
extends Object

The class evaluates entitlement request and provides decisions. The evaluation of a policy depends on the following contextual information:

• realm: The realm the policy needs to be evaluated in.
• subject: The subject that attempts to access a particular resource.
• resourceNames: The resources the subject attempts to access.
• environment: Additional information about the environment within which the policy should be evaluated. Note that certain environment/subject conditions may depend on certain fields to be present in this map. One such example would be the LDAP Filter Condition having access to the PolicyEvaluator.REALM_DN field containing the realm's DN representation.

Additionally, the evaluation will also take into account the name of the policy set (a.k.a. application) used when creating the Evaluator instance.

Field Summary

Fields

Modifier and Type	Field and Description
static int	DEFAULT_POLICY_EVAL_THREAD

Constructor Summary

Constructors

Constructor and Description
Evaluator(Subject subject) Constructor to create an evaluator the default service type.
Evaluator(Subject subject, String applicationName) Constructor to create an evaluator given the service type.

Method Summary

Modifier and Type	Method and Description
List<Entitlement>	evaluate(String realm, Subject subject, Set<String> resourceNames, Map<String,Set<String>> environment) Returns a list of entitlements for a given subject, resource names and environment.
List<Entitlement>	evaluate(String realm, Subject subject, String resourceName, Map<String,Set<String>> environment, boolean recursive) Returns a list of entitlements for a given subject, resource name and environment.
String	getApplicationName() Returns application name.
boolean	hasEntitlement(String realm, Subject subject, Entitlement e, Map<String,Set<String>> envParameters) Returns true if the subject is granted to an entitlement.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_POLICY_EVAL_THREAD

public static final int DEFAULT_POLICY_EVAL_THREAD

See Also:

Constant Field Values

Constructor Detail

Evaluator

public Evaluator(Subject subject)
          throws EntitlementException

Constructor to create an evaluator the default service type.

Parameters:

subject - Subject who credential is used for performing the evaluation.

Throws:

EntitlementException - if any other abnormal condition occurred.

Evaluator

public Evaluator(Subject subject,
                 String applicationName)
          throws EntitlementException

Constructor to create an evaluator given the service type.

Parameters:

subject - Subject who credential is used for performing the evaluation.

applicationName - the name of the aplication for which this evaluator can be used.

Throws:

EntitlementException - if any other abnormal condition occurred.

Method Detail

hasEntitlement

public boolean hasEntitlement(String realm,
                              Subject subject,
                              Entitlement e,
                              Map<String,Set<String>> envParameters)
                       throws EntitlementException

Returns true if the subject is granted to an entitlement.

Parameters:

realm - Realm name.

subject - Subject who is under evaluation.

e - Entitlement object which describes the resource name and actions.

envParameters - Map of environment parameters.

Returns:

true if the subject is granted to an entitlement.

Throws:

EntitlementException - if the result cannot be determined.

evaluate

public List<Entitlement> evaluate(String realm,
                                  Subject subject,
                                  Set<String> resourceNames,
                                  Map<String,Set<String>> environment)
                           throws EntitlementException

Returns a list of entitlements for a given subject, resource names and environment.

Parameters:

realm - Realm Name.

subject - Subject who is under evaluation.

resourceNames - Resource names.

environment - Environment parameters.

Returns:

a list of entitlements for a given subject, resource name and environment.

Throws:

EntitlementException - if the result cannot be determined.

evaluate

public List<Entitlement> evaluate(String realm,
                                  Subject subject,
                                  String resourceName,
                                  Map<String,Set<String>> environment,
                                  boolean recursive)
                           throws EntitlementException

Returns a list of entitlements for a given subject, resource name and environment.

Parameters:

realm - Realm Name.

subject - Subject who is under evaluation.

resourceName - Resource name.

environment - Environment parameters.

recursive - true to perform evaluation on sub resources from the given resource name.

Returns:

a list of entitlements for a given subject, resource name and environment.

Throws:

EntitlementException - if the result cannot be determined.

getApplicationName

public String getApplicationName()

Returns application name.

Returns:

application name.