com.sun.identity.entitlement

Class Privilege

java.lang.Object

com.sun.identity.entitlement.Privilege

All Implemented Interfaces:

IPrivilege

Direct Known Subclasses:

OpenSSOPrivilege

public abstract class Privilege
extends Object
implements IPrivilege

Class representing entitlement privilege

Field Summary

Fields

Modifier and Type	Field and Description
static String	APPLICATION_ATTRIBUTE application index key
static SearchAttribute	APPLICATION_SEARCH_ATTRIBUTE application search attribute
static String	CREATED_BY_ATTRIBUTE Created by index key
static SearchAttribute	CREATED_BY_SEARCH_ATTRIBUTE Created by search attribute
static String	CREATION_DATE_ATTRIBUTE Creation date index key
static SearchAttribute	CREATION_DATE_SEARCH_ATTRIBUTE Creation date index key
static String	DESCRIPTION_ATTRIBUTE Privilege description attribute name,
static SearchAttribute	DESCRIPTION_SEARCH_ATTRIBUTE Privilege description search attribute name,
static String	LAST_MODIFIED_BY_ATTRIBUTE Last modified by index key
static SearchAttribute	LAST_MODIFIED_BY_SEARCH_ATTRIBUTE Last modified by search attribute
static String	LAST_MODIFIED_DATE_ATTRIBUTE Last modified date index key
static SearchAttribute	LAST_MODIFIED_DATE_SEARCH_ATTRIBUTE Last modified date index key
static String	NAME_ATTRIBUTE Name attribute name,
static SearchAttribute	NAME_SEARCH_ATTRIBUTE Name search attribute
static NoSubject	NOT_SUBJECT
static String	PRIVILEGE_CLASS_PROPERTY The system property defining the default Privilege sub-class to use when constructing new privilege instances.
static String	RESOURCE_MACRO_ATTRIBUTE Macro used in condition
static String	RESOURCE_MACRO_SELF Macro used in resource name
static String	RESOURCE_TYPE_UUID_ATTRIBUTE Resource type uuid reference.
static SearchAttribute	RESOURCE_TYPE_UUID_SEARCH_ATTRIBUTE Resource type uuid reference.

Constructor Summary

Constructors

Constructor and Description
Privilege()

Method Summary

Modifier and Type	Method and Description
void	canonicalizeResources(Subject adminSubject, String realm) Canonicalizes resource name before persistence.
protected ConditionDecision	doesConditionMatch(String realm, Subject subject, String resourceName, Map<String,Set<String>> environment)
protected SubjectDecision	doesSubjectMatch(Subject adminSubject, String realm, Subject subject, String resourceName, Map<String,Set<String>> environment)
boolean	equals(Object obj) Returns true if the passed in object is equal to this object
abstract List<Entitlement>	evaluate(Subject adminSubject, String realm, Subject subject, String applicationName, String normalisedResourceName, String requestedResourceName, Set<String> actionNames, Map<String,Set<String>> environment, boolean recursive, Object context) Returns a list of entitlement for a given subject, resource name and environment.
Set<String>	getApplicationIndexes()
protected Map<String,Set<String>>	getAttributes(Subject adminSubject, String realm, Subject subject, String resourceName, Map<String,Set<String>> environment)
EntitlementCondition	getCondition() Returns the eCondition the privilege
String	getCreatedBy() Returns the user ID who created the policy.
long	getCreationDate() Returns creation date.
String	getDescription() Returns the description of the privilege.
Entitlement	getEntitlement() Returns entitlement defined in the privilege
static Privilege	getInstance(org.json.JSONObject jo)
String	getLastModifiedBy() Returns the user ID who last modified the policy.
long	getLastModifiedDate() Returns last modified date.
String	getName() Returns the name of the privilege.
static Privilege	getNewInstance() Returns entitlement privilege.
static Privilege	getNewInstance(org.json.JSONObject jo)
static Privilege	getNewInstance(String jo)
Set<ResourceAttribute>	getResourceAttributes() Returns the eResurceAttributes of the privilege
ResourceSaveIndexes	getResourceSaveIndexes(Subject adminSubject, String realm) Returns resource save indexes.
String	getResourceTypeUuid() Retrieves the resource type uuid that is associated with this policy.
EntitlementSubject	getSubject() Returns the eSubject the privilege
PrivilegeType	getType() Returns privilege Type.
int	hashCode() Returns hash code of the object
protected abstract void	init(org.json.JSONObject jo)
boolean	isActive() Returns true if this privilege is active.
void	setActive(boolean active) Sets this privilege active/inactive.
void	setApplicationIndexes(Set<String> indexes)
void	setCondition(EntitlementCondition condition) Sets condition.
void	setCreatedBy(String createdBy) Sets the user ID who created the policy.
void	setCreationDate(long creationDate) Sets the creation date.
void	setDescription(String description) Sets the description of the privilege.
void	setEntitlement(Entitlement entitlement) Sets entitlement.
void	setLastModifiedBy(String lastModifiedBy) Sets the user ID who last modified the policy.
void	setLastModifiedDate(long lastModifiedDate) Sets the last modified date.
void	setName(String name) Sets name.
void	setResourceAttributes(Set<ResourceAttribute> set) Sets resource attributes.
void	setResourceTypeUuid(String resourceTypeUuid) Sets the resource type uuid that this policy makes reference to.
void	setSubject(EntitlementSubject eSubject) Sets entitlement subject.
org.json.JSONObject	toJSONObject() Returns JSONObject mapping of the object
org.json.JSONObject	toMinimalJSONObject()
String	toString() Returns string representation of the object

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

PRIVILEGE_CLASS_PROPERTY

public static final String PRIVILEGE_CLASS_PROPERTY

The system property defining the default Privilege sub-class to use when constructing new privilege instances.

See Also:

Constant Field Values

APPLICATION_ATTRIBUTE

public static final String APPLICATION_ATTRIBUTE

application index key

See Also:

Constant Field Values

APPLICATION_SEARCH_ATTRIBUTE

public static final SearchAttribute APPLICATION_SEARCH_ATTRIBUTE

application search attribute

CREATED_BY_ATTRIBUTE

public static final String CREATED_BY_ATTRIBUTE

Created by index key

See Also:

Constant Field Values

CREATED_BY_SEARCH_ATTRIBUTE

public static final SearchAttribute CREATED_BY_SEARCH_ATTRIBUTE

Created by search attribute

LAST_MODIFIED_BY_ATTRIBUTE

public static final String LAST_MODIFIED_BY_ATTRIBUTE

Last modified by index key

See Also:

Constant Field Values

LAST_MODIFIED_BY_SEARCH_ATTRIBUTE

public static final SearchAttribute LAST_MODIFIED_BY_SEARCH_ATTRIBUTE

Last modified by search attribute

CREATION_DATE_ATTRIBUTE

public static final String CREATION_DATE_ATTRIBUTE

Creation date index key

See Also:

Constant Field Values

CREATION_DATE_SEARCH_ATTRIBUTE

public static final SearchAttribute CREATION_DATE_SEARCH_ATTRIBUTE

Creation date index key

LAST_MODIFIED_DATE_ATTRIBUTE

public static final String LAST_MODIFIED_DATE_ATTRIBUTE

Last modified date index key

See Also:

Constant Field Values

LAST_MODIFIED_DATE_SEARCH_ATTRIBUTE

public static final SearchAttribute LAST_MODIFIED_DATE_SEARCH_ATTRIBUTE

Last modified date index key

NAME_ATTRIBUTE

public static final String NAME_ATTRIBUTE

Name attribute name,

See Also:

Constant Field Values

NAME_SEARCH_ATTRIBUTE

public static final SearchAttribute NAME_SEARCH_ATTRIBUTE

Name search attribute

RESOURCE_TYPE_UUID_ATTRIBUTE

public static final String RESOURCE_TYPE_UUID_ATTRIBUTE

Resource type uuid reference.

See Also:

Constant Field Values

RESOURCE_TYPE_UUID_SEARCH_ATTRIBUTE

public static final SearchAttribute RESOURCE_TYPE_UUID_SEARCH_ATTRIBUTE

Resource type uuid reference.

RESOURCE_MACRO_SELF

public static final String RESOURCE_MACRO_SELF

Macro used in resource name

See Also:

Constant Field Values

RESOURCE_MACRO_ATTRIBUTE

public static final String RESOURCE_MACRO_ATTRIBUTE

Macro used in condition

See Also:

Constant Field Values

DESCRIPTION_ATTRIBUTE

public static final String DESCRIPTION_ATTRIBUTE

Privilege description attribute name,

See Also:

Constant Field Values

DESCRIPTION_SEARCH_ATTRIBUTE

public static final SearchAttribute DESCRIPTION_SEARCH_ATTRIBUTE

Privilege description search attribute name,

NOT_SUBJECT

public static final NoSubject NOT_SUBJECT

Constructor Detail

Privilege

public Privilege()

Method Detail

getNewInstance

public static Privilege getNewInstance()
                                throws EntitlementException

Returns entitlement privilege.

Returns:

entitlement privilege.

Throws:

EntitlementException - if entitlementPrivilege cannot be returned.

setSubject

public void setSubject(EntitlementSubject eSubject)
                throws EntitlementException

Sets entitlement subject.

Parameters:

eSubject - Entitlement subject

Throws:

EntitlementException - if subject is null.

getName

public String getName()

Returns the name of the privilege.

Specified by:

getName in interface IPrivilege

Returns:

name of the privilege.

getDescription

public String getDescription()

Returns the description of the privilege.

Returns:

description of the privilege.

setDescription

public void setDescription(String description)

Sets the description of the privilege.

Parameters:

description - Description of the privilege.

getSubject

public EntitlementSubject getSubject()

Returns the eSubject the privilege

Returns:

eSubject of the privilege.

getCondition

public EntitlementCondition getCondition()

Returns the eCondition the privilege

Returns:

eCondition of the privilege.

getResourceAttributes

public Set<ResourceAttribute> getResourceAttributes()

Returns the eResurceAttributes of the privilege

Returns:

eResourceAttributes of the privilege.

getEntitlement

public Entitlement getEntitlement()

Returns entitlement defined in the privilege

Returns:

entitlement defined in the privilege

setResourceTypeUuid

public void setResourceTypeUuid(String resourceTypeUuid)

Sets the resource type uuid that this policy makes reference to.

Parameters:

resourceTypeUuid - the resource type uuid.

getResourceTypeUuid

public String getResourceTypeUuid()

Retrieves the resource type uuid that is associated with this policy.

Returns:

the resource type uuid

getType

public PrivilegeType getType()

Returns privilege Type.

Returns:

privilege Type.

See Also:

PrivilegeType

evaluate

public abstract List<Entitlement> evaluate(Subject adminSubject,
                                           String realm,
                                           Subject subject,
                                           String applicationName,
                                           String normalisedResourceName,
                                           String requestedResourceName,
                                           Set<String> actionNames,
                                           Map<String,Set<String>> environment,
                                           boolean recursive,
                                           Object context)
                                    throws EntitlementException

Returns a list of entitlement for a given subject, resource name and environment.

Specified by:

evaluate in interface IPrivilege

Parameters:

adminSubject - Admin Subject

realm - Realm Name

subject - Subject who is under evaluation.

applicationName - Application name.

normalisedResourceName - The normalised resource name.

requestedResourceName - The requested resource name.

actionNames - Set of action names.

environment - Environment parameters.

recursive - true to perform evaluation on sub resources from the given resource name.

context - A security context

Returns:

a list of entitlement for a given subject, resource name and environment.

Throws:

EntitlementException - if the result cannot be determined.

toString

public String toString()

Returns string representation of the object

Overrides:

toString in class Object

Returns:

string representation of the object

toMinimalJSONObject

public org.json.JSONObject toMinimalJSONObject()
                                        throws org.json.JSONException

Throws:

org.json.JSONException

toJSONObject

public org.json.JSONObject toJSONObject()
                                 throws org.json.JSONException

Returns JSONObject mapping of the object

Returns:

JSONObject mapping of the object

Throws:

org.json.JSONException - if can not map to JSONObject

init

protected abstract void init(org.json.JSONObject jo)

getInstance

public static Privilege getInstance(org.json.JSONObject jo)
                             throws EntitlementException

Throws:

EntitlementException

equals

public boolean equals(Object obj)

Returns true if the passed in object is equal to this object

Overrides:

equals in class Object

Parameters:

obj - object to check for equality

Returns:

true if the passed in object is equal to this object

hashCode

public int hashCode()

Returns hash code of the object

Overrides:

hashCode in class Object

Returns:

hash code of the object

doesSubjectMatch

protected SubjectDecision doesSubjectMatch(Subject adminSubject,
                                           String realm,
                                           Subject subject,
                                           String resourceName,
                                           Map<String,Set<String>> environment)
                                    throws EntitlementException

Throws:

EntitlementException

doesConditionMatch

protected ConditionDecision doesConditionMatch(String realm,
                                               Subject subject,
                                               String resourceName,
                                               Map<String,Set<String>> environment)
                                        throws EntitlementException

Throws:

EntitlementException

getCreationDate

public long getCreationDate()

Returns creation date.

Returns:

creation date.

setCreationDate

public void setCreationDate(long creationDate)

Sets the creation date.

Parameters:

creationDate - creation date.

getLastModifiedDate

public long getLastModifiedDate()

Returns last modified date.

Specified by:

getLastModifiedDate in interface IPrivilege

Returns:

last modified date.

setLastModifiedDate

public void setLastModifiedDate(long lastModifiedDate)

Sets the last modified date.

Parameters:

lastModifiedDate - last modified date.

getLastModifiedBy

public String getLastModifiedBy()

Returns the user ID who last modified the policy.

Returns:

user ID who last modified the policy.

setLastModifiedBy

public void setLastModifiedBy(String lastModifiedBy)

Sets the user ID who last modified the policy.

Parameters:

lastModifiedBy - user ID who last modified the policy.

getCreatedBy

public String getCreatedBy()

Returns the user ID who created the policy.

Returns:

user ID who created the policy.

setCreatedBy

public void setCreatedBy(String createdBy)

Sets the user ID who created the policy.

Parameters:

createdBy - user ID who created the policy.

canonicalizeResources

public void canonicalizeResources(Subject adminSubject,
                                  String realm)
                           throws EntitlementException

Canonicalizes resource name before persistence.

Parameters:

adminSubject - Admin Subject.

realm - Realm Name

Throws:

EntitlementException

getResourceSaveIndexes

public ResourceSaveIndexes getResourceSaveIndexes(Subject adminSubject,
                                                  String realm)
                                           throws EntitlementException

Returns resource save indexes.

Specified by:

getResourceSaveIndexes in interface IPrivilege

Parameters:

adminSubject - Admin Subject.

realm - Realm Name

Returns:

resource save indexes.

Throws:

EntitlementException

setName

public void setName(String name)
             throws EntitlementException

Sets name.

Parameters:

name - Name of privilege.

Throws:

EntitlementException - if name is null or empty.

setEntitlement

public void setEntitlement(Entitlement entitlement)
                    throws EntitlementException

Sets entitlement.

Parameters:

entitlement - Entitlement.

Throws:

EntitlementException - if entitlement is null.

setCondition

public void setCondition(EntitlementCondition condition)

Sets condition.

Parameters:

condition - Condition.

setResourceAttributes

public void setResourceAttributes(Set<ResourceAttribute> set)

Sets resource attributes.

Parameters:

set - Set of resource attribute.

getAttributes

protected Map<String,Set<String>> getAttributes(Subject adminSubject,
                                                String realm,
                                                Subject subject,
                                                String resourceName,
                                                Map<String,Set<String>> environment)
                                         throws EntitlementException

Throws:

EntitlementException

isActive

public boolean isActive()

Returns true if this privilege is active.

Returns:

true if this privilege is active.

setActive

public void setActive(boolean active)

Sets this privilege active/inactive.

Parameters:

active - true if this privilege is to be active.

getNewInstance

public static Privilege getNewInstance(String jo)
                                throws EntitlementException

Throws:

EntitlementException

getNewInstance

public static Privilege getNewInstance(org.json.JSONObject jo)
                                throws EntitlementException

Throws:

EntitlementException

setApplicationIndexes

public void setApplicationIndexes(Set<String> indexes)

getApplicationIndexes

public Set<String> getApplicationIndexes()