Package com.sun.identity.entitlement

Class SubjectAttributesManager

  • public class SubjectAttributesManager
extends Object
    Manages multiple instances of SubjectAttributesCollector, and to be called by Evaluator and EntitlementSubject implementations to obtain users' attributes and memberships.

    • Method Detail

      • getInstance

        public static SubjectAttributesManager getInstance​(Subject adminSubject)
        Returns an instance of SubjectAttributesManager.
        Parameters:
        adminSubject - subject who has rights to access PIP.
        Returns:
        an instance of SubjectAttributesManager.

      • getInstance

        public static SubjectAttributesManager getInstance​(Subject adminSubject,
                                                   Subject subject)
        Returns the SubjectAttributesManager of a given subject.
        Parameters:
        adminSubject - subject who has rights to access PIP.
        subject - Subject
        Returns:
        SubjectAttributesManager of a given subject.

      • getInstance

        public static SubjectAttributesManager getInstance​(Subject adminSubject,
                                                   String realmName)
        Returns the SubjectAttributesManager of a given realm.
        Parameters:
        adminSubject - subject who has rights to access PIP.
        realmName - Name of realm.
        Returns:
        SubjectAttributesManager of a given realm.

      • getSubjectSearchIndexes

        public static Set<String> getSubjectSearchIndexes​(Privilege privilege)
                                           throws EntitlementException
        Returns the subject search indexes for a given privilege.
        Parameters:
        privilege - Privilege object.
        Returns:
        the subject search indexes for a given privilege.
        Throws:
        EntitlementException - if indexes cannot be obtained.

      • getRequiredAttributeNames

        public static Set<String> getRequiredAttributeNames​(Privilege privilege)
        Returns the required attribute name for a given privilege.
        Parameters:
        privilege - Privilege object.
        Returns:
        the required attribute name for a given privilege.

      • getSubjectSearchFilter

        public Set<String> getSubjectSearchFilter​(Subject subject,
                                          String applicationName)
                                   throws EntitlementException
        Returns the subject search filter for a given subject.
        Parameters:
        subject - Subject object.
        applicationName - Name of application.
        Returns:
        subject search filter for a given subject.
        Throws:
        EntitlementException - if search filter cannot be obtained.

      • getAttributes

        public Map<String,​Set<String>> getAttributes​(Subject subject,
                                                   Set<String> attrNames)
                                            throws EntitlementException
        Returns the attribute values of the given user represented by Subject object.
        Parameters:
        subject - identity of the user.
        attrNames - requested attribute names.
        Returns:
        a map of attribute names and their values.
        Throws:
        EntitlementException - if attribute values cannot be obtained.

      • getApplicationAttributeNames

        public Set<String> getApplicationAttributeNames​(String realm,
                                                String applicationName)
                                         throws EntitlementException
        Returns application attribute names.
        Parameters:
        realm - Realm name
        applicationName - Application name.
        Returns:
        application attribute names.
        Throws:
        EntitlementException - if application attributes cannot be returned.

      • getAvailableSubjectAttributeNames

        public Set<String> getAvailableSubjectAttributeNames()
                                              throws EntitlementException
        Returns available subject attribute names.
        Returns:
        a set of available subject attribute names or empty CaseInsensitiveHashSet if not found.
        Throws:
        EntitlementException - if available subject attribute names cannot be returned.

      • isGroupMembershipSearchIndexEnabled

        public boolean isGroupMembershipSearchIndexEnabled()
        Returns true if group membership search index is enabled or false otherwise.
        Returns:
        true if group membership search index is enabled or false otherwise.

      • getUserAttributes

        public Map<String,​Set<String>> getUserAttributes​(Subject subject,
                                                       Set<String> attrNames)
                                                throws EntitlementException
        Returns the attribute values of the given user represented by Subject object.
        Parameters:
        subject - identity of the user.
        attrNames - requested attribute names.
        Returns:
        a map of attribute names and their values.
        Throws:
        EntitlementException - if attribute values cannot be obtained.