com.sun.identity.entitlement

Class SubjectAttributesManager

java.lang.Object

com.sun.identity.entitlement.SubjectAttributesManager

public class SubjectAttributesManager
extends Object

Manages multiple instances of SubjectAttributesCollector, and to be called by Evaluator and EntitlementSubject implementations to obtain users' attributes and memberships.

Method Summary

Modifier and Type	Method and Description
Set<String>	getApplicationAttributeNames(String realm, String applicationName) Returns application attribute names.
Map<String,Set<String>>	getAttributes(Subject subject, Set<String> attrNames) Returns the attribute values of the given user represented by Subject object.
Set<String>	getAvailableSubjectAttributeNames() Returns available subject attribute names.
static SubjectAttributesManager	getInstance(Subject adminSubject) Returns an instance of SubjectAttributesManager.
static SubjectAttributesManager	getInstance(Subject adminSubject, String realmName) Returns the SubjectAttributesManager of a given realm.
static SubjectAttributesManager	getInstance(Subject adminSubject, Subject subject) Returns the SubjectAttributesManager of a given subject.
static Set<String>	getRequiredAttributeNames(Privilege privilege) Returns the required attribute name for a given privilege.
Set<String>	getSubjectSearchFilter(Subject subject, String applicationName) Returns the subject search filter for a given subject.
static Set<String>	getSubjectSearchIndexes(Privilege privilege) Returns the subject search indexes for a given privilege.
Map<String,Set<String>>	getUserAttributes(Subject subject, Set<String> attrNames) Returns the attribute values of the given user represented by Subject object.
boolean	isGroupMembershipSearchIndexEnabled() Returns true if group membership search index is enabled or false otherwise.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getInstance

public static SubjectAttributesManager getInstance(Subject adminSubject)

Returns an instance of SubjectAttributesManager.

Parameters:

adminSubject - subject who has rights to access PIP.

Returns:

an instance of SubjectAttributesManager.

getInstance

public static SubjectAttributesManager getInstance(Subject adminSubject,
                                                   Subject subject)

Returns the SubjectAttributesManager of a given subject.

Parameters:

adminSubject - subject who has rights to access PIP.

subject - Subject

Returns:

SubjectAttributesManager of a given subject.

getInstance

public static SubjectAttributesManager getInstance(Subject adminSubject,
                                                   String realmName)

Returns the SubjectAttributesManager of a given realm.

Parameters:

adminSubject - subject who has rights to access PIP.

realmName - Name of realm.

Returns:

SubjectAttributesManager of a given realm.

getSubjectSearchIndexes

public static Set<String> getSubjectSearchIndexes(Privilege privilege)
                                           throws EntitlementException

Returns the subject search indexes for a given privilege.

Parameters:

privilege - Privilege object.

Returns:

the subject search indexes for a given privilege.

Throws:

EntitlementException - if indexes cannot be obtained.

getRequiredAttributeNames

public static Set<String> getRequiredAttributeNames(Privilege privilege)

Returns the required attribute name for a given privilege.

Parameters:

privilege - Privilege object.

Returns:

the required attribute name for a given privilege.

getSubjectSearchFilter

public Set<String> getSubjectSearchFilter(Subject subject,
                                          String applicationName)
                                   throws EntitlementException

Returns the subject search filter for a given subject.

Parameters:

subject - Subject object.

applicationName - Name of application.

Returns:

subject search filter for a given subject.

Throws:

EntitlementException - if search filter cannot be obtained.

getAttributes

public Map<String,Set<String>> getAttributes(Subject subject,
                                             Set<String> attrNames)
                                      throws EntitlementException

Returns the attribute values of the given user represented by Subject object.

Parameters:

subject - identity of the user.

attrNames - requested attribute names.

Returns:

a map of attribute names and their values.

Throws:

EntitlementException - if attribute values cannot be obtained.

getApplicationAttributeNames

public Set<String> getApplicationAttributeNames(String realm,
                                                String applicationName)
                                         throws EntitlementException

Returns application attribute names.

Parameters:

realm - Realm name

applicationName - Application name.

Returns:

application attribute names.

Throws:

EntitlementException - if application attributes cannot be returned.

getAvailableSubjectAttributeNames

public Set<String> getAvailableSubjectAttributeNames()
                                              throws EntitlementException

Returns available subject attribute names.

Returns:

a set of available subject attribute names or empty CaseInsensitiveHashSet if not found.

Throws:

EntitlementException - if available subject attribute names cannot be returned.

isGroupMembershipSearchIndexEnabled

public boolean isGroupMembershipSearchIndexEnabled()

Returns true if group membership search index is enabled or false otherwise.

Returns:

true if group membership search index is enabled or false otherwise.

getUserAttributes

public Map<String,Set<String>> getUserAttributes(Subject subject,
                                                 Set<String> attrNames)
                                          throws EntitlementException

Returns the attribute values of the given user represented by Subject object.

Parameters:

subject - identity of the user.

attrNames - requested attribute names.

Returns:

a map of attribute names and their values.

Throws:

EntitlementException - if attribute values cannot be obtained.