Package com.sun.identity.entitlement

Defines classes and interfaces to work with entitlements.

Interface Summary

Interface	Description
EntitlementCondition	Encapsulates a Strategy to decide if a Privilege applies to a given request.
EntitlementConfiguration	Entitlement Configuration
EntitlementSubject	Encapsulates a Strategy to decide if a Privilege applies to a given Subject.
IPrivilege	Class that implements this interface has a evaluate method.
IPrivilegeManager<T extends IPrivilege>	Defines Create Read Update Delete operations for implementation of IPrivilege.
ResourceAttribute	Encapsulates a Strategy to derive attributes to be returned with a particular Entitlement when evaluating Privileges.
SubjectAttributesCollector	Interface class for obtaining attributes for users.
SubjectImplementation	Maker to indicate that the class is a actual entitlement subject and not a logical operator.

Class Summary

Class	Description
AndCondition	EntitlementCondition wrapper on a set of EntitlementCondition(s) to provide boolean OR logic Membership is of AndCondition is satisfied if the user is a member of any of the wrapped EntitlementCondition.
AndSubject	EntitlementSubject wrapper on a set of EntitlementSubject(s) to provide boolean And logic Membership is of AndSubject is satisfied if the user is a member of any of the wrapped EntitlementSubject
AnonymousESubject
AnyUserSubject	Deprecated.
Application	Application class contains the information on how an application behaves e.g. how to combine decision and how to compare resources; and the supported actions.
ApplicationPrivilege	Class representing delegation application privilege
ApplicationPrivilegeManager	This class manages the delegation of application privileges.
ApplicationType	Application Type defines the default supported action names; search and save index generators; and resource comparator.
ApplicationTypeManager	Application Type manager.
AttributeLookupCondition	This condition evaluates if a given attribute from subject matches with the one in resource.
AttributeSubject
ConditionDecision	Class to represent EntitlementCondition evaluation match result and - if applicable - its advice.
ConditionDecision.Builder	Builder to help construct decisions.
DenyOverride	Deny Override combine entitlement with false override true.
Entitlement	This class encapsulates entitlement of a subject.
EntitlementCombiner	Encapsulates a Strategy for combining the results of two Entitlements.
EntitlementConditionAdaptor
EntitlementListener	Listener for receiving entitlements related changes.
EntitlementSubjectImpl	Deprecated. As of ForgeRock OpenAM 12.
EntitlementThreadPool	Thread Pool
Evaluator	The class evaluates entitlement request and provides decisions.
ExactMatchResourceName	This plugin extends the functionality provided in PrefixResourceName to provide special handling to URL type prefix resource names in canonicalize method like validating port, assigning default port of 80, if port absent etc.
GroupSubject	Deprecated. As of ForgeRock OpenAM 12.
JSONEntitlement
JSONNotification
JwtClaimSubject	A policy subject condition that examines claims in a Json Web Token (JWT) subject, such as an OpenID Connect ID token.
JwtPrincipal	A security principal based on a Json Web Token (JWT).
ListenerManager	Listener manager manages registering and de-registering of listener.
LogicalCondition
LogicalSubject	Base class for OrSubejct and AndSubejct.
NoSubject
NotCondition	This class wrapped on an Entitlement Condition object to provide boolean NOT.
NotSubject	This class wrapped on an Entitlement Subject object to provide boolean NOT.
NumericAttributeCondition	Condition for evaluating attribute value of numeric type.
OrCondition	EntitlementCondition wrapper on a set of EntitlementConditions to provide boolean OR logic.
OrSubject	EntitlementSubject wrapper on a set of EntitlementSubject(s) to provide boolean OR logic Membership is of OrSubject is satisfied if the user is a member of any of the wrapped EntitlementSubject
PolicyDataStore	This class implements method to persist policy in datastore.
PrefixResourceName	This is a plugin impelmentation of the ResourceName interface it provides methods to do resource comparisons and resource handling based on prefix based string match going left to right.
Privilege	Class representing entitlement privilege
PrivilegeChangeNotifier
PrivilegeIndexStore	Privilege Index Store is responsible to storing privilege in a persistent data store.
PrivilegeManager	Class to manage entitlement privileges: to add, remove, modify privilege
PrivilegeType	Privilege types that are supported by the product.
ReferralPrivilege	Deprecated. referrals is no longer supported by the policy model and is in the process of being removed.
RegExResourceName	A ResourceName implementation that matches the resourcenames using regular expressions.
ResourceMatch	The class ResourceMatch defines the results of a resource match with respect to Policy.
ResourceSaveIndexes	This class encapculates the resource indexes which are stored in data store.
ResourceSearchIndexes	This class encapsulates the result of resource splitting.
SequentialThreadPool	Thread Pool
StaticAttributes	Interface specification for entitlement ResourceAttribute
StringAttributeCondition	Condition for evaluating attribute value of string type.
SubjectAttributesManager	Manages multiple instances of SubjectAttributesCollector, and to be called by Evaluator and EntitlementSubject implementations to obtain users' attributes and memberships.
SubjectDecision	Class to represent EntitlementSubject evaluation match result and - if applicable - its advices.
SubjectResult	Class to represent the result of ESubject evaluation
ThreadPool	This thread pool maintains a number of threads that run the tasks from a task queue one by one.
URLResourceName	This plugin extends the functionality provided in PrefixResourceName to provide special handling to URL type prefix resource names in canonicalize method like validating port, assigning default port of 80, if port absent etc.
UserAttributes	Interface specification for entitlement ResourceAttribute
UserSubject	Deprecated. As of ForgeRock OpenAM 12.
ValidateResourceResult	This class has an error code which indicates why the resource name is valid or invalid; and also a message.
WSDLParser

Enum Summary

Enum	Description
ApplicationPrivilege.Action
ApplicationPrivilege.PossibleAction
JSONNotification.Type
NumericAttributeCondition.Operator
PolicyEventType	Defines the types of policy events.

Exception Summary

Exception	Description
EntitlementException	Entitlement related exception.
ThreadPoolException	A ThreadPoolException is thrown if the thread pool's task queue limit is reached.