Class IDPPAuthorizer

  • All Implemented Interfaces:
    Authorizer

    public class IDPPAuthorizer
    extends Object
    implements Authorizer
    The class IDPPAuthorizer is the default implementation of IDPP Authorization and implements Authorizer. It provides an allow ,deny, interact for consent, interact for value action based on the resource that a WSC is requesting for. This makes use of the existing OpenAM policy framework by defining policy as action values in the personal profile service.
    • Constructor Detail

      • IDPPAuthorizer

        public IDPPAuthorizer()
        Default constructor
    • Method Detail

      • isAuthorized

        public boolean isAuthorized​(Object credential,
                                    String action,
                                    Object data,
                                    Map env)
        Checks whether this is authorized IDPPAuthorizer implements this class.
        Specified by:
        isAuthorized in interface Authorizer
        Parameters:
        credential - credential
        action - action
        data - object
        env - env map
        Returns:
        true if authorized, otherwise false.
      • getAuthorizationDecision

        public Object getAuthorizationDecision​(Object credential,
                                               String action,
                                               Object data,
                                               Map env)
                                        throws Exception
        Returns authorization decision to query or modify the select data
        Specified by:
        getAuthorizationDecision in interface Authorizer
        Parameters:
        credential - SSOToken of a WSC.
        action - request action.
        data - Object who is being accessed.
        env - A Map contains information useful for policy evaluation. The following key is defined and its value should be passed in: Key: USER_ID Value: id of the user whose resource is being accessed. Key: AUTH_TYPE Value: The authentication mechanism WSC used. Key: MESSAGE Value: com.sun.identity.liberty.ws.soapbinding.Message.
        Returns:
        Object AuthorizationDecision object contains authorization decision information for the given data. For Personal Profile service, this object would be the String authZ decision value.
        Throws:
        Exception