Class IDPPAuthorizer
- java.lang.Object
-
- com.sun.identity.liberty.ws.idpp.plugin.IDPPAuthorizer
-
- All Implemented Interfaces:
Authorizer
public class IDPPAuthorizer extends Object implements Authorizer
The classIDPPAuthorizer
is the default implementation of IDPP Authorization and implementsAuthorizer
. It provides an allow ,deny, interact for consent, interact for value action based on the resource that a WSC is requesting for. This makes use of the existing OpenAM policy framework by defining policy as action values in the personal profile service.
-
-
Field Summary
-
Fields inherited from interface com.sun.identity.liberty.ws.interfaces.Authorizer
AUTH_TYPE, MESSAGE, USER_ID
-
-
Constructor Summary
Constructors Constructor Description IDPPAuthorizer()
Default constructor
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Object
getAuthorizationDecision(Object credential, String action, Object data, Map env)
Returns authorization decision to query or modify the select databoolean
isAuthorized(Object credential, String action, Object data, Map env)
Checks whether this is authorized IDPPAuthorizer implements this class.
-
-
-
Method Detail
-
isAuthorized
public boolean isAuthorized(Object credential, String action, Object data, Map env)
Checks whether this is authorized IDPPAuthorizer implements this class.- Specified by:
isAuthorized
in interfaceAuthorizer
- Parameters:
credential
- credentialaction
- actiondata
- objectenv
- env map- Returns:
- true if authorized, otherwise false.
-
getAuthorizationDecision
public Object getAuthorizationDecision(Object credential, String action, Object data, Map env) throws Exception
Returns authorization decision to query or modify the select data- Specified by:
getAuthorizationDecision
in interfaceAuthorizer
- Parameters:
credential
- SSOToken of a WSC.action
- request action.data
- Object who is being accessed.env
- A Map contains information useful for policy evaluation. The following key is defined and its value should be passed in: Key:USER_ID
Value: id of the user whose resource is being accessed. Key:AUTH_TYPE
Value: The authentication mechanism WSC used. Key:MESSAGE
Value:com.sun.identity.liberty.ws.soapbinding.Message
.- Returns:
- Object AuthorizationDecision object contains authorization decision information for the given data. For Personal Profile service, this object would be the String authZ decision value.
- Throws:
Exception
-
-